Stepha (referred to as ‘we’, ‘us’, ‘our’) is committed to protecting your privacy and handling your data in an open and transparent manner. The personal data that we collect, and process depends on the product or service requested and agreed in each case.
This privacy statement:
- provides an overview of how we collect and process your personal data and tells you about your rights under the EU General Data Protection Regulation (‘GDPR’),
- is directed to natural persons who are either current or potential customers of Stepha or have provided or are authorised representatives/agents or beneficial owners of legal entities or of natural persons which/who are current or potential customers of Stepha
- is directed to natural persons who currently have or who had a business relationship with Stepha in the past,
- is directed to any other natural persons whose personal data has or may in the future be lawfully obtained by Stepha in the normal course of its business,
- contains information about when we share your personal data with third parties (for example, our service providers).
1. Who we are
The purpose of Stepha is the provision of financial services; more specifically Stepha services integrate aspects both traditional banking and cryptocurrency services.
2. Information we collect from you
You may give us information about yourself by accessing our website www.stepha.com or by corresponding with us through our contact form, or by email, or otherwise.
The following information is necessary for us to provide our services (means the products and services made available to you by Stepha, or through third party provider(s) to fulfil the contract between us) and to comply with regulatory obligations:
- First and last name
- Email address
- Phone number
- Address State, Province, ZIP/Postal code, City
- Date of birth
- NationalitySource of funds/source of wealth (as may be required during the KYC process conducted by third party providers)
3. Information we automatically collect from you
When you visit our website, we automatically collect information, including personal information, about the parts of the Stepha service you use, and how you use them. This information is necessary for the adequate performance of the contract between us, to enable us to fulfil our regulatory requirements, and given our legitimate interest in being able to provide our services:
- Information about your device — your visits to and use of the website (including without limitation your IP address, geographical location, browser/platform type and version), internet service provider, operating system.
- Information about your use of the product — length of visit, page views, website navigation and search terms that you use, referral source/exit pages.
4. Purposes for Which We Use Your Personal Information
In general, we use information that we collect about you or that you provide to us, including for following purposes:
- Provision of services: to provide you with information on the products or services that you request from us and for fulfilling our obligations in order to provide you the service you requested and we agreed to provide;
- Customer management: to manage your account to process your claims and to provide you with the necessary support. Further we will provide you with notices about your account, including notices, notices about changes to any products or services we offer or provide through it;
- Advertising: following explicit consent to communicate with you about products or services that may be of interest to you either from us, our affiliates or other third parties;
- Functionality and security: to detect, prevent, and respond to actual or potential fraud, illegal activities, or intellectual property infringement;
- Compliance: to enforce our terms and conditions and to comply with our legal obligations as these derive from the applicable laws or our regulators;
- Analysis and statistics on aggregate data: We process personal data to (i) carry out aggregate analyzes and statistics relating to or relevant to our business and improve our products and services; (ii) prepare anonymized datasets for our research and development activities; ensure the quality of customer service; (iii) internally manage and control our activities; (iv) manage the loss and/or destruction of data or any unauthorized access; (v) collect and process data in anonymous form relating to the devices used in order to obtain useful information on the use of the services; (vi) debug to identify and repair errors in our website;
5. Disclosure of Your Personal Information
We do not share your personal information with third parties except as indicated below:
- Affiliates. We share above categories of personal information with our subsidiaries and affiliates to the extent this is necessary for the purposes of provision of services, customer management, customization of content, investment, advertising (if you have consented) security, and compliance, or to the extent you have provided your consent provided separately from this Privacy Policy.
- Service Providers. To our authorized service providers that perform certain services on our behalf (such as external lawyers, external auditors and payment service companies and wallet custodial providers), including for purposes of provision of the services you requested from us, customer management and security.
- Legal successors. To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all our assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which personal information held by is among the assets transferred.
- Required by law/legal process. We may disclose personal information if we believe that disclosure is in accordance with, or required by, any applicable law or legal process, including lawful requests by public authorities to meet national security or law enforcement requirements.
- Violation of law. We may share personal information if we believe that your actions are inconsistent with our user agreements or policies, if we believe that you have violated the law, or if we believe it is necessary to protect the rights, property, and safety of our users.
- Other. To the extent this is necessary to fulfill any other purpose not mentioned above for which you provided personal information and, if applicable, your consent separately from this Privacy Policy.
6. Transfer of Information to European and Non-European Countries
Stepha operates in various jurisdictions. Therefore, we and our service providers may transfer your personal information to, or store or access it in, jurisdictions that may not provide levels of data protection that are equivalent to those of your home jurisdiction.
By using our website, you acknowledge and agree to such transfers and processing from country not belonging to European Union or to European Economic Area (so-called Third Countries) to Europe and vice versa, recognized by the European Commission as having an adequate level of protection of personal data or by other contractual guarantees according to GDPR. Further information can be requested by writing to dataprotection@stepha.io
7. How We Store Your Personal Information
We take reasonable precautions following applicable laws and best practices to protect personal data from loss, misuse, and unauthorized access. Taking the above into account, please note that no method of transmission over the Internet or method of electronic storage is 100% secure.
8. Retention Periods
We store your personal data for as long as necessary to carry out the purposes for which we originally collected it and based on (i) the length of time we need to retain the information to achieve the business or commercial purpose for which it was obtained, (ii) any legal or regulatory requirements applicable to such information, (iii) internal operational needs, and (iv) any need for the information based on any actual or anticipated investigation or litigation.
9. Analytics
We allow others to provide analytics services on our behalf across the website. These entities may use cookies, web beacons, device identifiers, and other technologies to collect information about your use of our website and other applications, including your IP address, web browser, mobile network information, pages viewed, time spent on pages or in mobile apps, links clicked, and conversion information. For more details please see our Cookie Policy.
10. Data subject rights and requests
Subject to certain limitations, you have the right to request access to the personal data we hold about you and to receive your data in a portable format, the right to ask that your personal data be corrected or erased, and the right to object to, or request that we restrict, certain processing. If you would like to exercise any of these rights, please contact us at dataprotection@stepha.io
11. Marketing
We may send you certain direct marketing communications if it is in our legitimate interests to do so for marketing and business development purposes, or you have provided us with your consent to do so. You can withdraw this consent by contacting us in app or by email at dataprotection@stepha.io
12. Changes to our Privacy Policy
We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of this policy and, in some cases, we may provide you with additional notice (such as adding a statement to our website or sending you a notification). We encourage you to review this Privacy Policy regularly to stay informed about our information practices and the choices available to you. It is also important that you read the Privacy Policies of our third-party service providers and partners.
13. No Rights of Third Parties
This Privacy Policy does not create rights enforceable by third parties or require disclosure of any personal information relating to users of the website.
14. No Error Free Performance
We do not guarantee error-free performance under this Privacy Policy. We will use reasonable efforts to comply with this privacy policy and will take prompt corrective action when we learn of any failure to comply with our privacy policy. We shall not be liable for any incidental, consequential or punitive damages relating to this Privacy Policy.