- use our products or services;
- download documents from us or subscribe for alerts or newsletters;
- attend one of our events, or an event hosted at our premises;
- apply for or carry out a regulated role for one of the companies listed on our markets;
- visit or register to use www.abe.io (the “Website”)
1.5 While your data controller may be a specific ABE Group entity, your details may be held in our contact database which can be accessed worldwide and used by other entities in the ABE Group, which may be located outside the European Union and other countries or jurisdictions principally subject to the EU’s General Data Protection Regulation (“GDPR”) (all such jurisdictions being referred to as the “EAA”). For more information on data sharing and transfers of data outside of the EEA, please see Section 6 below.
2. HOW WE COLLECT INFORMATION AND WHAT WE COLLECT
2.1 “Personal Information” refers to information which does or is capable of identifying you as an individual. The types of Personal Information that we process will depend largely on the service you receive from us (and may also vary by country, and according to applicable law). However, the following is an overview of the types of Personal Information which we process:
- Information you provide online and on applications or other forms, or through discussions we have with you or your representatives, such as your company name, your name and email address and names of your company shareholders, as well as information you provide about your company, including expenses, financing, salaries, and other information you provide.
- Information about your transactions with or through us.
2.2 Your use of the Website and related online services involves the automated collection of certain usage information through cookies and similar tracking technologies. The type of information collected can include information about how you use our services (e.g., the pages you view, how you interface with our technologies), information about your browser and usage patterns (e.g., your IP address, number of uses, referring/exit pages), and information about the device you use to access the websites.
2.3 Although we do our best to honor the privacy preferences of our visitors, we are not able to respond to Do Not Track signals from your browser at this time.
2.4 We only intend to collect information that is necessary for us to provide you with the product or service that you have requested.
3. HOW WE USE INFORMATION WE COLLECT?
3.1 It will often be apparent from the context how we intend to use any information we collect. We intend to only use your Information to provide services to you, so we use your information to provide the products and services you request. We may use the information we collect and data derived from this information to monitor use and traffic patterns, and to diagnose and fix technical issues with our services. This information may also be used, individually and in the aggregate, to plan for and enhance our service. We may use aggregated data without any personal information in other ways as we deem necessary for our business model.
We may also use data you provide to contact you (including by way of e-mail), such as in response to your inquiries and comments.
3.2 We do not share your personal information with any third party except when explicitly authorized by you, other than in the instances described below. We do not share your personal information or company information with third parties for marketing purposes without your consent. We may share your information:
- With third party partners when such sharing is necessary to provide a service you request. For example, we will share your information with our partner financial institution when you use our service to submit valuation information to the financial institution or use financial institutions to forward funds to us.
- With third party vendors, consultants and other service providers that perform services on our behalf, in order to carry out their work for us, which may include hosting services; administrative or business management services, or analytics services.
- To comply with legal obligations or to carry out regulatory reporting (for instance, under the applicable regulations and directives of the EU and other governing authorities).
3.3. We may share information with others in an aggregate and anonymous form that does not reasonably identify you directly as an individual or identify your business. For example, we may provide information about our users in aggregate to demonstrate the effectiveness of our service.
3.4 We may also use personal information to process services for you but will only use the information necessary for the service ordered. That includes using information that is necessary to perform a contract or to take steps to enter into a contract or to comply with a legal obligation or in the pursuit of our legitimate commercial interests, subject to your interests and fundamental rights. We will process your Personal Information to provide you with specific services in accordance with a contract you are entering, or have entered into with us, to register you for client services, to create your user account(s), to register you as a customer and to carry out any required background and screening checks, and for regulatory requirements or to invoice you and collect for services rendered. If you are a customer or otherwise have a business relationship with us, we may use your email address to provide you with information or newsletters or similar information or invite you to events hosted by us. Your personal data may be processed either electronically or in hard copy form, both inside and outside the EU and the EEA, in accordance with Section 6.
3.4 We may send you marketing communications by any medium, but we will give you the right to “opt out” of any such communications.
4. INFORMATION SECURITY
4.1 The protection of your data is also our top priority. Below we outline how we secure and backup your data. It is our intent to ensure that your data is safe with us. We will work hard to protect our customers from unauthorized access to or unauthorized alteration, disclosure or destruction of information we hold.
4.2 We use the following techniques:
All access to ABE is secured over an SSL encrypted connection. The same applies for all data sent between ABE servers on our internal network.
We do not store your password. Instead, we store a salted cryptographic hash of your password so that even if our database is compromised, all passwords will be secure.
All backups are stored offsite and are encrypted.
The use of blockchain ledgers ensures that only data verified by distributed nodes will be be regarded as accurate.ABE performs daily backups of the entire database.
5. DISCLOSURE OF YOUR PERSONAL INFORMATION
5.1 We may share your personal information within the ABE Group in order to provide you with our services. Access to your Personal Information is limited to those employees, agents and contractors of the ABE Group who need access to it in order to provide you with our services; to communicate with you (including, with your consent, to send you marketing communications); and to carry out legal or regulatory obligations.
5.2 We may also employ the services of third-party service providers to help us in certain areas, such as website hosting, physical security, marketing and market research. Where third party service providers receive your information we will remain responsible for the use of your Personal Information. We take appropriate steps to ensure that such third parties treat your Personal Information with the same consideration that we do.
5.3 We may from time to time be required to disclose your Personal Information to law enforcement bodies, regulators, agencies or third parties under a legal requirement or court order. We act responsibly and take account of your interests when responding to any such requests.
6. CROSS-BORDER TRANSFERS OF YOUR PERSONAL INFORMATION
6.1 We are an international organization, with businesses both inside and outside of the European Economic Area (“EEA”). Third party service providers who handle data on our behalf may be based in locations around the world, and we may also be subject to scrutiny from courts or regulators in a number of different jurisdictions. For these reasons, your Personal Information may be transferred to other countries both inside and outside of the EU and the EEA. As privacy laws in other countries may not be equivalent to those in your home country, we only make arrangements to transfer data overseas where we are satisfied that adequate levels of protection are in place to protect any information held in that country or that the service provider acts at all times in compliance with applicable privacy laws. Where required under applicable laws we will take measures to ensure that Personal Information handled in other countries will receive at least the same level of protection as it is given in your home country, for instance by entering into contracts incorporating the European Commission approved model contract clauses.
6.2 By providing us with your personal information, you expressly consent to our transferring your Personal Information to countries or jurisdictions which may not provide the same level of data protection as your home country, including without limitation countries or jurisdictions outside the EEA.
7. RETENTION OF YOUR PERSONAL INFORMATION
7.1 We apply a general rule of keeping your Personal Information for as long as required to fulfil the purposes for which it was collected. However, in some circumstances we may retain Personal Information for longer periods of time, for instance where we are required to do so in accordance with legal, tax or accounting obligations. In specific circumstances we may also retain your Personal Information for longer periods of time so that we have an accurate record of our transactions in the vent of a dispute.
7.2 We have a document retention policy that requires retention of documents for as long as provided by applicable law. In all cases, where your information is no longer required we will ensure it is disposed of in a secure manner and, if required by applicable law or contract, we will provide appropriate notification of destruction.
8. PROTECTION OF YOUR PERSONAL INFORMATION
8.1 We retain Personal Information securely if it is under our control, including where it is processed by third party service providers on our behalf. We will train our employees with respect to applicable data protection and privacy laws, and we ensure that only relevant ABE Group Holdings employees, contractors and agents have access to your personal information.
8.2 We take the security of our physical premises, our servers and our customer facing interchanges very seriously. We intend to use the best available security procedures and tools in accordance with good industry practice to protect your personal information across all of these platforms. As industry practices evolve, we intend to follow the appropriate industry standards.
8.3 While we use reasonable efforts to protect your security in the manner described above, it is not always clear that our efforts will be effective or even meet the standards that others put forward. There is a risk in all internet communication, and you should be careful in all transactions over the internet. All transactions over the internet on servers not controlled by us are at your own risk.
8.4 If we become aware of an unauthorized disclosure of your personal information, we will notify you as soon as confirmation has been obtained and shall provide you with information you may reasonably require to protect your data and including information necessary for any EU based customer to fulfil any data breach reporting obligations under the GDPR. The Controller shall promptly take appropriate and reasonable steps to mitigate the effects of such a disclosure, to the extent such efforts are within its reasonable control.
9. YOUR RIGHTS
9.1 Depending on the laws governing you and our relationship with you, you may have some or all of the following rights in respect of your personal information:
To obtain a copy of your personal information together with information about how and on what basis that Personal Information is processed;
To correct inaccurate Personal Information (including the right to have incomplete Personal Information completed);
To restrict access to your personal information in certain instances or to withdraw consent to any use;
To completely erase your Personal Information (in limited circumstances, where it is no longer necessary in relation to the purposes for which it was collected or processed); or
To prevent us from sending direct marketing materials or making your personal information available to third parties.
9.2. You have the right to file a complaint against us with the appropriate supervisory authority. In Malta, that authority is the Information and Data Protection Commissioner (Commissioner). Informally, the Office of the Information and Data Protection Commissioner (OIDPC).
Level 2, Airways House, Second Floor
Sliema SLM 1549
Telephone: +356 2328 7100
In the United States, any complaint should be filed with the Federal Trade Commission.
11. THIRD PARTY LINKS AND SUCCESSORS
11.2 If ABE or some or all of our assets are acquired or otherwise transferred, or in the unlikely event that we go out of business or enter bankruptcy, the personal information of our users may be transferred to or acquired by a third party. In such cases, we will use our best efforts to provide you with notice and an opportunity to opt-out of the transfer of personally identifiable information.
12. INFORMATION ABOUT THE DATA CONTROLLER AND CONTACT DETAILS
12.1 In relation to this Website, your data controller will be ABE Global Holdings, LLC. However, if your data controller is another member of the ABE Group, we will make that information clear to you at the time your Personal Information is collected.
12.2 In all cases, if you have any complaints or queries relating to the processing of your Personal Information by any member of ABE Group, or to exercise any rights in respect of your Personal Information, you should contact us by email at firstname.lastname@example.org.
12.3 In relation to the Website, you can update, correct or delete your Personal Information by referring to the “My Account” section of the Website. You can also use this area of the Website to prevent us from sending you direct marketing communications.