Last revised: July 7, 2020
We, at New Capital, respect your privacy and your privacy is extremely important to us. We are required by regulations to collect, use and store your Personal Information in certain ways. We do not tolerate spam and will never sell, rent, lease or give away your information to any third party (unless required by law). Nor will send you an unsolicited email.
We will not collect any personal information (eg. name, email address) without your explicit permission. When we ask you to provide information by which you can be identified when using our Services, you can be assured that the information provided will only be used in accordance with this privacy statement.
2. From whom we collect Personal Information
- Site Visitors: Individuals who visit our Sites and who may volunteer certain contact data (such as their email address) in order to receive communications from New Capital.
- Users: Individuals who register on their own to use Source Force or/and the New Capital Exchange.
3. What information we may collect
We collect two types of information from our Users:
- Non-personal Information, or anonymized and aggregated data. Anonymization is a data processing technique that modifies personal information so that it cannot be associated with a specific individual. We may collect technical and aggregated usage information. This information may contain, among other things, the User’s operating system, type of browser, screen resolution, activities on the Sites, etc. We may use anonymized or aggregate user data for any business purpose, including to better understand user needs and behaviors, improve our Services, conduct business intelligence and detect security threats. We are not aware of the identity of the User from which the Non-personal Information was collected. For the avoidance of doubt, any Non-personal Information connected or linked to any Personal Information shall be deemed as Personal Information as long as such a connection or linkage exists.
- Personal Information. Personal Information is typically data that identifies an individual or relates to an identifiable individual. This includes information you provide to us, information which is automatically collected about you when you use our Services, and information we obtain from third parties. Personal Information is described in more detail in the section “The Personal Information we may collect”.
4. The Personal Information we may collect
We may collect the following types of information from you:
4.1. Information you provide to us
To establish an account and access our Services, we will ask you to provide us with some important information about yourself. Please note that the Personal Information we collect is required in order for us to contractually provide the Services, as well as for us to meet our regulatory requirements (such as Anti-Money Laundering and Know-Your-Customer regulations), and to safeguard our legitimate interests. In the event that you choose not to provide such information, we may not be able to provide our Services. As we add new features and Services, you may be asked to provide additional information. Any information you provide to us that is not required is voluntary.
We may collect the following types of information from you:
- Personal Identification Information: Full name, date of birth, nationality, gender, signature, photographs, phone number, home address and email address.
- Formal Identification Information: Government issued identity document such as a passport, passport number, and/or any other information deemed necessary by us in order to comply with our legal obligations under anti-money laundering laws and any other required regulation.
- Transaction Information: Information about the transactions you make on our Services, such as your name, the amount, timestamp, currency transaction history, trading data.
- Employment Information and Business Activities: Job title, and/or description of role, income.
- Source of Funds: The legitimate source of User funds to be deposited when using our Services.
- Expected Transaction Amounts: The expected transaction volume or amounts on a monthly basis.
- Correspondence: Survey responses, information provided to our support team or user research team.
4.2. Information we collect from you automatically
To the extent permitted under the applicable law, we may collect certain types of information automatically, such as whenever you interact with the Sites or use the Services. This information helps us to address user support issues, improve the performance of our Sites and applications, provide you with a streamlined and personalized experience, and protect your account from fraud by detecting unauthorized access. Information collected automatically includes:
- Online Identifiers: Geo location/tracking details, browser fingerprint, operating system, browser name and version, and/or personal IP addresses.
We may also use identifiers to recognize you when you access our Sites via an external link, such as a link appearing on a third party site.
4.3. Information collected from third parties
From time to time, we may obtain information about you from third party sources as required or permitted by applicable law. These sources may include:
- Blockchain Data: We may analyze public blockchain data in an attempt to ensure that parties utilizing our Services are not engaged in illegal or prohibited activity under our Terms, and to analyze transaction trends for research and development purposes.
The following chart summarizes what kind of information we collect from you:
|Information category||Site Visitors||Users of Source Force/ Exchange|
|Cookies and other tracking technologies|
|Log files (include but is not limited to Internet Protocol (IP) addresses, system configuration information, URLs of referring pages)|
|Copy of a government-issued ID / passport|
|Details regarding the government-issued ID / passport (number, issuing country and issuance/expiration date)|
|Country of residence / address|
|Date of birth|
|Details regarding your business activity, income and source of funds|
|The purpose for opening the account and related information|
|Details regarding whether or not the User is a Politically Exposed Person (PEP)|
|Transaction information (information about the transactions you make on our Services, such your name, the amount, and/or timestamp)|
|Correspondence: Survey responses, information provided to our support team or user research team|
Kindly note that without providing the above information, and unless that information, at our sole discretion, is determined to be satisfactory for our specific requirements, the User will not be able to register and use our Services.
In addition, we also may collect information regarding the behavior of the users on our Services, which includes keystrokes, captioning and recording of User behavior, mouse movements and other activities.
In addition, we may collect the User's publicly-available social network information in cases when the User chooses to link their other social network accounts with that of New Capital.
In the event that a User registers for the Services or otherwise grants us with certain access permission to his/her existing third-party social network account, the third-party social network(s) operating such account(s) may provide us with certain information about the User, as is stored in and/or made available by the User through his/her account and in accordance with the permission granted to us by the User. For example, such information may consist of, as applicable and/or made available by the User, the User's name, public profile picture URL address, account ID, email address, date of birth, gender, occupation or work information, education and other information which the User has made public.
5. The Purposes of the Collection of Information
Our primary purpose in collecting Personal Information is to meet regulatory requirements, for loss prevention and anti-fraud purposes. We also wish to provide you with a secure, smooth, efficient, and customized experience. We generally use Personal Information to create, develop, operate, deliver, and improve our Services, content and advertising, and for loss prevention and anti-fraud purposes.
We collect information in order to:
- Provide Services. We process your Personal Information to provide the Services to you. For example, in order for you to use the Source Force or Exchange platforms, we require certain information such as your identification, contact information and any other information that we deem necessary. We cannot provide you with the Services without such information. Third parties such as identity verification services may also access and/or collect your Personal Information when providing identity verification and/or fraud prevention services.
- Meet our regulatory requirements, such as Know Your Customer and Anti-Money Laundering regulatory requirements. We are required by regulations to collect, use and store your Personal Information in certain ways. If you do not provide the Personal Information as required by law, you may not use our Services.
- Perform due diligence and other screening activities in accordance with our legal or regulatory obligations and risk management procedures, which are carried out in our own legitimate interests or the public interest. These activities include conducting identity verification and fraud prevention, including checks related to the source of funds or income, PEP, sanctions and adverse media checks.
- Provide Service communications. We send administrative or account-related information to you to keep you updated about our Services, inform you of relevant security issues or updates, or to provide other transaction-related information. Without such communications, you may not be aware of important developments relating to your account that may affect how you use our Services. You may not opt-out of receiving critical service communications, such as emails sent for legal or security purposes.
- Analytics, statistical, development and research purposes. We process your Personal Information to better understand the way that you use and interact with our Services. In addition, we use such information to customise, measure, and improve our Services and the content and layout of our websites, and to develop new services.
- Maintain legal and regulatory compliance.
- Detect, prevent, or otherwise address fraud, security or technical issues (such as identity theft or financial fraud).
- Protect the rights, property, or personal safety of New Capital, any of its users, or the general public.
- Provide user service. We process your Personal Information when you contact us to resolve any questions, disputes, or to troubleshoot problems. Without processing your Personal Information for such purposes, we cannot respond to your requests and ensure your uninterrupted use of the Services.
- Ensure quality control. We process your Personal Information for quality control and to facilitate staff training so as to ensure that we continue to provide you with accurate information. If we do not process Personal Information for quality control purposes, you may experience issues when using the Services such as inaccurate transaction records or other interruptions.
- Ensure network and information security. We process your Personal Information in order to enhance security, monitor and verify identity or service access, combat spam or other malware or security risks, and to comply with applicable laws and regulations. Without processing your Personal Information, we may not be able to ensure the security of our Services.
We will not use your Personal Information for purposes other than those purposes that we have disclosed to you without your permission. From time to time, and as required under the applicable law, we may request your permission to allow us to share your Personal Information with third parties. You may opt out of having your Personal Information shared with third parties, or allowing us to use your Personal Information for any purpose that is incompatible with the purposes for which we originally collected this information or subsequently obtained your authorization. If you choose to so limit the use of your Personal Information, certain features or our Services may not be available to you.
6. The conditions for processing of Personal Information
We will process your Personal Information for a variety of reasons, each of which is prescribed by relevant data protection laws.
- Legitimate interests – we also process your Personal Information where we deem such processing to be in our (or a third party’s) legitimate interests, providing that such processing will not prejudice your interests, rights and freedoms. Examples of us processing information in accordance with legitimate interests would include: (i) where we disclose your Personal Information to any one or more of our associate/subsidiary companies following a restructuring or for internal administrative purposes; (ii) processing for the purposes of ensuring network and information security, including preventing unauthorized access to our electronic communications network; (iii) safeguarding the integrity of our Services by combating, reporting and sharing information related to fraudulent activities; (iv) adhering to regulatory and statutory requirements; (v) improving and optimizing our Services and debugging errors; (vi) sharing Personal Information with our advisers and professional services providers (such as auditors) for ensuring our compliance with regulatory requirements and industry best practices.
- Consent – our processing of your Personal Information will primarily be necessary for us to provide you with the Services. However, on certain occasions we may ask for your consent in processing Personal Information. In these instances, your Personal Information will be processed in accordance with such consent and you will be able to withdraw this consent in writing at any time.
7. Why we share Personal Information with third parties
We take care to allow your Personal Information to be accessed only by those who require such access to perform their tasks and duties, and to only share this information with third parties who have a legitimate purpose for accessing it. New Capital will never sell or rent your Personal Information to third parties without your explicit consent. We will only share your information in the following circumstances:
- With our service providers who are under contract to assist us with components of our business operations. Our contracts specify that these service providers only use your information in connection with the services that they perform for us, and prohibits them from selling your information to anyone else. Examples of the types of service providers that we may share Personal Information with (other than those mentioned above) include: network infrastructure, cloud storage, security, user support, Internet (e.d. ISPs) and information technology.
- In order to fulfill the purposes stated above, including to satisfy any applicable law, regulation, legal process, subpoena or governmental request.
- In order to respond to claims that any content available on the Services violates the rights of third-parties.
- When New Capital is undergoing any change in control, including by means of a merger, or the acquisition or purchase of all or substantially all of its assets.
- With our professional advisors who provide legal, compliance, accounting or other consulting services in order to complete third party technical, compliance and legal audits of our operations, or otherwise comply with our legal obligations.
8. Data Transferred out of the EU
When using our Services, your data is processed and stored in the EU and other countries. We and our service providers may transfer your information to, or store or access it in, jurisdictions that may not provide equivalent levels of data protection as your home jurisdiction. We will take steps to ensure that your personal data receives an adequate level of protection in the jurisdictions in which we process that information. We provide adequate protection for the transfer of personal data to countries outside of the European Economic Area (EEA) that are not recognized as providing adequate data protection. This protection is achieved through a series of intercompany agreements based on the Standard Contractual Clauses authorized under EU law (the content of the standard contractual clauses is available here).
9. How we protect and store Personal Information
We understand how important your privacy is, which is why New Capital maintains (and contractually requires third parties it shares your information with to maintain) appropriate physical, technical and administrative safeguards to protect the security and confidentiality of the Personal Information you entrust to us.
We may store and process all or part of your Personal and transactional Information. We protect your Personal Information by maintaining physical, electronic, and procedural safeguards in compliance with the applicable laws and regulations.
For example, we use computer safeguards such as firewalls and data encryption, we enforce physical access controls to our buildings and files, and we authorize access to Personal Information only for those employees who require this information to fulfill their job responsibilities.
However, we cannot guarantee that loss, misuse, unauthorized acquisition, or alteration of your data will not occur. Please recognize that you play a vital role in protecting your own Personal Information. When registering with our Services, it is important to take all necessary precautionary measures by using 2FA or other methods of digital identity authorization. You should immediately notify us if you become aware of any unauthorized access to or use of your account.
10. Retention of Personal Information
If you have registered with an account through our Services, New Capital will retain your Personal Information during the period that your account is active. Furthermore, New Capital will retain your Personal Information for an additional period as deemed necessary to enable New Capital to meet its legal obligations under applicable laws or regulations, such as the KYC and AML regulations, as well as to meet New Capital's contractual obligations.
- Personal Information collected to comply with our legal obligations under anti-money laundering laws may be retained after account closure for as long as required under such laws.
- Content that you post on our website such as support desk comments and other content may be kept after you close your account for audit and crime prevention purposes (e.g. to prevent a known fraudulent actor from opening a new account).
- Information collected via technical means such as cookies, webpage counters and other analytics tools is kept for a period of up to one year from expiry of the cookie.
In addition, New Capital may retain Personal Information for longer periods, provided that retaining such information is strictly necessary for New Capital’s legitimate interests, such as fraud prevention and record keeping, enforcing its policies, resolving or exercising claims regarding potential disputes, and where New Capital is guided to do so by the applicable regulatory authority.
To use the Service, you must be over the age of eighteen (18). New Capital does not knowingly collect Personal Information from children under the age of eighteen (18) and does not wish to do so. We reserve the right to request proof of age at any stage so that we may verify that minors under the age of eighteen (18) are not using the Services. If you are under the age of eighteen (18) you should immediately contact us for special permission to use our Services. Such permission will only be granted at our sole discretion, and with the stipulation that it does not contravene any applicable laws or regulations. Otherwise, in the event that it comes to our knowledge that a person under the age of eighteen (18) is using the Services, we will prohibit and block such a User from accessing the Services and will take appropriate measures to prevent that User from making use of our Services. Please notify us if you know of any individuals under the age of 18 using our Services so we can take action to prevent this unauthorized access to our Services.
12. Cookies and similar technologies
When you access or use the Services, we may use (and authorize third parties to use) industry-wide technologies such as cookies or similar technologies, including web beacons, pixel tags, scripts, tags and other technologies that store certain information on your computer (“Local Storage”) and which will allow us to enable automatic activation of certain features, and make your Service experience much more convenient and effortless.
13. Your Rights
Your rights to Personal Information are not absolute. Depending upon the applicable law, access may be denied: (a) when denial of access is required or authorized by law; (b) when granting access would have a negative impact on another's privacy; (c) to protect our rights and properties; (d) where the request is frivolous or vexatious, or for other reasons.
You may contact us at any time at gdpr at new dot capital, and request:
- To access, delete, change or update any Personal Information relating to you.
- That we will restrict or cease any further use of your Personal Information.
- That we will provide the Personal Information you volunteered to us in a machine-readable format.
- To withdraw your consent to our processing activities (provided that such processing activities rely on your consent, and not on a different legal basis).
- To not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, except where such processing is necessary for the performance of the contract between you and us, or it is based on your explicit consent, as provided hereunder.
14. Third Party Websites
16. Questions or Concerns
E-mail address: gdpr at new dot capital
Address: Lvovo str. 13C-5, LT-09313 Vilnius, Lithuania
We will make an effort to reply within a reasonable time frame. Please feel free to reach out to us at any time. If you are unsatisfied with our response, you can contact the applicable data protection authority: