Proprietary Trading in
Document revision history
Version & Revision Prepared by Summary of Changes Approved by Distributed by Date
1. AGREEMENT AND ACCEPTANCE
1.2. When you visit our website, pages, features, API and or other products and services (“Platform”), and more generally use or participate in any of our services through our Platform, we appreciate you trusting us with your personal data. Personal data includes any data relating to you which may, by itself, or in combination with other data be able to identify you. SHDA takes your privacy very seriously; and this Policy, as amended from time to time, sets out how SHDA collects, processes, uses, maintains, stores, retains, transfers, discloses, erases or destroys your confidential and personally identifiable user data, as well as aggregated and anonymized data obtained from and through the Platform and related services offerings, via the Platform. The specific data points which we collect from you are explained below in this Policy. We are committed to protecting your information and right to privacy.
1.3. When you use our Platform, we may, in certain cases, apply automated data decision-making, for example to prevent fraud, to ensure compliance with AML/CTF policies, etc. Automated decision-making refers to the processing of personal data using, for example, a software code or algorithm that does not require human intervention. We regularly review the criteria and models used in automated decision-making to ensure their integrity, efficiency, and impartiality.
2.1. SHDA is licensed by the Dubai Virtual Assets Regulatory Authority (“VARA”) to undertake Broker-Dealer Services and this Policy has been prepared in accordance with the Federal Decree- Law No. 45/2021 on the Protection of Personal Data (“UAE Data Protection Law”), VARA’s licensing conditions, VARA’s Rulebooks as well as all applicable UAE regulations, guidance and international best practices. We may make amendments to this Policy.
2.2. From time to time, we may revise, amend or supplement this Policy to reflect necessary changes in law, our personal data collection and usage practices, the features of our Platform, or certain advances in technology, or if directed by the VARA and/or the concerned regulators. If any material changes are made to this Policy, the changes may be prominently posted on the relevant or affected Platform. However, this is not obligatory for us; the onus is on you to regularly familiarize yourself with the contents of this Policy, for your own information; and particularly to do so every time you access our Platforms or make use of our services.
2.3. Changes to this Policy are effective from the date on which they are published.
3. DATA PROCESSING PRINCIPLES FOLLOWED
3.1. Your personal data is collected and processed in accordance with relevant principles, including: lawfulness, fairness and transparency; for specific and clear purpose; data minimisation; accuracy; storage limitation; integrity and confidentiality (security) and accountability; with all relevant laws and regulations considered; and however applicable.
4. BASES FOR DATA PROCESSING
4.1. We process your personal data on the following bases – because the information is necessary for the performance of a contract with you or to take steps at your request to enter into a contract; because you have given your consent if we expressly ask for consent to process your personal data for a specific purpose; and to comply with legal and regulatory obligations.
5.1. You provide consent to your personal data (whether provided directly by you, whether collected by us, or received by us from third parties or otherwise) being processed to satisfy all legal obligations arising from any contracts entered into/ with/ involving you or to deliver any services to you; or to take steps at your request prior to entering into a contract with you; or for our legitimate interests to protect our property, rights or safety of either SHDA, its users, customers, clients, other persons or other entities.
5.2. The specific data points which we collect, the method by which we collect such data, the purposes for which we collect such data, how we share such data, and how long we retain such data is explained individually and specifically for your precise, informed and unambiguous consent below in this Policy.
5.3. You undertake that all personal data provided to us by you is true, complete and accurate and you must notify us of any changes to such personal data.
5.4. We do not process data about actual or alleged criminal offences unless and until specifically mandated to do so by law or directives of competent authorities.
6. PURPOSES OF PROCESSING PERSONAL DATA
SHDA will collect and process your personal data for the following purposes: 6.1. Provision of SHDA services via the Platform
Details of Purpose Provision of services via the Platform. This includes:
5. CONSENT FOR DATA PROCESSING FOR LEGAL OBLIGATIONS AND LEGITIMATE INTERESTS
enabling the user to create the account on the Platform;
enabling the user (or it representative) to purchase/sell virtual assets;
enabling the user (or it representative) to transfer its virtual assets to the virtual asset wallet
Users of the Platform (if such users are natural persons) / representatives (e. g. employees) of the users (if such users are legal persons).
Identification data (e. g. name, surname, position at the represented entity, name of the represented entity, tax ID, date of birth, nationality, country of residence);
Contact data (e. g. address, e-mail address, phone number, mobile device SMS code);
Data related to the provision of services on the Platform (e.g. communication with us regarding the use of the Platform).
Please note that SHDA may not process all the above data, and the scope of the processed data is determined on a case-by-case basis in accordance with the principle of data minimization.
The user or the entity it represents, the use of the Platform or third parties (e.g., payment
service provider (“PSP)”.
Source(s) from which the personal data is collected
Data retention <Data will be stored for up to 8 years following the end of relations with the user.> 6.2. Compliance with legal requirements (e.g., AML /KYC)
Details of Purpose
Compliance with legal requirements applicable to SHDA, including anti-money laundering (“AML”) and Know Your Counter party (“KYC”) regulations
Users of the Platform (if such users are natural persons) / representatives, shareholders, managers, ultimate beneficial owners (“UBOs”) of the users (if such users are legal persons
.Identification data (e. g. name, surname, position at the represented
1. entity, name of the represented entity, tax ID, date of birth, nationality, country of residence);
Contact data (e.g., address, e-mail address, phone number);
AML / KYC data (e.g. date of birth, citizenship, address, country of residence, country of tax residence, activities, sources of income, copy of identification document (and personal data therein), bank details, photo, information about applied international sanctions, PEP status, biometric data processed by specialized algorithms);
Payment data (e.g. information about payments to or from SHDA);
Other personal data as may be required for SHDA to comply with applicable legal acts.
The user or the entity it represents, the use of the Platform and / or third parties (e.g., identification service providers), public registers, state and / or municipality institutions).
Data will be stored for up to 8 years following the end of relations with the user.
We do not retain any biometric data gathered during the identification process.
6.3. Recruiting Details of Purpose
Data subjects Candidates applying for employment at SHDA.
Processing personal data in connection with
Identification data (e. g. name, surname, date of birth, nationality, country of residence
Subject matter and text of your query;
Information about your experience and other information provided by you in your CV and (or) other documents;
Information about the results of the recruitment procedures (e.g., results of tests, interviews);
Please note that SHDA may not process all the above data, and the scope of the processed data is determined on a case-by- case basis in accordance with the principle
Data retention of data minimization.
The candidate (user)
SHDA will store the personal data about the candidate for as long as the selection to the specific position is taking place and 6 months after that. Based on your consent such
personal data may be stored longer.
6.4. Relations with suppliers & partners
SHDA’s suppliers and partners representatives.
Commercial relations with our suppliers & partners, e.g., day-to-day business communication related to the services and (or)
Identification data (e.g. name, surname, position at the represented entity, name of the represented entity);
Contact data (e.g., e-mail address, phone number);
Subject matter and text of the communication with us.
Please note that SHDA may not process all the above data, and the scope of the processed data is determined on a case-by-case basis in accordance with the principle of data
Data will be stored for up to 8 years following the receipt of such data or termination of the
SHDA’s users (i.e., suppliers and partners) where they are natural persons, or their representatives if such suppliers and partners are legal persons.
6.5. Direct interactions
Details of Purpose Data subjects
Managing and answering the inquiries sent / provided to SHDA via e-mail, phone or via
form provided on the Platform.
Persons submitting / providing the
above mentioned inquiries to SHDA.
Identification data (e.g., name, surname, position at the represented entity, name of the represented entity);
Subject matter and text of the communication with SHDA.
Persons submitting / providing the above mentioned inquiries to SHDA themselves.
Data will be stored for 8 years following thereceipt of your query.
6.6. Direct marketing Details of Purpose
Informing you about special offers, news or providing other information about the Platform.
Persons receiving the above mentioned communications from SHDA.
. 1. Identification data (e.g., (e. g. name, surname, position at the represented entity, name of the represented entity, tax ID, date of birth, nationality, country of residence);
Contact data (e.g., e-mail address, phone
Information about purchased or
otherwise used similar services of SHDA.
Persons receiving the abovementioned communications from SHDA themselves.
Your personal data will be processed for the purpose specified in this section for 8 years from the date of its collection, or until you
Source(s) from which the personal data is collected Data retention
object to such processing of your personal data, or until your consent to process personal data for this purpose is revoked, whichever occurs
6.7. Improving the Platform, ensuring proper operation and security, monitoring of users’ behaviour and ensuring fraud prevention.
Users of the Platform
Device data (e.g., internet protocol (IP) addresses, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Platform.
Platform use data, user’s behaviour on the Platform, payment information.
SHDA automatically receives personal data
directly from you while you use the Platform.
Your personal data will be processed for the
purpose specified in this section for 8 years.
7. DATA RECIPIENTS
Improving the Platform, ensuring proper
operation and security, monitoring of user’s
behaviour, and ensuring fraud prevention.
7.1. Any information that you provide may be shared with third parties(data processors),which provide SHDA with services and act on its behalf (e. g. companies providing marketing / advertising services, IT service providers, accounting service providers, etc.). SHDA ensures that processing of personal data by such third parties will be based on a legitimate legal ground and will be performed in accordance with lawful instructions of SHDA and in compliance with all applicable legal requirements.
7.2. The personal data may also be transferred to the personal data recipients. Specifically, SHDA may share personal data with the following categories of third parties (data processors, data recipients or individual data controllers) as necessary:
8. PROCESSING AND USE OF AGGREGATED, ANONYMISED AND DE- IDENTIFIED DATA
PSP and your virtual asset wallet provider(if needed and to the extent required for proper provision of the Services) and our correspondents that facilitate virtual asset buy and sell transactions;
our affiliates, i.e. subsidiaries, joint venture partners or parent companies (if needed for proper internal administration of the group (e.g. accountability));
courts, arbitrators, mediators, opposing party and their lawyers (if needed for the legal proceedings),
police, law enforcement authorities, tax authorities, other government, or municipal institutions;
our professional advisers such as lawyers or accountants(if needed for the protection of our legitimate interests);
service providers who undertake background screening of individuals and companies for the purpose of obtaining information on negative news, sanctions and political exposure of individuals and companies who participate in services through the Platform.
service providers who provide information technology and system administration services, marketing, accounting, postal or courier or other services;
other natural or legal persons where this is related to and necessary for the organizational changes of SHDA, e.g. in the event of merger, acquisition, or sale of SHDA (as a whole or in part), your personal data could be shared with auditors or other representatives of the potential acquirers and transferred to the final acquirer. Please note that in the latter situation the data controller of your personal data could become the final acquirer. You will be informed about such organizational changes on our Platform and (or) via contact details provided, if possible;
other persons or entities (if needed to provide you with services through the Platform as effectively as possible).
We may also create, process, collect, use and share aggregated, anonymised or de-identified data such as statistical or demographic data for any purpose which may be derived from your personal data. We may use this data to comply with legal or regulatory obligations.
Page 10 of 18
8.2. We may share your data with members of our group (including our affiliates, subsidiaries, parent companies, joint venture partners, entities we control and entities under common control) (“Group”), service providers and our key partners. Some of these third parties may be in a jurisdiction outside the laws as stated in this Policy, in which case we will take all necessary steps to ensure that your personal data is treated securely and that such transfers are permitted under the applicable data protection laws.
8.3. We may also use any or all of the personal data above to administer and manage our business in general, to detect and prevent misuse of our services (including fraud and unauthorised payments), and to enforce our Terms or any other contract to which we may be a party to.
9. COOKIES POLICY
9.3. Usage of data collected through cookies: We may use the data collected through these technologies to better display our Platform, to save you time, to provide better technical support, for promotional purposes, and to measure and analyse Platform usage.
9.4. Types of Cookies: The types of Cookies
Strictly Necessary (also known as Essential or
we may use are set out below.
Necessary for the operation of the website. We may use essential cookies to authenticate users, prevent fraudulent use of user accounts, or offer Platform features.Allow us to recognize and count the number of visitors and see how visitors move around the website when using it. This helps us improve the way the Platform works.
Used to recognise you when you return to the Platform. This enables us to personalise our content for you and remember your preferences.Record your visit to the Platform, the pages you have visited, and the links you have followed. We will use this information to make the Platform and the content more relevant to your interests. We may also share this information with third parties for this purpose.
9.5. Choice of cookies: You may be able to refuse or disable cookies by adjusting your web browser settings. Some browsers have options that allow the visitor to control whether the browser will accept cookies, reject cookies, or notify the visitor each time a cookie is sent. If you choose to refuse, disable, or delete these technologies, some of the functionality of the Platform, services and/or features may no longer be available to you or function properly.
10.1. In the event that you fail, neglect and/ or refuse to, or are unable to provide us with any personal data which we necessarily need so as to provide you with services or the Platform, or which we need to collect by law, we may not be able to provide you services through the Platform. In this case, we have the right to discontinue the provision of the Platform to you and/or close your Account. In such a situation, we will notify you at the earliest.
11. INFORMATION RELATING TO PERSONS BELOW THE AGE OF 18
11.1. We do not allow persons under the age of 18 to register for any service on the Platform, and we do not knowingly collect any personally identifiable information from persons under the age of 18. If you are aware of someone under the age of 18 using our Platform, please contact us immediately at email@example.com
12.1. Wemaycollectandprocesssomeofyourpersonaldatawithoutyourknowledgeorconsent;and only where this is required or permitted by law. We may be compelled to surrender your personal data to legal authorities without your express consent, if presented with a court order or similar legal or administrative order, or as required or permitted by the laws, rules and regulations of any nation, state or other applicable jurisdiction.
13.1. We provide you with choices regarding the personal data we use, particularly concerning any market research and/or subsequent marketing, advertising and promotion. Towards this, we have established these personal data control mechanisms:
Promotional offers from us: We may use your personal data to determine what may be of interest to you. This is how we decide which products, services, and offers may be relevant and of interest to you. By using our Platform, registering an Account, contacting us, requesting information from us, you consent to receiving marketing communications from us. We may communicate with you by e-mail, fax or telephone.
Opting out: You can ask us or third parties to stop sending you marketing related material and/ or communications at any time by following the opt-out links on any marketing
10. CONSEQUENCES OF REFUSAL, FAILURE, INABILITY TO PROVIDE US WITH
NECESSARY PERSONAL DATA
12. PROCESSING OF PERSONAL DATA WITHOUT YOUR CONSENT IN SOME CASES
13. COLLECTION OF YOUR DATA FOR MARKET RESEARCH AND PROMOTIONAL INFORMATION; YOU MAY OPT OUT FROM THIS
message sent to you or, if the marketing related materials and/or communications are sent by us, then by contacting us at firstname.lastname@example.org.
14. SHARING OF YOUR PERSONAL DATA WITH THIRD PARTIES
14.1. We may have to share your personal data with selected and trusted third parties to fulfil our obligations under our contract with you, to meet government, regulatory and law enforcement requests, and to continue providing you with the services. We will only disclose your personal data to third party service providers under strict terms of confidentiality. We do not allow our third- party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
14.2. We may have to share or transfer your personal data in the specific circumstances listed below:
Upon your consent: We will share your personal data with companies, outside organisations or
individuals, if we have your consent to do so.
In compliance with applicable law, judicial requirements, government requests: Where we are legally
required to do so, we may disclose your personal data to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements), or where we find it is necessary to investigate, prevent or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved disclose your personal data. Additionally, we may disclose your personal data to enforce our Terms, or to protect the rights, safety, and security of SHDA, our users, other persons or the public.
Merger, acquisition etc.: In connection with, or during negotiations of, any merger, sale of our assets, financing, acquisition of all or a portion of our business to another company, any dissolution transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets. In the event of an insolvency, bankruptcy, or receivership, your personal data may also be transferred as a business asset forming part of our good will. If another company acquires us, our business or assets, that company will possess the personal data collected by us and will assume the rights and obligations held by us regarding your personal data, as described in this Policy.
Advertisements: Where we use third party advertising companies to serve ads when you visit or use the Platforms. These companies may use information about your visits to our Platforms and other Platforms that are contained in web cookies and other tracking technologies in order to provide advertisements about goods and services of interest to you, provided you have consented to the same.
Affiliates: We may share your personal data with our Group in order to provide you with certain services and/or functions, in which case we will require those Group members to honour this Policy.
With selected third party vendors: In connection with the performance of our services, we may share your personal data with third-party vendors, service providers, contractors or agents who perform services for us or on our behalf and require access to such information to do that work. Examples of such third parties include payment processing, customer relationship management, data analysis, email delivery, hosting services, customer service, quality assurance testing, technical support, operational support and maintenance services and marketing efforts.
15. YOUR RIGHTS TO YOUR PERSONAL DATA
15.1. Depending on the country in which you are resident you may have certain rights. These rights may include:
Right of Access to information: This means you have a right to receive at no charge, the following information upon submitting a request to us:
The categories of personal data processed.
The purposes of the processing of your personal data.
The recipients or categories of recipients of your personal data both within and outside the UAE.
Controls and standards relating to the duration of storage and archiving of your personal data.
Actions taken upon your requests for rectification, erasure or restriction of processing and objection to processing of your personal data.
Safeguards in case of cross-border processing of your personal data.
The existence of automated decision-making, including profiling.
Actions to be taken in case of personal data breach.
Procedure to lodge a complaint with the UAE Data Office.
Right to Rectification: This is your right have your personal data rectified if what is held by us is inaccurate/incomplete. .
Right to Erasure: This is your right, under certain circumstances to ask for your personal data to be deleted. This would apply if your personal data is no longer required for the purposes it was collected for, or your consent for the processing of that data has been expressly withdrawn, or where your personal data has been unlawfully processed. Once deleted all your personal data will be removed from our systems and will not be recoverable. This right is subject to the restrictions laid down in the applicable law, including if the request is in conflict with other legislation(s) to which we are subject.
Right to Withdraw Consent: If you wish for SHDA to stop processing your personal data, it is your right to withdraw consent at any time, where we have asked you for consent to use your information for that particular purpose. To withdraw consent for processing of your personal data, please email us at email@example.com
Right to Restrict Processing: This is your right to ask for a restriction or stop in processing of your personal data, such as in the case where accuracy of personal data is contested by you, or you object to the processing of your personal data, or the processing is in contravention to applicable laws. This right is subject to the restrictions laid down in the applicable law, including for reasons such as where processing is necessary for judicial purposes, or is necessary for protection of public interest or third party rights, or where the processing is limited to the storage of data.
Right to Data Portability: This is your right to ask for your personal data supplied directly to us, which we have processed pursuant to your consent, under a contract, or by automated means, to be provided to you in a structured, commonly used, and machine-readable or electronic format.
F. Right to Object: This is your right to object to the further processing of your personal data which is inconsistent with the primary purpose for which it was collected, and includes processing for profiling, direct marketing and for statistical surveys.
Rights in Relation to Automated Decision Making and Profiling: This is your right to object to automated decision-making that has legal implications or seriously affects you. This right is subject to restrictions under applicable laws.
15.2. We aim to respond to all legitimate requests without undue delay and within 2 calendar months of receipt of any request from you. Occasionally it may take us longer than 2 calendar months, if your request is particularly complex, or if you have made duplicated or numerous requests. In this case, we will notify you of receipt of such request(s) and keep you updated as to the status of progress concerning such request(s).
15.3. If you have any of these rights under your domestic data protection laws and wish to exercise any of them, please contact us at firstname.lastname@example.org We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This security measure is to ensure that your personal data is not disclosed to any person who has no right to receive it.
16. UPDATING YOUR INFORMATION
16.1. Whenever possible, you can update your personal data, subject to verification by us. If you wish for us to update your personal data, please contact us at email@example.com or proceed to amend the same in your Account on the Platform. We will retain your personal data for as long as your Account has not been closed or as may be needed to provide you access to your Account and/ or services, and in compliance with the law.
17. DATA RETENTION AND RECORDS
17.1. We retain information on your behalf, including customer data, transactional data and other session data, linked to your Account. Should any further information be required, please contact us at firstname.lastname@example.org.
17.2. Your personal data will be stored, retained, and processed for no period longer than as required by us for the purposes it was collected for, for the purposes of using the Platform, and for meeting any legal, accounting, reporting, government, regulatory or law enforcement requirements. Unless required for any of the purposes specified above, we will delete personal data related to closed Accounts every 12 calendar months.
17.3. To determine the appropriate retention period for your personal data, the criteria we consider includes the amount, nature, and sensitivity of the personal data; the potential risk of harm from unauthorised use or disclosure of your personal data; the purposes for which we process your personal data and whether we can achieve those purposes through other means; whether there are legal or contractual obligations that mandate us to retain data for a particular period of time; whether there is any legal or financial claim in relation to your business relationship with us and the applicable legal requirements.
17.4. When we have no ongoing legitimate business need to process your personal data, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.
18. STORAGE AND TRANSFER OF DATA
18.1. Your personal data is stored and transferred in compliance with the applicable legislations and regulations of UAE.
18.2. Some of the international organisations and countries to which your personal data may be transferred do not benefit from an appropriate data protection regulatory framework. For transfer of your personal data outside the UAE to such international organisations and countries, we shall transfer your personal data, upon ensuring that a suitable degree of protection is afforded to it through the implementation of the necessary safeguards, such as an adequacy decision by the relevant authority, adequate binding corporate rules or through the inclusion of standard contractual clauses in our agreements with such organisations and countries. We may also transfer your personal data to recipients outside the UAE based on your express consent; or if such transfer is necessary for judicial processes; or if such transfer is necessary for entering into or performing a contract between SHDA and you or between SHDA and a third party for your interests, or if such transfer is necessary for an act relating to international judicial cooperation; or if the transfer is necessary for protection of public interest.
19. HOW TO CLOSE YOUR USER ACCOUNT
19.1. If you wish to close your Account, please use the relevant option within your Account on the Platform. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our Terms.
20.1. We are committed to ensuring that your information is secure. To protect your personal data and information from loss, theft, misuse, alteration, destruction, unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. We use industry-standard technical mechanisms, password protected directories and databases and ensure that our affiliates or vendor entities use data encryption technology while implementing restrictions related to the storage of and the ability to access your personal data.
20.2. Ourfacilitiesarescannedonaregularbasisforsecurityholesandknownvulnerabilities,tobest ensure its security.
20.3. Your personal data is contained behind secured networks and is only accessible by a limited number of individuals who have special access rights to such systems and are required to keep the information confidential.
20. SECURITY PRECAUTIONS AND MEASURES FOR PROTECTION OF YOUR PERSONAL DATA
Please note that no transmission over the Internet or any method of electronic storage
can be guaranteed to be absolutely 100% secure, however, our best endeavours will be
made to secure data and the ability to access your personal data.
Without prejudice to our efforts on the protection of your data, nothing contained in this Policy constitutes a warranty of security of the facilities, and you agree to transmit
data at your own risk.
Please note, that we do not guarantee that your data may not be accessed, disclosed,
altered, or destroyed by breach of any of our physical, technical, or managerial
Please, always check that any website on which you are asked for financial or payment
information in relation to our Platform is in fact legitimately owned or operated by us. The risk of impersonating hackers exists and should be taken into account when using our Platform.
If you do receive any suspicious communication of any kind or request, do not provide your information and report it us by contacting our offices immediately at email@example.com Please also immediately notify us at firstname.lastname@example.org if you become aware of any unauthorised access to or use of your Account.
Since we cannot guarantee against any loss, misuse, unauthorised acquisition, or alteration of your data, please take the necessary steps to protect your own personal data, including the adoption of sufficient safety measures such as your choosing of an appropriate password of sufficient length and complexity and to not reveal this password to any third parties.
Furthermore, we cannot ensure and do not warrant the security or confidentiality of data transmitted to us, or sent and received from us by Internet or wireless connection, including: email, phone, over-the-top (OTT) messaging services or SMS, since we have no way of protecting that information once it leaves and until it reaches us. If you have reason to believe that your data is no longer secure, please contact us at email@example.com.
Should your personal data be breached, and the security of your rights be at high risk, we shall promptly and immediately communicate to you the nature of the breach which has taken place, the likely consequences of such a breach and shall describe thoroughly the measures we have implemented to address the breach and to mitigate any and all adverse effects to you and your rights. In the unlikely event of a breach occurring, please reach out to us at firstname.lastname@example.org for further information and for further advise on how to mitigate the potential adverse effects of such a breach.
We also aim to conduct all applicable security risk assessments to ensure the availability of risk mitigation controls, to better safeguard the integrity of your data.
21.1. In the case of abuse or breach of security, we are not responsible for any breach of security or for any actions of any third parties which receive the information illegally.
21.2. We will not distribute customer information to be used in mailing lists, surveys, or any other purpose other than what is required to perform our services.
21.3. If you choose to restrict the collection or use of your confidential and personal data, please stop using the Platform immediately.
22. DATA PROTECTION OFFICER
22.1. We have a designated Data Protection Officer (“DPO”). The DPO is responsible for the management and protection of personal data in accordance with all applicable laws and is appropriate for the level of risk involved with such personal data. The DPO is responsible for implementing and maintaining appropriate policies, procedures, systems, and controls in relation to personal data.
23. HOW TO GET IN TOUCH WITH US
23.1. If you have any questions about our Policy as outlined above, or if you have any complaints, queries of issues pertaining to your personal data, then please contact our DPO at email@example.com.
Virtual Asset Standards
To ensure that SH Digital continue to fulfil the VA Standards, the Virtual Assets shall be checked for compliance with the VA Standards, at least once annually. The VA Standards shall include the following considerations:
SHDA will review all terms and conditions in relation to a supported virtual asset on a periodic basis for appropriate correlation with any physical market, to ensure that such terms and conditions conform to standards and practices in that physical market.
SHDA will regularly, on an ongoing basis, assess relevant information to ensure that a virtual asset that it provides Services in relation to, continues to meet these VA Standards. SHDA reserves the right to set conditions in relation to a virtual asset that may be suspended, including where a virtual asset no longer meets these VA Standards. Further, in case of any major market developments or other external factors that may affect the ability of a Virtual Asset to fulfil the VA Standards, SHDA will immediately review the VA and reconfirm their suitability. SHDA shall maintain all records relevant to such assessments for eight  years and provide such records for VARA’s inspection upon request.
SHDA will notify VARA as soon as possible, after becoming aware that a virtual asset no longer meets these VA Standards, and it will take such steps as VARA may direct, in order to minimise any adverse impact on any of SHDA’ clients as a result.
Chief Executive Officer
Compliance Officer & MLRO
SH Digital Risk Disclosure Statement
SH Digital Public Disclosures
SH Digital Complaints Handling Policy