Legal

DISCLOSURE PURSUANT THE REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

Last update: September 2023

This Privacy Policy contains information concerning the treatment of your personal data by PRO-DIP, digitalna informacijska platforma, d.o.o., in pursuance and for the purposes of art. 13 of EU Regulation No. 2016/679 of the European Parliament and of the Council of 27 April 2016 (the GDPR”).

PRO-DIP, digitalna informacijska platforma, d.o.o., (hereafter also We or Data Controller) respects your privacy and wants to help you understand how we collect, process and share your data.

We inform you that some activities could be carried out through suppliers, specifically appointed Data Processors, also residing outside the European Union.

Definitions

“personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; 

“processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

“profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements;

“controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

“processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

“data subject” means an identified or identifiable natural person (User or you);

“navigation data”: the computer systems and software procedures used to operate this Platform acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified persons, but by their nature - through processing and association with data held by third parties - to identify users. This category of data includes IP addresses or domain names of the computers used by users connecting to the site, URI (Uniform Resource Identifier) of the requested resources, time of the request, method used to send the request to the server, size of the file obtained in response, the numeric code indicating the status of the response from the server (successful, error, etc.) and other parameters concerning the operating system and the IT environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are canceled immediately after processing;

“system logs”: for needs relating to operation and maintenance, this platform and all the third-party services it uses can collect system logs, which are files that record the interaction and which may also contain personal data, such as the IP address;

“navigation data aimed at profiling”: provided directly or indirectly by the user through the use of the services or obtained and analyzed from the user's consent provided during the use of the Platform or Services.

Data controller

PRO-DIP, digitalna informacijska platforma, d.o.o., with registered office in Čufarjeva ulica 1, Ljubljana, 1000, Slovenia is the Data Controller of personal data collected in accordance to this Privacy Policy.

The Data Controller does not fall within the cases provided for by Art. 37 c. 1, for this reason no Data Protection Officer (DPO) has been appointed.

Categories of personal data processed

Personal data is collected within specific sections of the Platform through electronic forms or through forms sent directly to the User’s email address, only if access to our Services is desired.

PRO-DIP, as the Data controller, collects and processes personal identifying information, such as, for example, your first name, last name, company name, address and e-mail address, disclosed by you when you open an account on the Platform. Since the account will have to be verified for the purpose of personal identification, the Personal Data that will be requested will also be those necessary for identification, and may cover, for example: (i) first and last name; (ii) date of birth; (iii) place of birth; (iv) place of residence; (v) domicile, if different from residence; (vi) tax identification number, if issued; (vii) identification document details and date of issue and expiry, etc.

PRO-DIP does not collect data relating to children under the age of 18, nor does it process sensitive data that may reveal racial and ethnic origin, religious, philosophical or other beliefs, political opinions, membership in parties, trade unions, associations or organizations of a religious, philosophical, political or trade union nature, or health status.

Furthermore, we may analyze public blockchain data, such as transaction ID’s, transaction amounts, wallet address, timestamps or transactions or events.

Verification and identification

When the User has registered on the Platform or through personal interaction for the use of the services by accepting the Terms and Conditions of the Platform, PRO-DIP is required to fulfill its obligations relating to anti-money laundering and combating the financing of terrorism, limited to the performance of the activity of converting virtual currencies from or into currencies that are legal tender.

PRO-DIP is obliged to verify the identity of the User by means of a valid identification document, to keep specific information obtained from such document, to check the authenticity of it together with all further information, including documentary information, which must be requested and which, during the relationship must be updated. To this end, the user will have to provide all the additional information beyond that required for the opening of the account, which will be requested through electronic forms that also provide for the possibility of uploading documents, or through questionnaires that will be submitted and that PRO-DIP will ask you to fill out off-line.

In order to comply with all AML obligations, PRO-DIP, as Data controller, may uses the services of third parties, duly authorized to process Personal Data through special outsourcing contracts with PRO-DIP, i.e., special proxies to operate the processing; the third parties are required under the GDPR to comply with our Privacy Policy and instructions on the storage and non-disclosure, nor misuse of Personal Data outside the prescribed purpose of collection.

A complete and up-to-date list of such entities is available to you; in this regard, you should address a formal request to PRO-DIP.

Purpose of processing

The user’s Personal Data are processed:

A) PRO-DIP will process your personal data for the achievement of specific purposes and only in the presence of a specific legal basis provided for by the applicable law on privacy and protection of personal data. Your personal data may be processed, pursuant to art. 6 letters a), b), c) and f) GDPR, for the following purposes:

• the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
• processing is necessary for the performance of a contract to which the data subjects is a party or in order to take steps at the request of the data subject prior to entering into a contract;
• processing is necessary to comply with a legal obligation to which the controller is subject;
• processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.

B) only with specific and separate consent (Art. 6 lett. a) and 7 GDPR), for the following marketing purposes:

• to send via e-mail, mail and/or SMS, messaging apps and/or telephone contacts, newsletters, commercial communications and/or advertising material on products or services offered by the Data controller and satisfaction survey on the quality of services;
• send via e-mail, mail and/or SMS, messaging apps, and/or telephone contacts commercial and/or promotional communications of third parties (such as, for example, business partners).

In any case, as far as possible, PRO-DIP asks for the consent of the data subject even when the legal basis of the processing of Personal Data is based on the purposes referred to in paragraph 4.A).

The following table lists the purposes for which your personal data are processed by PRO-DIP and the legal basis on which the processing is based.

Purpose of the treatment	Legal basis
To use the data provided by the data subject to perform the Services	Performance of the contract
To allow PRO-DIP to fulfill any legal, regulatory or community law obligations.	Legal obligation
Detection, prevention, mitigation and detection of fraudulent or illegal activity in relation to the Service	Legitimate interest
Marketing purposes	Consent

Except of marketing purposes, the provision of your personal data is necessary and your consent is mandatory. Your refusal could make it impossible for PRO-DIP to implement the purpose for which the personal data are collected.

Nature of provision of data

The provision of Personal Data for the purposes set out in paragraph 4.A) is mandatory.

In the absence of the provision of data by the data subject, PRO-DIP cannot guarantee the provision of business services, nor will it be able to perform its contractual obligations towards customers, collaborators, suppliers, business partners and, in general, all those with whom PRO-DIP enters into relations. In such cases, we also inform you that even the partial or inaccurate provision of Personal Data may have, as a consequence, the impossibility of providing the services and preclude, in any case, PRO-DIP from fulfilling its pre-contractual, contractual and fiscal obligations.

If consent to the processing is requested from the data subject and the data subject withdraws the consent to the provision of Personal Data already made, it will nevertheless remain mandatory and an essential condition for the fulfillment of all the purposes indicated in paragraph 4.A) above. The failure of the data subject to provide Personal Data, given the impossibility for PRO-DIP to make itself compliant, entails the absence of liability on the part of PRO-DIP itself with the consequent supervening termination of any previous relationship or impossibility in continuing the same.

On the other hand, the provision of data for the purposes referred to in paragraph 4.B) is optional.

The data subject may therefore decide not to confer any Personal Data or to subsequently deny the possibility of processing any data already provided. In this case, the data subject will not be able to receive newsletters, commercial communications and advertising material related to the services offered by the Data controller, but will be able to continue to take advantage of the company services and contractual services referred to in paragraph 4.A), without prejudice to the above.

Modalities of the processing

The processing of Personal Data is carried out using the modalities described in art. 4, no. 2 and in accordance with art. 32 of the GDPR through automatic or manual methods. Specifically, the processing is carried out through: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion and destruction of data.

The Personal Data are subject to both paper and electronic and/or automated processing with methods and tools in compliance with the security measures referred to in Article 32 of the GDPR, by persons specifically appointed by PRO-DIP or by persons entrusted with the processing of Personal Data under the direct authority of PRO-DIP as provided by Article 4, no. 10, of the GDPR. To the processing, as anticipated, may also be delegated, with appropriate contracts, subjects external to PRO-DIP, appointed as data processors and who will act on the documented instructions of PRO-DIP itself, as Data controller.

Data retention period

PRO-DIP, in compliance with the principles of lawfulness, purpose limitation and data minimization, pursuant to art. 5 of the GDPR, keeps your data in GDPR compliant servers for the duration of your consent, the contract, or that other retention period as required by law (e.g., accounting requirements).

The Data Controller or Data Processors shall process and store Personal Data for the minimum time necessary to fulfill the purposes set forth in paragraph 4, and only for the time necessary to achieve storage to the extent required by the GDPR. After retention periods have expired, the Personal Data will be blocked, destroyed or anonymized in accordance with legal requirements.

PRO-DIP, in compliance with the principles of lawfulness, purpose limitation and data minimization, pursuant to art. 5 of the GDPR, keeps your data in GDPR compliant servers for the duration of your consent, the contract, or that other retention period as required by law (e.g., accounting requirements). 

Below are the legal bases and the respective retention times of personal data:

1. Contract: for the entire duration of the contractual relationship;
2. Consent: as long as the consent is not revoked;
3. Legal obligation: for the entire duration of the contractual relationship and for the terms provided for by specific legal obligations;
4. Legitimate interest: as long as the data subject does not object.

Privacy and newsletter

If you have given your consent to receive commercial communications, your data may be processed to send promotional communications or newsletters by e-mail or in any case other information content relating to the Platform.

The consent of the interested party, expressed in accordance with this information, constitutes a legal basis. The interested party has the right to provide personal data; in case of failure to communicate such data, however, it will not be possible to carry out any marketing activity. The personal data thus processed are kept until the interested party withdraws his consent.

Non-automated decision-making and profiling

If you give your consent to the processing of personal data for the purpose of using personalized services through profiling, they may be subject to a manual decision-making process which will decide which communications are more suitable for your profile or which ones could be more of interest. The treatment carried out in this way has, as foreseen consequences, by way of example, the sending of highly profiled commercial communications, the sending of invitations to events deemed of interest, etc.

In any case, the interested party has the right to obtain an explanation of the decision taken and to contest the decision itself

Data access

Personal Data may be made accessible for the purposes set out in paragraphs 4.A) and 4.B):

• to employees or collaborators of the Data controller as data processors under the direct authority and directives of PRO-DIP;
• to PRO-DIP’s partner companies, in Italy and abroad, in their capacity as Data controllers and/or system administrators pursuant to Article 28 of the GDPR who act as processors of Personal Data on behalf of the Controller and who have offered sufficient guarantees to put in place adequate technical and organizational measures so that the processing entrusted to them meets the legal requirements;
• to third party companies or other entities, such as, for example, credit institutions, payment institutions or other financial intermediaries, professional firms, consultants, insurance companies, which carry out activities on behalf of the Controller and act as autonomous controllers with their own privacy policies, available to the data subject.

Without the need for express consent (art. 6 lett. b) and c) GDPR), the Data controller may disclose the Data Subject’s Personal Data for the purposes referred to in paragraph 4.A) to Supervisory Bodies, Judicial Authorities, insurance companies for the provision of insurance services, as well as to those subjects to whom disclosure is mandatory by law for the fulfillment of the said purposes. These subjects will process the data in their capacity as autonomous Data controllers and the Personal Data of the data subject will not be disseminated.

The Personal Data are stored on servers located within the European Union. It is in any case understood that the Data controller, should it become necessary, will also have the right to move the servers to non-EU states.

In this case, the Data controller assures as of now that the transfer of data to non-EU states will take place only upon the explicit issuance of an appropriate consent of each data subject, to countries that guarantee an adequate level of protection of Personal Data and only upon the conclusion of contracts containing standard clauses approved by the European Commission through which the processing of Personal Data is guaranteed to comply with the principles and legal requirements provided for by the GDPR.

Data transfer

Your personal data will be processed by PRO-DIP in Slovenia

We communicate your data outside the EU for purposes indicated in this Privacy Policy and we transfer some of the data collected to technical systems and services managed in the cloud and located outside the European Union area. The proception of your data will therefore be guaranteed by: a) decision of adequacy of such third country as published by the European Commission; b) an adequate guarantee expressed by the recipient third party pursuant to art. 46 of the Regulation, in particular, application of binding corporate rules, so-called Corporate Binding Rules (BCRs) or standard data protection clauses approved by the Commission

Cookies

The Platform use cookies. Through the use of cookies, PRO-DIP can provide users of the Platform with more user-friendly services that would not be possible without the setting of cookies. By means of cookies, the information on the Platform can be optimized because cookies allow the Platform’s users to be recognized. The purpose of this recognition is to make it easier for users to use the Platform. The user, for example, is not obliged to enter login data every time he/she consults the Platform since these are already acquired by the Platform through cookies stored in the user’s computer system.

The data subject may, at any time, prevent the setting of cookies in accessing the Platform by means of the corresponding setting of the Internet browser used, and may then permanently deny the setting of cookies. In addition, cookies that have already been set can be deleted at any time via an Internet browser or other software program. This is possible in all popular Internet browsers. If the affected person deactivates the cookie setting in the Internet browser used, not all functions of the Platform may be fully usable.

More information on cookies is contained in the Cookie Policy, which can be accessed from the Platform in the appropriate section and the user is encouraged to read it.

Rights of data subjects

Pursuant to the GDPR, you can exercise some rights towards the Data Controller, such as obtaining from the Data Controller the cancellation of your data (right to be forgotten), the limitation, updating, rectification, portability, or right to oppose to the treatment of your personal data. More in detail, you can exercise the following rights (as set forth by articles 15, 16, 17, 18, 19, 20, 21, 22 of the GDPR):

• to access to your personal data (article 15), i.e., confirmation of whether or not the processing of your personal data is being processed and, in this case, have access to the data;
• to demand, to the data controller, a correction (article 16) and/or integration of your personal data;
• to ask the data controller to delete your personal data (art. 17) without undue delay;
• to ask the data controller to limit the processing of your personal data (Article 18), i.e., to obtain a confirmation that the processing of your personal data is limited to what is necessary for storing purposes;
• to ask for data portability (article 20), that is to obtain in a structured common and legible format your personal data;
• to object to their processing (article 21) or, at any time, to oppose, for any reason connected with your particular situation, the processing of your data;
• with regard to automated decision-making processes (article 22), the right not to be subjected to a decision based uniquely on automated data processing without your explicit consent;
• to cancel your personal data (Article 17), i.e., the right to obtain, in the cases provided for by the Regulations, the cancellation of your personal data;
• to file a complaint with the Supervisory Authority (Article 77) for the protection of your personal data (for more info, please see https://www.ip-rs.si/)  

Furthermore, at any time, you may revoke the consent on which the treatment carried out is based. The withdrawal of your consent does not affect the lawfulness of the processing that took place on the basis of the consent given before the revocation.

More information about the exercise of your rights

Any request for information or clarification about your rights and their execution can be addressed to the Data Controller by sending:

• a registered mail with return receipt to PRO-DIP, digitalna informacijska platforma, d.o.o., Čufarjeva ulica 1, Ljubljana, 1000, Slovenia; or
• an e-mail to: [email protected]

Changes to information 

The Data Controller reserves the right to modify, update, add or remove portions of this Privacy Policy at its discretion and at any time. The user should check it periodically. In order to facilitate the changes, it will be mentioned the date of such changes. Your use of the Platform, after the changes have been published will constitute acceptance of them.

Acceptance

By accepting this Privacy Policy, I, the undersigned, give my consent governed by art. 7 of the GDPR to the processing of my personal data listed in paragraph 4. The withdrawal of consent does not affect the lawfulness of the processing that took place on the basis of the consent given before the withdrawal.

• I declare that I have read, consent and agree to the Privacy Policy of PRO-DIP*
• I would like to receive via e-mail, mail and/or SMS, messaging apps and/or telephone contacts, newsletters, commercial communications and/or advertising material on products or services offered by the PRO-DIP and satisfaction survey on the quality of services;
• I would like to receive e-mail, mail and/or SMS, messaging apps and/or telephone contacts commercial and/or promotional communications of third parties (such as, for example, business partners);
• I hereby consent to the processing of my personal data for profiling purposes in order to receive customized product or service offers.

Last updated: 1 November 2023

Welcome to PRO-DIP Digital Information Platform, d.o.o. ("we", "our", "us"). These Terms and Conditions ("Terms") govern your access to and use of our website www.prodipdoo.com ("Website") and the services we offer ("Services"). By accessing or using our Website and Services, you agree to be bound by these Terms. If you do not agree with these Terms, please do not use our Website or Services.

1. Eligibility

• 1.1. You must be at least 18 years old to use our Services.
• 1.2. By using our Services, you represent and warrant that you have the legal capacity to enter into these Terms.

2. Account Registration

• 2.1. To use certain features of our Services, you must create an account ("Account").
• 2.2. You agree to provide accurate, current, and complete information during the registration process and to update such information to keep it accurate, current, and complete.
• 2.3. You are responsible for maintaining the confidentiality of your Account credentials and for all activities that occur under your Account.

3. Use of Services

• 3.1. You may use our Services to make crypto currency payment.
• 3.2. You agree to comply with all applicable laws and regulations when using our Services.
• 3.3. We reserve the right to refuse or cancel your transaction if we suspect fraudulent, illegal, or unauthorized activity.