1. Introduction
BME Technologies OÜ, a company incorporated under the laws of the Republic of Estonia with registration number 14710805 (the “Company”, “we”, “us”, or “our”), is committed to protecting the privacy and security of personal data. This Privacy Policy describes how we collect, use, process, and disclose personal data in connection with the use of the website located at cryptopayio.com (the “Site”) and the services provided by the Company (the “Services”). The Company acts as a data controller in respect of personal data processed under this Privacy Policy. By accessing or using the Site, you acknowledge that you have read and understood this Privacy Policy.
2. Personal Data
“Personal Data” means any information relating to an identified or identifiable natural person. This may include, without limitation:
- name and contact details (email address, phone number)
- identification information (for KYC/AML purposes)
- company and corporate information (for business clients)
- communication records
- technical data such as IP address, browser type, and device information
3. Collection of Personal Data
The Company collects Personal Data directly from users and indirectly through use of the Site. Personal Data may be collected when:
- you contact the Company
- you submit information through the Site
- you undergo onboarding or verification procedures
- you interact with the Company’s representatives
- you use or access the Site The Company may also collect technical and usage data automatically, including IP address, device information, and interaction data.
4. Purpose of Processing
The Company processes Personal Data for the following purposes:
- to provide and operate the Services
- to communicate with users
- to comply with legal and regulatory obligations, including AML/CFT requirements
- to perform identity verification and due diligence
- to detect and prevent fraud, abuse, and unlawful activity
- to improve the functionality and performance of the Site
- to protect the Company’s legal rights and interests For the avoidance of doubt, the Company does not process Personal Data for the purpose of executing or settling transactions, as such activities are performed by independent third-party providers.
5. Legal Basis for Processing
Personal Data is processed on the following legal bases:
- performance of a contract
- compliance with legal obligations
- legitimate interests of the Company
- consent, where applicable
6. Sharing of Personal Data
The Company may share Personal Data with:
- regulated third-party providers involved in transaction execution or settlement
- compliance, KYC, and verification service providers
- IT and infrastructure providers
- legal, regulatory, or governmental authorities where required All such parties are required to process Personal Data in accordance with applicable data protection laws and confidentiality obligations. The Company does not sell Personal Data to third parties.
7. International Transfers
Personal Data may be transferred to jurisdictions outside the European Economic Area (EEA), including to service providers and counterparties, where necessary for the provision of Services. Where such transfers occur, the Company implements appropriate safeguards in accordance with applicable data protection laws, including:
- standard contractual clauses
- reliance on adequacy decisions, where applicable
8. Data Retention
The Company retains Personal Data only for as long as necessary to:
- fulfill the purposes outlined in this Privacy Policy
- comply with legal and regulatory obligations, including AML/CFT requirements
- resolve disputes and enforce agreements Retention periods are determined based on legal requirements and the nature of the data.
9. Data Security
The Company implements appropriate technical and organizational measures to protect Personal Data against unauthorized access, loss, misuse, or alteration. However, no system can guarantee absolute security, and users provide Personal Data at their own risk.
10. Cookies and Tracking Technologies
The Company may use cookies and similar technologies to:
- ensure proper functioning of the Site
- analyze usage and performance
- enhance user experience Further information is available in the Company’s Cookie Policy.
11. Third-Party Links
The Site may contain links to third-party websites. The Company is not responsible for the privacy practices or content of such websites. Users are encouraged to review the privacy policies of third-party services.
12. User Rights
Users have the following rights under applicable data protection laws:
- the right to access Personal Data
- the right to rectify inaccurate data
- the right to request deletion of Personal Data
- the right to restrict processing
- the right to object to processing
- the right to data portability
- the right to withdraw consent where applicable Requests may be submitted to: [email protected] The Company may require identity verification prior to fulfilling such requests.
13. Automated Processing
The Company may use automated processing and profiling for purposes such as:
- fraud prevention
- AML/CFT compliance
- risk assessment Such processing is conducted in accordance with applicable legal requirements.
14. Data Protection Officer and Supervisory Authority
Where required under applicable law, the Company may appoint a Data Protection Officer (DPO) responsible for overseeing data protection compliance. If you believe that your data protection rights have been violated, you have the right to lodge a complaint with the competent supervisory authority. In Estonia, the supervisory authority is: Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)Website: https://www.aki.ee
15. Updates to This Policy
The Company may update this Privacy Policy from time to time to reflect changes in legal requirements, technology, or business practices. The latest version will always be available on the Site. Continued use of the Site constitutes acceptance of any updates.
16. Contact
For any questions regarding this Privacy Policy or data protection matters, please contact: [email protected]
Approved by: Grigoriy Rybalchenko Director / MLRO
Date: