‍
1. Our Commitment to Your Privacy
‍
Buyeasy Inc. ("Buyeasy," "we," "us," or "our") is dedicated to protecting the privacy and security of your Personal Data. This Privacy Policy describes how we collect, use, store, share, and protect your Personal Data when you interact with our Services, as defined in our Terms of Use.
As a regulated Money Services Business (MSB) in Canada, we are subject to strict legal and compliance obligations, including those under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA). These obligations necessitate the collection and retention of certain Personal Data.
This Privacy Policy forms a part of our legal agreement with you, alongside our Terms of Use. By creating an Account or using our Services, you consent to the practices described in this policy.
‍
2. What Personal Data We Collect
‍
We collect Personal Data to provide and improve our Services and to meet our legal obligations. "Personal Data" means any information relating to an identified or identifiable natural person. The types of Personal Data we may collect include:
‍
● A. Identity Verification Data: To comply with our Know Your Customer ("KYC") obligations, we collect:
○ Full legal name, date of birth, and residential address.
○ Government-issued identification documents (e.g., passport, driver's license), including the document number and a copy of the document itself.
○ A photograph or "selfie" for biometric verification against your identification.
○ Nationality and tax identification number.
‍
● B. Financial Data: To facilitate transactions, we collect:
○ Bank account information (account number, transit number, institution details).
○ Digital Asset wallet addresses.
○ Transaction history, including amounts, dates, and counterparties.
○ Information regarding your source of funds or source of wealth, as required for enhanced due diligence.
‍
● C. Contact and Communication Data:
○ Email address and telephone number.
○ Records and copies of our correspondence with you, including support tickets and chat logs.
‍
● D. Technical and Usage Data:
○ IP address, browser type and version, device information, and operating system.
○ Information about how you use our Services, such as login dates, features used, and pages visited. This is often collected via cookies and similar technologies (see our Cookie Policy for details).
‍
● E. Information from Third Parties:
○ We use third-party identity verification services that may provide us with information from public records or databases to verify your identity and conduct sanctions screening.
○ Information from financial institutions related to your transactions.
‍
3. How and Why We Use Your Personal Data (Legal Basis)
‍
We only process your Personal Data when we have a valid legal basis to do so. These bases include:
‍
● To Fulfill Our Contract with You: We use your data to open your Account, execute your transactions, and provide customer support.
‍
● To Comply with a Legal Obligation: This is a primary basis for our data processing. We use your Identity and Financial Data to:
○ Conduct mandatory KYC/AML checks.
○ Monitor for and prevent fraud, money laundering, and terrorist financing.
○ Report suspicious transactions to FINTRAC and other competent authorities as required by law.
○ Respond to court orders, subpoenas, and other legal requests.
‍
● For Our Legitimate Interests: We process your data to:
○ Secure our platform and protect against threats.
○ Improve and optimize our Services.
○ Manage our business and for financial reporting.
‍
● With Your Consent: For activities like sending marketing communications, we will rely on your explicit consent. You can withdraw this consent at any time.
‍
4. How We Share Your Personal Data
‍
We do not sell your Personal Data. We may share your Personal Data with the following categories of trusted third parties:
‍
● Identity Verification Services: To perform our KYC and AML checks.
● Financial Institutions and Payment Networks: With banks, credit unions, and payment processors (e.g., SWIFT, SEPA) to execute your transactions.
● Technology Service Providers: With vendors who provide cloud hosting, data analytics, and security services.
● Government, Law Enforcement, and Regulators: We will disclose data when compelled to do so by law, such as to FINTRAC, law enforcement, or tax authorities.
● Professional Advisors: With our legal, accounting, and compliance advisors in the course of their professional services.
● In a Business Transaction: In connection with a merger, acquisition, or sale of assets, your data may be transferred to the new entity.
These third parties are contractually obligated to safeguard your Personal Data and are restricted from using it for any purpose other than providing the services we have engaged them for.
‍
5. International Data Transfers
‍
As a global business, we may transfer, store, and process your Personal Data in jurisdictions outside of Canada. When we do so, we ensure that a similar degree of protection is afforded to it by implementing appropriate safeguards, such as using contracts with standard data protection clauses approved by relevant authorities.
‍
6. Data Security
‍
We have implemented robust technical and organizational security measures designed to protect your Personal Data from accidental loss and from unauthorized access, use, alteration, and disclosure. These measures include data encryption, access controls, and regular security assessments. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.
‍
7. Data Retention
‍
We will retain your Personal Data for as long as your Account is active and for a period thereafter as necessary to fulfill the purposes outlined in this policy.
Crucially, under Canadian AML/CTF regulations, we are legally required to retain KYC records and transaction data for a minimum of five (5) years after the end of our business relationship with you. We will securely destroy your Personal Data once it is no longer required for any legal, regulatory, or business purpose.
‍
8. Your Legal Rights
‍
Under Canadian privacy law, you have certain rights regarding your Personal Data. Subject to legal and contractual restrictions, you may have the right to:
● Access Your Data: Request a copy of the Personal Data we hold about you.
● Rectify Your Data: Request the correction of inaccurate or incomplete data.
● Withdraw Consent: Withdraw your consent to our processing of your data (where consent is the basis). Note that this will not affect the lawfulness of processing based on consent before its withdrawal.
● Challenge Compliance: Lodge a complaint regarding our compliance with privacy laws.
Please note that the right to erasure ("right to be forgotten") is significantly limited by our legal obligation to retain your data for the period stipulated by AML/CTF laws.
To exercise any of these rights, please contact our Privacy Officer at the address below.
‍
9. Children's Privacy
‍
Our Services are not intended for individuals under the age of 18. We do not knowingly collect Personal Data from children.
‍
10. Third-Party Links
‍
Our Services may contain links to other websites not operated by us. We are not responsible for the privacy practices of these third-party sites.
‍
11. Changes to This Privacy Policy
‍
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on our website and updating the "Effective Date." We encourage you to review this policy periodically.
‍
12. Contact Us and Complaints
‍
If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact our designated Privacy Officer at:
Email: [e.g., privacy@buyeasy.app]
Mailing Address: [Insert Buyeasy's Official Canadian Address]
You also have the right to lodge a complaint with the Office of the Privacy Commissioner of Canada (OPC) if you believe we have not complied with our obligations under PIPEDA.