Privacy Policy
At The Change, we respect your privacy and make efforts to protect it, prevent any type of personal information misuse, and ensure that the collection and processing are always done with transparency and responsibility while keeping you in absolute control at all times.
By using our website (https://thechange.ltd), ("Website"), our application programming interface (https://api.thechange.ltd), ("API"), or our Telegram bot, you automatically agree to our policy.
This Privacy Policy illustrates what information may be collected and why, how processing, transfering, or sharing of information occurs and under which circumstances, how we protect any collected information, and how you can update, manage, export, and delete your information making use of your rights which we also demonstrate.
The term, "Information", as it is used in this Privacy Policy means any type of information that, will enable your direct or indirect specification by using various identifiers that we may collect or you may voluntarily provide us with, such as your name, your email address, your IP address or any other method or information that may be used in order to specify you.
Any use of the Services mirrors your acceptance of this Privacy Policy so please read it carefully and if you do not agree you should avoid/stop using any of the Services provided by us. If you have any questions, please contact us at [email protected].
1. Collected Information
When you access or use our Services, we use different methods to collect information from and about you. We can classify that information into two categories, those that may be provided by you, and those that we may collect.
1.1 Information that you provided to us
While using our Services you may provide us with:
- Information that is necessary for registration. In order to access the full functionality of the Service, you will have to register for a member account. When you go through the registration process, you shall provide an email address and create a password;
- Information relating to orders placed on our Service;
- Any kind of data like email address, mailing addresses, etc. by filling in any kind of form while using our Services;
- Any information and identification documents that we may request from you in accordance with our AML Policy, aimed without limitation, to prevent illegal activities and ensure compliance with our Terms of Service.
During the verification procedure (KYC), in accordance with our AML Policy, The Change may collect data including but not limited to, identification documents information and photos, a photo of yourself, and biometric data, such as facial recognition data, during liveness checks, or other identity verification steps.
1.2 Information we may collect
When you interact with our Services, we may automatically collect technical information about your equipment, the date you accessed our Service, location, IP address and domain name. This information may be obtained by us directly or through third-party services. We may collect this information by using cookies, server logs and other similar technologies. The content recorded in access logs is not used with the information. It is used as information about server performance to improve our Services.
Also, we use Google Analytics on our Service. If You want to know more about Google Analytics and its “do not track” policy, please visit google analytics.
1.3 Cookies
A cookie is an element of data that a website can send to your browser, which may then store it on your system. We use cookies in some of our pages to store your preferences and record session information. The information that we collect is then used to ensure a more personalized service level for our users. You can adjust settings on your browser so that you will be notified when you receive a cookie. Please refer to your browser documentation to check if cookies have been enabled on your computer or to request not to receive cookies. As cookies allow you to take advantage of some of the Website’s essential features, we recommend that you accept cookies. For instance, if you block or otherwise reject our cookies, you will not be able to use any products or services on the website that may require you to login.
It is important that you prevent unauthorized access to your password and your computer. You should always log out after using a shared computer. Information collected from cookies is used by us to evaluate the effectiveness of our site, analyze trends, and manage the platform. The information collected from cookies allows us to determine such things as which parts of our site are most visited and difficulties our visitors may experience in accessing our site.
With this knowledge, we can improve the quality of your experience on the platform by recognizing and delivering more of the most desired features and information, as well as by resolving access difficulties. We also use cookies and/or a technology known as web bugs or clear gifs, which are typically stored in emails to help us confirm your receipt of, and response to our emails and to provide you with a more personalized experience when using our site. Your continued use of this site, as well as any subsequent usage, will be interpreted as your consent to cookies being stored on your device.
2. Why and when we process your information
We will use and process your information:
- For internal business intelligence purposes, to conduct research, product development, and enhancement;
- To inform you of changes made to our Services;
- For promotional purposes, we may send out emails to your email address. You may unsubscribe from receiving these emails by following the instructions included in these emails, or by contacting us at [email protected];
- To ensure that content from our Service is presented most effectively for you and your computer;
- To display content based on your interests;
- To respond to your questions and provide related customer services;
- To confirm your identity when and if such procedure may be a requirement;
- To monitor and protect the security of our information, systems, and network;
- For residents of the European Economic Area, “EEA”, the United Kingdom, and Switzerland pursuant to Art. 6, GDPR, we process this information to comply with our legal obligations;
- When we need it to provide the Services, provide customer support and personalized features;
- To protect the safety and security of the Services;
- When it satisfies a legitimate interest (which is not overridden by your rights), such as for research and development, to market and promote the Services;
- To protect our legal rights and interests;
- When you give us your consent to do so for a specific purpose;
- When we need to process your information to comply with a legal obligation or requests from governmental or statutory authorities.
Your information may be processed for risk management purposes, to detect and prevent fraud and illegal activities, and in order to ensure compliance with all applicable laws. Such processing is part of our Anti-Money Laundering measures and is achieved via automated software or manually. For more information please refer to our AML Policy.
3. With whom, why, and when, such information may be shared
Such information may be shared with law enforcement, officials, or third parties:
- When we are obliged to do so by a governmental request, court order, competent authority`s official request, or similar legal procedure.
- Out of a good faith belief that the disclosure of the information is reasonably necessary to prevent, report and protect from, fraud, money-laundering, financial loss, and other suspected illegal activities.
- To, internally, or externally via our third-party partners, investigate violations of our Terms of Service or any other applicable policies and laws in order to ensure compliance with our legal obligations.
- In some instances, processing and sharing of your information with partner companies may be necessary for us to continue to provide our services to you.
4. Duration of Data Retention
We retain your personal data, and sensitive information, only for the period necessary to fulfill the purposes outlined in our Privacy Policy or as required by law. This includes retention for identity verification, regulatory compliance, and service improvement among others specified in this Policy.
For most types of data, including transaction history, contact information, and other personal details, we maintain this information for up to five years. Biometric data is usually retained for a shorter time period, only as long as necessary for identity verification purposes or for a maximum of three years from your last interaction with The Change, whichever is earlier.
After these respective periods, or once the specific purposes for data collection are satisfied, your data will be securely and permanently destroyed in accordance with our legal requirements.
5. How do we protect your information
For us, maintaining your privacy and avoiding misuse or unauthorized disclosure of your information is a priority, which is why The Change, with absolute responsibility to its users and their rights, applies various technical, physical, and administrative safeguards in order to protect the security and confidentiality of the information you entrust us with.
We will store your information, in a form that permits us to identify you, for no longer than is necessary for the purpose for which the information is processed. We maintain your information only for as long as it is necessary to comply with our legal obligations, resolve disputes, enforce our agreements and rights, and for any other reason as they are described in the sections above, or if it is not technically and reasonably feasible to remove it.
After your relevant request, we will erase your information without delay with respect to your rights as they are described further below in your rights section of this Privacy Policy. To request your information erasure, please contact us at [email protected].
Furthermore, we cannot ensure or warrant the security or confidentiality of the information you transmit to us or receive from us by Internet or wireless connection, including email, phone, or SMS, since we have no way of protecting that information once it leaves and until it reaches us.
Your data will not be sold, leased, traded, or otherwise profited from. We will not disclose or disseminate your data to third parties unless required by law or for the specific purpose of identity verification as outlined in this Policy and the AML Policy.
6. Children
We do not intend to solicit or collect information from anyone under the age of 18 or under the legal age of your country if it is higher. If you are under 18 or are not of the legal age of your country, do not enter any information on our Services.
7. Explicit Consent
By using our Services, you consent to the collection, storage, processing, and, usage of your personal data, as specified in this Policy, for purposes such as identity verification, regulatory compliance, and service improvement, among others, as outlined in this Policy. We are committed to handling your personal data responsibly and in compliance with applicable privacy laws and regulations.
By agreeing to this Policy, you provide explicit consent to the handling of your personal data under the terms outlined herein. You acknowledge that you have been informed in writing about the purposes for which your data is collected, the length of time it will be retained, and our commitment to the secure and private handling of your information.
8. Your Rights
8.1 Right to access
You have the right to access information concerning your information that are processed by us and you can request a copy of them. This means that we are obliged to provide you with all the information relevant to which categories of your information we use, for how long we store them, who are the recipients of those data and what are the purposes of processing them. The legal basis is Art. 15, GDPR.
8.2 Right to rectification
Should you notice that your information are incomplete, you can provide us with a supplementary statement. Should you notice that there are inaccuracies regarding your information, you can exercise your right to rectification, which means that we are obliged to make the essential corrections. The legal basis is Art. 16, GDPR.
8.3 Right to erasure
You have the right to request erasure of your personal information, and we are obliged to comply without undue delay, under the following conditions:
- The information are no longer necessary in relation to the purposes for which they were collected or processed;
- You withdraw your consent with our Terms of Service and there is no other legal ground for the processing;
- You exercise your right to object;
- The information have been unlawfully processed;
- The information has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
The aforementioned conditions are void in case processing is necessary for compliance with a legal obligation which requires processing by Union or Member State law to which we are subject, or for the performance of a task carried out in the public interest, or in the exercise of official authority vested in us, for the establishment, exercise or defense of legal claims, and other exceptions enumerated in article 17, paragraph 3 of GDPR. The legal basis is Art. 17, GDPR.
In order to request erasure of your personal information, please navigate to the settings of your account`s dashboard, and deactivate your account by pressing the "Deactivate account" button. By deactivating your account you withdraw your consent with our Terms of Service and your account is restricted for further usage. Following the account deactivation, you may contact us at [email protected] with the subject "Information Erasure" and request to erase your personal information.
8.4 Right to object
Unless there are compelling reasons to process your data, you have the right to object to the processing of your information in certain circumstances. Specifically, you can object if the processing is for:
- A task carried out in the public interest;
- The exercise of official authority vested in us;
- Our legitimate interests (or those of a third party).
When the processing is for direct marketing purposes, including profiling, your right to object is absolute and you can exercise it at any time and free of charge. The legal basis is Art. 21, GDPR.
8.5 Right to restriction
In addition, you have the right to restriction of processing of information concerning you under the following conditions:
- The accuracy of the information is contested by you, for a period enabling us to verify the accuracy of the information;
- The processing is unlawful and you oppose the erasure of the information and request the restriction of their use instead;
- We no longer need the information for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims;
- You have objected to processing pending the verification whether the legitimate grounds of ours override those of yours.
In all the aforementioned circumstances, such information shall only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. The legal basis is Art. 18, GDPR.
8.6 Right to lodge a complaint
In case you believe that the processing of your information by us is unlawful, you have the right to lodge a complaint with a supervisory authority. The legal basis is Art. 12, Par. 4, GDPR. These are the country commissioners for data protection, the contact person responsible for you can be found eg at the following URL: https://www.cpdp.bg/
8.7 Right to data portability
You have the right to data portability, which means that you have the right to receive your information processed by us in a structured, commonly used and machine-readable format and transmit those data to another controller without hindrance from us. The legal basis is Art. 20, GDPR.
8.8 Right to information
You have the right to information about any rectification or erasure of your information or restriction of processing carried out in accordance with Article 16, Article 17(1) and Article 18, GDPR to each recipient to whom the information have been disclosed unless this proves impossible or involves a disproportionate effort. We shall inform you about those recipients if you request it. The legal basis is Art. 19 GDPR.
8.9 Right to revoke a consent
You have the right to withdraw your consent to the processing of your data at any time. However, please be aware that withdrawing your consent may affect your ability to use part of our services. The withdrawal of consent will not affect the lawfulness of processing based on your consent before its withdrawal.
9. Policy Modifications
This Policy may be amended at our full discretion without prior notice. We encourage you to review it periodically in order to be aware of the changes we may have made. Reading it carefully and checking for any modifications is your responsibility. By using the Services, you accept and agree to the Privacy Policy, Terms of Service, and AML Policy.
10. Contact us
If you have any questions regarding our policy or privacy practices, please contact us at [email protected].