PRIVACY POLICY

This privacy policy (“Privacy Policy”) explains how QB, a group of companies where Valuno Group AB (publ) is the parent company, (“ QB”,“we”,“us”or “our”) collects, uses, processes, shares, transfers and protects your personal data in connection with the provision of the services (“Services”) provided through the QB App or when you interact with QB with respect to the Services.

This Privacy Policy applies to personal data processing that occurs when you visit our website, www.valuno.com (“Website”), and use our Services or interact with us with respect to our Services. We have gathered all the relevant information in this privacy policy.

Please read this Privacy Policy carefully and ensure that you understand it. If you have any questions regarding this Privacy Policy, feel free to contact us via the contact information stated under section Exercise your rights below.

1. LEGAL ENTITY

The entity within QB with which you have entered an agreement regarding the Services is responsible for the processing of your personal data, which is processed in accordance with this Privacy Policy. Under certain circumstances the responsibility for the data protection and your privacy is shared with one or several other legal entities, either a QB entity or a third party, please see Section With whom do we share your personal data?  below for more information regarding how we share your data.

When you use our Services the following QB entity is the data controller and is therefore responsible for the processing of your data:

• QB Europe AB, company registration number 559265-3793, if your country of residence is Sweden,
• Balder Solutions AS, company registration number 921711425, if your country of residence is Norway,
• QB Finland OY, company registration number 3204467-3, if your country of residence is Finland,
• Wallet Topup SP.z.o.o, company registration number 962387, if your country of residence is Poland, or
• Algobuy Crypto UAB, company registration number 305987883, if your country of residence is Lithuania.

QB Europe AB will automatically be the data controller for customers domiciled in any other country than listed.

2. DEFINITIONS

In this Privacy Policy, the following terms shall have the following meaning:

Account – means an account required to access and use our Services;

Terms such as “personal data”, “processing”, “transfers” and other terms used in this Privacy Policy shall be construed in accordance with applicable data protection laws, i.e. the 2016/679 General Data Protection Regulation and the Directive 2002/58/EC on Privacy and Electronic Communication as well as the Swedish national implementations and related Swedish national legislation ( the “Applicable Data Protection Laws”).

3. PURPOSES OF OUR PROCESSING OF YOUR PERSONAL DATA

3.1 When you have an Account, we will process your personal data for the following purposes and on the basis of the following legal grounds:

• Providing the Services to you and managing your Account. The legal ground for this processing is contractual necessity;
• For the fulfilment of legal obligations that QB may be subject to, such as the anti-money laundering and book-keeping legislation. The legal grounds for this processing are QB’s legal obligations;
• For the enforcement of the agreement you have with us, including to protect our rights, property and safety and the rights, property and safety of third parties if necessary. The legal ground for this is our legitimate interest to establish, exercise or defend legal claims;
• Personalising and tailoring your experience on the Services, including gathering and anonymising data on user traffic, usage patterns, user numbers, sales, and other information. The legal ground for this processing is our legitimate interest to improve our Website to make it more user-friendly;
• Personalizing and tailoring our Services to you. The legal ground for this processing is our legitimate interest to improve our Services based on our customers’ needs.
• Replying to your enquiries and customer service requests. The legal ground for this processing is our legitimate interest to address any questions, requests or other forms of enquiries you may have;
• Sending you e-mails that you have opted into. The legal ground for this processing is your consent. You may withdraw your consent at any time through clicking on the “unsubscribe” link at the end of each e-mail); and
• Market & academic research, including anonymization of statistics of the use of our website.

3.2 When you browse our website without having an Account, we will process your personal data for the following purposes and on the basis of the following legal grounds:

• Personalising and tailoring your experience on the website including gathering and anonymising data on user traffic, usage patterns, user numbers, sales and other information. The legal ground for this processing is our legitimate interest to improve our website to make it more user-friendly;
• Replying to your enquiries about us or our Services. The legal ground for this processing is our legitimate interest to address any questions, requests or other forms of enquiries you may have;
• Sending you e-mails that you have opted into. The legal ground for this processing is your consent. You may withdraw your consent at any time through clicking on the “unsubscribe” link at the end of each e-mail); and
• Market & academic research, including anonymization of statistics of the use of our website.

4. WHAT PERSONAL DATA DO WE PROCESS?

We will collect and process your personal data when you create an account in the QB-App, fill out a form, use the Services, submit or post content within our Services, communicate with us via third-party platforms, request customer support, or otherwise communicate with us in relation to the Services. When we fetch personal data from you or third parties it is because it is relevant for the provision of the Services, or we are required to do so by applicable laws and regulations, or for other specified purposes. Please note that we will not be able to provide the Services to you if you fail to provide certain personal data to us that is necessary for the provision of such Services. We will not use your personal data for any other purpose than the purposes covered in this privacy policy without prior notification to you or your consent.

4.1 When you sign up and create an account in the QB-App

When you create an account with us to use our Services, we will process the following categories of personal data:

1. General and contact information, such as name, date of birth, e-mail address, telephone number, address and postal code and citizenship;
2. Financial information, such as your income, payment method information, transaction data, balance information, cryptocurrency wallet addresses used and information on how you intend to use the Services;
3. Sanctions lists and lists of individuals classified as politically exposed persons (“PEPs”) include information such as name, date of birth, place of birth, occupation or position, and the reason the individual appears on the respective list.
4. Documentation necessary for the fulfillment of Anti Money Laundering and Know Your Customer measures, such as national identity card, passport, proof of address, proof of funds & related documents;
5. System information, such as IP address, web browser type and version, operating system, information on your website activity; and
6. Any other information that you may share with us in a free text when you communicate with us. Please bear in mind not to share more personal data than what is necessary for the enquiry you have.

Please bear in mind that we are unable to provide you with the Services unless we can process the personal data listed above. The processing of the personal data listed above is necessary to enter into an agreement with us and is necessary to maintain the contractual relationship between you and QB.

4.2 When you browse our website

When you browse our website, we will process the following categories of personal data:

1. System information, such as IP address, web browser type and version, operating system, information on your website activity, the URLs you visit from;
2. Contact information, such as name and e-mail address when you sign up for receiving e-mails from us; and
3. Any other information that you may share with us in free text when you communicate with us. Please bear in mind not to share more personal data than what is necessary for the enquiry you have.

5. HOW LONG DO WE STORE PERSONAL DATA FOR?

We do not keep your personal data for any longer than is necessary for achieving the purpose for which the personal data was first collected.

• For contractual relationships, yourdata isretained for as long as the agreement is in effect and thereafter for up to 7 years due to statutory limits.

• For AML- and accounting purposes your data is retained for 5 or 10 years as we are required to in accordance with AML and accounting legislation.

Please note that once you have requested deletion, we are still required to retain your personal data,with limited access within the organization, to fulfill  statutory requirements as set out above.

6. WITH WHOM DO WE SHARE YOUR PERSONAL DATA?

When sharing your personal data, we take steps to ensure that the recipient processes your personal data in accordance with applicable data protections laws by for example entering into a data processing agreement or a data sharing agreement. This will ensure that your data is processed securely and in compliance with applicable laws.

Please bear in mind that our website may contain references to other websites. You may also be directed to other websites that are outside of our control. Hence, we recommend that you read the other websites’ privacy policies to understand the personal data processing that they conduct.

We may share your personal information in the following circumstances or as otherwise described in this policy:

6.1 Categories of recipients that we may share your personal data with, regardless of the service you use

Service providers and subcontractors

Service providers and subcontractors are entities that are only permitted to process personal data on behalf of us and in accordance with our instructions, acting as data processors.

We might require access to services and functionalities from a service provider that we cannot provide internally. Such categories include:

• software suppliers
• payment service processors,
• suppliers of compliance services and tools
• banks
• suppliers of customer support services
• cloud service supplier
• cryptocurrency exchange platform
• cross border payment platforms
• automated token and payment processing providers

Appropriate safeguards are in place to ensure that such processing is necessary for the stated interest.

We have a legitimate interest in obtaining these services to support our operations,Article 6(1)(f) GDPR.

Authorities

In certain circumstances, we may be legally required to share certain personal data that we process to a relevant authority such as,

• the Tax office, Police
• Financial Supervisory Authority
• other authorities and courts

We may share personal data with authorities when required to do so by law, or in certain cases, upon your request or for crime prevention. Depending on the case, the legal grounds for sharing this data are:

• compliance with laws and regulations, see Article 6(1)(c) GDPR.
• contractual obligations, see Article 6(1)(b) GDPR.
• to protect ourselves, see Article 6(1)(f) GDPR.

In accordance with the EU Directive on Administrative Cooperation (DAC8), we are legally required to report certain information about your transactions to the local Tax Authority. This includes details necessary for the calculation of your tax liability.  

7. CHANGE OF CONTROL

We may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of our business. Any personal data that you have provided will, where it is relevant to any part of our business subject to a transfer, be transferred along with that part. The new owner or newly controlling party will, under the terms of this privacy policy, be permitted to use that personal data only for the same purposes for which it was originally collected by us.

In the event that any of your personal data is to be transferred in such a manner, you will not be contacted in advance and informed of the changes. However, you will be given the choice to have your personal data deleted or withheld from the new owner or controller.

8 WHEN DO WE SHARE YOUR PERSONAL INFORMATION OUTSIDE EU/EES

All of our servers are based in the European Economic Area (the “EEA”). We may however use data processors who process personal data outside the EEA. Regardless of whether it is us or one of our service providers handling your personal information, we will ensure a high level of protection when transferring personal data.

We have implemented appropriate safeguards in accordance with applicable data protection regulations.

In the event that a non-EEA country to which we transfer personal data has not obtained an adequacy decision from the European Union (the “EU”) Commission, we have applied safeguards for any transfers of personal data to third countries, such as the EU Commission Standard Contractual Clauses.

• Company: Amazon’s AWS
• Location: United States of America
• Safeguard: EU Commission Standard Contractual Clauses 2010/87/EU

9. YOUR PRIVACY RIGHTS

Under the GDPR, you, as a data subject, have several rights regarding the processing of your personal data. These rights empower you to access, control and, in certain cases, restrict or request the deletion of your information. Below, we outline your rights and how you can exercise them.

Right of access: request access to and information about the personal data that we process about you.

Right of rectification: request that we correct (rectify), complete, erase or restrict the processing of personal data regarding you.

Right to object: you have the right to object to our processing of your personal data that is based on legitimate interest unless there are compelling legitimate grounds for us to do so.

Right to erasure: you have the right to request that we erase your personal data within the limits of the conditions of Article 17 GDPR.

Right to data portability: retrieve your personal data in a machine-readable format, enabling you to transfer it to another organization or other use.

Right to restrict processing: request limitation of the processing of your data based on legitimate interest in accordance with Article 6 (1) (f) GDPR. You have an absolute right to object to personal data processing done for the purposes of direct marketing, such as the one described in Section 3 above pertaining to your choice to receive e-mails from us.

10. EXERCISE YOUR RIGHTS

If you want to exercise your right under this Privacy Policy, have any questions about QB’s processing of personal data regarding you or any other questions related to GDPR please contact us by sending an email to support@i02.cbb.myftpupload.com. 

When you contact us, please state your full name and ensure that your query is clear, particularly in the event the query is with respect to the processing of personal data regarding you. Additionally, please note that we may have to verify your identity before we proceed with processing your request.

11. COMPLAINTS

If you are dissatisfied with how we process your personal data, please contact our data protection team at dataprotection@i02.cbb.myftpupload.com or by using the address below:

Att. Data protection team

Valuno Group AB (publ)

Sveavägen 31, 111 34 Stockholm, Sweden.

If we are unable to help, you have the right to lodge a complaint with a supervisory authority.

12. SECURITY 

QB continuously undertakes appropriate technical and organisational measures to ensure adequate security of your personal data throughout the processing.

QB has undertaken the following steps to secure and protect your personal data:

1. Data Encryption: We encrypt data in transit and at rest to protect it from unauthorized access or breaches. Encryption helps ensure that even if data is intercepted, it remains unreadable without the correct decryption key.
2. Access Controls: We have implemented strict access controls to ensure that only authorized personnel have access to personal data. This includes using multifactor authentication methods to verify user identity before granting access.
3. Secure Data Storage: We utilize secure servers and environments, and employ technologies like firewalls, data access control and private networks to safeguard data from external threats and unauthorized access.
4. Data Backup and Recovery: We have established reliable backup systems and regular testing of recovery procedures to ensure that data can be restored quickly and effectively after a potential data loss event.
5. Regular Security Audits and Penetration Testing: We conduct routine security assessments and penetration testing to identify and mitigate vulnerabilities in the System, ensuring ongoing protection of data against emerging threats.

13. CHANGES TO THIS PRIVACY POLICY

We may change this Privacy Policy from time to time. Any changes will be immediately posted on the website www.valuno.com. We recommend that you check this page regularly to keep up-to-date. If your consent is required due to a change of this Privacy Policy, we will provide you with relevant information and ask for such consent in accordance with Applicable Data Protection Laws.