Last Updated: 15-Sep-2022
1. IMPORTANT INFORMATION AND WHO WE ARE
“Higlobe”, “we”, “us” and “our” refers to Higlobe, Inc.
“Personal Data” means any information relating to you as an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an online identifier or to one or more factors specific to your physical, physiological, genetic, mental, economic, cultural or social identity.
For the avoidance of doubt, Personal Data does not include data from which you cannot be identified (which is referred to simply as data, non-Personal Data, anonymous data, or de- identified data).
“Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, by any means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Sensitive Personal Data” means Personal Data related to an individual in connection with racial or ethnic origin, religious belief, political opinion, trade union, philosophical or political organization affiliation, heath data, sexual life, genetic or biometric data.
Identity and the Contact Details of the Controller
For the purposes of the General Data Protection Regulation (“GDPR”), Lei Geral de Proteção de Dados (“LGPD”), and Ley Federal de Protección de Datos Personales en Posesión de los Particulares (“LFPD”) Higlobe, Inc. is the data controller and responsible for the Personal Data that we collect or that you provide to us.
You can also contact us in writing at:
Higlobe, Inc., Postal Address: Higlobe, Inc., 228 Hamilton Avenue, 3 rd Floor, Palo Alto, CA 94301
Email Address: [email protected]
Or by phone: +1 888-744-4562 (+1 888-7Higlobe)
Contact Details of the Data Protection Officer
2. LAWFUL BASIS FOR COLLECTING YOUR DATA AND HOW WE USE IT
Change of purpose
We will only use your Personal Data for the purposes for which we collected it. We will delete it after fulfilling the intended purpose, after expiration of the respective storage periods, or after the expiration of storage requirements as specified by regulation or another legal requirement. You can review our retention schedule in the table below.
We will only use your Personal Data when the law allows us to. We will use your Personal Data under the following circumstances:
I. Primary Purposes:
When you give us your consent, for example, to confirm your address or allow us to have access to your location. You have the right to withdraw your consent at any time. To withdraw your consent contact us at [email protected]
When we need to perform a contract you have entered into with us by accepting our Terms of Service or other more specific terms of services relating to other services offered by us.
Where we need to collect Personal Data under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform our services under the contract we have or are trying to enter into with you (for example, to provide you with any of our services). In this case, we may have to cancel a service you have with us, but we will notify you if this is the case at the time.
Legal or regulatory obligation
When we need to collect Personal Data by law. If you fail to provide that data when requested, we will not be able to perform our services under the contract with you (for example, to provide you with any of our products or services). In this case, we will have to cancel a product or service you have with us and we will notify you at that time.
Other Collection Processes
We do not collect any Sensitive Personal Data and Data Consisting of Special Categories about you.
We also collect, use, and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your Personal Data but is not considered Personal Data in law as this data will not directly or indirectly reveal your identity.
II. Secondary Purposes:
We are committed to providing you with choices regarding certain Personal Data uses, particularly around marketing and advertising. We will get your consent before sending any third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
Promotional Offers from Us
We may use your Personal Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which services and offers may be relevant for you (we call this marketing).
You can expect to receive marketing communications from us if you have requested information or purchased services from us and you have not opted out of receiving our marketing. You have the right to withdraw consent to marketing at any time by contacting us at [email protected] .
Customer Service Communications
We may from time to time, send communications from our customer service team to notify you of any issues which may impact the performance of our services. In addition, when you contact our customer service team, you may be asked to provide information and/or documentation in order to verify your identity.
To Meet Our Contract Commitments
We will contact you for the following additional reasons to meet our contract committments:
- When we need to execute a contract you have entered into with us by accepting applicable terms and conditions or specific related terms relating to other services offered by us.
- Where we need to collect Personal Data under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform our services under the contract we have or are trying to enter into with you (for example, to provide you with any of our services). In this case, we may have to cancel a service you have with us but we will notify you if this is the case at the time.
Therefore, please be aware that your ability to opt-out from receiving marketing and promotional materials does not change our right to contact you regarding your use of our online services or as part of a contractual relationship we may have with you.
3. HOW YOUR PERSONAL DATA IS COLLECTED
Information That You Provide to Us
Personal Data that you provide directly to us should be apparent from the context in which you provide it, for example: when you use our services, we must collect your name, email address, and transaction information to complete your transactions.
We will process Personal Data that you choose to provide to us through the Website and Mobile Apps, including, but not limited to, your first and last name, physical address, email address, mobile device identifier, or transactional data (e.g., amount of funds associated with a transaction, the type of transaction executed, financial institutions, and account information).
Information That We Collect Automatically
We use Personal Data that we collect automatically through cookies and action tags. We also use the information to help diagnose technical and service problems, administer the website, and identify visitors to the website.
Action Tags: We may use action tags to identify some of the pages that you visit and how you use the content on those pages. Action tags collect and transmit this data in a manner that identifies you if you have registered with our website or are logged into our online services.
We also may use action tags in our emails, to determine whether an email was opened or whether it was forwarded to someone else. When you use our applications, we may use action tags where you are accessing websites via links in our applications. These may identify the pages that you visit and how you use the content on those pages.
We use third party analysis tools to collect data about your computer and internet connection. That information includes, but is not limited to, the IP address of your computer and/or internet service provider, geolocation, when you access our online services, the Internet address of websites from which you link to our online services and from which you came to before landing on our online services, the browser that you are using and your movements on our online services. All of this information is used internally for the purposes of understanding how our online services are being used and to improve them. We also use the data collected via cookies to track the popularity of our online services.
We also use third party analysis tools to collect data about your use of our applications. The information collected identifies the types and timing of actions you take within our applications, including installation, registration, uploading, and certain types of navigating. All of this information is used internally for the purpose of understanding how our applications are being used and improving them. For those cases in which the LFPD is applicable, we also inform you that your Personal Data obtained through the above automated technologies are for the exclusive use of the controller and will not be shared with any person, company, organization or governmental authorities other than Higlobe, Inc.
Information That We Obtain From Third Parties and Publicly Available Sources
Third party partners and publicly available data sources are used in conjunction with our in- house systems for analyzing and verifying information provided by you to Higlobe, and for purposes of regulatory compliance and fraud detection/prevention.
For those cases in which the LFPD is applicable, in the event that Higlobe receives Personal Data through the transfer from another person or entity that had them in its possession, Higlobe, Inc. shall manage the processing of the data in a manner that is consistant with the terms of the privacy notice of the controller who had possession of the personal data. You may view the type of data we share with third parties in the table below.
Third Party Links
4. FRAUD, ANTI MONEY LAUNDERING AND COMBATING TERRORIST FINANCING
Money laundering is defined as the process where the sources of funds are disguised so that it gives an impression of legitimate income. Criminal2s specifically target financial services firms through which they attempt to launder criminal proceeds without the firms’ knowledge
or suspicion. Higlobe utilizes numerous internal and third -party applications, products, and services to ensure that our services are not used for purposes of fraud, money laundering, and/or terrorist financing.
IMPORTANT INFORMATION ABOUT OPENING A NEW ACCOUNT
U.S. Federal law (and all jurisdictions in which we operate) requires all financial institutions to obtain, verify, and record information that identifies each person who opens an account. What this means for you: When you open an account, we will ask for your name, address,
date of birth, and other information that will allow us to identify you. We will also ask to see your driver’s license or other identifying documents.
5. INFORMATION WE SHARE
We do not sell Personal Data that you provide to us or that we collect on this website or our online services. We do not disclose or transfer Personal Data that you provide us or that we collect on this website or our online services except as described here:
- Companies in the Higlobe group , controlling companies, subsidiaries or affiliates under the common control of the data controller, or to a parent company or any company of the same group of the data controller that operates under the same internal processes and policies,where it is necessary for the performance of a contract and these entities are used by us to assist in the provision of our services to you. Companies in the Higlobe group will be acting as joint controllers in order to provide our services Marketing materials if you have provided consent;
- If required, professional advisers such as lawyers, banks, auditors and insurers providing such services when the transfer is necessary for the maintenance or fulfillment of a legal relationship between the data controller and the Data Subject or if required to meet our regulatory obligations;
- Regulators and other authorities who require reporting of processing activities under certain circumstances;
- If required, or where we believe it is required by applicable law or legal process; or
- To protect the rights, property and safety of Higlobe, our users and the public, including, for example, in connection with court proceedings, to detect or prevent criminal activity, fraud, material misrepresentation, or to establish our rights or defend against legal actions.
- To third party service providers who assist us in complying with our AML obligations and who are contractually obligated to handle and process your personal data in accordance with this Policy and applicable law.
- To third party service providers who assist us in receiving, transferring, storing, or otherwise delivering funds as part of providing our service.
Higlobe is headquartered in the United States. However, due to the global nature of our service, we have operations throughout the world, including but not limited to, in North (Central and South) America and Asia. We transfer your data to countries outside the European Economic Area, Mexico, and Brazil with your express consent.
In accordance with applicable data protection and privacy laws and regulations, we have in place contract provisions with our third party service providers to ensure that your Personal Data remains protected and secure when it is transferred to a jurisdiction other than one that is recognized as having an adequate level of protection of Personal Data. These measures include (where applicable) transferring pursuant to appropriate data transfer agreements.
Categories of providers
Further details on these provisions can be obtained by contacting at [email protected]
6. SECURITY MEASURES
We have put in place appropriate security measures to prevent your Personal Data from unauthorized or accidental access, destruction, loss, theft, alteration communication, use, or any type of improper or unlawful processing. We have taken precautions to ensure the security of your data. The Personal Data you have entered on HTML pages (contact forms) and that is stored by us, shall be transmitted to Higlobe in encrypted form (TLS Transport Layer Security) via the public data network, and stored and processed at Higlobe or Higlobe contracted facilities.
In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties strictly needed under the provisions made within a service agreement signed with them. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality and a duty to comply with data protection procedures.
We have put in place procedures to deal with any suspected or actual Personal Data breach. We will notify you and any applicable authority of a Personal Data breach where we are legally required to do so.
In the event of a personal data breach, Higlobe shall inform the Data Subject at least of the following: I. The nature of the incident; II. The personal data compromised; III. The recommendations to the Data Subject about the measures that he/she may adopt to protect his/her interests; IV. The corrective actions taken immediately; and V. The means by which further information may be obtained in this regard. The security breaches of Personal Data occurring at any stage of processing are at least the following: I. Unauthorized loss or destruction; II. Theft, loss, or unauthorized copying; III. Unauthorized use, access or processing; or IV. Damage, alteration or unauthorized modification.
7. PROTECTION OF MINORS
Higlobe does not knowingly collect or solicit Personal Data from anyone under the age of 18. If you are under 18, please do not attempt to register for our services or send any Personal Data about yourself to us.
8. DATA RETENTION
We retain information about you in our databases for as long as required to fullfil our legal obligations. The personal data will be eliminated after the termination of their processing, unless retention is authorized for (i) compliance with our legal, regulatory, tax, accounting, or reporting obligations and requirements, and/or (ii) to resolve dispute, or complaints, and to enforce our agreements.
Note that we may retain your Personal Data on more than one lawful basis depending on the specific purpose for which we are using it. In certain circumstances, your information may be retained for longer periods due to the inherent nature of distributed ledger technology.
In some circumstances we will anonymize your Personal Data (so that it can no longer be associated with you) for research or statistical purposes. When information is anonymized, it ceases to be Personal Data and we may use it without further notice to you.
Purpose of Data Collected & Retention Schedule
9. YOUR RIGHTS AND CHOICES
Right to Information and Access
Right to Rectification
You have the right to have any inaccurate or outdated Personal Data about you rectified and to have any incomplete Personal Data about you completed.
Right to Erasure (Right to be Forgotten or Right of Cancellation)
You have the general right to request the erasure of your Personal Data in the following circumstances:
- The Personal Data is no longer necessary for the purpose for which it was collected;
- You withdraw your consent to processing and no other legal justification for processing applies;
- We unlawfully processed your Personal Data;
- Erasure is required to comply with a legal obligation that applies to us.
We will proceed to comply with an erasure request without undue delay and to such extent we are able to do so, unless continued retention is authorized under applicable law, including for the purposes of:
- Complying with a legal or regulatory obligation;
- Preserve the legally protected interests of the holder;
- The establishment, exercise, or defense of legal claims.
Please note that when interacting with the blockchain we may not be able to ensure that your Personal Data is deleted.
Right to Restrict Processing
You have a right to request to restrict processing of your Personal Data, such as where:
- You contest the accuracy of the Personal Data;
- If you believe processing is unlawful, you may request, instead of requesting erasure, that we restrict the use of unlawfully processed Personal Data;
- We no longer need to process your Personal Data but need to retain your information for the establishment, exercise, or defense of legal claims or regulatory requirements.
You may limit the use and disclosure of your Personal Data by sending us a request to [email protected].
eRight to Data Portability
You have a right to receive the Personal Data you provided to us in a structured, commonly used, and machine-readable format, through your express request.
Right to object to direct marketing (opting out)
You have a choice about whether or not you wish to receive information from us.
We will not contact you for marketing purposes unless:
- You have an existing business relationship with us to offer you similar services, and we rely on our legitimate interests as the lawful basis for processing;
- You have otherwise given your prior consent
On each and every marketing communication, we will always provide an option for you to exercise your right to object to the processing of your Personal Data for marketing purposes (known as opting-out) by clicking on the unsubscribe button on our marketing emails or choosing a similar opt-out option on any forms we use to collect your Personal Data.
Therefore, please be aware that your ability to opt-out from receiving marketing and promotional materials does not change our right to contact you regarding your use of our online services or as part of a contractual relationship we may have with you.
Right to Request Access
You also have a right to access information we hold about you. We will endeavor to provide you with details of your Personal Data that we hold or process. To protect your Personal Data, we follow established disclosure procedures, which means that we will require proof of identity from you prior to providing such information. You can exercise this right at any time by contacting us via any of the methods listed in Section 1 of this policy.
Right to Withdraw Consent
Where the legal basis for processing your Personal Data is your consent, you have the right to withdraw that consent at any time by contacting us using the details found below. It is important to note that if you withdraw consent, we may no longer be able to provide you with our services. You can exercise any of the above rights free of charge by contacting us at [email protected]
Most of the above rights are subject to limitations and exceptions. We will provide reasons if we are unable to comply with any request for the exercise of your rights.
If you would like to exercise any of your rights as described above, we may request that you provide verification of your identity in order to protect the security of your data.
All requests will be responded to in accordance with the timeframes established in the jurisdictional laws applicable to you.
Right to File a Complaint with a Supervisory Authority
If we have not responded to you within a reasonable time or if you feel that your complaint has not been resolved to your satisfaction, without prejudice to any other administrative or judicial remedy, you are entitled to register a complaint with the supervisory authority in the jurisdiction of your residence. We would, however, appreciate the chance to deal with your concerns before you approach a Supervisory Authority so please contact us at [email protected]
It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us.
Data Protection Principles
We will comply with data protection law and principles, which means that your data will be:
- Used lawfully, fairly, and in a transparent way
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes
- Relevant to the purposes we have told you about and limited only to those purposes
- Accurate and kept up to date
- Kept only as long as necessary for the purposes we have told you about
- Maintained securely
- Used soley for non-discriminatory purposes
AML/KYC Privacy Notice
We will process your identifying data and profile data within operations such as identification (Know your Customer, also known as KYC) and profiling (Customer Due Diligence, also known as CDD) for the purposes of the execution of our Anti Money Laundering (also known as AML) and Counter Terrorism Financing (also known as CTF) customer identification and verification process obligations.
When Higlobe asks for CDD, what this refers to is providing proof of address and proof of identification. This along with information gathered at the application stage helps to describe any customer (KYC). Without a KYC program, Higlobe may unknowingly become involved with illicit activities and therefore be subject to reputational, operational and legal risks, which can result in significant financial cost. KYC is most closely associated with the fight against money-laundering.
Specific proof of address, proof of Identification, source of funds and/or AML-CTF questionnaires that aimed at to fulfil KYC and CDD obligations are compulsory for Higlobe users and their failure to be provided might lead to the blocking of your account or our refusal of services.
Anti-Money Laundering (AML) Policies
Our AML policy is designed to prevent money laundering by meeting the U.S. and European standards on combating money laundering and terrorism financing, including the need to have adequate systems and controls in place to mitigate the risk of the firm being used to facilitate financial crime.
As a regulated financial institution, Higlobe has specific requirements regarding AML systems and procedures. This reflects senior management’s desire to prevent money laundering.
Higlobe is prohibited from transacting with individuals, companies and countries that are on prescribed sanctions lists. Higlobe will therefore screen against United Nations, European Union, UK Treasury and US Office of Foreign Assets Control (OFAC) sanctions lists in all jurisdictions in which we operate.
Automated Decision Making
We do not utilize fully automated decision making processes. We use semi-automated processes which include, but are not limited to, screening Know Your Customer (KYC) and Anti-Money Laundering (AML) data you provide to us in order to assess whether or not we are legally able to allow you to use our services.
All automated screenings are manually reviewed by Higlobe compliance analysts for any adverse conclusions of onboarding. All positive conclusions are automated .The analyst will review the triage cases to determine if they should be cleared or escalated.
Third Parties and AML-KYC
Where processing of personal data is carried out on behalf of Higlobe by a third party provider, we execute a separate contract with the processor with respect to this processing. This contract requires compliance with European, U.S., Mexican, and Brazilian data protection regulations and defines sufficient guarantees for the implementation of appropriate technical and organizational measures, all of which are intended to ensure the protection of your rights.