For any matters, relating to data protection you may contact [email protected] in writing by e-mail or letter to the following address:
Tallinn, Estonia, Kesklinna linnaosa, Tartu mnt 83-701, 10115
Our representative in the EU according to article 27 GDPR is:
Email: [email protected] – re: Privacy
Data processing in connection with the sites
Visiting our websites
When you visit our website, the hosting provider of our website, automatically collects and stores various information in so-called server log files that your browser transmits to us. The information/data mentioned is neither assigned to specific persons nor linked to data from other sources. The following technical data will be recorded by us.
The collection and processing of this technical data is for the purpose of enabling the use of our website, continuously ensuring system security and stability, optimizing our website, and for internal statistical purposes. This is our legitimate interest in the processing of data in the sense of Art. 6 Par. 1 lit. f GDPR.
Furthermore, the IP addresses will be evaluated, together with other data, in case of attacks or other unauthorized use or misuse of the website, for the purpose of intelligence and protection, and if appropriate, used in criminal proceedings for identification and civil and criminal proceedings against the relevant users. This is our legitimate interest in the processing of data in the sense of Art. 6 Par. 1 lit. f GDPR.
Use of Websites Cookies
You may, at any time, prevent the setting of cookies through our websites by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of cookies. Furthermore, previously set cookies may be deleted at any time via an Internet browser or other software programs. This is possible in all popular Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, it may not be possible to use all the functions of our websites.
This websites also uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Inc. is an enterprise of the holding company Alphabet Inc., domiciled in the USA. The information generated by the cookie about your use of the websites (including your IP address) will be transmitted to and stored by Google on servers in the United States.
Google will use this information for the purpose of evaluating your use of the website, compiling reports on websites activity and providing other services relating to websites activity and internet usage. Google may also transfer this information to third parties if this is required by law or if third parties process this data on behalf of Google.
We may also collect the following personal information from you:
- Information required pursuant to regulatory requirements verifying your identity, such as a passport or other government-issued photo identification;
- Financial information such as your exchanges trading account details, annual income, net worth, risk capital financial information, bank account details, Paypal and credit card information;
- Contact Information such as name, email address, phone number;
- Unique Identifiers such as user name, account number, password;
- Preferences Information you provide such as product settings or content interests, or communication or marketing preferences;
- Usage activity about how you interact with us such as purchase history, screens opened, features used, what content you viewed, and which areas of our service you visited.
- Device Information such as your device type, operating system, internet service provider or mobile service carrier;
We use this information to:
- Assess your needs to determine suitable products or services;
- Make transactions to pay for the use of our services;
- Respond to customer service requests;
- Send you notifications and marketing communications;
- Improve our services and marketing efforts;
- Conduct research and analysis;
- Respond to your questions and concerns;
- Display content and features based upon your interests.
International transfer of personal data
They are obliged to protect data privacy to the same extent as we ourselves. If the level of data protection in a given country does not correspond to the European data protection level, we contractually ensure that the protection of your personal data corresponds to the EU at all times by concluding agreements using the standard contractual clauses and complying with the GDPR.
Disclosure with affiliates
We may share your personal, financial and Account information with our affiliates for business, marketing, and customer service purposes, as permitted by applicable law. Our affiliates are companies which are controlled or directly or indirectly owned by us; and include financial service companies, such as other IT and rendering firms.
To help us improve our services to you, we may engage another business to help us carry out certain internal functions, such as account processing, fulfillment, client service, client satisfaction surveys or other data collection activities relevant to our business. We may also provide a non-affiliated third party with client information from our database, including your name, address, phone number, and/or e-mail address, to help us analyze and identify client needs, notify clients of product and service offerings or conduct general marketing and market research for us.
Disclosure with non-affiliated third parties
We will not sell, license, lease or otherwise disclose your personal information to any third party for any reason, except as described above and below.
In order to support the products and services we provide to you, we may share your personal and account information with third-party service providers and joint marketers not affiliated with us, including but not limited to financial service institutions with whom we have joint marketing agreements, such as agreements to market financial services or products that we jointly offer, endorse or sponsor; and companies under contract to perform services for us or on our behalfs, such as vendors that prepare and mail statements and transaction confirmations or provide data processing, computer software maintenance, and development, transaction processing, and marketing services.
We generally require that all non-affiliated third parties to which we provide your nonpublic information agree to keep your information confidential and use such information solely for the limited purpose for which we have engaged them, or as otherwise required by law. We also seek to ensure that these non-affiliated third parties maintain appropriate data security procedures to guard against unauthorized use of, or access to, your information.
We may disclose personal information with non-affiliated companies and regulatory authorities as permitted or required by applicable law. For example, we may disclose personal information to cooperate with regulatory authorities and law enforcement agencies to comply with subpoenas or other official requests, and as necessary to protect our rights or property.
Security of your personal data
We employ physical, electronic, and procedural safeguards in order to protect your personal, financial and Account information and to offer you a safe and secure trading environment. When you open an Account with us, you are issued a unique Account number and password, as well a unique user id and password for the Secure Access Website.
- Our employees are required to maintain and protect the confidentiality of your information and must follow established procedures to do so;
- We limit access to your personal, financial and Account information to those employees and employees of our affiliates who need to know in order to conduct business, including servicing your Account. These employees will have access to your Account number and user id. Although certain employees have the ability to reset your Account password and Secure Access Website password for you, they will not have access to your password, as they are not saved in our systems.
- We have employed adequate security measures based on recognized international standards, to safeguard your information and protect from it from being disclosed, compromised or leaked.
- Your personal, financial, and Account information, including your credit card details (where applicable), will be disposed of or purged from our records based on our data retention policy, which is compliance with recognized international standards.
- You are ultimately and solely responsible for maintaining the secrecy of your Account number and password and the Secure Access Website user id and password. In order to better safeguard this information, we highly recommend you the following precautions:
- Do not disclose your Account number and password, or Secure Access Website user id and password to anyone;
- Do not save your Account number and password, or Secure Access Website user id and password on any shared, public or private computer, tablet, mobile phone, or any other device;
- Avoid using public computers at internet cafes and similar places whenever possible;
- Immediately change your Account password and Secure Access Website password after your first log-in;
- Change your Account password and Secure Access Website password regularly and whenever you believe there may have been a breach or when you believe a breach may occur in the future;
- Choose strong passwords that are not easily breakable, including capitalized letters, numerical values, and symbols and differ from other passwords you are using for other accounts;
- Do not configure the save password option on the web browser you are using;
- The computer, tablet, mobile phone, or other devices you are using has security controls, such as, antivirus software;
- Ensure that the Website you are accessing is legitimate SONM Website;
- Make sure that the Website is changed to “https” prior to entering any information, such as personal information, log-ins, passwords, and credit card information to ensure information is encrypted during transmission;
- Do not continue the transmission, if the SSL Certificate of the Website you are accessing does not belong to SONM and immediately notify SONM;
- Validate all calls, emails or other communications from SONM are genuine prior to disclosing any personal, financial or Account information; and
- Notify SONM immediately if you believe your account or secure website access has been compromised.
Changes to this privacy statement
Any dispute over this statement is subject to the terms of this statement and our Terms of Business. If you have any questions that this statement does not address, please contact a support representative.