Data Protection Statement

Haycen Ireland Ltd (collectively, “Haycen“, us,” “our,” or “we”) respects and protects the privacy of its clients. This Data Protection Statement describes our information handling practices when you access our services. We may modify this Privacy Policy from time to time in order to comply with the Data Protection Acts and GDPR provisions. If we make any material changes, we will notify you by email.

Data Controller

Under the GDPR of May 2018 and Irish Data Protection Acts, 1988-2018, CDG is the data controller in relation to the processing activities described below. This means that CDG decides why and how your personal information is processed.

Information we collect

As a registered Company in Ireland, information that Haycen Ltd collects is outlined below.

Information that we collect about you when using our website:

  • Your name, title and contact details (i.e. email address, telephone number);
  • When you engage with our website we receive information from your devices, including IP address, http referrer fields, web browser type, mobile operating system version, phone carrier and manufacturer, unique device identifiers, and other information about your device and your usage of our services.
  • We may collect different types of information about your location, including general information (e.g., IP address, zip code) and with your consent, more specific information about your location (e.g., GPS-based functionality on mobile devices used to access our services). If you no longer wish for us to collect and use GPS location information, you may disable the location features on your device, provided your device allows you to do this. Please see your device manufacturer settings. Please note that if you disable such features, you will not be able to access or receive some or all of the services, content, or features.
  • We collect information you knowingly and voluntarily provide when you engage with us. It includes personal information that can be collected, processed, and recorded for the purpose of complying with Anti-Money laundering (AML) obligations during the Customer Due Diligence (CDD) process.
  • Any information you include in correspondence you send to us or in forms you submit to us or when using our Site or social media pages.
  • Your communication preferences.
  • Your identification information when exercising the rights that you have in relation to our processing of your personal information (see further ‘Your rights in relation to your personal information’).
  • Details of any transactions between you and us.
  • Your payment card details and, in relation to certain refunds, your bank account details.

When you visit our Site we may also collect the following information:

  • The date and time you used our Site;
  • The pages you visited on our Site and how long you visited us for;
  • The website address from which you accessed our website;
  • If we have asked for it, details regarding when and how you consented to receive marketing communications from us (including the time and date you provided your consent);
  • Other cookies, pixels and beacon identification information (for more information please see our Cookie Policy).

Legal basis for processing information

Haycen Ltd complies with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR). By GDPR provisions, Haycen is identified as the data controller whereas, pursuing Article 4 (7) GDPR, data processing activities are delegated to an external organisation by contract which, as the data processor, pursuing Article 4 (8) GDPR, will process personal data on behalf of us and under our directions.

Purpose of data processing

Personal information is typically data that identifies an individual or relates to an identifiable individual. This includes information clients provide to Haycen for the use of services provided, information that is collected about clients and counterparties automatically or upon request, and information the firm obtains from affiliates and third parties. All this information is either required by law for AML/CFT obligations, necessary to provide the requested services, or is relevant for certain specified purposes as follows: 

1) To maintain legal and regulatory compliance

2) To enforce our terms in our user agreement and other 

agreements

3) To detect and prevent fraud and/or funds loss

4) To provide Haycen's Services

5) To provide service-related communications

6) To provide customer service

7) To ensure network and information security

8) For sales and marketing activities 

9) For any purpose that clients provide their consent for

Clients are requested to further give their explicit, informed, and specific consent in a written form for the processing of personal data which are not within the scope of AML/CFT obligations pursuing Article 4, Sec. 11, and Art. 6 GDPR. Data subjects are always informed of all purposes of processing and Haycen must obtain consent for each of the defined purposes to ensure transparency and execution of rights.

You may withdraw your consent for us to use your information in any of these ways at any time. However, withdrawal of consent will only affect the continued processing of your data and is not retrospective.

Please see the ‘Your Rights in Relation To Your Personal Information’ section below for further details.

AML/CFT purposes for processing personal data

Haycen will collect and process personal data under Data Protection Acts 1988-2018 when complying with its requirements under the CJA Acts 2010-2018. In particular, Haycen will:


  • obtain and process documentation and information applicable to customer due diligence obligations, including enhanced due diligence measures required.
  • use measures and sources needed for verifying customer data and/or when consent obligations may apply.
  • retain documentation and information in relation to customer and transactional information. 
  • process personal information to execute agreements and contracts put in place with third parties acting for the firm.

Personal information shared with other parties for AML/CFT compliance

Haycen allows personal information to be accessed only by those who require access to perform their tasks and duties under the AML/CFT compliance, and to share only with third parties who have a legitimate purpose for accessing it. Haycen will never sell or rent personal information to third parties without clients' explicit consent. Haycen will only share personal information in the following circumstances:

  • With third party identity verification services in order to prevent fraud. This allows Haycen and outsourcing service providers which conduct KYC for the firm to confirm clients and counterparty's identity by comparing the information we collect to public records and other third-party databases.
  • With financial institutions and other VASPs with which we partner to process transactions
  • With service providers under contract who help with parts of Haycen's business operations. By contracts, Haycen requires these service providers to only use personal information in connection with the services they perform for the firm and prohibits them from sharing and/or selling such information to anyone else.
  • With Haycen's professional advisors who provide legal, compliance, accounting, or other consulting services in order to complete financial, technical, compliance and legal audits of Haycen operations.
  • With law enforcement, officials, or other third parties when Haycen is compelled to do so by a subpoena, court order, or similar legal procedure, or when the disclosure of personal information is necessary to prevent physical harm or financial loss, to report suspected illegal activity, or to investigate legal violations or any other applicable policies.

Security of data processing 

Haycen ensures that personal information is collected and processed in accordance with high technical and security standards, in order to protect data against unauthorized or unlawful processing and accidental loss, destruction or damage. Haycen collects and keeps data in a form that permits the identification of a data subject for no longer than is necessary for the purposes for which data are collected/processed. Thus, security standards Haycen puts in place are measured with the risks posed by the purpose of processing.

The access to the personal data is restricted to authorised staff in accordance with their duty. Encryption and anonymization procedures of data are in place. Haycen may use anonymized or aggregate customer data for any business, sales, and marketing purpose, including to better understand customer needs and behaviours, or to improve its services and detect security threats.

In order to grant an equivalent security obligation, Haycen has set out a contract with its data processor which acts on its behalf. Also, Haycen will determine periodic internal reviews and audits of the above-mentioned measures and practices in place to ensure that personal information maintains its integrity and is kept up to date.

Data security breaches

In the case of data security breaches that could result in a high risk to the rights of the data subject, Haycen will immediately report the breach to the data subject by issuing a written notification with all the necessary information and action plans put in place by both the data controller and processor to mitigate the breach aftermaths and restore the status quo as well as all the procedures the data subject must follow. 

Data Transfers outside the EEA

Haycen relies primarily on the European Commission’s Standard Contractual Clauses to facilitate the international and onward transfer of personal information collected in the European Economic Area (“EEA”), the United Kingdom and Switzerland (collectively “European Personal Information”). Haycen may also rely on an adequacy decision of the European Commission confirming an adequate level of data protection in the jurisdiction of the party receiving the information, or derogations in specific situations.

Haycen always follows the two steps approach as defined under art. 44 et seq. GDPR when it must transfer personal data to its data processors located outside the EU. Haycen protects personal information collected in accordance with GDPR and will always take appropriate contractual obligations or other steps to protect the relevant personal data in accordance with applicable laws.

Data Records and Retention 

Haycen stores personal information securely throughout the client's relationship with the firm. Haycen will only retain personal information for as long as necessary to fulfil the purposes for which it is collected, including for the purposes of satisfying any legal, accounting, or reporting obligations or to resolve disputes.

We are obliged to retain certain information to ensure accuracy, to help maintain quality of service and for legal, regulatory, fraud prevention purposes.

Other information will be retained for no longer than is necessary for the purpose for which it was obtained by us or as required or permitted for legal, regulatory, fraud prevention and legitimate purposes.

We will not hold your personal information in an identifiable format for any longer than is necessary for the purposes for which we collected it.

Haycen will always create and maintain a record in writing containing all relevant information collected as part of AML/KYC obligations. Such records will be stored and retained for a period of at least five (5) years after the relationship with its clients has ended.

Your Rights in Relation To Your Personal Information

You have certain rights in respect of your personal data, and we have processes to enable you to exercise these rights.

Right of Access

This is known as a Data Subject Access Request (SAR). If you want to know if we are processing personal data relating to you and to have access to any such personal data, you can contact us using the details below. In order to furnish you with a copy of your personal data that we hold we will need to verify your identity.

You have the right to access any personal information that the Party processes about you and to request information about:

  • What personal data we hold about you
  • Purposes of the data processing
  • The categories of personal data concerned
  • The recipients to whom the personal data has/will be disclosed
  • How long we intend to store your personal data for
  • If we did not collect the data directly from you, information about the source

 

Right To Rectification

If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the data and we will strive to do so as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.

If you believe that we hold inaccurate personal data about you, please contact us using the details below. Depending on the type of personal data you believe is inaccurate, we may ask you for further proof to ensure that the personal data is being corrected properly. If we are satisfied that the personal data is inaccurate, we will make the necessary changes.

 

Right To Erasure

You also have the right to request erasure of your personal data or to restrict processing (where applicable).

However, this right does not apply where we have to comply with a legal obligation or where we need personal data for the establishment, exercise or defence of legal claims. In addition, if you opt out of marketing communications or have previously opted out of marketing communications, we have to keep a record of such opt out to ensure that we don’t contact you again in the future.

 

Right To Restriction

You have a right to request that processing of personal data is restricted in certain circumstances. However, we shall continue to process the personal data for storage purposes, for the establishment, exercise or defence of legal claims.

 

Right To Object

Where we are relying on legitimate interests as a legal basis to process your data, you have a right to object to such processing on grounds relating to your particular situation.

 

Right To Portability

In certain circumstances, you can request that we provide to you your personal data in a commonly used format.

  

How to exercise your rights under this Data Protection Statement

Haycen grants its clients the exercise of their data subject rights under the GDPR and Data Protection Acts, such as the right to be informed, right of access to information, right to rectification, to erasure, to restrict processing, right to portability, to withdraw consent etc. Haycen ensures its clients always have a direct channel of communication with the firm in order to exercise their rights.

Contact Details

For Data Subject Rights

To exercise your data subject rights, contact us at dataprotection@haycen.com. If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure. The firm is entitled to process the request and reply in the following 7 working days after the submission of the request has been received. 

 

 

For Further Information

Should you require additional information or if you have questions or concerns regarding this Privacy Policy, please contact us at the following email dataprotection@haycen.com.

Last updated: July 2022