Privacy Policy and Terms of Service

Effective Date: 06/11/2024

S.A.S. MEY Global (“we,” “us,” or “our”) places a high priority on respecting your privacy and is deeply committed to ensuring the protection of your personal data, in line with the legal obligations imposed by the General Data Protection Regulation (GDPR) and French law. This Privacy Policy and Terms of Service document (hereinafter referred to as “Policy”) aims to provide you with detailed, transparent information regarding how we handle, process, and protect your personal data, and to outline the rights available to you as a data subject under applicable law.

By accessing and using our services, you confirm your understanding of and agreement to the terms set forth in this Policy. We advise that you carefully review this document and contact us with any questions or concerns regarding your personal data and the security practices we employ.

1. Data Controller

The Data Controller, as defined under Article 4 of the GDPR, responsible for the collection, processing, and protection of personal data on this service is:

S.A.S. MEY Global
Business Registration Number: 980799779
19 Avenue Notre Dame, 06000 Nice, France
Privacy Contact: privacy@meygs.org

The Data Controller has the ultimate responsibility for ensuring compliance with relevant data protection regulations and that your personal data is processed in accordance with the principles laid out in this Privacy Policy. This includes securing the integrity and confidentiality of personal data, ensuring compliance with all legal standards for data handling, and facilitating the exercise of your rights under applicable law.

In instances where we work with external service providers or data processors, we conduct thorough due diligence to ensure that they comply with our standards of data protection and confidentiality. These third parties are engaged under strict contractual agreements, obliging them to follow our security and data protection standards.

2. Purpose of Data Processing

We collect and process your personal data only for specific, clear, and legitimate purposes, which are clearly defined below. Each purpose aligns with one or more legal grounds provided under Article 6 of the GDPR, ensuring that all processing activities are necessary, limited to what is required, and lawful. The purposes of data processing include:

Business Relationship Management: We collect and process personal data, including name, contact details, and service usage information, for the purpose of managing our contractual relationship with customers and to fulfill any obligations resulting from service requests. This includes, but is not limited to, billing, service updates, and transactional communications essential to the performance of our services. This purpose aligns with our contractual obligations and is strictly necessary for the management of our customer relationships.
KYC (Know Your Customer) Procedures: As part of our legal obligation to comply with anti-money laundering (AML) and counter-terrorism financing (CTF) laws, we are required to gather specific identification data. This includes, but is not limited to, data such as name, date of birth, nationality, residential address, and identification documents. This procedure ensures that our users are authenticated, reducing potential security risks and preventing fraudulent activity. KYC procedures are conducted in strict adherence to AML and CTF regulations, ensuring a high level of data security and minimizing risks associated with identity theft and other forms of digital fraud.
Cryptocurrency Wallet Verification: For customers engaging in cryptocurrency-related transactions, we may process additional data related to cryptocurrency wallets. This information includes wallet details, ownership confirmation data, and timestamps. This is necessary to comply with legal obligations and to prevent unauthorized access or fraudulent use of cryptocurrency. Our handling of cryptocurrency wallet data includes security measures in compliance with GDPR guidelines to protect the integrity and security of your data.
Fraud Prevention and Security Measures: Your personal data is collected and processed as part of our efforts to maintain the security and integrity of our services. This includes data processing for authentication, user identification, and monitoring to prevent unauthorized access, fraud, or any activities that could compromise our service. Our fraud prevention procedures are based on legitimate interest, with a clear focus on securing user data and ensuring a safe online environment for all users.
Customer Support and Service Development: To provide effective customer support, respond to inquiries, resolve issues, and develop our services, we process user feedback, support queries, and other relevant information. This data enables us to deliver continuous improvements to our service offerings. Our commitment to customer support and service enhancement aligns with both contractual obligations and legitimate interests.

Each processing purpose is based on a defined legal ground, ensuring full compliance with GDPR and French data protection laws. Your personal data will only be processed to the extent necessary to fulfill these specified purposes.

3. Legal Grounds for Data Processing

Our data processing activities are founded on clear legal grounds as stipulated by GDPR. We conduct data processing on one or more of the following legal bases, depending on the context and purpose of each processing activity:

Contract Performance: Some data processing activities are essential for the provision of services under the terms and conditions agreed with you. For example, we process billing information to issue invoices, provide customer support for your account, and fulfill other contractual obligations related to our service offerings.
Legal Obligation: We may process your personal data to comply with specific legal obligations, such as anti-money laundering (AML) and counter-terrorist financing (CTF) regulations. These obligations are mandatory and require us to retain certain information for prescribed periods, which may include identification records and transactional data necessary for regulatory compliance.
User Consent: In cases where processing is based on user consent, such as biometric data processing for KYC verification purposes, we will explicitly request your consent, which can be withdrawn at any time. Consent withdrawal will not affect the legality of processing conducted prior to its withdrawal. For all consent-based processing, we provide a clear mechanism for opting out and communicate how to exercise this right effectively.

Your data is handled strictly within these legal grounds, ensuring that we only process data necessary for the legitimate, legal operation of our service.

4. Data Retention Period

We retain personal data only for as long as necessary to fulfill the purposes outlined in this Policy or as required by applicable law. Data retention periods are specified below to ensure transparency and compliance:

Business Relationship Data: Personal data relating to the management of our business relationship with you will be retained for the duration of our contractual relationship and deleted when it ends, unless further retention is required by law.
KYC and Verification Data: To comply with AML and CTF laws, KYC data is retained for a minimum of five years following the termination of the customer relationship, as legally mandated. This ensures compliance with regulatory obligations and safeguards against identity theft and financial fraud.
Customer Support Data: Personal data related to customer support inquiries is retained for as long as necessary to address and resolve any issues and in accordance with applicable laws. Retaining this data helps us improve our support services and resolve potential future inquiries.

Upon expiration of the respective retention period, or upon request, we will securely delete or anonymize your data, ensuring that no identifiable information remains, except where legally required for longer retention.

5. Data Security Measures

The security and confidentiality of your personal data are critical priorities for us. We implement stringent security measures to protect your data from unauthorized access, misuse, or disclosure. Our security practices include, but are not limited to, the following:

Data Encryption: All data, both in transit and at rest, is encrypted using industry-standard protocols. This ensures that personal data remains inaccessible to unauthorized parties at all times.
Secure Servers: We operate secure servers within the European Economic Area (EEA), managed by GDPR-compliant hosting providers. These servers meet high security standards, with robust firewall protection and regular vulnerability testing to ensure data integrity.
Access Control: Access to personal data is restricted solely to authorized personnel who require access to perform specific tasks. Access controls are monitored and managed to maintain accountability, ensuring that personal data remains secure.

All third-party processors engaged by us are contractually required to uphold rigorous data security standards and to process data solely for the specified purposes. We also conduct regular audits to assess and verify the security practices of third parties.

6. Rights of Data Subjects

In accordance with the General Data Protection Regulation (GDPR) and French data protection law, you have specific rights regarding your personal data. These rights are outlined below:

Right of Access: You have the right to request access to the personal data we hold about you and to obtain a copy of this data in a commonly accessible format.
Right to Rectification: If you identify inaccuracies or incomplete data, you have the right to request that we correct or complete your data.
Right to Erasure (“Right to be Forgotten”): You may request that we delete your personal data when it is no longer required for the purposes for which it was collected, or when you withdraw consent for consent-based processing.
Right to Restrict Processing: You may request temporary restriction of processing under certain circumstances, such as if you contest the accuracy of the data we hold.
Right to Data Portability: You have the right to receive your data in a structured, machine-readable format and to transfer it to another data controller, where technically feasible.
Right to Object: You may object to processing based on legitimate interests, including any processing for direct marketing purposes.

To exercise these rights, please contact us at privacy@meygs.org. We will respond within the statutory timeframe, providing you with the support required to exercise your rights.

7. Disclosure of Data to Third Parties

In some instances, we may share your personal data with trusted third parties under strictly regulated conditions. These include:

Verification Partners: For the purpose of identity verification, we may share your data with trusted third-party partners, bound by confidentiality agreements and limited to KYC and AML verification.
Regulatory and Law Enforcement Authorities: In compliance with French and EU laws, we may be required to disclose data to regulatory or law enforcement bodies, especially under AML and CTF legislation.
Technical Service Providers: For hosting, communication, and infrastructure services, we engage technical service providers under contractual obligations to process your data securely and solely for maintenance purposes.

8. Age Restrictions

Our service is exclusively intended for individuals aged 18 or older. Users under the age of 18 are not permitted to use our services. We undertake age verification during KYC checks, and if data is inadvertently collected from minors, it will be promptly deleted in compliance with our data protection obligations.

9. Terms of Service

Your access to and use of our services is subject to compliance with these terms:

Accuracy of Information: You are required to ensure that all information provided is accurate and up to date.
Personal Use: Use of our services must be for personal purposes only. Impersonation of another individual is prohibited.
Compliance with Laws: You must comply with all applicable laws, particularly those related to identity verification and data protection.

10. Limitation of Liability

While we make every effort to provide secure, uninterrupted service, we do not assume liability for:

Service Interruptions or Data Loss: Including disruptions in service and data or revenue loss.
Third-Party Content: We are not responsible for third-party links or content available through our service.
Indirect Damages: Any incidental damages to devices or infrastructure.

11. Policy Updates

Our commitment to transparency includes regular updates to this Privacy Policy and Terms of Service to ensure compliance with evolving legal and regulatory requirements, as well as improvements to our service. When updates are made, they will be posted on our website, and where legally required, we will notify you directly of significant changes. By continuing to use the service after such updates, you confirm your acceptance of the revised terms.

12. Contact Information

For inquiries about this Privacy Policy, to exercise your GDPR rights, or to address concerns about data protection, please contact us at:

Email: privacy@meygs.org

Additionally, if you wish to file a complaint regarding data protection practices, you may contact the French supervisory authority, the Commission Nationale de l’Informatique et des Libertés (CNIL).