Privacy Policy

Updated · 25 November 2024 · LT

INTRODUCTION

Welcome to Tothemoon's Privacy Policy. This Privacy Policy outlines our commitment to protecting the privacy and security of the information entrusted to us. It applies to all personal data processed by us as a Data Controller in relation to our services and products, across all platforms and interactions.

Our Commitment to Data Protection

We understand that in a digital age, maintaining the trust of our clients begins with ensuring the security and privacy of their personal information. To this end, we are committed to complying with data protection laws, including the EU Regulation 2016/679, better known as the General Data Protection Regulation (GDPR), and any other applicable regulations, ensuring transparency, accountability, and fairness in our data processing activities.

Purpose of the Privacy Policy

The purpose of this policy is to inform you about how we collect, use, share, and protect the personal information of our customers, partners, and website visitors. We are committed to ensuring that your information is secure, treated with respect, and used exclusively for the limited purposes for which it is being collected.

Scope and Application

This policy applies to personal data collected through our website, mobile applications, and any related services, sales, marketing, or events. It describes the types of personal data we collect, how we use it, the legal bases for processing such data, your rights under the GDPR, and the mechanisms through which you can exercise these rights.

Company Information

Tothemoon is operated by Cypher Trading UAB and its affiliates. Cypher Trading UAB is authorized to provide virtual currency exchange and custody services under the supervision of the Lithuanian Financial Crimes Investigation Service (FCIS). As a globally operating company, we adhere to the highest standards of data protection and privacy compliance.

This policy is designed to ensure that we align with our core values of respect for privacy, integrity in handling personal data, and our commitment to transparency. Should you have any questions about this policy or our data protection practices, please contact us using the details provided in the "How to Contact Us" section.

By accessing or using our Services, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy. If you do not agree with our policies and practices, please do not use our services.

WHAT PERSONAL DATA WE COLLECT
At Tothemoon, the collection and processing of personal information are foundational to our ability to deliver service, ensure compliance with regulatory requirements, and enhance your experience. It is important to note that the establishment of business relationships and the provision of our services are contingent upon the provision of the requested information, including the personal data of the data subject. We require personal data both prior to the establishment and during the continuance of any contractual relationship. Failure to provide this data may result in our inability to offer or continue providing our services to you. Adherence to anti-money laundering and counter-terrorist financing (AML/CFT) regulations is a primary purpose for collecting personal data, reflecting our commitment to meeting regulatory standards and ensuring the integrity of our operations. 

The personal data we collect varies based on your interactions with our website, applications, services, and our communications with you. Below are the categories of personal data we may collect:

  1. Personal Information: Includes first and last names, date of birth, nationality, country of residence, and status as a politically exposed person (PEP).
  2. Contact details: address, email address, phone number, and similar contact data.
  3. Identification Data: passport, national ID, residence permit, utility bill, bank statement, and other unique identifiers.
  4. Biometric Data: We collect biometric data, specifically facial recognition information, exclusively for the purpose of conducting KYC liveness check verifications. This collection is crucial for ensuring the authenticity of user identity and for preventing fraud. Biometric data is used solely for verification processes to enhance the security of our services and to comply with legal obligations, ensuring a high level of trust and integrity in our operations.
  5. Financial Information: Information concerning your income, financial status, source of wealth, bank details, professional and employment details, level of education, property ownership, personal investments and income, loans, copies of payslips, tax returns, and others.
  6. Technical Data: Information collected automatically through your use of our website, mobile application, and services, such as IP addresses, device IDs, browser types, cookie data, and your interaction with our services.
  7. Usage Data: Insights into how you use our website and services, including preferences, pages visited, and links clicked, to help us understand user behavior and improve our offerings.
  8. Communication Data: Information we receive through communications with you, whether through email, phone calls, social media, or other channels.
  9. Profile and Demographic Data: Information you provide that may include your age, gender, interests, preferences, feedback, survey responses, and other profile-related information to tailor our services to your interests.
  10. Location Data: Geolocation data that indicates your current location, derived from GPS, Wi-Fi, or mobile network data, to offer location-specific services or information.
  11. Authentication Data: Data used to verify the identity of users, including login credentials, security tokens, or other authentication information.
  12. Investigations and Due Diligence Data: Includes AML/KYC checks, sanction checks, and investigations into fraud and other compliance-related assessments to fulfill our legal obligations and protect against illegal activities.
  13. Consents: Records of all consents given by you, including consents for the processing of personal data, acknowledgments of our terms and conditions and policies, obtaining marketing materials, and others.
  14. Publicly Available Data: Information about you that is available in the public domain, which may include data from public registers, online platforms, and other publicly accessible sources.

Sources of Personal Data

We collect this information from you directly when you interact with our services, register for an account, pass KYC verification, or contact us for support. Some data is collected automatically through your use of our website, mobile application, and services, such as technical and usage data. We may also receive information about you from third parties, including our business partners, and publicly available sources.

HOW WE USE YOUR PERSONAL DATA

We are committed to processing your personal data transparently, fairly, and lawfully. The information we collect is used exclusively for specific and legitimate purposes, including:

  1. To Provide Our Services: We use your personal, financial, and technical data to deliver the services you have requested, manage our contractual relationship, process transactions, and communicate with you about your account or transactions.
  2. For Verification and Compliance: Your identification, financial, and biometric data are essential for conducting necessary KYC, AML, and fraud prevention checks, ensuring compliance with legal requirements and the security of our platform.
  3. To Improve Our Services: We analyze usage data, technical data, and feedback to understand how our services are used and to make improvements that enhance user experience.
  4. For Customer Support: Communication data and any relevant personal information are used to resolve inquiries, complaints, and provide support, ensuring responsive and efficient customer service.
  5. For Marketing and Promotions: With your consent, we use your contact details, profile, and demographic data to send you information about new products, services, and offers that we think you might find interesting.
  6. To Ensure Platform Security: Technical and authentication data are used to protect our website and services against cyber threats, unauthorized access, and other malicious activities.
  7. For Legal Obligations: We process necessary data to comply with our legal obligations, including regulatory requirements, tax laws, and responding to legal processes.
  8. For Research and Development: Aggregated and anonymized data may be used for research purposes to develop new products, features, and technologies that can enhance our services.

We process your personal data only when we have a lawful basis to do so. The legal bases for processing your personal data include:

  1. Performance of a Contract: We process your personal data to fulfill our contractual obligations to you or because you have requested us to take specific steps before entering into a contract. This includes providing our services, responding to your inquiries, and offering customer support.
  2. Consent: For certain types of personal data processing, we rely on your explicit consent. This includes, but is not limited to, sending you marketing communications and processing any sensitive personal data. You have the right to withdraw your consent at any time, though this will not affect the lawfulness of processing based on consent before its withdrawal.
  3. Legitimate Interests: We process your data when it is in our legitimate interests to do so and when these interests are not overridden by your data protection rights. This includes improving our services, preventing fraud, ensuring network and information security, and when processing your data for administrative, legal, and management purposes.
  4. Legal Obligation: We may process your personal data to comply with our legal obligations, such as regulatory requirements, tax laws, and responding to legal processes and government requests.
  5. Vital Interests: In rare cases, we may process your personal data to protect someone’s life, which might include emergency medical situations or where someone’s physical integrity might be at risk.
  6. Public Interest: We may process personal data for tasks carried out in the public interest or in the exercise of official authority vested in us, which primarily pertains to our compliance with regulatory and legal obligations, including KYC, AML, and counter-terrorism financing requirements.
Purpose for Collecting Personal Data
Legal Basis
To Provide Our Services
Article 6(1)(b) GDPR - Performance of a contract
For Verification and Compliance
Article 6(1)(c) GDPR - Legal obligation,
Article 9(2)(g) GDPR - Substantial public interest (for biometric data under strict conditions)

To Improve Our Services
Article 6(1)(f) GDPR - Legitimate interests
For Customer Support
Article 6(1)(b) GDPR - Performance of a contract,
Article 6(1)(f) GDPR - Legitimate interests

For Marketing and Promotions
Article 6(1)(a) GDPR - Consent
To Ensure Platform Security
Article 6(1)(f) GDPR - Legitimate interests
For Legal Obligations
Article 6(1)(c) GDPR - Legal obligation
For Research and Development
Article 6(1)(f) GDPR - Legitimate interests

By identifying these legal bases, we ensure that all processing of your personal data is justified under data protection laws. We commit to maintaining the highest standards of privacy and data protection in all our processing activities, ensuring that your rights and interests are always considered and protected.

We take your privacy seriously and implement all necessary measures to protect your personal data according to GDPR and other relevant data protection laws. Your data is not used for any purposes other than those specified here without informing you and, where necessary, obtaining your consent.

WHO WE SHARE YOUR DATA WITH

We understand the importance of keeping your personal data secure and confidential. We only share your data with third parties in accordance with this policy and when it is legally permissible and necessary to provide our services, comply with the law, or protect our rights. Here are the main categories of third parties with whom your data may be shared:

  1. Service Providers and Partners: We engage with various service providers and business partners who support our operations. This includes companies that offer payment processing services, data analysis, email delivery, hosting services, customer service, and marketing efforts. These partners may access your personal data only to perform tasks on our behalf and are obligated not to disclose or use it for any other purpose.
  2. Regulatory and Legal Compliance: Your personal data may be disclosed to regulatory authorities, law enforcement agencies, government officials, or other parties when required by law, including to meet national security or law enforcement requirements, comply with legal proceedings, court orders, or lawful requests.
  3. KYC and AML Compliance: For purposes of complying with know-your-customer (KYC) and anti-money laundering (AML) regulations, we may share your identification, financial, and biometric data with specialized compliance firms or databases.
  4. Auditors and Advisors: Your personal data may be shared with professional advisors like lawyers, accountants, or auditors to provide consultancy, compliance, auditing, and legal services, ensuring our business operations adhere to legal, regulatory, and financial standards.
  5. Business Transfers: In the event of a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of Tothemoon's assets, financing, or acquisition of all or a portion of our business by another company, your personal data may be among the assets transferred.
  6. Aggregated or Anonymized Data: We may share aggregated or anonymized data with partners or for public relations. This data cannot be used to identify you and may be used to show trends or product popularity.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. Third-party service providers are bound by contractual obligations to implement appropriate security measures and ensure the confidentiality of your data.

Your data may be transferred to, and maintained on, computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. We take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy and no transfer of your personal data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.
To provide our services effectively and comply with legal obligations, we share your personal data with the following trusted third parties:

1. Sum and Substance Ltd (Sumsub)

Company Details: Sum and Substance Ltd is incorporated and registered in England with company number 09688671, and its registered office is at 30 St. Mary Axe, London, England, EC3A 8BF. Purpose of Sharing: Sumsub is our Know Your Customer (KYC) provider. We share your personal data with Sumsub to:

  • Verify your identity as part of our onboarding and compliance processes.
  • Comply with legal and regulatory obligations, such as anti-money laundering (AML) and combating the financing of terrorism (CFT) requirements.
  • Ensure the security of our platform by preventing fraudulent activities.

Processing of Biometric Data:
As part of our KYC process, Sumsub may collect biometric data (e.g., facial recognition) to verify your identity. Biometric data is processed under strict conditions to ensure compliance with applicable laws.
Legal Basis Under GDPR:

  • For general personal data: Processing is necessary for compliance with legal obligations (Article 6(1)(c) GDPR) and our legitimate interests in maintaining a secure platform (Article 6(1)(f) GDPR).
  • For biometric data: Processing is carried out in accordance with Article 9(2)(g) GDPR (processing necessary for reasons of substantial public interest under strict conditions) to ensure compliance with AML/CFT regulations and prevent identity fraud.

SumSub Privacy Policy: https://sumsub.com/privacy-notice-service/
2. Unlimit EU Ltd (Unlimit)
Company Details: Unlimit EU Ltd is incorporated in Cyprus with its registered address at 125, Georgiou Griva Digeni, Limassol, 3101, Cyprus.
Purpose of Sharing: Unlimit is our payment service provider. We share your personal data with Unlimit to:

  • Process payments, including deposits and withdrawals, and card transactions.
  • Ensure secure and efficient transaction management.
  • Comply with financial regulations and fraud prevention protocols.

Legal Basis Under GDPR: Processing is necessary for the performance of a contract (Article 6(1)(b) GDPR) and for compliance with legal obligations (Article 6(1)(c) GDPR).

Unlimit Privacy Policy: https://www.unlimit.com/privacy-policy/ 
We require all third-party service providers to treat your personal data with strict confidentiality and to use it only for the purposes specified above. Both Sumsub and Unlimit operate in compliance with GDPR and employ robust security measures to protect your data.
INTERNATIONAL TRANSFERS OF PERSONAL DATA
At Tothemoon, we operate on a global scale, which may require the transfer of your personal data to countries outside of the European Union (EU) for the purposes outlined in this privacy policy. We are committed to ensuring that your personal data remains protected and secure, in compliance with the GDPR and other applicable laws, regardless of where your data is processed.

  1. Adequate Level of Protection: We transfer personal data only to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission, ensuring that your data is treated securely and in accordance with this privacy policy.
  2. Standard Contractual Clauses (SCCs): For transfers to countries not considered by the European Commission to offer an adequate level of data protection, we rely on Standard Contractual Clauses approved by the European Commission as a legal mechanism to ensure data protection that is comparable to the protection offered within the EU.
  3. Binding Corporate Rules (BCRs): In some cases, we may use Binding Corporate Rules approved by EU data protection authorities to ensure that our global operations maintain a uniform and high level of protection of your personal data.
  4. Specific Consents: Where applicable, we may also transfer personal data outside the EU based on your explicit consent after informing you about the possible risks of such transfers for which there may not be adequate safeguards.
  5. Necessary Transfers: In certain circumstances, transfers may be necessary for the performance of a contract between you and Tothemoon, or for the implementation of pre-contractual measures taken at your request, as well as for the conclusion or performance of a contract concluded in your interest between Tothemoon and another natural or legal person.

Tothemoon transfers personal data outside of the European Union (EU) only when necessary for specific purposes that are integral to the provision of our services and compliance with legal obligations. Below, we outline these purposes and the corresponding legal bases that justify such transfers:

  1. Provision of Services: To offer you the comprehensive services associated with your Tothemoon account, it may be necessary to process your data in countries outside of the EU. This processing is crucial for the performance of the contract you enter into with us when you accept our Terms of Service and Privacy Policy. This includes, but is not limited to, account management, customer support, and the delivery of other services directly related to your account.

Legal Basis: Article 6(1)(b) of the GDPR, which relates to processing necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

  1. Compliance with Legal Obligations: There are circumstances where Tothemoon is required to transfer personal data to comply with legal obligations under EU law or the law of the country where the data needs to be transferred. This may include regulatory requirements, compliance with legal requests, and other legal proceedings.

Legal Basis: Article 6(1)(c) of the GDPR, which covers the processing necessary for compliance with a legal obligation to which the controller is subject.

  1. Operational Efficiency and Improvement of Services: Transfers may occur as part of our efforts to maintain and improve the efficiency of our services. This includes data processing for system back-ups, data analysis, and service optimization that may be conducted by our subsidiaries or third-party service providers located outside the EU.

Legal Basis: Article 6(1)(f) of the GDPR, which allows for processing necessary for the purposes of the legitimate interests pursued by the controller or by a third party, provided those interests are not overridden by the interests or fundamental rights and freedoms of the data subject.

You have the right to be informed of the specific safeguards in place for your data when transferred internationally. Should you have any concerns or wish to exercise your rights under GDPR, including requesting further information about the protection of your data, please contact us using the details provided in the "How to Contact Us" section of this policy.

We implement strict measures in our contractual relationships with third-party service providers and business partners, and take all necessary steps to ensure that your personal data is processed, secured, and transferred according to the highest standards of privacy and data protection.

Please be aware that personal data transferred outside the EEA may be subject to the laws of the destination country, which can include requirements for lawful access by government and law enforcement agencies under certain conditions. We take all necessary steps to ensure that such transfers comply with applicable laws and that your data remains secure and protected, reflecting our commitment to your privacy and data protection rights.

AUTOMATED DECISION-MAKING AND PROFILING

We employ automated decision-making or profiling in some of our processes and services. These activities are designed to increase the efficiency of our services and to provide you with more personalized, relevant experiences. Here is how and why we use these technologies

  • Definition: Automated decision-making refers to a decision made solely on the basis of automated processing of your personal data, without human involvement. Profiling is any form of automated processing of personal data to evaluate certain personal aspects relating to a natural person, in particular, to analyze or predict aspects concerning that person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
  • Purposes and Legal Basis: The purposes for which we use automated decision-making or profiling include fraud prevention and enhancing security by identifying fraudulent transactions and potential security threats. They also play a crucial role in our KYC and AML compliance efforts, allowing us to efficiently verify identities and assess risk profiles in line with legal requirements. Additionally, we leverage profiling to personalize the user experience on our platform, tailoring our services and marketing efforts to better match your preferences and trading behavior. These activities are grounded in the legal bases of performing contracts (executing trades, managing accounts), our legitimate interests in protecting our platform and users, and fulfilling our legal obligations for regulatory compliance.
  • Consequences for the Data Subject: Our commitment to transparency includes informing you about the effects of automated decision-making and profiling on your use of our services. The primary impact of these processes may be seen in the way we conduct fraud prevention and compliance with KYC and AML regulations. This could lead to automated decisions affecting the availability or terms of certain services, such as triggering enhanced due diligence procedures for certain transactions or temporarily restricting activities flagged for further investigation. Furthermore, users may experience targeted marketing campaigns aligned with their interests and behavior on the platform, ensuring that you receive relevant and valuable information. It's crucial to recognize that these automated processes are designed to safeguard the platform and comply with regulatory requirements. We provide mechanisms for users to contest decisions, request human intervention, or express their point of view, particularly where you believe an automated decision does not adequately reflect your situation.
  • Safeguards: Tothemoon ensures safeguards to protect your rights and freedoms and legitimate interests, including the right to obtain human intervention on the part of the controller, to express your point of view, and to contest the decision.
  • Right to Opt-Out: You have the right to opt-out of any automated decision-making process, including profiling, that might occur within our services. Please contact us using the details provided in the "How to Contact Us" section of this policy if you wish to do so.

Tothemoon commits to using automated decision-making and profiling responsibly, ensuring transparency and fairness in all our data processing activities. If you have any concerns or questions about these practices, please do not hesitate to reach out for further information or clarification.

DATA RETENTION

Retention Periods

We are committed to retaining personal data only for as long as necessary to fulfill the purposes for which it was collected, in compliance with our legal obligations and for the duration required to protect the interests of our users and our business. Our specific retention periods for various categories of data are as follows:

  1. Identity Verification and Transaction Records: Copies of identity documents, beneficial owner data, beneficiary identity data, direct video streaming/broadcasting recordings, wallet and/or agreement documentation, and logbooks are retained for 8 years following the termination of the relevant business relationship. This period also covers information linking the virtual currency wallet to the owner's identity. Similarly, documents confirming transactions and data or other legally binding documents related to monetary operations or transaction conclusions are retained for 8 years after the completion of the transaction.
  2. Customer Correspondence and Internal Investigation Records: All correspondence with customers during the business relationship, as well as internal investigation records of suspicious transactions, are kept for 5 years after the termination of the business relationship or the conclusion of the investigation, respectively.

Extension of Retention Periods

The standard retention periods may be extended for an additional period of no more than two years upon receiving reasoned instruction from a competent authority. This extension is made in accordance with legal requirements and aims to fulfill our obligations under the law, ensuring that Tothemoon adheres to its regulatory duties and protects both the interests of our customers and the integrity of our operations.

Data Deletion and Anonymization

Upon the expiry of the retention periods, Tothemoon commits to securely deleting or anonymizing personal data so that it cannot be reconstructed or read. Data will be deleted unless specific legislation regulating the relevant field establishes a different procedure, or we receive instructions from a competent authority to extend the retention period. This practice underscores our commitment to data minimization and the protection of personal information beyond the duration of its active use.

Review and Update of Retention Periods

We regularly review our data retention periods to ensure they comply with current laws and regulations, reflect operational requirements, and embody best practices. Adjustments are made as necessary to address changes in the legal landscape or operational needs, reaffirming our dedication to effective, compliant, and up-to-date data management policies.

Tothemoon's data retention policy is designed to ensure that personal data is kept no longer than necessary, in line with our commitment to privacy, data minimization, and legal compliance. By establishing clear retention periods and criteria, we safeguard the information entrusted to us while upholding our regulatory obligations and the rights of our customers.

YOUR RIGHTS UNDER GDPR

At Tothemoon, we recognize and uphold your rights under the General Data Protection Regulation (GDPR) concerning your personal data. As a data subject, you are entitled to the following rights:

  1. Right to Access: You have the right to request access to your personal data that we hold and to obtain information about how we process it.
  2. Right to Rectification: If you believe that the personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct or complete it.
  3. Right to Erasure ("Right to be Forgotten"): You can request the deletion or removal of your personal data where there is no compelling reason for its continued processing.
  4. Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal data under certain circumstances, such as if you contest the accuracy of that data or object to its processing.
  5. Right to Data Portability: This right allows you to obtain and reuse your personal data for your own purposes across different services. You can request that we transfer your data to another organization, or directly to you, in a structured, commonly used, and machine-readable format.
  6. Right to Object: You have the right to object to the processing of your personal data based on legitimate interests, direct marketing (including profiling), and processing for statistical purposes.
  7. Rights in Relation to Automated Decision Making and Profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, without your explicit consent.
  8. Right to Withdraw Consent: Where the processing of your personal data is based on consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
  9. Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR.

To exercise any of these rights, please contact us using the contact details provided in the "How to Contact Us" section of this privacy policy. We commit to responding to your requests promptly and in accordance with GDPR requirements.

COOKIES AND TRACKING TECHNOLOGIES

At Tothemoon, we use cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, and offer tailored services. These technologies are crucial for gathering insights, providing personalized content, and making our platform more user-friendly.

Your Choices

You have control over your cookie settings and can choose to accept or decline non-essential cookies. You can always change your cookie settings through the "Cookie Preferences" section of our website, allowing you to customize your preferences at any time. Additionally, most web browsers provide the ability to manage your cookie preferences. Please note, however, that disabling cookies may impact your experience on our site.

For a comprehensive overview of how we use cookies and tracking technologies, including detailed information on your choices and how to manage your preferences, please refer to our Cookies Policy through the following link https://tothemoon.com/faq/cookies-policy-43000720769.

Consent and Changes:

By continuing to use our platform, you consent to our use of cookies and similar technologies in accordance with this policy and the detailed guidance provided in our Cookies Policy. We encourage you to review the Cookies Policy regularly and utilize the "Cookie Preferences" section of our website to stay informed about our practices and manage your settings.

DATA SECURITY

We prioritize the security and confidentiality of your personal data above all. Our commitment to safeguarding your information is reflected in the stringent technical and organizational measures we have implemented. These measures are designed to protect your data against unauthorized access, alteration, disclosure, or destruction and ensure a level of security appropriate to the risks associated with data processing. Our comprehensive security practices include:

  1. Encryption: Utilizing advanced encryption technologies to secure data during its transmission over the Internet and while it is stored on our systems.
  2. Access Control: Implementing strict access controls to ensure that only authorized personnel have access to personal data, and strictly for performing their job responsibilities.
  3. Security Training: Conducting regular training sessions for our staff to reinforce the importance of privacy and data security principles and practices.
  4. Monitoring and Testing: Continuously monitoring our systems for potential vulnerabilities and conducting regular security assessments and testing to proactively identify and rectify possible security risks.
  5. Incident Response Plan: Maintaining a robust incident response plan to quickly and effectively address any data breaches or security violations, mitigate the impact, and comply with legal requirements for breach notification.

Despite our diligent efforts to secure your personal data, it's important to recognize that no method of transmission over the Internet or method of electronic storage is entirely secure. While we strive to use commercially acceptable means to protect your personal data, absolute security cannot be guaranteed. We commit to notifying you and any applicable regulators of a data breach in accordance with legal requirements.

We encourage our users to also play an active role in keeping their personal data secure by choosing strong passwords, being aware of phishing attempts, and using secure network connections.

Your trust is invaluable to us, and we are committed to continuously enhancing our security measures in line with technological advancements and best practices in data protection.

Data Breach Notification

In the unlikely event of a data breach, Tothemoon is committed to promptly notifying affected individuals and relevant authorities in accordance with applicable data protection laws. Our response to data breaches includes:

  1. Timely Notification: Should any breach occur that is likely to result in a high risk to your rights and freedoms, we will inform you and the relevant data protection authorities without undue delay, typically within 72 hours of becoming aware of the breach, as required by law.
  2. Clear Communication: Notifications will contain clear information about the nature of the breach, the categories and approximate number of individuals concerned, the likely consequences, and the measures taken or proposed to address the breach, including any efforts to mitigate possible adverse effects.
  3. Contact Information: We will provide the name and contact details of our data protection officer or another point of contact where more information can be obtained.
  4. Guidance and Support: We will offer guidance on how you can protect yourself from potential adverse effects following the breach, including recommending protective measures.

Our commitment to data security means not only implementing protective measures but also ensuring we have a responsive and responsible plan for addressing and mitigating the impacts of any data breach.

LINKS TO OTHER WEBSITES

External Links

Our website or mobile application may contain links to external sites not operated by us. Please be aware that we have no control over the content and practices of these sites and cannot accept responsibility or liability for their respective privacy policies.

When you leave our website, we encourage you to read the privacy statement of every website you visit, as those sites may collect, store, and use personal data quite differently from our practices. This is particularly important because the security and privacy policies of these sites may be less strict than Tothemoon's standards.

Privacy Policies of Other Websites

The inclusion of a link to an external website does not imply endorsement of the site's operator or content by Tothemoon. Additionally, these external websites may have their own privacy policies, which detail how they collect, store, and protect your personal data. We strongly advise you to review these policies to understand how your personal data may be processed by these third-party sites.

Tothemoon is committed to ensuring the protection and privacy of your personal data within our platform. However, this commitment does not extend to your data once you navigate to external websites. As such, we recommend exercising caution and reviewing the privacy policies of those sites to ensure your information is treated in accordance with your expectations of privacy and security.

CHANGES TO THIS PRIVACY POLICY

We are committed to maintaining transparency about our privacy practices. As part of this commitment, we reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, technology, legal requirements, or other factors.

Notice of Changes

  • Any significant changes to our Privacy Policy will be communicated to you through our website or via email, ensuring that you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it.
  • Minor changes that do not materially affect individual privacy rights may be made without explicit notification. However, we encourage you to review this Privacy Policy periodically to stay informed about how we are protecting the personal data we collect.

Effective Date and Review

  • The date of the most recent revisions will appear on this page, so you can check back to see when the Privacy Policy was last updated.
  • This Privacy Policy is reviewed regularly to ensure that it remains accurate, comprehensive, and in compliance with relevant laws and regulations.

We understand the importance of your privacy and are committed to ensuring that our practices align with your expectations. By continuing to use our services after these changes are made, you agree to the revised policy.

HOW TO CONTACT US

If you have any questions or concerns regarding this Privacy Policy, our data protection practices, or if you wish to exercise any of your rights under the GDPR or other data protection laws, we are here to help.

Data Protection Officer (DPO)

For specific inquiries related to privacy and data protection, please contact our Data Protection Officer directly at:

Email: dpo@tothemoon.com 

Address: Anastasiou Sioukri, 1, Themis Court, 4th floor, flat/office 402, 3105, Limassol, Cyprus

Our DPO is equipped to address your concerns regarding the processing of your personal data, compliance with data protection laws, and any requests for exercising your legal rights.

General Inquiries

For general questions about our services, platform, or any other inquiries, our support team is available to assist you:

Email: support@tothemoon.com 

We are committed to ensuring that your privacy is protected and respected. Please do not hesitate to reach out with any questions or feedback regarding our privacy practices.