This policy has been adopted and is implemented by Seed CX Ltd.'s and its subsidiaries Seed Digital Commodities Market LLC ("SCXM"), Seed Digital Assets Broker LLC ("SCXB"), Seed SEF LLC ("SCXS"), Seed Digital Securities Market LLC ("SCXA"), and Zero Hash LLC ("ZH") (Seed CX, SCXM, SCXB, SCXS, SCXA, and ZH are collectively "Seed"). The purpose of this policy is it illustrate Seed's commitment to Processing data in accordance with its responsibilities under the General Data Protection Regulation ("GDPR"). Seed is committed to protecting the privacy and security of your Personal Data. The information you share with Seed allows Seed to provide you the best experience with our products and services. Seed has implemented a privacy program to protect all Personal Data collected and to help Seed properly handle your Personal Data.
This Privacy Notice explains our privacy practices. Please read this notice to understand how Seed collects and uses your Personal Data.
Consent of the Data Subject means any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the Processing of Personal Data relating to him or her.
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.
Data Processor means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller.
Data Subject means a natural person, such as an individual, a customer, a prospect, an employee, a contact person, etc.
Personal Data means any information relating to an identified or identifiable Data Subject.
Processing covers any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Third Party means a natural or legal person, public authority, agency or body other than the data subject, controller, Data Processor and persons who, under the direct authority of the controller or Data Processor, are authorized to process Personal Data.
Data Protection Principles
Article 5 of the GDPR requires that Personal Data shall be:
- Processed lawfully, fairly and in a transparent manner in relation to individuals;
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further Processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that Personal Data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay;
- Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the Personal Data is processed; Personal Data may be stored for longer periods insofar as the Personal Data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
- Processed in a manner that ensures appropriate security of the Personal Data, including protection against unauthorized or unlawful Processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.
- To ensure its Processing of data is lawful, fair and transparent, Seed will maintain a register of systems.
- The register of systems will be reviewed at least annually.
- Individuals have the right to access their Personal Data and any such requests made to Seed will be dealt with in a timely manner.
- All data processed by Seed must be done on one of the following lawful bases: Consent, contract, legal obligation, vital interests, public task or legitimate interests.
- Seed shall note the appropriate lawful basis in Seed's register of systems.
- Where Consent is relied upon as a lawful basis for Processing data, evidence of opt-in Consent shall be kept with the Personal Data. If we process information based on your Consent, you may withdraw such Consent at any time. You will not suffer any detriment for withdrawing your Consent. Please contact the Data Protection Officer outlined below to withdraw your Consent.
- Where communications are sent to individuals based on their Consent, the option for the individual to revoke their Consent should be clearly available and systems should be in place to ensure such revocation is reflected accurately in Seed’s systems.
- Seed gathers and processes Personal Data to fulfill its anti-money laundering and know your customer obligations, open and manage your account, and track account activity. Seed has determined these activities to be in its legitimate business interest. Seed may process your Personal Data for internal marketing purposes. Seed may also share Personal Data with Third Parties, provided that you provide prior Consent.
- Seed also processes your Personal Data in furtherance of contracts you have entered with Seed, including when onboarding you as a customer, funding your account, Processing your orders, facilitating transactions, and Processing withdrawals. Seed may share your Personal Data between its affiliated entities or with Third Parties to facilitate these actions, which are necessary in furtherance of your contract(s) with Seed.
Data Minimization and Accuracy
- Seed shall ensure that Personal Data is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.
- Seed shall take reasonable steps to ensure Personal Data is accurate.
- Where necessary for the lawful basis on which data is processed, steps shall be put in place to ensure that Personal Data is kept up to date.
Archiving and Deletion
- To ensure that Personal Data is kept for no longer than necessary, Seed shall put in place an archiving policy for each area in which Personal Data is processed and review this process annually.
- The archiving policy shall consider what data should/must be retained, for how long, and why.
- We may keep a record of your Personal Data, correspondence or comments, in a file specific to you. We will utilize, disclose or retain your Personal Data for as long as necessary to fulfill the purposes for which that Personal Data was collected and as permitted or required by law.
- Seed entities are required by their various regulators to keep and maintain much of your Personal Data for prescribed periods. The longest of such periods are as follows:
- SCXM: 7 years (New York Department of Financial Services)
- ZH: 7 years (FinCEN and New York Department of Financial Services)
- SCXA: 6 years (Financial Industry Regulatory Authority)
- SCXS: 5 years (Commodity Futures Trading Commission)
- SCXB: 5 years (Commodity Futures Trading Commission/National Futures Association)
- Some of your Personal Data may be deleted prior to the expiration of the above periods, if such deletion is permitted by the laws and regulations governing each entity.
- Seed shall ensure that Personal Data is stored securely using modern software that is kept up to date.
- Access to Personal Data shall be limited to personnel who need access and appropriate security should be in place to avoid unauthorized sharing of information.
- When Personal Data is deleted this should be done safely such that the data is irrecoverable.
- Appropriate back-up and disaster recovery solutions shall be in place.
In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data, Seed shall promptly assess the risk to people’s rights and freedoms and, if appropriate, report the breach to the proper authority.
Data Protection Officer
Seed's Data Protection Officer, Scott Reynolds, can be reached at firstname.lastname@example.org.
The Data We Collect
- Financial Information, including account numbers, transaction history, net worth, account balances, and assets and liabilities.
- Identifying Information, including names, government issued identification, Social Security Numbers, passport numbers, birth dates, addresses, and all other background information necessary for AML/KYC requirements.
- Account Authenticating Information, including hashed representations of account passwords, PINs, and account recovery information.
Personal Data does not include generic email address or general business information that is not linked to an individual.
How We Collect Your Data
You directly provide Seed with most of the data we collect. We collect data and process data when you:
- Apply for any Seed account or services,
- Use any Seed service online, and
- Voluntarily complete a customer survey, provide feedback, or speak with Seed operations personnel about your account or services.
Seed may also receive your data indirectly from third parties when conducting know your customer background checks or confirming the information you have provided. We only collect information that is reasonably necessary to fulfill the identified purpose. All data is collected and processed in the United States.
How We Will Use Your Data
Seed collects your data:
- To properly identify you.
- To manage your account(s) with Seed.
- To determine your eligibility for products and services and the products and services of companies with whom we are affiliated.
- To respond to questions, comments, or concerns regarding Seed.
- Provide to you the digital asset trading/custody/settlement/account servicing and related services contracted for.
- Email you with offers on other products and services we think you might like and inform you about the products and services we provide.
- To recruit for positions at Seed.
- To investigate legal claims.
- To protect against fraud.
- To administer Seed websites and any Seed software applications.
- For such purposes for which Seed may obtain Consent from time to time.
- For such other uses as may be permitted or required by applicable law.
Your data may also be anonymized or aggregated to enable Seed to manage our business, develop statistical information, test our performance, or develop products. Anonymized and/or aggregated data will not identify you. Seed does not sell your Personal Data or information.
Sharing Data With Third Parties
Seed may share your Personal Data with Third Parties:
- To provide and support Seed's products and services. For example, Seed may submit your information to credit bureaus or credit reporting agencies for identification purposes.
- To comply with legal obligations, such as responding to regulatory or criminal investigations or mandatory reporting to our regulators.
- To protect you from fraud, abuse, or illegal activity. In such cases, Seed may disclose your information to an appropriate governmental authority or next of kin to prevent illegal or fraudulent activity in your account.
- If, in our best judgement, we believe someone is seeking your information as your agent, with your Consent, or if otherwise permitted by law.
- Any other situation or purpose for which Seed obtains your Consent to share.
How We Protect Your Data
Seed has many processes and controls in place to protect your Personal Data. Controls include limiting access to private data and confidential information to authorized employees, service providers, representatives, or agents who have all been made aware of the importance of keeping your information confidential. That is, Seed only allows access to confidential information on a need-to-know basis. Additionally, Seed uses safeguards that are consistent with the industry standard, including firewalls, data encryption, and physical access controls. Seed stores all of your Personal Data in the United States. Data transfers are carried out in accordance with applicable laws and regulations, and transfers to another jurisdiction will be subject to the laws of the jurisdiction where the data is held.
Your data is only retained for as long as reasonably necessary to fulfill the purpose for which it was collected. Your data will be destroyed or de-identified once no longer required.
Seed would like to send you information about products and services of ours that we think you might like. If you have agreed to receive marking, you may opt out at a later date.
You have the right at any time to stop Seed from contacting you for marketing purposes or giving your data to other members of the Seed group. If you no longer wish to be contact for marketing purposes, please email us at email@example.com.
Your Data Protection Rights
Seed would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:
The right to access - You have the right to request copies of your Personal Data. We may charge you a proportionate fee for this service.
The right to rectification - You have the right to request that Seed correct any information you believe is inaccurate. You also have the right to request Seed to complete information you believe is incomplete.
The right to erasure - You have the right to request that Seed erase your Personal Data, under certain conditions.
The right to restrict Processing - You have the right to request that Seed restrict the Processing of your Personal Data, under certain conditions.
The right to object to Processing - You have the right to object to Seed's Processing of your Personal Data, under certain conditions.
The right to data portability - You have the right to request that Seed transfer the data that we have collected to another organization, or directly to you, under certain conditions.
The right to object - You have a right to object to the collection and Processing of your Personal Data for direct marketing and for other limited purposes. You may object orally or in writing.
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights or have any questions about these rights, please contact us at firstname.lastname@example.org.
If you have a concern about the way Seed is handling your Personal Data, please email us at email@example.com
Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology.
For further information , visit allaboutcookies.org.
Our Website is not intended for use by minors (children under the age of 18). Seed does not market any products or services to children under the age of 18 or knowingly collect any information from children under the age of 18. Parental Consent to use our platform is also not permitted.