1.1. This Privacy Policy explains how information about you is collected, used and disclosed by SORA BIOME (“SORA,” “we”, "our" or “us”). This Privacy Policy applies to information we collect when you use our products and/or services ("Products" and "Services" respectively).
1.2. Occasionally we may, in our discretion, make changes to the Privacy Policy by posting a revised version and updating the ‘Effective Date’ above. The revised version will be effective on the “Effective Date” listed. If and when such notice is required by law, we may notice you at our own discretion through one of our channels. Where your explicit consent is not needed, your continued access or use of our Platform and/or Services constitutes your acceptance of the latest Privacy Policy. You are thus encouraged to periodically review this page.
1.3. The information published herein is limited to the collection and use of information with respect to your use of our website hosted at [https://www.soracard.com] (“Website”), the Products and related Services. It is important that you read this Privacy Policy together with any other privacy notice or policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Privacy Policy supplements the other notices and is not intended to override them.
1.4. Please read this Privacy Policy carefully before accessing or using our Website and/or Services. By entering, connecting to, accessing or using the website or Services and/or submitting your information in the registration procedure, you acknowledge that you have read and understood this Privacy Policy.
IF YOU OBJECT TO THIS PRIVACY POLICY, PLEASE DO NOT ENTER, CONNECT TO, ACCESS OR USE THE WEBSITE, PRODUCTS OR SERVICES IN ANY MANNER.
2.1. “SORA” refers to the company SORA BIOME, with the registered office at Sveta Sofia 8, Str., Floor 1, Office 101, 1000 Sofia, Bulgaria, and is a data controller in respect of personal data under this Privacy Policy.
2.2. Under relevant data protection legislation, including but not limited to the General Data Protection Regulation ("GDPR"), the UK GDPR and the Data Protection Act 2018 (the "Legislation"), the controller is the party that, alone or jointly with others, determines the purposes and means of the processing of personal data. "Controller", "processor", "personal data" are as defined in the Legislation.
2.3. For any clarification, question or requirement related to your privacy and the processing of your personal data, please contact support@soracard.com.
3.1. Personal data means any information about an individual from which that person can be identified, directly or indirectly.
3.2. We will collect and process various types of personal data about you for the purposes described in this Privacy Policy, including:
3.3. We may also collect, use, and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature
3.4. If not explicitly written to inform you on collecting sensitive personal data (e.g., within the identification procedure), we do not collect any special categories of personal data about you (so called sensitive data; this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic data).
3.5. Information is gathered from you in a range of ways that are outlined below:
3.6. Personal Data that users provide to SORA should not include any of the following data types, and users hereby expressly warrant that they will not provide any of the following:
3.7. SORA may use user Personal Data to send direct marketing to our users via e-mail only when the user has given express prior consent in the relevant contact form. Users may at any time withdraw approval to receive marketing communications by expressly withdrawing consent via their individual SORA interface (wallet).
3.8. SORA will not rely solely on automated user onboarding processes or transaction monitoring, including profiling, with respect to its decisions regarding a user’s ability to transact business via the Website and Services.
3.9. When you use the Website, Products and Services, we automatically collect information about you, including:
3.10. Our use of your personal data depends on how and where you interact with us. However, whenever we process your personal data, we do so on the basis of a lawful “justification” (or legal basis) for processing. In the majority of cases, the processing of your personal data will be justified on one of the following bases:
CATEGORY OF PERSONAL DATA | THE PURPOSES FOR WHICH WE PROCESS YOUR PERSONAL DATA | LEGAL BASIS | RETENTION PERIOD |
---|---|---|---|
Account Data, Profile Data, Transaction Data | Fulfilment of Services: To enable us to perform the services to you – to carry out our contractual obligations relating to you, to manage our relationship with you which will also include notifying you about changes to our service and changes to our terms or policies. | It is necessary for us to process your information to perform our obligations in accordance with any contract that we may have with you. It is also in our legitimate interest to ensure quality Services are provided to you. | We will store the data for as long as the agreement shall be in force and for an additional period in which either party can make any legal claims arising out of this agreement. |
Account Data, Profile Data, Transaction Data | Support Services: To enable us to respond to your queries or requests in accordance with the content of such a query or request. | It is necessary for us to process your information to perform our obligations in accordance with any contract that we may have with you. It is also our legitimate interest to ensure quality information is provided to users and potential users. | We will store the data for as long as the agreement shall be in force and for an additional period in which either party can make any legal claims arising out of this agreement. |
Account Data, Usage Data | Marketing Communications: To provide news and information services including email briefings and newsletters. | We will only send you marketing communications where you have consented and expressed a preference to receive such marketing communications, or where we have other lawful right to do so. | Until withdrawal of consent. |
Technical Data, Usage Data | User Insight and Analysis: To collect insights into how you interact with our services so that we can personalise our communications with you and maintain and improve our websites and services. | Where your personal data is not in an anonymous form, it is in our legitimate interest to use your personal data in such a way to ensure that we deliver our online services to you and our other clients effectively and to ensure quality. Where lawfully required, we may also process your personal data in accordance with your consent to the processing. | We will store the data for as long as necessary to properly perform our Services, in any case not longer than allowed according to the applicable regulation. Until withdrawal of consent. |
Profile Data, Transaction Data | Compliance with Legal Obligations: To comply with legal and regulatory obligations to which we are a subject (e.g. anti-money laundering). | It is our legal obligation to do so. | We will store the data for a period required under the applicable laws. |
Account Data, Transaction Data, Technical Data, Usage Data | Safety and Security: For internal operations, including bug fixes, troubleshooting, data analysis, testing, and general security developments. | It is in our legitimate interests to improve the security and use of the Website, Platform and Services, including data security. | We will store the data for as long as necessary to properly perform our Services, in any case not longer than allowed according to the applicable regulation. |
Transaction Data | Business Sale: In the event that we sell or buy any business or assets, disclose your data to a prospective seller or buyer, | It is in our legitimate interests to deliver accurate information about our business to a prospective buyer. It is also our legal obligation to do so. | We will store the data for as long as necessary to properly perform our Services, in any case not longer than allowed according to the applicable regulation. |
3.11. We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason that is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at support@soracard.com.
3.12. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
4.1. Where the legal basis for processing your personal data is your consent, you have the right to withdraw that consent at any time. You can exercise this right by clicking on the “unsubscribe” button on our marketing emails or by choosing a similar opt-out option that we may provide for you to exercise your right to object to the processing of your personal data.
4.2. You may opt-out of receiving promotional messages from us by following the instructions in those messages. If you opt-out, we may still send you transactional or relationship messages.
5.1. Our general approach is to retain your personal data only for as long as required to fulfil the purposes for which it was collected, or to comply with any legal, regulatory or reporting obligations or to assert or defend against legal claims. We generally retain your personal data for 6 years from the end of our relationship, unless local law requires otherwise. However, in some circumstances we may retain personal data for longer periods of time, for instance where we are required to do so in accordance with legal, tax and accounting requirements.
5.2. In specific circumstances we may also retain your personal data for longer periods of time corresponding to the applicable statute of limitations so that we have an accurate record of your dealings with us in the event of any complaints or challenges.
6.1. For achieving the purposes of use set out in this Privacy Policy (see above), your data may be accessible to certain categories of persons, employed or contracted by us, including financial institutions, lawyers, administrators, IT and system administration services provider, marketing and other services providers, on our behalf on a need-to know basis.
6.2. We may also share your personal data with law enforcement, data protection authorities, government officials, and other authorities, including when:
6.3. We may also disclose certain personal data to our current or future affiliates, subsidiaries and other related entities, as well as to our operational and business partners and subcontractors when this is necessary for the performance and execution of any contract we enter into with them or you. We may also share your personal data with third parties in connection with potential or actual restructuring, merger or sale of our company or any of our assets, or those of any associated companies, in which case personal data held by us about our users may be one of the transferred assets.
6.4. Other important cases when we share your personal data:
6.5. With respect to US residents, we also may share your information with other financial institutions as authorised under Section 314(b) of the US Patriot Act, and with tax authorities, including the US Internal Revenue Service, pursuant to the Foreign Account Tax Compliance Act ("FATCA"), to the extent that this statute is determined to apply to us.
6.6. We may also share aggregated or de-identified information, which cannot reasonably be used to identify you
6.7. SORA does not process or collect any data. All data collected in the SORA side of the process is collected and transmitted through the interface under PayWings technical implementation. PayWings is involved in the regulated activities, supervised and executed by regulated entities. Privacy and data protection policies of PayWings are also supervised and inspected by SORA to ensure your privacy.
6.8. In accordance with GDPR policy (https://www.paywings.com/privacy-policy/), PayWings only collects and processes the data that are absolutely required for our legitimate business needs, required by the laws and regulations, and we keep audit logs of all accesses and reasons for the particular access to the data whenever such event takes place.
6.9. Our service providers are required to provide sufficient assurances in accordance with data protection law. (e.g. being bound contractually to confidentiality and data protection obligations). We will only share personal data necessary for them to provide their services. For our business requirements that are mentioned at article 6.8., we share your data with our service providers in four main categories:
All of our partners are obligated to protect your data and privacy as required by the laws and regulation.
6.10. We explicitly share your information with the following parties: SumSub (https://sumsub.com), Unlimit (https://unlimit.com), GateHub (https://gatehub.net), and we also store it in our secure local records. We minimize the scope of data shared and do so only for specific, explicit purposes and needs. Additionally, we share your information with other parties that you may onboard via our service, especially if they require KYC (Know Your Customer) to provide services to you.
7.1. We have adopted security measures to protect personal data against accidental or unlawful destruction, accidental loss, alteration, unauthorised disclosure, or access. We limit access to your personal data to those employees and third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
7.2. For the best possible protection of your personal data outside the limits of our control, your computer or other device should be protected (such as by updated antivirus systems) and your internet service provider should take appropriate measures for the security of network data transmission (such as, for example, firewalls and anti-spam filtering).
7.3. While we take reasonable steps to protect your personal data, we cannot guarantee that the personal data you disclose to us will be 100% secure, nor that any data breach will not occur. You accept the inherent security implications of dealing on-line over the Internet and will not hold us or our processors responsible for any data breach unless it is due to our negligence.
7.4. We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
7.5. Your personal data is primarily stored and processed inside the United Kingdom (UK) and European Economic Area (EEA), but may also be transferred, processed and stored on servers located in countries outside the UK and EEA in order to carry out the activities specified in this Privacy Policy. Your personal data can therefore be subject to privacy laws that are different from those in your country of residence.
7.6. However, if we do transfer personal data to third parties outside the UK and EEA, such transfer will be based on appropriate legal safeguards. In these cases, we ensure that both ourselves and our partners take adequate and appropriate technical, physical, and organisational security measures to protect your data.
8.1. Websites may include links to third-party websites, plug-ins, channels, or other applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party services and are not responsible for their privacy statements. When you use the third-party services, we encourage you to read the privacy notice of every website or application you use.
9.1. Under certain circumstances, you have the following rights in relation to your personal data:
9.2. For further information regarding your rights, to exercise any of your rights, or if you have any complaints or questions regarding the processing of your personal data, please contact us via support@soracard.com.
9.3. Please note that we may request proof of identity, and we reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive. We will endeavour to respond to your request as soon as possible and in any case within the applicable timeframes.
10.1. If you have any questions or concerns regarding our Privacy Policy or if you believe our Privacy Policy or applicable laws relating to the protection of your personal data have not been respected, you can file a complaint with us by using the contact details listed below and we will respond to let you know when you can expect a further response. We can request additional details from you regarding your concerns and may need to engage or consult with other parties to investigate and address your issue. We will keep records of your request and any resolution.
SORA BIOME
Sveta Sofia 8, Str., Floor 1, Office 101, 1000 Sofia, Bulgaria
Email address: support@soracard.com
10.2. If your request or concern is not satisfactorily resolved by us, you may approach your local data protection authority.
(see: http://ec.europa.eu/justice/dataprotection/bodies/authorities/index_en.html).
The Information Commissioner is the supervisory authority in the UK: https://ico.org.uk
We would, however, appreciate the opportunity to deal with your concerns before you approach the authorities, so please contact us in the first instance.
The present Privacy Policy should be revised annually and updated whenever appropriate.
This Privacy Policy has been approved by the Company’s director on 28/10/2022. It replaces and supersedes any prior policy and procedures on this subject matter. The Privacy Policy is valid until a revision is published.
We use only necessary cookies to give you the most relevant experience. Learn more