Privacy Policy

  1. General terms

    Salto X OÜ, registry code 16360806, registry address Vana-Kalamaja st 45-14 Tallinn Harju County, 10415 (referred to "Salto X" in this Privacy Policy) has developed this Privacy Policy. The purpose of this Privacy Policy is to inform the Users and provide the Users with an understanding of how Salto X process, handle, collect, use, disclose, and deal with the Personal Data of the Users which are natural persons, that the Users give Salto X, that Salto X receive through third parties or that is in our possession.

    This Privacy Policy will inform the Users as to how Salto X looks after the Users' Personal Data when the Users visit our website saltox.co (referred to "Salto X Platform") (regardless of where Users visit it from) and tell the Users about the Users' privacy rights and how the law protects the Users.

    If Users have any questions regarding the Privacy Policy of Salto X or if Users wish to obtain additional information on how to exercise the rights specified herein, Users can contact Salto X by writing an email to dpo@saltox.co. Additional contact information is available on the Salto X Platform.

    The Personal Data processing activities carried out by Salto X can be described not only in this Privacy Policy but also in the Terms of Use of the Salto X Platform and the Cookies section of the Privacy Policy.

    The terms used in the Privacy Policy conform to the terms used in the Terms of Use insofar as the Privacy Policy does not specify otherwise.

    "Personal Data" refers to any information that directly or indirectly can identify a living natural person, such as name, address, contact details, identification numbers, online identifiers, etc.

  2. Processing of the Personal Data

    1. Collection of the Personal Data

      Personal Data is collected from the User directly and from the User's use of the Services, as well as indirectly from external sources and third parties such as public and private registers or other providers of databases or other persons (see Section 6). Salto X may record phone calls, visual images, video, and/or audio, save e-mail communication, or otherwise document the User's interaction and communication with Salto X. Salto X primarily collects from and processes the Personal Data about the Users. Salto X also collects from and processes the Personal Data of such natural persons as:

      legal representatives, authorised persons, contact persons, transaction partners, registrants, agents, payers, heirs;

      who are connected to the Company, for example, shareholders, board members, corporate representatives, signatories, and ultimate beneficial owners.

    2. Categories of the Personal Data

      Salto X processes several categories of Personal Data from the Users and other third parties:

      • identification data such as - the User's first name and surname, middle name, gender, date of birth, place of birth, personal identity number, place of tax residence, tax ID;

      • contact data such as - the User's residence address or address for communication purposes, postal address, country of residence, email address and phone number, the language of communication;

      • financial data such as - bank account;

      • occupation (employment) data such as - data about employer, occupation, position grade, area of work, and working experience;

      • correspondence records such as - the User's communication with Salto X through the Salto X Platform via live chat, via email and/or by phone, or other tools which could be introduced, as well as information from surveys and polls (type, date, tracking ID);

      • location data such as - IP address, login place, and transaction place;

      • other data - voice and/or video recording data such as phone voice recordings.

      Salto X does not process sensitive data related to the User's health, ethnicity, religious or political beliefs unless required by law or in specific circumstances where, for example, the User reveals such data while using the Services.

  3. Cookies

    Salto X uses cookies to analyse how the User uses the Salto X Platform. Please read Cookie Policy for more information about cookies.

  4. Legal basis and purpose of processing the Personal Data

    1. Performance of agreements

      For Salto X to provide the Services it shall gather certain information about Users. In such cases, the main purpose of the processing of the User's data by Salto X is to document, execute and administer agreements with the User.

      Examples of such purposes of processing are:

      to take steps at the request of the User prior to entering into an agreement, as well as to conclude, execute, maintain, and terminate an agreement with the User.

      to execute national and international transactions via financial institutions, settlement, and payment systems.

      to manage relations with the Users, as well as to authorise, provide, control, and administer access to the Services.

    2. Compliance with legal obligations

      For Salto X to comply with the legal obligations under applicable legislation, Salto X is required to process the User's Personal Data in accordance with regulatory legislation and data protection legislation.

      Examples of such purposes of processing are:

      before the User may use the Services on the Salto X Platform and during the cooperation with the User under the Agreement, Salto X performs the due diligence of the User, to verify the User's identity and to keep the User's data updated and correct by verifying and enriching data through external and internal registers;

      to prevent, discover, investigate, and report money laundering, and terrorist financing;

      to comply with rules and regulations related to accounting, tax information exchange, and risk management.

    3. Legitimate interest

      Some purposes of the User's Personal Data processing are based on Salto X legitimate interests balanced against the User's as a data subject's interests and rights.

      Examples of such purposes of processing are:

      to provide the User with additional Services, create offers, and direct marketing activities through different channels;

      to develop, examine and improve Salto X business, the Services, and the User experience, to strengthen User’s satisfaction and loyalty, as well to strengthen Salto X brand, to perform surveys, analyses, and statistics;

      to organise lotteries, competitions, campaigns, and events for the Users;

      to protect the interests of the User and/or Salto X and Salto X employees, including security measures;

      to prevent, limit, and investigate any misuse or unlawful use or disturbance of the Services, including fraud prevention;

      to ensure adequate provision of the Services and the safety of information within the Services, as well as to improve, develop and maintain Salto X website, technical systems and IT infrastructure, including testing Salto X digital environment;

      to record phone calls and video streams with the Users for Service quality assurance and claims processing purposes;

      to provide payment initiation and/or account information service to the User.

    4. Consent

      In some cases, Salto X will ask for the User's consent to process Personal Data. In those cases, the User will be separately informed about the particular purpose of processing. If the User submits sensitive data or data not requested by Salto X on its own initiative, processing will occur based on the User's explicit consent. The User can withdraw given consent at any time.

  5. Profiling and automated decision making

    Profiling is any form of automated processing of Personal Data used to assess certain personal characteristics of the User, in particular, to analyse or predict, for example, the economic situation, personal preferences, interests, and place of residence. Profiling is used, for example, to make analysis based on the performance of agreements and for marketing activities and service development based on Salto X legitimate interest or the User's consent. Salto X may make automated decisions in such processes as risk management and transaction monitoring to counter fraud in compliance with the regulatory legislation in areas of anti-money laundering, terrorism, and proliferation financing.

  6. Transfer of Personal Data to third parties

    As part of Salto X processing, Salto X may share the User's data with certain recipients such as authorities, Salto X group companies, suppliers, payment service providers, and business partners. At the same time, Salto X will not disclose more of the User's Personal Data than is necessary for the purpose of disclosure and in accordance with regulatory requirements and data protection legislation.

    Recipients may process the User's Personal Data by acting as data processors and/or as data controllers. When a recipient processes the User's Personal Data on its own behalf as a data controller, the recipient is responsible for providing information on such processing of the User's Personal Data. Salto X undertakes to guarantee appropriate technical and organisational security measures to ensure that the Personal Data processor upholds security standards that are not lower than the security standards set by Salto X.

    Salto X discloses the Personal Data to recipients such as:

    authorities, such as law enforcement agencies, bailiffs, notaries, tax authorities, supervisory authorities and Financial Intelligence Unit, and any other authorised person, including administrators, which are involved in any restructuring process of the Companies;

    third party, who is taking debt collection steps to recover debt from the User (such as debt collectors, lawyers, court bailiffs, insolvency administrators, etc.);

    to the parent (holding) company of Salto X, its governing enterprise and any enterprises dependent on the governing enterprise, other companies or enterprises, which directly or indirectly have obtained a significant share in the share capital of Salto X or in which Salto X has obtained direct or indirect participation, insofar as such information is necessary for the performance of functions delegated to them;

    credit and financial institutions, correspondent banks, custodian banks, insurance providers and intermediaries of services, third parties participating in the trade execution, settlement, and reporting cycle;

    financial and legal consultants, auditors, or any other data processors of Salto X, insofar as such information is necessary for the performance of functions delegated to them;

    providers of databases and registers, e.g. to population registers, commercial registers, securities registers, or other registers holding or intermediating the User's data, debt collectors and bankruptcy, bailiffs, notaries or insolvency administrators;

    participants and/or parties related to domestic, European, and international payments;

    persons and suppliers related to the provision of the Services of Salto X, such as providers of IT, telecommunications, payment intermediaries, credit institutions, hosting, archiving, postal services, etc.

    Please be informed that the User data may be requested by the state authorities located in the countries where Salto X offers its services, including countries outside the EU/ EEA. In all such cases, Salto X evaluates the request and assesses whether the provided reasoning for the disclosure of the User's data is substantiated, whether the requested data amount is proportional, and whether the correct channels have been used to request the disclosure of the User's data. Unless prohibited by law, Salto X will inform the User about receiving a request to disclose the particular User's data.

  7. Geographical area of processing

    As a general rule, the User's Personal Data is processed within the European Union/ European Economic Area (referred to as "EU/ EEA") but in some cases may be transferred to and processed in countries outside of the EU/EEA.

    The transfer and processing of Personal Data outside of the EU/EEA can take place provided there is a legal basis and one of the following conditions:

    As a general rule, the User's Personal Data is processed within the European Union/ European Economic Area (referred to as "EU/ EEA") but in some cases may be transferred to and processed in countries outside of the EU/EEA.

    The transfer and processing of Personal Data outside of the EU/EEA can take place provided there is a legal basis and one of the following conditions:

  8. Retention period

    Personal Data will be retained for no longer than is necessary for the particular purpose of processing for which the data is collected, or which is stipulated in the regulatory legislation.

    Personal Data will be processed by Salto X as long as the contractual relationship with the User exists.

    In cases when Personal Data processing occurs based on the User's consent, the Personal Data will be retained as long as the consent is valid.

    Other retention periods may be established and applicable when the Personal Data is processed for purposes based on Salto X legitimate interest, for example, for the establishment, exercise or defence of legal claims, for a maximum period of limitation according to the regulatory legislation.

    In all cases, Salto X limits the processing of Personal Data to a minimum.

  9. Your rights as a data subject

    Salto X respects User's rights to access, manage and control the Personal Data that Salto X processes. Once Salto X receives a request from the User to exercise any of the rights listed below, Salto X will review the User's request and provide a response without undue delay and in any event within one month of receipt of the request.

    According to the data protection legislation, this time period may be extended if the User's request is complex or if due to the number of received requests, Salto X cannot prepare a reply within the previously set time limit. In this case, Salto X informs the User about the extension of the time limit for preparing a reply to the User's request and indicates the specific term for preparing a reply.

    Should the User wish to exercise any of the rights listed below, the User can do so by submitting a request in one of the following ways:

    • by sending an electronic request to: dpo@saltox.co or support@saltox.co

    • by sending a signed request to: Harju maakond, Tallinn, Põhja-Tallinna linnaosa, Telliskivi tn 60a/8, 10412

    Salto X reserves the right to request additional information from the User in order to verify the identity of the person, who has sent the request, and to protect the User's data from being disclosed to unauthorised persons, as well as to request a signed request with secure e-signature or with handwritten signature for verification and security purposes. If the User or Salto X has terminated the Agreement and is not able to identify the data subject via the User's Account, Salto X has the right to request identification of the person before any Personal Data disclosure, based on such request.

    The User has the right to access the Personal Data free of charge. However, if the User's requests are manifestly unfounded or excessive, Salto X retains the right to charge a reasonable fee or to refuse to act on the request.

    Below is a summary of the User's specific rights:

    If the User considers that the processing of the User's Personal Data infringes the User's rights and interests under the data protection legislation, the User can lodge a complaint. The complaint can be lodged with a supervisory authority (Estonian Data Protection Inspectorate - https://www.aki.ee/en) or with a supervisory authority in the EU Member State of the User's habitual residence or place of work.

  10. Validity and amendments of the Privacy Policy

    Salto X has the right to make changes to the Privacy Policy at any time by posting them on the Salto X Platform, and by informing the Users individually by sending them an email. Any version of the Privacy Policy that is published on the Salto X Platform replaces all previous versions of the Privacy Policy and takes effect immediately upon posting or from the effective date as indicated.