Privacy Policy
Last updated: 26-01-2022
1. Introduction
When you visit ojacoin.org or any related Website or use the Services, OJA collects and processes data in relation to you in order to provide you with our products and services, and ensure that we can meet your needs when providing these products and services, as well as when providing them with any respective information. Your privacy is of utmost importance to us, and it is our policy to safeguard and respect the confidentiality of information and the privacy of individuals. This policy (the “Privacy Policy”) explains how we handle your personal data. OJA will ensure that your personal data is carefully processed and protected. OJA will always do this in line with applicable privacy laws and regulations. This means, for example, that OJA:
will clearly mention for which purposes your personal data is processed by way of this Privacy Policy;
will limit the personal data collected to that required for the purposes specified, and will only collect or process more data based on a legal ground, such as your (explicit) consent;
will not share your personal data with third parties unless it is required for performance of the Services or to be able to fulfill applicable (European or Dutch) rules and regulations, including assisting Financial Intelligence Units (FIU) or (other) competent supervisory authorities, law enforcement authorities or if necessary to assist in combating fraud and other types of abuse to the extent permitted by law;
will sign an appropriate processor’s agreement with third parties that we instruct to process your personal data on our behalf, to guarantee the confidentiality of your personal data;
will take all reasonable administrative, technical and physical measures to protect your personal data and require the same of any third party processing your personal data on our behalf; and
will respect your rights for example to have access to the processed data in relation to you and to amend or erase your personal data. You can read more about your privacy rights in this policy below.
will clearly mention for which purposes your personal data is processed by way of this Privacy Policy;
will limit the personal data collected to that required for the purposes specified, and will only collect or process more data based on a legal ground, such as your (explicit) consent;
will not share your personal data with third parties unless it is required for performance of the Services or to be able to fulfil applicable (England and Wales) rules and regulations, including assisting Financial Intelligence Units (FIU) or (other) competent supervisory authorities, law enforcement authorities or if necessary to assist in combating fraud and other types of abuse to the extent permitted by law;
will sign an appropriate processor’s agreement with third parties that we instruct to process your personal data on our behalf, to guarantee the confidentiality of your personal data;
will take all reasonable administrative, technical and physical measures to protect your personal data and require the same of any third party processing your personal data on our behalf; and
will respect your rights for example to have access to the processed data in relation to you and to amend or erase your personal data. You can read more about your privacy rights in this policy below
Our Privacy Policy is reviewed regularly to ensure that any new obligations and technologies, as well as any changes to our business operations and practices are taken into consideration, as well as that it remains informed of the changing regulatory environment. Any personal information we hold will be governed by our most recent Privacy Notice.
In OJA’s view, it is important that you are well-informed about the above; therefore, please read this Privacy Policy carefully. Please note that Privacy Policy forms part of, and utilizes certain terms that are defined in the User Agreement and User is accepting and consenting to the practices described in this Privacy Policy by accepting the User Agreement and using the Services.
2. Who is responsible for the processing of your personal data?
OJA” indicates OJA Coin., a limited private company under England and Wales law, with its registered office at Kemp House 160 City Road London EC1V 2NX United Kingdom and registered under OJA GLOBAL HOLDINGS LTD given by Companies House, Cardiff, under the company registration number 13813234. OJA is responsible for processing of your personal data as described in this policy and act as (joint) ‘data controller’ under the General Data Protection Regulation (GDPR). In this Policy, all entities are (together) referred to as ‘OJA’, ‘we’, ‘our’, or ‘us’. For all your questions and requests, you can contact our Data Protection Officer at privacy@ojacoin.org.
OJA is responsible for processing of your personal data as described in this policy and act as (joint) ‘data controller’ under the General Data Protection Regulation (GDPR). In this Policy, all entities are (together) referred to as ‘OJA’, ‘we’, ‘our’, or ‘us’. For all your questions and requests, you can contact our Data Protection Officer at
3. Which (personal) data could be processed and from which sources?
OJA may process (your personal) data if you:
are a visitor/user of our Website or Services;
are (an authorized representative or UBO of) our Customer (or their related family member or close business partner);
have a Business Relationship with OJA; and/or
are an associate of our counterparties or service providers of OJA.
In paragraph 3.1 – 3.3 is described which data could be processed and from which source.
3.1 Information we collect from you automatically
We receive and store certain types of information automatically, such as whenever you interact with the Website or use the Services. This information helps us address customer support issues, provide you with a streamlined and personalized experience, improve the performance of our Website, and protect your account from fraud by detecting unauthorized access. Information collected automatically includes:
Online Identifiers: Operating system, browser name and version, device and/or personal IP addresses.
Usage and Security Data: Authentication data, security questions, and other data collected via cookies and similar technologies.
We may also use identifiers to recognize you when you access our Sites via an external link, such as a link appearing on a third-party site.
3.2 Information you provide to us
To establish an account and access our Services, we’ll ask you to provide us with some important information about you. This information is either required by law (e.g. to verify your identity) or necessary to provide the requested Services (e.g. you will need to provide your bank account number if you’d like to link that to your OJA account).
Personal Identification Information: Full name, date of birth, gender, nationality, country of origin, home address, photographs for identification purposes (art. 25 sub a Dutch Implementation GDPR Act), phone number, email, login details and/or other information you might provide about your reputation and background or about your family members or close business partners.
Personal Identification Information:Personal Identification Information: Government issued identity document such as Passport, Driver’s License, National Identity Card or Resident Permit – including details such as document type, document number, date of issuance and issuing authority – and/or any other information, such as video verification if deemed necessary to comply with our legal obligations under financial or anti-money laundering laws. Please note that OJA does not process special personal data including, but not limited to, the social security citizen service number.
Institutional Information: Company identification number (or comparable number issued by a government), proof of legal formation (e.g. articles of incorporation), additional legal documents – including articles of association, shareholder register, structure chart, corporate tax return and UBO statement – and personal identification (and institutional) information for all direct and indirect representatives, directors and material beneficial owners (if applicable).
Account purpose information: Information of purpose and intended nature of the business relationship.
Employment Information: Profession, job title, office location, description of role, employment contract and/or annual income.
Financial Information: Bank account information, transaction history, source of funds, source of wealth and/or tax identification number.
Transaction Information: Information about the transactions you make on our Services, such as your name, your bank account number, the amount, the type of transaction (e.g. deposit or withdraw), the name of the recipient, the virtual currency wallet address of the recipient and/or the corresponding timestamps of each of these.
Correspondence: Survey responses or information provided to our support team and other information that you might voluntary share with us.
Personal Identification Information: Full name, date of birth, gender, nationality, country of origin, home address, photographs for identification purposes (England and Wales Implementation GDPR Act), phone number, email, login details and/or other information you might provide about your reputation and background or about your family members or close business partners.
Personal Identification Information: Personal Identification Information: Government issued identity document such as Passport, Driver’s License, National Identity Card or Resident Permit – including details such as document type, document number, date of issuance and issuing authority – and/or any other information, such as video verification if deemed necessary to comply with our legal obligations under financial or anti-money laundering laws. Please note that OJA does not process special personal data including, but not limited to, the social security citizen service number.
Institutional Information: Company identification number (or comparable number issued by a government), proof of legal formation (e.g. articles of incorporation), additional legal documents – including articles of association, shareholder register, structure chart, corporate tax return and UBO statement – and personal identification (and institutional) information for all direct and indirect representatives, directors and material beneficial owners (if applicable).
Account purpose information: Information of purpose and intended nature of the business relationship.
Employment Information: Profession, job title, office location, description of role, employment contract and/or annual income.
Financial Information: Bank account information, transaction history, source of funds, source of wealth and/or tax identification number.
Transaction Information: Information about the transactions you make on our Services, such as your name, your bank account number, the amount, the type of transaction (e.g. deposit or withdraw), the name of the recipient, the virtual currency wallet address of the recipient and/or the corresponding timestamps of each of these.
Correspondence: Survey responses or information provided to our support team and other information that you might voluntarily share with us. As we add new features and Services and applicable laws and regulations might change, you may be asked to provide additional information.
As we add new features and Services and applicable laws and regulations might change, you may be asked to provide additional information.
3.3 Information generated by us
We may generate information about you, for example based on information you provided to us. The categories of data may include:
Account information: Information about the transactions you make on our Services – such as the type of transaction (e.g. buy transaction and/or sell transaction), the amount, the type of virtual currency, the counterparty – and the processing of this information together with information as provided by you – which might result in behavioral pattern information, risk profiles, risk categories, transaction profile information, transaction patterns information, internal suspicious transaction reports or intelligence, hit / no hit information on PEP and sanction lists – and/or notices to designated authorities including reports/notifications to FIU.
Whistleblowing or fraud reports: we may receive your personal data if they have been necessarily included in whistleblowing reports from OJA Staff Members or in fraud reports from relevant payment institutions and payments service providers to ensure our Services are not used fraudulently or for other illicit activities.
3.4 Information collected from third parties
From time to time, we may obtain information about you from third party sources as required or permitted by applicable laws en regulations. These sources may include:
Public Databases: We obtain information from public databases such as the relevant Chamber of Commerce, the UBO / Beneficial Owners / Transparency (or similar) register, Google searches and other (reliable and independent) sources for purposes of verifying your identity and checking your background in accordance with applicable laws and regulations.
Blockchain Data: We may analyze public blockchain data and obtain information about your transactions from Blockchain analysis providers to ensure parties utilizing our Services are not engaged in illegal or prohibited activity under our Terms, and to analyze transaction trends for research and development purposes.
4. For what purposes are your personal data processed?
We may use your personal data for the following purposes:
To comply with laws and regulations Most of our Services are subject to laws and regulations requiring us to collect, use, and store your personal data in certain ways. For example, OJA must identify and verify customers using our Services in order to comply with anti-money laundering laws such as the England & Wales Money Laundering and Terrorist Financing (Prevention) Act (Wwft).
To enforce our terms in our user agreement and other agreements OJA handles sensitive information, such as your identification and financial data, so it is very important for us and our customers that we actively monitor, investigate, prevent, and mitigate any potentially prohibited or illegal activities, and/or prevent and detect violations of our User Agreement or agreements for other Services.
To prevent fraud, misuse of services, or money laundering OJA process personal data that are not strictly required by law, but nevertheless are necessary to protect the legitimate interest to (i) guarantee the safety and integrity of the Digital Currency sector, (ii) to prevent and actively combat (attempts to commit) criminal offences and (iii) to assist in combating fraud and other types of abuse.
To provide OJA’s Services We process your personal data to provide the Services to you. For example, when you want to store funds on our platform, we require certain information such as your identification, contact information, and payment information. We cannot provide you with Services without such information.
To provide service communications We send administrative or account-related information to you to keep you updated about our Services, inform you of relevant security issues or updates, or provide other transaction-related information. Without such communications, you may not be aware of important developments relating to your account that may affect how you can use our Services. You may not opt-out of receiving critical service communications, such as emails or mobile notifications sent for legal or security purposes.
To provide customer service We process your personal data when you contact us to resolve any questions, disputes, collect fees, or to troubleshoot problems. Without processing your personal data for such purposes, we cannot respond to your requests and ensure your uninterrupted use of the Services.
For research and development purposes We process your personal data to better understand the way you use and interact with OJA’s Services. In addition, we use such information to customise, measure, and improve OJA’s Services and the content and layout of our website and applications, and to develop new services. Without such processing, we cannot ensure your continued enjoyment of our Services.
To engage in marketing activities Based on your communication preferences, we may send you marketing communications (e.g. emails or mobile notifications) to inform you about our events or our partner events; to deliver targeted marketing; and to provide you with promotional offers. Our marketing will be conducted in accordance with your advertising marketing preferences and as permitted by applicable laws and regulations.
To set price alerts Based on your account settings you can set a price alert to be notified when the price for a specific virtual currency reaches a set threshold. We will send this notification, depending on your preference, by e-mail, sms or a push notification in the app. When setting price alerts, we process your personal data with your (explicit) consent, which can be withdrawn at any time.
5. Your rights
If your personal data is processed, you have privacy rights and, of course, OJA respects these. More specifically, you have the right to access, rectify, restrict processing, object against processing or the right to data portability or erase personal data collected or processed about you. You can submit your request to OJA’s Data Protection Officer at privacy@ojacoin.org. The Data Protection Officer may ask you to provide further information in order to determine your identity first, to ensure that no one else is trying to execute your privacy rights.
OJA will respond to your request as quickly as possible, although this can take up to one month (if legally allowed). If more time is required to complete your request, OJA will let you know how much longer is needed and the reasons for the delay.
In certain cases, OJA may deny your request. If it is legally permitted, OJA will let you know in due course why it is denied.
6. Complaints
If you believe that OJA has used your personal data unlawfully or if you are not satisfied with OJA’s response to your request, you can send your complaint to privacy@ojacoin.org. OJA will respond to your complaint as quickly as possible.
For example if you are still unhappy with the response to your complaint, you have the right to lodge your complaint with a competent EU data protection authority, which in the Netherlands is the ‘Autoriteit Persoonsgegevens’. You can lodge a complaint with the data protection authority of the EU Member State of your habitual residence, your place of work or in which an alleged infringement of the GDPR took place.
For example if you are still unhappy with the response to your complaint, you have the right to lodge your complaint with a competent United Kingdom data protection authority. You can lodge a complaint with the data protection authority of your habitual residence, your place of work or in which an alleged infringement of the GDPR took place.
7. How OJA will protect your personal data?
We understand how important your privacy is, which is why OJA takes the appropriate administrative, technical and physical measures to ensure a level of security appropriate to the risk as required by law. For example, we use computer safeguards such as firewalls and data encryption, we enforce physical access controls to our buildings and files, and we authorize access to personal data only for those employees who require it to fulfill their job responsibilities. If OJA intends to share your personal data with a third party we instruct to process personal data on our behalf, OJA will sign an appropriate processor’s agreement with that third party to guarantee the confidentiality of your personal data.
We understand how important your privacy is, which is why OJA takes the appropriate administrative, technical and physical measures to ensure a level of security appropriate to the risk as required by law. For example, we use computer safeguards such as firewalls and data encryption, we enforce physical access controls to our buildings and files, and we authorize access to personal data only for those employees who require it to fulfill their job responsibilities. If OJA intends to share your personal data with a third party we instruct to process personal data on our behalf, OJA will sign an appropriate processor’s agreement with that third party to guarantee the confidentiality of your personal data.
However, we cannot guarantee that loss, misuse, unauthorized acquisition, or alteration of your data will not occur. Please recognize that you play a vital role in protecting your own personal data. When registering with our Services, it is important to choose a password of sufficient length and complexity, to not reveal this password to any third parties, and to immediately notify us if you become aware of any unauthorized access to or use of your account.
Furthermore, we cannot ensure or warrant the security or confidentiality of the information you transmit to us or receive from us by Internet or wireless connection, including email, phone, or SMS, since we have no way of protecting that information once it leaves and until it reaches us. If you have reason to believe that your data is no longer secure, please contact us using the contact information provided in this Privacy Policy.
8. For how long will OJA keep your personal data?
OJA will not keep your personal data longer than the mandatory statutory period or, if such a mandatory statutory period does not apply, no longer than is strictly necessary to achieve the purposes for which your personal data were collected or processed.
Criteria for data retention
OJA retains personal data we process to execute any agreement with you as long as such agreement is applicable. OJA retains personal data we process to comply with a legal obligation, as long as such legal obligation applies to OJA. OJA retains personal data for purposes to protect any legitimate interest (as described in this policy) as long as necessary to achieve such purposes. If OJA has asked your (explicit) consent for any processing of your personal data, OJA retains your personal data until you withdraw your (explicit) consent (to the extent OJA has no legal obligation to keep retaining such data) or until your (explicit) consent would be expired while you have not given your (explicit) consent again.
In addition to the legal obligations already mentioned in this policy, OJA has the following legal obligations to (keep) retaining personal data:
Personal data to the extent relevant for tax purposes : 7 years after the latest relevant calendar year;
Personal data to the extent relevant to comply with Money Laundering and Terrorist Financing (Prevention) Act: 5 years after the business relationship has been ended;
Personal data to the extent relevant to comply with Money Laundering and Terrorist Financing (Prevention) Act : 5 years after OJA submitted a notification to the FIU.
9. Updating the Privacy Policy
OJA reserves the right to change the Privacy Policy at any time and under any condition. Any update of the Privacy Policy will apply after announcing the update on the website or any other official communication channel. If the change to the information is indicative of a fundamental change to the nature of the processing (e.g. enlargement of the categories of recipients or introduction of transfers to a third country) or if the change may be relevant to and impact upon you, OJA will inform you of changes to the Privacy Policy, explicitly and effectively, well in advance of the change actually taking effect.
10. Contact and questions about this Privacy Policy?
If you want to know more about OJA’s Privacy Policy or have any questions or recommendations, please email OJA’s Data Protection Officer at privacy@ojacoin.org.
Last updated