Privacy Policy

Introduction

Arda Capital Limited(“Arda” or “we”) respects your privacy and is committed to protecting your Personal Data. This Privacy Policy applies to how we collect, process, and store your Personal Data through our online services, our Android and iOS Mobile apps, recipients of our emails, or when you otherwise interact with us. This Privacy Policy describes the types of Personal Data we obtain, how we use the Personal Data, and with whom we share it. We also describe your rights, how the law protects you, and how you can contact us about our privacy practices.

This Privacy Policy is provided in a layered format so you can click through to the specific areas set out below.

Important Information and Who We Are

1. Purpose of This Privacy Policy

This Privacy Policy aims to give you information on how Arda collects and processes your Personal Data.

It is important that you read this Privacy Policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing Personal Data about you so that you are fully aware of how and why we are using your Personal Data.

This Privacy Policy is supplemented by other privacy policies or notices and is not intended to override them.

In this Policy, “Arda ”, “we”, “us” and “our” collectively refer to Arda Capital Limited.

In this Privacy Policy, “Personal Data” means any information relating to you as an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an online identifier or to one or more factors specific to your physical, physiological, genetic, mental, economic, cultural or social identity.

For the avoidance of doubt, Personal Data does not include data from which you cannot be identified (which is referred to simply as data, non-Personal Data, anonymous data, or de-identified data).

In this Privacy Policy, “processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Identity and the Contact Details of the Controller

For the purposes of the UK General Data Protection Regulation (“GDPR”) Arda is the data controller and responsible for the Personal Data that we collect or that you provide to us.

If you have any questions or comments about this Privacy Policy or any issue relating to how we collect, use, or disclose Personal Data, or if you would like us to update information we have about you, or more general queries you can contact us at: compliance@ardacacp.com.

You can also contact us : In writing, at the following postal address: 4th Floor, 25 Green Street, London, W1K 7AX.

Contact Details of the Data Protection Officer (or the person responsible for Data Protection)

We have not appointed a dedicated Data Protection Officer. However, the person responsible for Data Protection can be contacted directly at: compliance@ardacap.com

2. The Date We Collect About You and How We Use It

We will only use your Personal Data when the law allows us to. Most commonly, we will use your Personal Data under the following circumstances:

Consent

When you give us your consent, for example, to access your contacts on your phone or allow us to have access to your location. You have the right to withdraw your consent at any time. To withdraw your consent just go to the Privacy Settings in our Android or iOS Mobile app or contact us at compliance@ardacap.com

Contract

When we need to execute a contract, you have entered into with us by accepting applicable terms and conditions or specific related terms relating to other services offered by us.

Where we need to collect Personal Data under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform our services under the contract we have or are trying to enter into with you (for example, to provide you with any of our services). In this case, we may have to cancel a service you have with us but we will notify you if this is the case at the time.

Legal or regulatory obligation

When we need to collect Personal Data by law. If you fail to provide that data when requested, we will not be able to perform our services under the contract with you (for example, to provide you with any of our products or services). In this case, we will have to cancel a product or service you have with us and we will notify you at that time.

Legitimate Interests

Legitimate Interest means the broader stake that Arda has in the processing or the benefit that we derive from the processing of your Personal Data.

Where we rely on legitimate interests, we make sure that we consider and balance any potential impact on you and your rights before we process your Personal Data for our legitimate interests.

Additionally, we may also process certain special categories of data such as criminal convictions and biometric data where we are lawfully permitted to do so and only for limited purposes such as fraud or money laundering/terrorist financing prevention and detection. Apart from this, we do not collect any of the following Special Categories of Personal Data about you that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic data.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your Personal Data but is not considered Personal Data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website or Mobile App feature. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data, which will be used in accordance with this Privacy Policy.

Purposes and Legal Basis for which we will use your Personal Data

We have set out in a table format, a description of all the ways we plan to use your personal data, and the legal basis we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your Personal Data for multiple legal reasons.

Marketing

We are committed to providing you with choices regarding certain Personal Data uses, particularly around marketing and advertising. We will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to receive 3rd party marketing communications at any time by contacting us.

Change of purpose

We will only use your Personal Data for the purposes for which we collected it. We will delete it after fulfilling the intended purpose or after expiration of the respective storage periods.

3. How Your Personal Data Is Collected

Information That You Provide to Us

Personal Data that you provide directly to us should be apparent from the context in which you provide it, for example: when you use our services, we must collect your name, email address, and transaction information to complete your transactions. We will process Personal Data that you choose to provide to us through the Website and Mobile Apps, including, but not limited to, your first and last name, physical address, email address, mobile device identifier, or transactional data (e.g., amount of funds associated with a transaction, the type of transaction executed, financial institutions, account information).

Information That We Collect Automatically

We use Personal Data that we collect automatically through cookies and action tags. We also use the information to help diagnose technical and service problems, administer the Site, and identify visitors to the Site.

Cookies:

We use cookies on our website to collect data about your visit (like usage data, and other information automatically collected from your browser or mobile device; this information may include your IP address; browser type and version; preferred language; geographic location using IP address or the GPS, wireless, or Bluetooth technology on your device; operating system and device) and to allow you to navigate from page to page without having to re-login each time, count visits, and see which areas and features of our website are popular.

Action Tags:

We may use action tags to identify some of the pages that you visit and how you use the content on those pages. Action tags collect and transmit this data in a manner that identifies you if you have registered with our website and are logged into our Android or iOS Mobile apps. We also may use action tags in our emails, to determine whether an email was opened or whether it was forwarded to someone else. When you use our Android or iOS Mobile apps, we may use action tags where you are accessing websites from links in our Android or iOS Mobile apps. These may identify the pages that you visit and how you use the content on those pages.

To learn more about the cookies that we use on our online services, our Android and iOS Mobile apps, as well as to control your cookie settings, please read our Cookie Policy.

We use third party analysis tools to collect data about your device and internet connection. That information includes, but is not limited to, the IP address of your computer and/or internet service provider, geolocation, when you access our online services, our Android or iOS Mobile apps, the Internet address of websites from which you link to our online services and from which you came to before landing on our online services, the browser that you are using and your movements on our online services. All of this information is used internally for the purposes of understanding how our online services are being used and to improve them. We also use the data collected via cookies to track the popularity of our online services.

We also use third party analysis tools to collect data about your use of our Android and iOS Mobile apps. The information collected identifies the types and timing of actions you take within our Android and iOS Mobile apps, including installation, registration, uploading, and certain types of navigating. All of this information is used internally for the purpose of understanding how our Android and iOS Mobile apps are being used and improving them. Clicking on those links or enabling those connections allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. We accept no responsibility for the actions of these third-party websites. When you leave our online services, we encourage you to read the privacy statements of every website you visit.

Your browser settings may allow you to transmit a “Do Not Track” signal to websites and online services you visit. Like many other websites and online services, we do not currently process or respond to “Do Not Track” signals from your browser or to other mechanisms that enable choice. If we do so in the future, we will describe how we do so in this Privacy Policy.

Information That We Obtain from Third Parties and Publicly Available Sources

Please find a description in a table format of the information from third parties.

Third Party Links

In addition, please note that this website and our Android and iOS Mobile apps may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our online services or Android and iOS Mobile apps, we encourage you to read the Privacy Policy of every webpage or app you visit. We are not responsible for the security of any data you are transmitting over the Internet, or any data you are storing, posting, or providing directly to a third party’s website, which is governed by that party’s policies. If you have further questions about security, you can contact us using the details provided above.

4. Anti Money Laundering And Combating Terrorist Financing

Money laundering is defined as the process where the sources of funds are disguised so that it gives an impression of legitimate income. Criminals specifically target financial services firms through which they attempt to launder criminal proceeds without the firms’ knowledge or suspicion.

Please see the table below to find out how we process your Personal Data for these purposes.

5. Information We Share; Data Transfers

We do not sell or otherwise disclose Personal Data that you provide to us or that we collect on this website, our online services, or our Android and iOS Mobile apps, except as described here:

• Marketing materials from third parties if you have provided consent;
• If required, professional advisers such as lawyers, banks, auditors and insurers providing such services;
• Regulators and other authorities who require reporting of processing activities under certain circumstances;
• If required, or where we believe it is required by applicable laws or legal process;
• To protect the rights, property and safety of Arda , our users and the public, including, for example, in connection with court proceedings, to detect or prevent criminal activity, fraud, material misrepresentation, or to establish our rights or defend against legal actions;
• Gathering your rating of the App which is processed through a third party service provider.

Arda is headquartered in the UK. However, we may transfer your data to countries outside the European Economic Area (“third countries”) to the extent that is necessary in order to perform our services.Whenever we transfer your Personal Data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• Where we use certain service providers, we will use contract language approved by the European Commission which gives Personal Data the same protection it has in Europe.
• Where we use providers based in the US, we will transfer data to them if they are part of the Privacy Shield or Standard Contractual Clauses which requires them to provide similar protection to Personal Data shared between Europe and the US.

Further details on these provisions can be obtained by contacting at compliance@ardacap.comThe Categories of Providers Table  provides information on the type of third party recipient (i.e., by reference to the activities it carries out), the industry and the location of the recipients.6. Security MeasuresWe have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We have taken precautions to ensure the security of your data.In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties strictly needed under the provisions made within a service agreement signed with them. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality and a duty to comply with data protection procedures.We have put in place procedures to deal with any suspected or actual Personal Data breach. We will notify you and any applicable authority of a Personal Data breach where we are legally required to do so.7. Protection Of MinorsArda does not knowingly collect or solicit Personal Data from anyone under the age of 18. If you are under 18, please do not attempt to register for our services or send any Personal Data about yourself to us.8. Data RetentionWe retain information about you in our databases for as long as your account is active, or as is reasonably needed to fulfil the purposes we collected it for and to provide our services, and as required by applicable laws. Our retention and use of your information will be as necessary to comply with our legal, regulatory, tax, accounting, or reporting obligations and requirements, to resolve disputes, or complaints, and to enforce our agreements. Any derogation from the Retention Policy will be based on legal grounds and will be explicitly mentioned.While retention requirements vary by jurisdiction, please find a full description in a table format of all the general retention periods of your Personal Data and the specific legal basis we must comply with. We have also identified what our legitimate interests are where appropriate. Note that we may retain your Personal Data for more than one lawful basis depending on the specific purpose for which we are using your data. Although the table provides our general retention periods stipulated for different categories of Personal Data and/or different processing purposes, in certain circumstances, your information may be retained for longer periods due to the inherent nature of distributed ledger technology.In some circumstances we will anonymise your Personal Data (so that it can no longer be associated with you) for research or statistical purposes. When information is anonymised, it ceases to be Personal Data and we may use it without further notice to you.9. Your Rights And ChoiceRight to Information and accessYou have a right to be informed about the processing of your Personal Data. While this Privacy Policy intends to provide you with this information, you can contact us using the details contained in this Privacy Policy to request any further information to access your Personal Data.Right to rectificationYou have the right to have any inaccurate Personal Data about you rectified and to have any incomplete Personal Data about you completed.The accuracy of your information is important to us. If you do not want us to use your Personal Data in the manner set out in this Privacy Policy or need to advise us of any changes to your Personal Data or would like any more information about the way in which we collect and use your Personal Data, please contact us using the details found below.Right to erasure (right to be ‘forgotten’)You have the general right to request the erasure of your Personal Data in the following circumstances:

• The Personal Data is no longer necessary for the purpose for which it was collected;
• You withdraw your consent to processing and no other legal justification for processing applies;
• We unlawfully processed your Personal Data; and
• Erasure is required to comply with a legal obligation that applies to us.

We will proceed to comply with an erasure request without undue delay and to such extent we are able to do so, unless continued retention is necessary for:

• Complying with a legal obligation under EU or other applicable law;
• The establishment, exercise, or defence of legal claims.

Please be aware that by doing so, we will need to close your Arda  account and this action is not reversible and by requesting us to erase your data we are not able to provide Arda ’s services to you any longer.  However, this will not affect the lawfulness of any processing carried out before you requested erasure of your data.However, when interacting with the blockchain we may not be able to ensure that your Personal Data is deleted.Right to restrict processingYou have a right to request to restrict processing of your Personal Data, such as where:

• You contest the accuracy of the Personal Data;
• If you believe processing is unlawful, you may request, instead of requesting erasure, that we restrict the use of unlawfully processed Personal Data;
• We no longer need to process your Personal Data but need to retain your information for the establishment, exercise, or defence of legal claims or regulatory requirements.

Depending on the type of processing you request to restrict, please be aware that by doing so, we may need to close your Arda  account and this action is not reversible and by requesting us to stop processing your data we are not able to provide Arda  services to you any longer.  However, this will not affect the lawfulness of any processing carried out before you requested to restrict processing.Right to data portabilityWhere the legal basis for our processing is your consent, or the processing is necessary for the performance of a contract to which you are party of, or in order to take steps at your request prior to entering into a contract, you have a right to receive the Personal Data you provided to us in a structured, commonly used and machine-readable format.Right to object to direct marketing (‘opting out’)You have a choice about whether or not you wish to receive information from us.We will not contact you for marketing purposes unless you have an existing business relationship with us to offer you similar services, and we rely  on our legitimate interests as the lawful basis for processing.On each and every marketing communication, we will always provide an option for you to exercise your right to object to the processing of your Personal Data for marketing purposes (known as ‘opting-out’) by clicking on the ‘unsubscribe’ button on our marketing emails or choosing a similar opt-out option on any forms we use to collect your Personal Data.Please note that any administrative or service-related communications (to offer our services or notify you of an update to this Privacy Policy or applicable terms and conditions, etc.) will solely be directed at our clients or business partners, and such communications generally do not offer an option to unsubscribe, as they are necessary to provide the services requested.Therefore, please be aware that your ability to opt-out from receiving marketing and promotional materials does not change our right to contact you regarding your use of our online services and Android or iOS Mobile apps or as part of a contractual relationship we may have with you.Right to request accessYou also have a right to access information we hold about you. We will endeavour to provide you with details of your Personal Data that we hold or process and to provide this data in a machine-readable form. To protect your Personal Data, we follow established disclosure procedures, which means that we will require proof of identity from you prior to providing such information. You can exercise this right at any time by contacting us using the details found below.Right to withdraw consentWhere the legal basis for processing your Personal Data is your consent, you have the right to withdraw that consent at any time by contacting us using the details found below. Please be aware that by doing so, we will need to close your Arda  account and this action is not reversible and by requesting us to stop processing your data we are not able to provide Arda  services to you any longer. However, this will not affect the lawfulness of any processing carried out before you withdrew your consent.You can exercise any of the above rights free of charge by contacting us at compliance@ardacap.comMost of the above rights are subject to limitations and exceptions. We will provide reasons if we are unable to comply with any request for the exercise of your rights.Right to lodge a complaint with a relevant supervisory authorityIf we have not responded to you within a reasonable time or if you feel that your complaint has not been resolved to your satisfaction, without prejudice to any other administrative or judicial remedy, you are entitled to make a complaint to the Information Commissioner which is presently the Information Commissioner’s Office (“ICO”). You may contact the ICO using the below details:Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
Fax: 01625 524510You also have the right to lodge a complaint with the supervisory authority in the country of your legal residence, place of work, or the place where you allege an infringement of one or more of our rights has taken place if that is based in the European Economic Area.We would, however, appreciate the chance to deal with your concerns before you approach the Information Commissioner’s Office or supervisory authority in the country of your legal residence, place of work, or the place where you allege an infringement of one or more of our rights has taken place so please contact us in the first instance at compliance@ardacap.com.10. Updates On Our Online Privacy PolicyWe keep our Privacy Policy under regular review and we will update it to reflect any changes.Changes to this privacy notice may become necessary as we develop our online services, Android and iOS Mobile apps, in order to implement new legal requirements or new technologies and in order to improve the services we provide. If we change our Privacy Policy in the future, we will post the revised version on our website www.ardacap.com together with the version number and date of change. You should check this Privacy Policy from time to time when you visit our website.It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us.Right To Lodge A ComplaintYou have the right to make a complaint at any time to the data protection authority in the Member State of your habitual residence, place of work, or place of an alleged infringement of the regulation or the Information Commissioner’s Office (“ICO”). However, we would appreciate the opportunity to address any concerns you may have before you approach the ICO or the supervisory authority in the country of your legal residence, by contacting us at compliance@ardacap.comPurposes and legal basis for which we will use your personal dataType of DataPurpose/ActivityLawful basis for processing including basis of legitimate interestSubmitted information:Full legal name
Nationality/Citizenship
Avatar
User identification/Passport photo
Address
Proof of Address
Proof of source of funds/bank statement
Tax declaration
Payslip
Country of Residence
Country of Citizenship
Passport Issue Date
Passport Expiration Date
Email address
Phone number
Liveness Selfie
Date of BirthTo verify your identity and liveness, to comply with financial crime, and anti-money laundering/combating the financing of terrorism laws, protect against fraud, and to confirm your eligibility to use our services.A legal obligation and our legitimate interest, such as the prevention of fraud, misuse of services, or money laundering.Fulfilling contracts.To notify you about changes to our service and Privacy Policy.Our legitimate interest, such as to be efficient about how we meet our obligations and comply  with regulations that apply to us.To comply with a model of automatic exchange of financial account information between tax authorities.A legal obligation to cooperate with tax authorities.To carry out our contractual obligations arising from any transactions that you conduct.Our legitimate interest, such as to add extra functions in order to provide a better experience.To provide you with information updates about our services.Fulfilling contracts.User content:Customer Service and marketing communications and recommendations.
Ratings and other content that you provide.To carry out our contractual obligations arising from any transaction.Fulfilling contracts.To provide a homogenous experience for users on the platform.Our legitimate interest to improve product services.To facilitate real time social interactions through our app.Your consent.To communicate with customers and potential customers via SMS to notify them of critical and important actions which need to be taken.Our legitimate interest to ensure customers take action on critical requests.Transactional DataTransaction Amount
Arda Internal Originator Data
Arda Internal Approver Data
Account Number
Beneficiary Data
User ID or Account/Routing Number
Destination User or InstitutionTo carry out our contractual obligations arising from any financial  transactions.Fulfilling contracts.To comply with financial crime and anti-money laundering/combating the financing of terrorism laws.A legal obligation and our legitimate interest, such as the prevention of fraud and money laundering and the performance of a task carried out in the public interest.To comply with a model of automatic exchange of financial account information between tax authorities.A legal obligation to cooperate with tax authorities.Device information:Browser type and version
Time zone setting
IP address
Operating system
Type of mobile
Unique device identifierTo verify your identity, comply with financial crime laws, tax laws, protect against fraud and to confirm your eligibility.A legal obligation.To administer, improve and secure our site and App for internal operations.Our legitimate interest to provide and improve our products and services, including our Apps and this Site.Geolocation information:Information that identifies with reasonable specificity your location by using, for instance, longitude and latitude coordinates obtained through GPS, Wi-Fi, etc.To maintain your eligibility as a Arda user.Fulfilling contracts.To simplify the verification of your registered address during the onboarding process.Our legitimate interest to improve our  customers’ experience.To verify users’ location while using our services to combat financial fraud or other fraudulent use of services .Our legitimate interest, such as the prevention of fraud, other fraudulent use or misuse of services.To provide you with location-specific options, functionality, search results, or other location-specific content.Your consent and our legitimate interest to improve our visitor guidance experience and supply a value-added service to users.Respond to Customer InquiriesRecording of customer placed voice mailsTo respond to customer inquiries.Our legitimate interest to improve customer support.Statistical information:Full uniform resource locators (URL)
Length of visits to certain pages
Clickstream to, through, and from our site (including date and time)
Page response times
Download reports
Page interaction information
Services you viewed or searched forTo administer, improve and secure our Site and App for internal operations.To provide you with information about other goods and services.Our legitimate interest, such as being efficient about how we develop new products and services or enhance existing services and keep you updated.Data Obtained from Third PartiesCategory of Data ProvidersType of Data that we getCountry of EstablishmentAnalytics providers, advertising networks, search information providersTechnical, payment and delivery services providersData brokers or aggregatorsResponses to surveys and  campaigns to obtain leadsPublicly available sources [such as Companies House and the Electoral Register]AML KYC Privacy NoticeWe will process your identifying data and profile data within operations such as identification (Know your Customer, also known as KYC) and profiling (Customer Due Diligence, also known as CDD) for the purposes of the execution of our Anti Money Laundering (also known as AML) and Counter Terrorism Financing (also known as CTF) customer identification and verification process obligations.When Arda asks for CDD, what this refers to is proof of address and proof of identification. This along with information gathered at the application stage paints a picture of any customer (KYC). Without KYC, we may unknowingly become involved with illicit activities and therefore subject to reputational, operational and legal risks, which can result in significant financial cost, or eventual winding up of the institution. KYC is most closely associated with the fight against money-laundering.Specific proof of address, proof of Identification, source of funds and/or AML-CTF questionnaires that aimed at to fulfil KYC and CDD obligations are compulsory to Arda  users and the failure to be replied might lead (in extreme cases) in the blocking of their accounts or the refusal of services.In response to the scale and effect of money laundering, the European Union has passed Directives designed to combat money laundering and terrorism. These Directives, together with national regulations as read below, form the cornerstone of our AML/CTF obligations, establish the legal basis for us to process this data and outline the offences and penalties for failing to comply.

• The Money Laundering and Terrorist Financing (Amendment) (EU Exit) Regulations;
• The Money Laundering and Terrorist Financing (Amendment) Regulations 2019;
• The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017;
• The Criminal Finances Act 2017;
• The Proceeds of Crime Act 2002;
• The Money Laundering Regulations 2007;
• The Terrorism Act 2000 (“TA 2000”) (as amended by the Anti-Terrorism Crime, and Security Act 2001, the Terrorism Act 2006 and the Terrorism Act and Proceeds of Crime Act 2002 (Amendment) Regulations 2007);
• The Terrorist Asset-Freezing etc Act 2010;
• Counter-terrorism Act 2008, Schedule 7.

Anti-Money Laundering (AML) PoliciesOur AML policy is designed to prevent money laundering by meeting the UK standards on combating money laundering and terrorism financing, including the need to have adequate systems and controls in place to mitigate the risk of the firm being used to facilitate financial crime. Our AML policy sets out the minimum standards which must be complied with and includes:

• Appointing a Money Laundering Reporting Officer (MLRO) who has a sufficient level of seniority and independence, and who has responsibility for oversight of compliance with the relevant legislation, regulations, rules and industry guidance;
• Establishing and maintaining a Risk-Based Approach (RBA) to the assessment and management of money laundering and terrorist financing risks faced by the firm. The requirement to provide CDD related data throughout an RBA that will always take into account different factors such as the status of the client, the nature of the transactions, the financial product or the financial flows involved;
• Establishing and maintaining risk-based Customer Due Diligence (CDD), identification, verification and Know Your Customer (KYC) procedures, including enhanced due diligence for customers presenting a higher risk, such as Politically Exposed Persons (PEPs);
• Establishing and maintaining risk-based systems and procedures for the monitoring of on-going customer activity;
• Establishing procedures for reporting suspicious activity internally and to the relevant law enforcement authorities as appropriate;
• Maintaining appropriate records for the minimum prescribed periods;
• Providing training for and raising awareness among all relevant employees.

As a regulated financial institution, Arda  has specific requirements regarding AML systems and procedures. This reflects senior management’s desire to prevent money laundering.Sanctions PolicyArda is prohibited from transacting with individuals, companies and countries that are on prescribed sanctions lists. Arda will therefore screen against United Nations, European Union, UK Treasury and US Office of Foreign Assets Control (OFAC) sanctions lists in all jurisdictions in which we operate.Automated Decision MakingWe use semi-automated processes which includes, but is not limited to, screening Know-Your-Customer (KYC) and Anti-Money Laundering (AML) data you provide to us in order to assess whether or not we are legally able to allow you to use our services.All automated screenings matches are manually reviewed by Arda compliance analysts. The analyst will review the triage cases to determine if they should be cleared or escalated to the MLRO.Third Parties AML-KYCWhere processing of personal data is carried out on behalf of Arda by a third party provider, we conclude a separate contract with the processor with respect to this processing. This contract ensures compliance with European data protection regulations and defines sufficient guarantees for the implementation of appropriate technical and organisational measures, which ensure the protection of your rights.Categories of ProvidersCategory of ProvidersService DescriptionJurisdictions of EstablishmentInfrastructureCloud computingLegalConsulting such as lawyers, auditors.Public bodies in connection with court proceedings, to detect or prevent criminal activity, fraud, material misrepresentation, or to establish our rights or defend against legal actions.FinanceAccountancy, insurers, banking institutions and payment services.Human ResourcesHuman resources software as a service.ProductDocument sharing.ComplianceClients or institutional on-boarding enhanced due diligence services and know your customers providers, scan and verification passport and id’s of users software providers, (KYC) database querying service, Identity Verification for Due Diligence and Know Your Customer requirements.Regulators and other authorities who require reporting of processing activities in certain circumstances.Customer CareCRM, FAQ system content provider.Retention Period TableType of dataRetention PeriodReference of Justification to retain related dataDetails of third party service providers:Name
Address (previous and new)
Bank details.6 years from date of expiration/termination of the contract unless renewed in which case consideration should be given as to whether all contracts should be retained for the duration of the renewal.For contractual requirements.Details of suppliers including:Email
Name
Address
Bank details.6 years from date of expiration/termination of the contract unless renewed in which case consideration should be given as to whether all contracts should be retained for the duration of the renewalBeing able to settle Supplier invoices and pay for services provided.Defending/Establishing of potential contractual legal claim(s).Suspicious transactions/activities ReportsUpon expiration of purpose or AML/CFT record retention requirement of 5 years minimum under AMLorexpiration of relationship plus limitation period 6 yearsTo comply with our AML/CFT and KYC obligations.Clients ́ Full nameLiveness SelfiesNational ID (includes evidence)Address (includes evidence)Data of birthPhone numberEmail addressBank infoSecurity selfiesIPOSLocationSystemTime, date and duration of the visit (if stored)KYC Data (Blockchain)Wallet addresses or other data which could be used to identify the client from data on the blockchain (e.g. nonces which could be used to identify hashed data).Upon expiration of relationship or regulatory requirement for retention (post termination of relationship) minimum of 5 years.To comply with our AML/CFT and KYC obligations.Data collected as part of account creation process / app and platform usage.Upon the client terminating their account save for any data such as transaction data which may need retained for the end of financial year of 6 years.Maximum of 5 years in case of KYC and AML/CFT ongoing monitoring.For contractual requirements.Specific legal obligation to retain under the Income Tax Act.KYC/DD obligations under AML/CFT legislation.