For Individuals
On- and off-ramps
Explore
Merch Store
Help
For Individuals

Global Privacy Notice v2.0
Last Updated: 5th August 2024

Privacy Notice

For residents of the United States and US Territories, please read our US Privacy Notice

1. Introduction

This Privacy Notice applies to the processing activities performed by Moneymaple Tech Limited of 810 Quayside Drive, Suite 205, New Westminster, BC V3M 6B9, Canada, its parent company MRCR Holdings Limited and, including but not limited to, its subsidiaries Moneydream LLC, Moneytea Limited, Monetley Limited, Moneydream LLC and Moneysail d.o.o. t/a Mercuryo, hereinafter referred to as “Mercuryo”, “we”, “us” or “our”, in respect of the personal data of its clients, prospective clients, and website visitors.

Your privacy is of the utmost importance to us. It is our policy to safeguard the confidentiality of information and respect the privacy of individuals.

This Privacy Notice provides you with information regarding:

  • What personal data we collect and process
  • How we process your personal data
  • The reasons we process your personal data
  • Our obligations in processing your data responsibly and securely
  • Your data subject rights

This Privacy Notice should also be read in conjunction with our Cookie Policy and our Terms and Conditions for Individuals and Terms of Service for Business.

For further information about how we collect, use and store your personal data, and to enact your rights as a data subject, you may contact us by emailing support@mercuryo.io.

2. Definitions

The following terms are defined as follows:

2.1 “AML” means anti-money laundering.

2.2 “Digital Asset” means any digital representation of value that may be traded via Mercuryo’s services, excluding non-fungible tokens.

2.3 “Mercuryo”, “We”, “Us”, refers collectively to MRCR Holdings Ltd. and its subsidiaries including but not limited to Moneymaple Tech Limited, Moneydream LLC, Moneytea Limited, Monetley Limited, Moneydream LLC and Moneysail d.o.o.

2.4 “Personal data” refers to any information relating to an identified or identifiable natural person, including names, identification numbers, location data, an online identifier, or to one or more factors specific to the physical, economic, cultural or social identity of a natural person.

3. Your Data Controller

Our products and services are provided through local operating entities that are part of the Mercuryo group of companies.

You are contracting with the Mercuryo company as specified in our Terms and Conditions. The company you are contracting with is your Data Controller, and is responsible for the collection, use, disclosure, retention and protection of your personal data in accordance with our global privacy standards, this Privacy Notice, as well as any applicable national laws.

4. How do we protect personal data?

Mercuryo takes the security of personal data incredibly seriously. We have dedicated cyber risk, cyber security and data protection team members, with unmatched security, data protection, compliance, and access control capabilities on our environments. Our environments are secure, private and encrypted by default.

5. Information we may collect about you

We obtain information about you in several ways through your use of our products and services, including through any of our websites, the account opening process, event subscribing, news and updates subscribing and from information provided in the course of on-going support service communications.

To open an account with us, you must first complete and submit an online web form to us and completing the required information. By completing this form, you are requested to disclose personal data in order to enable Mercuryo to assess your application and comply with the relevant laws and regulations.

The minimum information required for entering into a contract governing your use of our products and services, and for enabling us to comply with our statutory obligations in respect of anti-money laundering and crime and fraud prevention, is Biographical Information and Contact Information, Verification Information, PEP Information and Financial Information (defined below). Without this information, we cannot commence, or continue to provide our services and products to you.

The information that we may collect from you is as follows:

  • Full name, residential address and contact details (e.g. email address, telephone number etc.), date of birth, place of birth, gender, citizenship (“Biographical Information and Contact Information”);
  • Bank account information, wallet addresses, credit card details, details about your source of funds, assets and liabilities, and information relating to economic and trade sanctions lists (“Financial information”);
  • Trading account balances, trading activity, your inquiries and our responses (“Trading information”);
  • Information on whether you (or someone close to you) holds a prominent public function (“PEP information”);
  • Verification information, which includes information necessary to verify your identity such as a passport, driver’s licence, selfie photos/videos, login credentials or Government-issued identity card (“Verification information”);
  • Other personal data or commercial and/or identification information – which may include criminal or media screening information which we, in our sole discretion, deem necessary to comply with our internal risk assessments and our legal obligations under various AML regulations, such as the UK’s The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, the European Union’s 5th AML Directive, Croatia’s Anti-Money Laundering and Terrorist Financing Law 2017, Canada’s Proceeds of Crime (Money Laundering) and Terrorist Financing Act 2000 and the U.S. Bank Secrecy Act (“Other Information”).

Information we may collect about you automatically:

  • Browser Information – Information that is automatically collected via analytics systems providers from your browser, including your IP address, domain name, any external page that referred you to us, your login information, device ID, browser type and version, timezone setting, browser plug-in types and versions, operating system, and platform (“Browser information”);
  • Log Information – Information that is generated by your use of Mercuryo-branded websites, applications, services, or tools operated by Mercuryo that is automatically collected and stored in our log records. This may include device information such as device identifier, device operating system and model, device storage, Media Access Control (MAC) address and Subscriber Identity Module (SIM) information, signals relating to user behaviour and device interaction, marketing identifier, battery usage, location information, network address, system activity and any internal and external information related to pages that you visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our Website or App (including date and time, page response times, download errors, length of visits to certain pages, page interaction information such as scrolling, clicks, and mouse-overs, and methods used to browse away from the page (“Log Information”).

Information we may receive about you from other sources.

We also receive information about you from third parties such as your payment providers, our service providers assisting with AML, fraud, and security compliance, and through publicly available sources. For example:

  • The banks you use to transfer money to us will provide us with your basic personal data, such as your name and address, as well as your financial information such as your bank account details.
  • Your business partners may provide us with your name and address, as well as financial information.
  • Advertising networks, analytics providers and search information providers may provide us with anonymised or de-identified information about you, such as confirming how you found our website.
  • Our service providers may provide us with information relating to fraud, security, sanctions and AML and other risks, for example, confirmation of identity attributes, and information about any attributes linked to such matters.
  • Credit reference agencies may provide us with your personal data during the credit referencing process.
  • We may read and store data that is written on a blockchain, other publicly available ledgers, or is otherwise in the public domain.

6. Our legal justification for processing personal data

Why we process your personal dataLegal justificationCategories of personal data
To provide our products and services, including but not limited to enabling the completion of the client on- boarding process, account opening, crypto currency exchange, payment processing and funds transfer.Performance of a contractBiographical information and Contact Information, Financial Information, Trading Information, PEP Information (where relevant), Verification Information and Other Information.
To conduct or arrange for the conducting of credit or identity checksLegal obligation to comply with “Know Your Customer”, “Know Your Business” and customer due diligence regulatory obligations. Such processing is also in our legitimate interest to prevent and detect potential crime and/or fraud and to protect our business.Biographical Information and Contact Information, Financial Information, Trading Information, PEP Information (where relevant), Verification Information and Other information.
For identity verification purposes, compliance with court orders, tax laws or other reporting obligations and anti- money laundering controls.Legal obligation to comply with anti-money laundering laws, financial services laws, corporation laws, privacy laws, tax laws and other relevant laws. Supervisory authorities’ rules and regulations also apply to us.Biographical Information and Contact Information, Financial Information, Trading Information, PEP Information (where relevant), Verification Information and Other Information.
To administer our products and services, to provide you with information in respect of our products and services and review your ongoing needs, to troubleshoot our products and services, to improve our products and services and to develop new products and services.To ensure effective provision of our products and services and to meet our clients’ needs it is in our legitimate interest to administer our products and services, to provide you with information about our products or services, to troubleshoot our products and services and to review our clients’ ongoing needs. It is also in our legitimate interest to improve our products and services, including support services and to develop and market new products and services.Biographical Information and Contact Information, Financial Information, Trading Information, PEP Information (where relevant), Verification Information, Other Information, Browser Information and Log Information.
To pay affiliates (our partners that promote Mercuryo and drive new business leads)It is in our legitimate interest to use affiliates to engage new business leads and pay those affiliates if the leads generate revenue.De-identified Trading Information.
To market our products and servicesConsent, where you have agreed to receive marketing messages directly. We rely upon our legitimate interest to process information about how our products, services, and blockchain technology are used to decide on marketing strategies.Biographical Information and Contact Information, Trading Information, Other Information, Browser Information and Log Information.
To conduct surveysIt is in our legitimate interest to send you surveys and conduct them to gather information on how our products and services work for our clients and how to improve them. Your participation in those surveys will be based on your consent.Biographical Information and Contact Information, Trading Information, Browser Information and Log Information.
To conduct data analysis. Our website pages and emails may contain web beacons or pixel tags or any other similar types of data analysis tools that allow us to track receipt of correspondence and count the number of users that have visited our webpage or opened our correspondence. We may aggregate your personal data with the personal data of our other clients on a de-identified basis (that is, with your personal identifiers removed), so that more rigorous statistical analysis of general patterns may lead us to providing better products and services.If your personal data is completely anonymised, we do not require a legal basis as the information will no longer constitute personal data. If your personal data is not in an anonymised form, it is in our legitimate interest to continually evaluate that personal data to ensure that the products and services we provide are relevant to the market and our clients.Biographical Information and Contact Information, Financial Information, Trading Information, Browser Information and Log Information.
To ensure accurate physical address records are submitted during account creation, we may utilise Google’s address confirmation servicesIt is in our legitimate interest to ensure the addresses clients submit are accurate. For additional information, please see Google’s privacy NoticeAddress information
For internal business purposes and recordkeepingWe have legal obligations to keep certain records. Such processing is in our legitimate interest for internal business and research purposes as well as for record keeping purposes. It is also in our legitimate interest to keep records to ensure that you comply with your contractual obligations pursuant to the agreement (“Terms of Service”) governing our relationship with you.Biographical Information and Contact Information, Financial Information, Trading Information, PEP Information (where relevant), Verification Information, Other Information, Browser Information and Log Information
To enforce and defend our rights including initiating legal claims, preparing our defence in litigation procedures, addressing legal or administrative proceedings whether before a court or a statutory body and to investigate or settle issues, enquiries and/or disputes.It is in our legitimate interest to enforce and defend our rights and to ensure that issues, enquiries and/or disputes are investigated and resolved in a timely and efficient manner.Biographical Information and Contact Information, Financial Information, Trading Information, PEP Information (where relevant), Verification Information, Other Information, Browser Information and Log Information
To comply with applicable laws, subpoenas, court orders, other judicial process, or the requirements of any applicable regulatory authoritiesLegal obligation. We will disclose personal data where we receive a legally binding request to disclose personal data from law enforcement or other bodies or where we have a legitimate interest in assisting law enforcement or other agencies in respect of an investigation.Biographical Information and Contact Information, Financial Information, Trading Information, PEP information (where relevant), Verification Information, Other Information, Browser Information and Log Information
To set our general pricing strategy, and to dynamically set the prices of certain products and servicesIt is in our legitimate interests to utilise personal data to set our general pricing strategy, and to dynamically set the prices of certain products and services. For further information about our approach to pricing, please see our Terms and Conditions.Financial Information and Trading Information
To notify you of changes to our products or services and/or to laws and regulatory rules and regulationsLegal obligation. Often the law requires us to advise you of certain changes to products or services or laws. We may need to inform you of changes to the terms or the features of our products or services. We need to process your personal data to send you these legal notifications. You will continue to receive this information from us even if you choose not to receive direct marketing information from us. Where such notification is not legally required, it may be in our legitimate interest to notify you of such changes.Biographical Information and Contact Information, Financial Information, Trading Information, PEP Information (where relevant) and Other Information
To administer our business effectively, such as through means and processes we undertake to provide for our IT and system security, preventing potential crime and to ensure asset security and access controls.It is in our legitimate interest to protect our assets and systems and to prevent and detect potential crime and/or fraud and to ensure security.Biographical Information and Contact Information, Financial Information, Trading Information, PEP Information (Where Relevant), Verification Information, Other Information, Browser Information and Log Information
To update and verify your personal data in accordance with relevant anti-money laundering compliance frameworks.Legal obligation. Such processing is also in our legitimate interests to prevent and detect potential crime and/or fraud and to protect our business.Biographical Information and Contact Information, Financial Information, Trading Information, PEP Information (Where Relevant), Verification Information, Other Information, Browser Information and Log Information.
To better customise our services and content for you and to recognise you as a client.When we collect personal data for these purposes through cookies, we will rely on your consent. It is also in our legitimate interest to customise our services and content for clients and to recognise clients, in order to ensure that clients receive the services and content that are appropriate to them.Other Information, Browser Information and Log Information
To communicate with you.It is in our legitimate interest to communicate with our clients or potential clients to ensure the effective delivery of our products and services and to administer our business.Biographical Information and Contact Information, Financial Information, Trading Information and Other Information
To receive services from third parties including services such as administrative, legal, tax, compliance, insurance, IT, debt- recovery, analytics, credit reference, identity verification, research or other services.It is in our legitimate interest to receive such services from third parties to ensure the effective delivery of our products and services and to administer and protect our business.Biographical Information and Contact Information, Financial Information, Trading Information, PEP Information (Where Relevant), Verification Information, Other Information, Browser Information and Log Information
For any purpose not specified above, but for which you direct us to process your personal data.ConsentBiographical Information and Contact Information, Financial Information, Trading Information, PEP Information (Where Relevant), Verification Information, Other Information, Browser Information and Log Information

To the extent legitimate interest or performance of a contract is not a recognised legal justification in your jurisdiction, we rely on consent (express or implied, as appropriate) where consent is required.

7. Disclosure of your personal data

As part of processing your personal data for the purposes set out above, Mercuryo may disclose your personal data to any members of the Mercuryo company group, and to third parties. For example, Mercuryo may disclose your personal data to any of our service providers and business partners, for business or other legitimate purposes, such as specialist advisors who have been contracted to provide us with administrative, financial, legal, tax, compliance, insurance, IT, debt-recovery, analytics, research or other services.

If Mercuryo discloses your personal data to service providers and business partners, to perform the services requested by clients or to comply with our legal and regulatory obligations, such providers and partners may store your personal data within their own systems. We require them to protect the confidentiality of this personal data and comply with all relevant privacy and data protection laws.

Mercuryo may also disclose personal data when it is compelled by law, for example to a government agency as a result of a valid court order.

8. Where we store your personal data

Our operations are supported by a network of computers, servers, other infrastructure and information technology, and third-party service providers. We and our third-party service providers and business partners store and process your personal data in the European Union, the United Kingdom, the United States of America and elsewhere in the world. Courts, law enforcement and security agencies of these jurisdictions may be able to use legal processes to access your personal data.

9. For UK (United Kingdom) & EEA (European Economic Area) clients: Transfers of personal data outside of the UK and EEA

We may transfer your personal data outside the EEA and UK to other Mercuryo group companies, service providers and business partners. Transfers outside of the EEA or the UK (as appropriate) are done in accordance with lawful transfer mechanisms. If personal data is transferred to a country which has been found by the European Commission to have an equivalent standard of data protection to the EEA, then Mercuryo may rely on an ‘adequacy decision’ to transfer that personal data. See here for a list of countries with adequacy decisions. If personal data is transferred between destinations not listed as having an adequacy decision, we may rely on standard contractual clauses or binding corporate rules for intercompany transmission/processing.

10. Privacy when using digital assets and blockchains

Your use of digital assets may be recorded on a public blockchain. Public blockchains are distributed ledgers, intended to immutably record transactions across wide networks of computer systems. Many blockchains are open to forensic analysis which can lead to re-identification of transacting individuals and the revelation of personal data, especially when blockchain data is combined with other data.

As blockchains are decentralised or third-party networks which are not controlled or operated by Mercuryo, we are not able to erase, modify, or alter personal data on such networks.

11. Data retention

When personal data is no longer necessary for the purposes for which it may lawfully be processed, we will remove any details that will identify you, or we will securely destroy the relevant records. We may need to maintain records for a significant period after you cease being our client for legal or regulatory reasons, for example when we need to retain information to help manage a dispute or legal claim where claims are statute barred after a period of six years. Additionally, we are subject to certain anti-money laundering laws which may require us to retain the following for a five-year period after our business relationship with you has ended:

  • A copy of the records we used to comply with our client due diligence obligations;
  • Supporting evidence and records of transactions with you, and your relationship with us.

If you have opted out of receiving marketing communications, we will retain your details on our suppression list so that we know you do not want to receive these communications.

We may keep your personal data for longer than six years if we cannot delete it for legal, regulatory, or technical reasons.

12. Cookies

Cookies are small text files that provide information regarding the device used by a visitor. Click on our Cookie Notice in the footer of this page for additional details on the types of cookies this website uses and why. Cookie information does not usually directly identify you, but it can give you a more personalised web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies although doing so may impact website functionality.

13. Your rights regarding your personal data

The rights that are available to you in relation to the personal data we process are outlined below. You may request to exercise these rights subject to any limitations provided for under applicable data protection laws.

Access

You can ask us to confirm whether we are processing your personal data and, if so, what information we process and to provide you with a copy of that information.

Rectification

It is important to us that your personal data is up to date. We will take all reasonable steps to make sure that your personal data remains accurate, complete and up to date. Please inform us if your personal data changes. If the personal data we hold about you is inaccurate or incomplete, you are entitled to have it rectified. If we have disclosed your personal data to others, we will let them know about the rectification where possible. If you ask us, and if possible and lawful to do so, we will also inform you with whom we have shared your personal data.

You may inform us at any time that your personal details have changed by emailing us at support@mercuryo.io. Subject to applicable law, Mercuryo will change your personal data in accordance with your instructions. To proceed with such requests, in some cases we may need supporting documents from you as proof i.e. personal data that we are required to keep for regulatory or other legal purposes.

Erasure

You can ask us to delete or remove your personal data in certain circumstances. Such requests may be subject to any retention limits we must comply with in accordance with applicable laws and regulations. If we have disclosed your personal data to others, we will let them know about the erasure request where possible. If you ask us, and if possible and lawful to do so, we will also inform you with whom we have shared your personal data.

Processing restrictions

You can ask us to block or suppress the processing of your personal data in certain circumstances such as if you contest the accuracy of that personal data or object to us processing it. It will not stop us from storing your personal data. If we have disclosed your personal data to others, we will let them know about the restriction of processing if possible. If you ask us, and if possible and lawful to do so, we will also inform you with whom we have shared your personal data.

Data portability

In certain circumstances you may have the right to obtain personal data you have provided to us, in a structured, commonly used, and machine-readable format, and to re-use it elsewhere or ask us to transfer this to a third party of your choice, where technically feasible.

Objection

You can ask us to stop processing your personal data, and we will do so, if we are:

  • Relying on our own or someone else’s legitimate interests to process your personal data except if we can demonstrate compelling legal grounds for the processing or for the establishment, exercise or defence of legal claims;
  • Processing your personal data for direct marketing; or
  • Processing your personal data for research unless we reasonably believe such processing is necessary for the performance of a task carried out for reasons of public interest (such as by a regulatory or enforcement agency).

Automated decision-making and profiling

If we have made a decision about you based solely on an automated process (e.g. through automatic profiling) that affects your ability to access our products and services or has another significant effect on you, you can request not to be subject to such a decision unless we can demonstrate to you that such decision is necessary for entering into, or the performance of, a contract between you and us. Even if a decision is necessary for entering into or performing a contract, you may contest the decision and require human intervention. We may not be able to offer our products or services to you, if we agree to such a request (i.e. end our relationship with you).

Complaints

You have the right to complain to a competent data protection authority. Contact details are set out in Section 17 below. We ask that you first contact support@mercuryo.io to give us an opportunity to address any concerns.

Withdraw consent

You have the right to withdraw consent to processing based on consent at any time. Note this will not affect the lawfulness of processing based on consent prior to the withdrawal of consent or on grounds where consent is not required.

14. Changes to this privacy notice

Our privacy notice is reviewed regularly in light of new regulations, technologies and any changes to our business operations. Any personal data we process will be governed by our most recent privacy notice. We will update the “Last updated” date accordingly at the beginning of this privacy notice. Please review this privacy notice from time to time. We will announce any material changes to this privacy notice on our website.

15. Our products and services are not available to children

Our products and services are not directed towards anyone under the age of 18 (herein, “Children”, “Child”) and we do not knowingly collect personal data from Children. If we learn that we have inadvertently processed personal data from a Child, we will take all legally permissible measures to remove that data from our records. Mercuryo will require the Child user to close his or her account and will not allow the use of our products and services. If you are a parent or guardian of a Child, and you suspect or become aware that a Child has provided personal data to us, please contact us at support@mercuryo.io.

16. Contact information

Any questions, complaints, comments and requests regarding this privacy notice are welcome and should be addressed to support@mercuryo.io. You can also contact our Head of Data Protection at support@mercuryo.io.

17. Data Protection Authorities

If you are not satisfied with our response to your complaint, you have the right to submit a complaint to a competent data protection authority. Examples of relevant data protection authorities are listed below:

For citizens/residents of the United Kingdom:

The Information Commissioner’s Office
Wycliffe House, Water Ln
Wilmslow SK9 5AF, UK

For citizens/residents of the EU:

You may complain to your local supervisory authority or to our lead EU supervisory authority the Croatian Personal Data Protection Agency:

Agencija za zaštitu osobnih podataka
Selska cesta 136
HR - 10 000
Zagreb

For citizens/residents of Canada:

Office of the Privacy Commissioner of Canada
30, Victoria Street
Gatineau, QC K1A 1H3, Canada

support@mercuryo.io

products

On- and off-ramps

company

About
Explore
Help

follow us

LinkedIn
Twitter
Cryptocurrency Buy and Sell Services (On and Off Ramps) and Custody of Virtual Assets are provided by MONEYMAPLE TECH LTD, a company incorporated in Canada with business number BC1306168 and MSB registration number M21565803. The company's registered office is located at 810 Quayside Drive, Suite 205, New Westminster, BC V3M 6B9, Canada.
IBAN services are provided by MONETLEY LTD, incorporated and existing under the laws of England and Wales with company number 10978538, whose registered office is at 77 Coleman Street, London, England, EC2R 5BJ, registered with the FCA as Electronic Money Institution (EMI) (FCA Reference number: 900921).
Merchant Acquiring is provided by Moneytea Limited as an agent of Monetley. Moneytea Limited is incorporated and existing under the laws of England and Wales with company number 12166965, whose registered office is at 77 Coleman Street, London, England, EC2R 5BJ, the United Kingdom.
Be aware of scams: Mercuryo provides its services only via Mercuryo.io and the official mobile application. Mercuryo is not affiliated with any other similar website domains and is not responsible for any acts taken by their owners.
Cookies policyTerms of ServicePrivacy Notice
Choose your cookies
Cookies allow us to improve your experience, customize advertisements to suit your preferences, and enhance our website.