Roles and responsibilities

You should be aware that by providing you with Genome Wallet and Genome Services we act as a data controller and you may act as a data subject or as a joint data controller as a case may be. The terms personal data, data subject, data controller and data processor are used in the meaning given by the General Data Protection Regulation (GDPR).

By opening Genome Wallet for you, we collect your personal data, so in this case we act as data controller, and you act as a data subject, therefore we are subject to respective rights and obligations under applicable data protection laws.

In some cases, when you are a business, you transfer to us personal data of your clients or personal data of your officers, shareholders (ultimate beneficiary owners) or other representatives. Insofar you and we jointly determine to process personal data for the purposes of our cooperation we and you are joint data controllers and bear several liability for data protection infringements. You shall warrant that you have appropriate legal grounds to collect, process and transfer to third parties personal data of your clients, officers, shareholders (ultimate beneficiary owners) or other representatives. In more details your and our obligations and responsibilities in such a case may be allocated in the data protection agreement with you and/or other agreements, terms and conditions of our service.

Principles of personal data processing

We processed your personal data in accordance with valid legal acts and following principles:

1. personal data with respect to you is processed in a lawful, honest and transparent way;
2. personal data is collected for specified, clearly defined and legitimate purposes and shall not be further processed in a way incompatible with those purposes;
3. personal data must be adequate, appropriate and only which is necessary for the purposes for which it is processed;
4. personal data must be accurate and, if necessary, updated; all reasonable steps must be taken to ensure that personal data which is not accurate in relation to the purposes for which it is processed shall be immediately erased or corrected;
5. personal data shall be kept in such a way that your identity can be determined for no longer than is necessary for the purposes for which personal data is processed;
6. personal data shall be managed by applying appropriate technical or organizational measures in such a way as to ensure the proper security of personal data, including protection from unauthorized processing or processing of unauthorized data, and against accidental loss, destruction or damage.

Types of information we collect about you

The categories of personal data that we may collect about you are as follows:

1. Basic Personal Data – name, surname, job title etc.;
2. Identification information and other background verification Data (your or your representative’s, ultimate beneficiary owner’s of legal entities) – name, surname, ID code, birth date, address, address for tax purposes, nationality, copy of ID card/passport copy, tax identification number (TIN), evidence of beneficial ownership or the source of funds, number of shares held, voting rights or share capital part, title, visually scanned or photographed image of your face or image that you provide through a mobile application or camera, video and audio recordings for identification, telephone conversations to comply with client due diligence/“know your client”/anti-money laundering laws and collected as part of our client acceptance and ongoing monitoring procedures, data that allows to identify your device (if you use it to open your Genome Mobile App);
3. Transaction Data – transactional data (e.g. IBAN number, beneficiary details, date, time, amount and currency which was used, name/IP address of sender and receiver), accounts number and/or credit card number, amount of transactions, income, location, etc.
4. Information which is related to legal obligations – data resulting from enquiries made by the authorities, data that enables us to perform anti-money laundering requirements and ensure the compliance with international sanctions, including the purpose of the business relationship and operations, source of funds and whether you (as well as your family members and/or close associates) are a politically exposed person and other data that is required to be processed by us in order to comply with the legal obligation to “know your client” (for example data on your employment and/or business, usual turnover etc.), data that enables us to perform AEOI&CRS (Automatic Exchange of Information & Common Reporting Standard) requirements.
5. Technical information – technical information that is automatically recorded when you visit Genome Site, landing page, log-in to Genome Wallet portal, open mobile app or use Genome Wallet or Genome Services, such as your IP address, device approximate location, such as type of device, operating system, IP-addresses, other identification data of the device (required for the prevention of fraud and security of your use of Genome Wallet and Genome Services), user agent, referrer URL.
6. Contact Information – name, surname, postal address, e-mail address and telephone number etc.

Please be informed that other data not listed above that relate to the provision of our services or which you have provided to us may also be collected.

Purposes and legal basis for personal data processing

1. Conclusion of the contract or for performance of identification and verification procedures prior to the conclusion of the contract (to get to know, identify and verify our clients)
   
   For this purpose, we may process your Basic Personal Data, Identification and other background verification Data, Information which is related to legal requirements, Contact Information and other personal data (in order to identify the possibility of providing services).
   
   The legal basis for the processing of the above-mentioned data is: concluding a contract with you, fulfilling our legitimate interests and/or fulfilling the legal obligations applicable to us, your consent.
   
   

2. For the fulfilment of a contract concluded with you, including but not limited to provision of services of issuance, distribution and redemption of electronic money, provision of payment services, complaint resolution:
   
   For this purpose we may process your Basic Personal Data, Identification and other background verification Data, Transaction Data, Information which is related to legal requirements, Contact Information and other personal data provided to us by or on behalf of you or generated by us in the course of providing services.
   
   The legal basis for the processing of the above-mentioned data is: performance of a contract signed with you, fulfilling our or third parties’ legitimate interests and/or compliance with legal obligations applicable to us, your consent.
   
   

3. To comply with legal obligations (e.g. implementation of the obligations under the Law on Money Laundering and Terrorist Financing Prevention of the Republic of Lithuania and other fraud and crime prevention purposes, implementation of AEOI&CRS (Automatic Exchange of Information & Common Reporting Standard) requirements) and risk management obligations:
   
   For this purpose, we may process your Basic Personal Data, Identification and other background verification Data, Transaction Data, Information which is related to legal requirements, Contact Information and other personal data provided to us by or on behalf of you or generated by us in the course of providing services.
   
   The legal basis for the processing of the above-mentioned data is: fulfilling our or third parties’ legitimate interests and/or compliance with legal obligations applicable to us.
   
   

4. To provide an answer when you contact us through Genome Site, Genome Wallet or other communication measures:
   
   For this purpose, we may process your Basic Personal Data, Contact Information and other personal data provided to us by or on behalf of You.
   
   The legal basis for the processing of the above-mentioned data is: your consent, fulfilling our or third parties’ legitimate interests.
   
   What do we mean when we say:
   
   Contract performance: processing your personal data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
   
   We rely on contract as a legal basis to process personal data submitted by you in case you are an individual or you transfer personal data of your officers or other representatives. Processing of your personal data is necessary to provide you with Genome Services. We cannot provide you with payment services without carrying out of “know your client” procedure or business risk assessment.
   
   Legal Obligation: processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
   
   Legitimate Interest: the interest of ours as a business in conducting and managing our services to enable us to provide to you and offer the most secure experience.
   
   

For example, to:

• safeguard the prevention, investigation and detection of payment fraud;
• provide you with high-quality customer service;
• provide you with technical and administrative notifications;
• lawfully disclose personal data to a third party, provided we take all technical and legal measures to protect personal data;
• as our client, we will provide you with information on products and services that we offer, or a new promotion that we are running that is related to Genome Services. These communications may be via email or in-app message, which can be viewed in the notification center. If you do not want to receive direct marketing message from us, you can opt out at any time by clicking the relevant button in the e-mail and / or navigating to genome.eu. Please note if you do not agree to receive these marketing messages and / or calls offered by us, this will not apply to personal data provided to us as a result of the using of our services.
• comply with “know your client” (KYC) standards and anti-money laundering /counter terrorist financing rules;
• process payment transaction by your request.
• Consent : We can request from you a consent for processing when we required to do so by law or when we do not have another legal basis for processing of your data. Where we rely on your consent to process your personal data, you have the right to withdraw or decline consent at any time.

Comparison facial similarity

In order to make your identity verification, we are using as well the solution of partner Onfido that match photo image or video records of your face point that you provide through a mobile app or camera with your ID document. Please read more about Onfido solution here: https://onfido.com/.

Onfido solution is used for comparing live photographic data or video record of yourself and your ID card/passport, to comply with legal obligations (e.g. implementation of the obligations under the Law on Money Laundering and Terrorist Financing Prevention of the Republic of Lithuania and other fraud and crime prevention purposes) and risk management obligations.

The result of the face similarity (match or mismatch) will be retained for as long as it is necessary to carry out verification and for the period required by anti-money laundering laws.

We ensure that your face similarity check is a process of comparing data acquired at the time of the verification, i.e. this is a one-time user authorization by comparing two person's photos to each other. Your facial template is not created, recorded and stored. It is not possible to regenerate the raw data from retained information.

Using Onfido services, personal data is not used for your identification since Onfido verifies the identity of the person in the identity document and the person captured in the photo.

This process shall allow us to verify you more precisely and will make the process quicker and easier to carry out. Using Onfido services is a part of our KYC procedure which is necessary for the provision of Genome Wallet and Genome Services to you. If you do not feel comfortable with this method, you may contact us by email support@genome.eu for further clarification.

Direct marketing

We want to make it clear how we use your personal data for marketing purposes.

We may use our existing clients’ e–mail for the marketing of our similar goods or services, unless you object to the use of your e-mail for the marketing of our similar goods and services. You are granted with a clear, free of charge and easily realisable possibility to object or withdraw from such use of your contact details on the occasion of each message.

We may also provide the information to you as our client about our products or services by sending messages through the application. Such messages may be viewed in the notification center, in case you do not choose the “opt-out” function in our application.

In other cases, we may use your personal data for the purpose of direct marketing, if you give us your prior consent regarding such use of data.

We are entitled to offer the services provided by our business partners or other third parties to you or make assessments about your opinion on different issues in relation to our business partners or other third parties on the legal basis for this, i.e. on the basis of a prior consent.

In case you do not agree to receive these marketing messages and/or calls offered by us, our business partners or third parties, this will not have any impact on the provision of services to you as the client.

We provide a clear, free-of-charge and easily realisable possibility for you at any time not to give your consent or to withdraw your given consent for sending proposals put forward by us. We shall state in each notification sent by e-mail that you are entitled to object to the processing of the personal data or refuse to receive notifications from us. You shall be entitled to refuse to receive notifications from us by clicking on the respective link in each e-mail notification.

How we use your data

The main goal of gathering and processing your personal data is to deliver effective, scalable, smooth, and personalized Genome experience. Hence, personal data we collect might be used to:

Ensure maximum Genome Wallet user experience;

• Process transactions and issue relevant notifications in the most comprehensive manner;
• Settle disputes, levy charges, and resolve occurring problems;
• Prevent clients from becoming a subject to illegal activities and potential fraud;
• Improve quality of services, solutions, and incentives Genome offers on a daily basis;
• Being able to contact you in case of emergency via one of the means available;
• Make sure information you provide is accurate, in case discrepancies occur;
• Send personalised offers of services and products, in accordance with the rules as they are described in part “Purposes and legal basis for personal data processing” of this Policy;
• Carry out regulatory checks and meet our obligations to our regulators;
• Prevent and detect fraud, money laundering and other crime (such as terrorist financing and offences involving identity theft);
• Develop new services based on the collected information.

Automated decision-making

In some cases we may make automated decisions regarding you using your information. When you instruct us to make a payment from your account, or to request a payment into your account from a bank or other payment services provider, our systems (or systems provided to us by our suppliers) make an automated check for authorization and automated checks to detect an unusual transaction pattern or location of your transaction and help us to fight fraud.

Please be informed that you can request a manual review of the accuracy of an automated decision in case you are not satisfied with it and you have the right not to be subject to a decision based solely on such automated processing.

How we protect your data

We warrant and represent that Genome has implemented the technical and organizational security measures and technological development to ensure an appropriate level of security of personal data. Your data is protected by the means of physical, technical, and administrative resources to lower the risks of loss, misusage, unauthorized entry, disclosure, or alteration by third parties. To keep your data safe we apply:

• firewall and data encryption protection
• physical authorization control system
• surveillance facilities, video/CCTV monitor, alarm system
• securing decentralized data processing equipment and personal computers
• user identification and authentication procedures
• tunneling, logging, transport security
• audit trails and documentation
• backup procedures,
  And much more things.

As Genome is PCI DSS V 3.2.1 certified, we maintain all required technology, methods and business processes to protect cardholder data, and also use such technology and methods as regards the security of your personal data.
We monitor our systems 24x7 and our staff is always ready to respond to your notifications and queries within a short time.
Genome respects your privacy and your personal data and warrants that:

Your data will not be disclosed to advertisers or any unauthorized third parties except it is necessary to provide Genome services to You;

• We will use your data only as described in this Privacy Policy;
• We will maintain appropriate administrative, technical and organizational measures to protect your personal data;
• We will notify you promptly of personal data breach when it is likely to result in a high risk to the rights and freedoms of you;
• We will assist you in ensuring compliance with your duties under GDPR;
• We impose on our sub-contractors the same data protection obligations as set out in the contract with you.

We will notify you of personal data breaches where such violation may result in a serious risk to the data subject's rights and freedoms.

Ways of obtaining your personal data

We obtain personal information from you when you provide it directly to us. For example, when becoming a new client or when you provide us information through direct communication (e.g. completing a form on our Site, registration for our services), by setting up, access and use of Genome Wallet, when you subscribe to our electronic publications (e.g. newsletters).

We also collect personal information about you from third parties, mainly:

1. when it is provided to us by a third party which is connected to you and/or is dealing with us, for example, business partners, sub–contractors, service providers, merchants and etc.;
2. third party sources, for example, register held by governmental agencies or where we collect information about you to assist with “know your client” check-ups as part of our client acceptance procedures such as sanctions list, politically exposed persons list, publicly available profile information and etc.;
3. from banks and/or other finance institutions in case the personal data is received while executing payment operations;
4. from publicly available sources – we may, for example, use sources (such as public websites, open government databases or other data in the public domain) to help us maintain data accuracy, provide and enhance our services;
5. from other entities in the Genome group or other entities which we collaborate with.

How we share your data

Genome warrants that it will not disclose your personal data to unauthorized third party. Genome may share your data with Genome’s contractors who may use such information only for the limited purpose of providing services to you and who are obligated to keep the information confidential.

We may disclose and/or transfer your personal data only in accordance with legal regulations and the principles of confidentiality to the following categories of recipients:

1. card schemes (such as Visa or MasterCard), banks and payment service providers - to make you able to obtain acquiring services, bank transfers and other payment services;
2. beneficiaries of transaction funds receiving the information in payment statements together with the funds of the transaction;
3. service providers such as: identification and verification service providers, other service providers with which we have concluded service provision agreements (e.g. companies providing services for money laundering, politically exposed persons and terrorist financing check-up, other fraud and crime preventions) or when mentioned sharing is mandatory according to applicable laws – to provide you high-quality service, fight fraud and comply with requirements of law;
4. suppliers of analytic services – to monitor, evaluate and improve Genome Wallet;
5. IT services suppliers (e.g. disaster recovery services, website hosting, data and applications hosting, software application provision and maintenance) - to ensure uninterrupted operation of Genome Wallet;
6. communications services suppliers - to communicate with you and provide you with up-to-date information on the usage of Genome Wallet, e.g. by SMS or e-mails;
7. customer support services - to operate our payment services platform and provide administration and customer support;
8. other external service providers that helps us to provide services for you;
9. our business partners, agents or intermediaries who are a necessary part of the provision of our products and services;
10. third parties where we have a duty to or are permitted to disclose your personal information by law, mainly: governmental bodies and/or supervisory authorities (in accordance with the requirements and obligations under the provisions of legal acts concerning anti-money laundering, fraud prevention, counter terrorist financing), credit, financial, payment and/or other electronic money institutions, pre-trial investigation institutions, the State Tax Inspectorate;
11. third parties where reasonably required to protect our rights, systems and services, mainly: lawyers, bailiffs, auditors etc.;
12. other entities that have a legitimate interest or the personal data may be shared with them under the contract which is concluded between you and Genome.

We may also disclose your personal data, if we are under a duty to disclose or share your personal information in order to comply with any legal or regulatory obligation or request.

To ensure the payment process runs smoothly, some of your personal information may be shared with a company or entity you cooperate with inside eco-system Genome.

Cross-border transfers

For the purpose to provide you with Genome Services we can engage the third-party service providers outside the EU. In such case personal data may be transferred outside the European Economic Area (EEA), including to the United States. Data protection law of third countries may be different from EU data protection laws and not guaranty adequate level of security. However, we will take measures to ensure that any such transfers comply with applicable data protection laws and that personal data remains protected.

As we provide international services, your personal data may be transferred and processed outside EEA.

The transfer of personal data may be considered as needed in such situations as, e.g.:

1. in order to conclude the agreement between you and Genome and/or in order to fulfill the obligations which are set under such agreement;
2. in cases indicated in legal acts and regulations for protection of our lawful interests, e.g. in order to file a lawsuit in court/other governmental bodies;
3. in order to fulfill legal requirements or in order to realize public interest.

When you act as a joint data controller, you shall inform your clients about risks of cross-border transfers and obtain their consent for that.

When we transfer your personal data internationally, we put in place safeguards in accordance with applicable laws and in accordance with this Privacy Policy and we will ensure that it is protected and transferred in a consistent way with the legal requirements applicable to the personal data.

There are different ways to ensure that your personal data is treated securely, mainly:

1. the country to which we send the personal data, a territory or one or more specified sectors within that third country, or the international organization is approved by the European Commission as having a satisfactory level of protection;
2. the recipient has signed standard data protection clauses which are approved by the European Commission;
3. in case a special permission has been obtained from a supervisory authority.

We may transfer personal data to a third country by taking other measures if it ensures appropriate safeguards as indicated in applicable law.

Cookies

Genome uses cookies and other similar technologies to ensure stable operation of our Site, to adapt its content to your needs, to improve features of Genome Site and to manage advertising campaign based on the interests of our audience.

For more information about cookies please read our Cookie Policy.

How long we retain your data

We may use your data for as long as reasonably necessary for the limited purpose of providing Genome Services to you.

The terms of retention of the personal data for the purposes of the processing of the personal data as defined in this Privacy Policy are following:

• we retain your personal data as long as your consent remains in force, if there are no other legal requirements which shall be fulfilled concerning personal data’s processing;
• in case of the conclusion and execution of contracts – we retain your personal data until the contract concluded between you and us remains in force and up to 10 years after the contractual relationship between you and us has ended;
• the data of our registers shall be stored for at least 8 (eight) years from the day of termination of transactions or other business relationship with you. The storage period may be extended additionally upon a reasoned instruction of a competent institution, nevertheless the extension cannot last longer than 2 (two) years;
• documents confirming monetary operation or transaction or other documents having legal force related to the performance of the monetary operations or conclusion of the transactions shall be stored for 8 (eight) years from the day of the performance of the monetary operation or conclusion of the transaction. The storage period may be extended additionally upon a reasoned instruction of a competent institution, nevertheless the extension cannot last longer than 2 (two) years;
• copies of the documents proving your identity, invoices and/or contractual documentation (original documents) shall be stored for 8 (eight) years from the day of termination of the transactions or business relationship with you. The storage period may be extended additionally upon a reasoned instruction of a competent institution, nevertheless the extension cannot last longer than 2 (two) years;
• written or electronic correspondence relating to the business relationship with you shall be stored for 5 (five) years from the day of the termination of the transactions or business relationship with you. The storage period may be extended additionally upon a reasoned instruction of a competent institution, nevertheless the extension cannot last longer than 2 (two) years;
• results of investigations of complex or unusually large transactions and unusual transaction structures are stored for 5 (five) years in paper format or on an electronic medium. The storage period may be extended additionally upon a reasoned instruction of a competent institution, nevertheless the extension cannot last longer than 2 (two) years;
• your personal data which has been submitted by you through our website is kept for a period which is necessary for the fulfilment of your request and to maintain further cooperation, but no longer than 6 months after the last day of the communication, in case there are no legal requirements to keep them longer.

In the cases when the terms of data keeping are indicated in the legislative regulations, the legislative regulations are applied.

Your personal data might be stored longer if:

1. it is necessary in order for us to defend ourselves against claims, demands or action and exercise our rights;
2. there is a reasonable suspicion of an unlawful act that is being investigated;
3. your personal data is necessary for the proper resolution of a dispute/ complaint;
4. under other statutory grounds.

Your rights as a data subject

When we act as data controller, you have the following rights for personal data that we have about you:

• you have the right to know about processing of your personal data as well as to have the access to your personal data and processing (right to get familiar with your personal data and how it is processed);
• you can ask us to erase or delete all or some of your personal data (e.g., if it is no longer necessary to provide Services to you). In certain cases, we cannot erase all of your personal data. In such case this would be due to the fact that we need to store your personal data because of a contractual relationship or law;
• you can also ask us to change, update or fix your data in certain cases, particularly if it is inaccurate. You may do it by yourself, simply log in to your Genome Wallet and change profile settings at once. You can also close your account using the Genome Wallet functionality. If your personal data was transferred to third-parties data processors, they will be notified of any editing or deletion of your personal data;
• you can ask us to obtain restriction of processing all or some of your personal data (e.g., if you believe that we have no legal right to keep using it) or to limit our use of it (e.g., if you believe that your personal data is inaccurate or unlawfully held). It can also pertain to a situation where you object to processing that we base on a legitimate interest. In such case we must verify if our grounds override yours;
• you can obtain a copy of your personal data we retain about you unless this adversely affects the rights and freedoms of others. You have the right to ask us to provide your information in an easily readable format to another company;
• where we are processing your personal information based on a legitimate interest you may object to this. However, we may be entitled to continue processing your information based on our legitimate interests or where this is relevant to legal claims. You also have the right to object the usage of personal information for direct marketing purposes or automated decision-making;
• you can ask to transfer your personal data to another data controller or provide directly to you in a convenient format (NOTE: applicable to personal data which is provided by you and which is processed by automated means on the basis of consent or on the basis of conclusion and performance of the contract);
• you are having right to withdraw your consent so that we stop that particular processing, when the processing is based on consent. However, such consent withdrawal does not affect the lawfulness of processing based on consent before its withdrawal;
• you are having the right to appeal to the State Data Protection Inspectorate or the court, in case if you do not agree with our answer to your request or claim;
• other rights established in GDPR and legal acts.

We will exercise your rights only after we receive your written request to exercise a particular right indicated above and only after confirming the validity of your identity. The written request shall be submitted to us by personally appearing at the registered office address of Genome, by ordinary mail or by e-mail: dpo@genome.eu, support@genome.eu.

Your requests shall be fulfilled or fulfilment of your requests shall be refused by specifying the reasons for such refusal within 30 (thirty) calendar days from the date of submission of the request meeting our internal rules and GDPR. The afore-mentioned time frame may be extended for 30 (thirty) calendar days by giving a prior notice to you if the request is related to a great scope of personal data or other simultaneously examined requests. A response to you will be provided in a form of your choosing as the requester.

The right to lodge a complaint

Moreover, you have the right to submit a complaint to us if you reasonably believe that processing of personal data related to you is performed in violation of the applicable legal requirements. You can submit a complaint by post or e-mail, specifying your name, surname, contact details, relevant information, which would indicate why you reasonably believe that the processing of the data related to you is performed in violation of the applicable legal requirements. Upon receipt of a complaint from you, we confirm receipt of the complaint and indicate the time limit within which the reply will be submitted. In each case, the deadline for submitting a reply may vary as it directly depends on the extent and complexity of the complaint filed, but we will make the maximum effort to provide the response to you within the shortest possible time. We, after examining the complaint, report the results and actions taken to satisfy your complaint, or provide relevant information on what further actions you may take if your complaint was not satisfied.

You can also address the State Data Protection Inspectorate with a claim regarding the processing of your personal data if you believe that the personal data is processed in a way that violates your rights and legitimate interests stipulated by applicable legislation. You may apply in accordance with the procedures for handling complaints that are established by the State Data Protection Inspectorate and which may be found by this link: https://www.ada.lt/go.php/Skundu-nagrinejimas378.

Password policy

You shall maintain the confidentiality of your password and login from Genome Wallet. You are recommended to sign out of the Genome Wallet when you have finished work with it. In any case responsibility for any loss of passwords and misuse of Genome Wallet by third parties lay with you. Read more about it in Genome T&Cs.

Minors

Genome does not voluntarily collect, use or disclose personal data of minors, according to the minimum age equivalent in the relevant jurisdiction. Genome Services are not designed to attract minors. If you are minor, you may not submit any personal information to us or subscribe for the Genome Services. If we become aware that we collected the personal information of a minor, we will take steps to delete the information as soon as possible.

How may this Privacy Policy be changed

We can make amendments to this Privacy Policy at any time by the means of publishing a revised edition on the Site. The revised version will be in effect immediately and be noted by updated date to the end of this Privacy Policy. By continuing using Genome Services, you accept the changes.

Please review this Privacy Policy from time to time to stay updated on any changes.

Contact us

You can contact us by writing to us at support@genome.eu or post us at UAB “Maneuver LT”, address Žalgirio g. 92-710, LT-09303 Vilnius, Lithuania. Other contact details provided: https://genome.eu/contact.

You can also contact our Data Protection Officer by sending an e-mail to the address: dpo@genome.eu.

Privacy Policy last modified on September 28, 2020