GDPR
GDPR
Introduction
GetPanda Money Inc. and Stables Technologies FZ-LLC (collectively referred to as “GetPanda.Money”, “we”, “our”, or “us”) are committed to protecting the privacy and security of our users’ personal information.
This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you visit our website, use our mobile application, or interact with our services. We comply with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), and are dedicated to maintaining transparency and accountability in our data handling practices.
By using our website or application, you acknowledge that you have read and understood this Privacy Policy.
Data Controller, DPO, and Contact:
Data Controller: GetPanda.Money
Data Protection Officer (DPO): Mr. Ranit Saha
Email: compliance@getpanda.money
For any questions, requests, or complaints regarding this Privacy Policy or our data protection practices, you may contact our DPO using the details above.
Data Collection:
We value your privacy and are committed to transparency regarding how we collect and use your data. We collect limited personal data to provide and improve our services, operate our website and mobile applications, and ensure a secure user experience. The categories of data we may collect include:
- Identification and Contact Information: When you create an account, contact us, or subscribe to updates, we may collect your name, email address, and other contact details.
- KYC and Verification Information (via Regulated Partners): We do not directly collect or verify any identity documents for Know Your Customer (KYC) purposes. Such data is collected and processed solely by our licensed VASP partners in accordance with their own regulatory obligations. We may receive limited verification status information (e.g., “KYC verified”) from our partners to enable account functionality on our platform.
- Transaction and Payment-Related Data: If you engage in transactions or access services offered through our licensed partners, we may collect transaction references, timestamps, and non-sensitive metadata necessary to display transaction status or history in your account. We do not collect or store full payment details, wallet private keys, or any sensitive financial information except for accounting and account access purposes. All of these details are promptly deleted, on request save for regulatory requirements.
- User Preferences and Feedback: We may collect information you voluntarily provide, such as survey responses, support queries or feature feedback, to improve our user experience and product offerings.
- Usage Data and Cookies: We use cookies and similar technologies to understand how users interact with our website and application. This includes information such as:
- IP address
- Device and browser type
- Pages visited and time spent
- App usage metrics and crash logs
This information helps us analyze usage patterns, improve system performance, and enhance the user experience. You can manage cookie preferences through your browser settings.
Purpose of Processing:
We process personal data only for legitimate, clearly defined purposes and in accordance with the principles of the General Data Protection Regulation (GDPR). Your personal data may be processed for the following purposes:
- To Provide, Operate, and Improve Our Services: We use limited personal data to enable you to access and use the GetPanda.Money platform, maintain your account, and ensure the functionality and security of our systems.
- For Customer Support and Communication: We process your contact and communication details to respond to support inquiries, provide updates, and resolve issues.
Example:If you contact our support team, we use your email address and relevant account details to investigate and address your request efficiently.
- To Comply with Legal and Regulatory Obligations: We may process or retain limited user data to comply with applicable legal, tax, accounting, and anti-fraud requirements. Where KYC or AML verification is required, this is carried out exclusively by our licensed VASP partners; we may only receive status information such as “KYC verified” to enable account functionality.
- For Security, Risk, and Fraud Prevention: We process technical and usage data to detect, prevent, and investigate potential security incidents, fraudulent activity, or misuse of our platform.
- For Marketing and Service Communications (with Consent): With your explicit consent, we may use your contact information to send product updates, newsletters, or promotional materials related to our services. You may withdraw your consent at any time by following the unsubscribe instructions provided in our communications.
Legal Basis for Processing:
We process personal data only where we have a valid legal basis under the General Data Protection Regulation (GDPR). The specific legal basis depends on the nature of the interaction and the purpose of processing, as outlined below:
- Your Consent: We may process your personal data based on your explicit consent.
- Performance of a Contract: We process personal data as necessary to perform our obligations under a contract with you or to take steps at your request prior to entering a contract.
- Legitimate Interests: We may process certain personal data where it is necessary for our legitimate business interests and where such interests are not overridden by your data protection rights.
- Compliance with Legal Obligations: We may process or retain certain data to comply with applicable legal or regulatory requirements, such as recordkeeping, security monitoring, audit readiness, or cooperation with lawful requests from public authorities.
Data Transfer Outside the EU:
As part of our global operations, GetPanda.Money may transfer limited personal data to recipients located outside the European Union (EU) or the European Economic Area (EEA). These transfers may occur, for example, when:
- Our servers, infrastructure, or service providers (such as cloud hosting, analytics, or customer support tools) are located in other jurisdictions;
- We engage with licensed VASP partners or affiliates established outside the EU/EEA to facilitate platform functionality; or
- You access the GetPanda.Money platform from a location outside the EU/EEA.
We ensure that any such international data transfers are carried out in full compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR). To protect your personal data during these transfers, we implement appropriate safeguards, such as:
- Standard Contractual Clauses (SCCs) approved by the European Commission;
- Adequacy decisions for countries recognized by the European Commission as providing an adequate level of protection; or
- Binding corporate rules or equivalent data protection mechanisms adopted by our service providers.
We require all third-party recipients of personal data to handle it securely and only in accordance with our instructions and the applicable privacy laws.
Please note that GetPanda.Money does not itself collect or store sensitive identity or financial data such information, where applicable, is processed directly by our licensed and regulated VASP partners, each of whom maintains its own GDPR-compliant safeguards for international data transfers.
Use of Cookies and Other Trackers:
The GetPanda.Money website and mobile application use cookies and similar tracking technologies (such as pixels, SDKs, and local storage) to enhance user experience, analyze usage patterns, and improve the functionality and performance of our platform.
Cookies are small text files placed on your device that help us recognize your browser or device, remember your preferences, and understand how you interact with our services. Some cookies are necessary for the platform to function properly, while others are used (with your consent) for analytics, personalization, and marketing.
How We Use Cookies
We may use cookies and other trackers for the following purposes:
- Essential cookies: We To enable secure login, load pages correctly, and maintain session integrity.
- Performance and analytics cookies: To understand how users interact with our site or app, improve navigation, and optimize features.
- Functionality cookies: To remember user preferences, such as language or region settings.
- Marketing cookies: To deliver relevant content or limited promotional material (if you have consented to receive marketing communications).
You can manage or disable cookies at any time through your browser or device settings. Please note that disabling certain cookies may affect the performance or functionality of our platform.
Data Subject Rights:
Under the General Data Protection Regulation (GDPR), you have several rights regarding your personal data. At GetPanda.Money, we respect and facilitate the exercise of these rights to the extent applicable to the data we control or process.
Note: that where your data is collected and processed by our licensed VASP partners (for example, during KYC or transactional activities), such requests should be directed to the relevant partner acting as the data controller for that information.
Your Rights Under GDPR
- Right of Access: You have the right to request access to the personal data we hold about you and to receive information about how it is processed.
- Right to Rectification: You may request correction of inaccurate or incomplete personal data that we hold about you.
- Right to Erasure: You can request the deletion of your personal data in certain circumstances, such as where it is no longer necessary for the purposes for which it was collected, or if you withdraw your consent.
- Right to Restrict or Object to Processing: You have the right to restrict or object to the processing of your personal data in certain cases, such as where you believe your data is being processed unlawfully or where you wish to opt out of marketing communications.
- Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.
- Right to Lodge a Complaint: If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection authority or with the European Data Protection Board (EDPB).
You can exercise any of these rights by contacting our Data Protection Officer (DPO).
Data Security:
We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect it against unauthorized access, loss, misuse, alteration, or destruction, in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
- Technical Measures: We employ industry-standard security technologies and best practices to safeguard data, including:
- Encryption of data in transit and at rest using modern cryptographic protocols;
- Secure access controls and authentication mechanisms, including optional multi-factor authentication;
- Regular vulnerability assessments, system monitoring, and patch management to maintain infrastructure integrity;
- Segregation of user data and strict network security to prevent unauthorized access.
- Organizational Measures: We ensure that only authorized personnel have access to personal data, and only to the extent necessary to perform their duties.
- All employees, contractors, and third-party providers handling data receive training on GDPR and information security best practices.
- Access rights are reviewed periodically to maintain least-privilege principles.
- Confidentiality obligations are embedded in our employment and vendor agreements.
Where GetPanda.Money integrates with third-party or partner systems (e.g., licensed VASPs), we ensure that equivalent data protection and security standards are contractually required and technically enforced.
Data Retention:
We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy or as required by applicable laws and regulations. In determining appropriate retention periods, we consider the nature of the data, the purpose for which it was collected, and our legal, regulatory, and operational obligations.
Changes to this Policy:
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal obligations. If significant updates are made, we will notify you via email, in-app notifications, or other appropriate means and update the “Last Updated” date at the top of this page.
