Any information stored on MAMMOTH platform is treated as confidential. All information is stored securely and is accessed by authorized personnel only. MAMMOTH implements and maintains appropriate technical, security and organizational measures to protect Personal Data against unauthorized or unlawful processing and use, and against accidental loss, destruction, damage, theft or disclosure.
This policy applies where we are acting as a data controller with respect to the personal data of our website visitors and service users; in other words, where we determine the purposes and means of the processing of that personal data.
Our website incorporates strict privacy controls which will have an impact on how we will process your personal data. By using the privacy controls, you can specify whether you would like to receive direct marketing communications and limit the publication of your information.
For the purposes of this Policy, MAMMOTH defines the term ‚”User”, “Visitor”, “Client” or “You” as a natural or legal person, either a visitor of www.mammothfin.com website or as the user with a trading account at MAMMOTH. The term “we”, “us”, “our” refers to MAMMOTH.
2. Collection and use of information
The following sections cover the specifics of each of the two groups from which data is collected: website Visitors and Users of our Services.
2.2 Website Visitors and collection of Visitors Data
If you are a Visitor to our website only, and not a User of our Services or the MAMMOTH platform otherwise, then this section is relevant for you.
If you do not agree with the Terms set out herein, we ask you to not visit this website www.mammothfin.com. In cases when required by the applicable law, we will ask for your explicit consent to process Personal Data, which shall be collected on this website or volunteered by you. Kindly note that any consent will be entirely voluntary. However, if you do not grant the requested consent to the processing of your Personal Data, the use of this website may not be possible or may be limited.
MAMMOTH may add information collected by way of page view activity. Furthermore, MAMMOTH may collect and process Personal Data that you voluntarily and with your consent give to MAMMOTH in our websites’ forms, such as when you sign up for information and newsletters. You can unsubscribe from the newsletter by opening the one of MAMMOTH e-mail, which you received, and clicking “unsubscribe” at the bottom of the page. You can also send us an e-mail to firstname.lastname@example.org and ask us to unsubscribe you.
If you provide MAMMOTH with your social media details, MAMMOTH may retrieve publicly available information about you from social media. MAMMOTH uses such information for a better user experience, enabling a user to login to our website with the users’ social media profile.
Such Personal Data may comprise your IP address, first and last name, your postal and email address, your telephone number, your job title, data for social networks, your areas of interest, interest in MAMMOTH services as well as information as to the type of relationship that exists between MAMMOTH and yourself. The information is collected for the purpose of improved user experience.
MAMMOTH gathers data about visits to the website, including numbers of Visitors and visits, Geo-location data, length of time spent on the site, pages clicked on or where Visitors came from.
2.2.1 Purpose of processing personal data
MAMMOTH uses the collected data to communicate with Visitors, to customize content for Visitors, to show ads on other websites to Visitors, and to improve its website by analyzing how Visitors navigate its website. MAMMOTH will process all Data in order to monitor and improve website and Services.
2.2.2 Sharing and storing personal data
MAMMOTH may also share such information with service vendors or contractors in order to provide a requested service or transaction or in order to analyze the Visitor behavior on its website.
The data that we collect from you is stored within the territories of the European Union. Automatically collected data (Google Analytics) by third parties may be stored outside the EU.
2.2.4 Links to other websites
2.2.5 Geographical location of collection and storing Personal Data
The website MAMMOTH runs on servers in European data regions. A MAMMOTH “Data Region” is a set of data centers located within a defined geographical area where User data is stored. Personal Data is not transmitted to other Data Regions. For MAMMOTH website visitors, all Personal Data of visitors are located in MAMMOTH European Data Region, all Personal Data is processed in the EEA.
2.2.6. Third-party Plugins
In addition to that, visitors of MAMMOTH website can also sign up to Disqus, or login with Facebook, Twitter or Google and share their likes and comments. MAMMOTH is using plugins and is not considered as a primary controller of the personal data. The primary controllers are Facebook, Twitter, Google and Disqus.
In respect of operations involving the collection and disclosure of the data MAMMOTH can be considered as a joint controller with Facebook, Instagram, Google and Disqus in respect of the collection and transmission of a certain personal data of visitors to its website.
We reserve the right to utilize third-party plugins for user authentication purposes. The user will have this option available at login or signup provided third-party plugins is being utilized.
In order to provide services to its Users, MAMMOTH collects certain types of data from them. This section will describe how Users’ data is collected and used by MAMMOTH . Data entered or transferred into MAMMOTH by Users such as texts, questions, contacts, media files, etc., remain the property of the User and may not be shared with a third party by MAMMOTH without express consent from the User.
MAMMOTH will process your account data you provide when you open MAMMOTH account, perform transactions on the MAMMOTH platform, or use other MAMMOTH Services. This information may include:
- Contact information, such as name, home address, email address, date and place of birth, mobile phone number.
- Account information, such as username and password.
- Financial information, such as bank account numbers, bank statements, and trading information.
- Identity verification information, such as an image of your government issued ID, passport, national ID card or driving license, and under special conditions also a social security number (US residents)
- Residence verification information, such as utility bill details, phone bill or similar document.
The source of the account data is a user who opens an account. The account opening data will be used and processed for the purposes of performing a detailed Know Your Customer (Hereinafter: KYC) procedure according to necessary Anti-Money Laundering and Anti-Terrorist Regulations.
Users are visitors of the MAMMOTH website and therefore their Personal Information is collected as described in the previous section. This Personal Information will be used for operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with Users.
MAMMOTH will use users’ e-mail phone number and residential address for communication purposes with users regarding: login, registration, transactions, orders, safety requirements, notifications about safety measures, reminders about the status of orders, transactions, user profile level, and other necessary communication with users. The user will also receive occasional notifications about new token listing and other promotions.
2.4.2 Collection of User data
During a User’s registration at MAMMOTH exchange platform, Users provide information such as name, company name, email, address and nationality (registered seat of the legal entity), bank account, ID number and image of the ID document, date and place of birth, personal picture, phone number, utility bill and other relevant data.
The Users Data shall be collected and processed by a third party “Sum and Substance LIMITED, with its registered office at Suite 1, 5 Percy Street, Fitzrovia, London, England, W1T 1DG (hereinafter Sum and Substance), who is a trusted partner of MAMMOTH for collecting and processing Users data on behalf of MAMMOTH . Sum and Substance is an experienced identity verification company that will process Personal Data for the purposes of the necessary KYC/AML procedures. Sum and Substance will obtain and process all the above stated Personal Data and run KYC/AML procedures and ensure compliance with the relevant AML legislation.
If you wish to stop receiving marketing communications from us, please contact us at email@example.com to opt-out.
Users of MAMMOTH services can at any time access and edit, update or delete their contact details by logging in with their username and password to MAMMOTH platform and use “Delete User Account” setting. MAMMOTH will not retain User data longer than is necessary to fulfill the purposes for which it was collected or as required by the applicable laws and regulations.
In the course of its activity, MAMMOTH shall also communicate with the users via the telephone using the telephone numbers given in the identification process. Communication will serve for the purpose of verifying the credibility of the user account, thereby strengthening the platform’s security, strengthening the brand, informing users about new offers and events, about new issues of tokens and direct sales of MAMMOTH services.
2.4.3. Geographical location of processing Personal Data
All Personal Data, which will be collected and processed within the KYC procedure by Sum and Substance and MAMMOTH are stored on servers in European data regions. Such Personal Data is not transmitted to other Data Regions.
MAMMOTH has servers in European data regions. A MAMMOTH “Data Region” is a set of data centers located within a defined geographical area where User data is stored. Personal Data is not transmitted to other Data Regions. For MAMMOTH Users, all accounts are located in MAMMOTH European Data Region, all Personal Data is processed in the EEA.
It has to be noted that MAMMOTH is a platform that offers buying, selling and storing virtual currencies. Trading virtual currencies take place on the blockchains (Ethereum, Bitcoin, etc.) which are decentralized databases software platforms for virtual assets. Blockchains are a list of records, called blocks, which are linked and secured using cryptography. Each block typically contains a cryptographic hash of the previous block, a timestamp and transaction data. By design, a blockchain is inherently resistant to modification of the data. Therefore Data cannot be modified or deleted, since there are no servers involved. Data are dispersed among computer all around the world in an encrypted version.
If you trade virtual currencies you agree that your Personal Data may be collected, stored, processed and that you will not be able to delete it or invoke the right to be forgotten. Your data are encrypted, meaning they are coded (anonymized). Note that also encrypted personal data that is your e.g. crypto wallet address with MAMMOTH can still be traced back to a person if enough effort is put into it by experts or someone holds the key to decryption. With trading virtual assets via MAMMOTH platform you expressly agree to give your Personal Data on the (public) blockchain that these Data (even though encrypted) cannot be deleted and that Personal Data may be transferred outside European territory.
You acknowledge and expressly agree that by the nature of the technology it is not possible to delete personal data from the blockchain and invoke the right to be forgotten. You also agree that by the nature of the technology it is not possible to keep personal data within the EU borders.
126.96.36.199 Processing in accordance with General Data Protection Regulation
The processing of Personal Data is performed in accordance with privacy rights and regulations following the EU Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 (the Directive), and the implementations of the Directive in local legislation. From May 25th, 2018, the Directive and local legislation based on the Directive will be replaced by the Regulations (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, known as the General Data Protection Regulation (GDPR), and our processing will take place in accordance with the GDPR.
MAMMOTH processes Personal Data as a Controller, as defined in the Directive and the GDPR:
MAMMOTH SERVICES UAB which you as a Visitor entered an agreement with when using MAMMOTH’s platform as a Visitor, will be the Controller for Visitors data, as outlined above in “Collection of Visitor data” section.
For Users data, as outlined in the “Collection of Users data” section, the MAMMOTH will be the Controller in accordance with GDPR. The Users Data shall be processed by a third party Processor Sum and Substance, to Collect and process Users data on behalf of MAMMOTH . Sum and Substance is an experienced identity verification company that will process Personal Data for the purposes of the necessary KYC/AML procedures. Sum and Substance will obtain and process users: name, surname, address, residency, date and place of birth, ID number, copy ID, users’ picture, email, phone number, utility bill and other personal information. Sum and Substance is a certified ID verification company having sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of GDPR and ensure the protection of the rights of the data subject.
MAMMOTH has data processing agreements in place with its providers, ensuring compliance with GDPR. All hosting is performed in accordance with the highest security regulations. All transfers of data internally is done in accordance with this data processing agreement.
MAMMOTH adheres to the Directive of 1995 and the GDPR from November 15th, 2021. Consequently, MAMMOTH processes all data provided by its Users with accounts in its European Data Region, in the European Union, EGS and Switzerland only.
3. Retention and deletion of Personal Information
MAMMOTH will not retain data longer than is necessary to fulfill the purposes for which it was obtained for or as required by applicable laws or regulations. When a users’ account is terminated or expired, all Personal Data collected through the platform will be deleted, as required by applicable law.
Every user or visitor can invoke the right be right to be forgotten at any time. Users and visitors can request a list of his or hers personal data. In case you wish to obtain such data send an e-mail to firstname.lastname@example.org. You will receive the list within one month from receiving your request by MAMMOTH.
4. Acceptance of these Conditions
In case of the change in the types or purpose or processing procedure of your personal data, MAMMOTH will ask for your consent if required by EU and national regulations.
5. Legal Obligation to Disclose Personal Information
5.1. Disclosure to third parties
5.2. Disclosure to prevent damage and disclosure to legal authorities
We will reveal user’s personal information without his/her prior permission only when we have reason to believe that the disclosure of this information is required to establish the identity of, to contact or to initiate legal proceedings against a person or persons who are suspected of infringing rights or property belonging to MAMMOTH or to others who could be harmed by the user’s activities or of persons who could (deliberately or otherwise) transgress upon these rights and property. We are permitted to disclose personal information when we have good reason to believe that this is legally required and when the competent authorities have required to present them with such Personal Information.
6. Data Protection Officer
MAMMOTH has a “Data Protection Officer” who is responsible for matters relating to privacy and data protection. This Data Protection Officer can be reached at the following email: email@example.com .
7. Security of Personal Information
We use a variety of security measures to ensure the confidentiality, integrity, availability and privacy of your Personal Information and to protect your Personal Information from loss, theft, unauthorised access, misuse, alteration or destruction. These security measures include, among others:
- Password protected directories and databases.
- Secure Sockets Layered (SSL) technology to ensure that your information is fully encrypted and sent across the Internet securely.
- Vulnerability Scanning to actively protect our servers from hackers and other vulnerabilities.
- Regular penetration testing.
- Secure coding principles.
- Encryption of sensitive data during transfer and at rest.
- 2-factor authentication.
- Logging of activities performed in the platform.
- Access controls and
- other measures to mitigate risks identified during the risk assessment process.
All financially sensitive and/or credit information is transmitted via SSL technology and encrypted in our database. Only authorized MAMMOTH personnel are permitted access to your Personal Information, and this personnel is required to treat the information as highly confidential. The security measures will be reviewed regularly in light of new and relevant legal and technical developments.
8. Access right to your personal information
You have the right to access your Personal Information to correct, update, and block inaccurate and/or incorrect data. To exercise this right, contact us at firstname.lastname@example.org
9. Information, Complaints and Contact
If you have any further questions regarding the data MAMMOTH collects, or how we use it, then please feel free to contact us by email at: email@example.com or in writing at: Mammoth Services UAB, Carrer Jaume Balmes 1, Bajo, Cabrils, 08348, Spain
You have a right to lodge a complaint with supervisory authority, to enforce your rights, as specified above. You can find out how to do this at the Lithuanian State Data Protection Inspectorate (LRV) https://vdai.lrv.lt/en/ or European Data Protection Supervisor https://edps.europa.eu/.
Last update: 20 October 2022
Previous update: 20 October 2022