Privacy Policy
Table of Contents
Chapter 1 - Preliminary
- Overview of the RULES and the Platform
- Defined terms and interpretation
- Purpose and scope of this Privacy Policy
- Competent Authorities and applicable data protection laws
Chapter 2 - When, what and why RULES Processes Personal Data?
- When RULES Processes Personal Data
- Which categories of information RULES Processes?
- Why RULES Processes Personal Data?
Chapter 3 - How RULES collects Personal Data
- How does RULES collect Personal Data directly from a User?
- How does RULES collect Personal Data from third parties
- How does RULES automatically collect Personal Data
Chapter 4 - How RULES transfers Personal Data
- Who RULES transfers Personal Data to?
- Where RULES transfers Personal Data to?
- How RULES ensures Personal Data is protected when transferred to a jurisdiction that is not deemed to be adequate?
- Does RULES guarantee the secure transmission of Personal Data?
Chapter 5 - How RULES stores Personal Data
- How RULES ensures Personal Data is safely stored?
- For how long?
Chapter 6 -
- Right of access
- Right to rectification
- Right to erasure
- Right to restrict Processing
- Right to data portability
- Right to object to Processing and Automated Processing
- Right to obtain information on Processing
Chapter 7 - How a User may exercise their rights
- How to opt out or withdraw consent?
- How to exercise other rights?
- How to complain to RULES?
Chapter 8 - Communication with Data Subjects
- Reporting of breaches
- Means of notification
- English language requirement
Chapter 9 - Amendment of this Privacy Policy
Schedule 1 – Glossary and interpretation
Interpretation
Glossary
Chapter 1 Preliminary
1.1 Overview of the RULES and the Platform
1.1.1 Rules Holdings BVI Ltd., Craigmuir Chambers, P.O. Box 71, Road Town, Tortola, VG1110, BVI; Company Number: 1970684) is a company established in the BVI and licensed and regulated by the Financial Services Commission (“FSC”) to:
1. Virtual Asset Exchange”; and
2. “Virtual Asset Custody Service”;
in relation to “Accepted Virtual Assets” in or from the BVI (as these activities are provided for under the Virtual Asset Service Provider Act, 2022 (VASP Act, 2022) through its Platform.
1.1.2. Rules Holdings BVI Ltd. has following affiliates:
Kinetic Serviços Digitais Ltda, (“Kinetic”) Corporate Tax Number (CNPJ): 47.966.513/0001-15, Avenida Dr. Cardoso de Melo, No. 1046, Apto. 133, Vila Olimpia, 04548-004, São Paulo, Brazil.
Kinetic acts as Collecting Agent for Brazilian customers, responsible for transfer and custody of fiat assets.
Collectively Rules Holdings BVI Ltd. and its affiliates are described as Rules Holdings Group (“RULES”) or “the Group”.
1.2 Defined terms and interpretation
1.2.1 Unless the context requires otherwise, capitalised terms are defined terms and shall have the meanings set out in the Glossary in Schedule 1 of this Privacy Policy.
1.3 Purpose and scope of this Privacy Policy
1.3.1 This Privacy Policy is issued by RULES in compliance with the requirements of the relevant DP Laws and Regulations, including:
(a) the Virgin Islands Data Protection Act 2021 (“the BVI Law”);
(b) the Brazilian General Data Protection Law; Lei Geral de Proteção de Dados (“ the LGPD”);
(c) the General Data Protection Regulation (“the GDPR”); and
(d) Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data Protection (“the PDPL')
1.3.2 This Privacy Policy governs RULES’s processing of the Personal Data of Users and any relevant natural person (such as potential clients) (Data Subjects) collected in connection with the use of any of the Services.
1.3.3 The purpose of this Privacy Policy is to inform Data Subjects on how RULES, as the Controller of their Personal Data, may Process Personal Data in line with the relevant DP Laws and Regulations.
1.3.4 This Privacy Policy, as amended from time to time and published on the Website, applies to and is binding on:
3. all Data Subjects who access or use the Website; and
4. all Users of the Platform pursuant to the User Agreement;
as the continued use of the Website, Platform or API by any of any of the above or their Authorised Representative(s) is considered to mean that they have read, understood and consented to this Privacy Policy as it is amended from time to time.
1.4 Competent Authorities and applicable data protection laws
1.4.1 In Processing Personal Data, RULES as a Controller established in the BVI will ensure compliance primarily with the BVI DP law as it is administered by the BVI Office of the Information Commissioner. As at the date of this Privacy Policy, the Government of the BVI has not appointed an Information Commissioner.
1.4.2 However, given the Platform’s global reach and the potential that Data Subjects whose Personal Data is Processed may be located outside of the BVI, and by operation of the relevant DP Laws and Regulations, RULES may also be required to comply from time to time with relevant DP Laws and Regulations other than the BVI DP law, such as the PDPL and the GDPR that are administered by other Competent Authorities.
2.1 When RULES Processes Personal Data
2.1.1 RULES will process Personal Data which a Data Subject provides directly or which is generated or obtained through third-parties in the course of operating the Platform including when a Data Subject:
(a) applies to open an account with RULES;
(b) uses any of the Services such as when a User uses the Platform to carry on transactions; and
(c) visits or uses the Website or the API through which RULES may also provide its Services
2.2 Which categories of information RULES Processes?
2.2.1 RULES will process the types of information which may contain certain categories of Personal Data which are set out in the table below along with illustrative examples:
| Categories of User Information | Examples |
|---|---|
| Identifying Data | (a) Name(s) and alias(es) including maiden name (b) Gender (c) Nationality (d) Date of birth (e) Official documents such as copies of passport, national ID, driver’s license, visa (f) Proof of address such as copies of utilities bills, tenancy agreement (g) Picture of your face (h) Signature/seal/stamp |
| Personal Information | (a) Physical address(es) (b)Billing address(es) (c)Telephone number(s) (d)Email address(es) (e)Tax Identification Number (CPF, CNJP, TIN) (f)Mother’s name (if applicable) (g)Father’s Name (if applicable) |
| Compliance Data | (a)Information provided/obtained in carrying on risk assessment or background/sanctions check(s), investigating Financial Crime (b) Employment Status (c) Proof of source of funds/wealth such as proof of inheritance, transaction(s), salary (d) Employment details such as position, title or job function(s) (e) Tax information/form(s)/declaration(s) |
| Financial Data | (a) Bank/brokerage account(s) details, (b) Debit/credit/payment/pre-paid card(s) details, (c) Balances in relation to (a) and (b) (d) Employment details such as position, title or job function(s) (e) Estimated Monthly Income |
| Marketing Data | (a) Communication preferences such as email(s), phone number(s), mailing address(es) (b) Marketing material preference(s) (c) Consent to contact you or to have third party(ies) contact you (d) Input on request(s) for information/survey(s) |
| Transactional Data | (a) Details of payment(s) made/received (b) Details of transaction(s) using the Services/Platform/Website/API |
| Technical Data | (a) Internet connectivity data such as Internet Protocol (IP) address(es), Internet Service Provider (ISP)/operator/carrier, browser/device/software/operating system information (b) Localised data such as time zone(s), location(s), language(s) (c) Troubleshooting data such as operation/crash/diagnostic log(s) (d) Any information or digital content you give access to when visiting the Website or using the Platform/API Site (e) Information collected through the use of internet “cookies” or other similar tokens |
| Usage Data | (a) Platform access credentials/assigned client number (b) Product/service requests, interests, preferences, feedback and survey responses |
2.2.2 In general, RULES not process Sensitive Personal Data about Users unless it is necessary for performing or exercising obligations or rights. On rare occasions, there may be other reasons for processing.
2.2.3 RULES may use information relating to criminal convictions where the law allows us to do so. This is usually where that processing is necessary to carry out RULES’ statutory obligations.
2.3 Why RULES Processes Personal Data?
2.3.1 RULES only Processes Personal Data for legitimate and lawful purposes as these may be provided for under the relevant DP Laws and Regulations, including when RULES:
(a) Processes a Data Subject’s Personal Data with their consent;
(b) performs the User Agreement or carrying on any step at the request of a Data Subject before entering into the User Agreement;
(c) is required to Process such Personal Data to comply with its legal and regulatory obligations to which it is subject, such as in relation to combating Financial Crime or satisfying its due diligence requirements;
(d) Processes a Data Subject’s Personal Data to protect their vital interests or those of another Data Subject; or
(e) defends itself in legal or regulatory proceedings or when complying with the lawful requests or orders of a Competent Authority or judicial or regulatory authorities.
2.3.2 If a Data Subject fails to provide certain information when requested, RULES may not be able to perform the contract it has entered into with the Data Subject or may be prevented from complying with its legal obligations. Some of the information RULES requests from Data Subjects may therefore be obligatory.
Chapter 3 How RULES collects Personal Data
3.1 How does RULES collect Personal Data directly from a User?
3.1.1 [RULES may collect Personal Data directly from a Data Subject. This may occur under a number of circumstances where a person interacts with RULES to receive the Services, such as when a Data Subject (among others):
(a) applies for the Services;
(b) completes application forms;
(c) provides information while operating the API or the Website;
(d) carries on any transaction on the Platform; or
(e) responds to RULES requests for information or makes notifications to RULES.
3.2 How does RULES collect Personal Data from third parties
3.2.1 RULES may collect Personal Data about a Data Subject from a third-party or a public source, which may include (among others):
(a) law enforcement agencies, and any relevant government or judicial bodies;
(b) public records (e.g. registers of companies which include names of directors);
(c) paid-for information aggregators (e.g. paid-for background check solutions and databases) or due diligence/compliance service providers;
(d) other Data Subjects (e.g. referrals); or
(e) any public source of information that is accessible to the public at large, including through the internet.
3.2.2 RULES collects Personal Data about a Data Subject from third-party sources mainly to comply with its legal and regulatory requirements (e.g. when carrying on its customer due diligence in compliance with its requirements under anti-money laundering laws and regulations) or for carrying on necessary investigations, but may also do so for marketing purposes or to help with improving its Services.
3.3 How does RULES automatically collect Personal Data
3.3.1 RULES may collect Personal Data automatically whenever a Data Subject uses the API or the Website, such as when a Data Subject (among other things):
(a) accepts the use of cookies, servers logs or other forms of technology means when accessing the Website; or
(b) visits third-party websites other than the Website, provided that such third-party websites use RULES cookies.
3.3.2 Such automatically collected information normally would not contain Personal Data since this mainly relates to Technical Data and Usage Data. However, there may be instances where such automatically collected information may contain Personal Data.
3.3.3 Any information RULES collects using automatic means is aggregated anonymously to provide generic statistical data about Data Subjects’ browsing patterns and does not personally identify individual Data Subjects.
Chapter 4 How RULES transfers Personal Data
4.1 Who RULES transfers Personal Data to?
4.1.1 RULES may transfer Persona Data to third parties in order to fulfil its contractual obligations with the User.
4.1.2 These third parties may include
(a) other members of the RULES group of companies;
(b) agents (such as contractors, professional advisors, auditors, personal data processors etc);
(c) law enforcement agencies and authorities including for the purposes of assisting RULES to institute, continue or defend any legal proceedings whatsoever including court proceedings; and
(d) other third parties. With such parties, RULES would transfer Personal Data in an aggregated or anonymised form which cannot be reasonably used to identify a Data Subject.
4.1.3 Regarding a Data Subject who is a User, such transfers are mainly done on the basis of the User’s consent. Such consent may be withdrawn by the User at any time as provided for under this Privacy Policy.
4.2 Where RULES transfers Personal Data to?
4.2.1 RULES may transfer Personal Data outside of the BVI. RULES will only do so where there is proof of adequate data protection safeguards (in relation to the transfer and to which RULES is transferring the Personal Data) or there is consent from the User concerned. In most cases, RULES will transfer the Personal Data to a recipient in a third country or jurisdiction which is deemed by to provide adequate levels of data protection. The relevant Competent Authority may publish a list of such jurisdictions, which may be updated at any time, and which RULES will adhere to.
4.2.2 RULES may also transfer Personal Data to a recipient in a third country or jurisdiction where the levels of data protection are not deemed adequate under the relevant DP Laws and Regulations, provided it has another lawful basis for doing so.
4.3 How RULES ensures Personal Data is protected when transferred to a jurisdiction that is not deemed to be adequate?
4.3.1 In the event that RULES transfers Personal Data to a third country or jurisdiction where the levels of data protection are deemed inadequate, [RULES will take steps to ensure that there are effective safeguards for the protection of a Data Subjects’ Personal Data.
4.3.2 Such safeguards may include:
(a) obtaining permission from the relevant Competent Authority, including the Office of the Information Commissioner, for the data transfer;
(b) incorporating proprietary contractual clauses in agreements with the recipient to adopt or maintain a suitable level of data protection and oversight; and/or
(c) incorporating the “Standard Contractual Clauses” (where applicable to the relevant territory) in agreements with the recipient to adopt or maintain a suitable level of data protection and oversight.
4.4 Does RULES guarantee the secure transmission of Personal Data?
4.4.1 RULES cannot and does not guarantee that any transfer or transmission of Personal Data over the internet is totally secure. Any transfer or transmission of Personal Data from a User to RULES is at the User’s own risk.
4.4.2 However, RULES has in place reasonable arrangements to help mitigate this risk, and will make every reasonable effort to keep its electronic communications safe.
Chapter 5 How RULES stores Personal Data
5.1 How RULES ensures Personal Data is safely stored?
5.1.1 RULES may use a range of measures to ensure that any Personal Data it collects is stored safely. Such measures are based on industry best practice and validated by the RULES Chief Information Security Officer and include, but are not limited to:
(a) password-protected directories;
(b) secure sockets layered technology; and
(c) internet data is securely encrypted using HTTPS/TLS protocol. Customer data is retained within AWS cloud behind AWS firewalls.
5.1.2 Users are responsible for ensuring that the access details to their own account are stored safely and securely. In the event that a User suspects a security breach of their own, the User must inform RULES immediately. 2FA and 3FA authentication are employed to ensure should a user password become compromised an attacker would still require access to email and/or Authenticator app which requires separate passcode and/or biometrics to access.
5.2 For how long?
5.2.1 RULES will keep Personal Data for as long as it is necessary for the legitimate purpose for which the Personal Data was collected.
5.2.2 RULES may also retain Personal Data where necessary to comply with a legal or regulatory requirement.
5.2.3 When RULES does not legitimately need the Personal Data for the purpose for which it was collected, it will securely destroy the Personal Data or irreversibly anonymise it.
5.2.4 In certain circumstances, RULES may anonymise the Personal Data such that it is no longer associated with a Data Subject and is no longer considered Personal Data for the purposes of BVI DP law. RULES may continue to use this information without any further notice to the Data Subject.
6.1 Right of access
6.1.1 A Data Subject has the right to access and request a copy of the Personal Data that RULES processes about the Data Subject.
6.2 Right to rectification
6.2.1 A Data Subject has the right to request RULES to either amend or update the Data Subject’s Personal Data in the event that it is either inaccurate or complete.
6.3 Right to erasure
(a) A Data Subject has the right to request RULES to delete the Data Subject’s Personal Data in circumstances where:
(b) the Personal Data is no longer necessary for the purpose of which it was collected; and
(c) RULES no longer has a legal obligation towards the Data Subject.
6.3.2 If a User closes its account, such account will be marked as “closed” by RULES.
6.3.3 In the event that an account is closed, RULES will keep certain information the User including the request to close the account for a period of seven years for the purpose of fraud prevention. No Personal Data will be used or shared by RULES except to prevent fraud or to comply with a legal requirement.
6.4 Right to restrict Processing
6.4.1 A Data Subject has the right to request RULES to restrict or suspend the processing of the Data Subject’s Personal Data where:
(a) the processing is for direct marketing purposes;
(b) RULES’s use of the Personal Data is unlawful;
(c) the Data Subject intends for RULES to hold the data in circumstances where the Data Subject requires it to establish, exercise or defend a legal claim but where RULES has no need for the Personal Data; or
(d) the Data Subject has objected to RULES’s use of the Personal Data.
6.5 Right to data portability
6.5.1 A Data Subject has the right to request to receive or transmit its Personal Data in a commonly used machine readable format.
6.5.2 A Data Subject has the right to request to receive or transmit its Personal Data to a third party, provided that this is technically feasible, in a commonly used machine readable format.
6.6 Right to object to Processing and Automated Processing
6.6.1 A Data Subject has the right to request RULES not to subject the Data Subject to a decision which has been reached based on automatic decision making provided that such a decision would either:
(a) have a legal effect on the Data Subject; or
(b) produce a similarly significant effect.
6.6.2 For the purposes of this section, profiling means any form of automated processing which is intended to evaluate certain personal aspects of the Data Subject.
6.7 Right to obtain information on Processing
6.7.1 A Data Subject has the right to obtain information on whether its Personal Data is being processed and the purpose of the processing. This includes:
(a) the purposes of the processing;
(b) the categories of Personal Data;
(c) the recipients or categories of recipients to whom the Personal Data will be or has been disclosed to; and
(d) the period for which the Personal Data will be stored.
6.7.2 RULES meets this obligation via the provision of this Privacy Policy to its Users.
Chapter 7 How a User may exercise their rights
7.1 How to opt out or withdraw consent?
7.1.1 A Data Subject may withdraw its consent to RULES processing their Personal Data in the following ways, either:
(a) online through the relevant link on the API or Website; or
(b) sending an email to RULES on [email protected]
7.1.2 However, even if a Data Subject withdraws their consent, RULES may continue to process the Data Subject's Personal Data if it has another legitimate purpose/basis for doing so in the DP Law.
7.2 How to exercise other rights?
7.2.1 A Data Subject may at any time exercise its rights which are set out in Chapter 6 of this Privacy Policy.
7.2.2 RULES will action such requests as soon as possible and within thirty days from the date of receipt of the request.
7.2.3 RULES’ Chief Executive Officer may extend the time limit for compliance with a request for access to personal data:
(a) by not more than thirty days if:
(i) meeting the original time limit would unreasonably interfere with the operations of RULES; or (ii) consultations are necessary to comply with the request that cannot be reasonably be completed within the original time limit; or (iii) by such period of time as is reasonable, if the additional time is necessary for converting the Personal Data into an alternative format.
7.2.4 In the event of an extension, RULES will inform the Data Subject of the length of the extension and informing the Data Subject that he or she has a right to make a complaint to the Office of the Information Commissioner about the extension..
7.3 How to complain to RULES?
7.3.1 A Data Subject may make a complaint on the manner in which its Personal Data has been processed via email on [email protected]
7.3.2 A Data Subject may at any time file a formal complaint with the Office of Data Protection.
Chapter 8 Communication with Data Subjects
8.1 Reporting of breaches
8.1.1 In the event of a data breach, and subject to legal obligations, RULES will endeavour to inform Data Subjects and the relevant Competent Authority of the breach.
8.1.2 Such notification may include:
(a) the nature of the breach;
(b) the time of the breach;
(c) what, if any, Personal Data has been compromised;
(d) any actions RULES took to remedy the breach; and
(e) any suggested actions to be taken by Data Subjects to protect their Personal Data as a consequence of the breach.
8.2 Means of notification
8.2.1 Any communication given by RULES under this Privacy Policy, in the absence of any express agreement otherwise, shall be:
(a)sent to a Data Subject:
(i) by way of a Notice sent through or published using the API or the Website; (ii) by email to a Data Subject's email address on record with RULES; and (iii) any other form of electronic communication as may be notified to Data Subject from time to time; and
(b) deemed to be received at the time it is sent by RULES.
8.2.2 Any communication given by the Data Subject to RULES pursuant to this Privacy Policy, and in the absence of any in writing agreement, shall be made using any of the means of communications made available to the Data Subject on the Platform, through the Website or the API, by email, or as directed, by RULES from time to time.
8.2.3 Any communication on the Platform between Users is monitored by RULES.
8.3 English language requirement
8.3.1 All communications between a Data Subject and RULES shall be in English and every document or any information provided is required to be provided by a Data Subject to RULES, or provided by RULES to a Data Subject, must be in the English language.
Chapter 9 Amendment of this Privacy Policy
9.1.1 RULES may, from time to time, amend this Privacy Policy by publishing the amended policy on its Website at www.bumba.global RULES will send to the Data Subject a Notice of such update, along with a link to the updated Privacy Policy.
Schedule 1 – Glossary and interpretation
Interpretation
1. In this Privacy Policy and unless otherwise specified, references to:
a. “User” is to persons who hold an Account for trading on the Platform and to whom RULES provides its Services pursuant to the User Agreement, and who have agreed to for this Privacy Policy to be binding on them;
b. “writing” includes any record capable of being published, whether or not in electronic form;
c. a “person”, whether capitalised or not, shall include a natural person and a legal Person , or as the context otherwise requires;
d. “legislation”, includes such legislation as amended, extended, consolidated, substituted or re-enacted from time to time;
e. “Rules”, “Sections”, “Chapters”, “Parts” and “Schedules” are to those found in this Privacy Policy;
f. “including”, “include” and “not limited to” or any similar expression in any phrase shall be construed as illustrative only and shall not limit the words preceding that term;
g. time is a reference to the standard time in British Virgin Islands; and
h. a “day”, “week”, “month”, “year” are to be construed by reference to the Gregorian calendar;
i. an act or course of conduct shall include positive acts and omissions;
j. terms importing the singular include the plural and vice versa; and
k. terms defined in the DP Laws and Regulations have the same meaning as in those DP Laws and Regulations.
2. The table of contents and the headings of chapters, schedules and rules are provided for ease of reference only and shall not affect the interpretation of this Privacy Policy.
3. Subject to any rights of review or appeal to a tribunal or the BVI Courts that may be prescribed in BVI legislation or FSC Rules, the decision of RULES shall be final in relation to the interpretation of these Rules.
Glossary
| Term | Meaning |
|---|---|
| BVI | British Virgin Islands |
| Standard Contractual Clauses | means model contracts for the transfer of personal data from the European Union (EU) to non-EU Countries adopted by the European Commission. |
| RULES | means Rules Holdings BVI Ltd. a company limited by shares incorporated in the BVI (with company number 1970684) and all its affiliates. |
| BVI DP law | means the Virgin Islands Data Protection Act 2021, (and regulations made thereunder), as amended from time to time. |
| AML | means anti-money-laundering, which is construed to include counter terrorist financing. |
| API | means Application Programming Interface which is a connectivity function that allows a User to operate its Account on the Platform without using the Website. |
| Authorised Representative | means a representative of a User authorised to operate the User’s Account or as context requires, the authorised representative of a Data Subject. |
| Business Day | means a day other than a Saturday and a Sunday, on which banks in the BVI and Brazil are generally open. |
| Competent Authority | means any regulatory, judicial, law enforcement or public authority, whether inside or outside the BVI, which has jurisdiction in relation to RULES’s processing of Personal Data. |
| Data Controller | has the meaning assigned to it under the BVI DP law. |
| Data Subject | means a natural person, whether living or deceased, and as this definition is amended in the BVI DP law from time to time, whose Personal Data is processed by RULES, and which may include, among others, Users and potential clients. |
| DP Laws and Regulations | means the relevant data protection legislation which, including: • the BVI Law; • the LGPD; • the GDPR; and • the PDPL as these may apply may apply to RULES’s Processing of a Data Subject’s Personal Data. |
| Financial Crime | means money laundering, terrorist financing, evasion of economic sanctions, tax evasion, bribery and corruption, including but not limited to the crimes of money laundering and terrorist financing, and behaviour which may amount to Market Abuse, as defined by the FATF and the applicable laws of the BVI and other jurisdictions in which RULES operates, |
| GDPR | means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, as amended from time to time. |
| Information Commissioner | means the authority in the BVI tasked with administrating the BVI DP law. |
| Notice | means a communication from RULES made using appropriate means. |
| Personal Data | means any information in respect of commercial transactions, which: (a) is being processed wholly or partly by means of equipment operating automatically in response to instructions given for that purpose; (b) is recorded with the intention that it should wholly or partly be processed by means of such equipment; or (c) is recorded as part of a relevant filing system or with the intention that it should form part of a relevant filing system, that relates directly or indirectly to a Data Subject, who is identified or identifiable from that information, or from that and other information in the possession of a data user, including any Sensitive Personal Data and expression of opinion about the Data Subject. |
| Platform | means the multilateral trading facility operated by RULES. |
| Privacy Policy | means this policy of RULES policy for processing the personal data of Users when providing the Services. |
| Processing | in relation to Personal Data, means collecting, recording, holding or storing the personal data or carrying out any operation or set of operations on the personal data, including the: (a) organisation, adaptation or alteration of personal data; (b) retrieval, consultation or use of personal data; (c) disclosure of personal data by transmission, transfer, dissemination or otherwise making available; or (d) alignment, combination, correction, erasure or destruction of personal data. |
| Services | means the services provided by RULES to its Users under the User Agreement. |
| Sensitive Personal Data | means any Personal Data about a Data Subject’s (a) physical or mental health; (b) sexual orientation; (c) political opinions; (d) religious beliefs or other beliefs of a similar nature; (e) criminal convictions, the commission or alleged commission, of any offence; or (f) any other Personal Data that a Minister may by Order prescribe. |
| User | means a person admitted to trading on the Platform. |
| User Agreement | means the agreement entered into between RULES and a User for the provision of Services as provided for under such agreement. |
| Website | means the website operated by RULES which relates to the provision of the Services, and which provides an interface for the User to access and use the Platform and receive Notices, and any other functionality as RULES makes available to Users from time to time. |