RUENESSR

Privacy Policy

Effective date: March 2, 2026
OCTOPRO OÜ · Reg. No. 16515516 · Harju maakond, Tallinn, Roseni tn 13, Estonia
Data Controller: OCTOPRO OÜ · Reg. No. 16515516 · Harju maakond, Tallinn, Roseni tn 13, Estonia
Contact: [email protected]

1. General Provisions

1.1. This Privacy Policy defines the procedures for processing personal data of users of the PROSTO.CARDS service.

1.2. Data processing is carried out in accordance with:

  • the General Data Protection Regulation of the EU (GDPR);
  • the legislation of the Republic of Estonia.

1.3. By using the Service, the User agrees to this Policy.

2. Data We Collect

2.1. Identification data:

  • first name, last name;
  • date of birth;
  • citizenship;
  • identity documents (passport, ID card).

2.2. Contact data:

  • email address;
  • phone number;
  • Telegram user ID.

2.3. Financial data:

  • transaction information;
  • operation history;
  • top-up data (RUB / USDT);
  • wallet addresses.

2.4. Technical data:

  • IP address;
  • device, OS, browser;
  • device fingerprint;
  • activity logs.

2.5. Biometric data (when required):

  • photo/video (selfie, liveness check).

3. Purposes of Processing

We process data for the following purposes:

  • provision of services (card issuance and management);
  • KYC / AML verification;
  • fraud prevention;
  • compliance with requirements of partners and regulators;
  • service analysis and improvement;
  • communication with Users.

4. Legal Bases for Processing (GDPR)

We process data based on:

  • Performance of a contract (Art. 6(1)(b) GDPR);
  • Compliance with legal obligations (Art. 6(1)(c) GDPR);
  • Legitimate interests (Art. 6(1)(f) GDPR), including:
    • fraud prevention;
    • risk management;
    • business protection.

5. Data Sharing with Third Parties

5.1. We may share data with:

  • banks and card issuers;
  • payment systems (e.g. Visa / Mastercard);
  • KYC/AML verification providers;
  • cloud service providers;
  • law enforcement agencies (upon lawful request).

5.2. Data transfer outside the EU is carried out using:

  • Standard Contractual Clauses (SCC);
  • other GDPR-compliant mechanisms.

6. Automated Decisions and Scoring

6.1. The Service uses automated systems for:

  • anti-fraud analysis;
  • risk scoring;
  • transaction monitoring.

6.2. This may result in:

  • account blocking;
  • service refusal;
  • operation restrictions.

6.3. Such decisions may be made without human intervention.

7. Data Retention

7.1. Data is stored:

  • for the duration of Service use;
  • and up to 5 years after termination (AML requirements).

7.2. In certain cases the retention period may be extended as required by law or regulatory obligations.

8. User Rights

The User has the right to:

  • access their data;
  • rectify inaccurate data;
  • erasure ("right to be forgotten");
  • restriction of processing;
  • data portability;
  • lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).

Requests should be sent to: [email protected]

9. Limitation of Rights

9.1. User rights may be limited when necessary for:

  • fraud prevention;
  • compliance with AML/CTF requirements;
  • protection of the Service's rights and legitimate interests;
  • fulfilling obligations to partners and regulators.

10. Cookies and Tracking

10.1. We use:

  • cookies;
  • analytics tools;
  • behavioral tracking systems.

10.2. This is necessary for:

  • security;
  • abuse prevention;
  • UX improvement.

11. Security

11.1. We implement:

  • encryption (AES-256, TLS);
  • access controls;
  • monitoring and logging.

11.2. However, absolute security cannot be guaranteed. The User acknowledges inherent risks of digital data processing.

12. Changes to This Policy

The Service may amend this Policy at any time. The current version is always published on the website. Continued use of the Service constitutes acceptance.

13. Contact

For data-related inquiries:

OCTOPRO OÜ
Harju maakond, Tallinn, Roseni tn 13
Email: [email protected]