4M Privacy Statement
Welcome to the 4M Privacy Statement (hereinafter referred to as "this Privacy Statement"). Please take a few minutes to read it carefully before providing any information about yourself or anyone else to us.
I. Introduction
We respect your privacy and are committed to protecting your personal data. We treat our data protection responsibilities with the utmost seriousness (details of which can be found in Section III below).
II. Purpose
This Privacy Statement describes how we collect and process your personal data, as well as the reasons and methods of our collection and processing of your personal data. For details, please refer to the relevant content in Section III below:
Using any of our products, services, or applications (collectively referred to as "Services");
Accessing or using our https://www.4m.com website (hereinafter referred to as the "Website") or mobile application (hereinafter referred to as the "Application").
This Privacy Policy applies to all our personal data processing activities conducted within the Services and the Application. This Privacy Statement informs you about your privacy rights and how the data protection principles set forth in applicable privacy regulations protect your privacy.
When we collect or process your personal data, it is essential that you read this Privacy Statement along with any other statements or policies we may provide from time to time, so that you are fully informed about why and how we use your data. This Privacy Statement supplements other statements and policies and is not intended to override them. In the event of any conflict between this Privacy Statement and other statements and policies, the terms of this Privacy Statement shall prevail.
Important Note: Our Services, Website, and Application are not directed to minors under the age of 18, and we do not knowingly collect data relating to minors.
III. About 4M
Data Controller
The controller of your personal data is the legal entity that determines the "means" and "purposes" of any processing activities conducted. 4M is the controller and is responsible for processing your personal data.
Complaint Channels
If you encounter any problems regarding the processing of personal data, please contact us by sending an email to support@4m.com.
Responsibilities and Changes
Our Responsibility: We regularly review our Privacy Statement. The last update date of this version is as stated above. Please check the new version of the Privacy Statement from time to time. In addition, if there are any material changes to this Privacy Statement, we will also notify you in an effective manner to bring these changes to your attention.
Your Responsibility: The personal data we hold about you must be accurate and updated in a timely manner. If your personal data changes during your cooperation with us, please notify us promptly.
Third-Party Links
This Website and any applicable web browsers, apps, or application programming interfaces (hereinafter referred to as "Applications") required to access the Services may contain links to third-party websites, plug-ins, and applications (hereinafter referred to as "Third-Party Websites"). Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these Third-Party Websites and are not responsible for their privacy statements and policies. When you leave our Website or Application, we recommend that you read the privacy statement or policy of each Third-Party Website you visit or use.
IV. What Data We Collect About You
Personal Data
Personal data or personal information refers to any information relating to an identified or identifiable living individual. This includes information you provide to us, information collected automatically about you, and information we obtain through third parties.
"Data Subject" refers to an individual who can be identified, directly or indirectly, by personal data. This usually refers to an identifier such as a name, an identification number, location data, an online identifier, or one or more specific factors related to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
We collect the following types of information from you:
Identity Data: Full name, maiden name, username or similar identifier, date of birth, biometric information (including your facial visual image), national identity card, passport, driver''s license, or other forms of identification documents.
Contact Information: Country of residence, email address, phone number, proof of address documents (if applicable).
Financial Data: Bank account, payment card details, virtual currency account, stored-value account.
Transaction Data: Details of transactions with you, and other details of any transactions you conduct using the Services, Website, or Application.
Technical Data: Internet connection data, Internet Protocol (IP) address, operator and carrier data, login data, browser type and version, device type, category and model, time zone settings and location data, language data, application version and SDK version, browser plug-in types and versions, operating system and platform, diagnostic data (such as crash logs and any other data we collect for measuring technical diagnostics), and other information stored on or available from your device that you allow us to access when you visit this Website or use the Services or Application.
Profile Data: Username and password, identification code as our user, information about whether you possess a 4M application account and the email associated with the account, your requirements for products or services, your interests, preferences, and feedback, and other information generated when you communicate with us (such as information generated when you submit a request to our customer support department).
Usage Data: Information about how you use the Website, Services, mobile application, and other products we provide, including device download time, installation time, type and time of interactions, event time, name, and source.
Marketing and Communications Data: Your preferences in receiving marketing information from us or third parties, your communication preferences, and your survey responses.
Special Category Data Description: As mentioned in the "Identity Data" section above, we will also collect your facial visual image and use it together with our subcontractors (see the "Disclosure of Your Data" section below) to check your identity for user onboarding and fraud prevention purposes. This data belongs to special category data.
V. How We Collect Your Data
We use different methods to collect information from you, including through the following ways:
Direct Interactions: You may provide us with your Identity Data, social identity data, Contact Information data, Financial Data, Profile Data, as well as Marketing and Communications Data by interacting directly with us (including filling out forms, or providing your visual image through the Services, email, or other means). This includes personal data you provide when:
Visiting our Website or Application;
Applying for our Services or creating an account;
Using any of our Services;
Requesting marketing information to be sent to you (such as subscribing to our newsletter);
Participating in competitions, events, or surveys (including through social media channels);
Providing feedback to us or contacting us.
Automated Technologies or Interactions: When you interact with us through our Website or Application, we will automatically collect Technical Data about your device, browsing actions, and patterns. We collect this personal data by using cookies, server logs, and other online identifiers. We will also collect Transaction Data and Usage Data. If you visit other websites that use our cookies, we may also receive Technical Data as well as Marketing and Communications Data about you.
Social Media Widgets and Similar Links: Our Website may contain links, social media plug-ins, "widgets", tweets, "share", and "like" buttons connected to social media platforms such as Facebook, X (Twitter), Instagram, Threads, Discord, LinkedIn, Reddit, and Telegram.
VI. How We Use Your Data
Legal Basis
We will only use your personal data when applicable law allows us to. In other words, we must ensure that such use has a legal basis. We typically use your personal data in the following circumstances:
Performance of a Contract: Refers to the processing of your data that is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into such a contract; we provide Services based on this;
Legitimate Interests: Refers to the interests of our business (or a third party), and we ensure that when using this basis, we do not override your interests and personal rights over these interests;
Compliance with Legal Obligations: Refers to processing your personal data where we need to comply with a legal obligation;
Consent: Refers to the free, specific, informed, and unambiguous expression of your will, by which you signify agreement to the processing of personal data relating to you by a statement or a clear affirmative action.
Purposes for Which We Will Use Your Personal Data
Below, we describe in text form the ways we plan to use your personal data, along with the legal bases and legitimate interests we rely on to do so:
1.1 Customer Registration and Account Opening
Purpose of Processing: To register you as a new customer.
Data Category: Identity Data, Contact Data, Financial Data.
Legal Basis: Performance of a contract.
1.2 Fulfilling Anti-Money Laundering Compliance Obligations
Purpose of Processing: To fulfill and comply with Anti-Money Laundering (AML) requirements.
Data Category: Identity Data, Contact Data, Financial Data, Transaction Data, Technical Data, Profile Data.
Legal Basis: Compliance with legal obligations.
1.3 Service Delivery and Order Execution
Purpose of Processing: To process and deliver our Services and any application features, including executing, managing, and processing your instructions or orders.
Data Category: Identity Data, Contact Data, Financial Data, Transaction Data, Technical Data.
Legal Basis: Performance of a contract.
1.4 Service Security and Fraud Prevention
Purpose of Processing: To prevent the abuse of our Services and activities.
Data Category: Identity Data, Contact Data, Financial Data, Transaction Data, Technical Data, Marketing and Communications Data.
Legal Basis (including Legitimate Interests): Processed based on legitimate interests, specifically to ensure the security and integrity of our Services by detecting and preventing fraud and unauthorized activities, thereby protecting our business and customers.
1.5 Customer Relationship Management
Purpose of Processing: To manage our relationship with you, including requesting reviews, inviting you to participate in surveys, or informing you about company and product developments.
Data Category: Identity Data, Contact Data, Profile Data, Transaction Data, Marketing and Communications Data.
Legal Basis: Performance of a contract, or obtaining your consent when required by laws and regulations.
1.6 Record Maintenance and Product Optimization
Purpose of Processing: To keep our records up to date and to study how customers use our products/services.
Data Category: Identity Data, Contact Data, Profile Data, Transaction Data, Technical Data, Marketing and Communications Data.
Legal Basis (including Legitimate Interests): Processed based on legitimate interests, specifically to maintain accurate customer records to provide effective services, make informed business decisions, and improve products by understanding customer interactions; or obtaining your consent when required by laws and regulations.
1.7 Payment and Fee Management
Purpose of Processing: To manage, process, collect, and transfer payments, fees, and charges.
Data Category: Identity Data, Contact Data, Financial Data, Transaction Data.
Legal Basis: Performance of a contract.
1.8 Legal Compliance and Financial Crime Prevention
Purpose of Processing: To comply with applicable laws and handle complaints (including risk management, financial crime prevention, account security, and KYC facial scans, etc.).
Data Category: Identity Data, Contact Data, Financial Data, Transaction Data, Technical Data, Profile Data, Usage Data, Sensitive Data (i.e., special category data, such as biometric information including facial recognition).
Legal Basis (including Legitimate Interests):
Compliance with legal obligations or performance of a contract;
Processed based on legitimate interests, specifically to ensure that proceeds of crime are not processed, illegal or fraudulent activities are not assisted, systems responding to financial crime are strengthened, and complaints are effectively resolved;
The lawfulness of special category data (sensitive data) is based on processing for reasons of substantial public interest.
1.9 Marketing Activities and Survey Participation
Purpose of Processing: To enable you to participate in prize draws, competitions, or surveys.
Data Category: Identity Data, Contact Data, Profile Data, Usage Data, Marketing and Communications Data.
Legal Basis: Performance of a contract, or obtaining your consent when required by laws and regulations.
1.10 Market Research and Customer Behavior Analysis
Purpose of Processing: To collect market data to study customer behavior, including preferences, interests, and their use of products/services.
Data Category: Identity Data, Contact Data, Profile Data, Usage Data, Marketing and Communications Data.
Legal Basis (including Legitimate Interests): Processed based on legitimate interests, specifically to understand our customers to improve our products and services.
1.11 System Operations and Business Protection
Purpose of Processing: To manage and protect our business, website, application, and social media channels, including troubleshooting, data analysis, system maintenance, support, etc.
Data Category: Identity Data, Contact Data, Financial Data, Technical Data, Transaction Data, Usage Data.
Legal Basis (including Legitimate Interests): Processed based on legitimate interests, specifically to run our business, provide administrative and IT services, ensure network security, prevent fraud, and manage business or group restructurings.
1.12 Advertisement Placement and Effectiveness Measurement
Purpose of Processing: To deliver relevant website content and advertisements to you and to measure the effectiveness of advertisements.
Data Category: Identity Data, Contact Data, Profile Data, Usage Data, Technical Data, Marketing and Communications Data.
Legal Basis (including Legitimate Interests): Processed based on legitimate interests, specifically to study how customers use products/services, conduct product development, grow our business, and formulate marketing strategies; or obtaining your consent when required by laws and regulations.
1.13 User Experience Enhancement
Purpose of Processing: To use data analysis to enhance our website, products/services, marketing, and user experience.
Data Category: Technical Data, Usage Data, Marketing and Communications Data.
Legal Basis (including Legitimate Interests): Processed based on legitimate interests, specifically to identify customer types for products and services, keep our website updated and relevant, grow our business, and inform marketing strategies; or obtaining your consent when required by laws and regulations.
1.14 Personalized Recommendations
Purpose of Processing: To make suggestions and recommendations to you about goods or services that may be of interest to you.
Data Category: Identity Data, Contact Data, Technical Data, Usage Data, Profile Data, Marketing and Communications Data.
Legal Basis (including Legitimate Interests): Processed based on legitimate interests, specifically to develop our products/services and grow our business; or obtaining your consent when required by laws and regulations.
1.15 Social Media and Advertising Platform Services
Purpose of Processing: To use the services of social media or advertising platforms (some platforms will use personal data for their own marketing purposes).
Data Category: Technical Data, Usage Data.
Legal Basis: Obtaining your consent.
1.16 Third-Party Professional Institution Services
Purpose of Processing: To use the services of financial institutions, crime and fraud prevention agencies, and risk measurement companies (the aforementioned institutions or companies process data for their own purposes as independent data controllers).
Data Category: Identity Data, Contact Data, Financial Data, Transaction Data, Technical Data, Usage Data.
Legal Basis (including Legitimate Interests): Processed based on legitimate interests, specifically to conduct business in the financial services market and actively contribute to the prevention of crime and fraud.
Automated Decision-Making
What is automated decision-making? Automated decision-making generally refers to decisions made automatically based on software algorithms, without human intervention, that may have an effect on you. For example, we use automated decision-making to complete the onboarding process for new customers or to conduct anti-fraud monitoring.
Why is automated decision-making important to you? Depending on the specific circumstances, the use of your personal data may result in automated decisions that have legal effects or similarly significant effects on you (including profile analysis).
How do we protect your interests? We safeguard personal rights through appropriate measures. When an automated decision is made regarding you, you have the right to object to that decision. If you require more detailed information or wish to exercise this right, please contact us.
Marketing and Third-Party Marketing
We may use your identity, contact information, technical, transaction, usage, and profile data to form a view on what products we think you may want, need, or be interested in.
You will receive marketing communications from us if you have requested information from us and agreed to receive marketing communications, or if you have purchased products from us and have not opted out of receiving such communications.
Before sharing your personal data with any third party for marketing purposes, we will obtain your express consent first.
Opt-out
You can choose to opt out of marketing communications at any time through the opt-out link on any marketing communication sent to you. In addition, you can also log into the system and cancel marketing communications in the notifications. In the event that you choose to opt out of receiving marketing communications, this setting does not apply to service communications directly related to the use of our services (such as maintenance, changes to terms and conditions, etc.).
Cookies
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of the Services or Website may become inaccessible or fail to function properly.
Change of Purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis that allows us to do so.
Sale or Transfer of Business
We may also need to process your data during negotiations for, or in connection with, any merger, financing, acquisition, bankruptcy, dissolution, transaction, or proceeding involving the sale or transfer of all or a part of our shares, business, or assets. This will be based on our legitimate interests in conducting such transactions, or to fulfill our legal obligations.
VII. Disclosure of Data
We may share your personal data with our third-party service providers, agents, subcontractors, and other relevant organizations, our group companies, and affiliates to complete tasks and provide Services and Applications to you on our behalf. When using third-party service providers, they must respect the security of your personal data and treat it in accordance with the law.
We transfer your personal data to the following entities:
Companies and organizations that assist us in processing, verifying, or refunding your transactions/orders and providing any services you request;
Identity verification institutions (to conduct necessary verification checks);
Fraud or crime prevention agencies to help combat criminal acts including fraud, money laundering, and terrorist financing;
Anyone to whom we legally transfer or may transfer our rights and obligations under the relevant terms and conditions of using any services;
Any third party resulting from any restructuring, sale, or acquisition of our group or any affiliates (provided that any recipient uses your information for the same purposes for which it was originally provided);
And regulatory and law enforcement agencies, whether inside or outside the Republic of Seychelles, where we are permitted or required by law to do so.
Specific Note on the Use of Blockchain
The blockchain technology used in providing certain services operates on a decentralized network, where transactions are recorded in an unalterable and transparent manner. This characteristic ensures the integrity and security of data stored on the blockchain. However, it also means that once data is added to the blockchain, it is virtually impossible to remove or delete it.
VIII. International Transfers (Cross-Border Data Flows)
Many of our external third parties are located outside the Republic of Seychelles, so their processing of your personal data will involve a transfer of data outside the Republic of Seychelles. Whenever we transfer your personal data out of the Republic of Seychelles, we ensure a similar degree of protection is afforded to your personal data by ensuring at least one of the following safeguards is implemented:
We will transfer your personal data to countries that have been deemed by the European Commission to provide an adequate level of protection for personal data;
Specific contracts approved by the European Commission, the Information Commission, or other competent authorities which give safeguards to the processing of personal data, the so-called "Standard Contractual Clauses", are adopted.
IX. Data Security
While there are inherent risks in sharing any data over the Internet, we have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, damaged, or accessed, altered, or disclosed in an unauthorized or illegal way. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a reasonable business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
Depending on the nature of the risks posed by the intended processing of your personal data, we will adopt the following appropriate security measures:
Organizational Measures: Including but not limited to staff training and policy formulation;
Technical Measures: Including but not limited to the physical protection, pseudonymization, and encryption of data;
Ongoing Availability and Reliability: Including but not limited to ensuring appropriate backups of personal data.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any relevant regulator where we are legally required to do so.
X. Data Retention
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data, whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, or other requirements.
Examples of factors we typically consider when determining how long we need to retain your personal data:
In the event of a complaint, or if we reasonably believe there is a possibility of litigation (for example, email addresses and content, chat logs, and correspondence will be retained for up to 10 years after the end of our relationship, depending on the applicable limitation periods in your country);
According to the Anti-Money Laundering and Countering the Financing of Terrorism Act, we are obligated to retain your personal data for at least 7 years after the relationship between the company and you as a customer ends; under certain circumstances, this period may be further extended as prescribed by applicable law;
When it is necessary to provide information for purposes such as audits;
According to relevant industry standards or guidelines and the legitimate business need to prevent activities from being abused.
XI. Your Legal Rights
The rights you enjoy depend on the reasons why we process your personal data. You may exercise the following rights in accordance with the law:
Request access to your personal data;
Request correction of information you consider inaccurate or completion of information you consider incomplete;
Request erasure (cancellation or deletion) of your personal data (please note that for certain statutory reasons we may not always be able to comply with your request for erasure, which will be clearly notified to you at the time. Meanwhile, please refer to the specific note on blockchain characteristics);
Object to processing of your personal data (based on legitimate interests or for direct marketing purposes);
Request reconsideration of automated decision-making (when a decision is made solely by automated means and has a significant impact on you);
Request restriction of processing of your personal data (for example, suspending processing while verifying accuracy or involving legal claims);
Request data transfer (providing data to you or a third party in a structured, commonly used, machine-readable format);
Withdraw consent at any time (on the premise that we process data based on your consent; withdrawal does not affect the lawfulness of previous processing);
Complain to competent authorities (such as the Seychelles Information Commission or your local data protection authority).
No Fee Usually Required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded or excessive, or refuse to comply with your request in such circumstances.
Time Limit to Respond to Legitimate Requests
Taking into account the requirements of various privacy laws, we aim to respond to legitimate requests within one month. Please note that when you request to exercise legal rights related to your personal data, we may require you to provide some necessary details to verify your identity.