Hello
I participated in the KYC process for Quarkchain ICO. According to your privacy policy (https://quarkchain.io/privacy-policy/) and the GDPR, I have certain rights to my data that I would like to exercise. I have tried contact emails listed but got no answer. Could you please get back at me or should I ask the questions here?
Anybody?
What’s your requirements?
Hi,
Privacy and security are very important to me as I’m sure they are to you.
I participated in the KYC process in 2018 and would thus like to exercise my rights according to your privacy policy listed on your website. I would like to know whether my personal information is still being processed and in accordance to applicable law request erasure of personal information (if it indeed is still being processed or stored). I’ve tried reaching out to (support@quarkchain.org) as it states in your privacy policy one should do if one wishes to exercise these rights but got no response. Thereby forced to reach out through other channels such as this.
Related to the first request, I would like know how kyc data of those that did not purchase during ICO was handled. Was the data of those individuals deleted or stored?
For those that did kyc and purchased during ICO, how long are you required/ intend to store the data?
I would greatly appreciate your help with this issue but perfectly understand if this is outside your role. In that case could you please get me in touch with your data privacy officer or somebody with specific knowledge on this subject.
Thank you very much for your time and apologise for any inconvenience caused.
Short answer: 5 years according to FATF
Yes, I understand and respect the fact that Quarkchain has to comply with certain regulations.
However, I would like to specify that I participated in the KYC process but wasn’t able to participate in the actual ICO. According to FATF recommendations on record keeping, records obtained through CDD should be kept for five(5) years after the business relationship has ended, or after the date of the occasional transaction.
Since we have no business relationship and there was no occasional transaction between quarkchain and myself, I believe that my KYC data, if still held by quarkchain, is held unnecessarily. This is very dangerous as data breach are a common phenomenon today. The GDPR says that no personal identifiable information should be kept longer than necessary and the customer has the right to erasure.
If my data is still stored by quarkchain, I would like to exercise my right to erasure as I believe this to be in accordance with applicable laws and regulations.
As long as you participate in the KYC, the relationship is established and, as a result, to help ensure that we are operating consistent with accepted industry practices and applicable regulatory standards, we have to keep the record for at least 5 years.
Well, alright then I guess.
Thank you for clarifying. And since we are in a business relationship, it would be appreciated if you (Quarkchain) could address such issues on the support email so one wouldn’t need go to such extreme measures just to get a reply.
Now if I may ask, was the KYC done in-house or via a third party? How do you store the data?
Do you plan on deleting the records after the 5 years? It does after all say “at least 5 years”
And just for reference… What role or relation have you with Quarkchain?
Excuse me sir,
A friend of mine was rejected during the kyc verification and wonders if his documents are also stored? Would the relationship has been established in his case as well?
Thanks