policy Privacy

At The Change, we respect your privacy and are committed to protecting it, preventing any type of misuse of personal information, and ensuring that collection and processing is always done transparently and responsibly, while maintaining your absolute control.
By using our website (https://thechange.ltd), (“Website”), our application programming interface (https://api.thechange.ltd), (“API”), or our telegram bot, you automatically agree to our policy.
This Privacy Policy explains what information may be collected and why, how information is processed, transferred or shared and under what circumstances, how we protect any information we collect, and how you can update, manage, export and delete your information using it. your rights, which we also demonstrate.
The term «Information» as used in this Privacy Policy means any type of information that allows you to directly or indirectly identify it through various identifiers that we may collect or that you may voluntarily provide to us, such as your name, your email address, your IP address or any other method or information that can be used to identify you.
Any use of the Services constitutes your agreement with this Privacy Policy, so please read it carefully and if you do not agree, you should avoid/stop using any of the Services provided by us. If you have any questions, please contact us at Email.

  1. 1. Information collected

    When you access or use our Services, we use a variety of methods to collect information from and about you. We may divide this information into two categories: those that you may provide and those that we may collect.

      1.1 Information you have provided to us

      When using our Services, you may provide us with:

      • Information required for register. In order to access all the features of the Service, you must register an account - a member. When you go through the register process, you must provide an email address and create a password;
      • Information relating to orders placed on our Service;
      • Any data such as email address, postal addresses, etc., by filling out any form when using our Services;
      • Any information and identification documents that we may request from you in accordance with our AML Policy, which is aimed at, among other things, preventing illegal activity and enforcing our Terms of Service.

      During the verification process (KYC), in accordance with our AML Policy, The Change may collect data including, but not limited to, information and photographs of identification documents, your photograph and biometric data such as facial recognition data during health checks or other identity verification steps.

      1.2 Information we may collect

      When you interact with our Services, we may automatically collect technical information about your equipment, the date you accessed our Service, location, IP address and domain name. This information may be obtained by us directly or through third-party services. We may collect this information using cookies, server logs and other similar technologies. The content recorded in the access logs is not used together with the information. It is used as information about the server's operation to improve our Services.
      In addition, we use Google Analytics on our Service. If you would like to learn more about Google Analytics and its Do Not Track policy, please visit google analytics.

      1.3 Cookies

      A cookie is a piece of data that a website can send to your browser, which may then store it on your system. We use cookies on some of our pages to save your preferences and record session information. The information collected is then used to provide a more personalized service to our users. You can adjust your browser settings so that you are notified when you receive a cookie. Please refer to your browser documentation to check whether cookies are enabled on your computer or to set the settings to block cookies.
      Because cookies allow you to use some of the basic functions of the Website, we recommend that you accept them. For example, if you block or otherwise reject our cookies, you will not be able to use products or services on the site that may require you to sign in. It is important to prevent unauthorized access to your password and your computer. You should always sign out after using a shared computer. Information collected through cookies is used by us to evaluate the effectiveness of our site, analyze trends, and administer the platform. Information collected through cookies allows us to determine which parts of our site are most visited and what difficulties visitors may have accessing our site.
      Knowing this, we can improve the quality of your experience on the platform by recognizing and providing more of the most requested features and information, as well as resolving accessibility issues. We also use cookies and/or technology known as web bugs or clear gifs, which are typically stored in emails, to help us confirm receipt and response to our emails and to provide you with a more personalized experience when using our site. Your continued use of this site, as well as any subsequent use, will be considered your consent to the storage of cookies on your device.

  2. 2. Why and when we process your information

    We will use and process your information:

    • For internal business analytics purposes, for research, development and improvement of products;
    • To inform you about changes made to our Services;
    • For marketing purposes, we may send emails to your email address. You may opt out of receiving these emails by following the instructions contained in these emails or by contacting us at Email;
    • To ensure that content from our Service is presented in the most effective manner for you and for your computer; To display content based on your interests;
    • To answer your questions and provide relevant customer services;
    • To verify your identity when and if such a procedure may be required
    • To monitor and protect the security of our information, systems and network;
    • For residents of the European Economic Area (“EEA”), the United Kingdom and Switzerland, in accordance with Article 6 GDPR, we process this information to comply with our legal obligations;
    • When we need it to provide the Services, customer support and personalized features;
    • To protect the security and safety of the Services;
    • Where it is in our legitimate interests (which do not conflict with your rights), such as for research and development, marketing and promotion of the Services;
    • To protect our legitimate rights and interests;
    • When you give us your consent to do so for a specific purpose;
    • When we need to process your information to comply with legal obligations or requests from government or lawful authorities.

    Your information may be processed for risk management purposes, to detect and prevent fraud and illegal activities, and to ensure compliance with all applicable laws. Such processing is part of our anti-money laundering measures and is carried out using automated software or manually. For further information, please refer to our AML/CFT Policy.

  3. 3. To whom, why and when such information may be shared

    Such information may be transferred to law enforcement agencies, officials or third parties:

    • When we are required to do so by a government request, court order, formal request from a competent authority or similar legal procedure.
    • In the good faith belief that disclosure is reasonably necessary to prevent, report and protect against fraud, money laundering, financial loss and other suspected illegal activities.
    • To internally or externally investigate violations of our Terms of Service or any other applicable policies and laws to ensure compliance with our legal obligations.
    • In some cases, processing and transferring your information to partner companies may be necessary to continue providing you with our services.

  4. 4. Duration of data storage

    We retain your personal data and sensitive information only for as long as necessary to achieve the purposes set out in our Privacy Policy or as required by law. This includes retention for identity verification, regulatory compliance and service improvement, among other purposes set out in this Policy.
    For most types of data, including transaction history, contact information, and other personal data, we retain this information for up to five years. Biometric data is typically retained for a shorter period of time, just as long as necessary to verify your identity, or for a maximum of three years from your last interaction with The Change, whichever comes first.
    After the relevant periods have expired or after the specific purposes of data collection have been achieved, your data will be securely and irrevocably destroyed in accordance with our legal requirements.

  5. 5. How we protect your information

    Maintaining your privacy and preventing misuse or unauthorized disclosure of your information is a priority for us, so The Change, with absolute responsibility to its users and their rights, uses a variety of technical, physical and administrative security measures to protect the security and confidentiality of the information you entrust to us.
    We will retain your information in a form that allows us to identify you for no longer than is necessary for the purpose for which the information is processed. We retain your information only for as long as necessary to comply with our legal obligations, resolve disputes, enforce our agreements and rights, and for any other reason as described in the sections above, or if it is technically and reasonably impossible to delete it.
    Upon your request, we will promptly delete your information in relation to your rights as described below in the Your Rights section of this Privacy Policy. To request deletion of your information, please contact us at Email.
    In addition, we cannot ensure or warrant the security or privacy of information you transmit to us or receive from us via the Internet or wireless connection, including email, telephone or SMS, because we have no way to protect this information once it is transmitted and until it reaches us.
    Your data will not be sold, rented, exchanged or otherwise profited from. We will not disclose or distribute your data to third parties except where required by law or for the specific purpose of identity verification as set out in this Policy and the AML Policy.

  6. 6. Children

    We do not intend to solicit or collect information from anyone under the age of 18 or the legal age in your country, if higher. If you are under 18 or the legal age in your country, do not enter any information into our Services.

  7. 7. Explicit consent

    By using our Services, you agree to the collection, storage, processing and use of your personal data as set out in this Policy for purposes such as identity verification, regulatory compliance and service improvement, among others, as set out in this Policy. We are committed to handling your personal data responsibly and in accordance with applicable privacy laws and regulations.
    By agreeing to this Policy, you expressly consent to the processing of your personal data on the terms set out herein. You confirm that you have been informed in writing of the purposes for which your data is collected, the duration of its storage and our commitment to the secure and confidential handling of your information.

  8. 8. Your rights

      8.1 Right of access

      You have the right to access information about your information that is processed by us and you can request a copy of it. This means that we are obliged to provide you with all information regarding what categories of your information we use, how long we store it, who the recipients of this data are and what the purposes of its processing are. The legal basis is Art. 15 of the General Data Protection Regulation.

      8.2 Right to rectification

      If you notice that your information is incomplete, you can provide us with a supplementary statement. If you notice that your information is inaccurate, you can exercise your right to rectification, which means that we are obliged to make substantial corrections. The legal basis is Art. 16 GDPR.

      8.3 Right to erasure

      You have the right to request that we delete your personal information, and we are obliged to do so without undue delay under the following conditions:

      • The information is no longer necessary in relation to the purposes for which it was collected or processed;
      • You withdraw your consent to our Terms of Service and there is no other legal basis for processing;
      • You exercise your right to object;
      • The information was processed unlawfully;
      • The information must be erased for compliance with a legal obligation under Union or Member State law to which the controller is subject.

      The above provisions shall not apply where the processing is necessary for compliance with a legal obligation which requires processing by Union or Member State law to which we are subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us, for the establishment, exercise or defence of legal claims, as well as other exceptions listed in Article 17(3) of the GDPR. The legal basis is Article 17 of the General Data Protection Regulation.
      To request deletion of your personal information, please go to your account dashboard settings and deactivate your account by clicking the «Deactivate Account» button. By deactivating your account, you revoke your consent to our Terms of Service and your account is restricted for future use. Once your account is deactivated, you can contact us at Email with the subject line «Information Erase» to request deletion of your personal information.

      8.4 Right to object

      If there are no compelling reasons for processing your data, you have the right to object to the processing of your information under certain circumstances. In particular, you may object if the processing is intended to:

      • A task performed in the public interest;
      • The exercise of official authority vested in us;
      • Our legitimate interests (or the interests of third parties).
      • When processing is for direct marketing purposes, including profiling, your right to object is absolute and you can exercise it at any time and free of charge. The legal basis is Art. 21 GDPR.

      8.5 Right to restriction

      In addition, you have the right to restrict the processing of information concerning you under the following conditions:

      • The accuracy of the information is contested by you for a period allowing us to verify the accuracy of the information;
      • The processing is unlawful and you object to the erasure of the information and instead request a restriction of its use;
      • We no longer need the information for the purposes of the processing, but you require it for the establishment, exercise or defence of legal claims;
      • You have objected to processing pending the verification whether our legitimate grounds override yours.

      In all the above circumstances, such information shall only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State. The legal basis is Article 18 of the General Data Protection Regulation.

      8.6 Right to file a complaint

      If you believe that our processing of your information is unlawful, you have the right to lodge a complaint with the supervisory authority. The legal basis is Art. 12, par. 4, GDPR. These are the data protection commissioner countries, the contact person responsible for you can be found, for example, at the following URL: https://www.cpdp.bg/

      8.7 Right to data portability

      You have the right to data portability, which means that you have the right to receive the information we process in a structured, commonly used and machine-readable format and to transmit this data to another controller without hindrance from us. The legal basis is Art. 20 GDPR.

      8.8 Right to information

      You have the right to be informed of any correction or deletion of your information or restriction of processing carried out in accordance with Article 16, Article 17(1) and Article 18 of the GDPR, to each recipient to whom the information has been disclosed, unless this is impossible. or requires disproportionate effort. We will inform you of these recipients if you request it. The legal basis is Article 19 of the General Data Protection Regulation.

      8.9 Right to withdraw consent

      You have the right to withdraw your consent to the processing of your data at any time. However, please note that withdrawing your consent may affect your ability to use some of our services. Withdrawal of consent will not affect the lawfulness of data processing based on your consent before its withdrawal.

  9. 9. Policy changes

    This Policy may be changed at our sole discretion without prior notice. We encourage you to review it periodically to stay informed of any changes we may have made. It is your responsibility to read it carefully and check for changes. By using the Services, you accept and agree to the Privacy Policy, Terms of Service and AML Policy.

  10. 10. Contacts

    If you have any questions about our privacy policy or practices, please contact us at Email.