Tobu Finance Limited ("we", "our", or "Tobu Finance") is committed to ensuring the privacy and security of your personal data. This Privacy Policy explains how we collect, process, store, and share personal information when you use our services, in compliance with General Data Protection Regulation (GDPR), Digital Operational Resilience Act (DORA), and Anti-Money Laundering (AML) requirements.Tobu Finance Limited is a company registered in Malta, under registration number C 110168, with its registered office at CF Business Centre, Level 3, Triq Gort, St Julians, STJ 3063, Malta.If you have any questions regarding this Privacy Policy, you can contact us at legal@tobufinance.com
We collect and process personal data necessary to provide our services securely and comply with regulatory obligations. This includes:
2.1 Personal Identification Data
✔Full name
✔Date of birth
✔Residential address
✔Nationality
Email and phone number
2.2 Verification Data (KYC/KYB & AML Compliance)
✔Government-issued identity documents (passport, ID card, driver’s license)
✔Proof of address (utility bill, bank statement)
✔Business registration details (for corporate users)
✔Ultimate Beneficial Owner (UBO) information
2.3 Financial & Transaction Data
✔IBAN and bank details
✔Transaction history and payment details
2.4 Technical & Usage Data
✔IP address
✔Browser type and device information
✔Login timestamps and access logs
We process your data for the following purposes:
3.1 Legal & Regulatory Compliance
✔ KYC/KYB & AML compliance – To verify your identity and comply with
✔Anti-Money Laundering (AML) and Counter-Terrorism Financing (CFT) regulations.
✔ Fraud Prevention – To detect and prevent fraudulent activities, including identity theft.
✔ Regulatory Obligations – To comply with laws such as DORA and GDPR.
3.2 Service Provision
✔ Account creation and authentication – To allow you to register and use our services.
✔ Payment processing – To facilitate transactions securely.
3.3 Security & Risk Management
✔ Transaction Monitoring – To detect suspicious or high-risk activities.
✔ Data protection and fraud detection – To enhance security measures.
3.4 Customer Support & Communication
✔ Providing support – To respond to inquiries and assist users.
✔ Marketing & Service Updates (with consent) – To inform users about updates and promotions.
We process personal data based on the following legal grounds:
✔Performance of a Contract – When data is necessary to provide our services.
✔Legal Obligations – Compliance with AML, GDPR, DORA, and other regulations.
✔Legitimate Interest – Fraud prevention, risk management, and service improvements.
✔User Consent – Where applicable (e.g., marketing communications).
We do not sell or rent personal data. However, we may share data with:
✔Regulatory Authorities – If required by law or financial regulators.
✔Third-party service providers – For identity verification, compliance checks, and fraud monitoring.
✔Financial Institutions & Payment Processors – To process transactions.
✔Fraud Detection & Security Partners – For risk analysis and fraud monitoring.
All partners are required to comply with strict data protection standards.
We retain personal data only for as long as necessary:
✔KYC/KYB Data – Retained for at least 5 years after account closure (as per AML laws).
✔Transaction Data – Retained for as long as required by tax and financial regulations.
✔Marketing Data – Retained until consent is withdrawn.
Once the retention period expires, data is securely deleted or anonymized.
We implement industry-standard security measures to protect user data:
✔ Encryption & Secure Storage – Sensitive data is encrypted in transit and at rest.
✔ Multi-Factor Authentication (MFA) – To prevent unauthorized access.
✔ Real-Time Fraud Monitoring – AI-driven fraud detection and AML screening.
✔ Regular Security Audits – Compliance checks to meet DORA’s ICT risk framework.
Users have the following rights regarding their personal data:
✅ Right to Access – Request a copy of your data.
✅ Right to Rectification – Correct inaccurate or incomplete data.
✅ Right to Erasure (Right to be Forgotten) – Request data deletion (subject to legal obligations).
✅ Right to Restriction – Limit data processing in specific cases.
✅ Right to Data Portability – Obtain a structured, machine-readable copy of your data.
✅ Right to Object – Object to data processing for marketing or legitimate interests.
To exercise these rights, please contact us at legal@tobufinance.com
If we transfer data outside the European Economic Area (EEA), we ensure that:
✔ The recipient country has adequate data protection laws (EU Commission-approved).
✔ Standard Contractual Clauses (SCCs) are in place for data processors.
We may use cookies for:
✔Essential site functionality (login, navigation).
✔Analytics & performance monitoring (Google Analytics, if applicable).
✔Security & fraud prevention (session tracking).
You can manage cookie preferences through your browser settings.
We may update this Privacy Policy periodically. The latest version will always be available on our website.
For any inquiries about this Privacy Policy, please contact us:
📩 Email: legal@tobufinance.com
📍 Registered Office: CF Business Centre, Level 3, Triq Gort, St Julians, STJ 3063, Malta