Personal Data Processing Policy
General Provisions
This Personal Data Processing Policy (“Policy”) establishes the procedure for the collection, use, storage, transfer, and other processing of personal data by the Operator. The Operator is committed to ensuring compliance with prevailing legislation of Great Britain, including the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR).
Definitions
For the purposes of this Policy, the following terms shall have the meanings assigned below:
- “Personal Data” means any information relating to an identified or identifiable natural person (“Data Subject”).
- “Operator” means the entity that determines the purposes and means of the processing of Personal Data.
- “Processing” means any operation or set of operations performed on Personal Data, such as collection, recording, organisation, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, erasure, or destruction.
- “Data Subject” means any individual whose Personal Data is processed by the Operator.
- “Supervisory Authority” means the Information Commissioner’s Office (ICO) in Great Britain.
Legal Grounds for Personal Data Processing
The Operator processes Personal Data in accordance with the following legal bases provided by the UK GDPR and the Data Protection Act 2018:
- Consent of the Data Subject for one or more specific purposes.
- Performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract.
- Compliance with a legal obligation to which the Operator is subject.
- Protection of vital interests of the Data Subject or another natural person.
- Legitimate interests pursued by the Operator or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject.
Categories of Personal Data Processed
The Operator may process the following categories of Personal Data:
- Identity information (e.g., full name, date of birth, nationality)
- Contact information (e.g., address, email address, telephone number)
- Financial information (e.g., payment details for deposits or withdrawals)
- Technical data (e.g., IP address, device information, browser type)
- Usage information (e.g., account activity, session duration)
- Any other data provided by the Data Subject for the use of the Operator’s services
Purposes of Personal Data Processing
Personal Data may be processed for the following purposes:
- Registration and account management
- Verification of identity and age (including Know Your Customer and Anti-Money Laundering requirements)
- Execution and administration of contracts with Data Subjects
- Processing of payments and financial transactions
- Compliance with applicable laws and regulatory requirements
- Customer support and communication
- Detection and prevention of fraud, unlawful or abusive activities
- Improvement of the Website and services provided
Methods of Processing and Data Security
Personal Data is processed by both automated and non-automated means. The Operator implements appropriate technical and organisational measures to ensure a level of security appropriate to risk, including but not limited to:
- Data encryption during transmission and storage
- Access controls and authentication mechanisms
- Regular security assessments and audits
- Data backup and disaster recovery procedures
All employees, agents, and service providers acting on behalf of the Operator are required to maintain confidentiality and security of Personal Data in accordance with this Policy and applicable legislation.
Disclosure and Transfer of Personal Data
Personal Data may be disclosed to the following entities, subject to legal requirements:
- Authorised employees and agents of the Operator
- Payment service providers, identification verification services, and other contractors engaged to provide services
- Regulatory or governmental authorities, where required by law
- Legal advisors, law enforcement agencies, or courts, when necessary to protect the Operator’s legitimate interests or comply with legal obligations
Where Personal Data is transferred to countries or territories outside the United Kingdom, such transfers shall be carried out in compliance with the requirements of the UK GDPR, including the implementation of adequate safeguards such as standard contractual clauses.
Rights of Data Subjects
Data Subjects have the following rights in relation to their Personal Data under the UK GDPR and Data Protection Act 2018:
- Right to access their Personal Data and receive a copy thereof
- Right to rectification of inaccurate or incomplete data
- Right to erasure (“right to be forgotten”), where applicable
- Right to restriction of processing in certain circumstances
- Right to object to processing, including direct marketing
- Right to data portability
- Right to withdraw consent where processing is based on consent
- Right to lodge a complaint with the Information Commissioner’s Office (ICO)
Requests related to the exercise of these rights may be submitted as described in the “Contact Information” section.
Retention Periods
Personal Data shall be retained only as long as necessary to fulfil the purposes for which it was collected, to comply with legal or regulatory obligations, or to assert or defend legal claims. After expiry of the relevant retention periods, Personal Data will be securely deleted or anonymised.
Contact Information
Questions, requests or complaints regarding this Policy or processing of Personal Data may be directed to the Operator via the following contact details:
Address: 100 Bishopsgate, London, EC2M 1GT, United Kingdom
Email: [email protected]
Phone: +44 20 7946 0857
Amendments to this Policy
The Operator reserves the right to amend this Policy at any time in accordance with applicable law. Any changes will be posted on this page with the revised effective date.
Date of last revision: 18 June 2024