GDPR Compliance

From Bittylicious
Jump to navigation Jump to search

Bittylicious follows the GDPR, the General Data Protection Regulation. Our compliance with all of the UK's Information Commissioner's Office regulations fulfils most of the requirements already, and this has been enhanced to comply with the GDPR.

Information shared with others

Information about your user account needs to be shared with brokers on the platform you trade with in order for trades to be successful. This is necessary for the functioning of the platform.

The information that all brokers you trade with will see is:

  • Real name.
  • Company name.
  • Email address.
  • Verification status (e.g. that you have had your ID verified).
  • Statistics (e.g. number of cancelled trades).

If it is felt necessary, we will, on request, also share the following data with brokers. This is generally if a trade is not complete and you are not responding via the website.

  • Telephone number.
  • Full address.
  • Basic IP information.

We do not share the following information, unless required to do so by law or as part of legal proceedings:

  • Date of birth.
  • Nationality.
  • Country of birth.
  • Uploaded documents.

Process your data fairly, lawfully and transparently

Bittylicious processes personal data for all people and entities in an equal manner. Bittylicious is registered with the ICO and at any time, we are happy to give you information on what information we hold on your account.

The ICO requires a legal basis for processing data, and this is Consent, i.e. that the individual has given clear consent for you to process their personal data for a specific purpose.

Users directly enter their own personal data and upload documents. The fact that this is initiated by the user is implicit consent for Bittylicious to process their personal data. The fact that we process personal data is also detailed in our terms and conditions. We do not sell data to anybody, and the specific purpose is solely for use with Bittylicious's services.

Only process the data you need to

The principle of data minimisation states that organisations should only process the personal data that is needed to achieve its processing purposes. We require significant information from users from both an anti-fraud point of view and also for compliance with card providers on our platform. In addition, we follow industry best practices for financial institutions in terms of KYC and AML processes.

Keep your data secure

Bittylicious details publicly how we store information, and believe these practices go above and beyond many other providers.

Ensure your data is accurate

Users on Bittylicious are welcome to update their information at any time. When there may be inconsistencies, e.g. a proof of address document no longer matching the new address, we ask for updated versions. Users are welcome to point out any errors in addition and they can be changed, but most details of a user can be changed by the user themselves.

Store your data appropriately

Personal data needs to be kept on file for a significant amount of time in order to handle issues where they may be fraud months after a transaction was made, and also for best practice reasons. However, we do detail how users can request to have their personal data erased and the timescales in which this erasure happens.