Bittylicious follows the GDPR, the General Data Protection Regulation. Our compliance with all of the UK's Information Commissioner's Office regulations fulfils most of the requirements already, although we have made various tweaks.
Specific points related to the GDPR are listed below:
Process your data fairly, lawfully and transparently
Bittylicious processes personal data for all people and entities in an equal manner. Bittylicious is registered with the ICO and at any time, we are happy to give you information on what information we hold on your account.
The ICO requires a legal basis for processing data, and this is Consent, i.e. that the individual has given clear consent for you to process their personal data for a specific purpose.
Users directly enter their own personal data and upload documents. The fact that this is initiated by the user is implicit consent for Bittylicious to process their personal data. The fact that we process personal data is also detailed in our terms and conditions. We do not sell data to anybody, and the specific purpose is solely for use with Bittylicious's services.
Only process the data you need to
The principle of data minimisation states that organisations should only process the personal data that is needed to achieve its processing purposes. We require significant information from users from both an anti-fraud point of view and also for compliance with card providers on our platform. In addition, we follow industry best practices for financial institutions in terms of KYC and AML processes.
Keep your data secure
Bittylicious details publicly how we store information, and believe these practices go above and beyond many other providers.
Ensure your data is accurate
Users on Bittylicious are welcome to update their information at any time. When there may be inconsistencies, e.g. a proof of address document no longer matching the new address, we ask for updated versions. Users are welcome to point out any errors in addition and they can be changed, but most details of a user can be changed by the user themselves.
Store your data appropriately
Personal data needs to be kept on file for a significant amount of time in order to handle issues where they may be fraud months after a transaction was made, and also for best practice reasons. However, we do detail how users can request to have their personal data erased and the timescales in which this erasure happens.