Data protection
Bittylicious complies with the data protection laws of the United Kingdom, including the Data Protection Act. Information about your account is held with the strictest security protocols and policies.
Bittylicious is also a registered Data Controller with the Information Commissioner's Office. This registration is required primarily because of some of the personal information we hold, including any identification documents you may upload. Our registration number is ZA027569 and you can search the register to confirm.
We do not sell any of your information to any third parties. We keep all information secure and only will hand over information if required by the laws of the countries in which we operate.
Some of your information, e.g. your real name and email address, are made available to sellers on the Bittylicious system that are directly handling your trade. They are only used for the purpose of completing your specific trade with us and they are not visible to anybody else. Your uploaded personal identification documents are only available to Bittylicious staff.
For technical information on how we store your identity documents, see How are my uploaded documents stored?
Deletion of data
Bittylicious deletes or obfuscates information on a user's account, including uploaded files, at some point after the account has been marked for deletion. Users can do this by choosing to delete their account on the profile page. This process is irreversible.
If the account has never been used for any sort of trade, identifiable data, including uploaded data, is deleted on the next run. This is typically within two days of the deletion request.
If the account has been used for a trade, identifiable data, including uploaded data, is deleted one year after the deletion request. The rationale is that we need to keep this information in case of identified fraud on the account, which can be flagged up a significant time after the trade actually completed. Although banking practices are quite opaque, articles suggest that users can query transactions sometimes up to 13 months after the initial transaction, so this helps us identify fraud patterns.