Data protection: Difference between revisions

From Bittylicious
Jump to navigation Jump to search
No edit summary
 
(5 intermediate revisions by 2 users not shown)
Line 1: Line 1:
Bittylicious complies with the data protection laws of the United Kingdom, including the [https://www.gov.uk/data-protection Data Protection Act]. Information about your account is held with the strictest security protocols and policies.
Bittylicious complies with the [https://www.gov.im/about-the-government/data-protection-gdpr-on-the-isle-of-man/legislation/ data protection laws] of the Isle of Man, including the [https://www.legislation.gov.im/cms/images/LEGISLATION/PRINCIPAL/2018/2018-0010/DataProtectionAct2018_1.pdf Data Protection Act 2018]. Information about your account is held with the strictest security protocols and policies.


Bittylicious is also a registered [http://www.ico.org.uk/for_organisations/data_protection/the_guide/key_definitions Data Controller] with the [http://www.ico.org.uk/ Information Commissioner's Office]. This registration is required primarily because of some of the personal information we hold, including any identification documents you may upload. Our registration number is ZA027569 and you can [http://www.ico.org.uk/esdwebpages/search search the register] to confirm.
Bittylicious is also a registered as a Data Controller with the [https://www.inforights.im/ Information Commissioner]. This registration is required primarily because of some of the personal information we hold, including any identification documents you may upload. Our reference number is R002897 and you can [https://www.inforights.im/contact-us/ contact] the Information Commissioner to confirm.


We do not sell any of your information to any third parties. We keep all information secure and only will hand over information if required by the laws of the countries in which we operate.
We do not sell any of your information to any third parties. We keep all information secure and only will hand over information if required by the laws of the countries in which we operate.
Line 11: Line 11:
==Deletion of data==
==Deletion of data==


Bittylicious deletes or obfuscates information on a user's account, including uploaded files, at some point after the account has been marked for deletion. Users can do this by choosing to delete their account on the profile page. This process is irreversible.
Paragraph 33 of the [https://www.gov.im/media/470621/anti-moneylaunderingandcounteringthefinancingofterrorismcode2015.pdf Anti-Money Laundering and Countering the Financing of Terrorism Code 2015] requires Bittylicious to store user data for at least 5 years even after accounts are marked as deleted. Following common industry practice, we retain data for 5 years from the date of deletion.


If the account has never been used for any sort of trade, identifiable data, including uploaded data, is deleted on the next run. This is typically within two days of the deletion request.
When the account is marked as deleted, we set a flag meaning the account can no longer be registered again. After 5 years, any sort of identifiable data, including uploaded data, will be automatically deleted.


If the account has been used for a trade, identifiable data, including uploaded data, is deleted one year after the deletion request. The rationale is that we need to keep this information in case of identified fraud on the account, which can be flagged up a significant time after the trade actually completed. Although banking practices are quite opaque, articles suggest that users can query transactions sometimes up to [http://www.telegraph.co.uk/finance/personalfinance/bank-accounts/6338659/Bank-payments-13-months-to-dispute-suspicious-transactions.html 13 months after the initial transaction], so this helps us identify fraud patterns.
'''Note: From 10th January 2020, customer data will be stored for 10 years from the date of deletion due to compliance with money laundering regulations'''.


==Cookíes==
==Cookíes==

Latest revision as of 10:39, 5 May 2023

Bittylicious complies with the data protection laws of the Isle of Man, including the Data Protection Act 2018. Information about your account is held with the strictest security protocols and policies.

Bittylicious is also a registered as a Data Controller with the Information Commissioner. This registration is required primarily because of some of the personal information we hold, including any identification documents you may upload. Our reference number is R002897 and you can contact the Information Commissioner to confirm.

We do not sell any of your information to any third parties. We keep all information secure and only will hand over information if required by the laws of the countries in which we operate.

Some of your information, e.g. your real name and email address, are made available to sellers on the Bittylicious system that are directly handling your trade. They are only used for the purpose of completing your specific trade with us and they are not visible to anybody else. Your uploaded personal identification documents are only available to Bittylicious staff.

For technical information on how we store your identity documents, see How are my uploaded documents stored?

Deletion of data

Paragraph 33 of the Anti-Money Laundering and Countering the Financing of Terrorism Code 2015 requires Bittylicious to store user data for at least 5 years even after accounts are marked as deleted. Following common industry practice, we retain data for 5 years from the date of deletion.

When the account is marked as deleted, we set a flag meaning the account can no longer be registered again. After 5 years, any sort of identifiable data, including uploaded data, will be automatically deleted.


Cookíes

Cookies are essential to the use of this site for multiple reasons including maintaining user login sessions and aiding with our anti-fraud efforts.

We also use cookies when analysing the traffic to the site via Google Analytics.

Accepting these cookies is essential in order to use Bittylicious.