GDPR Compliance: Difference between revisions

From Bittylicious
Jump to navigation Jump to search
No edit summary
No edit summary
 
(3 intermediate revisions by 2 users not shown)
Line 1: Line 1:
__NOTOC__
__NOTOC__
Bittylicious follows the [https://www.eugdpr.org/ GDPR], the General Data Protection Regulation. Our compliance with all of the UK's [https://ico.org.uk/ Information Commissioner's Office] regulations [https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf fulfils] most of the requirements already, although we have made various tweaks.
Bittylicious follows the Isle of Man's [https://www.gov.im/about-the-government/data-protection-gdpr-on-the-isle-of-man/legislation/ data protection laws], in which the [https://www.eugdpr.org/ GDPR], the General Data Protection Regulation, is enshrined in [https://www.legislation.gov.im/cms/images/LEGISLATION/PRINCIPAL/2018/2018-0010/DataProtectionAct2018_1.pdf law]. Bittylicious is registered with and fully complies with all of the Isle of Man's [https://www.inforights.im/ Information Commissioner's] regulations.
 
Specific points related to the GDPR are listed below:


==Information shared with others==
==Information shared with others==
Line 22: Line 20:
*Basic IP information.
*Basic IP information.


We do not share the following information, unless required to do so by law or as part of legal proceedings:
We may share the following upon a specific request from a bank you may have paid into. This will only be for banks you have transacted with (i.e. paid into or from). Other than that, we do not share this following information, unless required to do so by law or as part of legal proceedings:


*Date of birth.
*Date of birth.
Line 28: Line 26:
*Country of birth.
*Country of birth.
*Uploaded documents.
*Uploaded documents.
*Cryptocurrency addresses/scans.
For completeness, any entity we share data with will be required by law to look after data securely (e.g. IC registration). We will never, under any circumstances, sell your information, e.g. for marketing purposes.


==Process your data fairly, lawfully and transparently==
==Process your data fairly, lawfully and transparently==


Bittylicious processes personal data for all people and entities in an equal manner. Bittylicious is [[Data protection|registered]] with the ICO and at any time, we are happy to give you information on what information we hold on your account.  
Bittylicious processes personal data for all people and entities in an equal manner. Bittylicious is [[Data protection|registered]] with the IC and at any time, we are happy to give you information on what information we hold on your account.  


The ICO requires a legal basis for processing data, and this is ''Consent'', i.e. that the individual has given clear consent for you to process their personal data for a specific purpose.
The IC requires a legal basis for processing data, and this is ''Consent'', i.e. that the individual has given clear consent for you to process their personal data for a specific purpose.


Users directly enter their own personal data and upload documents. The fact that this is initiated by the user is implicit consent for Bittylicious to process their personal data. The fact that we process personal data is also detailed in our terms and conditions. We do not sell data to anybody, and the specific purpose is solely for use with Bittylicious's services.
Users directly enter their own personal data and upload documents. The fact that this is initiated by the user is implicit consent for Bittylicious to process their personal data. The fact that we process personal data is also detailed in our terms and conditions. We do not sell data to anybody, and the specific purpose is solely for use with Bittylicious's services.

Latest revision as of 13:47, 10 October 2021

Bittylicious follows the Isle of Man's data protection laws, in which the GDPR, the General Data Protection Regulation, is enshrined in law. Bittylicious is registered with and fully complies with all of the Isle of Man's Information Commissioner's regulations.

Information shared with others

Information about your user account needs to be shared with brokers on the platform you trade with in order for trades to be successful. This is necessary for the functioning of the platform.

The information that all brokers you trade with will see is:

  • Real name.
  • Company name.
  • Email address.
  • Verification status (e.g. that you have had your ID verified).
  • Statistics (e.g. number of cancelled trades).

If it is felt necessary, we will, on request, also share the following data with brokers. This is generally if a trade is not complete and you are not responding via the website.

  • Telephone number.
  • Full address.
  • Basic IP information.

We may share the following upon a specific request from a bank you may have paid into. This will only be for banks you have transacted with (i.e. paid into or from). Other than that, we do not share this following information, unless required to do so by law or as part of legal proceedings:

  • Date of birth.
  • Nationality.
  • Country of birth.
  • Uploaded documents.
  • Cryptocurrency addresses/scans.

For completeness, any entity we share data with will be required by law to look after data securely (e.g. IC registration). We will never, under any circumstances, sell your information, e.g. for marketing purposes.

Process your data fairly, lawfully and transparently

Bittylicious processes personal data for all people and entities in an equal manner. Bittylicious is registered with the IC and at any time, we are happy to give you information on what information we hold on your account.

The IC requires a legal basis for processing data, and this is Consent, i.e. that the individual has given clear consent for you to process their personal data for a specific purpose.

Users directly enter their own personal data and upload documents. The fact that this is initiated by the user is implicit consent for Bittylicious to process their personal data. The fact that we process personal data is also detailed in our terms and conditions. We do not sell data to anybody, and the specific purpose is solely for use with Bittylicious's services.

Only process the data you need to

The principle of data minimisation states that organisations should only process the personal data that is needed to achieve its processing purposes. We require significant information from users from both an anti-fraud point of view and also for compliance with card providers on our platform. In addition, we follow industry best practices for financial institutions in terms of KYC and AML processes.

Keep your data secure

Bittylicious details publicly how we store information, and believe these practices go above and beyond many other providers.

Ensure your data is accurate

Users on Bittylicious are welcome to update their information at any time. When there may be inconsistencies, e.g. a proof of address document no longer matching the new address, we ask for updated versions. Users are welcome to point out any errors in addition and they can be changed, but most details of a user can be changed by the user themselves.

Store your data appropriately

Personal data needs to be kept on file for a significant amount of time in order to handle issues where they may be fraud months after a transaction was made, and also for best practice reasons. However, we do detail how users can request to have their personal data erased and the timescales in which this erasure happens.