GDPR Compliance

From Bittylicious
Revision as of 17:02, 1 January 2021 by Nicguana (talk | contribs)
Jump to navigation Jump to search

Bittylicious follows the Isle of Man's data protection laws, in which the GDPR, the General Data Protection Regulation, is enshrined in law. Bittylicious is registered with and fully complies with all of the Isle of Man's Information Commissioner's regulations.

Information shared with others

Information about your user account needs to be shared with brokers on the platform you trade with in order for trades to be successful. This is necessary for the functioning of the platform.

The information that all brokers you trade with will see is:

  • Real name.
  • Company name.
  • Email address.
  • Verification status (e.g. that you have had your ID verified).
  • Statistics (e.g. number of cancelled trades).

If it is felt necessary, we will, on request, also share the following data with brokers. This is generally if a trade is not complete and you are not responding via the website.

  • Telephone number.
  • Full address.
  • Basic IP information.

We may share the following upon a specific request from a bank you may have paid into. This will only be for banks you have transacted with (i.e. paid into or from). Other than that, we do not share this following information, unless required to do so by law or as part of legal proceedings:

  • Date of birth.
  • Nationality.
  • Country of birth.
  • Uploaded documents.

For completeness, any entity we share data with will be required by law to look after data securely (e.g. IC registration). We will never, under any circumstances, sell your information, e.g. for marketing purposes.

Process your data fairly, lawfully and transparently

Bittylicious processes personal data for all people and entities in an equal manner. Bittylicious is registered with the IC and at any time, we are happy to give you information on what information we hold on your account.

The IC requires a legal basis for processing data, and this is Consent, i.e. that the individual has given clear consent for you to process their personal data for a specific purpose.

Users directly enter their own personal data and upload documents. The fact that this is initiated by the user is implicit consent for Bittylicious to process their personal data. The fact that we process personal data is also detailed in our terms and conditions. We do not sell data to anybody, and the specific purpose is solely for use with Bittylicious's services.

Only process the data you need to

The principle of data minimisation states that organisations should only process the personal data that is needed to achieve its processing purposes. We require significant information from users from both an anti-fraud point of view and also for compliance with card providers on our platform. In addition, we follow industry best practices for financial institutions in terms of KYC and AML processes.

Keep your data secure

Bittylicious details publicly how we store information, and believe these practices go above and beyond many other providers.

Ensure your data is accurate

Users on Bittylicious are welcome to update their information at any time. When there may be inconsistencies, e.g. a proof of address document no longer matching the new address, we ask for updated versions. Users are welcome to point out any errors in addition and they can be changed, but most details of a user can be changed by the user themselves.

Store your data appropriately

Personal data needs to be kept on file for a significant amount of time in order to handle issues where they may be fraud months after a transaction was made, and also for best practice reasons. However, we do detail how users can request to have their personal data erased and the timescales in which this erasure happens.