This policy applies to any individual’s personal data which is in our possession or under our control.
This policy applies where we are acting as a data controller with respect to the personal data of our website visitors, service users, applicants, subscribers (including any initial coin offering subscribers) in other words, where we determine the purposes and means of the processing of that personal data.
Personal data is any information relating to an identified or identifiable living person. When “you” or “your” are used in this policy, we are referring to the relevant individual who is the subject of the personal data.
We undertake to preserve the privacy of all information you provide to us, and hope that you reciprocate.
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform that contract. In that case, we may have to stop providing a service to you. If so, we will notify you of this at the time.
Our policy complies with the United Kingdom data protection legislation in effect and the European Union General Data Protection Regulation (GDPR), as may be amended or updated from time to time.
NetLetsy Ltd [A.K.A Netletsy and/or Nestletsy and/or Letsy] is a company incorporated in England and Wales, registration number 11504629, having its registered office at Kemp House, 160 City Road, London, United Kingdom, EC1V 2NX.
This policy governs processing of personal data by Netletsy Ltd and its affiliated companies worldwide.
Personal data we may collect
We may collect, use, store and transfer different kinds of personal data about you. We have collated these into groups as follows:
Your identity may include information such as first name, last name, title, date of birth, and other identifiers that you may have provided at some time.
Your contact information may include information such as billing address, delivery address, email address, telephone numbers and any other information you have given to us for the purpose of communication.
Your financial data may include information such as your bank account, payment card details, public keys for electronic wallets.
Transaction data may include details about payments or communications to and from you and information about products and services you have purchased from us.
Technical data may include you internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
Your profile may include information such as your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
Marketing data may include your preferences in receiving marketing from us; communication preferences; responses and actions in relation to your use of our services.
We may aggregate anonymous data such as statistical or demographic data for any purpose. Anonymous data is data that does not identify you as an individual. Aggregated data may be derived from your personal data but is not considered personal information in law because it does not reveal your identity.
Special personal data
Special personal information is data about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. It also includes information about criminal convictions and offences.
We do not generally collect any special personal information about you.
Use of personal data
We may use your personal data for our core business purposes, such as: developing and providing facilities, products or services (whether made available by us or through us), including but not limited to:
transactions and clearing or reporting on these transactions;
carrying out research, planning and statistical analysis;
analytics for the purposes of developing or improving our products, services, security, service quality, and advertising strategies;
assessing and processing applications, instructions or requests from our customers;
communicating with you, including providing you with updates on changes to products, services and facilities (whether made available by us or through us) including any additions, expansions, suspensions and replacements of or to such products, services and facilities and their terms and conditions;
managing our infrastructure and business operations and complying with internal policies and procedures;
responding to queries or feedback;
addressing or investigating any complaints, claims or disputes;
verifying your identity for the purposes of providing facilities, products or services;
conducting anti-money laundering (AML) and due diligence checks as may be required under applicable law, regulation or directive;
complying with all applicable laws, regulations, rules, directives, orders, instructions and requests from any local or foreign authorities, including regulatory, governmental, tax and law enforcement authorities or other authorities;
enforcing obligations owed to us;
monitoring products and services provided by or made available through us;
financial reporting, regulatory reporting, management reporting, risk management, audit and record keeping purposes;
enforcing obligations owed to us; and/or
seeking professional advice, including legal advice.
We may also use personal data for purposes set out in the terms and conditions that govern our relationship with our customers.
Cookies are small text files that are placed on your computer's hard drive by your web browser when you visit any website. They allow information gathered on one web page to be stored until it is needed for use on another, allowing a website to provide you with a personalised experience and the website owner with statistics about how you use the website so that it can be improved.
Your web browser should allow you to delete any cookies. It also should allow you to prevent or limit their use.
Legal grounds for processing personal data
When you create an account on our website, buy a product or service from us, or otherwise agree to our terms and conditions, a contract is formed between you and us.
In order to carry out our obligations under that contract we must process the information you give us. Some of this information may be personal information.
We may use it in order to:
verify your identity for security purposes;
sell products to you;
provide you with our services;
provide you with suggestions and advice on products, services and how to obtain the most from using our website.
We process this information on the basis there is a contract between us, or that you have requested we use the information before we enter into a legal contract.
We shall continue to process this information until the contract between us ends or is terminated by either party under the terms of the contract.
Through certain actions when otherwise there is no contractual relationship between us, such as when you browse our website or ask us to provide you more information about our business, including our products and services, you provide your consent to us to process information that may be personal information.
Wherever possible, we aim to obtain your explicit consent to process this information.
We continue to process your information on the basis of your consent until you withdraw your consent or it can be reasonably assumed that your consent no longer exists.
You may withdraw your consent at any time by instructing us accordingly. However, if you do so, you may not be able to use our website or our services further.
We may process information on the basis there is a legitimate interest, either to you or to us, of doing so.
Where we process your information on this basis, we do that after having given careful consideration to: whether the same objective could be achieved through other means; whether processing (or not processing) might cause you any harm; and whether you would expect us to process your data, and whether you would consider it reasonable to do so.
For example, we may process your data on this basis for the purposes of:
record-keeping for the proper and necessary administration of our business;
responding to unsolicited communication from you to which we believe you would expect a response; protecting and asserting the legal rights of any party;
insuring against or obtaining professional advice that is required to manage business risks;
protecting your interests where we believe we have a duty to do so.
Vital interests, public tasks and legal obligations
Sometimes, we must process your information in order to comply with a statutory obligation, public tasks or vital interests.
For example, we may be required to give information to legal authorities if they so request or if they have the proper authorisation such as a search warrant or court order.
This may include your personal information.
Sharing personal data
We will only share personal data with others when we are legally permitted to do so. When we share data with others, we put contractual arrangements and security mechanisms in place as appropriate to protect the data and to comply with our data protection, confidentiality and security standards.
We are taking steps to ensure all personal data is provided with adequate protection and that all transfers of personal data outside the European Union (if any) are done lawfully. Where we may transfer personal data outside of the European Union to a country not determined by the European Commission as providing an adequate level of protection for personal data, the transfers shall be under an agreement which covers the European Union requirements for the transfer of personal data outside the European Union, such as the European Commission approved standard contractual clauses.
How we secure personal data
We are undertaking technological and procedural measures to protect personal information, including measures:
to protect data against accidental loss;
to prevent unauthorised access, use, destruction or disclosure;
to ensure business continuity and disaster recovery;
to restrict access to personal information;
to conduct privacy impact assessments in accordance with the law and our business policies;
to advise staff and contractors on data security;
to manage third party risks, through use of contracts and security reviews.
How long the personal data is kept
Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
We may be allowed to retain personal information for a longer period whenever the user has given consent to such processing, as long as such consent is not withdrawn.
In any case, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another person.
Once the retention period expires, personal information shall be securely deleted. Therefore, the right to access, the right to deletion, the right to correction and the right to data portability cannot be enforced after expiration of the retention period.
Rights of the data subjects
Access to personal information
You have the right to obtain confirmation as to whether we process personal data about you, receive a copy of your personal data held by us as a controller and obtain certain other information about how and why we process your personal data. We aim to respond to any requests for information promptly, and in any event within the legally required time limits.
Correction and deletion
You have the right to request for your personal data to be amended or rectified where it is inaccurate (for example, if you change your name or address) and to have incomplete personal data completed.
To update personal data submitted to us, you may email us or, where appropriate, contact us via the relevant website registration page or directly amend the personal details held on relevant websites or applications with which you registered.
When practically possible, once we are informed that any personal data processed by us is no longer accurate, we will make updates as appropriate based on your updated information.
You may have the right to obtain deletion of your personal data (the right to be forgotten) in the following cases:
the personal data are no longer necessary in relation to the purposes for which they were collected and processed;
our legal grounds for processing is consent, you withdraw consent and we have no other lawful basis for the processing;
our legal grounds for processing is that the processing is necessary for legitimate interests pursued by us or a third party, you object to our processing and we do not have overriding legitimate grounds;
you object to our processing for direct marketing purposes;
your personal data have been unlawfully processed; or
your personal data must be erased to comply with a legal obligation to which we are subject.
Withdrawal of consent
Where we process personal data based on consent, individuals have a right to withdraw consent at any time.
You have a right to receive your personal data provided by you to us and have the right to send the data to another organisation (or ask us to do so if technically feasible) where our lawful basis for processing the personal data is consent or necessity for the performance of our contract with you and the processing is carried out by automated means.
Restriction of processing and objection
You have the right to restrict our processing of your personal data in the following cases:
for a period enabling us to verify the accuracy of your personal data where you have contested the accuracy of the personal data;
your personal data have been unlawfully processed and you request restriction of processing instead of deletion;
your personal data are no longer necessary in relation to the purposes for which they were collected and processed but the personal data are required by you to establish, exercise or defend legal claims; or
for a period enabling us to verify whether the legitimate grounds relied on by us override your interests where you have objected to processing based on it being necessary for the pursuit of a legitimate interest identified by us.
If a dispute is not settled then we hope you will agree to attempt to resolve it by engaging in good faith with us in a process of negotiation.
If you are in any way dissatisfied about how we process your personal information, you have a right to lodge a complaint with the Information Commissioner's Office in the United Kingdom (this can be done at https://ico.org.uk/make-a-complaint/ ) or relevant data protection authorities in other jurisdictions. We would, however, appreciate the opportunity to talk to you about your concern before you approach the ICO or other authority.
NetLetsy, Kemp House, 160 City Road, London, EC1V 2NX | NetLetsy Ltd, company number 11504629