We are Your Data Compliance (collectively referred to as “YDC” , “we”, “us” or “our” in this privacy notice).
YDC aims to be a world-leading data protection compliance solutions provider.
This privacy notice explains how YDC collects and processes your personal data.
It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you, so that you are fully aware of how and why we are using your data. This privacy notice supplements any other notices and is not intended to override them.
We try to meet the highest standards in order to protect your privacy. However, if you are concerned about the way in which we are managing your personal data, please contact our Data Protection Officer using the contact details above.
You have the right to make a complaint at any time to the Gibraltar Regulatory Authority, which is Gibraltar’s supervisory authority for data protection issues (http://www.gra.gi). We would, however, appreciate the chance to deal with your concerns before you approach the GRA so please contact us in the first instance.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy notices. When you leave our website, we encourage you to read the privacy notice of every website you visit.
We may collect, receive, use, store and transfer the following kinds of personal data about you :
We use different methods to collect data about you including through:
We have set out in the table below a description of the ways we plan to use your personal data, and which of the legal bases we rely on to do so lawfully.
References below to Financial and Transaction include information about the public addresses you use to transfer or receive cryptocurrencies and tokens.
|Purpose||Type of data||Lawful basis for processing|
|To register you as a new customer, including to verify your identity and to open your account.||
|To provide our services to you and manage our relationship with you (e.g. inform you of changes and correspond with you)||
|To communicate with you over phone or email or through your account||
|To enable you to use your account to make and receive payment transactions in fiat currency and cryptocurrency.||
|To enable you to partake in a prize draw, competition or complete a survey||
|To administer and protect our business, your account and our website, to improve our website and products/services (including troubleshooting, data analysis, testing, system maintenance, support, security, reporting, complying with our regulatory obligations and hosting of data)||
|To give you, or allow selected third parties to give you, information about goods and services we think you may be interested in.||
As part of providing you with our services and running our business, we may disclose your personal information to:
We may disclose your personal information to the above mentioned third parties:
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We may use systems to make automated decisions based on information we hold about you. This helps us to make sure our decisions are quick, fair, efficient and correct, based on what we know. These automated decisions can affect the products, services or features we may offer you now or in the future. The following are some of the ways we may use systems to make automated decisions:
Tailoring products and services
We may use your data along with that of other customer in order to study and learn about our customers’ needs, and to make decisions based on what we learn. This helps us to design products and services for different customer groups, and to manage our relationships with them.
We use your personal information to help determine if your account is being used fraudulently or for money-laundering. If there is a risk of fraud, or money laundering, we may suspend or terminate your account and refuse access to your account.
We may use automated checks to help determine if you satisfy our criteria for becoming a client, including fraud, money laundering and eligibility checks.
YOUR RIGHTS WITH RESPECT TO AUTOMATED DECISIONS
You can ask that we do not make our decision based on the automated decision alone.
You can object to an automated decision, and ask that a person reviews it.
If you want to know more about these rights, or to exercise them, please contact us at email@example.com
All information you provide to us will be transferred and stored in a jurisdiction located in the European Economic Area (EEA). However, we may transfer some or all of your data to countries outside of the EEA which may not offer the same level of protection as the General Data Protection Regulations with respect to the processing of your personal data. The General Data Protection Regulations is the legal instrument that deals with the protection of your data (‘GDPR’).
Where your data is transferred to such countries it will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the European Commission (EC) can by found on the EC’s website:
Where data is to be transferred to a group company in a country outside of the EEA which may not offer the same level of protection as the GDPR with respect to the processing of your personal data, we will ensure that the group company agrees to binding corporate rules in accordance with Article 47 of the GDPR. Further information can by found on the EC’s website: :
Where we transfer data to organisations based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see EC’s website page:
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances you can ask us to delete your data: see request erasure below for further information.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Under the General Data Protection Regulation you have the right to:
If you wish to exercise any of these rights you will need to contact us using the contact details above. In the case of exercising your right to access, you will also need to provide appropriate evidence of your identity.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
WHAT WE MAY NEED FROM YOU
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We may make changes to this Notice from time to time, to take into account changes to our standard practices and procedures or where necessary to comply with new laws and regulations. The latest version of this document will always be available on our website and we encourage to review it regularly.
This privacy notice was last updated on 21/08/2019.