EFFECTIVE DATE: FEBRUARY 5, 2021
- This Privacy Notice describes how we process personal information received during our business. This notice may be amended from time to time and new versions will be published on our website which can be found at https://www.radixdlt.com/privacy-notice/.
- This Notice is issued by Radix Tokens (Jersey) Limited (“Radix”) and applies to Radix Tokens (Jersey) Ltd.
- Radix is registered under the Data Protection (Jersey) Law 2018 (the “Law”) and will process personal data in accordance with the provisions of the Law
- Radix is committed to protecting your privacy and personal data. This Privacy Notice describes the personal data that we collect, the purposes for which we use such data, the steps we take to store and protect it and your choices regarding our use of it.
- Personal data is any information held on a data subject. This includes information such as the subject’s name, address and contact details and may include their IP addresses and on-line identifiers. It may include information on physical, physiological, mental, economic, and social identity factors.
- A Data Subject is an identifiable living individual to whom personal data relates.
- Personal data includes information processed or held electronically e.g. on a computer and/or non-electronically e.g. paper records held in a filing system.
WHAT PERSONAL DATA DO WE COLLECT?
- We collect personal data throughout our relationship with you.
- We collect the following types of personal data:
- Basic personal information; including name, address, contact details;
- Demographic information such as gender, age, date of birth, nationality, marital status, next of kin
- Personal identification information such as passport numbers, identity card numbers, driving licence numbers etc;
- Financial information including details of your personal wealth, assets and liabilities, proof of income and expenditure, source of wealth;
- Financial and payment data such as bank account numbers, bank statements and transaction information;
- Education and employment information;
- Visual images and personal appearance such as photos in identity documents;
- Tax residency; and
- Details of services provided, token or assets received and exchanged
- The above list is not exhaustive, and Radix may also collect and process other data to the extent that this is considered necessary for the provision of our services or our compliance with legislative requirements.
WHAT IS SENSITIVE DATA?
- Sensitive data is data defined in the Law as such e.g., racial, or ethnic origin, political opinion, religion, trade union membership, health data, genetic or biometric data or criminal records.
- We will only collect sensitive data for a legitimate reason. Primarily this will be to enable Radix to perform and record checks to prevent and detect crime and comply with laws relating to money laundering, fraud, terrorist financing, bribery, corruption, and international sanctions. It may involve investigating and gathering intelligence on suspected financial crime, fraud etc and sharing data with law enforcement and regulatory bodies.
HOW DOES RADIX COLLECT DATA?
- We collect and process personal data that you provide to us directly (or indirectly via your advisors) when you apply to acquire tokens and throughout your relationship with us.
- We collect and process personal data obtained from third parties such as:
- Third party partners of Radix;
- Fraud prevention agencies, professional background checking entities, screening tools;
- Publicly accessible sources such as international sanctions list, electoral registers, company registers, on-line directories, social networks, internet searches etc.
- Where information on an individual is provided to Radix by a third party, we may need to make them aware of how that information was obtained.
HOW DOES RADIX USE PERSONAL DATA
- Our use of your personal data will always have a lawful basis. We use and collect personal data on the basis that:
- It enables us to perform our contract with you or to comply with your intentions/request that we perform a service for you;
- It is required that we do so to comply with legal or regulatory obligations;
- It is in our legitimate interests to do so; or
- You have consented to our use of your personal data.
- We may process your information during the token acquisition process if you wish to acquire tokens from Radix or to perform our obligations under any contract entered.
- This may include processing to:
- Assess and process applications by you or another party for Radix to issue sell or procure the transfer or sale of tokens to you or to acquire tokens or other assets from you.
- In the course of your employment by Radix.
- Maintain and manage our relationships with you and for ongoing customer service.
- When you or another party apply to Radix to acquire tokens from Radix, we are required by law to collect and process certain personal information about you. This may include processing to:
- Verify your identity;
- Perform checks and monitor transactions and location data for the purposes of preventing and detecting crime and to comply with laws relating to money laundering, fraud, terrorist financing, bribery and corruption and international sanctions. This may require us to provide information about criminal convictions and offences, to gather intelligence on crimes and threats and to share data with law enforcement and regulatory bodies;
- Share data with law enforcement, tax authorities and other government and fraud prevention agencies where we have a legal obligation to do so, including reporting suspicious activity and complying with production and other court orders;
- Delivering mandatory communications to customers or providing updates to terms and conditions of the provision of services;
- Investigate and resolve complaints;
- Conduct investigations into breaches of conduct and corporate policies by our employees;
- Manage contentious regulatory matters, investigations, and litigation;
- Perform assessments and analyse customer data for the purposes of managing, improving, and fixing data quality;
- Provide assurance that Radix has effective processes to identify, manage, monitor, and report the risks it is or might be exposed to;
- Investigate and report on incidents or emergencies on Radix’s properties and premises; and
- Coordinate responses to business disrupting incidents and to ensure facilities, systems and people are available to continue to provide services.
LEGITIMATE INTERESTS OF RADIX
- To manage our risks and determine what services we can offer and the terms of those services;
- To carry out financial risk assessments and for risk reporting and risk management;
- To protect our business by preventing financial crime or from being used to facilitate financial crime;
- To develop, test, monitor and review the performance of services, internal systems and security arrangements offered by Radix;
- To assess the quality of services to clients;
- To provide staff training;
- To analyse your use of our site and gathering feedback to enable improvement of our site and your experience including development of user experience;
- To provide you with access to our corporate literature and information about our services;
- To prevent and detect fraud and abuse; and
- To enable third parties to carry out technical, logistical and other functions on our behalf.
WHO DOES RADIX PROVIDE INFORMATION TO?
- To provide services to you, Radix may be required to share personal data with third parties.
- Radix may disclose or transfer personal data collected by Radix insofar as reasonably necessary for the purposes of providing services or for compliance purposes as well as on the legal basis set out in this Notice.
- Except as described below, Radix will not disclose, transfer, or sell your personal data to any third party without your consent.
- The following are potential recipients of data:
- Radix and associated companies, (including holding and subsidiary companies);
- service providers such as lawyers, accountants, banks, investment managers security consultants, on-chain investigation service providers sales agents, and exchanges, etc, who provide services to Radix, where disclosure is necessary to provide those services;
- sub-contractors, agents or service providers to Radix and its subsidiaries;
- courts or tribunals;
- regulators, registrars or other governmental or supervisory bodies with a legal right to the data or where necessary to fulfil Radix’s legal and/or regulatory obligations; and
- law enforcement agencies where disclosure is necessary for Radix or its subsidiaries to fulfil their legal and/or regulatory obligations.
- intermediaries, including fiduciary agents, escrow agents, custody providers.
THIRD PARTY PROVIDERS WHO USE THE DATA
- Where Radix employs another company or individual to perform any function on its behalf or to provide services to you, that third party will have access to personal data needed to perform their function, but they may not use it for other purposes.
- Such functions include, administrative, computer, data processing, screening, debt collecting and compliance services. Such third parties must process the personal data in accordance with this Privacy Notice and applicable laws.
- Radix will seek to enter into an agreement with each third party setting out the respective obligations of each party, to ensure they process personal data with the same level of security and confidentiality as Radix and to be reasonably satisfied that the third party has measures in place to protect data against unauthorised or accidental use, access, disclosure, damage loss or destruction.
- If authorised by you, Radix will disclose data to any third party that you request. Radix is not responsible for any such third party’s use of your data, which will be governed by their agreement with you.
- The personal data that Radix holds will be used and stored principally in Jersey. When Radix discloses data to third parties to satisfy the purposes outlined above, the third parties are generally located within the European Economic Area (EEA).
- However, Radix may disclose or transfer personal data to third parties located outside the EEA; if such third parties are located in countries that do not ensure an equivalent level of protection for your personal data, Radix will use best endeavours to ensure that the third party will protect the personal data to an equivalent standard as is in force in Jersey.
RETENTION OF PERSONAL DATA?
- Radix will process and store your personal data for the duration of our services to you in accordance with financial services legislation and the data protection legislation in place in Jersey from time to time. Radix will endeavour to delete any personal data where it is not necessary for it to be held. Radix will continue to store your personal data as long as necessary to fulfil legal (e.g., anti-money laundering, proceeds of crime and countering the financing of terrorism legislation), regulatory, contractual or statutory obligations, for the establishment, exercise or defence of legal claims and in general where Radix has a legitimate interest for doing so.
PROTECTION OF YOUR PERSONAL DATA
- Radix regards the lawful and appropriate treatment of your personal data as fundamental to our successful operation and to maintaining confidence and trust between Radix and the community. In fulfilling this objective, Radix will:
- Ensure that your personal data is not used for any purposes that is incompatible with this Privacy Notice.
- Ensure that any processing of your personal data is fair and transparent and sufficient for the uses set out above:
- Endeavour to keep your personal data up to date;
- Retain your personal data no longer than necessary;
- Ensure that our staff are trained to handle personal data appropriately and securely;
- Implement appropriate technical and organisational measures to:
- enable inaccuracies to be corrected and minimise the risk of errors;
- secure personal data appropriately;
- protect your personal data against unauthorised or unlawful access or processing and against accidental loss or destruction.
- You have the following rights:
- Right of access to your information – you have the right to access the personal data that Radix holds about you at any time. Please note that Radix is not always required to provide details of or copies of all data held and may charge a fee (where permitted by law) to cover reasonable costs of retrieval.
- Right to correction of your personal data – you have the right to ask Radix to correct any incorrect, inaccurate or out of date information.
- Deletion of your personal data (Right to be forgotten) – you have the right to ask Radix to delete your personal data, to the extent that Radix has no legal and/or regulatory obligation to retain such personal information.
- Right to data portability – you have the right to request a copy of the personal data that Radix holds about you.
- Right to object to direct marketing – you have the right to object at any time to the processing of your personal data for direct marketing purposes by Radix.
- Rights relating to the use of automated decision making and profiling systems based on personal data. Radix does not currently make decisions by purely automated means, but should we do so, you have the right to object.
REMOVAL OF CONSENT TO PROCESS PERSONAL DATA
- you have the right to ask Radix to restrict processing of your personal data where:
- You contest the accuracy of the personal data held by Radix;
- The processing is unlawful, but you objected to the deletion of the personal data and requested that the use be restricted instead;
- Radix no longer needs the personal data for the processing purpose, but you require them for legal reasons;
- You objected to processing and Radix is investigating whether there are legitimate grounds to override your objection.
- If you do not wish to receive email or other mail from Radix or for Radix to use personal data that we gather, please contact firstname.lastname@example.org in the first instance. If you contact us in relation to your rights, we will do our best to accommodate your request or objection. You can help us maintain the accuracy of your information by notifying us of any change at email@example.com (or via your usual contact). If you have any questions, concerns or complaints with respect to this Privacy Notice, the way Radix is handling your data or have any other queries or concerns, please contact our Data Protection Officer directly at firstname.lastname@example.org or in writing at Radix Tokens (Jersey) Limited, First Floor, La Chasse Chambers Ten La Chasse, St Helier, Jersey, JE2 4UE.