Pool Data Limited (“we”, “us” or “our”; company number 13412797) is committed to protecting and respecting your privacy, by complying with the requirements under applicable laws and regulations, including the laws and regulations of Gibraltar. We are equally committed to ensuring that all our employees, service providers and agents uphold these obligations.
This policy explains how we manage personal data within our organisation: please view, read and save a copy of it. It also governs your use of products, services, content, features, technologies or functions offered by us and all related sites, applications and services (collectively the “services”).
You accept and consent to this policy when you sign up for, access or use the Services and by doing so, you expressly consent to our use and disclosure of your personal information in the manner described in this policy.
Your duty to inform us of changes
We are the data controller (registered with UK ICO, ZB211557) responsible for your personal data and it is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Information we collect from you
The kinds of personal data that we collect and hold about you may include:
- identifying information, such as your name and date of birth
- identity verification information, such as images of your government-issued ID, passport, national ID card, utility bill or driving licence, contact information, such as your postal address, email address and telephone numbers
- social media handles and other social media profile information that you make available to us or to the public
- financial information, such as a credit or debit card, bank account or other payment details and/or other personal wealth information
- online identifiers that may also constitute personal data, such as your MAC address, computer and mobile device unique device ID and IP information based on your internet connection settings
- blockchain identifiers, such as blockchain addresses and public keys
- usernames and passwords that you create when registering for an account with us
- details of any products or services that we provide to you
- information about how you use the products and services we provide
- records of our communications with you, including any messages you send us
- visual images and personal appearances (such as CCTV)
- education and employment information
- lifestyle information such as family
We may also process certain special categories of information for specific and limited purposes, this may include:
- biometric information, relating to the physical, physiological or behavioural characteristics of a person, including, for example, using voice recognition or similar technologies
- racial or ethnic origin
- political opinion
- religious beliefs or similar
- trade union membership
- physical or mental health or condition
- sex life or sexual orientation
Without this information we may not be able to provide you with our products or services (or with all of the features and functionality offered by our products or services), to respond to queries or requests that you submit to us and to protect against the risks of cybercrime, fraud and money laundering, and terrorist financing.
How we collect personal data
We collect personal data about you in a number of ways including:
- when you register for an account or to receive emails from us
- when you order products or services from us
- when you submit a query or request to us
- when you respond to a survey that we run or fill in forms on one of our websites
- by tracking your use of our websites and mobile applications
- from public sources
- from examination of public and private blockchains
- from third parties who are entitled to disclose that information to us
- when you apply for a job with us
In some cases, we may also be required by law to collect certain types of personal data about you.
Where we collect personal data from you, we will generally do so ourselves. However, in some cases we may collect personal data from a third party, such as through your representatives, contractors who provide services to us, or third parties who refer you to us because they think you may be interested in our products or services.
How we use your data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where you consent to it
- Where we need to perform the contract we are about to enter into or have entered into with you
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests
- Where we need to comply with a legal or regulatory obligation
Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to sending third-party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
Purposes for which we use personal data
We use personal data that we collect about you for the following purposes:
- to verify your identity (including age) when you are dealing with us
- to determine your eligibility for any of our products or services
- to determine your compliance with the terms and conditions that apply to any of our products or services and applicable law
- to enable us to offer our products and services
- to provide you with the services, products and information you have requested
- to communicate with you about our products and services
- to improve our website based on your information and feedback
- to answer your queries and requests
- to resolve complaints
- to comply with our legal and regulatory obligations
- to carry out market analysis and research
- to monitor use of our products and services
- to assess, maintain, upgrade and improve our products and services
- to carry out education and training programmes for our staff
- to manage and resolve any legal issues
- to carry out planning and forecasting activities and other internal business processes
- to keep you informed about our activities, including by sending out newsletters
- to carry out investigations for breaches of conduct by our employees
- for business continuity or disaster recovery or any other of our legitimate business interests
We may process your personal data without human intervention to evaluate your personal situation such as transactional history and account opening anniversary events. We may do this to decide what marketing communications are suitable for you, to analyse statistics and to assess risks.
This is all done on the basis of our legitimate interests, to protect our business, and to develop and improve our products and services. If we use automated decision-making, including profiling activity, to assess your application, this will be performed on the basis of it being necessary to perform the contract.
We may from time to time use your personal data in order to send you marketing materials about our products or services that we think you may be interested in, but we shall always give you the opportunity to easily opt out of any such communications. You can opt out of receiving marketing communications from us by contacting us at email@example.com or, in respect of emails, by clicking unsubscribe on the relevant email.
We will get your express opt-in consent before we share your personal data with any company outside our group of companies for marketing purposes.
Who we may disclose your information to:
- your representatives, advisers and others you have authorised to interact with us on your behalf
- our staff who need the information to discharge their duties
- related entities within our corporate group
- our business partners, agents and service providers
- payment system operators and financial institutions
- identity verification agents
- fraud and crime prevention agencies and organisations
- prospective purchasers of all or part of our business or a related entity
- professional advisers who we engage to provide advice on our business
- government authorities and bodies, supra-national authorities and bodies, crime investigation agencies, courts and others who ask us to disclose that information as required by law
In addition to the disclosures detailed in this section, we may also disclose your personal information where it is necessary to do so: for compliance with a legal obligation; in order to protect the vital interests of you or another natural person; and for the establishment, exercise or defence of legal claims.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Whenever we transfer your personal data out of the UK and/or EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
Your right to lodge a complaint to the Information Commissioner’s Office (ICO)
We’d appreciate an opportunity to fix things, but you can complain to the ICO by clicking here https://ico.org.uk/make-a-complaint/ or in writing to Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
We use the following four main type of cookies:
- Strictly necessary cookies: required for the operation of our website and include, eg, cookies that enable you to log in to secure areas of our website and enter into transactions.
- Analytical/performance cookies: allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, eg, by ensuring that users are finding what they are looking for easily.
- Functionality cookies: used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences.
- Targeting cookies: these record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website more relevant to your interests.
We may also share this information with third parties for this purpose. Here are the third-party cookies we use and why:
Google Analytics (_ga, _gat)
If you wish you can change your cookie settings in your browser if you would like to prevent any cookies being stored on your online enabled device, but be aware that this may impact the functionality of the services.
Most browsers will allow you to turn off cookies. If you want to know how to do this please look at the menu on your browser, or look at the instruction on http://www.allaboutcookies.org/.
Unfortunately, turning off cookies may mean our website doesn’t retain your personalised settings and may restrict use of the site.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Your personal data will only be kept as long as required to meet our legal obligations and no longer than is necessary. In most cases we will retain your personal data for a maximum period of 18 months after our relationship ends. In some cases we may be obliged to retain some of your personal data for longer periods as are required by law. At our discretion, we shall retain personal data for any period we consider is reasonably necessary to meet our legal or regulatory obligations.
Your legal rights
You have rights under data protection laws in relation to your personal data, which are set out below:
- Access right: this enables you to receive a copy of the personal data we hold about you.
- Rectification right: this enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Erasure right (“right to be forgotten”): this enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law.
Please note that if you request the erasure of your personal information: (a) we may retain some of your personal information as necessary for our legitimate business interests, such as fraud detection and prevention and enhancing safety; (b) we may retain and use your personal information to the extent necessary to comply with our legal obligations.
- Data processing restriction right: this enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it. Please note that any requests in relation to the restriction of the processing of your data means that we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel your use of our services but we will notify you if this is the case at the time.
- Data portability right: on your request, we can provide your personal data in a structured, commonly used, machine-readable format, which you can then transfer to an applicable third party. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdrawal of consent: at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Please contact us if you wish to exercise any of the rights set out above.
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Changes to this policy
Questions, comments and requests regarding this policy are welcomed and should be addressed to our support team and DPO at firstname.lastname@example.org