Aviso de Privacidad para Particulares

“Due Network”, “nosotros”, “nos” y “nuestro(s)/nuestra(s)” se refieren a:

• Due Ltd, registrada en el Reino Unido (“RU”) con domicilio social en 71-75 Shelton Street, Covent Garden, Londres WC2H 9JQ, y número de registro de empresa 14369984;
• Due Payments EOOD, registrada en Bulgaria con domicilio social en Hubcha Str. No. 8, Floor 2, A-1, Krasno Selo, Sofía 1618, y número de registro de empresa 207457701;
• Due Network, S.L., registrada en España con domicilio social en Paseo de la Castellana 91, 4ª, 1ª, Madrid 28046, y número de registro de empresa 16407272;
• Due Payments Inc., registrada en Canadá con domicilio social en 80 Birmingham Street, Unit C6, Etobicoke, Ontario M8V3W6, y número de corporación de Ontario 1000864948;
• Due Technologies Inc., registrada en el Estado de Delaware en los Estados Unidos, con domicilio social en 169 Madison Avenue, STE 11441 New York 10016, NY; y/o
• Due Network Argentina S.R.L. registered in Argentina with registered address at Tucuman 1, piso 4, CP1049, Ciudad Autónoma de Buenos Aires, Argentina and company registration number 2024182.

y estamos comprometidos a respetar su privacidad.

Acerca de este aviso de privacidad

A efectos de la ley de protección de datos, somos responsables del tratamiento de sus datos personales. Somos responsables de asegurar que utilizamos sus datos personales de conformidad con la ley de protección de datos.

Este aviso de privacidad se aplica si usted es un usuario final de nuestros productos y servicios. El aviso de privacidad establece la base sobre la cual procesaremos cualquier dato personal sobre usted que nos proporcione, que creemos o que obtengamos de otras fuentes. Por favor, tómese el tiempo de leer y comprender este aviso de privacidad.

Datos personales que recopilamos sobre usted

Recopilaremos y trataremos los siguientes datos personales sobre usted:

• Información que usted nos proporciona a nosotros o a uno de nuestros afiliados. Esto incluye la información sobre usted que nos proporciona al rellenar formularios o al comunicarse con nosotros, ya sea en persona, por teléfono, correo electrónico o de otro modo. Esta información puede incluir:
  
  • datos de contacto, incluyendo dirección postal / de envío, dirección de facturación, dirección de correo electrónico y número de teléfono;
  • país de residencia;
  • fecha de nacimiento;
  • nombre completo;
  • documento de identidad;
  • dirección de monedero on-chain (en la cadena de bloques);
  • datos de banca abierta: credenciales bancarias; y
  • fotografía.
• Información que recopilamos o generamos sobre usted. Esto incluye:
  
  • datos de contacto, incluyendo dirección postal / de envío, dirección de facturación, dirección de correo electrónico y número de teléfono;
  • país de residencia;
  • fecha de nacimiento;
  • nombre completo;
  • documento de identidad;
  • dirección de monedero on-chain (en la cadena de bloques);
  • datos de banca abierta: credenciales bancarias;
  • fotografía; y
  • datos de transacciones, incluyendo:
    
    • fecha de la(s) transacción(ones);
    • importe de la transacción;
    • divisa de la transacción;
    • contraparte (es decir, cliente/comerciante);
    • método de pago; y
    • tipo de pago (TPV, en línea, etc.).
• Información que obtenemos de otras fuentes.
  
  • información proporcionada por terceros de KYC (Conozca a su Cliente) / KYB (Conozca su Empresa) para llevar a cabo verificaciones de antecedentes (p. ej., para sanciones, etc.); y
  • información proporcionada por proveedores de análisis de monederos y monitorización de transacciones para comprobar que el monedero que se está utilizando es seguro y que los fondos que se están utilizando no están conectados con actividades fraudulentas/delictivas.

Usos de sus datos personales

Sus datos personales pueden ser almacenados y tratados por nosotros de las siguientes maneras y para los siguientes fines para asegurar que usted es elegible para usar nuestros servicios:

• para verificar que usted es quien dice ser (es decir, verificación de identidad);
• para confirmar que tiene fondos suficientes para poder realizar la compra; y
• para asegurar que usted es un "buen usuario" y no está asociado con fraude, sanciones, delitos, etc.

Estamos autorizados a utilizar sus datos personales de estas maneras porque:

• tenemos obligaciones legales y regulatorias que debemos cumplir;
• podemos necesitarlo para establecer, ejercer o defender nuestros derechos legales o a efectos de procedimientos legales; o
• el uso de sus datos personales según se describe es necesario para nuestros intereses comerciales legítimos (o los intereses legítimos de uno o más de nuestros afiliados) establecidos anteriormente.

Divulgación de su información a terceros

Tomaremos medidas para asegurar que a los datos personales solo accedan aquellos de nuestros empleados que lo necesiten para los fines descritos en este aviso.

También podremos compartir sus datos personales fuera de Due Network y nuestros afiliados:

• si vendemos cualquiera de nuestros negocios o activos, en cuyo caso podremos divulgar sus datos personales al posible comprador con fines de diligencia debida;
• si somos adquiridos por un tercero, en cuyo caso los datos personales que tengamos sobre usted serán revelados al tercero comprador;
• a terceros agentes o contratistas (por ejemplo, los proveedores de nuestros servicios de almacenamiento de datos electrónicos) con el fin de que nos presten servicios. Estos terceros estarán sujetos a requisitos de confidencialidad y solo utilizarán sus datos personales como se describe en este aviso de privacidad; y
• en la medida en que lo exija la ley, por ejemplo, si tenemos el deber de divulgar sus datos personales para cumplir con cualquier obligación legal, o para establecer, ejercer o defender nuestros derechos legales.

Transferencias de datos personales fuera del Espacio Económico Europeo (“EEE”) y el RU

Los datos personales que recopilamos de usted pueden ser transferidos y almacenados en un destino fuera del EEE/RU. También pueden ser tratados por personal que opera fuera del EEE/RU y que trabaja para nuestros afiliados o para uno de nuestros proveedores.

Cuando transfiramos sus datos personales fuera del EEE/RU, nos aseguraremos de que estén protegidos de manera coherente con cómo sus datos personales serán protegidos por nosotros en el EEE/RU. Esto puede hacerse de varias maneras, por ejemplo:

• el país al que enviamos los datos está aprobado por la Comisión Europea / el Gobierno del RU (según corresponda);
• el destinatario puede haberse adherido a normas corporativas vinculantes (solo para transferencias intragrupo); o
• el destinatario ha firmado un contrato basado en “cláusulas contractuales tipo” aprobadas por el Gobierno del RU / la Comisión Europea (según corresponda), que le obliga a proteger sus datos personales.

En otras circunstancias, la ley puede permitirnos transferir sus datos personales fuera del EEE/RU. En todos los casos, sin embargo, nos aseguraremos de que cualquier transferencia de sus datos personales cumpla con la ley de protección de datos.

Puede obtener más detalles sobre la protección de sus datos personales cuando se transfieren fuera del EEE/RU (incluida una copia de las cláusulas estándar de protección de datos que hemos suscrito con los destinatarios de sus datos personales) contactándonos de acuerdo con la sección “Contacto” más abajo.

Conservación de datos personales

El tiempo que conservaremos sus datos personales variará. El período de conservación se determinará por varios criterios, que incluyen:

• el propósito para el que los estamos utilizando: necesitaremos conservar los datos durante el tiempo que sea necesario para ese propósito; y
• obligaciones legales: las leyes o regulaciones pueden establecer un período mínimo durante el cual debemos conservar sus datos personales.

Sus derechos

Usted tiene una serie de derechos legales en relación con los datos personales que tenemos sobre usted. Estos derechos incluyen:

• el derecho a obtener información sobre el tratamiento de sus datos personales y acceder a los datos personales que tenemos sobre usted;
• el derecho a retirar su consentimiento para el tratamiento de sus datos personales en any momento. Sin embargo, tenga en cuenta que aún podemos tener derecho a tratar sus datos personales si tenemos otra razón legítima (distinta del consentimiento) para hacerlo;
• en algunas circunstancias, el derecho a recibir algunos datos personales en un formato estructurado, de uso común y legible por máquina y/o solicitar que transmitamos esos datos a un tercero cuando sea técnicamente factible. Tenga en cuenta que este derecho solo se aplica a los datos personales que usted nos ha proporcionado;
• el derecho a solicitar que rectifiquemos sus datos personales si son inexactos o están incompletos;
• el derecho a solicitar que suprimamos sus datos personales en determinadas circunstancias. Tenga en cuenta que puede haber circunstancias en las que usted nos pida que suprimamos sus datos personales, pero estemos legalmente autorizados a conservarlos;
• el derecho a oponerse y el derecho a solicitar que restrinjamos nuestro tratamiento de sus datos personales en determinadas circunstancias. Nuevamente, puede haber circunstancias en las que usted se oponga o nos pida que restrinjamos nuestro tratamiento de sus datos personales, pero estemos legalmente autorizados a continuar tratando sus datos personales y/o a rechazar esa solicitud; y
• el derecho a presentar una reclamación ante la autoridad de control de protección de datos (cuyos detalles se proporcionan a continuación) si cree que hemos infringido alguno de sus derechos.

Puede ejercer sus derechos contactándonos utilizando los detalles establecidos en la sección “Contacto” más abajo.

Puede obtener más información sobre sus derechos contactando a la autoridad supervisora de protección de datos ubicada en su jurisdicción:

• En el RU, la autoridad supervisora de protección de datos es la Oficina del Comisionado de Información (“ICO”) - https://ico.org.uk/.
• Puede encontrar una lista de las Autoridades Nacionales de Protección de Datos en la UE aquí.

Contacto

Si desea obtener más información sobre la recopilación, uso, divulgación, transferencia o tratamiento de sus datos personales o el ejercicio de cualquiera de los derechos enumerados anteriormente, dirija sus preguntas, comentarios y solicitudes a legal@due.network.

Individuals Privacy Notice

“Due Network”, “we”, “us” and “our” means:

• • Due Ltd, registered in the United Kingdom (“UK”) with registered address at 71-75 Shelton Street, Covent Garden, London WC2H 9JQ, and company registration number of 14369984;
  • Due Payments EOOD, registered in Bulgaria with registered address at Hubcha Str. No. 8, Floor 2, A-1, Krasno Selo, Sofia 1618, and company registration number of 207457701;
  • Due Network, S.L., registered in Spain with registered address at  Paseo de la Castellana 91, 4ª, 1ª, Madrid 28046, and company registration number of 16407272;
  • Due Payments Inc., registered in Canada with registered address at 80 Birmingham Street, Unit C6, Etobicoke, Ontario M8V3W6, and Ontario Corporation Number of 1000864948; and/or
  Due Technologies Inc., registered in the State of Delaware in the United States, with registered address at 169 Madison Avenue, STE 11441 New York 10016, NY,

and we are committed to respecting your privacy. 

About this privacy notice

For the purposes of data protection law, we are a data controller in respect of your personal data. We are responsible for ensuring that it uses your personal data in compliance with data protection law.

This privacy notice applies if you are an end user of our products and services. The privacy notice sets out the basis on which any personal data about you that you provide to us, that we create, or that we obtain about you from other sources, will be processed by us. Please take the time to read and understand this privacy notice. 

Personal data that we collect about you

We will collect and process the following personal data about you:

• Information that you provide to us or one of our affiliates. This includes information about you that you give us by filling in forms or by communicating with us, whether face-to-face, by phone, e-mail or otherwise. This information may include:

• contact details, including postal /shipping address, billing address, email address and phone number;
• country of residence;
• date of birth;
• full name;
• ID;
• on-chain wallet address;
• open banking details: bank credentials; and
• photograph.

• Information we collect or generate about you. This includes:

• contact details, including postal /shipping address, billing address, email address and phone number;
• country of residence;
• date of birth;
• full name;
• ID;
• on-chain wallet address;
• open banking details: bank credentials; 
• photograph; and
• transaction data, including:

• date of transaction(s);
• transaction amount;
• transaction currency;
• counterparty (i.e. client/merchant);
• payment method; and
• payment type (POS, online, etc.).

• Information we obtain from other sources.

• information provided by KYC/KYB third parties to carry out background screening checks (e.g. for sanctions etc); and
• information provided by wallet screening and transaction monitoring providers to check that the wallet being used is safe and that the funds being used are not connected to fraudulent/criminal activity.

Uses of your personal data

Your personal data may be stored and processed by us in the following ways and for the following purposes to ensure that you are eligible to use our services:

• to verify that the you are who you say you are (i.e. identity verification); 
• to confirm that you have the sufficient funds to be able to make the purchase; and 
• to ensure that you are a "good user" and are not associated with fraud, sanctions, crime, etc. 

We are entitled to use your personal data in these ways because:

• we have legal and regulatory obligations that we have to discharge; 
• we may need to in order to establish, exercise or defend our legal rights or for the purpose of legal proceedings; or
• the use of your personal data as described is necessary for our legitimate business interests (or the legitimate interests of one or more of our affiliates) set out above.

Disclosure of your information to third parties

We will take steps to ensure that the personal data is accessed only by our employees that have a need to do so for the purposes described in this notice.

We may also share your personal data outside of Due Network and our affiliates:

• if we sell any of our business or assets, in which case we may disclose your personal data to the prospective buyer for due diligence purposes;

• if we are acquired by a third party, in which case personal data held by us about you will be disclosed to the third party buyer;
• to third party agents or contractors (for example, the providers of our electronic data storage services) for the purposes of providing services to us. These third parties will be subject to confidentiality requirements and they will only use your personal data as described in this privacy notice; and
• to the extent required by law, for example if we are under a duty to disclose your personal data in order to comply with any legal obligation, establish, exercise or defend our legal rights.

Transfers of personal data outside the European Economic Area (“EEA”) and UK

The personal data that we collect from you may be transferred to, and stored at, a destination outside the EEA/UK. It may also be processed by staff operating outside of the EEA/UK who work for our affiliates or for one of our suppliers. 

Where we transfer your personal data outside the EEA/UK, we will ensure that it is protected in a manner that is consistent with how your personal data will be protected by us in the EEA/UK. This can be done in a number of ways, for instance:

• the country to which we send the data is approved by the European Commission/UK Government (as applicable); 
• the recipient may have adhered to binding corporate rules (only for intragroup transfers); or
• the recipient has signed a contract based on “model contractual clauses” approved by the UK Government / European Commission (as applicable), obliging them to protect your personal data.

In other circumstances the law may permit us to otherwise transfer your personal data outside the EEA/UK. In all cases, however, we will ensure that any transfer of your personal data is compliant with data protection law. 

You can obtain more details of the protection given to your personal data when it is transferred outside the EEA/UK (including a copy of the standard data protection clauses which we have entered into with recipients of your personal data) by contacting us in accordance with the “Contacting us” section below.

Retention of personal data

How long we hold your personal data for will vary. The retention period will be determined by various criteria including:

• the purpose for which we are using it – we will need to keep the data for as long as is necessary for that purpose; and
• legal obligations – laws or regulation may set a minimum period for which we have to keep your personal data.

Your rights

You have a number of legal rights in relation to the personal data that we hold about you. These rights include:

• the right to obtain information regarding the processing of your personal data and access to the personal data which we hold about you;
• the right to withdraw your consent to our processing of your personal data at any time. Please note, however, that we may still be entitled to process your personal data if we have another legitimate reason (other than consent) for doing so; 

• in some circumstances, the right to receive some personal data in a structured, commonly used and machine-readable format and/or request that we transmit those data to a third party where this is technically feasible. Please note that this right only applies to personal data which you have provided to us;
• the right to request that we rectify your personal data if it is inaccurate or incomplete;
• the right to request that we erase your personal data in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal data, but we are legally entitled to retain it;
• the right to object to, and the right to request that we restrict, our processing of your personal data in certain circumstances. Again, there may be circumstances where you object to, or ask us to restrict, our processing of your personal data but we are legally entitled to continue processing your personal data and / or to refuse that request; and
• the right to lodge a complaint with the data protection regulator (details of which are provided below) if you think that any of your rights have been infringed by us.

You can exercise your rights by contacting us using the details set out in the “Contacting us” section below.

Further information about your rights may be obtained by contacting the supervisory data protection authority located in your jurisdiction: 

• In the UK, the supervisory data protection authority is the Information Commissioner’s Office (“ICO”) - https://ico.org.uk/. 
• A list of National Data Protection Authorities in the EU can be found here. 

Contacting us

If you would like further information on the collection, use, disclosure, transfer or processing of your personal data or the exercise of any of the rights listed above, please address questions, comments and requests to legal@due.network.

Individuals Privacy Notice

“Due Network”, “we”, “us” and “our” means:

• • Due Ltd, registered in the United Kingdom (“UK”) with registered address at 71-75 Shelton Street, Covent Garden, London WC2H 9JQ, and company registration number of 14369984;
  • Due Payments EOOD, registered in Bulgaria with registered address at Hubcha Str. No. 8, Floor 2, A-1, Krasno Selo, Sofia 1618, and company registration number of 207457701;
  • Due Network, S.L., registered in Spain with registered address at  Paseo de la Castellana 91, 4ª, 1ª, Madrid 28046, and company registration number of 16407272;
  • Due Payments Inc., registered in Canada with registered address at 80 Birmingham Street, Unit C6, Etobicoke, Ontario M8V3W6, and Ontario Corporation Number of 1000864948; and/or
  Due Technologies Inc., registered in the State of Delaware in the United States, with registered address at 169 Madison Avenue, STE 11441 New York 10016, NY,

and we are committed to respecting your privacy. 

About this privacy notice

For the purposes of data protection law, we are a data controller in respect of your personal data. We are responsible for ensuring that it uses your personal data in compliance with data protection law.

This privacy notice applies if you are an end user of our products and services. The privacy notice sets out the basis on which any personal data about you that you provide to us, that we create, or that we obtain about you from other sources, will be processed by us. Please take the time to read and understand this privacy notice. 

Personal data that we collect about you

We will collect and process the following personal data about you:

• Information that you provide to us or one of our affiliates. This includes information about you that you give us by filling in forms or by communicating with us, whether face-to-face, by phone, e-mail or otherwise. This information may include:

• contact details, including postal /shipping address, billing address, email address and phone number;
• country of residence;
• date of birth;
• full name;
• ID;
• on-chain wallet address;
• open banking details: bank credentials; and
• photograph.

• Information we collect or generate about you. This includes:

• contact details, including postal /shipping address, billing address, email address and phone number;
• country of residence;
• date of birth;
• full name;
• ID;
• on-chain wallet address;
• open banking details: bank credentials; 
• photograph; and
• transaction data, including:

• date of transaction(s);
• transaction amount;
• transaction currency;
• counterparty (i.e. client/merchant);
• payment method; and
• payment type (POS, online, etc.).

• Information we obtain from other sources.

• information provided by KYC/KYB third parties to carry out background screening checks (e.g. for sanctions etc); and
• information provided by wallet screening and transaction monitoring providers to check that the wallet being used is safe and that the funds being used are not connected to fraudulent/criminal activity.

Uses of your personal data

Your personal data may be stored and processed by us in the following ways and for the following purposes to ensure that you are eligible to use our services:

• to verify that the you are who you say you are (i.e. identity verification); 
• to confirm that you have the sufficient funds to be able to make the purchase; and 
• to ensure that you are a "good user" and are not associated with fraud, sanctions, crime, etc. 

We are entitled to use your personal data in these ways because:

• we have legal and regulatory obligations that we have to discharge; 
• we may need to in order to establish, exercise or defend our legal rights or for the purpose of legal proceedings; or
• the use of your personal data as described is necessary for our legitimate business interests (or the legitimate interests of one or more of our affiliates) set out above.

Disclosure of your information to third parties

We will take steps to ensure that the personal data is accessed only by our employees that have a need to do so for the purposes described in this notice.

We may also share your personal data outside of Due Network and our affiliates:

• if we sell any of our business or assets, in which case we may disclose your personal data to the prospective buyer for due diligence purposes;

• if we are acquired by a third party, in which case personal data held by us about you will be disclosed to the third party buyer;
• to third party agents or contractors (for example, the providers of our electronic data storage services) for the purposes of providing services to us. These third parties will be subject to confidentiality requirements and they will only use your personal data as described in this privacy notice; and
• to the extent required by law, for example if we are under a duty to disclose your personal data in order to comply with any legal obligation, establish, exercise or defend our legal rights.

Transfers of personal data outside the European Economic Area (“EEA”) and UK

The personal data that we collect from you may be transferred to, and stored at, a destination outside the EEA/UK. It may also be processed by staff operating outside of the EEA/UK who work for our affiliates or for one of our suppliers. 

Where we transfer your personal data outside the EEA/UK, we will ensure that it is protected in a manner that is consistent with how your personal data will be protected by us in the EEA/UK. This can be done in a number of ways, for instance:

• the country to which we send the data is approved by the European Commission/UK Government (as applicable); 
• the recipient may have adhered to binding corporate rules (only for intragroup transfers); or
• the recipient has signed a contract based on “model contractual clauses” approved by the UK Government / European Commission (as applicable), obliging them to protect your personal data.

In other circumstances the law may permit us to otherwise transfer your personal data outside the EEA/UK. In all cases, however, we will ensure that any transfer of your personal data is compliant with data protection law. 

You can obtain more details of the protection given to your personal data when it is transferred outside the EEA/UK (including a copy of the standard data protection clauses which we have entered into with recipients of your personal data) by contacting us in accordance with the “Contacting us” section below.

Retention of personal data

How long we hold your personal data for will vary. The retention period will be determined by various criteria including:

• the purpose for which we are using it – we will need to keep the data for as long as is necessary for that purpose; and
• legal obligations – laws or regulation may set a minimum period for which we have to keep your personal data.

Your rights

You have a number of legal rights in relation to the personal data that we hold about you. These rights include:

• the right to obtain information regarding the processing of your personal data and access to the personal data which we hold about you;
• the right to withdraw your consent to our processing of your personal data at any time. Please note, however, that we may still be entitled to process your personal data if we have another legitimate reason (other than consent) for doing so; 

• in some circumstances, the right to receive some personal data in a structured, commonly used and machine-readable format and/or request that we transmit those data to a third party where this is technically feasible. Please note that this right only applies to personal data which you have provided to us;
• the right to request that we rectify your personal data if it is inaccurate or incomplete;
• the right to request that we erase your personal data in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal data, but we are legally entitled to retain it;
• the right to object to, and the right to request that we restrict, our processing of your personal data in certain circumstances. Again, there may be circumstances where you object to, or ask us to restrict, our processing of your personal data but we are legally entitled to continue processing your personal data and / or to refuse that request; and
• the right to lodge a complaint with the data protection regulator (details of which are provided below) if you think that any of your rights have been infringed by us.

You can exercise your rights by contacting us using the details set out in the “Contacting us” section below.

Further information about your rights may be obtained by contacting the supervisory data protection authority located in your jurisdiction: 

• In the UK, the supervisory data protection authority is the Information Commissioner’s Office (“ICO”) - https://ico.org.uk/. 
• A list of National Data Protection Authorities in the EU can be found here. 

Contacting us

If you would like further information on the collection, use, disclosure, transfer or processing of your personal data or the exercise of any of the rights listed above, please address questions, comments and requests to legal@due.network.

Individuals Privacy Notice

“Due Network”, “we”, “us” and “our” means:

• • Due Ltd, registered in the United Kingdom (“UK”) with registered address at 71-75 Shelton Street, Covent Garden, London WC2H 9JQ, and company registration number of 14369984;
  • Due Payments EOOD, registered in Bulgaria with registered address at Hubcha Str. No. 8, Floor 2, A-1, Krasno Selo, Sofia 1618, and company registration number of 207457701;
  • Due Network, S.L., registered in Spain with registered address at  Paseo de la Castellana 91, 4ª, 1ª, Madrid 28046, and company registration number of 16407272;
  • Due Payments Inc., registered in Canada with registered address at 80 Birmingham Street, Unit C6, Etobicoke, Ontario M8V3W6, and Ontario Corporation Number of 1000864948; and/or
  Due Technologies Inc., registered in the State of Delaware in the United States, with registered address at 169 Madison Avenue, STE 11441 New York 10016, NY,

and we are committed to respecting your privacy. 

About this privacy notice

For the purposes of data protection law, we are a data controller in respect of your personal data. We are responsible for ensuring that it uses your personal data in compliance with data protection law.

This privacy notice applies if you are an end user of our products and services. The privacy notice sets out the basis on which any personal data about you that you provide to us, that we create, or that we obtain about you from other sources, will be processed by us. Please take the time to read and understand this privacy notice. 

Personal data that we collect about you

We will collect and process the following personal data about you:

• Information that you provide to us or one of our affiliates. This includes information about you that you give us by filling in forms or by communicating with us, whether face-to-face, by phone, e-mail or otherwise. This information may include:

• contact details, including postal /shipping address, billing address, email address and phone number;
• country of residence;
• date of birth;
• full name;
• ID;
• on-chain wallet address;
• open banking details: bank credentials; and
• photograph.

• Information we collect or generate about you. This includes:

• contact details, including postal /shipping address, billing address, email address and phone number;
• country of residence;
• date of birth;
• full name;
• ID;
• on-chain wallet address;
• open banking details: bank credentials; 
• photograph; and
• transaction data, including:

• date of transaction(s);
• transaction amount;
• transaction currency;
• counterparty (i.e. client/merchant);
• payment method; and
• payment type (POS, online, etc.).

• Information we obtain from other sources.

• information provided by KYC/KYB third parties to carry out background screening checks (e.g. for sanctions etc); and
• information provided by wallet screening and transaction monitoring providers to check that the wallet being used is safe and that the funds being used are not connected to fraudulent/criminal activity.

Uses of your personal data

Your personal data may be stored and processed by us in the following ways and for the following purposes to ensure that you are eligible to use our services:

• to verify that the you are who you say you are (i.e. identity verification); 
• to confirm that you have the sufficient funds to be able to make the purchase; and 
• to ensure that you are a "good user" and are not associated with fraud, sanctions, crime, etc. 

We are entitled to use your personal data in these ways because:

• we have legal and regulatory obligations that we have to discharge; 
• we may need to in order to establish, exercise or defend our legal rights or for the purpose of legal proceedings; or
• the use of your personal data as described is necessary for our legitimate business interests (or the legitimate interests of one or more of our affiliates) set out above.

Disclosure of your information to third parties

We will take steps to ensure that the personal data is accessed only by our employees that have a need to do so for the purposes described in this notice.

We may also share your personal data outside of Due Network and our affiliates:

• if we sell any of our business or assets, in which case we may disclose your personal data to the prospective buyer for due diligence purposes;

• if we are acquired by a third party, in which case personal data held by us about you will be disclosed to the third party buyer;
• to third party agents or contractors (for example, the providers of our electronic data storage services) for the purposes of providing services to us. These third parties will be subject to confidentiality requirements and they will only use your personal data as described in this privacy notice; and
• to the extent required by law, for example if we are under a duty to disclose your personal data in order to comply with any legal obligation, establish, exercise or defend our legal rights.

Transfers of personal data outside the European Economic Area (“EEA”) and UK

The personal data that we collect from you may be transferred to, and stored at, a destination outside the EEA/UK. It may also be processed by staff operating outside of the EEA/UK who work for our affiliates or for one of our suppliers. 

Where we transfer your personal data outside the EEA/UK, we will ensure that it is protected in a manner that is consistent with how your personal data will be protected by us in the EEA/UK. This can be done in a number of ways, for instance:

• the country to which we send the data is approved by the European Commission/UK Government (as applicable); 
• the recipient may have adhered to binding corporate rules (only for intragroup transfers); or
• the recipient has signed a contract based on “model contractual clauses” approved by the UK Government / European Commission (as applicable), obliging them to protect your personal data.

In other circumstances the law may permit us to otherwise transfer your personal data outside the EEA/UK. In all cases, however, we will ensure that any transfer of your personal data is compliant with data protection law. 

You can obtain more details of the protection given to your personal data when it is transferred outside the EEA/UK (including a copy of the standard data protection clauses which we have entered into with recipients of your personal data) by contacting us in accordance with the “Contacting us” section below.

Retention of personal data

How long we hold your personal data for will vary. The retention period will be determined by various criteria including:

• the purpose for which we are using it – we will need to keep the data for as long as is necessary for that purpose; and
• legal obligations – laws or regulation may set a minimum period for which we have to keep your personal data.

Your rights

You have a number of legal rights in relation to the personal data that we hold about you. These rights include:

• the right to obtain information regarding the processing of your personal data and access to the personal data which we hold about you;
• the right to withdraw your consent to our processing of your personal data at any time. Please note, however, that we may still be entitled to process your personal data if we have another legitimate reason (other than consent) for doing so; 

• in some circumstances, the right to receive some personal data in a structured, commonly used and machine-readable format and/or request that we transmit those data to a third party where this is technically feasible. Please note that this right only applies to personal data which you have provided to us;
• the right to request that we rectify your personal data if it is inaccurate or incomplete;
• the right to request that we erase your personal data in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal data, but we are legally entitled to retain it;
• the right to object to, and the right to request that we restrict, our processing of your personal data in certain circumstances. Again, there may be circumstances where you object to, or ask us to restrict, our processing of your personal data but we are legally entitled to continue processing your personal data and / or to refuse that request; and
• the right to lodge a complaint with the data protection regulator (details of which are provided below) if you think that any of your rights have been infringed by us.

You can exercise your rights by contacting us using the details set out in the “Contacting us” section below.

Further information about your rights may be obtained by contacting the supervisory data protection authority located in your jurisdiction: 

• In the UK, the supervisory data protection authority is the Information Commissioner’s Office (“ICO”) - https://ico.org.uk/. 
• A list of National Data Protection Authorities in the EU can be found here. 

Contacting us

If you would like further information on the collection, use, disclosure, transfer or processing of your personal data or the exercise of any of the rights listed above, please address questions, comments and requests to legal@due.network.