Br Stone Limited, company number 2020-00035, registered Rodney Bayside Building, Rodney Bay, Gros-Islet, St. Lucia (“Company”; “we”; “us”; “our”), and its affiliates, respect your privacy and value its importance, and are wholly committed to keeping your information safe and secure.
We process your data in an appropriate and lawful manner, in accordance with the St. Lucia data protection laws (the “Regulation” ) and with other subsequent laws (“Data Protection Laws”).
It is important that you read this Policy together with any other privacy notices we may provide on specific occasions when we are collecting or processing Personal Data about you so that you are fully aware of how and why we are using your data.
The Policy covers following questions:
- The data we collect about you
- How is your data collected
- How we use your Personal Data
- Data retention
- Disclosure of your Personal Data
- International transfers
- Data security
- Rights of users
- Our Contacts
2. THE DATA WE COLLECT ABOUT YOU
We may collect, use, store, and transfer different kinds of Personal Data about you as follows:
Identity Data: first, middle and last name, date of birth, citizenship, Passport / ID / Driving license number, username or similar identifier, marital status, title, date of birth, gender.
Contact Data: address (country, state, city, street, building number, flat number), e-mail address, phone numbers.
Transaction Data: debit/credit cards details, crypto wallet details, your transactional history on the Company’s platform, the payments made to and from you.
AML and KYC Data: (i) copy of your national identity document, passport and/or driver's license, (ii) proof of residence (for example, a recently issued utility bill, Internet/Cable TV/House phone line bills, bank statement, tax returns, council tax bills, the Government issued Certifications of Residency ), (iii) a ‘selfie' with passport/ID/Driving license (for identity verification), (iv) KYC database checks, (v) fraud database checks and (vi) any documentation or information which we may be from time to time mandated to collect by any competent authority, including, as applicable, any other documentation or information which may be mandated on us from time to time:
- required to collect to ensure compliance with any applicable legislation (including applicable foreign laws) and global AML/KYC practices; and/or
- otherwise mandated to collect by the Financial Intelligence Authority (FCI) and/or any other competent authority, including, as applicable, any other documentation or information which may be mandated on us from time to time by applicable law and by any other competent authority or related legislation (including overseas authorities and applicable foreign laws).
Technical Data: internet protocol (IP) address, your credential data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices which you (whether a client or otherwise) use to access and browse the Website, logs (all the users' actions on the Website)
Marketing and Communications Data: includes your preferences in receiving marketing from us or our third parties and your communication preferences. This may include information whether you have subscribed or unsubscribed from any of our mailing lists, attended any of our events, or accepted any of our invitations.
We will also collect, use and process any other information that you voluntarily choose to provide or disclose to us.
If you fail to provide Personal Data we may not be able to perform or conclude the contract which we have or are otherwise trying to enter into with you (namely regarding your account opening and provision of the Company’s services).
In certain cases, particularly where it relates to KYC due diligence data, we may need to exercise our prerogative to terminate our contract with you or decline to enter into a customer relationship with you.
We will however notify you if this is the case at the time.
3. HOW IS YOUR DATA COLLECTED
We generally use different methods to collect data from and about you including through:
Direct interaction with you
You consent to giving us information about you by filling in forms on our Website, complete the required application steps, request and receive our Services.
Automated technologies or interactions
When you interact with our Website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We may collect this Personal Data by using cookies, server logs and other similar technologies.
Third parties or publicly available sources
We may receive Personal Data about you from various third parties (for ex. outsourced third- party KYC providers) and public sources.
4. HOW WE USE YOUR PERSONAL DATA
We are careful about how we use your information. We will only use your Personal Data when the law allows us to. Most commonly, we will use your Personal Data in the following circumstances:
Where you wish and consent to enter into a customer relationship with us.
Where we need to perform the contract we have, or which are about to enter with you as a customer.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Where we need to comply with a legal or regulatory obligation.
Note that we may process your Personal Data pursuant to more than one lawful ground or basis, depending on the specific purpose for which we are using your data.
We collect, use and exchange your information for the following purposes:
- To set up your account and to provide the Services;
- To identify and authenticate your access to certain features of the Services;
- To authenticate your identity for the purpose of compliance with regulatory Know Your Customer requirements;
- To communicate with you, to deliver Services and to keep you informed of our latest updates;
- To market our website and the Services;
- To perform research or to conduct analytics in order to improve and customize the Services to your needs and interests;
- To support and troubleshoot the Services and to respond to your queries;
- To investigate and resolve disputes in connection with your use of the Services;
- To detect and prevent fraudulent and illegal activity or any other type of activity that may jeopardize or negatively affect the integrity of the Services; and
- To investigate violations and enforce our policies, and as required by law, regulation or other governmental authority, or to comply with a subpoena or similar legal process or respond to a government request.
We shall use the Personal Data in compliance with the confidentiality and only use such data as far and as long as this is necessary for the purposes of the Website utilization, rendering of Services and for keeping Website users informed of our Services.
5. DATA RETENTION
We will only retain your Personal Data for as long as necessary to fulfil the purposes for which we collected it and, thereafter:
- for the purpose of satisfying any legal, accounting, tax, anti-money laundering and regulatory obligations or reporting requirements to which we may be subject; and/or
- to the extent that we may also need to retain your Personal Data to be able to assert, exercise or defend possible future legal claims against you or that otherwise involve you.
In the event that you do not use the account for the period of 2 (two) years and its balance equals to zero then we will treat the account as expired and your Personal Data may be deleted.
The company can and will store your personal data for the period of (6) six years from the termination of your customer relationship with the Company (which would typically arise from the closure or termination of your customer account). This retention period enables us to make use of your Personal Data for any applicable AML retention and reporting obligations, and for the filing, exercise or defence of possible future legal claims. In certain cases, we may need to retain your Personal Data for a period of up to ten (10) years in order to comply with applicable accounting and tax laws (this will primarily consist of your Transaction Data). There may also be instances where the need to retain Personal Data for longer periods, as dictated by the nature of the products and services provided.
6. DISCLOSURE OF YOUR PERSONAL DATA
We may share Personal Information with the following recipients which may be in or outside your jurisdiction: (i) our subsidiaries; (ii) affiliated companies; (iii) subcontractors and other third-party service providers; (iv) auditors or advisers of our business processes; and (v) any potential purchasers or investors in the Company.
We may share your Personal Data with law enforcement agencies, public authorities and judicial bodies (local and overseas).
We require all affiliated entities and third-party service providers to respect the security of your Personal Data and to treat it in accordance with the law. We do not allow them to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our documented instructions.
7. DATA SECURITY
We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed.
We also limit access to your Personal Data to strictly those employees, agents, contractors and third parties that have a professional ‘need-to-know'. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality. All our employees have received appropriate training on data protection.
We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
8. RIGHTS OF USERS
- You have certain rights with respect to your Personal Data according to Data Protection Laws as specified below:
- Request access to your Personal Data.
- Request Correction of your Personal Data.
- Object to processing of the Personal Data.
- Request restriction of processing your Personal Data.
- Request transfer of your Personal Data.
- Right to withdraw consent.
- If you wish to exercise any of the rights set out above, please contact us at [email protected] No fee is usually charged. You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.
- You have the right to lodge a complaint at any time to a competent supervisory authority on data protection matters, such as (in particular) the supervisory authority in the place of your habitual residence or your place of work.
- We would, however, appreciate the opportunity to deal with your concerns before you approach the supervisory authority, so please contact us in the first instance at [email protected]
The Services are not designated to individuals under the age of 18. If you are under 18 years old, you should not use the Services or provide any Personal Information to us.
We reserve the right to access and verify any Personal Information collected from you. In the event that we become aware that an individual under the age of 18 has shared any of their information, we will discard such information. If you have any reason to believe that a minor has shared any information with us, please contact us at [email protected]
It is imperative that the Personal Data we hold about you is accurate and current at all times. Otherwise, this will impair our ability to provide you with the Services that you may request from us.
Please keep us informed if any of your Personal Data changes during our relationship with you.
11. OUR CONTACT DETAILS
Full name of legal entity: Br Stone LTD
Email address: [email protected]
Postal address: Rodney Bayside Building, Rodney Bay, Gros-Islet, St. Lucia
Please use the words ‘Data Protection Matter' in the subject line.