This policy sets forth how ClearToken collects, uses and shares the information you provide to us and the information we collect in the course of operating our business and our websites. We comply with the applicable data protection laws of the United Kingdom, in particular the UK General Data Protection Regulation (UK GDPR).
This policy at any time by amending this page. We recommend that you check this page on a regular basis to remain aware of any relevant changes made. This policy was last updated on 31 July 2023.
Where we refer to ClearToken or “we”/”us”/”our” we mean ClearToken Services Ltd, incorporated under the laws of England and Wales with company number 14488617. Our registered office is C/O ClearToken Services Ltd, 33 Queen Street, London, EC4R 1BR, United Kingdom.
Purpose of this Policy
ClearToken places a strong emphasis on privacy and data protection and is dedicated to safeguarding your personal information and client confidentiality. To ensure adherence to data protection laws and regulations, including without limitation the UK GDPR, this policy outlines how ClearToken processes and secures your personal data, along with the rights you have under these laws and regulations. This policy is applicable whenever we handle your personal data, including interactions on our website or other digital platforms, or when you sign up for our services. The specific data processed and their usage depend on the requested or agreed-upon services in each situation.
Before using ClearToken’s services or providing any personal data, it is essential to familiarize yourself with our practices concerning your personal data, how we will handle it, and the circumstances in which it might be disclosed to third parties. The processing of personal data adheres to the stipulations of the UK GDPR.
When ClearToken collects and processes your personal information, it acts as the data controller. ClearToken may transfer your personal data to its affiliated companies located outside of the UK, specifically ClearToken Holdings BVI Limited. In such cases, ClearToken ensures that appropriate protection is in place for your personal data, ensuring it is processed on behalf of ClearToken in a manner that meets the required standards.
What is Personal Data / Client Registration
“Personal data” encompasses any information that allows us to identify you, including but not limited to your name, email address, or an online identifier such as an IP address that can reasonably be connected to you. When using our digital channels, such as the website, you may be requested to provide personal data. If you decide to register as a new corporate client or investor, we may collect the following data:
- Company name / Company address
- Professional information, e.g., employer and title
- First and Last name
- Copy of passport or other government issued ID
- E-Mail Address / Phone Number / Residential Address
- Some additional information as required, e.g. what kind of service is desired, to ensure compliance with KYC/AML requirements under the UK Money Laundering Regulations 2017 (as amended).
We gather this data to fulfil our pre-contractual and contractual legal obligations as defined by the UK GDPR. The processing of personal data extends beyond our clients and encompasses suppliers, prospects, website users, employees, job applicants, vendors, and third parties. Our objective is to restrict the processing of this data to the essential minimum and in compliance with the relevant laws and regulations.
Updating Your Personal Information
If you need to update or modify your personal information, including your contact details, kindly inform ClearToken in writing at the contact details provided below as soon as possible.
Please be aware that our website may occasionally include links to third-party websites or digital platforms for your convenience. We advise you to review the privacy and security policies and procedures of each and every other website or digital platform you visit. This will help you understand how your information may be handled by those third parties.
Origin of Personal Data That We Collect
We collect personal data to the extent that is legally permitted and in particular from the following sources:
Personal Data that is Given to Us by the Data SubjectWe will process personal data that you give to us including when you email us or contact us through various channels as follows:
- signing up for newsletters, webinars, participating in discussion boards or other social media functions, attending events, or using digital asset acquisition or storage services provided by us. Additionally, it encompasses situations when you get in touch with us with inquiries or respond to our communications.
- When you or the company you represent becomes a client of ClearToken and opens an account, you will provide us with personal data. If you are not a client, we may collect or receive your personal information if you are involved in one of our client’s matters.
- When you apply for a role with us, you may furnish us with your personal data, which you submit directly to us, or it may be provided by third-party agencies and recruiters on your behalf. We solely process the personal data required to evaluate your suitability for the position you are applying for.
Personal Data We Obtain From Other Sources
- When you apply for a position with ClearToken, we may collect personal data concerning your past employment, qualifications, education, opinions from third parties about you, employment history, and other relevant details. This information could be provided to us by a third-party agency that conducts background screening services on our behalf. In addition, we might request information from official registers, such as criminal records checks or credit history, to assess your suitability for the position.
- Personal data that is essential for facilitating the products and services offered by ClearToken and is transmitted to us through the technical infrastructure. This includes login information for ClearToken, access to document sharing spaces, payment and trading transactions, as well as collaborations with financial or IT service providers.
- Personal data from third parties, such as authorities or sanction lists etc (e.g. issued by the UK Treasury (HMT), US Office of Foreign Assets Control (OFAC), the European Union (EU))
- Personal data that is publicly assessable.
Purpose and Usage of Data
We may process personal data as described below to the extent legally permitted:
- When enhancing and managing our products and services, as well as to keep the information of individuals with whom we have a business relationship up to date;
- When engaging in market research, marketing, and business development activities related to our services. This could involve sending you newsletters, marketing communications, and other information that we believe may be of interest to you, as well as inviting you to events tailored for clients, prospects, and other relevant individuals.
- For compliance, legal and/or regulatory purposes, including fulfilling disclosure, notification, and reporting obligations to relevant authorities; these obligations encompass areas such as anti-money laundering and countering terrorist financing efforts;
- In order to exercise or defend our legal rights, as well as for legal proceedings involving us, our employees, or our clients;
- Reviewing and processing a job application;
- When managing, controlling, and monitoring business-related decisions and risks, including processing business operations efficiently, such as investment profiles, limits, and assessing operational and fraud risks.
Grounds for Processing Your Personal Data
We rely on the following legal grounds to process your personal information:
On the Basis of Your Consent
If you have provided consent for the processing of your personal data for specific purposes, you can withdraw your consent at any time by reaching out to us (contact details provided below).
For Fulfilment of Contractual Obligation
The data processing purposes primarily revolve around delivering services to you or conducting pre-contractual measures based on a request. This may entail needs assessments, offering support, and facilitating transactions related to the specific products and services you seek.
For Compliance with a Legal Obligation
Where we are bound by various legal obligations, particularly statutory requirements such as the Money Laundering Regulations 2017 (as amended) and relevant tax laws, the data processing purposes in such cases encompass identity verification, anti-fraud, and anti-money laundering measures, meeting tax law obligations, fulfilling reporting requirements, and assessing associated risks.
For the Purpose of Protecting a Legitimate Interest
We may process your personal data when it is necessary to safeguard our legitimate interests or those of a third party. Some examples of such legitimate interests include ensuring IT security, preventing and investigating crimes, asserting legal claims, and conducting marketing activities, as mentioned earlier.
For the Purpose of Public Interest
We may process your personal data on the basis of substantial public interest in accordance with UK GDPR. This processing is carried out to fulfil our regulatory obligations, ensure the stability and security of financial markets, prevent fraud, and promote the stability and integrity of the financial system as a whole. It allows us to contribute to maintaining a fair and well-functioning financial environment, ultimately benefitting both our participants and the broader public interest.
For the Purpose of Vital Interest
We may process your personal data on the basis of vital interest in accordance with UK GDPR. This processing is carried out to protect the essential interests of individuals, especially in situations where their life or physical well-being may be at risk. Ensuring the safety and well-being of our participants and stakeholders is of paramount importance, and processing personal data based on vital interest allows us to take necessary actions to prevent harm and provide immediate assistance in critical situations.
How We Share Personal Data with Third Parties
From time to time, ClearToken engages with various third-party service providers and suppliers to deliver certain services. To ensure compliance with this Policy, ClearToken establishes Data Flow Agreements with each provider. These agreements mandate that the providers process your personal data in accordance with our policies and requirements. This may include:
- We may share your personal data with third-party suppliers or contractors who are obligated to maintain confidentiality. This sharing occurs in connection with the processing of your personal data for the purposes described in this Policy. These third parties may include IT and communications service providers or website hosting companies. Notably, our website is hosted on servers located in the UK and operated by AWS.
- Third parties relevant to our services may include, but are not limited to, counterparties to transactions and other professional service providers.
The following third parties may also have access to your personal information:
- any other person who is authorised to act on your behalf;
- regulators, government departments, law enforcement authorities, tax authorities and insurance companies;
- any relevant dispute resolution body or the courts; and
- persons or businesses in connection with any sale, merger, acquisition, disposal, reorganisation or similar change to our business.
When transferring your personal information to third countries outside of the UK, the service providers involved are required to adhere to data protection standards in the UK. Additionally, they must follow written instructions as stipulated in agreements containing standard contractual clauses. Any transfer of your personal information will always be conducted in compliance with relevant rules and regulations.
Storage of Data and Data Security
How long we hold your personal data for will vary and will depend primarily on:
- the purpose for which we are processing your personal data – we will need to keep the information for as long as is necessary for the relevant purpose, and
- legal obligations – laws or regulation have set a minimum period for which we have to keep your personal data.
We will retain your personal data only for as long as necessary, unless there is a legal requirement to keep it for a specific statutory retention period. Rest assured that we implement appropriate security measures to safeguard your stored data, and we continuously enhance these measures by leveraging advancements in technology.
Data Subject Rights
You have several legal rights concerning the personal information we hold about you, and you can exercise these rights by contacting us using the contact details provided below.
Our obligations ensure your right to:
- access the personal information held about you (as noted above)
- have your personal information rectified if it is inaccurate or incomplete;
- erasure as long as there is no legal basis that allow us to further process such data;
- restrict the processing of your personal information under certain conditions;
- object certain processing of personal data;
- where applicable, data portability – under some circumstances, receiving some personal data that you have provided to us in a machine-readable format;
- where applicable, to lodge a complaint with a supervisory authority; and
- where you have provided consent to the processing of personal data, to request to withdraw such consent at any time. Please note that the revocation will take affect in the future.
If you decide to exercise your rights to restrict or delete personal data, please be aware that this may impact our ability to provide you with a complete service.
As per the provisions of money laundering law, we are obligated to verify your identity before establishing the authority or authorization. This verification may involve requesting documents such as your passport and recording essential details such as your name, date of birth, and address. To fulfil this statutory obligation, you must provide us with the required information and documents promptly, and also inform us of any changes that occur during our business relationship. Failure to provide the necessary information and documents may prevent us from entering into or continuing the business relationship. We do not make decisions based solely on automated processing.
How to Contact Us
You may contact us in writing to the email address or via regular mail to the address indicated below.
- Email: email@example.com
- Post: C/O ClearToken Services Ltd, 33 Queen Street, London, EC4R 1BR
If you are not satisfied with the response you receive from us or how we handle your personal information, then please let us know. We will examine your issue and improve, where necessary. We understand how crucial the protection of personal data is, especially in an online environment.
At this time, ClearToken itself does not collect any cookies of website visitors/users. In this regard, we emphasise that this policy may be updated from time to time, and that in the future cookies of website visitors/users may come into scope of this policy.