1. Personal identification information
- 1.1 We may collect personal identification information from users in a variety of ways, including, but not limited to, when users visit our website (“Website”), register on the Website, use the Services, and in connection with activities, services, features, or resources we make available on the Website from time to time.
- 1.2 The personal information that we may collect from you will depend on your type of usage of our services and may include
- 1.2.1 your name and title;
- 1.2.2 address and email address;
- 1.2.3 your date and place of birth;
- 1.2.4 your citizenship(s);
- 1.2.5 incorporation and controller information;
- 1.2.6 information about your investor status;
- 1.2.7 information about your source of funds;
- 1.2.8 your KYC and CDD documentation;
- 1.2.9 payment information;
- 1.2.10 nature of the product or service requested;
- 1.2.11 login details;
- 1.2.12 location information;
- 1.2.12 related information required for the supply of the Platform and other services to you.
2. Non-personal identification information
- 2.1 We may also collect non-personal identification information from users when they interact with the Website and our platform (“Platform”). This may include the browser name, type of computer or mobile device, and technical information about the means of connection, including, but not limited to, the operating system and internet service providers.
3. Legal basis for using your personal information
- 3.1 The use of your personal information is necessary to perform the relationship between us. In order to use our services, we must be able to use your information to respond to your requests and provide the services.
- 3.3 We may use your personal information for various legitimate interests, including the improvement of our products and services, meeting our legal, regulatory and ethical obligations, ensuring the security of our systems and managing the content of the Website. When processing personal information to meet these legitimate interests, we balance these against the fundamental rights and freedoms of data subjects and put in place robust safeguards to ensure that your privacy is protected.
- 3.4 We may use or disclose your personal information when required to do so by law, regulation or requests of a competent authority (for example, regulatory KYC and reporting obligations) or within the Komainu group of entities and its affiliates solely for the purposes set out above. Komainu will use reasonable endeavours to ensure the data is only accessible by those with a need for access.
- 3.5 Occasionally, we may have to process more sensitive personal data which requires special protection. We will only collect such data with your express consent in instances where it is necessary for compliance with legal or regulatory obligations.
4. Your rights over personal information
- 4.1 Subject to applicable laws, you have rights regarding your personal information, including: access, rectification, erasure and blocking, restriction of use, objection to use, data portability, and the filing of a claim to your local data protection authority.
5. Web browser cookies and tracking technologies
6. Analytics & Advertising
- 6.2 Google is self-certified under the EU-US Privacy Shield framework.
- 6.3 Google will use this information for the purpose of evaluating your use of our services, compiling reports on service activity for service operators, and providing other services relating to services activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.
- 6.4 Our services use MailChimp, a US-based email service, to store your details and send you our newsletter. In the process of working with Mailchimp your data may be transferred outside the EEA, to the US. Mailchimp is self-certified under Privacy Shield and lawfully transfers EU/EEA personal data to the US according to its Privacy Shield certification.
7. Information storage and retention
- 7.1 We adopt appropriate data collection, storage, and processing practices and security measures to protect against unauthorized access, alteration, disclosure, or destruction of your personal information, username, password, transaction information, and data stored on the Platform.
- 4.2 All personal information shall be dealt with in accordance with the Data Protection (Jersey) Law 2018 and the General Data Protection Regulation (EU) 2016/679.
- 7.3 We will retain your personal information for a period of time which enables us to:
- 7.3.1 maintain business records for analysis and/or audit purposes;
- 7.3.2 comply with record retention requirements under applicable law;
- 7.3.3 defend or bring any existing or potential legal claims;
- 7.3.4 deal with any complaints regarding the services.
- 7.4 We will delete your personal information when it is no longer needed for these purposes. If we cannot delete it, for technical reasons, entirely from our systems, we will put in place appropriate measures to prevent any further processing or use of the data.
8. Information storage and retention
- 8.1 We may disclose personal information without notice to you if a law, regulation, search warrant, subpoena, court order, or regulatory notice permits or requires us to do so. We may also disclose personal information without notice to you to prevent fraud or abuse, or to protect the rights, property, or personal safety of one of our employees, users, service providers, or the public.
- 8.2 We may share your personal information with third party service providers to fulfil or enhance the service provided to you.
- 8.3 We may share your personal information with other employees, directors, or officers of any of our group entities.
- 8.5 We may disclose otherwise confidential personal data or information if compelled to do so by laws and regulations applicable to us or our agents, whether in the EEA or elsewhere.
- 8.6 We shall not sell, trade, or rent your personal information to others.
9. Data-controlling entity
- 9.1 Komainu Holdings Limited is the ultimate data controller for the Komainu group of entities. In addition, certain other Komainu entities may act as a data controller if registered as such in the relevant jurisdictions.
- 10.1 We are not structured or intended to attract any person under the age of 18.
Should you wish to report a complaint or feel that we have not addressed your concern in a satisfactory manner, you may contact the Jersey Office of the Information Commissioner ([email protected] or [email protected]).