Portfolio
KodeLab Ltd
Data Protection Privacy Policy
Last updated on August 24
This Privacy Policy is meant to inform and let you understand in detail how KodeLab Ltd and its affiliates (hereinafter “KodeLab” or “We“) process and operate the personal information (hereinafter the “data“ or “personal data“). We collect from people using KodeLab’s products and services, visiting its website [https://kodelab.io/] what personal data we collect and store, for how long, how and why we use it and what are your rights to control personal information We hold about you.
The concept of “data” or “personal data” in this Privacy Policy encompasses any form of personal data relating to yourself and more specifically any information related to you and that may allow us or a third party to directly or indirectly identify you as a natural person, including where you act as a representative of a legal person.
We recommend you read this privacy policy carefully in order to understand our practices in the processing of your data. This policy may evolve over time, and we recommend you to regularly check the latest version. Substantial changes will be notified to you, but we may also update the policy on minor issues from time to time without notifying you.
This policy sets out the basis on which any personal information we collect from you, or that you provide to us, will be processed by us.
The protection of your data and your privacy is of paramount importance for us and therefore we ensure to comply with data protection laws including the UK Data Protection Act 2018 (hereinafter the “DPA 2018”) and the European Union Regulation 2016/679 of 27 April 2016 on the protection of personal data (the “GDPR“ ), and any other implementing act or regulations.
This policy applies to any individual anywhere in the world, though some of its terms may be relevant only to users specifically authorised to use some of our services, as the case may be. We try to highlight this more in detail below. As some of our activities are regulated and subject to government licences or authorizations, not all our services may be available to you, and hence not all the provisions of this policy may apply to you. We operate in particular those regulated activities within the United Kingdom (hereinafter the “UK”).
We are a UK-based company, with the corporate details listed in the table below:
KodeLab Ltd
With registered offices at:
Kodelab LTD,
75 King William street,
EC4N 7BE London,
United Kingdom
UK Companies House number: 13585838
KodeLab has a specific role and responsibilities when it comes to your personal data. We operate in particular as a service provider of our Users, as further highlighted below, supervising the safety and security of your personal data and ensuring that your data is shared only with the appropriate affiliates or business partners having the required access and management rights.
We exercise or intend to exercise a regulated activity and independently determine the means and purposes of the processing of your personal data in the context of this regulated activity. Against this background, KodeLab is accountable for the full compliance with the DPA 2018 (and GDPR), in relation to the activities listed below:
Role(s) as Data Controller
Processing of your personal data in relation to the UK regulated crypto service provider services offered in the UK and worldwide, with the exception of high risk countries (which at the time of writing includes: Afghanistan, Albania, Barbados, Burkina Faso, Cambodia, Cayman Islands, Democratic People’s Republic of Korea, Democratic Republic of the Congo, Gibraltar, Haiti, Iran, Jamaica, Jordan, Mali, Morocco, Mozambique, Myanmar, Panama, Philippines, Senegal, South Sudan, Syria, Tanzania, Trinidad and Tobago, Turkey, Uganda, United Arab Emirates, Vanuatu, Yemen). For up-to-date list, see combined UK, FATF and EU lists here: https://www.legislation.gov.uk/uksi/2022/1183/made, https://www.fatf-gafi.org/en/publications/High-risk-and-other-monitored-jurisdictions/Increased-monitoring-february-2023.html, and https://finance.ec.europa.eu/financial-crime/high-risk-third-countries-and-international-context-content-anti-money-laundering-and-countering.
In addition, the above service will not be offered to U.S. Persons, which are defined as either U.S. residents or U.S. citizens.
For any further information on our data protection practices or concerning your personal data as a User, please contact us at the following address [privacy@kodelab.io].
We collect and process personal data solely for the purposes described in this policy. Pursuant to our contractual or pre-contractual relationship, or whenever you visit our website, we can collect the following personal data from you:
When we process sensitive personal data concerning you, we request your specific and explicit consent in advance, unless we are authorised to process such data without your consent, in particular in order to comply with legal and regulatory obligations and requirements by which we are bound.
2.1 Performance of (pre) contractual obligations
Your data is processed in response to a request to conclude a contract for a new customer and to perform the contract concluded. In this context, we process your data to:
• Follow up and respond to your request;
• Create an account and register your profile
• Assess the advisability and estimate the risks relating to a possible contract;
• Assess your solvency;
• Determine the conditions and guarantees under which the contract is to be concluded.
Pursuant to contracts in progress or the management of concluded contracts, we have to put in place a certain number of diverse data processing procedures and operations, including in order to take account of the general obligations of KodeLab on the administrative and accounting front.
More specifically, we process your data in connection with the performance of contracts as follows:
• Management of your requests for and orders of our products and services;
• Follow-up of our services;
• Central customer management;
• Invoicing of our products and services.
We may have to process your data for additional purposes under the contractual relationship with you and for the performance of contracts.
2.2 Fulfilment of our legal obligations
We have to comply with numerous legal and regulatory obligations and requirements. Such obligations may require us to cooperate with the competent authorities and/or third parties and transmit some of your data as and when necessary.
These obligations fall mainly under the following legal and regulatory areas:
•For Know Your Customer (KYC) / Anti-Money Laundering & Counter Terrorism Financing (AML/CTF) purposes during sign up and periodically afterwards during business relationship;
•The obligation to proceed to particular verification concerning risk analysis, solvency, reimbursement capacities, etc.;
•The obligation to comply with the applicable banking, tax and accounting legislation;
•The obligation to respond to official requests from local or freight tax or judicial authorities;
•Obligations relating to consumer protection;
The list of legal and regulatory areas by virtue of which we need to process your data is non-exhaustive and subject to change.
2.3 Our legitimate interest
When the processing is not strictly necessary for one of the aforementioned purposes, We may also process your personal data for other reasons to do with the pursuit of our personal interests. In such a case, however, We endeavour to strike a balance between the necessity to process your data and the protection of your rights and freedoms, including the right to the protection of your privacy. In such an eventuality, We will keep you informed of the legitimate interest we pursue and provide transparent information on the processing activities and your rights.
In this context, we may process your personal data in order to:
• Customise the products and services of KodeLab;
• Develop and improve KodeLab’s data analytic activities;
• Offer you a data analytics services up to date and matching your interests;
• Secure proof for the legally required period;
• Ensure and guarantee the protection of persons and property, fight against fraud or attempted intrusion, abuse or other violations;
• Defend and preserve the rights of KodeLab and persons it represents before courts and tribunals and any other competent authorities;
• Train our staff;
• Improve our products and services and see to the follow-up of our activities, including by conducting research or statistical analysis, or carrying out surveys with our customers;
• Improve the use of our website through cookies so as to enhance the user experience.
2.4 Our Particular legitimate interest, advertising and direct marketing
We proceed to segment our customers so as to offer you appropriate products and services from KodeLab or its business partners which correspond to your professional and/or personal situation and to products/services which you already have. To this end, we are likely to:
•Assess your behaviour when you visit our websites;
•Assess your prospect or customer interaction data;
•Contact you again about a product/service in which you showed interest on our websites, but did not confirm your shopping basket/order;
•Offer you products/services from our business partners likely to interest you;
•Collect your browsing data via your IP address or with our cookies. For the use we make of cookies, click here to read our [https://kodelab.io/legal/cookiePolicy].
2.5 Your consent to electronic communication
Finally, we may use your electronic contact details, i.e. your mobile telephone number, e-mail address, social media channels (e.g. Twitter and Facebook) and our Support Chat to send you information, advertisements or customised offers relating to the products/services of KodeLab or its business partners through direct marketing actions or newsletters. In such a case, we ask specifically for your consent in advance.
We will not disclose, sell or rent your personal data to any third party, except as described in this privacy policy.
Our business partner KYC Global Technologies Limited, with its registered office at 6 Esplanade, St Helier, Jersey, JE1 1BX, Channel Islands, and registered with the Jersey Commercial Register under number 120738 (hereinafter “RiskScreen” and / or the “Data Processor”) may have access to your personal data as a data processor of the Data Controller identified above, and the purposes of providing us with its identification and verification solution.
The above Data Processor and Sub-Processor only process your data upon the documented instructions of the aforesaid Data Controller. Hence, your personal data remains controlled and supervised by the Data Controller, who is entirely accountable towards you.
When you are using our crypto asset wallet and exchange services, if you share your (public) crypto address, given the inherent transparency of the blockchain protocols supporting virtual assets, your balance and transactions may potentially be visible to third parties.
We may also share personal data with third parties who perform data processing activities on our behalf, and only insofar as this is necessary. As far as these service providers are acting as data processor, on our behalf, we do not authorise them to use or disclose the data in any way except as specified in this privacy policy. We require that these data processors and sub-processors appropriately safeguard the privacy and security of the personal data they process on our behalf.
We share/disclose data in particular in the following eventualities:
1. Where we are required to do so (i) by applicable law, (ii) by a governmental body, (iii) by a law enforcement agency or (iv) in connection with an investigation of suspected or actual fraudulent or illegal activity;
2. When acting on behalf of business partners, for transactional operation, we may need to transfer your data to such partners, in accordance with their instructions;
3. When we call on providers to provide advertising, direct marketing and communication services.
In all these cases, we always make sure that third parties have only limited access to the personal data needed to perform the specified tasks required.
We keep your data in the UK. We may have to transfer your data to a country outside the UK, including to countries that would not offer a sufficient level of protection pursuant to the criteria set by the UK (e.g. a transfer to a subsidiary located outside the UK). In such an eventuality, we will guarantee an appropriate level of protection for your data by resorting to standard data protection clauses / international data transfer agreements (“IDTA”) of the UK Information Commissioner’s Office (“ICO”) or any other means so as to guarantee that your data will be transferred in a secure environment.
5.1 Access, rectification, erasure, portability and objection rights
For all the purposes defined here above, and within the limits provided by applicable data protection laws, you have rights as a data subject. We want you to be aware of these rights, namely:
• The right to ask us to provide you with copies of personal information that we hold about you at any time, which include the right to ask us: whether we process your personal data, for what purposes; the categories of data; the recipients to whom the data are shared;
• The right to ask us to update and correct any out-of-date or incorrect personal information that we hold about you free of charge;
• The right to withdraw your consent where such consent has been given;
• The right to [erasure] within the limits afforded by data protection legislation;
• The right to data portability within the limits afforded by data protection legislation.
Where we process your data for our legitimate interests, you have the right to object to the processing of your data. However, according to our legitimate interests, we may continue to process your data after a careful balancing of your interests with ours.
5.2 Objection right to direct marketing
When we process your data for direct marketing purposes, you always have the right to opt-out, at first request and free of charge, of any direct marketing communications. In such a case, we shall cease to process your data for direct marketing purposes. Your request will be processed as promptly as possible.
You can exercise your objection right by selecting cookie settings in the cookie banner pop-up and selecting which types of cookies you want to authorise. This will include the following types of cookies:
• Essential cookies (strictly necessary);
• Preference cookies (performance);
• Functional cookies;
• Targeting and Advertising cookies;
• Advanced Analytics cookies.
5.3 How to exercise those rights?
You may at any time exercise the above mentioned rights in accordance with data protection regulations, by sending a written request with a copy of your ID card (passport or other proof of identity) to [privacy@kodelab.io], and subject to complying with our reasonable requests to verify your identity.
5.4 Right to lodge a complaint
You can also lodge a complaint to the UK ICO electronically on their website at https://ico.org.uk/make-a-complaint/or by phone at +44(0)303 123 1113.
We will not store your personal data beyond the time necessary for the performance of the purposes for which the data is processed. Specifically, we distinguish between a retention period and an archiving period:
-The retention period is the maximum period of use of your personal data for specific purposes:
• The data processed for the execution of the contractual relationship is kept for the entire duration of the contract/membership and for the prescription period upon termination of the contract;
• The data processed for other purposes may be retained for a longer period during which we will reassess the need to keep this data and pseudonymize the data where it does not affect the realisation of the purposes.
-The archiving period meets our legal obligation as well as the legal need to retain your data beyond the retention period for evidentiary purposes or to respond to requests for information from the competent authorities.
We take appropriate technical and organisational measures to safeguard and protect your personal data against unauthorised or unlawful processing and against accidental destruction, loss, access, misuse, damage and any other unlawful forms of processing of the personal data in our possession.
The following measures are used among others:
• Security management policies are set up by KodeLab and its recipients;
• Network security with firewalls and restricted access;
• Database storages are encrypted by Google Cloud;
• Access to live database are limited to certain and well determined groups of people.
If you have any questions or comments about this privacy policy, if you would like to exercise your rights, or to update the information we have about you or your preferences, please contact us here: [privacy@kodelab.io]