Effective as of May 24, 2018
This Policy relates to the processing of personal data and use practices of bitLanders in connection with our online services (the “Services”), which are made available to you through a variety of platforms, such as through our website, http://www.bitlanders.com (the “Website”).
For the purposes of this Policy, “you” are the “data subject” or “the user”.
By visiting our Websites and/or using our Services on any of the Platforms, you are agreeing to the terms of this Policy and the accompanying Terms of Service.
We use the term “Designated Countries” to refer to countries in the European Union (EU), European Economic Area (EEA), and Switzerland.
This Policy is effective as of the date stated at the top of this page. We may change this Policy from time to time, and will post any changes on the Websites as soon as they go into effect. By accessing the Websites or using the Services after we make any such changes to this Policy, you are deemed to have accepted such changes. Please refer back to this Policy on a regular basis.
We kept this Policy as clear and concise as possible. However, should you have questions about it or regarding the processing of your personal data at bitLanders, please e-mail us at firstname.lastname@example.org or call us at +1 646-485-8792 ext. 3 and we will clarify any query without as soon as possible.
2. Data Controller and Representative
The controller of your personal data is:
bitLanders LLC, domestic business liability company under the Laws of the State of New York in the United States of America with DOS ID #5345119 and principal executive office at 145 WEST 27TH STREET, SUITE 6E, NEW YORK, NEW YORK, 1000, United States of America (the “Controller”).
The Controller is reachable at email@example.com or at +1 646-485-8792 ext. 3.
If you are established in one of the Designated Countries, then you may refer to our Representative appointed pursuant to art. 27 GDPR (the “Representative). The Representative is:
Digital Design by Lorenzo Meriggi
via Bernardo Daddi 19, 50143 Florence, ITALY
The Representative is reachable at:
3. Categories of personal data we collect
We may collect Registered User Data (as defined herein), Billing Data (as defined herein), Other Data (as defined herein) (altogether: “Personal Data”).
3.1 Registered User Data
When you sign up to become a Registered User, for us to offer you the services, you will be required to provide us with personal data about yourself, which include:
- Sign-up Name;
- Email address;
(collectively, the “Registered User Data”)
We do not collect the Registered User Data from you when you use the Services, unless you provide us with such data voluntarily when signing up.
3.2 Billing Data
Only if and when you request to be paid, you will be required to provide the following information in addition to the data noted above:
- Name and Last Name;
- Photo ID/Passport scan;
- PayPal account info (username).
(collectively, the “Billing Data”).
We do not collect the Billing Data from you when you use the Services, unless you provide us with the Billing Data voluntarily.
3.3 Other Data
In addition to the Registered User Data and Billing Data noted above that you voluntarily provide to us, we may collect additional information (collectively, the “Other Data”).
3.3.1 Activity Data
Information that we automatically collect from your activity when you use the Services, such as:
- Type of Platform you’re using;
- IP address;
- Browser type and language;
- Referring and exit pages and URLs;
- Date and time;
- Amount of time spent on particular pages;
- What sections of the Websites you visit;
- Similar information concerning your use of the Services.
Information that we collect using “cookie” technology. Cookies are small packets of data that a website stores on your computer’s hard drive so that your computer will “remember” information about your visit.
Why do we collect personal data
4.1 Registered User Data
We collect the Registered User Data in order to be able to create and maintain your profile and allow you to use the Services.
- Sign-in Name → Uniquely identify you as a Registered User;
- Email address → Be able to communicate with you with regards to the contract (as defined herein), let you reset your password in case you forget it;
- Birthday → verify your legal capacity to enter into the contract (as defined herein);
4.2 Billing Data
We collect the Billing Data in order to process payments in case you request to get paid.
- Name and Last Name → Identify you as the payee;
- Photo ID/Passport scan → Obtain a proof of identification of you as the payee, as required by law;
- PayPal account info (username) → Effect payment via PayPal.
4.3 Activity Data
We collect the Activity Data in order to provide you the Services and to improve our Services to you.
4.4 Cookies Data
4.5 Other Sources Data
In an ongoing effort to better understand our users and our Services, we might analyze the Other Data in aggregate form in order to operate, maintain, manage, and improve the Services and for statistical purposes. This aggregate information is completely anonymized and does not identify you personally, therefore is not to be considered as personal data. We may share this aggregate data with our affiliates, agents, and business partners. We may also disclose aggregated user statistics in order to describe our products and Services to current and prospective business partners and to other third parties for other lawful purposes.
5. Legal basis for processing personal data
5.1 Registered User Data
We collected lawfully the Registered User Data on the basis of the legal rationale below:
- Sign-in Name → performance of a contractual obligation, which refers to the Terms of Service entered into between the Controller and the User once the Users signs up and accept such terms (the “Contract”);
- Email address → performance of the Contract;
- Birthday → performance of the Contract;
5.2 Billing Data
We collect lawfully the Billing Data on the basis of the legal rationale below:
- Name and Last Name → performance of the Contract, including conducting the appropriate due diligence checks in order to know our clients;
- Photo ID/Passport scan → performance of the Contract, including conducting the appropriate due diligence checks in order to know our clients;
- PayPal account info (username) → performance of the Contract, including conducting the appropriate due diligence checks in order to know our clients;
5.3 Activity Data
We lawfully collect the Billing Data on the basis on the legitimate interest, which is not outweighed by your interests or fundamental rights and freedoms. It is in our legitimate interests to provide and improve the Services and to create, provide, support and maintain innovative Services that we offer to the Users. We need your Activity Data to achieve this.
5.4 Cookies Data
We collect lawfully the Cookies Data on the basis of on our legitimate interest to offer the best possible service. We need the Cookies Data for this purpose and your interests or fundamental rights and freedoms are not overridden.
6. Data security
We take reasonable steps to protect the Personal Data, the Billing Information, and the Other Information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. To achieve this, we use:
- industry-standard SSL (“Secure Socket Layer”);
- encryption technology;
- cryptographic hash algorithm for passwords sha256;
- a secure server; and
- other physical and procedural safeguards to protect the security of such information.
Please understand, however, that no security system is impenetrable. We cannot guarantee the total security of our databases, nor can we guarantee that the information you supply will not be intercepted while being transmitted to and from us over the Internet. In particular, e-mail sent to or from the Platforms may not be secure, and you should therefore take special care in deciding what information you send to us via e-mail.
Data storage, retention and transfers
Once collected Personal Data is transferred and stored in servers located in the United States of America.
The United States of America is considered a country with high personal data protection standards and has provided appropriate safeguards.
Pursuant to Art. 49.1 (b) GDPR, the transfer of data to the United States of America is necessary for the performance of a contract between the data subject and the Controller. Such contract is represented by the Terms of Service governing the Services offered by the Controller.
Your rights, as listed below, remain available and fully enforceable, together with effective legal remedies.
For this purposes the Controller has appointed a representative in the EU who remains available to the data subjects.
Activity Data and Cookies Data is retained for 36 months.
Other Sources Data is retained for 36 months.
If we send your personal information to a country that is not in the EEA and is not the United States of America as outlined at section 7.1 above, we will make sure that your personal information is properly protected. We will always ensure that there is a proper legal agreement or mechanism that covers the data transfer. In addition, if the country is not considered to have laws that are equivalent to EU data protection standards then we will ask the third party to enter into a legal agreement or mechanism that reflects those standards.
In addition to the above, will only share information with third parties who help us with the delivery of our Services. Any information shared will be strictly necessary for the provision of the service they help us provide. Any third party which we work with and share information with will be expected to have the same standard of data protection as we do and will be contractually obligated to use measures to protect this information.
To the extent permitted by law, we may also disclose Personal Information, the Billing Information, and the Other Data when required by law, court order, or other government or law enforcement authority or regulatory agency.
8. Your rights in relation to data protection
You have the right to make a request for a copy of the personal data that we hold about you. To make this request, please contact the Controller or the Representative using the contact details provided above.
You have the right to have personal information held about you corrected if it is not accurate. If what we hold on you needs updating, or you think it may be inaccurate, please contact the Controller or the Representative using the contact details provided above.
We strive to only process and retain your personal data for as long as we need to which is in accordance with the law, our retention periods and your restriction rights. In certain circumstances you have the right to request that we erase your personal data that we hold. If you feel that we are unlawfully retaining your data longer than we need, please contact the Controller or the Representative using the contact details provided above.
8.4 Data Portability
You enjoy a right to data portability with respect to your personal information we hold. We undertake to provide you with the personal data concerning yourself which you have provide in a structured, commonly used and machine-readable format. In addition, you enjoy the right to transmit that data to another data controller without hindrance from us.
If you feel that the personal data we hold on you is inaccurate or believe we shouldn’t be processing your data, please contact the Controller or the representative using the contact details provided above to discuss your rights. In certain circumstances you will have the right to ask us to restrict processing.
If you reside if one of the Designed Countries, and you want to contact us about any of your rights or should you wish to complain about how we use your personal information, please do so by contacting the Controller or Representative using the details provided above. We’ll do our best to help but if you’re still unhappy, you can contact your Supervisory Authority and lodge a complaint with them.Click HERE to download a PDF copy of this Policy for your records.