Wibson Limited (the “Company”, “we”, “us” or “our”) respects your right to privacy and are committed to protect your personal data. This privacy notice will inform you as to how we look after your personal data when you visit our website and use our app (hereinafter the “Platforms”) regardless of where you visit it from and tell you about your privacy rights and how the law protects you.
This privacy notice aims to give you information on how we collect and process your personal data through your use of our platforms, including any data you may provide through our platforms when you make a contribution for a WIB (hereinafter the “Token”). This website or any of our platforms is not intended for children and we do not knowingly collect data relating to children.
This version was last updated on March 29, 2020.
We are the data controller and responsible for your personal data.
We have appointed a Data Privacy Officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the data privacy officer using the details set out below.
You have the right to make a complaint at any time to the Gibraltar Regulatory Authority (the “GRA”), the supervisory authority for data protection issues in Gibraltar. We would, however, appreciate the chance to deal with your concerns before you approach the GRA so please contact us in the first instance.
GRA Contact Details:
Gibraltar Regulatory Authority
1 Europort Road
Tel: (+350) 20074636
The Data Protection Legislation
The data protection legislation in Gibraltar has been the Data Protection Act 2004 (the “DPA”) and implements Directive 95/46/EC.
On 25th May 2018 Regulation 2016/678 of the European Union on the protection of personal data (“GDPR”) came into force and will, to the extent that there are GDPR and the DPA (and/or the DPA has not been amended) replace the DPA.
We collect both personal and non-personal data.
"Personal Data" means information which identifies or may identify an individual, including first and last name, email address, unique online identifiers, etc.
"Non-Personal Data", means non-identifiable, aggregated data, such as technical data transmitted by the user’s device and aggregated use of the website by the general public. This data is not used to identify any individual user.
How is your personal data collected?
We use different methods to collect data from and about you including through:
Direct interactions, this includes personal data you provide when you: create an account on our website or app; make a contribution for a WIB; subscribe to our service or publications; request marketing to be sent to you; or give us some feedback.
Automated technologies or interactions. As you interact with our website and/or platforms, we may automatically collect Technical Data about your equipment, browsing actions and patterns.
Personal Data Processed we process
Wibson collects the following Personal Data, and processes it in accordance with the purposes and legal basis specified below.
Personal Data provided during registration and creation of user's account: Name, email address, email token, auto generated private key.
Purposes: To provide the Services to the user. To resolve any disputes, communicate with you regarding customer service and support issues, and to respond to questions or comments.
Personal Data collected during the scanning of your Gmail, In order to detect companies and third parties possessing and collecting your Personal Data, Wibson will automatically scan the subject line and metadata of the user’s email account as provided during registration to search for services you registered for or engaged with. The metadata we process include, the subject line of the email, the sender and the first line of the email as presented in your inbox. We do not process or collect the content of any email or document in your email inbox, and only collect the company name and metadata of the services you engaged with.
Purposes: To provide the Services to the user.
Data regarding the use of our website and app - As detailed in the applicable section below, our website includes cookies and similar tracking technologies which may collect your IP, as well as technical data automatically transmitted by the device you are using such as your browser type, operating system type, preferred language, the path you have taken in our website, the content you have interacted with, the time and date of your session, etc.
Purposes: To provide the Services to the user.
To operate, provide, maintain, protect, manage and improve the website and our Services. To prevent and address potentially prohibited or illegal activities, and other misuse of the website or the Services, and to take precautions against legal liability.
Personal data Newsletters: In the event you sign up to receive our newsletter we will use your email address for such purpose. You may unsubscribe at any time by contacting us at firstname.lastname@example.org
Purposes: To send the newsletter.
Online identifiers such as cookies (see more information regarding cookies below).
Purposes: To operate, provide, maintain, protect, manage and improve the website and our services, for auditing and tracking usage statistics.
Non-Personal Data we process
Wibson collects non-personal data regarding use of our website and the Services, such as the scope, frequency, latency, pages accessed and viewed, interactions with content and materials displayed through our Services, and other technical information regarding the device used to access the Services.
Non-Personal Data is used in order to maintain and develop our website and Services, in order to measure and understand the level of engagement with the Services, for general analytics and ensuring the technical functioning of our network.
Sensitive personal data and/or special categories of personal data
Includes information about a person’s racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health or condition or sexual life, or about the commission of, or proceedings for, any offense committed or alleged to have been committed by that person, the disposal of such proceedings or the sentence of any court in such proceedings. Sensitive personal data can only be processed under strict conditions, including a condition requiring the express permission of the person concerned.
We do not share or sell any personal data with non-affiliated third parties for their marketing or business purposes.
Non-Personal Data, aggregate and statistical or otherwise anonymized data may be shared without limitation with third parties.
We may share Personal Data only under the following limited circumstances:
With Companies or third parties you engage with online and wish to use an access or erasure of your Personal Data. We will contact the company on your behalf, and provide your name and email address to the company, regarding your erasure request.
With Companies that you chose to provide your personal data using the applications.
With trusted partners and service providers who assist us in operating the Services and conducting our business, such as marketing, cloud services providers account maintenance and technology services. Such partners are bound by customary contractual provisions in connection with privacy and data protection.
With third parties if necessary to comply with applicable law, a legal or regulatory requirement, for the administration of justice, to protect your vital interests or the vital interests of others, to protect the security or integrity of our databases or the Services, to take precautions against legal liability and to enforce our agreements and policies.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
How long will you use my personal data for?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Your legal rights
You have certain rights in relation to your personal data as summarised here:
Right to be informed – You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data and your rights; this is why we are providing you with the information in this privacy notice;
Right to withdraw consent – Where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time;
Right of access – You can request access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it;
Correcting information – where we hold information about you that is inaccurate or incomplete, you have the right to ask us to rectify or complete it;
Right to be erased – This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request
Right to restrict processing – In certain circumstances you have the right to restrict some processing of your personal information, which means that you can ask us to limit what we do with it. For example, you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it;
Right to object to processing – you can object to us processing your personal information in certain circumstances, including where we are using it for the purpose of the Company’s legitimate business interests;
Right to data portability – you have the right to obtain from us and re-use your personal data for your own purposes. This only applies, however, where the processing is carried out by automated means, to personal data that you have provided to us yourself (not any other information) and where the processing is based on your consent or for the performance of a contract;
Right to complain – you are able to submit a complaint to the Regulator about any matter concerning your personal information, using the details below. However, we take our obligations seriously, so if you have any questions or concerns, we would encourage you to raise them with us first, so that we can try to resolve them.
Subject Access Requests
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may refuse to comply with your request in circumstances where your request is clearly unfounded, repetitive or excessive.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests as soon as reasonably practicable and, in any event, within 30 days of receipt of the request.