Privacy Policy

as of May 24, 2018

ABOUT US

We Block Code Ltd trading as Plutus.it (also referred to as “we”, “us”, or “our”) are a company registered in England (Company no. 09674279). Our registered address is 2nd Floor Heathmans House, 19 Heathmans Road, London, England, SW6 4TJ.

THE PURPOSE OF THIS NOTICE

This Notice is designed to help you understand what kind of personal data we collect in connection with our products and services and how we will process and use this information. This Notice describes how we collect, use, share, retain and safeguard personal data. This Notice also helps you to understand your legal rights to your personal data and explains our lawful basis for processing personal data and who to contact should you have a query on the collection and use of your personal data.

WHAT IS PERSONAL DATA?

Personal data is information relating to an identified or identifiable natural person. Examples include an individual’s name, age, date of birth, gender, contact details, national insurance number, passport details and national identity number.

Personal data may contain information which is known as special categories of personal data. This may be information relating to an individual’s health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic and biometric data, or data relating to sexual orientation. Personal data may also contain data relating to criminal convictions and offences.

PERSONAL DATA WE COLLECT

To allow us to provide you with our debit card, currency exchange and digital e-wallet products and services we will collect and process personal data about you. We will collect this information when you register for our services, when you request information on our products and services, during customer events, promotions and campaigns, or when contacting us for technical assistance or for help navigating our website.

We will collect personal data when you first visit our website, where with your permission we will place a small text file which is commonly known as a cookie on your computer. Cookies are used to help identify visitors, to simplify accessibility when accessing the website and to monitor visitor behaviour when viewing website content, navigating our website and when using website features.

We will also collect your unique online electronic identifier when visiting our website; this is commonly known as an IP address. Collecting IP addresses allows us to calculate the number of website visitors and to help identify the origin of any malicious actions that are performed against our website.

The personal data we will collect includes the following categories of personal data as specified within the United Kingdom’s Data Protection Act 2018:

  • Personal data such as an individual’s name, address, date of birth, gender, contact and passport details, IP address, and details relating to national insurance or national identity number; and
  • Data relating to criminal convictions and offences such as details on fraud and money laundering

WHY DO WE NEED YOUR PERSONAL DATA?

Your personal data is required to enable us to provide you with our products and services, to help administer your products and our business, to respond to any requests from you about services we provide and to process complaints. We will also use your personal data to develop new and market existing products and services. Currently products marketed consist of PlutsDex, Plutus Tap and Pay, Plutus Debit Cards and future company product innovations.

When registering for our services or where you express an interest in our services, you will be presented with various marketing options. If you select to opt-in to receive marketing related information, if you change your mind, you can opt-out by emailing opt-out@plutus.it.

DATA WE SHARE

We will share your personal data with authorised third parties. This is necessary where we are required to do so by law. We also share your personal data to help administer our business and to help manage and support your products and services.

If you object to the collection, sharing and use of your personal data we may be unable to provide you with our products and services

OUR LAWFUL BASIS FOR PROCESSING YOUR DATA

When registering for our products and services you should understand that you are forming a contract with us. When you request details on the services we provide, if you allow us to market to you, we would consider ourselves as having a legitimate business interest to provide you with information on similar products we provide. ‘Performance of a contract’ and ‘legitimate interest’ form our lawful basis for processing your personal data and for marketing to you. we will also ask for your consent in order to carry out AML/KYC Checks, when signing up.

RETAINING YOUR DATA

We will retain your personal data when registering for our services for a period of 6 years. Where you have contacted us for details of our services and products, we will retain your personal data for 72 Months / 6 Years. Where we are / have been in dispute with you we will retain your data for 72 Months/ 6 years. Where you or law enforcement agencies inform us on any active investigation or potential criminal prosecution, we will comply with all legal requirements for retaining this data.

The retaining of data is necessary for business administration, legal and for product development and marketing purposes. Sometimes we may need to retain your data for longer, for example if we are representing you or defending ourselves in a legal dispute or as required by law or where evidence exists that a future complaint may occur.

INTERNATIONAL TRANSFERS OF PERSONAL DATA

We will transfer your data to third party organisations that are based outside of the country where you reside. This is commonly known as an international transfer of data. This is necessary for the purposes of administering our business and/or your products and services. These parties are not permitted to use your personal data for any other purpose than for what has been agreed with us.

In addition, these organisations are also required to safeguard your personal data through the use of appropriate technical, physical and organisational data security measures and are prohibited from disclosing or sharing your data with other third parties without our prior authorisation, or unless as required by law.

YOUR RIGHTS

Individuals are provided with legal rights governing the use of their personal data. These grant individuals the right to understand what personal data relating to them is held, for what purpose, how it is collected and used, with whom it is shared, where it is located, to object to its processing, to have the data corrected if inaccurate, to take copies of the data and to place restrictions on its processing. Individuals can also request the deletion of their personal data.

These rights are known as Access Rights under the Data Protection Act 2018. The following list details these rights:

  • The right to be informed about the personal data being processed;
  • The right of access to your personal data;
  • The right to object to the processing of your personal data;
  • The right to restrict the processing of your personal data;
  • The right to rectification of your personal data;
  • The right to erasure of your personal data;
  • The right to data portability (to receive an electronic copy of your personal data);
  • Rights relating to automated decision making including profiling.

Individuals can exercise their Access Rights at any time. As mandated by UK and EU law we will not charge a fee to process these requests, however if your request is considered to be repetitive, wholly unfounded and/or excessive, we are entitled to charge a reasonable administration fee or to refuse your request.

In exercising your Access Rights, you should understand that in some situations we may unable to fully meet your request, for example if you make a request for us to delete all of your personal data, we may be required to retain some data for business administration or for prevention of crime purposes.

PROTECTING YOUR DATA

We will take all appropriate technical, physical and organisational steps to protect the confidentiality, integrity, availability and authenticity of your data, including when sharing your data third parties.

DATA PRIVACY REPRESENTATIVE

To ensure data privacy and protection has appropriate focus within our organisation we have appointed a Data Privacy Representative Alexandru Rotaru who reports into our senior management team. Their contact details can be found at the end of this Notice.

COMPLAINTS

If you are dissatisfied with any aspect on how we process your personal data please contact our Data Privacy Representative. You also have the right to complain to the UK’s data protection supervisory authority, the Information Commissioner’s Office(ICO). The ICO can be contacted via its website which is https://ico.org.uk/concerns/, by live chator by calling their helpline on 0303 123 1113.

HOW TO CONTACT US

If you have any questions regarding this Notice and its content, the use of your data and your Access Rights please contact our Data Privacy Representative Alexandru Rotaru at 2nd Floor Heathmans House, 19 Heathmans Road, London, England, SW6 4TJ or by emailing dataprivacy@plutus.it