Introduction
Hello! 👋 We’re Shares.
We really value our users and by extension, we value your trust and privacy. That’s why we’ve developed this privacy policy; to be transparent about the personal data we collect, how it’s used, who it’s shared with and what choices our users have over their data.
This privacy policy applies to the personal data that Shares processes in connection with the platform and applications, webServices, products and services that are referenced in this policy (collectively, the "Services").
If you live in the European Economic Area (“EEA”)and avail of our digital assets (cryptocurrency) and social interactive Services, Shares Digital Assets Poland controls your personal data.
If you live in the United Kingdom (“UK”) and avail of our trading and social interactive Services, Shares App Limited controls your personal data. We process personal data in accordance with this Privacy Policy. You can find the contact details for both of these data controllers at the bottom of this policy.
Before we dive in, we want to clarify a few points:
- Sorry kids! Our services aren’t intended for anyone under the age of 18 and we don’t knowingly collect data relating to children.
- Stay informed! If we provide you with another policy relating to specific processing, you should read it alongside this one. This includes our cookie policy.
- Legalese alert! This policy isn’t much use if you can’t understand it. That’s why we’ve put together a glossary to explain some of the legal terms used in it. You can find it at the end of this policy.
What personal data do we process and how do we collect it?
We may collect, use, store and transfer different kinds of personal data for a variety of purposes.
In this section, we provide information about what personal data we process, categorised by where we got it from.
Data collected from direct interactions with us. We collect data you provide us with when you use our Services or engage or communicate with us, for example when you create an account or participate in research.
- Identity Data. This includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
- Contact Data. This includes billing address, delivery address, email address and telephone numbers.
- Due Diligence Data. This may include copies of identification document(s), nationality, social security number (or other government issued identification number), citizenship and residency status, tax information, source of income / funds (including assets), occupation and employment information, your image and other data we may need to successfully verify users.
- Financial Data. This may include open banking data, bank account and payment card details.
- Customer Interactions. This includes responses to surveys, research, promotions, customer support conversations and history (including interactions made on the Shares app, via social media and email).
We may also receive Technical Data about you if you visit other web services employing our cookies.
- Transaction Data. This includes details about payments to and from you and other details of products and services you have purchased from us, including the value and currency of your activity.
- Social Activity. This includes your news feed activity, interests, community membership(s), platform interactions, messages, comments and friends.
- Device Data. This includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Services.
- Location Data. We may collect geolocation data from your device, where you have set permissions that allow this.
- Profile Data. This includes your username and password, pin, profile photo, bio, settings and preferences.
- Usage Data. This includes information about how you use our Services, including your browsing habits, profit and usage statistics.
Data collected from third parties. We collect personal data from third parties, who you may or may not have a direct relationship with. Some of the data we collect from you may be shared with vendors and other service providers who help us improve the Services we provide.
- Third Party Technical Data. We may collect personal data such as inferred data, website usage data and demographic data from relevant third parties, including analytics providers and advertising networks.
- Marketing and Communications Data. This includes your preferences in receiving promotional and marketing material from us and our third parties, or any other communication preferences you’ve expressed.
- Partners and Vendors Data. We may collect personal data from third parties if we enter into a partnership or when we’re seeking to verify your identity as part of our regulatory requirements. We rely on third parties such as identity verification agencies, credit referencing agencies, anti-money laundering solution providers and others. This data may include:
undefinedundefinedundefinedundefinedundefined
Additional points to note…
Aggregated Data
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be based on personal data, but it’s not considered personal data by law as the data does not directly or indirectly reveal your identity. For example, we may tot up your Usage Data to calculate the percentage of users accessing a specific feature.
If we combine or connect Aggregated Data with your personal data in a way that can directly or indirectly identify you, we process it as Personal Data and in accordance with this privacy policy.
Special Categories of Personal Data
We don’t intentionally collect Special Categories of Personal Data (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data).
We may, however, process data relating to: criminal convictions and offences; political affiliation(s) from searches performed for source of funds, source of wealth and enhanced due diligence checks; and as per regulatory guidelines.
In the event we start processing special category personal data (for example, should you voluntarily provide us with information regarding your health), we‘ll handle it in accordance with the Data Protection Act 2018 (“DPA”) and the General Data Protection Regulation (“GDPR”).
If you fail to provide personal data
Sometimes, we need to collect personal data by law. Sometimes, we need to collect personal data under the terms of a contract we have with you. Should you fail to provide this data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our Services).
In this case, we may have to cancel a product or service you have with us, but we will notify you in advance.
Why do we process this personal data?
We want to be clear about what we do with personal data and how we make sure our data processing is lawful. This section describes our reasons for processing personal data and the lawful basis we rely on for such processing.
The phrase ‘lawful basis’ can be found in our glossary, but in short it means: the legal basis we use to process your personal data. There are a number of bases available and we must choose the most appropriate one before processing data. If we can’t find an appropriate lawful basis, we won’t process the data. Simple. Most commonly, we’ll use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you
- Where it’s necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests
- Where we need to meet a legal or regulatory obligation
Generally, we don’t rely on consent as a lawful basis for processing personal data; if we do, we’ll explicitly ask for your consent. You have the right to withdraw your consent at any time, if this is the lawful basis we use to process personal data.