Version 3 - 10 October 2022
- Personal details
- such as your full name, personal identification number (or an equivalent identifying code), date of birth, age;
- Contact information
- such as your email address, residence address and supporting documentation thereof (for example utility bills), phone number;
- Background information to fulfil our regulatory requirements
- such as bank account information (and information in the bank statements), IP address, tax residency and tax identification numbers, citizenship, employment information, source of wealth, information provided in the identification documents (date of issue, expiry date, picture, country of issuance, etc.);
- Data on how you use the Services – various statistics on your Service usage, for example how many times a month you use the Services;
- Data to facilitate the usage of Services – for example you login details and the password, payment information (your bank account number to make the deposits and withdrawals), browser type and version, time zone settings, operating system of your device to access the Services.
- carry out our obligations relating to your Agreement (Terms of Service) with us and to provide you with the information, products and Services;
- comply with any applicable legal and/or regulatory requirements;
- notify you about changes to our Services;
- keep our Services safe and secure;
- administer our Services and for internal operations;
- improve our Services;
- measure or understand the effectiveness of advertising we serve and to deliver relevant advertising to you;
- combine information we receive from other sources with the information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).
- Consent (GDPR Article 6 (1)(a)). We can process your data based on your consent. We for example may send you marketing materials based on your consent;
- Performance of a contract (GDPR Article 6 (1)(b)). We may process your data to perform our obligations pursuant to the Agreement to provide the Services to you. This might for example be the case if you contact customer support with any questions you might have;
- Legal obligations (GDPR Article 6 (1)(c)). We may process your data if it is necessary to meet legal obligations we are subject to. This for example might be data processing we conduct during our anti-money laundering activities;
- Legitimate interest (GDPR Article 6 (1)(f)). We may process your data if we have a legitimate interest to do so. Such necessity might arise for example for business development, to ensure information security, during fraud investigations, if required so by our external cooperation partners or if necessary to protect our legal interest.
- Lightyear group companies – we share your personal data with other Lightyear group entities to provide you the Services. Our group entities are and in the future shall be located either in within the EEA region or in countries who are subject to adequacy decisions issued by the European Commission (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en). If we establish any group companies outside the EEA region, we shall make sure that adequate safeguards are in place to protect your personal data. Each Lightyear group company can function as an independent controller in such scenarios;
- Public authorities – upon receiving a valid request from a public authority, we shall share personal data to comply with our legal obligations. Public authorities are deemed to function as independent controllers in such cases;
- Service providers – in order to provide you with the best Service, we are cooperating with various service providers to (this list is high-level and not conclusive):
- facilitate the participation in financial markets (for example trade execution, settlement partners and partners for payment services);
- deliver to you the relevant data (such as market data, information concerning the financial instruments, etc.);
- support and maintain our IT infrastructure (for example servers);
- meet our regulatory obligations (KYC and sanction-related monitoring for example), etc. In such situations the service providers will function as data processors.
- Right to access. You have the right to request access to the information we hold about you. Please be aware that this right can sometimes be limited by our regulatory obligations. We are unable to provide you access to personal data that would cause us to break the law, for example.
- Right to rectification. You have the right ask us to update any of the information about you that you think is inaccurate or incorrect.
- Right to erasure and restriction of processing. You have the right to ask us to delete, stop processing or limit our use of your information that we hold. Please be aware that if we have a regulatory obligation to still retain this information, we might be unable to facilitate this request until the required retention period has elapsed.
- Right to data portability. You have the right to receive your personal data, which you have provided to us, in a structured, commonly used, and machine-readable format and you have the right to request us to transmit this data to another data controller if the data was gathered by your consent, pursuant to the Agreement between us or via automated means.
- Right to withdraw your consent. Your consent is voluntary, and you have the opportunity to withdraw your consent at any time. Please be aware that in such cases we may not be able to provide Services to you. In addition to that, you always have the right to withdraw your consent from receiving marketing materials from us. We provide you with the option to unsubscribe from such communications in each email, via the unsubscribe link. We still shall send you relevant information regarding the Services and our Agreement.
|Personal data||Purpose||Source||Legal basis|
|Personal data: first and last name, phone number, date of birth, personal identification number (or equivalent), age||To meet our regulatory obligations for the provision of Services|
Directly from the data subject, some data points are verified using public databases, which depends on the residence of the data subject
|Performance of a contract (GDPR art 6 (1)(b)), legal obligations (GDPR art 6 (1)(c)|
|Contact information: email address, residence address, geographical location (IP address) supporting documentation (utility bills, bank statements, other equivalent documents)||To know how we can contact you and for regulatory purposes||Performance of a contract (GDPR art 6 (1)(b)), legal obligations (GDPR art 6 (1)(c)|
|Background information: bank account information, IP address, tax residency and tax ID number, if applicable, citizenship, employment information, source of wealth, personal identification card data points (date of issue, expiry date, picture, country of issuance)||To understand to who we shall provide the Services and to fulfil our regulatory obligations (related to KYC) as a provider of investment services||Legal obligations (GDPR art 6 (1)(c), legitimate interest (GDPR art 6 (1)(f)|
|Data on how you use the Services: information on how long and how often you use the Services, what features you use the most and what not, etc.||To improve the App and our Services|
Directly from the data subject
|Legitimate interest (GDPR art 6 (1)(f))|
|Marketing: email address, citizenship, etc.||To provide you with marketing materials||Consent (GDPR art 6 (1)(a))|
|Financial data: your payment information (cards, bank accounts, etc.), orders, deposits, investments, etc.||To provide the Services||Directly from the data subject, from service providers used by the data subject||Performance of a contract (GDPR art 6 (1)(b)), legitimate interest (GDPR art 6 (1)(f))|
|Customer support: different kinds of communications (emails, other messages, phone calls, etc.), information provided in those communications||To provide the Services||Directly from the data subject||Performance of a contract (GDPR art 6 (1)(b))|
|Data related to information security measures (technical information on how our Website and App is accessed and used)||To provide the Services||Directly from the data subject, public databases||Legitimate interest (GDPR art 6 (1)(f))|
Download the app and start investing now
The provider of investment services is Lightyear Europe AS. Please read the terms before using our services and if necessary, seek qualified advice.
Lightyear Europe AS is authorised and regulated as an investment firm by the Estonian Financial Supervision Authority (Finantsinspektsioon) under activity licence number 4.1-1/31.
Lightyear Europe is a company registered in Estonia with company number 16235024 and registered office at Volta 1, Tallinn 10412, Estonia.