Lightyear Europe AS ("Lightyear") is authorised and regulated as an investment firm by the Estonian Financial Supervision Authority under activity license number 4.1-1/31.
We are registered in Estonia with company number 16235024 and our registered office address is Estonia, Tallinn, Niine 11, 10414.
If you have any questions about how we protect or use your data, please email us at dpo@golightyear.com. What data we collect about you
Information you provide us
You may give us information about you when you sign up to use our Service, e.g. when you provide us with personal details like your name, dafe of birth, phone number and email address. This also includes information you provide through your continued use of our Services, through entering a promotion or survey, and by reporting problems with our Services.
The information you give us may include your name, address, email address, personal identification code, date of birth, phone number, financial information (including bank account information, salary, income and investable assets), geographical location, your current residency, your citizenship, your tax residency, your tax identification number, employment information, your source of wealth and photograph. You will also need to provide information on your affiliations with any US publicly listed companies or with US regulators.
In some cases, such as when you use more advanced services, or where we need to comply with anti-money laundering regulations, we may also need more commercial or identification information from you (for example, your passport, driving licence, or utility bill) as well as further details surround your source of wealth and source of funds.
Information we collect about you
With regard to your use of our Services, we may automatically collect the following information: details of the financial transactions you carry out when using our Services, including geographic location from which the transaction originates; technical information, including the Internet protocol (IP) address used to connect your computer or phone to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; information about your visit, including the full URL clickstream to, through and from our Website or App (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer support number.
Information we receive from other sources
We may receive information about you if you use any of the other websites we operate or the other services we provide. We are also working closely with third parties and may receive information about you from them.
How we use your data and why we have it
Most of the personal information we process is provided to us directly by you.
We use the information that you have given us in order to:
- carry out our obligations relating to your contract (Terms of use) with us and to provide you with the information, products and Services;
- comply with any applicable legal and/or regulatory requirements;
- notify you about changes to our Services;
- as part of our efforts to keep our Services safe and secure;
- administer our Services and for internal operations;
- improve our Services;
- measure or understand the effectiveness of advertising we serve and to deliver relevant advertising to you; and
- combine information we receive from other sources with the information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).
We may share your information with selected third parties including: affiliates, business partners (e.g. trade execution, settlement partners and partners for payment services), suppliers and subcontractors for the performance and execution of any contract we enter into with them or you; advertisers and advertising networks solely to select and serve relevant adverts to you and others with your consent; analytics and search engine providers that assist us in the improvement and optimisation of our site; and our group entities or subsidiaries. We conduct due diligence on these third parties, to make sure your information is handled securely and only allow third parties to process your personal information where it is required for them to carry out their function.
Under the Personal Data Protection Act and General Data Protection Regulation (GDPR), the lawful bases we rely on for processing your information are:
- Keeping to our contracts and agreements with you. We need certain personal data to provide our services and cannot provide them without this personal data.
- Your consent. Where you've agreed to us collecting your personal data, for example when you have ticked a box to indicate you are happy for us to use your personal data in a certain way.
- Legal obligations. In some cases, we have a legal responsibility to collect and store your personal data - for example, under anti-money laundering laws we must hold certain information about our customers.
- Where we have a legitimate interest to do so, provided your rights do not override those interests.
How long we keep your personal information
Your information is processed and securely stored at our operating offices as well as on servers managed by our hosting providers. In certain cases we transfer and store your data at a destination outside the European Economic Area ("EEA").
Generally we store your information for the duration of time required by the purpose under which we collected the information.
As a regulated financial institution, we are required by law to store some of your personal and financial data beyond the closure of your account with us. We will delete data that is no longer required by a relevant law or jurisdiction in which we operate. Our data retention period is 7 years after ending the business relationship with you.
Where we store your personal data
The data we collect from you may be transferred to and stored somewhere outside the European Economic Area (“EEA”) if we have specific agreements and/or due diligence in place.
In certain circumstances it may also be processed by staff outside the EEA who work for us or a select third party.
We will take all reasonable steps to make sure that your personal data is handled securely and we use a variety of physical and technical measures to keep your personal data safe and prevent unauthorised access to, or use or disclosure of it. Electronic data and databases are stored on secure computer systems with control over access to information using both physical and electronic means, e.g. HTTPS and Transport Layer Security for secure communication.
Our staff receives regular data protection and information security training. We have detailed information security and data protection policies which staff are required to follow when they handle your personal data.
Your data protection rights
Under data protection law and this policy you have rights in relation to your information, including:
- Your right of access - You have the right to request to access the information we hold about you.
- Your right to rectification - You have the right to ask us to update any of your information you think is inaccurate or incorrect.
- Your right to ask us to delete, stop processing or limit our use of your information that we hold. If we have a legal obligation to retain this information we are unable to delete it until the required retention period has elapsed.
Please contact us via email at dpo@golightyear.com if you wish to make a request. For security reasons, we can't deal with your request if we are not sure of your identity, so we may ask you for proof of your ID.
Your ability to exercise these rights will depend on a number of factors. We may not be able to agree to your request (such as, if we have a legitimate reason for not doing so or the right does not apply to the particular information we hold about you).
We may make automated decisions about you.
This means that we may use technology that can evaluate your personal circumstances and other factors to predict risks or outcomes. We do this for the efficient running of our services and to ensure decisions are fair, consistent and based on the right information.
Where we make an automated decision about you you have the right to ask that it is manually reviewed by a person.
If you have any concerns about our use of your personal data, you can make a query or a complaint to us at complaints@golightyear.com and we will do our best to address the issue. If you feel that we have not addressed your questions or concerns adequately, or you believe that your data protection or privacy rights have been infringed, you can complain to the Estonian Data Protection Inspectorate www.aki.ee if you are unhappy with how we have used your data. You have a right to bring an action before a court.
We continuously review our policies and procedures. We’ll post any changes we make to this policy on this page and let you know about any significant changes via email.