INSTAPASS PRIVACY NOTICE
Published by Metapass (Radix) Limited 20th July 2021.
1. INSTAPASS
1.1 This Privacy Notice is issued by Metapass (Radix) Limited, trading as Instapass, ("Instapass", "us", or "we").
1.2 Instapass provides the Instapass service which undertakes multi-source independent inquiries and collates information concerning your identity and status to produce a Digital Identity. Instapass is registered under the Data Protection (Jersey) Law 2018 (the “Law”) and will process personal data in accordance with the provisions of the Law.Instapass is registered with the Jersey Office of the Information Commissioner under registration number: ICO 70319
2. THE INSTAPASS SERVICE
2.1 Instapass collects personal identification information and data from its users; verifies this using multiple third-party sources; and collates this data to create a digital representation of a user’s identity (known as a Digital Identity).
2.2 Instapass user’s may use their Digital Identity to comply with AML (Anti-Money Laundering), and KYC (Know Your Client/Business) regulations when dealing with third parties.
2.3 Instapass will provide the facilities for its users to share their Digital Identity with:
(a) Metaverse (Radix) Limited, who provide the Instabridge service, an automated system (as provided from time to time) for executing user instructions relating to the swapping and transfer of tokens;
(b) Third Parties to whom the Instapass user provides consent, and who wish to comply with KYC/AML regulations in order to transact with the user; and
(c) Affiliated companies, being any person or business directly or indirectly in control of, or controlled by, or under common control of Instapass or which has the ability to direct or cause the direction of the management and policies of Instapass, whether by contract or otherwise.
3. THIS PRIVACY NOTICE
3.1 This Privacy Notice describes what personal data Instapass will collect about you, why we collect that information, how we may use that information, and the steps we take to ensure that it is kept secure.
3.2 This notice may be amended from time to time and new versions will be published on our website which can be found at www.instapass.io.
3.3 Please read the following carefully to understand our practices regarding your personal data and how we will treat it.
4. HOW DOES INSTAPASS COLLECT DATA?
4.1 You provide data directly to us: this is where you (the user) directly provide us with personal data through:
(a) filling in forms on the Instapass website;
(b) uploading documents, materials or data to the Instapass website;
(c) accessing the Instapass website;
(d) corresponding with us (for example, by uploading data to the Instapass website);
(e) sharing data via social media channels controlled by Instapass;
(f) reporting a problem with the Instapass website; or
(g) when you sign up to a Instapass mailing list.
4.2 By communicating with you: we collect the content of all communications between yourself and us. This may include the recording of any calls, email conversations or other communications.
4.3 Through cookies and technology tracking: each time you visit the Instapass website we will automatically collect technical data and usage data. We collect this data using cookies and other similar technologies.
4.4 Through third parties and publicly available sources: we will receive personal data about you from various third parties and public sources as set out below.
5. THIRD PARTY DATA SOURCES
5.1 We will obtain data from publicly accessible sources such as international sanctions list, electoral registers, company registers, online directories, social networks, internet searches and other media etc.
5.2 We also work with third parties (including, for example business partners, sub-contractors in services, search information providers or email marketing providers) and we may receive certain information about you from them.
6. WHAT PERSONAL DATA DO WE COLLECT?
6.1 We collect the following types of personal data:
(a) Identity Data such as your first, middle and last names, date of birth, gender identity, nationality;
(b) Personal Identification Data such as your National Insurance Number, Citizen Number, Unique National identity number, social insurance number, Passport, Driving Licence, residency card, ID card;
(c) Contact Data such as your personal email address, residential address, phone number;
(d) Professional Data such as your employment status, employer, role details, professional affiliations, whether you are a politically exposed person (“PEP”), or a close affiliate of a PEP, sanctions or disqualifications;
(e) Demographic Data such as age, date of birth, nationality;
(f) Financial Data such as your income, history of bankruptcy filings, history of insolvency filings, source of funds, source of wealth, bank statements, utility bills;
(g) Technical Data including online identifiers such as Internet Protocol (IP) address, type of device you use, mobile network information, browser information, operating system, server logs, language;
(h) Details of services provided, tokens or assets received and exchanged; and
(i) Information on criminal offences which may include: data or information concerning criminal activity; allegations; investigations and proceedings; unproven allegations; personal data of victims and witnesses of crime; information about penalties, conditions or restrictions placed on an individual as part of the criminal justice process; or civil measures which may lead to a criminal penalty if not adhered to.
6.2 The above list is not exhaustive, and Instapass may also collect and process other types of data to the extent that this is considered necessary for our compliance with legislative requirements, and to verify your identity.
7. SPECIAL CATEGORIES OF PERSONAL DATA
7.1 Instapass may collect information concerning criminal activity relating to you.
7.2 Instapass will collect data relating to your criminal activity where we have lawful grounds to do so.
7.3 Where we collect data relating to your criminal activity, we rely on one or more of the following grounds:
(a) your consent: where you provide your explicit consent to the processing;
(b) the prevention of unlawful acts;
(c) the processing is necessary for a legal obligation of Instapass (other than a contractual obligation); and/or
(d) the information has been made public as a result of step deliberately taken by you.
8. DOES OUR WEBSITE USE COOKIES?
We use cookies to distinguish you from other users of the Instapass website and to remember your preferences. Cookies helps us to provide you with the best possible experience and allow us to improve the Instapass website. Most browsers are initially set to accept cookies, but you can set your browser to refuse them if you want to.
9. HOW DOES INSTAPASS USE PERSONAL DATA?
9.1 Instapass uses your personal data to create your Digital Identity.
9.2 Our use of your personal data will always have a lawful basis, and this will be determined by the purpose for which your personal information is processed. We use and collect personal data on the basis of:
(a) Consent: we will obtain your consent to use your personal data wherever necessary;
(b) Contractual necessity: to enter or perform a contract with you or any contracting entity;
(c) Legitimate Interest: we will use your personal data where we have a legitimate interest, this is where we use your personal data in a way that you would reasonably expect including the collection and collation of information on you to create your Digital Identity; or
(d) Obligation: where we need to use your personal data to comply with our legal obligations.
10. CONTRACTUAL NECESSITY
10.1 We may process your information during the provision of services:
(a) our agreement with you to create your Digital Identity – this involves conducting financial risk assessments and background checks for regulatory and compliance purposes;
(b) administering your account with us;
(c) your use of the Instapass website;
(d) securing validation of the information you provide to us from multiple third-party sources;
(e) maintaining and managing our relationships with you and for ongoing customer service;
(f) communications with you regarding Instapass, through any forum, including through Instapass social media accounts; and
(g) delivery of marketing and promotional offers and notification of partner events.
11. LEGAL OBLIGATIONS
11.1 Instapass will process personal data to:
(a) comply with legal and regulatory obligations;
(b) to comply with and enforce agreements with third parties.
12. LEGITIMATE INTERESTS OF INSTAPASS
12.1 Instapass will process your personal data where it is necessary for us to:
(a) determine what services we can offer and the terms of those services;
(b) develop, test, monitor and review the performance of services, internal systems and security arrangements offered by Instapass;
(c) provide staff training;
(d) analyse your use of our site and gathering feedback to enable improvement of our site and your experience;
(e) provide you with access to our corporate literature and information about our services;
(f) prevent and detect fraud or abuse; and
(g) enable third parties to carry out technical, logistical and other functions on our behalf.
13. WITH WHOM DOES INSTAPASS SHARE YOUR DATA?
13.1 Instapass may share personal information with third parties where one of the following circumstances applies:
(a) you have consented to us doing so – for example Instapass will share user’s Digital Identity with third parties based on the user’s consent;
(b) we are under a legal or regulatory obligation to disclose your personal information, or in order to perform or enforce a contract with you, or to protect the rights, property or safety of Instapass or Instapass users or others; or
(c) Instapass, or substantially all of Instapass business or assets are merged or acquired by a third party, in which case your personal information may form part of the transferred or merged assets.
13.2 Instapass uses third parties to provide services that involve data processing or data storage. Instapass engages third parties to collect and collate information regarding an Instapass user. This information is collected and collated for the purpose of creating, maintaining and updating the Instapass user’s Digital Identity.
13.3 The following are potential recipients of your personal data:
(a) Affiliated and related companies (which means, for the purposes of this Privacy Notice, any entity in the Radix DLT Limited group of companies and any entity in the Radix Foundation group of companies) including, without limitation:
(i) Metaverse (Radix) Limited, a company incorporated in Jersey, and a wholly owned subsidiary of Radix DLT Limited, for the purposes of providing the Instabridge service. Metaverse will store your data principally in Jersey and the EU but will also allow your personal data to be accessed by Metaverse employees based in the US;
(ii) Radix Tokens (Jersey) Limited, a company incorporated in Jersey, and a wholly owned subsidiary of Radix Foundation, for the purposes of providing compliance administrative services. Radix Tokens (Jersey) Limited will store your data principally in Jersey and the EU;
(b) Jumio Corporation, a Delaware corporation, for the purpose of running know-your- client and anti-money laundering against your identity. Your data will be stored in a Jumio database hosted in the United States;
(c) IVXS UK Limited (trading as ComplyAdvantage), a company incorporated in England and Wales, for the purposes of anti-money laundering screening. Your data will be stored in a ComplyAdvantage database hosted in the EU;
(d) Twilio Inc. (trading as Sendgrid), a Delaware corporation, for the purposes of delivering transactional and marketing emails via their Sendgrid services. Your data will be stored in a Twilio database hosted in the EU;
(e) Mongo DB, Inc, who provides document database and storage services. Your data will be stored in a Mongo database hosted in the EU;
(f) Microsoft Corporation, who provides database services. Your data will be stored in an Azure database hosted in the EU;
(g) HelpScout PBC, who provides customer support services. Your data will be stored in a Mongo database hosted in the United States;
(h) service providers such as lawyers, accountants, custody providers, banks, investment managers security consultants, on-chain investigation service providers sales agents, and exchanges, etc, who provide services to Instapass, where disclosure is necessary for the provision of those services;
(i) sub-contractors, agents or service providers to Instapass and its subsidiaries and affiliated companies as listed at (a.) above;
(j) courts or tribunals;
(k) regulators, registrars or other governmental or supervisory bodies with a legal right to the data or where necessary to fulfil Instapass’ legal and/or regulatory obligations;
(l) law enforcement agencies where disclosure is necessary for Instapass or its subsidiaries to fulfil their legal and/or regulatory obligations; and (m) intermediaries, including fiduciary agents, escrow agents, custody providers.
14. THIRD PARTY PROVIDERS WHO USE THE DATA
14.1 Where another company or individual performs any function on behalf of Instapass or who provides services to Instapass, that third party will have access to personal data needed to perform their function, but they may not use it for other purposes.
14.2 Such functions include administrative, computer, data processing, screening, marketing services and compliance services. Such third parties must process the personal data in accordance with this Privacy Notice and applicable laws.
14.3 Instapass does not allow third-party service providers to use your personal data for their own purposes. Instapass only permits them to process your personal data for specified purposes and in accordance with our instructions.
14.4 Instapass will seek to enter into an agreement with each third party setting out the respective obligations of each party, to ensure they process personal data with the same level of security and confidentiality as Instapass and to be reasonably satisfied that the third party has measures in place to protect data against unauthorised or accidental use, access, disclosure, damage loss or destruction.
14.5 If authorised by you, Instapass will disclose your data to any third party that you request. Instapass is not responsible for any such third party’s use of your data, which will be governed by their agreement with you.
14.6 The personal data that Instapass holds will be used and stored principally in Jersey, and the European Economic Area (EEA).
14.7 Instapass may disclose or transfer personal data to third parties, or store information, outside of Jersey or the EEA. When Instapass discloses data to third parties to satisfy the purposes outlined above, the third parties generally use and store personal data within the EEA.
14.8 Wherever Instapass transfers personal information outside Jersey or the EEA, we will take legally required steps to ensure that appropriate safeguards are in place to protect it. You may contact us for an explanation of the basis on which we have transferred your personal information and, where relevant, to request a copy of the legal safeguards we have put in place.
15. RETENTION OF PERSONAL DATA
15.1 Instapass will process and store your personal data for as long as it is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any contractual, legal, accounting or reporting requirements.
15.2 Instapass will endeavour to delete any personal data where it is not necessary for it to be held. Instapass will continue to store your personal data for as long as is necessary to fulfil legal (e.g., anti-money laundering, proceeds of crime and countering the financing of terrorism legislation), regulatory, contractual or statutory obligations, for the establishment, exercise or defence of legal claims and in general where Instapass has a legitimate interest in doing so.
16. PROTECTION OF YOUR PERSONAL DATA
Instapass regards the lawful and appropriate treatment of your personal data as fundamental to our successful operation and to maintaining confidence and trust between Instapass and its users. In fulfilling this objective, Instapass will:
(a) ensure that your personal data is not used for any purposes that is incompatible with this Privacy Notice;
(b) ensure that any processing of your personal data is fair and transparent and sufficient for the uses set out above;
(c) endeavour to keep your personal data up to date;
(d) retain your personal data for no longer than necessary;
(e) ensure that our staff are trained to handle personal data appropriately and securely; and
(f) implement appropriate technical and organisational measures to:
(i) enable inaccuracies to be corrected and minimise the risk of errors;
(ii)secure personal data appropriately; and
(iii) protect your personal data against unauthorised or unlawful access or processing and against accidental loss or destruction.
16.2 The transmission of information via the internet is, unfortunately, not completely secure. Although Instapass will do its best to protect your personal data, we cannot guarantee the security of your data transmitted to our website. Any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
17. YOUR RIGHTS
You have the following rights:
(a) Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
(b) Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
(c) Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
(d) Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which means you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
(e) Right to data portability – you have the right to request that a copy of the personal data that Instapass holds about you is sent to another entity, or to you.
(f) Right to object to direct marketing – you have the right to object at any time to the processing of your personal data for direct marketing purposes by Instapass. We will obtain your express opt-in consent before we share your personal data with any third party for any marketing purpose.
(g) Right to withdraw consent - where the processing of your personal data is based on consent, you have the right to withdraw that consent without detriment at any time by contacting us.
(h) Right to object to automated decision making and/or profiling - Instapass does not currently profile data, nor make decisions by purely automated means, but should we do so, you have the right to object to your data being used in automated decision making and/or profiling.
18. RIGHT TO REQUEST THAT INSTAPASS RESTRICTS THE PROCESSING OF YOUR PERSONAL DATA
18.1 You have the right to ask Instapass to restrict the processing of your personal data where:
(a) you contest the accuracy of the personal data held by Instapass;
(b) the processing is unlawful, but you objected to the deletion of the personal data and requested that the use be restricted instead;
(c) Instapass no longer needs the personal data for the processing purpose, but you require them for legal reasons; or
(d) you objected to processing and Instapass is investigating whether there are legitimate grounds to override your objection.
19. CONTACTING US
19.1 If you do not wish to receive email or other mail from Instapass or for Instapass to use personal data that we gather, please contact support@instapass.io in the first instance. If you contact us in relation to your rights, we will do our best to accommodate your request or objection.
19.2 You can help us maintain the accuracy of your information by notifying us of any change at support@instapass.io (or via your usual contact). If you have any questions, concerns or complaints with respect to this Privacy Notice, the way Instapass is handling your data or have any other queries or concerns, please contact our Data Protection Officer directly at support@instapass.io or in writing at Metapass (Radix) limited, First Floor La Chasse Chambers, 10 La Chasse St Helier, JE2 4UE, Jersey (C.I.).
19.3 You can register a complaint about our handling of your personal data with the Jersey Information Commissioner, who are the supervisory authority for the Law, at: https://jerseyoic.org/contact/.
1. INSTAPASS
1.1 This Privacy Notice is issued by Metapass (Radix) Limited, trading as Instapass, ("Instapass", "us", or "we").
1.2 Instapass provides the Instapass service which undertakes multi-source independent inquiries and collates information concerning your identity and status to produce a Digital Identity. Instapass is registered under the Data Protection (Jersey) Law 2018 (the “Law”) and will process personal data in accordance with the provisions of the Law.Instapass is registered with the Jersey Office of the Information Commissioner under registration number: ICO 70319
2. THE INSTAPASS SERVICE
2.1 Instapass collects personal identification information and data from its users; verifies this using multiple third-party sources; and collates this data to create a digital representation of a user’s identity (known as a Digital Identity).
2.2 Instapass user’s may use their Digital Identity to comply with AML (Anti-Money Laundering), and KYC (Know Your Client/Business) regulations when dealing with third parties.
2.3 Instapass will provide the facilities for its users to share their Digital Identity with:
(a) Metaverse (Radix) Limited, who provide the Instabridge service, an automated system (as provided from time to time) for executing user instructions relating to the swapping and transfer of tokens;
(b) Third Parties to whom the Instapass user provides consent, and who wish to comply with KYC/AML regulations in order to transact with the user; and
(c) Affiliated companies, being any person or business directly or indirectly in control of, or controlled by, or under common control of Instapass or which has the ability to direct or cause the direction of the management and policies of Instapass, whether by contract or otherwise.
3. THIS PRIVACY NOTICE
3.1 This Privacy Notice describes what personal data Instapass will collect about you, why we collect that information, how we may use that information, and the steps we take to ensure that it is kept secure.
3.2 This notice may be amended from time to time and new versions will be published on our website which can be found at www.instapass.io.
3.3 Please read the following carefully to understand our practices regarding your personal data and how we will treat it.
4. HOW DOES INSTAPASS COLLECT DATA?
4.1 You provide data directly to us: this is where you (the user) directly provide us with personal data through:
(a) filling in forms on the Instapass website;
(b) uploading documents, materials or data to the Instapass website;
(c) accessing the Instapass website;
(d) corresponding with us (for example, by uploading data to the Instapass website);
(e) sharing data via social media channels controlled by Instapass;
(f) reporting a problem with the Instapass website; or
(g) when you sign up to a Instapass mailing list.
4.2 By communicating with you: we collect the content of all communications between yourself and us. This may include the recording of any calls, email conversations or other communications.
4.3 Through cookies and technology tracking: each time you visit the Instapass website we will automatically collect technical data and usage data. We collect this data using cookies and other similar technologies.
4.4 Through third parties and publicly available sources: we will receive personal data about you from various third parties and public sources as set out below.
5. THIRD PARTY DATA SOURCES
5.1 We will obtain data from publicly accessible sources such as international sanctions list, electoral registers, company registers, online directories, social networks, internet searches and other media etc.
5.2 We also work with third parties (including, for example business partners, sub-contractors in services, search information providers or email marketing providers) and we may receive certain information about you from them.
6. WHAT PERSONAL DATA DO WE COLLECT?
6.1 We collect the following types of personal data:
(a) Identity Data such as your first, middle and last names, date of birth, gender identity, nationality;
(b) Personal Identification Data such as your National Insurance Number, Citizen Number, Unique National identity number, social insurance number, Passport, Driving Licence, residency card, ID card;
(c) Contact Data such as your personal email address, residential address, phone number;
(d) Professional Data such as your employment status, employer, role details, professional affiliations, whether you are a politically exposed person (“PEP”), or a close affiliate of a PEP, sanctions or disqualifications;
(e) Demographic Data such as age, date of birth, nationality;
(f) Financial Data such as your income, history of bankruptcy filings, history of insolvency filings, source of funds, source of wealth, bank statements, utility bills;
(g) Technical Data including online identifiers such as Internet Protocol (IP) address, type of device you use, mobile network information, browser information, operating system, server logs, language;
(h) Details of services provided, tokens or assets received and exchanged; and
(i) Information on criminal offences which may include: data or information concerning criminal activity; allegations; investigations and proceedings; unproven allegations; personal data of victims and witnesses of crime; information about penalties, conditions or restrictions placed on an individual as part of the criminal justice process; or civil measures which may lead to a criminal penalty if not adhered to.
6.2 The above list is not exhaustive, and Instapass may also collect and process other types of data to the extent that this is considered necessary for our compliance with legislative requirements, and to verify your identity.
7. SPECIAL CATEGORIES OF PERSONAL DATA
7.1 Instapass may collect information concerning criminal activity relating to you.
7.2 Instapass will collect data relating to your criminal activity where we have lawful grounds to do so.
7.3 Where we collect data relating to your criminal activity, we rely on one or more of the following grounds:
(a) your consent: where you provide your explicit consent to the processing;
(b) the prevention of unlawful acts;
(c) the processing is necessary for a legal obligation of Instapass (other than a contractual obligation); and/or
(d) the information has been made public as a result of step deliberately taken by you.
8. DOES OUR WEBSITE USE COOKIES?
We use cookies to distinguish you from other users of the Instapass website and to remember your preferences. Cookies helps us to provide you with the best possible experience and allow us to improve the Instapass website. Most browsers are initially set to accept cookies, but you can set your browser to refuse them if you want to.
9. HOW DOES INSTAPASS USE PERSONAL DATA?
9.1 Instapass uses your personal data to create your Digital Identity.
9.2 Our use of your personal data will always have a lawful basis, and this will be determined by the purpose for which your personal information is processed. We use and collect personal data on the basis of:
(a) Consent: we will obtain your consent to use your personal data wherever necessary;
(b) Contractual necessity: to enter or perform a contract with you or any contracting entity;
(c) Legitimate Interest: we will use your personal data where we have a legitimate interest, this is where we use your personal data in a way that you would reasonably expect including the collection and collation of information on you to create your Digital Identity; or
(d) Obligation: where we need to use your personal data to comply with our legal obligations.
10. CONTRACTUAL NECESSITY
10.1 We may process your information during the provision of services:
(a) our agreement with you to create your Digital Identity – this involves conducting financial risk assessments and background checks for regulatory and compliance purposes;
(b) administering your account with us;
(c) your use of the Instapass website;
(d) securing validation of the information you provide to us from multiple third-party sources;
(e) maintaining and managing our relationships with you and for ongoing customer service;
(f) communications with you regarding Instapass, through any forum, including through Instapass social media accounts; and
(g) delivery of marketing and promotional offers and notification of partner events.
11. LEGAL OBLIGATIONS
11.1 Instapass will process personal data to:
(a) comply with legal and regulatory obligations;
(b) to comply with and enforce agreements with third parties.
12. LEGITIMATE INTERESTS OF INSTAPASS
12.1 Instapass will process your personal data where it is necessary for us to:
(a) determine what services we can offer and the terms of those services;
(b) develop, test, monitor and review the performance of services, internal systems and security arrangements offered by Instapass;
(c) provide staff training;
(d) analyse your use of our site and gathering feedback to enable improvement of our site and your experience;
(e) provide you with access to our corporate literature and information about our services;
(f) prevent and detect fraud or abuse; and
(g) enable third parties to carry out technical, logistical and other functions on our behalf.
13. WITH WHOM DOES INSTAPASS SHARE YOUR DATA?
13.1 Instapass may share personal information with third parties where one of the following circumstances applies:
(a) you have consented to us doing so – for example Instapass will share user’s Digital Identity with third parties based on the user’s consent;
(b) we are under a legal or regulatory obligation to disclose your personal information, or in order to perform or enforce a contract with you, or to protect the rights, property or safety of Instapass or Instapass users or others; or
(c) Instapass, or substantially all of Instapass business or assets are merged or acquired by a third party, in which case your personal information may form part of the transferred or merged assets.
13.2 Instapass uses third parties to provide services that involve data processing or data storage. Instapass engages third parties to collect and collate information regarding an Instapass user. This information is collected and collated for the purpose of creating, maintaining and updating the Instapass user’s Digital Identity.
13.3 The following are potential recipients of your personal data:
(a) Affiliated and related companies (which means, for the purposes of this Privacy Notice, any entity in the Radix DLT Limited group of companies and any entity in the Radix Foundation group of companies) including, without limitation:
(i) Metaverse (Radix) Limited, a company incorporated in Jersey, and a wholly owned subsidiary of Radix DLT Limited, for the purposes of providing the Instabridge service. Metaverse will store your data principally in Jersey and the EU but will also allow your personal data to be accessed by Metaverse employees based in the US;
(ii) Radix Tokens (Jersey) Limited, a company incorporated in Jersey, and a wholly owned subsidiary of Radix Foundation, for the purposes of providing compliance administrative services. Radix Tokens (Jersey) Limited will store your data principally in Jersey and the EU;
(b) Jumio Corporation, a Delaware corporation, for the purpose of running know-your- client and anti-money laundering against your identity. Your data will be stored in a Jumio database hosted in the United States;
(c) IVXS UK Limited (trading as ComplyAdvantage), a company incorporated in England and Wales, for the purposes of anti-money laundering screening. Your data will be stored in a ComplyAdvantage database hosted in the EU;
(d) Twilio Inc. (trading as Sendgrid), a Delaware corporation, for the purposes of delivering transactional and marketing emails via their Sendgrid services. Your data will be stored in a Twilio database hosted in the EU;
(e) Mongo DB, Inc, who provides document database and storage services. Your data will be stored in a Mongo database hosted in the EU;
(f) Microsoft Corporation, who provides database services. Your data will be stored in an Azure database hosted in the EU;
(g) HelpScout PBC, who provides customer support services. Your data will be stored in a Mongo database hosted in the United States;
(h) service providers such as lawyers, accountants, custody providers, banks, investment managers security consultants, on-chain investigation service providers sales agents, and exchanges, etc, who provide services to Instapass, where disclosure is necessary for the provision of those services;
(i) sub-contractors, agents or service providers to Instapass and its subsidiaries and affiliated companies as listed at (a.) above;
(j) courts or tribunals;
(k) regulators, registrars or other governmental or supervisory bodies with a legal right to the data or where necessary to fulfil Instapass’ legal and/or regulatory obligations;
(l) law enforcement agencies where disclosure is necessary for Instapass or its subsidiaries to fulfil their legal and/or regulatory obligations; and (m) intermediaries, including fiduciary agents, escrow agents, custody providers.
14. THIRD PARTY PROVIDERS WHO USE THE DATA
14.1 Where another company or individual performs any function on behalf of Instapass or who provides services to Instapass, that third party will have access to personal data needed to perform their function, but they may not use it for other purposes.
14.2 Such functions include administrative, computer, data processing, screening, marketing services and compliance services. Such third parties must process the personal data in accordance with this Privacy Notice and applicable laws.
14.3 Instapass does not allow third-party service providers to use your personal data for their own purposes. Instapass only permits them to process your personal data for specified purposes and in accordance with our instructions.
14.4 Instapass will seek to enter into an agreement with each third party setting out the respective obligations of each party, to ensure they process personal data with the same level of security and confidentiality as Instapass and to be reasonably satisfied that the third party has measures in place to protect data against unauthorised or accidental use, access, disclosure, damage loss or destruction.
14.5 If authorised by you, Instapass will disclose your data to any third party that you request. Instapass is not responsible for any such third party’s use of your data, which will be governed by their agreement with you.
14.6 The personal data that Instapass holds will be used and stored principally in Jersey, and the European Economic Area (EEA).
14.7 Instapass may disclose or transfer personal data to third parties, or store information, outside of Jersey or the EEA. When Instapass discloses data to third parties to satisfy the purposes outlined above, the third parties generally use and store personal data within the EEA.
14.8 Wherever Instapass transfers personal information outside Jersey or the EEA, we will take legally required steps to ensure that appropriate safeguards are in place to protect it. You may contact us for an explanation of the basis on which we have transferred your personal information and, where relevant, to request a copy of the legal safeguards we have put in place.
15. RETENTION OF PERSONAL DATA
15.1 Instapass will process and store your personal data for as long as it is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any contractual, legal, accounting or reporting requirements.
15.2 Instapass will endeavour to delete any personal data where it is not necessary for it to be held. Instapass will continue to store your personal data for as long as is necessary to fulfil legal (e.g., anti-money laundering, proceeds of crime and countering the financing of terrorism legislation), regulatory, contractual or statutory obligations, for the establishment, exercise or defence of legal claims and in general where Instapass has a legitimate interest in doing so.
16. PROTECTION OF YOUR PERSONAL DATA
Instapass regards the lawful and appropriate treatment of your personal data as fundamental to our successful operation and to maintaining confidence and trust between Instapass and its users. In fulfilling this objective, Instapass will:
(a) ensure that your personal data is not used for any purposes that is incompatible with this Privacy Notice;
(b) ensure that any processing of your personal data is fair and transparent and sufficient for the uses set out above;
(c) endeavour to keep your personal data up to date;
(d) retain your personal data for no longer than necessary;
(e) ensure that our staff are trained to handle personal data appropriately and securely; and
(f) implement appropriate technical and organisational measures to:
(i) enable inaccuracies to be corrected and minimise the risk of errors;
(ii)secure personal data appropriately; and
(iii) protect your personal data against unauthorised or unlawful access or processing and against accidental loss or destruction.
16.2 The transmission of information via the internet is, unfortunately, not completely secure. Although Instapass will do its best to protect your personal data, we cannot guarantee the security of your data transmitted to our website. Any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
17. YOUR RIGHTS
You have the following rights:
(a) Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
(b) Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
(c) Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
(d) Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which means you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
(e) Right to data portability – you have the right to request that a copy of the personal data that Instapass holds about you is sent to another entity, or to you.
(f) Right to object to direct marketing – you have the right to object at any time to the processing of your personal data for direct marketing purposes by Instapass. We will obtain your express opt-in consent before we share your personal data with any third party for any marketing purpose.
(g) Right to withdraw consent - where the processing of your personal data is based on consent, you have the right to withdraw that consent without detriment at any time by contacting us.
(h) Right to object to automated decision making and/or profiling - Instapass does not currently profile data, nor make decisions by purely automated means, but should we do so, you have the right to object to your data being used in automated decision making and/or profiling.
18. RIGHT TO REQUEST THAT INSTAPASS RESTRICTS THE PROCESSING OF YOUR PERSONAL DATA
18.1 You have the right to ask Instapass to restrict the processing of your personal data where:
(a) you contest the accuracy of the personal data held by Instapass;
(b) the processing is unlawful, but you objected to the deletion of the personal data and requested that the use be restricted instead;
(c) Instapass no longer needs the personal data for the processing purpose, but you require them for legal reasons; or
(d) you objected to processing and Instapass is investigating whether there are legitimate grounds to override your objection.
19. CONTACTING US
19.1 If you do not wish to receive email or other mail from Instapass or for Instapass to use personal data that we gather, please contact support@instapass.io in the first instance. If you contact us in relation to your rights, we will do our best to accommodate your request or objection.
19.2 You can help us maintain the accuracy of your information by notifying us of any change at support@instapass.io (or via your usual contact). If you have any questions, concerns or complaints with respect to this Privacy Notice, the way Instapass is handling your data or have any other queries or concerns, please contact our Data Protection Officer directly at support@instapass.io or in writing at Metapass (Radix) limited, First Floor La Chasse Chambers, 10 La Chasse St Helier, JE2 4UE, Jersey (C.I.).
19.3 You can register a complaint about our handling of your personal data with the Jersey Information Commissioner, who are the supervisory authority for the Law, at: https://jerseyoic.org/contact/.