Effective date: 25 September 2023
This Privacy Notice (“Privacy Notice”) describes the types of data that Aave Limited and Avara Virtual Assets Limited (together “Avara”), and its affiliates collect about customers accessing our services, and users (“you”, “your”) of this website (www.aave.co.uk) (the “Site”) and our Avara mobile application (collectively, the “Platform”). It also sets out how Avara uses, shares, and protects such personal data.
Please read this Privacy Notice carefully to understand Avara’s data practices.
Entity names: Aave Limited and Avara Virtual Assets Limited
Status: Joint data controllers
Registered Address: 128 City Road, London, England, EC1V 2NX
E-mail: [email protected]
For further information about the services provided to customers by each Avara entity, please refer to the User Terms.
What Data Do We Collect About You?
Information You Give Us
The personal data we collect directly from you includes the following:
- Phone number
- Email address
- Date of birth
- Login credentials
- Linked wallet address(es)
- Linked bank account number(s) and sort code(s)
- Photographic identification (which may include first name, last name, address, document number, date of birth, nationality, type of document, issuing country, expiration date, information embedded in barcodes, QR codes, security chips and features, and image metadata)
- Likeness records including facial image (which may include image metadata and biometric data, extracted from such recorded videos or images provided by you to enable us to verify your identity)
- Personal data included in any documentary evidence provided to us
- Transaction records (including amounts, assets, dates and times)
- Any information you voluntarily provide to us e.g., within communications sent to our Support team
Information Automatically Collected
We may automatically record certain information about how you use the Platform such as the data points listed below in order to administer and improve the Platform:
- Your Internet Protocol (“IP”) address
- Device and browser type
- Operating system
- The URL of the website you visited prior to visiting the Platform
- Information about your use of the Platform
- Diagnostics and performance related information including website performance and error messages
- Cookies information - please refer to the Cookies Policy for further information.
Information Collected via Third Parties
We may collect information from third parties to enable us to maintain the Platform, meet our legal and regulatory obligations, and to help keep the Platform safe:
- Information collected from public sources and databases
- Blockchain data
- Site usage
- Customer experience and satisfaction survey data
No Collection of Personal Data of Minors
The Platform is not intended for minors and we do not knowingly collect personal information from individuals under the age of 18.
If you believe that a minor under the age of 18 has provided us with personal data; please contact us with sufficient detail to enable us to delete that information.
How Do We Use Your Personal data?
We use your personal data for the following purposes:
- To administer, improve and optimise the Platform;
- To understand your needs and your eligibility for products and services;
- To provide the products and services to you;
- To develop, enhance, market and deliver products and services to you;
- To promote the security of the Platform;
- To conduct surveys and obtain feedback from you;
- To provide you with news and other matters of general interest to you as an Avara customer;
- To provide you with information about developments and new products, including changes and enhancements to the Platform;
- To respond to your requests submitted via the Platform’s contact forms or our email address noted above;
- To comply with applicable laws, regulations, regulators and authorities; and/or
- Any other purposes that may arise from time to time and for which we will obtain your specific consent.
We are committed to processing your personal data in accordance with the purposes outlined above, but only where there is a lawful basis for such processing, and to the extent required by applicable laws. We engage in these processing activities as necessary to achieve the specified purposes, which may include fulfilling our contractual obligations to you, pursuing our legitimate interests, addressing legal claims or obligations, or complying with relevant legal requirements.
When we rely on our legitimate interests as a basis for processing your personal data, we do not use your personal data for activities if we determine that our interests are outweighed by any adverse impact on you, unless we obtain your explicit consent or are otherwise compelled or permitted to do so by applicable laws. Where we rely on your consent, you have the right to withdraw it at any time by contacting us at [email protected]. Please note that this will not affect the lawfulness of any processing undertaken before you withdraw such consent.
Our commitment to safeguarding your personal data and respecting your rights underpins our approach to data processing activities. Under no circumstances do we sell your personal data.
To Whom Do We Disclose Personal Data?
We do not disclose the personal data that you provide us with other organisations without your express consent, except under the following circumstances:
- Compliance with laws, regulators, authorities and related to legal proceedings: We may share personal data with regulators, courts and other authorities (e.g., law enforcement or tax authorities), for legal, protection, and safety purposes, including compliance with applicable laws and regulations, requests from regulators or other authorities, and court orders, as well as to prepare for and participate in legal or regulatory proceedings and investigations.
- Professional advisors, business partners and service providers: We may share personal data with third parties who need such information to (i) assist us in providing our products and services via the Platform to you; or (ii) perform their work or services for us or on our behalf.
- For business transfers: We may share or transfer your personal data in connection with, or during negotiations of any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
- With affiliates: We may share your information with our affiliates, in which case we will require those affiliates to honour this Privacy Notice. Affiliates may include other companies that we control or that are under common control with us.
- Other: You may permit us from time to time to share your personal data with other companies or entities of your choosing.
Do We Transfer Your Personal Data Internationally?
Your personal information may be transferred to or from jurisdictions outside of the UK. In these circumstances, Avara relies on the following legal mechanisms to do so:
- Standard Contractual Clauses to facilitate the international transfer of data to third countries.
- Exemptions for sharing personal information with Law Enforcement outside of the UK.
Avara will take steps that are reasonable and necessary to ensure that your personal data is treated securely and appropriately, safeguarded in accordance with this Privacy Notice and applicable data protection or privacy laws.
What Security is Provided for Your Personal data?
We understand the importance of safeguarding and ensuring the security of your data. We employ appropriate administrative, technical and operational safeguards designed to protect the security of personal data submitted through the Platform. These measures are aimed at providing ongoing security, integrity and confidentiality of personal data.
The following measures are employed to protect and store your data:
- Encryption: All customer data is encrypted using industry-standard encryption protocols to ensure that your information remains confidential and cannot be intercepted by unauthorised parties.
- Access Controls: Access to customer data is restricted to authorised personnel only. Our team members are trained on data protection and privacy best practices, and access to customer data is limited to those who require it to perform their job responsibilities.
- Firewalls and Intrusion Detection: We employ robust firewall systems and intrusion detection mechanisms to protect against unauthorised access, malware, and other cyber threats. These security measures help us maintain the integrity and availability of your data.
- Regular Security Audits: We conduct regular security audits and assessments of our systems and infrastructure to identify and address vulnerabilities promptly. This proactive approach helps us stay ahead of potential threats.
- User Authentication: We implement secure customer authentication mechanisms to enhance the security of customer accounts.
- Security Training: Our team members receive ongoing training and awareness programs to stay informed about emerging threats and best practices for data security and privacy.
- Incident Response Plan: In the unlikely event of a data breach or security incident, we have a defined incident response plan in place. This allows us to respond promptly, mitigate potential harm, and notify affected parties as required by law.
By implementing these robust security measures and adhering to industry best practices, Avara strives to provide a safe and secure environment for our customers.
How Long Is Your Personal Data Retained?
We retain your personal data only for as long as is necessary to provide services to you, to comply with our legal and regulatory obligations, and for the other purposes set out in this Privacy Notice to the extent permitted by applicable legal requirements.
Records and internal policies are maintained in relation to the length of time each category of data is required to be kept. Any data that is no longer needed for any of the above purposes is deleted after the account is closed, or when you request for deletion of your personal data.
Avara may take steps to anonymise personal information collected from customers and users. In these circumstances, Avara is permitted to use the data as it is no longer considered personally identifiable information.
What Are Your Rights?
The UK GDPR gives individuals the following specific rights over their personal data:
- The right to access personal data held about you (the right of subject access):
- The right to be informed about how and why your data is used
- The right to have your data rectified, erased, or restricted
- The right to object to or to restrict processing
- The right to portability of your data
- The right not to be subject to a decision based solely on automated processing
If you would like to exercise any rights afforded to you, please contact us at: [email protected]
There are exemptions and restrictions that can, in some circumstances, be legitimately applied to exempt or qualify the right of individuals to exercise their rights, but these shall only be leveraged in exceptional situations.
In the event you find it necessary to submit a complaint about our use of your personal data or in respect of our response to your request regarding your personal data, you may submit a complaint via the following email address: [email protected]
Should you wish to escalate your complaint in connection with this Privacy Notice to the UK data protection authority, you can contact them as follows:
Complaint form: Information Commissioner’s Officer
Changes To This Notice
We will update this Privacy Notice when necessary, including to reflect customer feedback and changes to the Platform. When we post changes to this Privacy Notice, we will revise the “last updated” date at the top of the Privacy Notice.
We encourage you to periodically review this Privacy Notice to understand our data practices and the choices available to you.