Privacybeleid
As a crypto service provider, Prosper Digital Assets B.V. (hereafter Prosper) processes large amounts of data from our end-users and partners, who are using the services provided by Prosper, and our partners’ customers (end-users). To Prosper it is extremely important to ensure careful and secure processing of our partners and end-users data, in particular their personal data.
This Privacy Policy was written in English (US). To the extent any translated version of this policy conflicts with the English (US) version, the English (US) version prevails.
Through this Privacy Policy, Prosper (“we”, “our”, “us”) informs you about the way we process personal data. In case you have any questions regarding our use of your data, you can contact us via email.
Article 1: Who are we?
Prosper is a platform that offers end-users the opportunity to trade in crypto currencies via the Prosper platform or a partners application, interface or API. Prosper is registered at the Dutch Central Bank (DNB) as a crypto service provider under Dutch law. Via Prosper, a partner can offer its customers (end-users) payments, trading and withdrawal services. You could come into contact with Prosper if you have an application, interface or API and wish to use Prosper’s services, or if you are a customer of one of Prosper’s partners.
Article 2: Our responsibilities
For all activities and purposes mentioned in this Privacy Policy, Prosper acts as the controller as referred to in the EU General Data Protection Regulation 2016/679 (GDPR). Prosper acts in this position because as a regulated crypto service provider Prosper:
Determines which personal data must be processed for the correct execution of a payment, trade or withdrawal;
Determines for which other purposes the personal data may be processed as long as these purposes are in accordance with the purpose for which the personal data were obtained by Prosper;
Has to comply with legal obligations, for example under the Dutch Money Laundering and Terrorist Financing (Prevention) Act (Wwft); and
Has drawn up its own general terms and conditions that are directly applicable to the partner and the end-user.
Article 3: Types of personal data
We collect and process your personal data because you use Prosper’s services, or because you voluntarily provide us with your personal data.
For example, we collect personal information which is required under the law to open an account, initiate a payment, trade or execute a transaction. We also collect personal information when you use or request information about our Services, subscribe to marketing communications, request support, complete surveys, or sign up for a Prosper event.
We may collect some the following types of information about you:
Personal identification information;
Full name, date of birth, age, nationality, gender, signature, utility bills, photographs, phone number, home address, and/or email.
Formal identification information;
Passport / ID details, photograph ID cards, source of funds, source of wealth.
Financial information;
Bank account information, payment card primary account number (PAN), transaction history, trading data.
Transaction information;
Information about the transactions you make on our Services, such as, your name, the number and amount of payments, trades or withdrawals, and/or timestamps thereof.
Employment information (if you are an applicant);
Office location, job title, historical employment data and/or description of role.
Online identifiers;
Geo location/tracking details, browser fingerprint, OS, browser name and version, and/or personal IP addresses.
Usage data;
Survey responses, information provided to our support team, public social networking posts, authentication data, security questions, user ID, click-stream data and other data collected via cookies and similar technologies.
Article 4: Sensitive personal data
Prosper’s website, services and products are not aimed at activities that require special categories of personal data (sensitive personal data) to be processed. Prosper therefore requests that you do not provide such information. In case Prosper receives any such information, such information shall be erased upon notice.
Article 5: Usage
Our primary purpose in collecting personal information is to provide you with a secure, smooth, efficient and customized experience. In general, we use personal information to create, develop, operate, deliver and improve our services, content and advertising, and in order to comply with legal obligations. Prosper processes your data for the following purposes:
To assess your application;
To draft and perform the (partnership) agreement and the services therein;
To process payments, trades and withdrawals;
To send information about the services and updates / changes in it;
To provide customer support;
To perform analyses for statistical and scientific purposes;
To enhance your service experience;
To train and assess employees;
To record evidence (if necessary);
To ensure network and information security;
To ensure the safety and integrity of the crypto sector, for example by identifying, investigating, preventing and actively countering (attempted) criminal/illegal conduct;
To comply with legal obligations as a crypto service provider, for example under the Dutch Money Laundering and Terrorist Financing (Prevention) Act (Wwft)
The personal data listed above is processed based on your consent, for the performance of a contract, based on legal obligations, performance of tasks in the public interest and to pursue legitimate business interests. If Prosper wants to process your personal data for other purposes that are described above, it will only do so if your consent is obtained or if we have legitimate interests. You can withdraw your consent at any time without giving reasons, or object to the processing of your personal data when we do so based on legitimate interests. Please note that withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent. You can withdraw your consent via the unsubscribe link in our emails, if applicable.
Article 6: Retention
Prosper will not retain your personal information longer than the mandatory statutory period or longer than is necessary to fulfill the purposes for which we collected it. For example, the personal data that we receive relating to the assessment of your application as a customer, the preparation and performance of the agreement and the processing of payments, trades or withdrawals, will not be kept longer than five years after rejection of your application or the termination of the agreement. This period has been determined in the Dutch Money Laundering and Terrorist Financing (Prevention) Act (Wwft).
Article 7: Security
We understand how important your privacy is, which is why Prosper maintains (and requires its service providers to maintain) appropriate physical, technical and administrative safeguards to protect the security and confidentiality of the personal information you entrust to us. For example, we use network segmentation, firewalls, anti-DDoS systems, encryption, monitoring and alerting systems and industry best practices regarding security standards. Additionally, organizational measures include role separation, access control on need-to-know basis, personnel screening and continuous training of our staff.
However, we cannot guarantee that loss, misuse, unauthorized acquisition, or alteration of your data will not occur. Please recognize that you play a vital role in protecting your own personal information. If you have reason to believe that your data is no longer secure, please contact us at support@prosper.exchange.
Compromise of information
In the event that any information under our control is compromised as a result of a breach of security, Prosper will take reasonable steps to investigate the situation and where appropriate, notify those individuals whose information may have been compromised and take other steps, in accordance with any applicable laws and regulations.
Article 8: Data sharing
We take care to allow your personal information to be accessed only by those who really need to in order to perform their tasks and duties, and to share with third parties who have a legitimate purpose for accessing it. Prosper will never sell or rent your personal information.
Processors
Prosper shares your personal data with third parties if this is necessary to provide our products and services. When third parties will process your personal data on our behalf and under our strict instructions, those third parties act as so-called processors. Prosper ensures that your personal data are always processed in a careful manner, protected with at least the same level of security we maintain and that the confidentiality of your personal data is guaranteed.
(Joint) Controllers
Prosper may also receive data from third parties or share your personal data with third parties that are also controllers. In those cases Prosper has concluded agreements in order to guarantee a thorough protection of your personal data where this is desirable or where required (namely where both parties acties as joint controllers).
If your personal data will be shared with third parties for purposes other than those described above, Prosper will only do so when legally permitted or after we have obtained your consent.
Cross-border data transfers
When providing our services, your personal data may in some cases be processed by third parties (as processor, as joint or independent controller) outside the European Economic Area (EEA). If your personal data is processed outside the EEA in a third country (a country without an adequate level of protection as indicated by the European Commission), Prosper ensures that i) the correct contract is concluded with regard to data processing (processor agreement, joint controller agreement or controller-controller provisions if desired), and ii) an appropriate transfer mechanism is in place, such as EU Standard Contract Clauses. In this way Prosper ensures that your personal data is always secured at at least the same level and that the confidentiality of your personal data is guaranteed.
We may share your information with law enforcement, officials, or other third parties when we are compelled to do so by a subpoena, court order, or similar legal procedure, or when we believe in good faith that the disclosure of personal information is necessary to prevent physical harm or financial loss, to report suspected illegal activity or to investigate violations of our Terms of Use or any other applicable policies.
Article 9: Cookies
When you visit the Service, we may send one or more cookies — a small text file containing a string of alphanumeric characters — to your computer that uniquely identifies your browser. A cookie may also convey information to us about how you use the Service (e.g., the pages you view, the links you click and other actions you take on the Service), and allow us or our business partners to track your usage of the Service over time. A persistent cookie remains on your hard drive after you close your browser. Persistent cookies may be used by your browser on subsequent visits to the site. Persistent cookies can be removed by following your web browser’s directions. A session cookie is temporary and disappears after you shut down your browser. You can reset your web browser to refuse all cookies or to indicate when a cookie is being sent. However, some features of the Service may not function properly if the ability to accept cookies is disabled.
Article 10: Your rights
You have the right to access, correct, erase, restrict, transfer, or object to the personal data that we process, unless we cannot execute these rights based on a legal obligation or whenever exceptions apply. For example, we are required to keep certain personal and payment data based on legal obligations (as stated under point 6), which means that we cannot always delete all of your personal data when you request it.
You can send your request to exercise your privacy right(s) to dpo@prosper.exchange. If we are not able to verify it is you directly, we may ask you to send a copy of your identification (i.e. a passport or identity card). Please make sure that in this copy your passport photo, MRZ (machine readable zone, the strip with numbers at the bottom of the passport), passport number and citizen service number (BSN) have been redacted to protect your privacy. We will then respond to your request as soon as possible, but in any case within one month after receipt, unless the request is of such excessive nature that we may extend that period with another 2 months.
Article 11: Contact
If you have any questions about this agreement, please feel free to contact us at support@prosper.exchange
Article 12: Data protection officer
You can reach Prosper’s Data Protection Officer at dpo@prosper.exchange.
Complaints
You can also complain about our processing of your personal information to the relevant data protection authority. You can complain in the EU member state where you live or work, or in the place where the alleged breach of data protection law has taken place. In the Netherlands, the relevant data protection authority is the Autoriteit Persoonsgegevens (AP).