PRIVACY POLICY

Ownership: Head of Compliance Policy approved by: Lanistar’s CEO
Policy approved date: 22 December 2022
Next Review date: December 2023

This policy should be reviewed annually by the Head of Compliance and approved annually by the Board or CEO of Lanistar to ensure that it is current and consistent with Lanistar's practices. This Policy requires annual review unless there is a change in the UK legislative framework that requires it to be updated and reviewed sooner. Minor updates, for example name changes, will be made periodically on the authority of the Head of Compliance, as required.

Lanistar is committed to protecting and respecting an individuals privacy.

This is the Privacy Policy that governs how we use personal data that we collect, receive and store about Customers in connection with the use of:

• The website/portal features and services provided to you when you visit our websites or portals.
• When you apply to use and/or use our service.
• Your use of software including mobile and desktop applications provided by Lanistar; and
• Email, other electronic messages including SMS, telephone, website/portal and other communications between you and Lanistar.

Together these are all referred to in this policy as “Services”.

We receive, collect and use the information listed below as it is necessary for the adequate performance of the contract between you and us, to provide you the Services, to support our legitimate interests in better understanding, securing and improving our Services and overall performance, and to allow us to comply with our legal and contractual obligations.

We receive and collect personal information from you when you provide us your name, e-mail address and other personal details during signup, and when we communicate using email or other communication mediums like phone, email, electronic messages, etc.

We receive and collect personal information from your browser about your use of the Services. We use “cookies”, technical identifiers and other tracking technologies in order to provide and enhance our Services.

We receive, collect and use the information listed below as it is necessary for the adequate performance of the contract between you and us, to provide you the Services, to support our legitimate interests in better understanding, securing and improving our Services and overall performance, and to allow us to comply with our legal and contractual obligations.

We collect the following information:

Information you give us: We receive and store any information including personal information you provide to us including when you: enquire of or make an application for our Services; register to use and/or use any our Services; upload and/or store information with us using our Services; and when you communicate with us through email, SMS, a website or portal, or the telephone or other electronic means. Such information may include your:

• Contact information, including name, address, phone number, date of birth, and e-mail address.
• Any other information that you provide.

Information we collect about you: We receive and store certain information whenever you interact with us; for example, by way of “cookies” or similar technology. We also obtain certain information when your web browser accesses our Services and other content provided by or on behalf of us on other web sites, or when clicking on emails including:

The Internet protocol (IP) address used to connect your computer or device to the Internet, your login information, browser type and version, browser plug-in types and versions, operating system platform.

Email and Other Communications: We may receive information about you and your use of our Services when we communicate with each other, including when you open email, messages from us and from the use of electronic identifiers (sometimes known as ‘device fingerprints’), for example, Internet Protocol addresses or telephone numbers.

We collect and store your data securely via encrypted servers. We never use your data for any other reasons than operation of the Lanistar Card and App, we never sell or pass on your information to third parties.

The primary reason for using contact list data is to enable the "Send to Friends" App functionality which allows you to send money directly to your friends and family via the App.

Some of the information we collect may be classified as "personal data" under European Union (EU) law as it is information relating to an individual. This privacy notice provides the information we are required to give in relation to the processing of personal data under EU law and Brazil law.

Lanistar does not seek to collect any information in relation to a European resident’s race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation, genetic or biometric data.

Your information (as above) will include information about you. If you give us information, including sensitive personal data, about yourself or other people, you agree (and confirm that the person the information is about has agreed) that we can use this information in the way set out in this policy.

We may use and share your information with our subsidiaries or affiliated companies, business partners, financial institutions, employees, professional advisors, sub-contractors, fraud prevention agencies and third-party service providers to help us and them:

• To provide our Services to you including fulfilling our obligations to you in connection with the Services we provide to you.
• To improve and develop our business, including without limitation to optimize our websites/portals, products and services.
• To provide you with the information, products and services you have requested, or we think may be of interest to you.
• To manage and enforce our rights, terms of use or any other contracts with you for the provision of our Services.
• To identify and authenticate your access to non-public parts of our Services.
• To send you service and administrative e-mails and messages, including to inform you about important changes or developments in our Services, or to provide you with important Services related notices. These e-mails and messages are considered an integral part of the Service and you may not opt-out of them.
• To send you information we believe you would find interesting including marketing and promotional materials; by post, email, telephone, SMS text or other means, including electronic means. You can object to marketing at any time, as explained below.
• To obtain your views on our services and our website.
• To develop and test services.
• To comply with local and national laws, such as requests from law enforcement authorities.

In respect of marketing, market research and similar activities, we may use your personal data for such purposes whether or not you are accepted as or continue to receive Services. If you no longer wish to receive marketing or promotional information from us, please let us know via the Contact Us section.

We may share or receive information about you with or from other sources and add it to our account information, including when you use any of the other websites we operate or other services we provide. We may work closely with third parties including business partners and sub-contractors for the performance of any contract we enter into with them or you, or any services that we provide to you.

We may disclose your personal information to third parties:

Where we are required or permitted to do so by law: We may be required by law to pass information about you to law enforcement bodies worldwide, or we may otherwise determine that it is appropriate or necessary to do so. Such disclosures may also include requests from governmental or public authorities, or with commercial organizations with whom you may have had dealings and whom are seeking to mitigate fraud risk, or for the purposes of litigation or legal process, national security or where we deem it in the national or public interest or otherwise lawful to do so.

With your permission: Your information may also be used for other purposes for which you give your specific permission, or when required by law or where permitted under the terms of the relevant data protection legislation. Except where permitted as stated, Lanistar does not sell, rent, share or otherwise disclose personal data about its customers to third parties for commercial purposes.

Business transfers:

Lanistar may buy or sell business units or affiliates. In such circumstances, we may transfer customer information as a business asset. Without limiting the foregoing, if our business enters into a joint venture with or is sold to or merged with another business entity, your information may be disclosed to our new business partners or owners.

International transfer of personal data:

We may transfer your data to third party organizations that are based outside of the country where you reside. This is commonly known as an international transfer of data. This might be necessary for the purposes of administering our business and/or your products and services. These parties are not permitted to use your personal data for any other purpose than for what has been agreed with us. In addition, these organizations are also required to safeguard your personal data using appropriate technical, physical and organizational data security measures and are prohibited from disclosing or sharing your data with other third parties without our prior authorization, or unless as required by law. Senior management are expected to deal promptly, firmly and fairly with any suspicions or allegations of fraud or corrupt practice once raised by employees.

Personal data is stored for varying lengths depending on the nature and purpose for which it was collected. We store personal data in line with any applicable statutory minimum periods, and then review it periodically (usually annually) to ensure it is still necessary to be retained for the purpose for which it was collected.

The data that you provide us is stored using standard encryption technology in computer servers with limited access and in controlled facilities. We follow generally accepted industry standards to protect personal data, however no method of transmission over the Internet or method of electronic storage is 100% secure.

All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. We will never contact you and ask for your password.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Website or/and the Services; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.

All our employees and data processors, who have access to, and are associated with the processing of personal data, are obliged to respect the confidentiality of your personal data.

The Website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Individuals are provided with legal rights governing the use of their personal data. These grant individuals the right to understand what personal data relating to them is held, for what purpose, how it is collected and used, with whom it is shared, where it is located, to object to its processing, to have the data corrected if inaccurate, to take copies of the data and to place restrictions on its processing. Individuals can also request the deletion of their personal data.

These rights are known as Access Rights under the Data Protection Act 2018. The following list details these rights:

• The right to be informed about the personal data being processed;
• The right of access to your personal data;
• The right to object to the processing of your personal data;
• The right to restrict the processing of your personal data;
• The right to rectification of your personal data;
• The right to erasure of your personal data;
• The right to data portability (to receive an electronic copy of your personal data);
• Rights relating to automated decision-making including profiling.

Individuals can exercise their Access Rights at any time. As mandated by UK and EU law we will not charge a fee to process these requests, however if your request is repetitive, wholly unfounded and/or excessive, we are entitled to charge a reasonable administration fee or to refuse your request.
In exercising your Access Rights, you should understand that in some situations we may be unable to fully meet your request, for example if you make a request for us to delete all your personal data, we may be required to retain some data for business administration or for prevention of crime purposes.

You have the right to object to our processing and/or request it is deleted or restricted. In considering our response we undertake to ensure your interests, fundamental rights and freedoms are properly balanced against our legitimate interests. We will also look at whether it is still necessary to process your data for the purpose it was collected. Please contact Customer Services for more information.

We will always observe your objection to receiving either our Lanistar marketing or to us passing on your contact details to third parties for their direct marketing purposes: please contact Customer Services including the name, address, telephone number and email address that you wish to have excluded.

Opting Out: If you would prefer to no longer receive marketing-related messages from us, or if you would prefer that we not share personal data about you with any of our business partners, you may opt-out of receiving messages from us or from our future sharing of information about you by following the “unsubscribe” instructions in the latest such message you have received. We will endeavour to comply with your request as soon as reasonably practicable. Please keep in mind that if you opt-out of receiving promotional messages from this Website, we will continue to send you important account-related information regarding this Website or Services offered through this Website.

If any of your personal data is inaccurate you have a right to request rectification. We are very keen to ensure the data we hold is accurate and up to date. Before we are able to provide you with any information or correct any inaccuracies, we may ask you to verify your identity and to provide other details to help us identify you and respond to your request.

We strive for continuous improvement in our services, processes and protecting data subject rights. We will therefore update this privacy notice from time to time. Therefore, we advise you to check this notice on a regular basis, or if requested we will send it to you on a regular basis. We are also happy to provide previous versions of this Notice on request.

If you have any comments or questions regarding our Privacy Policy or if you have any concerns regarding your Privacy, you can contact our support team at ajuda@lanistar.com

All complaints or concerns and appropriate resolution relating to the practices of handling personal information will be logged. Any complaints of this nature should be made to Customer Services at: ajuda@lanistar.com. You also have the right to complain to the UK’s data protection supervisory authority, the Information Commissioner’s Office (ICO). The ICO can be contacted via its website which is https://ico.org.uk/concerns/.