Launch Dealroom

Privacy Policy

Sors Digital Assets Limited

SORS  Privacy Notice

Sors Digital Assets Limited (“SORS”, “we”, “us”, “our”) takes its responsibilities under applicable data protection law, including the General Data Protection Regulation and implementing legislation (“Data Protection Law”) seriously.  The purpose of this notice is to inform individuals (“you”, “your”) of the data relating to you that we may collect and use and the uses (including disclosures to third parties) we may make of your data in connection with considering applications for our ‘virtual asset’ services, including the SORS virtual asset account, and the ongoing provision and administration of those services (the “Virtual Asset Account”).

SORS is the controller in respect of your data and is registered under registration number 649996 and has its registered office at Kilcrea, Ovens, Cork, P31DP26, Ireland.

If you have any questions about our use of your personal data, please contact us at contact@sorsdigitalassets.com

  • What information do we collect

We collect, have transferred to us and process the following categories and types of personal data relating to you during the course of our relationship with you (and afterwards as set out below).  

Personal data categoryDescription
Identification DataYour name, your home address, your date of birth; a copy of official photographic identification, including passport or identification cards; tax residency and tax ID information, your directorships of companies, and whether you are a politically exposed person.
Contact DataYour name, email address, phone number, home address, other similar details
Communication DataArising from your interactions with us (e.g. customer care queries or complaints), we will hold details of those interactions (e.g. email correspondence)
Virtual Asset Account DataAccount information, account numbers, account status, transaction history, transaction and payment details, bank account details, virtual asset details, other financial data
Marketing DataCommunication Data and Contact Data as well as any direct marketing preferences expressed by you
Website and App Usage DataStatistic and Usage Information on usage of our website(s) and apps, including information generated to fix bugs and technical errors
[Other general type of personal data][include details of relevant personal data here]

  • Legal bases

The personal data described above is used by us and by third party service providers acting on our behalf. The legal bases on which we collect, process and transfer your personal data for these purposes are:

  1. your consent (“Consent”);
  2. where such processing is necessary for the performance of your contract with us (“Contract”);
  3. where such processing is necessary to comply with our legal and regulatory obligations (“Legal Obligation”); and
  4. where such processing is necessary our legitimate interests (“Legitimate Interests”).  

Where we have listed legitimate interests as a legal basis for processing, we will not process your personal data for these purposes if our or the third party’s legitimate interests should be overridden by your own interests or fundamental rights and freedoms.

The condition on which we collect, process and transfer special categories of data relating to you, such as the fact that you are a politically exposed person, is that it is necessary for reasons of substantial public interest, on the basis of Union or Member State law.

  • Processing activities and associated legal bases

Generally, we use your personal data to provide you with our virtual asset and related services. We also need to use that personal data for other purposes, including to comply with relevant law.  We set out below further details on the general purposes for which we use your personal data, the categories of personal data relevant to those purposes and the related legal basis (or bases, if more than one applies) under Data Protection Law for processing such personal data.

PurposesCategories of personal dataLegal bases

Activating your Virtual Asset Account and administering it, including:

  • Creating a Virtual Asset Account for you

Identification Data 

Contact Data

Communication Data

Financial Data

Contract

Operating the Virtual Asset Account, including:

  • Completing Virtual Asset Account transactions
  • Collecting any service fees from you
  • Sending you relevant information about changes/updates to our services and other non-marketing information

Identification Data

Contact Data

Communication Data

Financial Data

Contract

Legal Obligation, including in accordance with the Criminal Justice (Money Laundering and Terrorist Financing) Acts 2010 to 2021

Fulfilling our legal and regulatory obligations, including with regard to 

  • Undertaking ‘know your customer’ (“KYC”), ‘anti-money laundering’ checks (“AML”) and fulfilling our counter-terrorist financing (“CTF”) and financial sanctions obligations
  • Administering an account as required by law

Identification Data

Contact Data

Communication Data

Financial Data

Legal Obligation, including in accordance with the Criminal Justice (Money Laundering and Terrorist Financing) Acts 2010 to 2021
Preventing, investigating or detecting theft, fraud or other criminal activity

Identification Data

Contact Data

Communication Data

Financial Data

Our Legitimate Interests in preventing, investigating or detecting theft, fraud or other criminal activity in relation to us or a relevant third party
Operating our website and appWebsite and App Usage DataOur Legitimate Interests in conducting our business in a responsible and commercially prudent manner and in providing you with effective electronic access to our website and app

Providing customer services to you, including:

  • Responding to your requests for customer care assistance and dealing with complaints and litigation
  • Keeping records of such interactions

Identification Data

Contact Data

Communication Data

Financial Data

Our Legitimate Interests in conducting our business in a responsible and commercially prudent manner

Management of our company and our services generally, including:

  • Internal operations concerning data analysis, testing, 
  • Risk monitoring and safeguarding our reputation and integrity;
  • Monitoring and improving products;
  • Business strategy, development and marketing
  • Ensuring the safety and security of our services and company systems
  • Establishing, exercising or defending our legal rights, property, or the safety of SORS, our customers

Identification Data

Financial Data

Our Legitimate Interests in conducting our business in a responsible and commercially prudent manner

Legal Obligation, including in accordance with the Companies Act 2014

Marketing purposes, including:

Sending marketing communications to you concerning our services and company

Marketing Data

Consent (where we rely on your express opt-in to marketing)

Our Legitimate Interests in conducting our business in a responsible and commercially prudent manner (where we rely on an opt-out as provided for under the ePrivacy Regulations 2011)

  • Sources of data

The personal data relating to you that we hold is generally collected directly from you (e.g. when you make an application for a Virtual Asset Account).  However, we also collect or obtain personal data relating to you from:

  • third party CTF and sanctions list providers
  • third party KYC (Know Your Customer) checks
  • Recipients of data

We may disclose any of your personal data detailed in section 1 above to third party recipients in connection with the above purposes, including:

    • to third parties who we engage to provide services or benefits to us or to you, such as professional advisers, auditors, insurers and outsourced IT and other service providers, including those that we use to verify your information against sanctions or denied party lists through a database;
  • to competent government, regulatory and law enforcement authorities and other similar bodies as requested or required by law (e.g. the Central Bank);
  • to third parties where we or substantially all of our assets are acquired by a third party;
  • Retention

Generally, we will retain your personal data for the duration of our relationship with you and for such a period of time after this relationship ends as is necessary to comply with our obligations under applicable law and, if relevant, to deal with any claim or dispute that might arise in connection with our relationship with you.  Further specific information on our retention practices in relation to the processing activities discussed above is provided below:

PurposesCategories of personal dataRetention time / criteria
Activating your Virtual Asset Account and administering it

Identification Data

Contact Data

Communication Data

5 years after account deletion or termination 
Operating the Virtual Asset Account

Identification Data

Contact Data

Communication Data

Financial Data

5 years after account deletion or termination 
Preventing, investigating or detecting theft, fraud or other criminal activity

Identification Data

Contact Data

Communication Data

Financial Data

5 years after account deletion or termination 
Operating our website and appWebsite and App Usage Data5 years after account deletion or termination 
Providing customer services to you

Identification Data

Contact Data

Communication Data

Financial Data

5 years after account deletion or termination 
Management of our company and our services generally

Identification Data

Financial Data

5 years after account deletion or termination 
Marketing purposesMarketing Data5 years after account deletion or termination 

  • Necessity of provision of certain information and consequences

There are certain pieces of information that are required so that we can comply with legal obligations that apply to us (e.g. you must provide us with Identification Data in order that we can conduct KYC, CTF and AML checks prior to opening any Virtual Asset Account).  If we do not receive this information, this will impact our ability to deal with you in compliance with our obligations and internal policies.

  • Automated decision making

We do not currently use any processing systems which make decisions and produce legal effects for you, or which may otherwise significantly affect you, based solely on automated processing of your personal data.

  • Transfers Abroad

We may transfer your personal data outside the European Economic Area, including to a jurisdiction which is not recognised by the European Commission as providing for an equivalent level of protection for personal data as is provided for in the European Union.

If and to the extent that we do so, we will ensure that appropriate measures are in place to comply with our obligations under applicable law governing such transfers, which may include entering into a contract governing the transfer which contains the ‘standard contractual clauses’ approved for this purpose by the European Commission or transferring your personal data pursuant to binding corporate rules. 

Further details of the measures that we have taken in this regard are available from contact@sorsdigitalassets.com

  • Your rights and how to update your information

You have the following rights, in certain circumstances and subject to certain restrictions, in relation to your personal data:

  • Right to access the data – You have the right to request a copy of the personal data that we hold about you, together with other information about our processing of that personal data. 
  • Right to rectification – You have the right to request that any inaccurate data that is held about you is corrected, or if we have incomplete information you may request that we update the information such that it is complete.
  • Right to erasure – You have the right to request us to delete personal data that we hold about you. This is sometimes referred to as the right to be forgotten.
  • Right to restriction of processing or to object to processing – You have the right to request that we no longer process your personal data for particular purposes, or to object to our processing of your personal data for particular purposes.
  • Right to data portability – You have the right to request us to provide you, or a third party, with a copy of your personal data in a structured, commonly used machine readable format.
  • Right to withdraw your consent – Where our processing of your personal data is based on you having provided your consent (e.g. your marketing preferences), you have the right to withdraw such consent. 

These rights are not absolute, and are subject to certain restrictions and exemptions.  For example, the right to erasure of personal data will not apply where we have a legitimate reason to continue to hold such data. 

In order to exercise any of the rights set out above, please contact contact@sorsdigitalassets.com

SORS is required to keep all data accurate and up to date.  To enable us to do this more easily, please ensure that you keep us up to date with any changes to your personal data.  

  • Complaints

If you are not happy with the way we have used your information or addressed your rights, you have the right to make a complaint to the Irish Data Protection Commission (https://forms.dataprotection.ie/contact ). 

  • Updates

We may amend this Privacy Notice from time to time. Any material changes we make to this Privacy Notice in the future will be posted to our website.  This Privacy Notice was last updated on 11 March 2022.