1.1 LocalRipple ("we") are committed to safeguarding the privacy of our data-subjects ("you" or "user); in this policy we explain how your personal data, meaning any information relating to you as an identified or identifiable natural person, that we may hold about you, is collected, used, stored, disclosed, and removed (each and all referred to as "processing").
1.2. We do not collect any personally identifiable information from children under the age of 16. If you believe that a child under the age 16 has provided us with personally identifiable information, please contact our customer support.
1.3. This Policy only applies to information we process. It does not apply to the practices of companies that we don't own or control, or employees that we don't manage. Information on our services' may contain links to third party websites, and any information you provide to those sites will be covered by any privacy policies they may have. Please be sure to read the privacy policies of any third-party sites you visit. It is those sites' responsibility to protect any information you give them, so we can't be held liable for their wrongful use of your personally identifying information.
1.4. We may update this policy from time to time and will notify you of changes to this policy affecting your rights by email and/or by posting on our website at LocalRipple.com.
2. Your Personal Data and How We Use It
- the general categories of data and types of personal data that we may process;
- the source of that personal data;
- the purposes for which we may process personal data; and
- the legal bases of the processing.
2.2. We may process your registration data ("registration data"). Registration data may include your username and email address. The source of the registration data is you. Registration data is required in order for you to be able to use the service. The legal bases for this processing are consent and the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract;
2.3. We may process your account data ("account data"). Account data may include your full name, email address, username, country and telephone number. The source of the account data is you. The account data may be processed for the purposes of providing our services, ensuring the security of our users and services, and communicating with you. Users may need to set their full name to their user profile before buying XRP online from some traders. Full name is only shown to XRP sellers with whom user has opened trades. Verifying the full name helps protecting users against fraudulent payments, increase user's trustworthiness, and provides an alternative way to access user's LocalRipple wallet in case the password is lost or the account is hacked. Phone number is used for notification purposes and is an alternative mechanism to identify users in case the password is lost or account gets hacked. The legal bases for this processing are consent; the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract; and our legitimate interests, namely the operation of our business model.
2.4. We may process your identity documents ("ID data"). Verifying account with an ID is not mandatory. ID may contain your full name, country, date of birth, social security number and gender. The purpose for ID data is to protect our users from fraud and helps us to prevent, detect and investigate fraud, money laundering, criminal activity or other misuse of our service. Moreover, by requiring all advertisers to ID verify will help us to provide a more trustworthy, safe and reliable trading experience for our customers. ID creates a strong assumption about the ownership of the account and thus ensures that we can return access to your account in case your account is hacked. Legal bases for this processing are consent and legitimate interests of ours and/or by third-parties, namely to prevent, detect and investigate fraud, criminal activity or other misuse of the services and to prevent security issues.
2.5. We may process data about your use of our website and services ("usage data"). Usage data is primarily non-personally-identifying information of the sort that web browsers, servers, and services like Google Analytics typically make available, such as the browser type, language preference, referring site, and the time of each visit. Other non-identifying information that we might have access to includes how you use the service (e.g. search queries), your approximate location, cookies set by our site, etc. Usage data may include: 1) Data that we collect mainly for behaviour statistics, business intelligence and email campaigns ("analytics data"). We gather website traffic data with the help of Google Analytics. We gather event based tracking data with the help of Mixpanel, and this data may also contain your email address, IP address and country code. 2) Data that we collect mainly for technical, security and/or fraud prevention reasons or for tracking errors ("technical data"). We gather data on website errors with the help of Sentry which may occasionally contain usage data. We also log certain events from your actions on our site. The legal basis for this processing is our legitimate interests of ours and/or by third-parties, namely to monitor service quality and improve our website and services as well as to prevent, detect and investigate fraud, criminal activity or other misuse of the services and to prevent security issues.
2.6. We may process data relating to your trades that you conduct through our website ("trade data"). The trade data may include trade ID, initiated trades, payment method, advertisement information, buyer username, seller username, trade value (in fiat), trade value (in XRP), XRP price, currency, timestamps of trade and trade chats as well as possible merchant invoice information and ATM trade data. The source of the trade data is you and your trading partner. The legal bases for this processing are consent; the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract and our legitimate interests, namely the operation of our business model.
2.7. We may process data relating to XRP transactions in and out of your XRP wallet ("XRP transaction data"). Information stored on received transactions may include timestamp, XRP amount, deposit address (unique) and transaction ID and other publicly available data from the XRP blockchain. Withdrawal transactions may include data such as timestamp, XRP amount, sent address, transaction ID, and description. The source of the trade data is you and/or your trading partner. The legal bases for this processing are consent; the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract and our legitimate interests, namely the operation of our business model.
2.8. We may process information contained in or relating to any communication that you send to us or what you generate through the use of our service ("communication data"). Communication data includes 1) all your messages, requests and other communication with our customer support which may happen during the dispute review process or via support tickets, emails, or by means of any other communication tool; and 2) all your communication and file attachments that you generate when conducting trades with other users ("trade chat messages") or other data that you generated mainly by communicating to other users. Communication data may include, email address, username, IP address, full name, audio and video files and in the case of manual ID verification: photo of the user's personal ID, photo of the user, and photo of the user's utility bill or related document. The communication data may be processed for the purposes of communicating with you, record-keeping, in order to review and resolve disputes, serve our customers better and improve our service. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business.
2.9. We may process information that you provide to us for the purpose of subscribing to our email notifications, SMS notifications and/or newsletters ("notification data"). The notification data may include your email address, phone number, username and full name. The notification data may be processed for the purposes of sending you the relevant notifications and/or newsletters. The legal basis for this processing is consent. You can unsubscribe at any point by contacting us or by clicking the unsubscribe link in the email.
2.10. In connection with the activities described above, we may conduct profiling based on your interactions with and content that you provide to our service, and/or information obtained from external services (described in Section 4). In limited cases, automated processes may restrict or suspend access to our service if such processes detect activity that we think poses a safety or other risk to our service, our users or third parties. We process this information given our legitimate interests in protecting our service and brand; preventing, detecting and investigating fraud, criminal activity or other misuse of the services; optimizing the products and services offered and/or complying with applicable laws.
2.11. We may process any of your personal data when necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or outside the court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
2.12. In addition to the specific purposes for which we may process your personal data set out in this Section 2, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
2.13. All the aforementioned general categories of data may contain data that by itself does not identify you and is therefore not deemed as personal data.
2.14. Please try to avoid supplying any unnecessary personal data to us.
3. Information You Choose to Display Publicly on Our Services
3.2. Please also remember that if you choose to provide personally identifiable information using certain public features of our services, individuals reading such information may use or disclose it to other individuals or entities without our control and without your knowledge, and search engines may index that information. We therefore urge you to think carefully about including any specific information you may deem private in content that you create or information that you submit through our Services.
4. Providing Your Personal Data to Others
- External services ("processors") that we use for processing personal data on behalf of us;
- Types of personal data that processors may process;
- The reason for using them.
4.2. For processing ID data, we use netverify service by Jumio Corporation ("Jumio"), a company located in the United States. ID may contain your full name, country, date of birth, social security number and gender.
4.3. For behaviour statistics, business intelligence and email campaigns we use the service by Mixpanel Inc ("Mixpanel"), a company located in the United States and for behaviour statistics and business intelligence also the service by Google LLC ("Google Analytics"), a company located in the United States. Data that we may provide to Mixpanel may include your email address, IP address and country code and that data is used by Mixpanel to generate information about your usage of our service. Data that we may provide to Google Analytics may include your IP address and that data is used by Google Analytics to generate information about your usage of our service. The reason for using them both is that their tracking methods differ considerably and we use them for those different purposes: Mixpanel is focused on event and behaviour tracking as well as for sending informational messages while Google Analytics is more focused on page views.
4.4. For tracking server errors, we use the service by Functional Software Inc ("Sentry"), a company located in the United States. Error messages are rare but they may include your IP address. Sentry is used for monitoring and fixing errors and crashes.
4.5. For processing notification data, we use the service by SendGrid Inc ("SendGrid"), a company located in the United States for delivering emails to users, and we may use the services by Nexmo Inc (located in the United States), Twilio Inc. (located in the United States) and TM4B Ltd. (located in the United Kingdom) for delivering SMS messages to users.
4.6. LocalRipple.com forum is a third-party application embedded to our site. It is a service operated by Muut Inc ("Muut"), a company located in the United States. Personal data that users may on rare occasions generate by using forum is thus processed by Muut.
4.7. In addition to the specific disclosures of personal data set out in this Section 4, we may also disclose your personal data 1) to our auditors, lawyers, accountants, consultants and other professional advisors insofar as it is reasonably necessary for the purposes of obtaining professional advice or managing legal disputes and risks; 2) where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests and/or the vital interests of a third-party.
5. International Transfers of Your Personal Data
6. Retaining and Deleting Personal Data
6.2. Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
6.3. Users may request the deletion of their account through our site.
6.4. We will retain and delete your personal data as follows:
- For all users who have deleted their account:
- Personally-identifiable analytics data is removed 14 days after account deletion.
- Notification data is not generally stored by our processors but they may retain activity logs for a short period of time (this time varies depending on the processor in question but is not greater than 13 months).
- For users who have not conducted or initiated any trades or XRP transactions to their wallet, we will delete all personal data 14 days after the approval of your account deletion request.
- For users who have conducted or initiated any trades or sent or
received any XRP transactions using their wallet and whose account
deletion request has been approved by us, our data deletion policy is
- Your public profile and advertisements will be hidden 14 days after you delete your account.
- Your communication data will be deleted 5 years after you delete your account. Trade chat messages are deleted 180 days after the trade is completed. Trade chat messages from disputed trades will be deleted 5 years after you delete your account.
- Your registration data, account data, ID data, trade data and technical data will be deleted 5 years after you delete your account.
- XRP transaction data from our internal systems will be removed 5 years after you delete your account, with the exception of publicly available information on the XRP blockchain.
6.5. In some cases it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the period we need to access the data for the provision of services, receiving payment, resolving your customer support issue or other issues or for any other auditing or legal reasons.
6.6. Notwithstanding the other provisions of this Section 6, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
7. Your Rights
7.2. Your principal rights under data protection law are:
(a) the right to access;
You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee. You can ask for your personal data by contacting our customer support.
(b) the right to rectification;
You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.
(c) the right to erasure;
You have the right to the erasure of your personal data. We have described our policy for retaining and deleting personal data above in Section 6.
(d) the right to object to processing;
You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
(e) the right to data portability;
To the extent that the legal basis for our processing of your personal data is consent, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
(f) the right to complain to a supervisory authority;
If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
(g) the right to withdraw consent.
To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
7.3. Without prejudice to the aforementioned, if we have reasonable doubts concerning the identity of a user exercising his/her rights referred to in Section 7.2 or if we otherwise due to security reasons deem it necessary, we may request the provision of additional information and otherwise use all reasonable measures necessary to confirm the identity of the user.
7.4. You may exercise any of your rights in relation to your personal data by contacting our customer support. Concerning "Right to erasure" users are also able to request the deletion of their account through our site.