This Privacy Policy describes the policies and procedures of Liminal its relevant, group companies, affiliates, and subsidiaries as mentioned below (referred to as , “Liminal”, “Company”, “we”, “our” or “us” in this policy) regarding our collection, use and disclosure of your information in connection with your access and use of www.liminalcustody.com and all of its subdomains (individually referred to as “Site” and collectively referred to as “Sites”), our mobile application for iOS and Android (the “App”), and the other services, features, products, content or applications offered by Liminal (together with the Site and the App, the “Services” as defined in Terms and Conditions of Liminal). As used in this Privacy Policy, “Personal Data” means any information that can be used to identify a person individually. All defined terms not defined herein shall have the meaning ascribed to them in the Terms & Conditions, of which this Privacy Policy is a part.
1.1 This Privacy Policy covers the processing of Personal Data that we gather when you are accessing and using the Services. As used in this Privacy Policy, “processing” generally covers actions that can be performed in connection with data such as collection, use, storage and disclosure.
1.2 This Privacy Policy also covers our treatment of any Personal Data that our business partners and service providers share with us, or that we share with our business partners and service providers.
1.3 We collect and use your information to provide and improve our Services and your experience, protect the security and integrity of our platform, and meet our regulatory and legal obligations.
2.1 We collect Personal Data about you when you provide such information directly to us, when third parties such as our business partners or service providers provide us with Personal Data about you, or when Personal Data about you is automatically collected in connection with your use of our Services.
2.2 By providing the Personal Data of others to us, you represent that you have the authority to do so. We disclaim responsibility for the information of others that you provide to us in the course of your use of the Services.
We receive Personal Data directly from you when you provide us with such Personal Data, including without limitation the following:
3.1 Account information, including your full name, and email address.
3.2 Phone number, in case you opt for SMS notification and chat support via phone messaging applications.
3.3 Any Personal Data that you make available on or through the Services.
3.4 Any Personal Data you provide when you communicate with us or our customer service representatives (so please only provide what is necessary).
3.5 Any Personal Data you provide us when purchasing Products, including your: first name, last name, email address, and shipping address.
3.6 Information about the transactions made by using our Services, such as name of the sender, name of the recipient, amount, currency, payment method, date and/or timestamp.
3.7 When you sign up to use our Wallet Infrastructure or Custody Services, we collect your wallet address and its related information.
3.8 We also collect Corporate customer information as part of KYB and onboarding as part of regulatory compliance & internal policies.
Some Personal Data is automatically collected when you use our Services, such as the following:
4.1 IP address,
4.2 App, Web browser information,
4.3 Operating system information,
4.4 Pages you visit and links you click on for the Services only (not for marketing purposes), and
4.5 Event tracking or screen recording in our iOS or Android apps for session replay analytics, and
4.6 Certain Cookies (see below for more information) (collectively, “Usage Data”).
Some Personal Data is automatically collected when you use our Services, such as the following:
5.1 We obtain information about you from public databases, such as the United Nations Sanctions List, United Nations Security Council (UNCL), government agencies, the relevant Central Bank, EU, U.K. HM Treasury, U.S. OFAC and the local regulators, including your name, address, email address, phone number, gender, national ID number and nationality/country of residence, date of birth, job role, public employment profile, listing on any sanctions lists maintained by public authorities, and other data as necessary
5.2 We may analyze public blockchain data, including timestamps of transactions or events, transaction IDs, digital signatures, transaction amounts, and wallet addresses.
5.3 Information from our marketing and advertising partners: We receive information such as your name and contact information from our marketing partners, including in some instances what marketing content you viewed or the actions you take on our Sites
6.1 Browsing history outside of the Services, including the pages you visit when you exit the Services,
6.2 Publicly available information about your social media profiles, interests or preferences, or page view information,
6.3 Cookies for targeting and marketing purposes.
6.4 Please note that when you access or use the Services, we may use information from your web browser and your device’s settings and unique identifiers in order to reliably and accurately provide you with Services and information that apply to you.
7.1 The Services use “Cookies” as defined herein to enable our servers to recognize your web browser and tell us how and when you visit and use our Site and Services in order to operate our Services. Cookies are small files – usually consisting of letters and numbers – placed on your computer, tablet, phone, or similar device when you use that device to visit our Site.
7.2 We do not use Cookies to target you with advertising or promotions for our products and services.
We will not supplement the information we collect from you with information received from third parties.
7.3 We do not use similar technologies such as pixel tags, web beacons, clear GIFs, and JavaScript to track or identify you.
7.4 Cookies can either be “session Cookies” or “persistent Cookies”. Session Cookies are temporary Cookies that are stored on your device while you are visiting our Site or using our Services, whereas “persistent Cookies” are stored on your device for a period of time after you leave our Site or Services. The length of time a persistent Cookie stays on your device varies from Cookie to Cookie.
7.5 We use persistent Cookies to keep a more accurate account of how often you visit our Services, how often you return, and how your use of the Services may vary over time. We do not use persistent Cookies to measure the effectiveness of advertising efforts nor to collect information about your online activity after you leave our Services.
7.6 Your browser may offer you a “Do Not Track” or “DNT” option, which allows you to signal to operators of websites, web applications, and services that you do not wish such operators to track certain of your online activities over time and across different websites. Because we collect browsing and persistent identifier data, the Services do not support Do Not Track requests at this time, which means that we may collect information about your online activity while you are using the Services. We will not collect information about your online activity after you leave our properties.
7.7 We do not control third-party Cookies. Although some Cookies may have been placed by a third party on your device we do not collect or use such information.
8.1 Essential Cookies. Essential Cookies are required for providing you with features or services that you have requested. For example, certain Cookies enable you to log into secure areas of our Site or Services, maintain your preferences over time and recognise you when you return to our Services. Disabling these Cookies may make certain features and services unavailable.
10.1 We process Personal Data to deliver, personalize, operate, improve, create maintain, develop and understand our Services to provide you with a secure, smooth efficient and customized experience as you use them, for complying with the local regulations and anti fraud purposes. For example, we use Personal Data to:
10.2 Verify the identity and establish your Account
10.3 Process and fulfill your purchases of Products or Services
10.4 Protect against or deter fraudulent, illegal or harmful actions
10.5 Communicate with you about the Services, including sending you updates, offers, emails, newsletters and other information that we believe may be of interest to you.
10.6 Provide support and assistance for the Services
10.7 Identify trends and other statistical information that may be useful to our business
10.8 Comply with our legal or contractual obligations
10.9 Respond to user inquiries
10.10 Fulfill user requests
10.11 Resolve disputes
10.12 Enforce our Terms and Conditions (including, for clarity, this Privacy Policy)
We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity and our “legitimate interests” or the legitimate interests of others, as further described below.
10.13 Contractual Necessity: We process the following categories of Personal Data as a matter of “contractual necessity,” meaning that we need to process the data to perform under our Terms and Conditions with you, which enables us to provide you with the Services. When we process data due to contractual necessity, failure to provide such Personal Data will result in your inability to use some or all portions of the Services that require such data.
10.13.1 Account Information that you provide us.
10.13.2 Information that you provide us when purchasing Products or Services.
10.13.2 Information that you provide us when making a request or inquiry with our customer service representatives.
10.14 Compliance with Regulatory and Legal Obligations Our Services are subject to laws and regulations requiring us to collect, use, and store your personal information in certain ways. If you do not provide the personal information required by law, we will have to discontinue your account.
Why and how we use your information
(i) We may access, read, preserve, and disclose information when we believe it is reasonably necessary to comply with law, legal obligations, regulations, law enforcement, governmental, and other legal requests, court orders, or for disclosure to tax authorities.
(ii) Examples of laws that may require us to collect, use or disclose your information: Civil, commercial, criminal, or consumer protection matters: where we receive a court order to disclose information for court proceedings or regulatory inquiries (E.g. mandatory requests or orders under the FIU authorities in India, ADGM in Abu Dhabi, VARA in UAE and MAS in Singapore).
(iii )Corporate and taxation matters: obligations such as the Indian Companies Act 2013, Indian Income Tax Act, 1961, Federal Tax laws of UAE, and Tax laws laid down by the Ministry of Finance, Singapore.
(iv) Regulatory matters: to comply with our regulatory obligations, including engaging with our regulators, such as (but not limited to) the Monetary Authority of Singapore, Abu Dhabi Global Markets (ADGM), Virtual Asset Regulatory Authority (VARA) UAE, Financial Intelligence Unit – FIU India.
10.16 Consent: In some cases, we process Personal Data based on the consent you expressly grant to us at the time we collect such data. When we process Personal Data based on your consent, it will be expressly indicated to you at the point and time of collection.
10.17 Other Processing Grounds: From time to time we may also need to process Personal Data to comply with a legal obligation if it is necessary to protect the vital interests of you or other data subjects, or if it is necessary for a task carried out in the public interest.
10.15 Legitimate Interest: We process the following categories of Personal Data when we believe it furthers the legitimate interest of our business.
10.15.1 Account Information that you provide us.
10.15.2 Usage Data we collect in connection with your use of the Services.
10.15.3 Examples of these legitimate interests include Protection from fraud or security threats;
10.15.4 Operation, maintenance and improvement of our business, products and services
10.15.5 Provision of customer support
10.15.6 Compliance with legal obligations
10.15.7 Completion of corporate transactions.
11.1 We share limited Personal Data with vendors, third-party service providers, and agents who work on our behalf and provide us with services related to the purposes described in this Privacy Policy or our Terms and Conditions. We limit this based on the minimum information required for such vendors, third-party service providers, and agents to perform the required services. These parties include:
11.2 Identity verification processor
11.3 Block chain Analytics provider
11.4 Hosting service providers;
11.5 Email providers;
11.6 Payment processors;
11.7 Cloud communication service providers;
11.8 Shipping providers;
11.9 Contractors; and
11.10 Cryptocurrency exchange service providers
We also share Personal Data when we believe it is necessary to:
11.11 Comply with applicable law or respond to valid legal processes, including from law enforcement or other government agencies.
11.12 Protect us, our business or our users, for example, by enforcing our Terms and Conditions, preventing spam or other unwanted communications and investigating or protecting against fraud.
11.13 As part of the Services, you will receive from Liminal, email and other communications. You acknowledge and agree that by availing yourself of the Services, you allow us to send you email and other communication that we determine in our sole discretion relate to your use of the Services.
Last, we also share information with third parties when you give us your express consent to do so.
11.14 Furthermore, we will NOT buy or sell Personal Data to or from a third party under any circumstances, except solely in the event that we merge, acquire, or substantially all of our assets, were acquired, or if we go out of business or enter bankruptcy, in which case Personal Data would be one of the assets that are transferred to or acquired by us or the third party as the case maybe.
However, you should know that:
11.15 We would only choose to sell its business or assets to, or to be acquired by, an entity that we believe will take a customer-first approach to Personal Data as we do; and
11.16 Any entity acquiring our business or assets would have an obligation to use the Personal Data that comes with it strictly in accordance with this Privacy Policy. You acknowledge that such transfers may occur and that any acquirer of us or our assets may continue to use your Personal Data only as set forth in this policy.
12.1 We retain Personal Data about you for as long as you have an open Account with us or as otherwise necessary to provide you Services, or until you contact us to request deletion (see below). In some cases, we retain Personal Data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation. Regulatory obligations impose the data retention for a period of 8 years or as per applicable laws. Afterwards, we retain some information in a depersonalized or aggregated form but not in a way that would identify us personally.
13.1 We seek to protect Personal Data using appropriate technical and organizational measures based on the type of Personal Data and applicable processing activity. As a security-first company, we go to extreme measures to protect the security and privacy of our customers and our employees.
13.2 We keep Personal Data tracking at a minimum and only store that which we need to in order to deliver the Services.
13.3 We employ ‘least privilege principles’ when it comes to giving employees access to Personal Data – employees should only be able to access data if it is necessary for them to carry out the duties of their role. We also minimize the use of Third Party Services to only those required to deliver the Services.
13.4 For example, we do not use third-party Cookies, or any similar technologies such as pixel tags, web beacons, clear GIFs, and JavaScript although it negatively impacts our ability to track customer activity and trends.
13.5 Other examples of the steps we’ve taken to protect customer data and keep it from third parties include: We use end-to-end encrypted chat software to keep internal conversations completely protected
13.6 To prevent unauthorized access to your Account and Personal Data you should select and protect (and periodically update) your password appropriately and use a password manager to randomly generate your password. You should also limit access to your device and browser by signing off after you have finished accessing your Account.
13.7 We understand the importance of the security of the information we collect, but we cannot promise that our security measures will eliminate all security risks or avoid all security breaches. We cannot guarantee the security of any Account information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.