Show table of contents
Last Updated: December 5, 2022
The term "Personal Data" in this Policy refers to personally identifiable information the User provides when using the Website and/or the Services and/or the content and/or in any other contact with P2P, its affiliates and their shareholders, members, directors, officers, employees, any company authorized by it, and representatives, except for any anonymized Personal Data. The term "Affiliated Parties" in this Policy refers to P2P partners, affiliated companies and third parties.
PLEASE READ THIS POLICY BEFORE USING THE WEBSITE AND/OR THE SERVICES. IF YOU DO NOT AGREE WITH THIS POLICY AND TERMS, PLEASE DO NOT USE THE WEBSITE AND/OR THE SERVICES.
What Personal Data does P2P collect?
P2P collects and processes the following types of the User's Personal Data:
- Identification Data, such as the User’s name, date of birth or any other Identification Data provided by the User;
- Contact Data, such as the Users’ email address;
- Telephone number;
- Transaction Data such as the details about Users’ actions on or relating to the Website and/or the Services;
- Technical Data such as Users’ login data, internet protocol addresses, browser types and versions, operating systems and platforms and other technologies on the devices Users use to access the Website and/or the Services;
- Usage Data such as the information about how User uses the Website and/or the Services; and
- Marketing and communications Data such as the User’s preferences in receiving marketing communications from P2P and User’s communication preferences.
Correcting personal information
Users are required to review and update their personal information to ensure that the information provided to P2P is correct.
How and why does P2P use Users’ Personal Data?
Set out below is the description of the ways P2P intends to use its Users’ Personal Data and the legal grounds on which P2P will process such data. Where relevant, we also explain what our legitimate interests are.
The most common legal/lawful grounds for P2P processing of Users’ Personal Data are:
- Where P2P needs to enter into and/or perform a contract with User;
- Where it is necessary for our legitimate interests (or those of a third party), and the User's interests, provided, however, that these legitimate interests do not infringe on User’s fundamental rights;
- Where P2P needs to comply with a legal or regulatory obligation.
Type of data
Lawful Basis for Processing
To establish relationships with a new user
Identification Data Contact Data
Evaluation of the User’s application for a registration
To process the User’s activities on the Website and/or the Services (including the application assessment, data verification, management of payments, fees, and charges)
Identification Data Contact Data Transaction Data
Evaluation of the User’s application for a registration Performance of a contract with the User Application assessment and data verification
To manage P2P business relationship with the User, which will include: Notifying (in accordance with the provisions of the Terms and the Policy) the User about changes to the Terms or the Policy or any other legal documents (where appropriate) Asking the User to leave a review or take a survey To send the User product and company updates
Identification Data Contact Data Marketing and communications Data
Performance of a contract with the User Necessary to comply with a legal obligation, i.e. due to product liability, data protection legislation, or accounting legislation. Necessary for our legitimate interests to keep our records updated and/or to study how Users use the Website and/or the Services to make service better for users
To enable the User to participate in a prize draw or competition, or to complete a survey
Identification Data Contact Data Usage Data Marketing and communications Data
Performance of a contract with the User Necessary for our legitimate interests to study how Users use our the Website and/or the Services in order to develop them and expand our business Based on the User's consent
To administer and protect P2P business, the Website, the Services, intellectual property and any kind of licensed assets (including troubleshooting, testing, system maintenance, support, reporting and hosting of data)
Identification Data Contact Data Technical Data
Performance of a contract with the User
To use data analytics to improve or develop P2P business, the Website, the Services, intellectual property and any kind of licensed assets, marketing, User relationships and experiences
Technical Data Usage Data
Necessary for P2P legitimate interests to identify the types of Users for the purposes of fine-tuning P2P experience and the Services, to keep the Website updated and relevant, to develop its business, and to inform its marketing strategy
To make suggestions and recommendations to the User about different P2P services that may be of interest to the User
Identification Data Contact Data Technical Data Usage Data Marketing and communications Data
Necessary for P2P legitimate interests to develop its services and expand its business so as to make service better for users
The Users’ history
For security and operations purposes P2P may at its sole discretion maintain records of the User's activity on the Website, including, the Website browsing history, records of the User’s transactions, and other information related to the User’s activity on the Website.
The User will receive marketing communications from P2P if the User has:
- Requested information from P2P or obtained access to the Website and/or the Services; or
- If the User provided P2P with its details and checked the box when entering their details for P2P to send the User marketing communications, e.g. when the User obtained access to the Website and/or the Services, or when the User signed up for a subscription (if any); and
- In each case, the User has not opted out of receiving P2P marketing communications.
Where the User opts-out of receiving our marketing communications, this will not affect Personal Data provided to P2P in the course of accessing or using the Website and/or the Services or any other experience referring to and/or applying to the Website and/or the Services.
Change of purpose
P2P will only use the User’s Personal Data for the purposes for which P2P collected it, unless P2P reasonably believes that P2P needs to use it for some other reason and that reason is consistent with the original purpose. If you wish to find out more about how the processing for the new purpose is consistent with the original purpose, please do not hesitate to email us for details. If P2P needs to use the User’s Personal Data for a purpose unrelated to the purpose for which P2P collected such data, P2P will notify the User and explain the legal grounds for processing. P2P may process the User’s Personal Data without the User’s knowledge or consent where this is required or permitted by law.
Cookies and logs
- IP address;
- Device information, including device name and ID, hardware model, operating system and version, and mobile network information;
- Browser information;
- Cookie information;
- Date/time of access;
- Requested page(s); and
- Referring page(s).
|Cookie name||Purpose||Setter||On what legal basis do we use this cookie?|
|_gid||Tracking User actions in Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visited in an anonymous form.||Google Analytics||These Cookies are so called «first part cookies», it means that these cookies are directly stored by the website (or domain) you visit.|
|_ga||Tracking User actions in Google Analytics. Used to distinguish users.||Google Analytics||These Cookies are so called «first part cookies», it means that these cookies are directly stored by the website (or domain) you visit.|
|_ga_<container_id> (e.g. _ga_KGHZN80HE4)||Tracking User actions in Google Analytics. Used to persist session state.||Google Analytics||These Cookies are so called «first part cookies», it means that these cookies are directly stored by the website (or domain) you visit.|
|amp_<counter_id> (e.g. amp_5d8460)||Tracking User actions in Amplitude Analytics.||Amplitude|
|intercom-id-<app_id> (e.g. intercom-id-qq4obs3e)||Tracking User conversations in Intercom. used to distinguish users.||Intercom||We use these cookies for providing you better service if you explicitly request to use our chatbot|
|intercom-session-<app_id> (e.g. intercom-session-qq4obs3e)||Tracking User conversations in Intercom. used to distinguish User’s browser sessions.||Intercom||We use these cookies for providing you better service if you explicitly request to use our chatbot|
Depending on the User’s interaction with the Website and/or the Services, P2P may use (or have others use on our behalf) pixels, SDKs and other storage technologies, which operate similar to cookies, to collect or receive information from P2P, the Website and/or the Services and apps to provide metrics services and target ads. In this case we implement the same rules as we implement to Cookies.
Information from other sources
As part of P2P due diligence process, where it is required by applicable laws, P2P may transmit and receive personal information about the User for the purposes of assessing the User fitness to use the Website and/or the Services and to prevent fraud and identity theft.
Users’ rights on the collection, use and distribution of Personal Data
P2P allows Users to monitor the way in which P2P uses their personal information obtained by P2P. All promotional materials P2@ sends to Users (e.g. "newsletters" or "information bulletins") contain internal mechanisms that allow Users to block future mailings (Opt-out, or "unsubscribe").
Right to access, rectify, modify, erase and object
Users have the right to request access, rectification, or erasure of their data that P2P has collected. Personal Data that was used or is being used for performance of a contract with the User, for data verification purposes cannot be erased upon User’s demand, and it will be handled in accordance with the governing laws. The User also has the right to object or restrict, for legitimate purposes, the processing of the User’s Personal Data, as well as the right to data portability. If the User chooses to restrict P2P access to Personal Data, P2P may be unable to provide certain Services to the User. The User may also withdraw its consent to receive marketing communications and/or share their Personal Data with P2P. Users who wish to deactivate their account may do so in accordance with the Terms. Removed information may survive in backup copies for a reasonable period of time but will not be generally available to P2P and/or other third parties via the Website and/or the Services. The removal of the information and/or Personal Data that was used or is being used for performance of a contract with the User, for data verification purposes cannot be accomplished upon the User’s demand, and such Personal Data will be handled in accordance with the governing law.
Removed information is retained for P2P internal statistic purposes along with the User's history of actions and requests relating to the Website and/or the Services. The User will not have to pay a fee to access their Personal Data (or to exercise any of the other rights relating to its Personal Data on the Website and/or the Services). However, P2P may charge a reasonable fee if the User’s request is clearly unfounded, repetitive, or excessive. Alternatively, P2P may refuse to comply with the User’s request in such circumstances. P2P may need to request specific information from the User to help P2P confirm the User’s identity and ensure their right to access their Personal Data (or to exercise any of the User’s other rights). This is a security measure to ensure that Personal Data is not disclosed to any unauthorized person. P2P may also contact the User to ask the User for further information in relation to the User’s request to speed up the response. P2P will try to respond to all legitimate requests within three month. Occasionally it may take longer if the User’s request is particularly complex or the User has made a number of requests. In this case, P2P will notify the User and keep the User updated. If you wish to exercise any of the rights set out above, please email us.
P2P will only retain the User’s Personal Data for as long as necessary to fulfil the purposes P2P collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate Personal Data retention period, P2P considers the volume, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of the User’s Personal Data, the purposes for which P2P processes the User’s Personal Data, whether these purposes could be achieved through any other means, and the applicable legal requirements. By law, for accounting and tax purposes P2P has to keep basic information about our Users (including contact, identity, and transaction data) for seven (07) years after they cease being Users. In some circumstances P2P may anonymize the User’s Personal Data (so that it can no longer be associated with the User) for research or statistical purposes, in which case P2P may use this information indefinitely without further notice to User.
Sharing and disclosure of Personal Data
Sharing and disclosure of Personal Data. P2P does not sell its Users’ data to any third party for marketing purposes. Generally, P2P will not share Users’ Personal Data with third parties without its Users’ permission. However, since in provision of its Services P2P collaborates with various partners, affiliated companies, and third parties, P2P may have to share Users’ Personal Data with them. P2P may also disclose or share Users’ data with:
- Service providers who provide IT and system administration services, data sourcing or verification services;
- Subsidiaries or other group companies;
- Affiliated parties;
- Professional advisers, including lawyers, bankers, auditors, and insurers who provide consulting, banking, legal, insurance, and accounting services; and
P2P works with trusted partners who perform certain key operational functions for it. The partners P2P works with include website hosting, marketing and transactional communications, customer service, product analysis, business intelligence, and electronic payment and signature providers. P2P may work with other service providers or third parties to undertake other functions. User information may be shared with these partners in order to maintain and develop the Website and/or provide Services. When P2P shares its Users' personal information with vendors and service providers who perform functions on P2P behalf, P2P mandates such parties to maintain the security and confidentiality of its Users' information, as well as limit the use of the information to what's reasonable and necessary to carry out their collaboration with P2P, and in doing so, to comply with all applicable laws and regulations
P2P may share its Users' personal information with third-party marketers who provide advertising services on P2P behalf. In order to deliver offers and advertisements that may be of interest to the User, P2P displays targeted advertisements and P2P content on the Services and on other digital properties or applications, and such targeted advertisements and content are based on the information provided to P2P by its Users and the information sourced by P2P from third parties who have independently collected such information. These advertisers collect and use the information gathered through cookies and other technology, including personal information about User and their devices, in order to provide advertisements about goods and/or services (including our own) that may be of interest to the User. These companies typically use tracking technologies to collect this information, and their use of such technologies is subject to their own terms and privacy practices.
Legally mandated disclosures
P2P may disclose its Users’ Personal Data if required to do so by law or if P2P believes that such actions are necessary to:
- Conform to the law, comply with a judicial or court order, or comply with the legal process served on P2P or its Affiliated parties;
- Protect and defend P2P rights and property, the services, the users of the services, and/or our Affiliated parties;
- Act under the circumstances to protect the safety and security of the Users of the Website and/or the Services.
International data transfers
Users’ Personal Data is collected and processed in accordance with the applicable privacy laws and the EU General Data Protection Regulation. P2P may share, store, process or attempt to process all Users’ data worldwide. When Personal Data is shared or transferred, P2P will ensure that the transfer will be subject to appropriate safeguards in accordance with applicable data protection legislation and corresponding level of protection.
P2P has taken steps to ensure that the Personal Data collected by P2P is secure. P2P has also taken a range of technical and organizational measures to protect the confidentiality, security, and integrity of the Personal Data collected from Users, including protecting Users’ data from unauthorized access, loss, change, or deletion. Personal Data is stored in secure operating environments that are not available to the public and that are only accessible to authorized employees, consultants and/or service providers. P2P also has security measures in place to protect the loss, misuse, and alteration of the information under our control. Such actions include but are not limited to, physical controls, encryption, eligibility restrictions, policies, etc. P2P has put in place procedures to deal with any suspected Personal Data breach and will notify Users and any applicable regulator of a breach where P2P is legally required to do so.
Privacy of minors
The Website is not meant to be used by anyone under the age of 18. P2P does not knowingly collect Personal Data, such as name and email address, from children under 18 years old, unless expressly permitted by their parent or guardian. P2P believes it is important to safeguard the privacy of children and encourages parents to regularly take an interest in their children’s online activities.
Any dispute, controversy, or claim arising out of or in connection with this Policy, or the breach, termination or invalidity thereof, shall be governed by the laws and venue as stated in the Terms.
Changes of Policy
This Policy may be subject to change from time to time. If substantial changes are made to the Policy, P2P will notify the User of these material changes by posting them on the Website. Users are encouraged to check back and review this Policy from time to time so that they will always are informed of what information is being collected, how it is used, and to whom it is being disclosed. The User’s continued use of the Website and/or the Services, the User content and/or intellectual property subject to this Policy will signify the User’s acceptance of the Policy changes.
If you have any questions about this Policy, please contact P2P at [email protected]