🗂️ What personal data do we collect, why do we collect it, and what legal basis do we rely on?
Personal data is anything that can identify an individual, either on its own or through combining it with other factors that could eventually identify an individual.
When you apply to join Silverbird, we'll need some information about you, such as your name, email address, phone number, company name, country, payment data, universally unique identifier (UUID), ZIP/Postal code, device information, username/user ID and we rely on Article 6(1)(b) of the GDPR - Contractual Obligation for this processing.
We will also collect a dynamic selfie as well as information gathered during our KYC and AML checks and we rely on Article 6(1)(c) of the GDPR - Legal Obligation for this processing.
If you are a shareholder or a director, we will need additional information from you, such as your name, date of birth, company ownership percentage, home address, ID documents (passport details, ID card, residential permit, drivers licence), proof of this information and copies. We will rely on Article 6(1)(b) of the GDPR - Contractual Obligation and Article 6(1)(c) of the GDPR - Legal Obligation for this processing.
If you first contact us via our our website forms, we will collect your name, email, personal number, country of residence, country of registration.
We record all our sales and customer calls in order to comply with our contractual obligation with Currency Cloud, our banking partner and EMI licence provider. We will rely on Article 6(1)(f) of the GDPR - Legitimate Interest for this processing.
🗺️ Where do we store it?
During the sales process we will store your personal and contact details on our sales management system.
We will need to conduct Know-Your-Customer (KYC) and Anti-Money Laundering (AML) checks before we onboard you as a customer and these will be conducted by various systems in use by Silverbird. The results of these checks will be hosted on Theropod Admin Panel, our proprietary software.
We will also need to conduct money-laundering due diligence searches databases of Companies House info. The results of this data will be then migrated to Theropod Admin Pannel. We will also conduct Google searches about your company, including social media profiles, for due diligence purposes. We also have an alternative service, Openbankaccount.org, which we may refer you to in case there are additional due diligence checks required.
Once we have onboarded you as a customer, all personal data on our platform will be stored on Theropod Admin Panel. We are conducting a process internally to migrate all our data on our in-house servers and we will update this privacy notice once this has been completed. There are also, other systems and tools that we use to provide our service to you.
Once onboarded, we will need to share transaction data with banking interfaces, in order to manage your transactions.
We use banking partners, which provide our EMI licence. These will have access to your names and bank account details.
The forms on our website that you can use to contact us are created via an online form building software. The information collected is then migrated into our built-in CRM.
We also have data warehouses, primarily for document storage, which can access personal details, contact details and financial data.
We use knowledge-bases and task trackers to manage our services. We don’t aim to store personal data on these systems, but occasionally we may have a user ID or other identifier in one of our tasks documented in there.
We use different data processors and suppliers to manage our services. If you are currently a user of Silverbird and would like a complete list of where your data resides, please get in touch using the contact details below.
We aim to keep all personal data in the UK or EU, but some of our suppliers may have data centres outside of the EU, including the US. We will only transfer data outside of the UK/EEA pursuant to a specific legal basis and with additional safeguards required by data protection regulations. The additional safeguards we will use will be EU-adopted Standard Contractual Clauses (SCCs), complemented by the UK Addendum to the SCCs if the data is being sent from our UK entity.
Otherwise, we will only transfer personal data from the EU to third countries only if at least one of the following conditions is met:
• the transfer is necessary for the performance of a contract between Silverbird and yourself or to comply with pre-contractual measures taken at your request;
• the transfer is necessary for important reasons of public interest;
• the transfer is necessary for establishment, exercise or defence of legal claims;
⏲️ How long do we keep it for?
During the negotiations stages, we will only collect and retain your information for the duration of the process; if you are not onboarded as a customer, we will remove your information within 6 months.
Once you are a customer, we keep your personal information for 6 years after our contractual relationship has ended, in line with statutory retention periods for contractual claims.
We will keep your KYC and AML checks results for at least 5 years from the end of the relationship or last transaction, in line with the required statutory retention periods.