Privacy Policy

How we collect, use, and protect your personal information

Last Updated: 10 December 2024

Quick Navigation

GDPR Compliant

Your Privacy Matters

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This Privacy Policy explains how we handle your personal data.

1. Introduction

This Privacy Policy describes how Payward Limited and Payward Services Limited (collectively, "Kraken," "we," "us," or "our") collect, use, share, and protect personal information when you use our cryptocurrency exchange platform and related services.

By using our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our services.

This Privacy Policy should be read alongside our:

2. Data Controller Information

The data controllers for your personal information are:

Payward Limited

Company Number: 08593670

FCA FRN: 928768

Address: 6th Floor, 1 London Wall, London, EC2Y 5EB, United Kingdom

Data Protection Contact: [email protected]

Payward Services Limited

Company Number: 12861311

FCA FRN: 1010381

Address: 6th Floor, One London Wall, London, EC2Y 5EB

Data Protection Contact: [email protected]

3. Information We Collect

3.1 Information You Provide

Identity Information

  • Full name and date of birth
  • Government-issued identification (passport, driving licence)
  • National Insurance number (where required)
  • Photographs and biometric data for verification

Contact Information

  • Email address and phone number
  • Residential address
  • Alternative contact details

Financial Information

  • Bank account details
  • Payment card information
  • Source of funds documentation
  • Employment and income information

3.2 Information We Collect Automatically

Technical Data

  • IP address and device identifiers
  • Browser type and version
  • Operating system
  • Time zone and location data

Usage Data

  • Pages visited and features used
  • Trading activity and transaction history
  • Login times and session duration
  • Interaction with our communications

3.3 Information from Third Parties

  • Identity verification services
  • Credit reference agencies
  • Fraud prevention databases
  • Sanctions and PEP screening services
  • Blockchain analytics providers

4. How We Use Your Information

We use your personal information for the following purposes:

👤

Account Management

  • Creating and managing your account
  • Verifying your identity
  • Processing account updates
💱

Transaction Processing

  • Executing trades and orders
  • Processing deposits and withdrawals
  • Maintaining transaction records
🛡️

Compliance & Security

  • AML and KYC verification
  • Fraud prevention and detection
  • Regulatory reporting
📧

Communications

  • Service-related notifications
  • Security alerts
  • Marketing (with consent)
📊

Service Improvement

  • Platform optimization
  • User experience research
  • Product development
⚖️

Legal Obligations

  • Responding to legal requests
  • Tax reporting
  • Dispute resolution

6. Data Sharing

We may share your personal information with:

6.1 Service Providers

  • Identity verification providers
  • Payment processors and banking partners
  • Cloud hosting and data storage providers
  • Customer support platforms
  • Security and fraud prevention services

6.2 Regulatory and Legal

  • Financial Conduct Authority (FCA)
  • HM Revenue & Customs (HMRC)
  • Law enforcement agencies (when legally required)
  • Courts and legal proceedings

6.3 Business Partners

  • Affiliated Kraken entities
  • Banking and liquidity partners
  • Professional advisors (legal, audit)

7. Data Retention

We retain your personal data for as long as necessary to:

  • Provide our services while your account is active
  • Comply with legal and regulatory obligations
  • Resolve disputes and enforce agreements
  • Maintain business records as required by law

Typical Retention Periods:

Account Data Duration of account + 7 years
Transaction Records 7 years from transaction date
Identity Verification 5-7 years after relationship ends
Marketing Preferences Until consent withdrawn

8. Data Security

We implement robust security measures to protect your personal data:

🔒 Encryption

All data transmitted is protected using TLS/SSL encryption. Sensitive data is encrypted at rest using AES-256.

🔐 Access Controls

Strict role-based access controls limit data access to authorized personnel only.

🛡️ Security Monitoring

24/7 security monitoring and intrusion detection systems protect against threats.

📋 Regular Audits

Independent security audits and penetration testing ensure ongoing protection.

👥 Staff Training

All employees receive regular data protection and security awareness training.

🚨 Incident Response

Comprehensive incident response procedures to quickly address any security events.

9. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

Right of Access

Request a copy of the personal data we hold about you.

Right to Rectification

Request correction of inaccurate or incomplete data.

Right to Erasure

Request deletion of your data in certain circumstances.

Right to Restrict Processing

Request limitation on how we use your data.

Right to Data Portability

Receive your data in a structured, machine-readable format.

Right to Object

Object to processing based on legitimate interests or for marketing.

Right to Withdraw Consent

Withdraw consent at any time where processing is based on consent.

Right to Complain

Lodge a complaint with the Information Commissioner's Office (ICO).

How to Exercise Your Rights

To exercise any of these rights, please contact us at:

We will respond to your request within one month. In complex cases, this may be extended by two additional months.

10. Cookies and Tracking

We use cookies and similar technologies to enhance your experience:

Essential Cookies

Required for basic platform functionality, security, and authentication.

Always Active

Performance Cookies

Help us understand how visitors use our platform to improve performance.

Optional

Functional Cookies

Remember your preferences and settings for a personalized experience.

Optional

Marketing Cookies

Used to deliver relevant advertisements and measure campaign effectiveness.

Optional

You can manage cookie preferences through your browser settings or our cookie consent tool.

11. International Data Transfers

Your personal data may be transferred to and processed in countries outside the United Kingdom, including the United States where our parent company is located.

When we transfer data internationally, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the UK ICO
  • Data protection agreements with recipients
  • Assessment of the legal framework in destination countries
  • Implementation of supplementary security measures where necessary

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business needs.

When we make material changes:

  • We will update the "Last Updated" date at the top of this policy
  • We will notify you via email or platform notification
  • We may request renewed consent where required

We encourage you to review this policy periodically.

13. Contact Us

Data Protection Officer

Email: [email protected]

General Privacy Inquiries

Email: [email protected]

Phone: +44 (0) 808 501 5031

Regulatory Supervisor

Information Commissioner's Office (ICO)

Website: ico.org.uk

Phone: 0303 123 1113

Privacy Policy Version: 2024.12.1

Effective Date: 10 December 2024