In this regard, the Controller guarantees the compliance with current regulations regarding personal data protection, reflected in Organic Law 3/2018, Protection of Personal Data (LOPD) and in the General Data Protection Regulation (GDPR)
Data Controller identification
Invictus Ventures Ltd
Company registration number: 7354860
27 Old Gloucester Street
Email address: firstname.lastname@example.org
Personal data: Collection and purpose
It is not necessary for the USER to provide any personal information whist browsing on www.invictusventures.co.uk . The cases in which the USER provide their personal data are the following:
- By contacting through the contact forms
- By registering in a subscription form or a newsletter that the Controller manages via MailChimp or other means.
When the USER connects to the website to send an email to the Controller they subscribe to their newsletter or make a contract for the service (s), they are providing personal information for which the Controller is responsible. This information may include personal data such as their IP address, first and last name, physical address, email address, telephone number, and other information. By using Invictus Ventures´s website or by providing us with personal data, the USER accepts the practices described in this Privacy Notice. If the USER does not agree to this Privacy Notice, we recommend do not use the site managed by Invictus Ventures Ltd or provide us with any personal data.
Data collection and how it is collected
-Data via our “Contact us” form, such as full name, phone number and email address
-Information/ documentation provided during the onboarding process for our online payments tool for small& medium businesses (InvictusPay SMB)
-Data necessary to process a transaction with the different payment solutions. As an example, in case of card transactions some of the data collected are cardholder full name, card number, CVV (Card verification value), username, password, country, etc.
Where we store the data
We collect, store and process your information on servers located in Republic of Ireland
Data Cross border transfer: Invictus Ventures Ltd is committed to adequately protecting the USER´s information regardless of where the data resides and to providing appropriate protection for their information where such data is transferred outside of the EEA. If that is the case, we will request the express consent of the interested party.
Invictus Ventures Ltd will only retain the USER´s personal data for as long as it is necessary for the stated purpose, taking into account also our need to answer queries or resolve problems, provide improved and new services, and comply with legal requirements under applicable laws. This means that we may retain the USER´s personal data for a reasonable period after their last interaction with us. When the personal data that we collect is no longer required in this way, we destroy or delete it in a secure manner.
The data retention will vary depending on what data we hold, why we hold it and what we´re obliged to do by the applicable law. For instance, website data capture will be retained until the browsing session ends, except where the data is collected for marketing or analytical purposes. In those cases, data will be kept for 1 year after collection.
Children personal data
Invictus Ventures Ltd does not knowingly solicit or collect personal data from children below the age of 14. However, Invictus Ventures Ltd may collect personal data about children below the age of 14 years from the parent or custodian directly and therefore with their explicit consent
Invictus Ventures Ltd may provide personal data to its affiliates or related companies when an express consent from the owner of the personal data has been granted.
Invictus Ventures Ltd works with third party-providers that allow us to be an easier, faster and safer way to make payments. These third parties may access or process the USER personal data in the course of providing these services. Invictus Ventures Ltd requires such third parties, that may be located outside the country the USER accesses from, to comply with all the relevant data protection laws and security requirements in relation to your personal data, usually via a written agreement.
In order to keep your personal data secure, Invictus Ventures Ltd comply with Payment Card Industry data Security Standards (PCI DSS), having achieved the Level-1 certificate. In this regard, the company has implemented a number of security measures, including:
Secure operating environments – Invictus Ventures Ltd stores the USER´s data in secure operating environments and only accessible to Invictus Ventures’ employees, agents and contractors on a need-to-know basis. Encryption for payment information – Invictus Ventures Ltd uses industry-standard encryption to provide protection for sensitive financial information, such as credit card information sent over the Internet.
The Controller informs the USER about their rights regarding their access to their personal data:
- Request access to stored data
- Request a rectification or cancellation
- Request the limitation of their treatment
- Oppose the treatment
- Request the portability of their data
The exercise of these rights is personal and therefore must be exercised directly by the interested party, requesting it directly from the Controller, which means that any USER who has provided their data at any time can contact the Controller and request information on the stored data and how it has been obtained , request any rectification if applicable, request the portability of the personal data, oppose to the processing, limit its use or request the cancellation of that data in the Controller’s files.
To exercise the rights of access, rectification, cancellation, portability and opposition the USER must send an email to our Data Protection Officer ( DPO) via email@example.com along with a proof of identity, such as copy of the USER´s valid national ID card or passport.
The USER has the right to effective judicial protection and to file a claim with the relevant Data Protection Authority (DPA), in this case, the UK Agency for Data Protection (ICO), if they consider that the processing of personal data that concerns them infringe the Regulation.