Personal information we collect
Personal Information is any information or data relating to you, that can be used to identify you, directly or indirectly, or to contact you. In performance of the Services we collect Personal Information about you via multiple methods. These methods include, but are not limited to:
- Information you provide to us that we request from you, including but not limited to; name, address, date of birth, proof of identity (government photo identification), email address, financial account (bank) information, and other information we may request as we deem necessary to comply with various anti-money laundering obligations.
- Information that we collect about you automatically, including but not limited to; location information (geography), browser information, operating system, log information, device information, page interaction information (such as scrolling, clicks, and mouse overs), account and transaction information (information automatically generated by your account activity, including funding, withdrawals, orders, trades, external wallet addresses, and account balances), correspondence (customer support requests, feedback or suggestions you provide).
- Information we collect about you from other sources, including but not limited to; information from public databases, credit bureaus, identity verification partners, banks, advertising networks, analytics providers, social media platforms, and any other information you authorize to access or collect from a third party.
Personal Information you provide during Account creation or registration may be retained by us, even if your registration or Account creation is abandoned or incomplete. We will not sell any Personal Information to any third party.
Certain information, including but not limited to transaction information and wallet address information of Digital Assets may be recorded on a public blockchain. Public blockchains are decentralized distributed ledgers that are intended to immutably record transactions. Many public blockchains are open to forensic analysis which could reveal private financial information. These Digital Asset public blockchains are decentralized, and not controlled by LVL. We are not able to erase, modify, or alter any Personal Information which may appear on these public blockchains.
How we use personal information
We may use your Personal Information for various purposes, and may use your Personal Information for more than one purpose. These purposes may include, but are not limited to:
- Providing our contractual obligations to you in performance of the Services.
- Processing applications for LVL Accounts and Services
- Adhering to our legal and regulatory compliance obligations, including Anti-Money Laundering and Know Your Customer obligations
- Conducting anti-fraud, sanctions screening, or other screening procedures
- Verifying your identity and eligibility to use the Services
- Preventing and investigating violations of our User Agreement or other policies.
- Providing you with information about the Services, including new functionality, features or services we feel may interest you
- Providing you with updates, security alerts, technical notices, or changes to our Services or changes to our terms and policies
- Providing customer service, troubleshoot problems, and dispute resolution
- Personalizing the Services to match user accounts
- Facilitating contests, promotions, sweepstakes, and to deliver rewards from such activities
- Monitoring and measuring activities and trends in the usage of the Services
- Performing any other purpose described to you at the time the information was collected
If you choose to limit our use of your Personal Information, certain features or Services may not be available to you.
Sharing of personal information
We may share or disclose your Personal Information with selected third parties or service providers who perform services on our behalf (the “Affiliates”). Such disclosure or sharing with Affiliates may be done for the following purposes or reasons:
- Identity verification, fraud prevention, sanctions screening, and anti-money laundering activities in order to comply with our legal obligations
- To verify financial information you have provided
- Bill collection, marketing, and technology services.
- Payment processing or debt recovery
- If we are compelled to do so by a subpoena, court order, or other legal procedure, or when we have reasonable, good faith belief that such disclosure is necessary to prevent physical harm
- To report suspected illegal activity or violations of our User Agreement
- Performing transactions on the LVL Exchange, to the extent that such Personal Information is required to complete the transaction
- In connection with a proposed or actual sale, merger, transfer, or exchange of all or a portion of LVL’s assets to another entity.
We may also share or display aggregated or anonymized information which cannot be reasonably be used to identify you.
How we protect personal information
We take reasonable measures, including appropriate physical, technical, and administrative practices to protect your information. Measures we take include, but are not limited to, SSL encryption, two factor authentication, and periodic review of our Personal Information collection, storage, and processing practices. We use reasonable measures designed to limit access to your Personal Information only to the persons, employees, or Affiliates who have a need to access such information.
However, as an online electronic system, we cannot guarantee that there will be no loss, misuse, unauthorized access or acquisition, or alteration of your Personal Information. We cannot ensure the security or confidentiality of any information that you transmit or receive from us by internet or wireless connection, as we do not control the methods of transmission. If you believe that any of your Personal Information has been compromised, please contact us immediately.
Where your information is stored and processed
LVL is based in the United States, and your Personal Information may be processed in the United States. Our operations are supported by a network of computers, servers, information technology, and other infrastructure that includes, but is not limited to third party service providers. While LVL is based in the United States, we and our third party service providers may store and process your Personal Information in locations around the world, including but not limited to the United States and the European Union. You consent to processing and transfer of information in and to the United States, and to other countries, where you may not have the same rights.
In connection with providing the Services, it may be necessary for us to transfer your Personal Information to third parties that are outside the European Economic Area (“EEA”). If your Personal Information is subject to such transfer, we shall take reasonable measures, including appropriate physical, technical, and administrative practices to protect your information, and will have appropriate contractual protections in place with any third parties. By using our Services, you consent to your Personal Information being transferred to other countries, even if those countries have different data protection rules than your country.
LVL is based in the United States, and as such, we and our third party affiliates may be subject to various legal compliance and reporting obligations that require us to retain your Personal Information beyond the closure of your Level Account.
Privacy of minor children
We do not knowingly request or collect Personal Information from any person under the age of 18 (a “Minor”). Use of LVL Services by a Minor is expressly prohibited by our User Agreement. If we learn that we have inadvertently collected the Personal Information of a Minor, we shall immediately take steps to delete the information as soon as possible.
How to contact us – access or change your personal information
In addition, the above referenced contact information can be used to communicate your preferences to us, and for the following types of requests; (a) subject access – to request a copy of the information we have collected, (b) correct inaccuracies, (c) removal of information (i.e. be forgotten) (Please note, LVL must retain certain Personal Information for a minimum of 5 years or as necessary to comply with our legal, regulatory, or compliance obligations), (d) removal from marketing, (e) change to processing of information, (f) data portability requests, (g) withdraw consent.
Where we have the obligation to do so, we have appointed a Data Protection Officer (DPO) to be responsible for LVL’s privacy program for the respective data controllers. Our DPO can be contacted via email at firstname.lastname@example.org. If you feel that we have not addressed your questions or concerns, you may contact the data controller of your jurisdiction.
For United States Residents:
The Federal Trade Commission, 600 Pennsylvania Avenue, NW Washington, DC 20580
11 February 2019