Last updated: March 2021
Reference in this policy to “Luno”, “we”, “us”, “our” or any similar term is to Luno Pte. Ltd., who is the data controller.
When we open and operate an account for you, provide you with our products and services, or communicate with you, we may collect your personal data. We do this in various ways, including:
Cookies are small data files that we or companies we work with may place on your computer or other devices when you visit our website. They allow us to remember your actions or preferences over time.
We use both session and persistent cookies. Session cookies are deleted when you close down your browser, while persistent cookies remain on your device until they expire or you delete them. Persistent cookies allow us to remember things about you when you visit our website again.
We may use authorised third-party providers to help us with various aspects of our business, such as website operations, services, applications, advertising, support tools and to serve you relevant content.
These service providers may place cookies on your device (third-party cookies) or make use of similar tracking technologies such as web beacons. No personally identifiable information is stored in third-party cookies. The information reported to us is aggregated and anonymous. We use this information to understand, for example, the effectiveness of our advertising and marketing. Web beacons are small graphic images (also known as “pixel tags” or “clear GIFs”) which may be used to collect and store information about visits to our website (such as which pages you viewed and how long you spent on the website) and communication efficiency (such as the email delivery and open rates). Where necessary, the information gathered by web beacons may be tied to your personal data strictly for the purposes set out herein.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
We use personal data for one or more of the following purposes:
Where necessary to protect our legal rights and interests, or the interests of others, we may also use personal data in relation to legal claims, compliance, audit, risk management, law enforcement processes and regulatory functions. We may also use personal data in connection with the acquisition, merger or sale of a business.
We share personal data with:
A special note for our Singapore customers:
When you send cryptocurrency to an individual or an entity at another Virtual Asset Service Provider (VASP), we are required to share some of your personal data with that VASP. This is required in order to comply with the “Travel Rule”, which forms part of Luno’s AML/CFT obligations in Singapore. The personal data which we share includes your full name and, depending on the size of the transaction, your identity number; your address; or your date and place of birth or incorporation. The counterparty VASP may use that personal data to screen and process the relevant transaction in terms of their own AML/CFT obligations.
We will otherwise treat your personal data as private and confidential and will not share it with other parties except:
Luno places great importance on ensuring the security of your personal data. We regularly review and implement up-to-date technical and organisational security measures when processing your personal data. Employees of Luno are trained to handle personal data securely and with the utmost respect, failing which they may be subject to disciplinary action.
The personal data we collect may be transferred to, stored and processed outside of the jurisdiction in which you reside, and the laws of those countries may differ from the laws applicable in your own country. For example, data collected in the European Economic Area (EEA) may be transferred to, stored and processed at a destination(s) outside of the EEA. Any processing of such data will be undertaken by our staff, or the staff of our third-party service providers, whose roles will include verifying your identity, processing payment details, and providing customer support.
Where indicated (for example in application forms or account opening forms), it is obligatory to provide your personal data to us to enable us to process your application for our products or services. Should you decline to provide such personal data, we may not be able to process your application/request or provide you with our products or services.
Most of the data Luno collects, and the ways in which we use it, are necessary for us to provide and improve the services we provide to you, or to comply with our obligations. In certain situations, we give you the ability to choose how we use your data.
Depending on the country in which you live, you may have certain rights under data protection law, including the right to object to the processing of your personal data or to request that we:
Please submit a support ticket if you would like to exercise any of the above rights. These rights are limited in some situations, such as where we are legally required to process your data, and may limit your ability to use our products and services.
We will notify you and the relevant supervisory authority as soon as we become aware of any data breach that is likely to result in a risk to your rights and freedoms.
We do not store your full credit and debit card data. This data is securely transferred and stored off-site by an authorised payment vendor in compliance with Payment Card Industry Data Security Standards (PCI DSS). This information is not accessible to Luno or Luno’s employees or any agent acting for or on behalf of Luno.