Skip to Content
Take back control of your data

Payment and ID without sharing personal data

image descriptionNuggets.life App Privacy Policy

"Nuggets", "we", "our" or "us" refers to Nuggets Ltd, a company incorporated in England and Wales under number 10411419 and having its registered office at 12-18, Hoxton Street, London N1 6NG. Nuggets is registered with the Information Commissioner’s Office as a data controller with registration number ZA262442. Nuggets can also be contacted by email: privacy@nuggets.life

This App Privacy Policy applies to the use of our App, in addition to the terms and conditions set out in our Mobile Application End-User Licence (“Licence”). This App Privacy Policy does not apply to the use of our website where personal data is collected and handled differently and which is subject to a different privacy policy https://nuggets.life/privacy-policy.html (“Web Privacy and Cookies Policy”)

Our App works on a no knowledge basis. At its core is privacy by design. The result of this is that whilst “personal data”, as defined in law, may be supplied in the registration process and during the operation of the App as you carry out transactions, neither we nor anyone else can access your personal data because neither we nor anyone else has access to either your private key or your mnemonic. The public key is available, and all transactions are recorded using blockchain technology, in a publicly available, distributed ledger. Nuggets is required to make certain statements about data processing but they are not easily applicable to the security factors of our no knowledge and privacy by design ethos.

This App Privacy Policy sets out how we will treat any personal data we obtain from you when you download and use our App and it is intended to help you understand how we deal with it and your queries. By providing your albeit limited personal data to us, you understand that we may collect, process and use the personal data you provide in the ways described in this App Privacy Policy.

Please note that we may need to change this App Privacy Policy from time to time. We will send a push notification (as detailed below) when any changes are made.

Nuggets is the data controller of all “personal data” meaning any information relating to an identified or identifiable natural person, as defined in Article 4 of the General Data Protection Regulation (Regulation EU 2016/679) (GDPR) provided to us by “data subjects” (an identified or identifiable natural person) through or in connection with the use of our mobile application (“App”).

1. Personal Data

1.1 We categorise personal data as follows:

1.1.1 Identity Data includes first name, last name, digital identity or similar identifier, Photo ID, and biometric data;

1.1.2 Contact Data includes push notification ID;

1.1.3 Technical Data includes the device and operating system you use to access our App;

1.1.4 Profile Data includes your private keys, PIN’s and mnemonics; and

1.1.5 Usage Data includes information about how you use our App and services from transactions ordered by you through the App and whether they are successfully concluded or not and Nuggets Tokens allocated to you through the App.

2. Legal bases for the processing of personal data

2.1 Generally we do not rely on consent as a legal basis for processing your personal data. We will not send you direct marketing communications.

2.2 We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the list below.

a) To register you as a new user (including processing your Photo ID to check whether it is valid or not and then retain only the positive or negative result from that check and not the Photo ID itself)

  • We will use Identity and Contact personal data
  • This is to effect the performance of a contract with you

b) To send push notifications of our App updates, and issues relating to Service and downtime (in order to try to provide more information to users beyond posting an error code)

  • We will use Identity and Contact personal data
  • This is
    • To effect the performance of a contract with you;
    • necessary to comply with a legal obligation; and
    • necessary for our legitimate business interests (in order to manage our users’ expectations in relation to updates and service availability)

c) To manage our relationship with you which will include sending push notifications when we make changes to our Licence or App Privacy Policy so end users are aware that changes have been made

  • We will use Identity and Contact personal data
  • This is
    • to effect the performance of a contract with you; and
    • necessary to comply with a legal obligation.

d) To generate within the App, on the user’s device, a private key

  • We will use Profile and Usage personal data
  • This is
    • to effect the performance of a contract with you; and
    • necessary to comply with a legal obligation.

e) To manage the data storage aspects of the Nuggets solution which will initially be hosted in a private / consortium / sidechain / channel alongside the public chain. Nodes can be held by independents in the Nuggets ecosystem. Each node will hold a copy of the data, but that data will only be accessible by the user with both the secure key and the private key

  • We will use all categories of personal data listed in clause 1 above
  • This is
    • to effect the performance of a contract with you; and
    • Necessary for our legitimate interests (in order to avoid placing an undue load on the existing Ethereum network in the initial stages of our business development).

f) We will use digital identity to allow us to allocate Nuggets Tokens to be placed on the users’ dashboards within the App

  • We will use Identity and Usage personal data
  • This is to effect the performance of a contract with you.

g) To administer and protect our business and our App (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

  • We will use Identity and Contact and Technical personal data
  • This is
    • necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise);
    • necessary to comply with a legal obligation; and

h) To use data analysis to improve our App, products/services, customer relationships and experiences

  • We will use Technical and Usage personal data
  • This is necessary for our legitimate interests (to define types of customers for our products and services, to keep our App updated and relevant, to develop our business and to inform our marketing strategy)

i) Where we are required to share personal data to protect against fraud, or with a regulatory authority or by operation of law

  • We will use all categories of personal data listed in clause 1 above
  • This is necessary to comply with a legal obligation

j) To obtain professional advice from our third party professional advisers, providing always that they are under an obligation of confidence in relation to that personal data
  • We will use all categories of personal data listed in clause 1 above
  • Necessary for our legitimate interests (in order to take professional advice in relation to the operation of our business)

k) To share and/or transfer personal data within our business in order to allow for smooth operation of the App and Service and to facilitate business operations within our own company and group of companies, or on a sale or change of control of our business
  • We will use all categories of personal data listed in clause 1 above
  • Necessary for our legitimate interests (in order for our personnel to operate the business and to allow for the development of a group corporate structure within our business or to execute a sale or change of control of our business)
3. Information Collection

3.1 Ways in which you may provide us with personal data via our App include, for example,

3.1.1 downloading our App to your device;

3.1.2 registering on our App; and

3.1.3 carrying out transactions via our App.

3.2 It is your choice to provide us with personal data. Where we need to collect personal data under the terms of our contract with you and you choose not to provide the relevant personal data, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.

3.3 The information we will collect from you is limited to data concerning the use of our App, and other communication data including the resources that you access.

3.4 We also collect, use and share Aggregated Data. Aggregated Data may be derived from your personal data but is anonymised so it is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate Technical Data to calculate the percentage of users accessing the App with a specific device.

4. Third party use of personal data

4.1 In order to process a transaction through the App certain personal data may be requested by the merchant and you will have control over whether this is sent to the relevant merchant in relation to each transaction. The processing of personal data by the merchant is then subject to their privacy policy and terms and conditions and we have no control over that.

4.2 Nuggets does not sell personal data. However, we may share personal data with third parties who are our data processors to the extent necessary to deliver the updates for which a user has subscribed. Personnel employed by these entities generally may have access to a user’s personal data for the purpose of providing the updates. However, these entities are contractually prohibited from using such information for any other purpose.

4.3 We do not disclose personal data to unaffiliated third parties, except as described in this privacy policy.

5. Cookies

5.1 The App, using a third party tool, puts a UUID (Unique Universal Identifier) on all devices that use the App so that we can send push notifications which are required for the operation of the App.

5.2 Cookies will very likely be used in any third party site you use including merchants sites and so you should refer to the privacy and cookie policy of the relevant merchant in each case.

6. Change of purpose

6.1 We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

7. Protection of Information

7.1 Information posted on the blockchain although encrypted will be publicly available to a large number of other parties that we have no control over. By design it will remain on the blockchain for so long as that instance of the blockchain exists. You may disassociate yourself from the encrypted information on the blockchain at any time by destroying your private keys.

7.2 We have established and maintain internal policies and procedures to protect personal data from unauthorized use or disclosure. For example, our security methods may include device safeguards, secured files and buildings and oversight of our third-party service provides or similar entities. That said, no data transmission or storage system can be guaranteed to be 100% secure and, thus, we do not guarantee that these safeguards will prevent the interception of personal data transmitted via the internet or that personal data stored in our systems, or that is otherwise in our care, will be safe from unauthorized use or some other form of intrusion by third-parties.

8. Third Party Websites

8.1 Our App may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements and we do not make any representations or warranties regarding the content or accuracy of materials on such third party sites. Such sites may have Terms of Use, Privacy Policies, or security practices different from Nuggets and we do not endorse or recommend, and hereby disclaim any liability for, any information or products offered at such sites. When you leave our App, we encourage you to read the privacy notice of every site you visit.

9. Transfers of Personal Data

9.1 Personal data of individuals located in the European Economic Area (“EEA”) may be transferred to a jurisdiction outside the EEA

10. Retention of Personal Data Information

10.1 We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements which we expect to be for no more than for seven years after they cease being users in line with taxation limitation period purposes.

10.2 To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

10.3 We may use Aggregated Data for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

11. Individual Rights

11.1 Under certain circumstances, you may have rights under data protection law in relation to your personal data as follows especially if you are an EU citizen:

  • Request access to your personal data
  • Request correction of your personal data
  • Request erasure of your personal data
  • Object to processing of your personal data
  • Request restriction of processing your personal data
  • Request transfer of your personal data
  • Right to withdraw consent

11.2 These rights are all subject to some limitations as provided for by applicable law. If you wish to exercise any of the rights set out above, please contact us at privacy@nuggets.life.

11.3 In line with GDPR you will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

11.4 We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

11.5 We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

11.6 Individuals located in the EU have the right to lodge a complaint about the processing of their personal data with the supervisory authority of the data controller, which is the Information Commission’s Office.

Effective as of 11 May 2018

No more ID or credit card fraud. No more passwords. The future is safer and simpler with Nuggets.

We’re reinventing privacy and security. We’d like your help.

Give us your email and we’ll add you to our Alpha, as well as keeping you updated on progress.

We'll never, ever share your details Privacy Policy.
Back to top