This website, www.tm2.market (the “Website”) is owned and operated by Technology Metals Market Ltd (“TM2”, “we”, “us”, or “our”). We collect, use, and are responsible for certain personal information about you. When we do so, we are regulated under applicable data protection laws, including the UK General Data Protection Regulation (“UK GDPR”) and EU General Data Protection Regulation (“EU GDPR”), and are responsible as ‘controller’ of that personal information for the purposes of those laws.
- What information we collect and why we collect it; and
- How we use that information and how we secure it;
- Any third parties with access to your personal information that we collect; and
- The choices you have with regard to the use of your personal information and how to contact us about our use of your personal information.
A. HOW TO CONTACT US
- By email to firstname.lastname@example.org; or
- By post to: Technology Metals Market Ltd, c/o Collyer Bristow, First Floor, 140 Brompton Road, London SW3 1HY, United Kingdom.
- If you are a resident in the European Economic Area (EEA), you may alternatively address privacy-related enquiries to our EU representative appointed pursuant to Article 27 of the EU GDPR at EUPrivacy@tm2.market
2. You have the right to make a complaint at any time regarding data protection issues to the relevant supervisory authority. The UK supervisory authority is the Information Commissioner’s Office (“ICO”), whose website is at www.ico.org.uk. If you are resident in the European Economic Area (EEA), you may bring a complaint to your national supervisory authority. A full list of the EEA’s national supervisory authorities with their contact details is available here. We would, however, appreciate the opportunity to deal with your concerns before you approach any supervisory authority, so please contact us in the first instance using the above contact details.
B. WHAT WE COLLECT
1. Depending on the type of TM2 services you use, the information we collect about you may include:
- Contact information (such as your name, email and postal addresses, telephone number, and country of residence) that you provide by completing forms on the Website, by telephone, or through a paper application form;
- Information permitting us to offer TM2’s services to you, including details relating to your personal bank accounts or virtual currency wallet, details allowing us to prevent and detect money laundering and terrorist financing activities, copies of your current valid government-issued photo identification, and/or such other identifying and verifying information as we require from time to time in our discretion, and credit bureau information about you for purposes of confirming your identity under applicable "know-your-client" rules;
- Details about your finances that you provide to us or permit us to collect through third party service providers;
- Your login and password details;
- Details of any transactions you make through TM2’s services;
- Information about your activity on the Website, such as your IP address, the pages you have visited and the device or browser you use;
- Information provided via your mobile devices, such as your location, phone ID, mobile user name, password, location;
- Communications with us (for example, when you ask for support, send us requests, questions or comments, or report a problem, whether by mail, telephone, fax, online, or by any other means);
- Information that you submit through the Website, including in the form of comments, contributions to discussions, or messages to other users; and
- Demographic information;
- Geolocation information;
- Data mining and financial profiling.
2. When you opt in for our Newsletter, or marketing materials, we collect your email address and name. For more about marketing communications, please see Section E below.
3. As is true of most websites, but subject to your browser settings, we automatically gather information about your computer such as your IP address, browser type, referring/exit pages and operating system.
4. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
C. HOW WE USE YOUR PERSONAL INFORMATION
1. We will only use your personal data when the law allows us to. There are various different lawful bases on which we may rely in order to process your personal information, depending on what personal information we process and why. The lawful bases we generally rely on are as follows:
- Where we need to perform a contract we are about to enter into or have entered into with you (“Contract Performance”).
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (“Legitimate Interests”). If we rely on Legitimate Interests, then the relevant Legitimate Interest is stated below.
- Where we need to comply with a legal obligation (“Legal Obligation”).
We have set out below our reasons for processing your data and have stated the relevant lawful basis on which we rely in order to undertake that processing for each.
2. We need to use the personal information described in section B in order to offer TM2’s services to you, including for the following purposes:
- Ascertaining whether to approve you for use of TM2’s services when you apply to use TM2’s services (Contract Performance);
- Identifying you when you sign in to your account (Contract Performance).
- Processing or helping to process transactions in your TM2 investor, corporate, broker or issuer member account and communicating with recognized counterparties, bullion-dealers, bullion-banks, and vault operators in respect of TM2’s Services (Contract Performance);
- Contacting you about the status of TM2’s services (for example, to inform you of changes to or the termination of particular TM2 services, or to respond to a question, comment or complaint) (Contract Performance);
- Complying with legal requirements, including those imposed by laws, regulations, court orders, and regulatory guidelines, policies and procedures, in the countries in which we operate, including tax, "know your client" and Anti-Money Laundering obligations (Legal Obligation).
- Detection of suspicious transactions, including transactions involving fraud, money laundering or terrorist financing activities (Legal Obligation; Legitimate Interests);
- Managing invoicing, accounting and information security services related to our transactions with you (Contract Performance);
- Protecting against harm to the rights, property or safety of TM2, its clients, employees, service providers, or the public (Legal Obligation; Legitimate Interests);
- Internal management purposes, including planning, resource allocation, policy development, quality improvement, compliance, monitoring, audit, evaluation and reporting (Legitimate Interests);
- Asking you to complete surveys to help us improve TM2’s services (Legitimate Interests);
- Managing your communications preferences (Legitimate Interests);
- Maintaining ownership records (Contract Performance); and
- Keeping a record of our communications with you to assist us in ensuring you get the best from our services (Contract Performance; Legitimate Interests).
D. HOW WE SHARE YOUR PERSONAL INFORMATION
2. The TM2 distributed ledger is a private and permissioned database that is shared, replicated, and synchronized among the trusted members of the TM2, ensuring that the ledger is updated only with network-verified transactions by approved parties. The database is a registry of all TM2 investor, corporate, broker, or issuer members that have been approved to transact on the TM2 and includes their trading status, permissions and KYC (Know Your Customer) & AML (Anti-Money Laundering) manifestations. Each investor is identified by a unique ID, built from a hash of personal information that allows identification in a privacy-safe and secure way. Your name, address, phone number, and any data that you provided in the form you completed to open your account with us is shared with issuers, account officers, auditors, administrators, compliance officers, and clearance brokers who use the Website and our platform . The lawful basis for this processing is Contract Performance. The distributed ledger records the transactions on the TM2. Every record in the distributed ledger has a timestamp and unique cryptographic signature. The ledger is an auditable, immutable history of all transactions in the network and at all times visible to the verified members of the TM2.
3. From time to time, we engage unaffiliated third parties and their affiliates, agents, and subcontractors ("Service Providers") to perform certain technological or administrative services in connection with TM2’s services. For example, a Service Provider may be asked to serve as a vault operator, operate a verification network, process transactions, provide credit reports or assessments, verify customer identities, detect suspicious transactions, perform security services, and manage or audit our operations. In some cases, a Service Provider will be collecting your personal information from other sources on our behalf to fulfil the purposes set out in section B. We also may use a Service Provider to host and administer one or more of our Websites, process and store data, and fulfil similar technology-related functions on our behalf (for example, hosting our platform or providing maintenance services in respect of the platform). In these circumstances, the personal information that the Service Provider receives is limited to the personal information needed to render their service to us. We require all Service Providers to respect the security of your personal data and to treat it in accordance with the law. We do not allow Service Providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
4. Transfer of your personal data outside the United Kingdom and the European Economic Area (EEA). Whenever we transfer your personal data out of the UK or the EEA, we ensure that either:
- your personal data is transferred to countries deemed to provide an adequate level of protection for your personal data in accordance with applicable data protection laws;
- the transfer of your personal data is covered by appropriate safeguards, such the use of standard contractual clauses approved for use by applicable data protection laws; or
- one of the ‘derogations’ (or exceptions) set out in Article 49 in the UK GDPR and EU GDPR apply.
Article 49(1)(a) of the UK GDPR and EU GDPR allows for the transfer of your personal data to countries outside of the UK and EEA that are not deemed adequate under data protection laws and where it is not possible to implement appropriate safeguards, provided that we have obtained your prior explicit consent to undertake such transfer. If we have obtained your explicit consent to do so, we will enable our operations staff located in TM2’s representative office in the Russian Federation (who are responsible for managing transactions on the Website and on our platform) to process your personal data by accessing, retrieving, or consulting such personal data in accordance with Article 49(1)(a). Your personal data will remain stored at all times on secure servers within the UK or EEA, and any such access from our operations staff within the Russian Federation shall be via a secure virtual private network (VPN) with end-to-end encryption and requiring two-factor authentication. As we will have explained to you at the time of obtaining your explicit consent for such transfers, it is not possible to guarantee an adequate level of protection of your personal data when accessed by our staff from within the Russian Federation. However, such staff are under strict obligations to protect the confidentiality of your personal data, and there are procedures in place to suspend access to your personal data from within the Russian Federation if we become aware of any activity that could potentially harm your individual rights and freedoms.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK or EEA or the security measures we have implemented at our Russian representative office .
5. We may share aggregated, anonymised, non-personally identifiable information publicly and with our partners – like publishers, advertisers or connected sites. As this information is anonymous, it does not constitute personal data. For example, we may share information publicly to show trends or publish market research.
6. We will share personal information with law enforcement or other authorities if required by applicable law.
E. MARKETING COMMUNICATIONS
1. We would, from time to time, like to send to you information electronically about news, promotions, special offers and other information from TM2, regarding either TM2 or its selected partners, which may be of interest to you. We will only send you such marketing messages if you actively consent to this (for example, by ticking the relevant box in your application form). Our lawful basis for processing your personal information in order to send you such marketing communications it therefore your consent, which you can withdraw at any time (see Section G below for more information about your legal rights). If you wish to unsubscribe to marketing emails from TM2, please contact email@example.com. We will strive to honour your request as soon as possible, and in any event within the next 10 business days. Please note, however, that this request will apply only to marketing emails and not to certain account-based information emails which will continue to be sent to account holders. We are not responsible for any additional information you provide directly to our partners, and we encourage you to become familiar with their privacy and security practices and policies before disclosing information to them.
F. INFORMATION SECURITY, STORAGE AND RETENTION
1. We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
2. We will retain your information for as long as you have an open TM2 investor, corporate, broker or issuer member account or as is needed to provide you with TM2’s services. If you wish to terminate your agreement with TM2 or request that we no longer use your information to provide you services, please contact us on firstname.lastname@example.org. We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements. In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
G. YOUR LEGAL RIGHTS
1. Under certain circumstances, you have rights under data protection laws in relation to your personal data. In summary, these include rights to:
- require us to correct any mistakes in your information which we hold;
- require the erasure of personal information concerning you in certain situations;
- receive the personal information concerning you which you have provided to us, in a structured, commonly used, and machine-readable format and have the right to transmit those data to a third party in certain situations;
- object at any time to processing of personal information concerning you for direct marketing;
- object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you;
- object in certain other situations to our continued processing of your personal information; and/or
- otherwise restrict our processing of your personal information in certain circumstances.
2. If you wish to exercise any of the rights set out above, please contact us using the contact details given above. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.