We collect your Data when you use our Services. We store your Data only for the time needed to carry out the operations for which it was collected, except when we need to assert our legal rights or are legally required to retain it for a different period of time. At the end of these retention periods, your Data is erased or anonymised.
Below are several concrete examples: You use our partners’ services: information (like your name, date of birth, postal address and IP address) can be collected by our partners (or by Ledger on their behalf) to meet their anti-money laundering and customer-identification obligations. You are a validator for a proof of stake-type service: we display your name/handle, the balances delegated or any information communicated on Ledger Live.
We share your Data with: Our technical service providers who help provide the Services (e.g. delivery, online payments and combating fraud). Our subsidiaries, when they help provide the Services. Our partners who use your Data to offer you: Services accessible from Ledger Live, or Personalised adverts. The list of these partners can be found in our Cookies Policy. Other companies to which we could sell or assign all or part of our activities. The administrative or legal authorities or any other authorised third party where this data sharing is set out in law.
Your Data is stored in France, but we might have to transfer it to countries located outside of the European Economic Area. We only transfer your Data to companies: That are established in a country recognised by the European Commission as offering an adequate level of protection, or With which we have signed the European Commission’s standard contractual clauses, or That commit to apply a code of conduct or a certification mechanism validated by the competent European authorities.
We implement all technical and organisational measures we deem necessary to safeguard your Data at an appropriate level of security, including: Payment information security: your payment information is encrypted using a secure commercial Internet protocol (TLS) and is never stored on our server. An awareness programme and employee training. Encryption during exchanges and storage. Regular audits of data hosting companies. Data redundancy for more resilience in the event of catastrophe. Role-based authentication. Two-factor authentication for our authorised contributors. Continuous monitoring of the system. Security assessments in line with industry standards. Security tests and intrusion tests by independent third parties. To assess the level of appropriate security, we take into account, among other things, the nature of the Data and the risks its processing presents. Although we strive to ensure an optimal protection of your Data, we would remind you that transmitting information on the Internet is not entirely secure.