Privacy Policy

1. GENERAL PROVISIONS

1.1. This Privacy Policy governs The People’s SCE with limited liability a European Cooperative Society, registered office at 53 Boulevard Royal, 2449 Luxembourg, R.C.S. Luxembourgs (hereinafter: SCE) collection, processing and use of your Personal Information/data by using SCE’s:

  • Member portal which is a dedicated application within the SCE’s Web Portal available on the website with the domain portal.ecredits.com (also referred as: “Member Portal”),
  • Any other services available or in relation to the Member Portal, provided by SCE (also referred as: “Services”).

This policy is an additional policy to the WebPortal, which for other SCE’s services has a separate Privacy Policy available at:  https://dl.ecredits.com/legal/eWallet-privacypolicy.pdf (hereinafter: eWallet PP). This policy is separately intended and dedicated only for members of The People’s SCE and governs the processing of personal data for members of The People’s SCE. This policy sets out the basis on which any Personal data we collect from You, or that You provide to SCE, will be processed and used by SCE. As the Member Portal is linked to the creation of an Account within the eWallet app or WebPortal, some personal data is used for the purposes of the Member Portal, therefore this policy also represents an integral part of the Terms of use for the eWallet app and the WebPortal. Definitions and meaning in this policy should be read together with the Terms.

1.2. Personal information/data (also known as Personal Identifiable Information [PII]) refers to any information that can be associated with a specific person (also referred as: “You” or “User”)and can be used to identify that person, directly or indirectly, in particular by reference to an identifier such as a name, address, e-mail address, an identification number, location data, mobile number, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person and other required information User provides to gain and operate a registered Account (in this policy collectively referred as: “Personal data” or “personal information”).

1.3. SCE is committed to protecting and respecting your privacy and your right to fair and just processing of your Personal data. This Privacy policy is intended to help you better understand how we collect, use, process and store your Personal data and describes your choices regarding certain types of processing. We are aware of the importance of how Personal data are handled and we assure you that we observe all applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (hereinafter: GDPR).

1.4. Unless otherwise indicated, terms used in this Regulation shall have the same meaning as under GDPR.

1.5. SCE is the data controller responsible for your Personal data. This privacy policy is issued on behalf of the SCE so when we mention SCE, “we”, “us” or “our” in this privacy policy, we are referring to the company SCE and its related group of undertakings, responsible for processing your data.

1.6. We have data protection and privacy officer who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests, please use the contact details set out below.

1.7 SCE’s contact details: Full name of legal entity: The People’s SCE with limited liability a European Cooperative Society, registered office at 53 Boulevard Royal, 2449 Luxembourg, R.C.S. Luxembourgs Email address: [email protected]

1.8. Data protection officer SCE has appointed a data protection officer (also referred as: “DPO”), who has several responsibilities, based on GDPR including but not limited to:

  • monitoring SCE’s compliance with the GDPR and other data protection laws;
  • raising awareness of data protection issues, training SCE staff and conducting internal audits; and
  • cooperating with supervisory authorities on our behalf.If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact us via SCE’s e-mail address [email protected]


Complaints You have the right to make a complaint at any time to the Luxembourg Data protection Office. We would, however, appreciate the chance to deal with your concerns before you approach the data protection office, so please contact us in the first instance. SCE will:

  • Always keep your data safe and private.
  • Never sell your data.
  • Allow you to manage and review your marketing communication preferences at any time.


SCE does not collect or process your genetic, physiological, mental, racial or ethnic origin, cultural or social identity Personal data, political opinions, religious or philosophical beliefs, trade union memberships, data concerning health or data concerning a natural person’s sex life or sexual orientation.

2. COOKIE POLICY

2.1 When Users access the Member Portal, SCE may place small data files called cookies on User’s computers or other devices. This helps us to provide you with a good experience when you use or browse our Member Portal and also allows us to improve the Member Portal. SCE uses these technologies to recognize you as a User of the Member Portal and/or other Services in order to customize the Member Portal and advertising content, measure communication and marketing effectiveness and collect information about User’s devices to mitigate risk, help prevent fraud and promote trust and safety. 

2.2. We may use cookies, pixel tags, web beacons, and other tracking technologies to collect information about you when you interact with our Services, including information about your browsing behavior on the Member Portal.  

2.3. What cookies do we use?

We use both session and persistent cookies. Session cookies expire when you log out of your account or close your browser. Persistent cookies remain on your computer or other access device until deleted or otherwise expire. The Member Portal uses the following cookies:

Cookie name

What is it for?

Type

Duration

portal_storageSilentRenewRunning

Authentication

Authentication

Session

portal_session_state

Authentication

Authentication

Session

portal_userData

Authentication

Authentication

Session

portal_access_token_expires_at

Authentication

Authentication

Session

ARRAffinity

Load balancing

Technical

Session

portal_authzData

Authentication

Authentication

Session

portal_authStateControl

Authentication

Authentication

Session

portal_authNonce

Authentication

Authentication

Session

portal_authnResult

Authentication

Authentication

Session

portal_codeVerifier

Authentication

Authentication

Session

portal_authWellKnownEndPoints

Authentication

Authentication

Session

ARRAffinitySameSite

Load balancing

Technical

Session

2.4. Mentioned cookies are of technical nature and are necessary by default for your use and functionality of the Member Portal and/or Services. Additionally, we may use certain persistent cookies that are not affected by your browser settings but will use such cookies solely for identity verification and fraud prevention purposes. For more information about cookies and how to block, delete or disable them, please refer to your browser instructions, or contact us at [email protected]  

3. INFORMATION WE COLLECT ABOUT YOU

In parallel with the eWallet PP and the data collected within the application for the purposes of the operation of the eWallet app and WebPortal, SCE collects additional information for members of The People’s SCE in relation to and for the purposes of the Member Portal as follows. SCE may collect, process, use, store and transfer different kinds of Personal data about you which we have grouped together as follows: 

3.1. Submitted Personal information:

This is Personal information you may give us about you by filling in forms on Member Portal and/or corresponding with us by mail, phone, email or otherwise. This includes Personal information You provide by:  

  • filling in formson the Member Portal and/or subscribing to the newsletter (such as eCredits news and updates that provide information regarding the latest developments of the Member portal, and SCE’s news), download a document from Member portal, register for a webinar or enter a SCE’s contest, or other marketing activity. The latter shall be further described in terms and conditions of the relevant activity, and/or 
  • (actively) corresponding with us (for example, by e-mail, via the chat functions on the Member Portal and/or through our customer service or otherwise actively correspond with SCE) and/or participating in discussion boards or other social media functions on or the Member Portal, 
  • providing Personal information to SCE and third-party providers to fulfill and deliver purchased items on the Member Portal.
  • providing Passport and/or ID scans for the purpose of identifying the natural person or the representative of a legal person and the correct keeping of the register of members of the SCE

 (collectively also referred as: Submitted Personal information) 

Submitted Personal information in particular includes: 

  1. Identity data: first name, maiden name, last name, date of birth, username, password and other registration information and/or similar identifiers, 
  2. Contact data:address, e-mail address, phone number,  
  3. Financial data such as:  
    • Credit card data or other information regarding payments on the Member Portal,
    • Number of shares of the People’s SCE any additional or other contributions or withdrawals,
    • information provided from third-party services
  4. Communications Datawhich includes your submitted preferences in receiving marketing material from us and our third parties and your communication preferences. 

3.2. Personal information collected by using automated technologies or interactions: 

This is Personal information you may give us about you as you interact with our Member Portals, we may automatically collect Technical Data about your equipment, mobile device, browsing actions, including your IP address, patterns and other activity when using the Member Portal. SCE collects this Personal data by using cookies, server logs and other similar technologies. This allows us to recognize Users and avoid repetitive requests for the same information. With automation technologies we track, collect and store the User behavior on the Member Portal.

(collectively also referred as: Automated Personal data) 

Automated Personal data in particular includes: 

  1. Member Portal and voting: For the purposes of user experience enhancement, monitoring (in sense of “execution of a contract” within the meaning of GDPR) and for the purposes of identification and/or prevention of possible manipulation, we also collect certain information about your use of the Member Portal , including but not limited to:  
    • keeping track of voting as part of the General Assembly on the Member Portal,
    • keeping track of suggestions made or other activities within the Member Portal

Collected/monitored trading data includes date, time, amount, currencies used, user details, IP address.

  1. Profile Data: actions or voting made by you, your interests, preferences, feedback and survey responses. 
  2. Usage Data: includes information about how you use Member Portal and/or Services. 
  3. Technical Data: includes internet protocol (IP) address, your login data, mobile device, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and other technology on the devices you use to access our Member Portals.

3.3. Personal data obtained with authorized third parties or publicly available sources:

We may obtain Your Personal data about you from authorized partners and public sources, namely publicly available registers such as company registers and other publicly accessible sources which provide reliable data about You, Your family members and/or Your close business associates. Third parties are business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, fraud prevention agencies, customer service providers and developers which are required to ensure that they comply with the GDPR (Art. 28 GDPR).

(collectively also referred as: Personal data obtained by third parties)

4. USES MADE OF THE PERSONAL DATA

4.1. Below is a summary of the key types of Personal data that we make use of as part of the SCE Services. For more information on how these types of data are used and for which purposes then please see the table below. 

4.2. We use information held about you in the following ways: 

  • Submitted Personal datais used: 
    • to carry out our obligations arising from your membership as a member of The People’s SCE, for example to provide you with delivery of news, topics, votings, convening of general meetings on the Member Portal,
    • to notify you about changes to the SCE’s Statutes or other important matters regarding the SCE; 
  • Automated Personal data is used: 
    • to provide you with information about items we offer that are similar to those that you have already used or enquired about; 
    • to ensure that content from our Member Portal is presented in the most effective manner for you and for your mobile device and/or personal computer; 
    • to administer our Member Portal for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes; 
    • to improve our Member Portal to ensure that content is presented in the most effective manner for you and for your mobile device and/or computer; 
    • to allow you to participate in interactive features of our Services, when you choose to do so; 
    • as part of our efforts to keep our Member Portal safe and secure; 
    • to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you; 
    • to make suggestions and recommendations to you and other members of our Member Portal about goods or Services that may interest you; 
    • to confirm your eligibility to use our Services; and 
    • to comply with our regulatory obligations. 
  • Personal data obtained by third parties: We will combine this information with Submitted Personal data you give to us and Automated Personal data we collect about you. We will use this information and the combined information: 
  • to help us better understand your circumstances and behavior so that we may make decisions about how we manage your Member Portal usage; 
  • to process applications for products and Services available through us including making decisions about whether to agree to approve any applications; and 
  • for the purposes set out above (depending on the types of information we receive).

4.3. We may associate any category of Personal data to any other category of Personal data and will treat the combined information as Personal data in accordance with this policy for as long as it is combined. 

4.4. For advertising networks, we utilize anonymized Personal data in order to serve relevant adverts to target segments. However, SCE will never disclose identifiable information to advertisers. 

5. PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA

5.1. We have set out below, in a table format, a description of all the ways we use your Personal data as stated above, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. 

5.2. Note that we may process your Personal data for more than one lawful ground depending on the specific purpose for which we are using your Personal data. Please contact us via support if you need details about the specific legal ground we are relying on to process your Personal data where more than one ground has been set out in the table below. 

 

Purpose of processing Personal data  

Type/category of Personal data 

Lawful basis 

Legitimate interests 

To provide the SCE Member Portal and Services:
– To carry out our obligations arising from your membership as a member of the SCE,  using Services and/or Member Portal and to provide you with the information, documentation, products and Services that you request from us.

– Submitted Personal data such as general personal information, passport or ID scans Contact data,– Automated data such as Transaction data, , Profile data, Usage data and Technical data.

Processing is necessary for the purposes of the legitimate interests pursued by the SCE as the data controller.

 

Processing is necessary for compliance with a legal obligation to which the controller is subject

SCE must guarantee its members the rights and obligations that they have under the statutes and laws relating to SCEs. The SCE has a legitimate interest and is obliged to keep a register of members, to verify its members, and to ensure that all legal and statutory requirements are properly carried out.

To keep the Member Portal up and running:
– To administer the Member Portal for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
– To notify you about changes to our Service;
– As part of our efforts to keep our Member Portal safe and secure.

– Submitted Personal data such as general personal information, Contact data,
– Automated Personal data such as Transaction data, Profile data, Usage data and Technical data.

Processing is necessary for the purposes of the legitimate interests pursued by the SCE as the controller.

 

Processing is necessary for compliance with a legal obligation to which the controller is subject

To ensure that content on the Member Portal is properly presented and in accordance with the law and the statutes in  effective manner

 

Legitimate interest  to prevent possible abuses of Member Portal, or Services.

– To use data analytics to improve our Member Portal, Services, member relationships, voting,  member communication and experiences.

– Automated Personal data such as Transaction data, Profile data, Usage data and Technical data.

Processing is necessary for the purposes of the legitimate interests pursued by the SCE as the controller.

 

Processing is necessary for compliance with a legal obligation to which the controller is subject

Legitimate interest to keep our Member Portal and member register updated and relevant, to develop new features for members on the Member Portal.

 

What do we mean when we say: 

Legitimate Interest: it means that the SCE has a legitimate interest in knowing the identities of its members (shareholders) to keep a register of members, to verify its members, and to ensure that all legal and statutory requirements are properly carried out.  SCE has legitimate interest in conducting and managing SCE to enable and ensure that the General Assembly of members is properly convened, with all the obligations, and that the topics put to the General Assembly meeting are properly and qualitatively voted on. The general meeting is the most important body of the company and therefore the SCE has a legitimate interest in knowing its members and keeping a correct register of its members. SCE makes sure it considers and balances any potential impact (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). Within the meaning of “legitimate interest” SCE (also) pursues its legitimate interest of identification and/or prevention of  possible voting manipulation, we also collect and process certain information about your use of the Services on the Member Portal.

Compliance with a legal obligation: As a legal entity, the SCE has an obligation to conduct its business in accordance with the law and the statutes and has a legal obligation to conduct its business properly and to take care of the rights and obligations of its members (shareholders)  – “you” and to ensure that proper procedures are followed. The SCE has a legal obligation and must ensure the register is kept properly and diligently, that membership votes are exercised and that proper notice is given in respect of the matters which it is legally obliged to give.

6. MARKETING AND OPTING OUT

6.1. The SCE does not perform marketing within the Member Portal, but only informs Members about important matters and their rights in relation to the SCE, which it is obliged to do. Any marketing activities carried out within the eWallet app are carried out on the basis of the eWallet PP, and the rights in this respect are subject to the eWallet app PP.

7. DISCLOSURE OF YOUR PERSONAL DATA

7.1. Data processing partners 

  1. We will disclose the Personal data we collect from you to certain third parties (processors) who use Personal data in delivering the purchased goods on the Member Portal to users. Such partners shall use Personal data securely and confidentially and under strict contractual controls in accordance with data protection laws and enforced by SCE. 
  2. We send Personal data to the following sets of data processors in order to perform the Services:
    • Third-party app: Any third-party app used to perform the Services;
    • Fraud prevention agencies: This is in order to verify your identity, protect against fraud and to confirm your eligibility to use our products and Services; 
    • Cloud storage providers: This is in order to safely and securely store your data with SCE; 
    • Analytics providers: For analytics, we utilize anonymized Personal data in order to serve relevant adverts to target segments. However, SCE will never disclose identifiable information to advertisers. 
    • CRM provider: This data processor enables us to collect and manage your Personal data at one place (at least in such a manner that processing will meet the requirements under GDPR) and to ensure you the rights to access, manage, export or delete your Personal data according to GDPR.  
    • Affiliated companies: In order to provide a unified service across all of our Services, we may disclose your Personal information to any member of the corporate group of undertakings, which means any of our subsidiaries or affiliated entities. These companies will be acting as joint controllers or processors in order to provide the services as described in Terms of use.

7.2. We may also disclose your personal information in the following circumstances: 

  1. If SCE or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets. 
  2. If we are under a duty to disclose or share your Personal data in order to comply with any legal or regulatory obligation or request. 
  3. In order to: 
    • enforce or apply the membership relations of use and/or any other agreements between you and SCE or to investigate potential misconducts or breaches; or 
    • protect the rights, property or safety of SCE, our members or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection. 

8. STORAGE SECURITY & INTERNATIONAL TRANSFERS

8.1. The Personal data that we collect from you will be transferred to, and stored at, a destination inside the European Economic Area (EEA). As we provide an international service your Personal data may be processed outside of the EEA in order for us to fulfill our contract with you to provide the SCE Services. We will need to process your Personal data in order for us, for example, to action a request made by you to execute an international payment, process your payment details, provide global anti-money laundering and counter terrorist financing solutions and provide ongoing support services. We will take all steps to ensure that your data is treated securely and in accordance with this privacy policy. 

8.2. All information you provide to us is stored on our secure servers, encrypted at rest. Any payment transactions carried out by us or our chosen third-party provider of payment processing services will be encrypted in transit. Where we have given you (or where you have chosen) a password that enables you to access certain parts of our Member Portal, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. 

8.3. Although we will do our best to protect your Personal data, we cannot guarantee the security of your data transmitted to our Member Portal; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access. 

8.4. Certain Services include social networking, chat room or forum features. Ensure when using these features that you do not submit any personal data that you do not want to be seen, collected or used by other users. 

9. RETAINING YOUR INFORMATION

We will keep your data:

  • if we need your personal data as a member/shareholder of the SCE we will keep it until such time as the relationship with you ceases or legal retention period expires;
  • if we use your Personal Data on the basis of Legitimate Interest until such time as your overriding interest obliges us to delete the data or anonymize it.

 

Purpose

Time for which the data is kept

1. To manage your membership

We will process your data for the time during which you remain a member and additional 5 years in respect of any claims you may have against SCE or other persons or SCE may have against you. This is the minimum volume of personal data.

2. Development, performance and services

We will process your data for the time necessary to manage the Services that you use.

3. Communication

We will process your data for the time necessary to meet your request, until we no longer have any legal obligations or claims against each other in terms of membership

5. Analysis of usability and quality

We will process your data occasionally for the time during which we proceed to carry out a specific quality action or survey or until we anonymize your browsing data.

10. YOUR LEGAL RIGHTS

10.1. You have rights under data protection laws in relation to your Personal data. Please see below to find out more about these rights: 

  1. Request access to your personal data (commonly known as a “data subject access request“).This enables you to receive a copy of the Personal data we hold about you. If you require this, then please reach out to our support team at [email protected]

  2. Request correction of the Personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. If you require this, then please reach out to our support team. 

 

  1. Request erasure of your personal data. This enables you to ask us to delete or remove Personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
    Please note that these retention requirements supersede any right to erasure requests under applicable data protection laws. 

 

  1. Object to processing of your Personal data. This is in situations where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights.  If you object to the processing of certain data, then we may not be able to provide the SCE Services and it is likely we will have to terminate your account. 

 

  1. Request restriction of processing of your Personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: 
    • if you want us to establish the data’s accuracy;  
    • where our use of the data is unlawful, but you do not want us to erase it;  
    • where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or  
    • you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.  

 

  1. Request the transfer of your personal data to you or to a third party.We will provide to you, your Personal data in a structured, commonly used, machine-readable format, which you can then transfer to an applicable third party. If you require this, then please reach out to our support team via [email protected] 

  2. Withdraw consent at any time where we are relying on consent to process your Personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide the SCE Services to you. Regardless of Users withdrawal of consent, SCE is obligated to process and store relevant Personal data for certain period in order to comply with legislation on prevention of money laundering, money laundering, terrorist financing, fraud, or any other financial crime.

10.2. Please note that any requests in relation to the restriction of the processing of your data means that we may not be able to perform the contract we have or are trying to enter into with you (including the SCE Services). In this case, we may have to cancel your use of the SCE Services but we will notify you if this is the case at the time.

11. MISCELLANEOUS

11.1. NO FEE USUALLY REQUIRED 

You will not have to pay a fee to access your Personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

11.2. WHAT WE MAY NEED FROM YOU

We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal data (or to exercise any of your other rights). This is a security measure to ensure that Personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. 

11.3. TIME LIMIT TO RESPOND

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. 

 11.4. IF YOU FAIL TO PROVIDE PERSONAL DATA

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (including the SCE Services). In this case, we may have to cancel your use of the SCE Services but we will notify you if this is the case at the time. 

12. CHANGES TO PRIVACY POLICY

12.1. Any changes we may make to our privacy policy in the future will be posted on the Member Portal and, where appropriate, notified to you by e-mail and/or when you next start the log onto the Member Portal. The new terms may be displayed on-screen and you may be required to read and accept them to continue your use of the Member Portal and/or the Services.

13. CONTACT

13.1. All questions relating to data and your privacy are welcomed and should be addressed to our support team or to our appointed data protection officer. If you have any questions, comments or requests regarding this privacy policy then please: 

Contact us via our support team: [email protected]

Luxembourg, on September 28, 2022

 

The People’s SCE