Privacy Policy
Updated January 29, 2026
Version 1.2
ShareMatch Ltd Privacy Policy
This Privacy Policy outlines how we collect, use and protect your personal information when you interact with ShareMatch (ShareMatch Ltd registration number: 15720628, ShareMatch sp. z.o.o. KRS: 0001143766 or ShareMatch Software Design L.L.C. licence number 912622). We also explain what data we collect, how we process it and what rights you have as a data subject when using ShareMatch services.
We adhere to the UK General Data Protection Regulation (GDPR), the EU General Data Protection Regulation (EU GDPR) and the UAE Personal Data Protection Law (PDPL). ShareMatch is committed to protecting and respecting your privacy. This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed.
The data controller is the entity that decides how your data is processed (e.g. how and for what purpose). Your data controller is:
ShareMatch Ltd (registration number: 15720628) of C/o Prysm Financial, Francis Barber House, 9 Gough Square, London, EC4A 3DG
ShareMatch sp. z.o.o. (KRS: 0001143766) of pl. Andersa 3, 61-894 Poznań, Poland
ShareMatch Software Design L.L.C., (Licence no. 912622) Office No. 807, Westburry Office Tower, Marasi Drive, Business Bay, Dubai, UAE
1. Information We Collect
We may collect and process the following data about you:
1.1.) Information You Provide: Name, address, e-mail, phone number, and financial/debit card details.
1.2.) Identity Verification Data: Copies of government-issued ID (passports/driving licenses) and biometric "samples" (facial images/selfies).
1.3.) Information We Collect Automatically: IP addresses, login data, browser types, and full URL clickstreams.
1.4.) Crypto-Asset Data: Public wallet addresses and transaction data associated with Distributed Ledger Technology (DLT).
2. Third-Party KYC & AML Verification
To meet our legal obligations under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 and Regulation (EU) 2023/1114 of the European Parliament and the Council of May 2023 on Markets in Crypto-assets (“the MiCA Act”), we share your data with specialised third-party identity verification providers.
2.1.) Digital Verification Services (DVS): We prioritise providers certified under the UK's DVS Trust Framework, ensuring high standards of security and reliability.
2.2.) Biometric Processing: When you provide a "selfie" or video for identity verification, we process Special Category Biometric Data to uniquely identify you.
2.3.) Lawful Basis: We process your data in line with The UK General Data Protection Regulations (“GDPR”) on Legal Obligation (Article 6) and Explicit Consent (Article 9).
2.4.) Automated Decision-Making (ADM): If our KYC provider uses automated systems to verify your identity, you have the right under the Data (Use and Access) Act 2025 (“the Data Act”) to request human intervention, contest the decision, and receive an explanation of any "failed" verification.
3. Cookies and Tracking Technologies
Our site uses cookies to distinguish you from other users.
3.1.) Strictly Necessary: Essential for secure login and MiCA Act compliant transactions.
3.2.) Analytical (Low-Risk): Under the Data Act, first-party statistical cookies are used without prior consent to improve our site, provided a clear opt-out is available.
3.3.) Marketing: These are only set if you provide explicit, affirmative consent. Our banner includes a "Reject All" button with equal prominence to "Accept All".
4. International Data Sharing
We share information with our 100% owned subsidiaries:
4.1.) Poland (EEA): Permitted under current UK GDPR adequacy standards.
4.2.) United Arab Emirates (UAE): Protected by the UK International Data Transfer Agreement (IDTA) and mandatory Transfer Risk Assessments (TRA) to ensure data security.
5. MiCA Act Compliance (EU Operations)
As a MiCA Act regulated provider, we ensure:
5.1.) White Papers: We provide access to mandatory crypto-asset white papers for all offered assets.
5.2.) Asset Segregation: Client funds and crypto-assets are held in accounts strictly segregated from our corporate funds.
5.3.) Liability: We remain legally liable for the accuracy of information provided in our white papers.
6. Your Rights
Under the Data Act and the GDPR you have the following rights:
6.1.) Subject Access Request (SAR): You can request a copy of your data, free of charge. We will respond within 30 days, though we may "stop the clock" if we require further information to verify your identity.
6.2.) Right to Complain: You have a statutory right to lodge a complaint with us. We will acknowledge your complaint within 30 days and respond without undue delay.
7. Data Retention
Retention periods fare in accordance with GDPR rules:
7.1.) KYC/AML Data: Retained for 5 to 10 years after the relationship ends, per UK and UAE laws.
7.2.) Tax/Crypto Asset Reporting Framework (CARF) Records: Retained for at least 6 years for HMRC reporting.
Contact
Questions and requests should be addressed to: hello@sharematch.me