At Ledger, we are committed to creating products that provide the highest level of security for your crypto assets but that also allow you to manage them easily. To do this, we provide you with a software application (Ledger Live) and websites (ledgerwallet.com and ledger.com) (our ‘Services’).
We can collect personal data about you when you use these Services. We have created this Confidentiality Policy to explain what we do with it.
Please note:the vault.ledger.com website is not covered by this Confidentiality Policy.
What is personal data?
Personal data (‘Data’) is information that makes it possible to identify you:
- directly, such as your name or email address;
- or indirectly, such as your customer number or IP address.
- When do we collect your data and why?
- Data collected through our websites
- Data collected through our Ledger Live application
- Data collected by third parties accessible from Ledger Live
- Who do we share your Data with?
- Where do we store your Data?
- How do we keep your Data secure?
WHEN DO WE COLLECT YOUR DATA AND WHY?
We collect your Data when you use our Services.
We store your Data only for the time needed to carry out the operations for which it was collected, except when we need to assert our legal rights or are legally required to retain it for a different period of time. At the end of these retention periods, your Data is erased or anonymised.
DATA COLLECTED THROUGH OUR WEBSITES
| User action | Data collected | Data usage | Reason for processing (legal basis) | Retention period |
|---|---|---|---|---|
| Purchase of a Ledger product | Name, email address, delivery and billing address, phone number, company name, intra-community VAT number, product bought, delivery method and payment, order amount, currency | Invoicing, delivery, analytics and sending service notifications | Performance of the contract you agreed upon buying one of our products | Active database: 3 months from delivery of the product Archive: 10 years (accounting obligations) |
| Request to receive marketing emails (including our newsletter) | Email address, campaign number, logs | Sending emails on our latest developments, promotions and customer surveys | Consent to receive marketing emails | 3 years from the request |
| Request sent to customer services (on the dedicated platform or through social media) | Name, email and postal address, telephone number (for product exchanges), Handle used on social media, content of our exchanges, identification document (if verification is necessary) | Processing the request, quality control, verifying information is correct and preventing fraud | Ledger’s legitimate interest | 5 years from the request |
| Browsing our websites Please note: We collect your Browsing Data using various technologies such as cookies (for more information, please visit our Cookie Policy). | Consent or refusal to save cookies on your device | Cookies are saved (or not saved) on the device | Legitimate interest | 6 months from the user’s decision |
| IP address, operating system, browser, devices used, date and time of visit, URLs of clickstream to, through and from our website, products viewed and searched, download errors, duration of visit on certain pages, interaction between pages | Bug-fixing, analytics, combating fraud, personalising your experience, displaying adverts on third-party websites | Dependent on the purpose of the cookies saved: - Legitimate interest for technical cookies - Consent for functional, performance and advertising cookies | The time needed to fulfil the purpose of the cookies saved (for example, one session for session cookies) | |
| Participation in customer surveys | Name, age, email address, family situation, profession, country, product opinion, comments | Carrying out marketing studies, improving our products and services | Legitimate interest | 6 months from the end of the survey |
| Request to be re-contacted on the subject of our B2B products | Name, company, role, email address, telephone number, country | Making contact, sending emails on our latest developments, promotions and customer surveys | Legitimate interest | 5 years from the request |
| Signing up to our affiliate programme | Name, email address, company, BTC address, identity document, intra-community VAT number and proof of residence (where required). | Managing the programme, sending emails on the programme’s latest developments, remuneration | Performance of the contract you agreed with Ledger when signing up to the programme | For as long as the affiliate is a member of the programme, except in the event of prolonged inactivity |
Please note:your payment information is collected directly by our payment providers. Ledger only has access to a truncated version of this information for anti-fraud purposes.
DATA COLLECTED THROUGH OUR LEDGER LIVE APPLICATION
| User action | Data collected | Data usage | Reason for processing (legal basis) | Retention period |
|---|---|---|---|---|
| Use of Ledger Live | Device session identifier, IP address*, clicks, actions (e.g. launching the application, use of transactional functionalities, pages viewed), properties (e.g. type, version, language and region recorded for your operating system), currency, time stamp, amount and status of transactions, transaction identifier, identifier used by our partners to identify you (when you use their services) | Bug-fixing, analytics to improve our products and services and identify additional services and functionalities you might need, processing requests for assistance, finding and preventing security problems, fraudulent activity and violations, optimising marketing operations (e.g. information on the most-used functionalities) and sending important information (e.g. security notifications). | Legitimate interest | 5 years from collection |
| Participating in our referral programme | ETH address (for authentication purposes only / data not stored), UUID, BTC address | Managing the programme, reward redemption | Performance of the contract you agreed with Ledger by participating in the programme | Active database; for as long as the referrer is a member of the programme, except in the event of prolonged inactivity Archive: 10 years (tax and accounting obligations) |
Please note:Ledger Live does not contain identifying information that allows us to know your identity.(*Your IP address is only collected to be transmitted to our partners when this information is required to provide their services, and is not stored by Ledger) Ledger neither stores nor has access to your crypto assets and private keys. We only provide ‘cold storage’ services.
DATA COLLECTED BY THIRD PARTIES ACCESSIBLE FROM LEDGER LIVE
Below are several concrete examples:
You use our partners’ services: information (like your name, date of birth, postal address and IP address) can be collected by our partners (or by Ledger on their behalf) to meet their anti-money laundering and customer-identification obligations.
You are a validator for a proof of stake-type service: we display your name/handle, the balances delegated or any information communicated on Ledger Live.
Please note:Ledger is not responsible for the way in which our partners use your Data. If you have any questions on this subject, please consult their confidentiality policy.
WHO DO WE SHARE YOUR DATA WITH?
We share your Data with:
- Our technical service providers who help provide the Services (e.g. delivery, online payments and combating fraud).
- Our subsidiaries, when they help provide the Services.
- Our partners who use your Data to offer you:
- Services accessible from Ledger Live, or
- Personalised adverts. The list of these partners can be found in our Cookies Policy.
- Other companies to which we could sell or assign all or part of our activities.
The administrative or legal authorities or any other authorised third party where this data sharing is set out in law.
Please note:Ledger never sells your Data to third parties and we prohibit our service providers from re-using it for their own behalf.
WHERE DO WE STORE YOUR DATA?
Your Data is stored in France, but we might have to transfer it to countries located outside of the European Economic Area.
We only transfer your Data to companies:
- That are established in a country recognised by the European Commission as offering an adequate level of protection, or
- With which we have signed the European Commission’s standard contractual clauses, or
- That commit to apply a code of conduct or a certification mechanism validated by the competent European authorities.
HOW DO WE KEEP YOUR DATA SECURE?
We implement all technical and organisational measures we deem necessary to safeguard your Data at an appropriate level of security, including:
- Payment information security: your payment information is encrypted using a secure commercial Internet protocol (TLS) and is never stored on our server.
- An awareness programme and employee training.
- Encryption during exchanges and storage.
- Regular audits of data hosting companies.
- Data redundancy for more resilience in the event of catastrophe.
- Role-based authentication.
- Two-factor authentication for our authorised contributors.
- Continuous monitoring of the system.
- Security assessments in line with industry standards.
- Security tests and intrusion tests by independent third parties.
To assess the level of appropriate security, we take into account, among other things, the nature of the Data and the risks its processing presents. Although we strive to ensure an optimal protection of your Data, we would remind you that transmitting information on the Internet is not entirely secure.
Please note:Ledger does not have access to your passwords, PIN codes and recovery phrases. You are therefore solely responsible for keeping these confidential.