2. PERSONAL INFORMATION WE COLLECT & METHODS OF COLLECTION
Personal information is data that, either directly or indirectly, identifies a person or relates to an identifiable person, and includes:
- information you provide to us either through your use of the Site, the Services and/or the transactions carried out in connection with the Services or voluntarily (any information you provide to us that is not required is voluntary);
- information which is collected about you automatically through your use of the Site, Services and/or the transactions carried out in connection with the Services; and
- information we obtain from third parties and public sources.
Information You Provide to Us
To use the Services, we’ll ask you to provide us with some important information about you. This information is either required by law or necessary to provide the Services or is relevant for certain specific purposes.
Please be aware that we may not be able to serve you as effectively or even, offer you the Services if you choose not to share certain information with us.
Information provided may include:
- Personal Identification Information: full name, date of birth, age, nationality, country of residence, gender, signature, utility bills, photographs, video footage, phone number, home address, email address;
- Formal Identification Information: government issued identification such as passport, driver’s licence, national identification card with photograph, tax identification number, national insurance number, social security number, visa information and/or any other information deemed necessary to comply with our legal obligations under anti-money laundering (“AML”) and counter terrorism financing laws and procedures (“CTF”);
- Financial Information: bank account numbers, bank statements, transaction history, trading data, credit/debit card numbers;
- Transaction Information: information about the transactions you make using the Services, the purpose of the transactions, information on sources of your funds, sender and receiver of funds, ultimate beneficiary information, wallet ID;
- Employment Information: office location, job title, education, and description of your role;
- Correspondence: survey responses, information provided to our support team or research team.
Information We Collect About You Automatically
We receive and store certain types of information automatically. This information helps us address customer support issues, improve the performance of the Site, provide you with a streamlined and personalised experience, and protect your transactions from fraud.
Information collected automatically may include:
- Online Identifiers: geo location/tracking details, browser fingerprint, OS, browser name and version, and/or personal IP addresses;
Information We Obtain from Third Parties & Public Sources
We may obtain information about you from third parties and public sources, as required or permitted by applicable law. These sources may include:
- Public Databases, Credit Bureaus & ID Verification Partners
- Blockchain Data: we may analyse public blockchain data to ensure parties utilising the Services are not engaged in illegal or prohibited activity under the Agreement, and to analyse transaction trends for research and development purposes.
- Third Party Exchange Partners and Service Providers
- Other Publicly Available Sources: for example, social media and networking platforms and other online public information sources.
- To maintain legal and regulatory compliance
- To operate and provide the Services, including for risk analysis, identity authentication and payment processing
- To detect and prevent fraud
- For analytics, statistical, research and development purposes
- To keep our Site safe and secure
- To provide Service communications, including our latest updates
- To ensure quality control
- To enhance your experience
- To engage in marketing activities
- To provide customer service, including investigating and resolving disputes
- To facilitate corporate acquisition, mergers, or transactions
- For any other purposes you consent to
4. THE LEGAL BASES FOR PROCESSING PERSONAL INFORMATION FOR EUROPEAN ECONOMIC AREA (EEA), UNITED KINGDOM (UK) & SWITZERLAND RESIDENTS
For individuals who reside in the EEA, UK and Switzerland, we rely on the following legal bases for processing your information under Article 6 of the EU General Data Protection Regulation (“GDPR”):
- it is necessary to perform obligations arising from any contracts entered into between you and us – B, C, G, K, H;
- we are legally required to do so – A, D, F;
- (you can read more about our AML/CTF and fraud prevention policies here)
it is in pursuit of our legitimate business interests, having taken into account your rights, interests and freedoms – E, I, L, J; or
- we have obtained your consent to do so, which can be withdrawn at any time – I, J, M.
5. WITH WHOM WE SHARE PERSONAL INFORMATION
We take care to allow your personal information to be accessed only by those who require access to perform their tasks and duties, and to share with selected third parties who have a legitimate purpose for accessing it.
We will never sell or rent your personal information.
These are the circumstances in which we share your personal information:
- With third party identity verification and fraud detection & prevention services to prevent fraud;
- With third party exchange partners and service providers under contract who help with parts of our business operations. Our contracts require these third parties to only use your personal information in connection with the services they perform for us. Service providers may include:
- Network infrastructure
- Cloud storage
- Payment processing
- Transaction monitoring
- Document repository services
- Customer support
- Internet (e.g. ISPs)
- Data analytics
- Information Technology
- Advertising & Marketing
- With any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries;
- With entities that we plan to merge with or be acquired by. You will receive prior notice of any change in applicable policies.
- With our professional advisors who provide banking, legal, compliance, insurance, accounting, or other consulting services in order to complete third party financial, technical, compliance and legal audits of our operations or otherwise comply with our legal obligations.
- With law enforcement, officials or other third parties when we are compelled to do so by a subpoena, court order, or similar legal procedure, or when we believe in good faith that the disclosure of personal information is necessary to prevent physical harm or financial loss, to report suspected illegal activity, or to investigate violations of the Agreement or any other applicable policies.
Please note that our businesses, as well as our trusted exchange partners and service providers, are located around the world.
6. YOUR RIGHTS
You have rights concerning your personal information and can exercise them anytime by contacting us at [email protected]. All requests will be fulfilled within one month.
Please note, however, that not all rights are absolute, and as such, requests are subject to applicable business and regulatory requirements, including legal and ethical reporting or document retention obligations.
These are the rights you have concerning your personal information:
- Information Access & Portability. You may request that we provide you a copy of your personal information that we process in a structured, commonly used and machine-readable format.
- Correction. It is important to us that your personal information is accurate, complete and up to date. If the personal information we hold about you is inaccurate or incomplete, you are entitled to have it corrected or updated.
- Erasure. You can ask us to delete or remove your personal information in certain circumstances such as if it is no longer needed. Such requests will be subject to the contract that you have with us, and to any retention limits we are required to comply with in accordance with applicable laws and regulations.
- Restriction. You can ask us to block or suppress the processing of your personal information in certain circumstances such as if you want us to establish its accuracy or disclose the purpose for processing it.
- Objection. You can ask us to stop processing your personal information, and we will do so, if we are:
- relying on our legitimate interests to process your personal information except if we can demonstrate compelling legal grounds for the processing;
- processing your personal information for direct marketing; or
- processing your personal information for research unless we reasonably believe such processing is necessary or prudent for the performance of a task carried out in the public interest (such as by a regulatory or enforcement agency).
- Withdrawal of Consent. You may withdraw your consent to our processing activities provided that such processing activities rely on your consent, and not on a different legal basis.
- Automated Decision-Making. You may challenge any decision made about you based solely on an automated process where this has a legal or similarly significant effect and ask for it to be reconsidered and require human intervention.
- Complaints. You may lodge a complaint with a data protection supervisory authority.
We may send you marketing communications by email or other forms to ensure you are always kept up to date with our latest products and services. If we send you marketing communications we will do so based on your consent, registered marketing preferences or where we are permitted to do so under law in pursuit of our legitimate business interests that is, promoting the Services.
We may share personal information with third parties to help us with our marketing initiatives or communications.
To opt-out of receiving marketing communications (from us or our promotional partners), you can choose one of the following ways:
- following the unsubscribe instructions in the email/SMS; or
- sending a written notice via email to [email protected] requesting to opt-out.
Please note that even if you unsubscribe from our marketing mailing list, we may continue to send you service-related updates and notifications or respond to your inquiries or complaints, and similar communications.
8. THIRD PARTY SITES & SERVICES
9. HOW WE PROTECT PERSONAL INFORMATION
We understand how important your privacy is – that is why we use a variety of security measures to protect the security and confidentiality of the personal information you entrust to us.
These measures include appropriate physical, electronic and procedural safeguards, in compliance with the applicable laws and regulations and include the following:
- we use computer safeguards such as Secure Sockets Layered (SSL) technology to ensure that your information is encrypted and sent across the Internet securely;
- we store decryption keys in separate systems;
- we use firewalls to actively protect our servers from hackers and other vulnerabilities;
we enforce physical access controls to our buildings, files and databases;
- we utilise information access authorisation controls and limit access to only those employees who require it to fulfil their job responsibilities.
Further, financially sensitive information, for example your credit/debit card data is securely transferred and hosted off-site by third party payment processors. This information is not accessible even to us.
We regularly review our security protocols, in light of new and relevant legal and technical developments.
We also train and raise awareness for all our employees on the importance of maintaining, safeguarding and respecting your personal information and privacy.
While we take reasonable measures to safeguard your personal information, we cannot guarantee that loss, misuse, unauthorised acquisition or alteration of your information will not occur.
Furthermore, we cannot ensure the security or confidentiality of information you transmit to us or receive from us by Internet or wireless connection, including email, phone, or SMS, since we have no way of protecting that information once it leaves and until it reaches us.
Please recognise that you play a vital role in protecting your own personal information. If you suspect that your personal information has been compromised, please contact us immediately at [email protected].
10. RETENTION OF PERSONAL INFORMATION
We will only retain your personal information for as long as necessary to fulfil the purposes described here, subject to legal and regulatory obligations.
Information about our typical retention periods for different aspects of your personal information are described below:
- Personal information collected to comply with our legal obligations under financial or anti-money laundering laws may be retained for as long as required under applicable laws, usually for a period between five to seven years.
- Contact Information such as your name, email address and telephone number for marketing purposes is retained on an ongoing basis until you unsubscribe. Thereafter we will add your details to our suppression list to ensure we do not inadvertently market to you.
- Content that you post on the Site such as support desk comments, photographs, videos and other content may be kept for audit and crime prevention purposes.
- Recording of our telephone calls with you may be kept for a period of up to six years.
- Information collected via technical means such as cookies, webpage counters and other analytics tools is kept for a period of up to one year from expiry of the cookie.
Please note that personal information you provide during the process of creating a buy or sell order will be retained for one year, even if the transaction is incomplete or abandoned.
11. INTERNATIONAL TRANSFERS
To facilitate our global operations, we may process, transfer and store the information we collect from you within our family of companies, third party exchange partners and service providers (“Data Processors”) based throughout the world, including Australia, EU and the UK.
12. THE EEA, UK & SWITZERLAND TRANSFERS
The information we collect from you may be processed by Data Processors operating outside of the EEA, UK & Switzerland who are engaged on our behalf. Further, it may be transferred to, and stored at a location outside the EEA, UK & Switzerland.
We will ensure that the processing, transfer and storage is lawful (Model Contractual Clauses) and that Data Processors in international countries are obliged to comply with the European Union General Data Protection Act 2016 and the UK Data Protection Act 2018.
14. QUESTIONS, CONCERNS AND COMPLAINTS
Any questions, concerns, and complaints, should be first addressed to [email protected], so that we can try to resolve the issue internally.
If you are not satisfied with our response to your complaint, you can submit a complaint with your national data protection authority. For EEA & UK residents, you have the right to submit a complaint either in the Member State of the European Union where you reside, where we are based or where an alleged infringement of Data Protection Law has taken place.
Office of the Privacy Commissioner of Canada (OPC) by phone at 1 800 282 1376, or by visiting the website https://www.priv.gc.ca/en/.
Dutch Data Protection Authority (Autoriteit Persoonsgegevens) by phone at +31 70 888 85 00, or by visiting the website https://autoriteitpersoonsgegevens.nl/en.