Privacy is of utmost importance at Bitcoin.com. We recognize the significance of protecting information which is stored on our servers or network or is intended to be stored on our servers or network and which relates to an individual. The data we protect are the “Personal Data” which is any information that can be used to identify you directly or indirectly.
The organization who is responsible for ensuring that your Personal Data is processed in compliance with applicable regulations is: Saint Bitts LLC, Nelson Springs Commercial Complex, Colquhoun Estate, Nevis, company number L17015 (the “Data Controller”).
If you have any concern, question or if you would like to exercise any of your rights with respect to your Personal Data, you may contact our Data Protection Officer (“DPO”) at email@example.com.
We collect your Personal Data through a variety of methods: either you provide it to us directly, we collect it from external sources, or we collect it by using automated means.
You may give us information about you by filling in forms on our Sites or through our app or by corresponding with us by phone, email or otherwise. This includes information you provide when you register to use the Services and when you report a problem with the Sites or with our app.
With regard to each of your visits to our Sites or our app we automatically collect the following information:
Depending on the Service, we may collect information from you in order to meet regulatory obligations around know-your-customer (“KYC”) and anti-money laundering (“AML”) requirements. Information that we collect from you includes the following:
We also receive information from other sources and combine that with the information we collect through our Services. For instance:
We only use your Personal Data where we have a legal basis to do so:
For some processing activities, we require your prior consent. This applies for example to some of our direct marketing activities which fall under the scope of the GDPR. You will always be prompted to take clear, affirmative action so that we can ensure that you agree with the processing of your Personal Data. This action may, for example, take the form of a checkbox. If you have given us your consent for processing operations, you may always change your mind, and withdraw your consent at any time and easily; all you need to do is to send us an email at the following address firstname.lastname@example.org
Some Personal Data we process about you is for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract with us.
In some cases, we have to process your Personal Data to comply with legal obligations, including those applicable to financial services institutions, such as under the Bank Secrecy Act and other anti-money laundering laws. You may not be eligible for certain Services if we cannot collect the Personal Data necessary to meet our legal obligations.
In most cases where we process Personal Data in the context of our Services we rely on our legitimate interests in conducting our normal business as a legal basis for such processing. Our legitimate interests are to identify or prevent fraud, to enhance the security of our network and information systems, or to carry out processing operations for statistical purposes. We will use legitimate interest only when we have carried out an assessment on the impact that this processing may have on you, and concluded that the processing does not unduly infringe your rights and freedoms. For example, we do not use this justification if we process sensitive data, or when the processing would be unexpected for you, or if we consider it to be too intrusive.
We collect your Personal Data to:
We will only retain your personal information for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting obligations or to resolve disputes. While retention requirements vary by jurisdiction, information about our typical retention periods for different aspects of your personal information are described below.
When Personal Data is no longer necessary for the purpose for which it was collected, we will remove any details that identifies you or we will securely destroy the records, where permissible. However, we may need to maintain records for a significant period of time (after you cease using a particular Service) as mandated by regulation. For example, we are subject to certain anti-money laundering laws that require us to retain the following, for a period of five (5) years after our business relationship with you has ended.
Service providers who help with our business operations and to deliver our Services, such as:
We also may share Personal Data with a buyer or other successor in the event of a merger, divestiture, restructuring, reorganisation, dissolution or other sale or transfer of some or all of Bitcoin.com’s assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which Personal Data held by Bitcoin.com is among the assets transferred.
Funding and transaction information related to your use of certain Services may be recorded on a public blockchain. Public blockchains are distributed ledgers, intended to immutably record transactions across wide networks of computer systems. Many blockchains are open to forensic analysis which can lead to deanonymization and the unintentional revelation of private financial information, especially when block chain data is combined with other data.
Because blockchains are decentralised or third-party networks that are not controlled or operated by Bitcoin.com or its affiliates, we are not able to erase, modify, or alter Personal Data from such networks.
As we are located outside of the European Union, we will ensure that any entity, whether our processor or affiliate that transfers Personal Data to us from the EU employs appropriate safeguards. If your Personal Data is transferred to us from the European Economic Area by our service providers (i.e., Data Processors who are engaged on our behalf) and business partners, we will ensure that the transfer is lawful.
Under the GDPR and relevant implementation acts, individuals have statutory rights related to their Personal Data. Please note that rights are not absolute and may be subject to conditions.
One key right is the Right to object. You have the right to object to processing of your Personal Data where we are relying on legitimate interests as our legal basis (see above). Under certain circumstances, we may have compelling legitimate grounds that allow us to continue processing your Personal Data. Insofar as the processing of your Personal Data takes place for direct marketing purposes, including profiling for direct marketing, we will always honor your request.
Other rights are as follows:
Before responding to your request, we will verify your identity and / or ask you to provide us with more information to respond to your request, if we have any doubts about your identity. We will do our best to respond to your request within one month, unless your request is particularly complex (for example if your request concerns a large amount of sensitive data). In such a case, we will inform you of the need to extend this response time by two additional months.
Bitcoin.com does not address anyone under the age of 18. We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us at email@example.com. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.
At Bitcoin.com, we take our responsibilities under the California Consumer Privacy Act (“CCPA”) seriously. If you are a California resident, the following provisions apply to our processing of information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household subject to the CCPA. For such residents, the provisions of this CCPA Addendum prevail over any conflicting provisions in our Bitcoin.com Privacy Notice.
1. California Personal Information We Collect We have collected the following categories of California Personal Information within the last 12 months:
|Identifiers||E-mail address, unique personal identifier, online identifier, Internet Protocol address, country of residence, or other similar identifiers.|
|Information under the California Customer Records statute||“Personal Information” described in subdivision (e) of Section 1798.80 (California Customer Records statute). This means any information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, his or her name, social security number, address, telephone number, passport number, driver’s license or state identification card number, bank account number, credit card number, debit card number, or any other financial information.|
|Commercial information||Commercial information, including records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies on our site|
|Internet or other similar network activity||Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet website, application, or advertisement|
|Geolocation data||Geolocation data|
|Inferences drawn from other personal information||Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes|
For each of these categories, we obtain California Personal Information from a variety of sources. These sources include: yourself, with respect to both online and offline interactions you may have with us or our service providers; other entities with whom you transact; others with whom you maintain relationships who may deal with us on your behalf; the devices you use to access our websites, mobile applications, and online services; identity verification and fraud prevention services; marketing and analytics providers; public databases; social media platforms; and others consistent with this CCPA Addendum. For more information, please see the “For what purposes do we collect your data?” section of our Privacy Notice.
For each of these categories, we share Personal Information with a variety of third parties. These third parties include: other Bitcoin.com entities; service providers; marketing and advertising providers; analytics providers; law enforcement, government officials, or other third parties pursuant to a subpoena, court order, or other applicable legal process or requirement; and merchants in cases of suspected fraud or in connection with an ongoing investigation.
3. Use of California Personal Information For each of the above categories, we use the California Personal Information we collect for the business purposes disclosed within this CCPA Addendum. Please note that the business purposes for which we may use your information include:
We may also use the information we collect for our own or our service providers’ other operational purposes, purposes for which we provide you additional notice, or for purposes compatible with the context in which the California Personal Information was collected.
4. Your California Rights If you are a California resident, you have certain rights related to your California Personal Information. You may exercise these rights free of charge except as otherwise permitted under applicable law. If you wish to submit a request under the CCPA, please do so by writing to firstname.lastname@example.org.
As required under applicable law, we may take steps to verify your identity before granting you access to information or acting on your request to exercise your rights. We may require you to provide information to verify your identity in response to exercising requests of the above type, including name and account information. We may limit our response to your exercise of the below rights as permitted under applicable law.
4.1. Right to Access/Know You have the right to request that we disclose to you:
To the extent that we sell your California Personal Information within the meaning of the California Consumer Privacy Act or disclose such information for a business purpose, you may request that we disclose to you:
4.2. Right to Delete You have the right to request that we delete California Personal Information about you which we have collected from you.
4.3. Right to Opt-Out and Right to Opt-In You have the right to direct us to not sell your Personal Information at any time (the “right to opt-out”) by managing your cookie preferences by contacting us at email@example.com.
4.4. Non-Discrimination Subject to applicable law, we may not discriminate against you because of your exercise of any of the above rights, or any other rights under the California Consumer Privacy Act, including by:
5. Changes to this Notice We may amend this Notice at any time by posting a revised version on our website. The revised version will be effective at the time we post it. You are responsible for periodically reviewing this Notice.
6. Contact Information You may contact us with questions or concerns about our privacy policies or practices at firstname.lastname@example.org.