Bitchange.Online Privacy Policy
Valid as of October 10, 2019
ABOUT BITCHANGE.ONLINE
Bitchange.online is a website that offers services provided by Bitchange OÜ, an Estonian
company registered at Rävala pst 8 Kesklinna linnaosa, Tallinn Harju maakond 10143
(hereafter “Controller”).
SCOPE OF PRIVACY POLICY
This Privacy Policy describes how Bitchange OÜ collects, uses, stores, shares and protects
your Personal Data whenever you use Services through the Website or Mobile application or by
other means, for example by writing us an email or filling out any form on the Website.
Please read this carefully as this document is legally binding when you use our Services.
Please discontinue use of any of our Services if you do not agree with this Privacy Policy.
We may amend this Privacy Policy at any time by posting the amended version on this site
including the effective date of the amended version. Where appropriate, we will notify you via
email.
PERSONAL DATA WE COLLECT
Personal data is data that can be used to identify you directly or indirectly. Our privacy
policy covers all personal data that you voluntarily submit to us and that we obtain from
our partners. This privacy policy does not apply to anonymized data as this cannot be used
to identify you.
We may collect the following types of information:
- Personal Identification Information: Full name, date of birth, age, nationality, gender,
signature, utility bills, photographs, phone number, home address, and/or email.
- Formal Identification Information: Tax/other ID numbers, passport number, driver’s
license details, national identity card details, photograph identification cards, and/or
visa information.
- Financial Information: Bank account information, payment card primary account number
(PAN), transaction history, trading data, and/or tax identification.
- Transaction Information: Information about the transactions you make using our services,
such as the name of the recipient, your name, the amount, and/or timestamp.
- Employment Information: Office location, job title, and/or description of the role.
- Online Identifiers: Geolocation/tracking details, browser fingerprint, OS, browser name
and version, and/or personal IP addresses.
- Usage Data: Survey responses, information provided to our support team, public social
networking posts, authentication data, security questions, user ID, click-stream data
and other data collected via cookies and similar technologies.
HOW DO WE USE YOUR PERSONAL INFORMATION
We collect personal data to provide you with our services. When we require certain personal
information from users it is because it is necessary for the specified purposes. Our primary
purpose in collecting personal information is to provide you with a secure, smooth, efficient,
and customised experience. In general, we use personal data to create, develop, operate, deliver,
and improve our services, content and advertising, and for loss prevention and anti-fraud purposes.
We may use this information in the following ways:
To maintain KYC and AML principles
Buying and selling of cryptocurrency may infer the necessity for us to collect and use your
personal identification information, formal identification information, financial
information, transaction information, employment information, online identifiers, and/or
usage data in certain ways. In addition, we may use third parties to verify your identity by
comparing the personal information you provided against third-party databases and public
records.
To provide Controller’s services
We process your personal data in order to provide the services to you, including providing
service information, customer services, and quality control. For example, when you want to
buy or sell cryptocurrency, we require certain information such as your identification and
contact information. The deal cannot happen without such information.
When exchanging cryptocurrency, Controller handles sensitive information, such as your
identification and sometimes financial data – it is therefore very important for us and our
clients that we are actively monitoring, investigating, preventing and mitigating any potentially
prohibited or illegal activities, and/or violations of our posted user agreement or agreement
for other services. In addition, we may need to collect fees based on your use of our services.
We collect information about your account usage and closely monitor your interactions with our
services. We may use any of your personal data collected on our services for these purposes.
For research and development purposes
We process your personal data to better understand the way you use and interact with
Controller. In addition, we use such information to customize, measure, and improve
Controller’s services and the content and layout of our website and applications, and to
develop new services. Without such processing, we cannot ensure your continued enjoyment of
our services. Our basis for such processing is a legitimate interest.
We will not use your personal data for any other purposes than those described in this
policy, without informing you. From time to time we may request your permission to allow us
to share your personal data with third parties. You may opt out of having your personal data
shared with third parties. If you choose to so limit the use of your personal data, certain
features or Controller’s services may not be available to you.
PERSONAL DATA FROM THIRD PARTY PROVIDERS
Controller primarily collects personal data about you from you. From time to time, we may,
however, also collect data about you from third-party sources, such as public databases,
credit bureaus, ID verification partners, resellers and channel partners, joint marketing
partners, and social media platforms.
We obtain information about you from public databases and ID verification partners for
purposes of verifying your identity in order to comply with KYC and AML policy. ID
verification partners use a combination of government records and publicly available
information about you to verify your identity. Such information includes your name, address,
job role, public employment profile, credit history, status on any sanctions lists
maintained by public authorities, and other relevant data.
COLLECTION AND USE OF INFORMATION COLLECTED AUTOMATICALLY
We may receive and store certain types of information automatically, such as whenever you
interact with our website. This information does not necessarily reveal your identity
directly but may include information about the specific device you are using, such as the
hardware model, device ID, operating system version, web-browser software (such as Firefox,
Safari, or Internet Explorer) and your Internet Protocol (IP) address/MAC address/device
identifier.
For example, we may automatically receive and record information on our server logs from
your browser, including your IP address; device type and unique device identification numbers,
device event information (such as crashes, system activity, and hardware settings, browser type,
browser language, the date and time of your request and referral URL), broad geographic location
(e.g. country or city-level location) and other technical data collected through cookies, pixel
tags and other similar technologies that uniquely identify your browser. We may also collect
information about how your device has interacted with our website, including pages accessed and
links clicked. We may use identifiers to recognize you when you arrive at the Site via an external
link, such as a link appearing on a third party site.
Cookies
One method Controller may use to collect data about your use of Controller’s services is
through the use of cookies (small files placed on your hard drive). These help to analyze
visits to our services and help us to deliver a more useful final product. You can manage
cookies through the settings of your internet browser. You can have the browser notify you
when you receive a new cookie, delete individual cookies or delete all cookies.
HOW WE SHARE YOUR PERSONAL DATA WITH OTHER PARTIES
We take care to allow your personal data to be accessed only by those persons at Controller
who really need to – and only when it is necessary – in order for them to perform their tasks
and duties. Furthermore, we only share your data with third parties who have a legitimate purpose
for accessing it and with the appropriate legal basis. Controller will never sell or rent out
your personal information. We will only share your information in the following circumstances:
- We may share the information collected for KYC and AML compliance with the third-party
contractors that provide risk management, due diligence, compliance and related
services, depending on the relationship nature with you, your country of origin, and
volume of deposits or transactions.
- We share your information with financial institutions which we partner with to process payments.
- We may share your information with law enforcement, officials, or other third parties
when we are compelled to do so by a subpoena, court order, or similar legal procedure,
or when we believe in good faith that the disclosure of personal information is
necessary to prevent physical harm or financial loss, to report suspected illegal
activity or to investigate violations of our user agreement or any other applicable
policies.
HOW WE PROTECT AND STORE PERSONAL INFORMATION
We understand how important your privacy is, which is why Controller maintains (and
requires its service providers to maintain) appropriate physical, technical and
administrative safeguards to protect the security and confidentiality of the personal
information you entrust to us.
We may store and process all or part of your personal and transactional information,
including certain payment information, such as your encrypted bank account and/or routing numbers,
in Estonia and elsewhere in the world where our facilities or our service providers are located.
We protect your personal information by maintaining physical, electronic, and procedural
safeguards in compliance with the applicable laws and regulations.
We maintain physical, electronic, and procedural safeguards that comply with the relevant
laws and regulations to protect your personal information from unauthorized access.
All personal data is stored on a separate restricted server, accessible only to a certain
number of employees. Should these employees need to send such documents to each other, they do
it via internal secure communication means.
All documents we receive from our clients are transferred by direct upload to our website or to our KYC provider’s secure platform. Thus we avoid using extra proxy such as email server or messenger server. Whenever we need to accept documents via e-mail, we use one of the most secure mail providers ProtonMail, where all data is encrypted in a way that it is inaccessible to anyone but recipient and sender.
We will store personal information no longer than it is necessary for the purposes for which
the personal data are processed.
Unfortunately, despite best practices and technical safeguards, the transmission of information
via the internet is not completely secure. Although we do our best to protect your personal data,
we cannot guarantee the security of your personal information during transmission, and any acts
of transmission are at your own risk.
YOUR RIGHTS
When we process your personal data, you have a number of rights under the General Data
Protection Regulation.
In general, you have a right of access to Controller’s processing of your data. This means
that you can ask us for information about our processing of your data and for a copy of the
data. You also have the right to have a copy of your personal data transmitted to another
enterprise, where technically feasible.
In addition, you have a right to object to our processing of your data. If the situation
should occur, we will decide whether we are able to meet your objection. If that is the
case, we will no longer process the data in question.
Finally, you have a right to have edited, updated, erased, blocked or rectified any data
that turn out to be inaccurate or misleading or in a similar way have been processed in
conflict with legislation. Please note that you will be able to request deletion of your
contact details and other registration data only if there is no legal obligation for
Controller to preserve such data under the applicable laws.
COMPLAINTS
Complaints about our processing of your personal data can be filed at Estonian data
protection authority (Data Protection Inspectorate, DPI).
CONTACT AND NEWSLETTERS
If you have given your consent, Controller may contact you via the address, e-mail and/or
phone number you provide on your account for marketing, surveys, news and/or similar
initiatives.
The Controller also reserves the right to contact you and request to provide more
information or confirm that provided information is up-to-date and valid.
GOVERNING LAWS
Information collected through Controller will be treated in accordance with current
Estonian legislation and the EEA Data Protection Law.
CONTACT