For residents of the European Economic Area (EEA) only

1. DEFINITION

As used herein, the following terms are defined as follows:

“The Company”, “BitMart”, “we” and “us” refer to the website https://www.bitmart.com (hereinafter referred to as “this Website” or “the Website”) and Mobile App, both are platforms dedicated to the transaction of Digital Assets and the provision of related services.

“Digital Asset” refers to a digital representation of value (also referred to as “cryptocurrency,” “virtual currency,” “digital currency,” “crypto token,” “crypto asset,” or “digital commodity”), which is based on the cryptographic protocol of a computer network that may be (i) centralized or decentralized, (ii) closed or open-source, and (iii) used as a medium of exchange and/or store of value.

“Services” refers to services offered on the Website https://www.bitmart.com or when you use the BitMart mobile app.

“User” refers to all persons who explore our Services, sign up for, and access our Services.  For the convenience of wordings in this Policy, users are also referred to as “you” or any other applicable forms of the second-person pronouns.

“User Account” refers to a user-accessible account offered via the Company’s services, including without limitation, the hosted wallet services where Digital Assets are stored. 

“Personal Information” or “Personal Data” or “your data” refers to any information relating to you as an identified or identifiable natural person, including but not limited to your name, an identification number, location data, or an online identifier or to one or more factors specific to the physical, economic, cultural or social identity of you as a natural person.

Regarding the terms used in this Privacy Policy, such as “Processing” or “Controller”, we refer to the definitions of Article 4 of the GDPR.

2. PURPOSE

This Privacy Policy describes how we collect, use, and share Personal Information when you explore, sign up for or access our Services. We collect and use your information in order to provide and improve our Services and your experience, protect the security and integrity of our platform, and meet our legal obligations. We share your data with our affiliates, as well as trusted third parties and service providers, in order to offer our Services and fulfill legal requirements. Please read this Privacy Policy carefully as it is legally binding when you use any and all BitMart Services, regardless of how you access or use them, including through mobile devices or other portals. Accessing and using our Service means that you accept this Privacy Policy and its terms. If you do not wish for your Personal Information to be collected, used, or disclosed as described in this Privacy Policy, or you are under 18 years of age (the Services is not directed to persons under 18), you should stop accessing our Services immediately.

3. CONTROLLER

Unless otherwise specified, the BitMart entity responsible for the processing of your Personal Data as the controller is the entity that has the primary relationship with you. This may be the BitMart group entity that provides Services to you or provides promotional materials to you or the primary BitMart group entity in the region where you interact.

In some cases, more than one BitMart group entity may make decisions on how your Personal Data is processed, such as when two BitMart group entities co-sign a contract with you or multiple BitMart group entities organize an event. In these situations, all such entities are jointly responsible for the lawfulness of the specific processing activities as joint controllers.

In other cases, different BitMart group entities may independently determine how your Personal Data is processed as independent controllers, such as when one BitMart group entity uses Personal Data received from another BitMart group entity to market to you.

For further details, please do not hesitate to contact us using the contact details in Section 17.

4. DATA CATEGORIES AND SOURCES

We process the Personal Data that we receive from you within the scope of the business relationship and your usage of our website or Mobile App. Furthermore, we might process data we receive within BitMart and from publicly accessible sources (e.g.: commercial register, register of associations, media, sanctions lists). Personal Information you provide during the registration process may be retained, even if your registration is left incomplete or abandoned.

To be more specific, when using BitMart's Services or interacting with BitMart, the following Personal Data might be processed:

4.1 Information You Provide to Us:

• Identification Information, such as name, date of birth, nationality, gender, email, phone number, postal address, utility bills, and/or government-issued identity documents (sensitive Personal Information may be included);
• Commercial Information, such as trading activity, order activity, deposits, withdrawals, account balances and/or the information of the sender/recipient;
• Financial Information, such as bank account information, routing number, trading and investment experience, tax identification number, income/net assets/wealth verification statements;
• Correspondence, such as information that you provide to us in correspondence, including account opening and customer support;
• Audio, Electronic, Visual, Thermal, Olfactory, or Similar Information, such as images and videos collected for identity verification, audio recordings left on answering machines;
• Biometric Information, such as scans of your facial geometry extracted from identity documents;
• Professional or Employment-related Information, such as job title, source of wealth;
• Institutional Information, such as for institutional entities, we may collect additional information, including the institution’s legal name, Employer Identification Number (“EIN”) or any comparable identification number issued by a government, and proof of legal existence (which may include articles of incorporation, certificate of formation, business license, trust instrument, or other comparable legal document);
• Wallet Information: such as when you sign up and connect your wallet to your BitMart account, we may collect your Wallet address and information related to the integrations that you select;
• Preferences: such as settings and preferences you select in the BitMart app; and
• Additional Information You Submit to Us: such as communications including survey responses, information provided to our Customer Support team or User Research team, e.g. communications with interfaces such as our chatbots.

4.2 Information Collected Automatically:

• Online Identifiers: such as IP address;
• Device Information: such as hardware, operating system, browser, screen size; and
• Usage Data: such as system activity, internal and external information related to the BitMart website or Mobile App that you visit, clickstream information.

4.3 Information We Obtain from Other Sources:

We may receive information about you from third parties such as service providers, law enforcement departments, advertising networks, analytics providers, and search information providers may provide us with anonymized or de-identified information about you, such as confirming how you found our Services.

We may read and store information about you that is written on a blockchain, other publicly available ledgers or is otherwise in the public domain, and the information relating to fraud, security, sanctions, AML, and other risks. 

5. PURPOSE AND LEGAL BASIS

All processing is performed in accordance with applicable data protection legislation. This includes but not limited to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) “GDPR”. Additionally, we adhere to international standards that help trace and combat illicit activities in the financial sphere, such as those set by the Financial Action Task Force (FATF).

5.1 We Will Not Share Your Personal Information with Third Parties, Except as Described Below:

• Service Providers. We may share your Personal Information with third-party service providers for business or commercial purposes. Your Personal Information may be shared so that they can provide us with services, including identity verification, fraud detection and prevention, credit verification, security threat detection, payment processing, customer support, data analytics, Information Technology, advertising, marketing, data processing, network infrastructure, storage, transaction monitoring, and tax reporting. We share your Personal Information with these service providers only so that they can provide us with services, and we prohibit our service providers from using or disclosing your Personal Information for any other purpose. Our third-party service providers are subject to strict confidentiality obligations.
• Affiliates. We may share your Personal Information with our affiliates for the purposes outlined above, and as it is necessary to provide you with our Services.
• Business Partners. We may share your Personal Information with other companies with whom we partner to provide services or other offerings to you and carry out other related activities.
• Analytics Partners. We may share your Personal Information with our partners who assist us in performing analytics and help us measure the effectiveness of our Services’ content and our marketing and advertising efforts.
• Marketing and Advertising Partners. We may share your Personal Information with third parties for marketing and advertising purposes, including social media platforms, third-party advertising networks, and other parties that assist us in serving and optimizing our advertisements.
• Legal Obligations. We may be required or in good faith and in our sole discretion as we believe is necessary, to share your Personal Information with law enforcement, government agencies, regulators or third parties to comply with legal or regulatory requirements, or to preserve our rights or to protect against fraud or other illegal activity.
• Corporate Transactions. We may disclose Personal Information in the event of a proposed or consummated merger, acquisition, reorganization, asset sale, or similar corporate transaction, or in the event of a bankruptcy or dissolution.
• Professional Advisors. We may share your Personal Information with our professional advisors, including legal, accounting, or other consulting services for purposes of audits or to comply with our legal obligations.
• Other business or commercial purposes. We may share or disclose your Personal Information for other business or commercial purposes as permitted by law.

5.2 Based on Your Consent (Art 6 Para 1a GDPR):

If you have given us your consent to process your Personal Data, processing will only take place in accordance with the defined purposes and to the extent agreed in the declaration of consent. Given consent may be withdrawn at any time without giving reasons and with future effect if you no longer agree to the processing. For example, with your consent, we are processing data for the following purposes:

• for the use of the Mobile App functions that you allow us to enable through the device-based setting;
• marketing and advertising communication including ads, website analysis, and tracking; and
• auto-ident procedures for verifying your account (validation of identity).

Please note that the withdrawal of the consent does not affect the lawfulness of processing based on consent before its withdrawal.

5.3 Processing for Other Purposes:

As a general principle of BitMart, we only process Personal Data for the purposes for which they were collected. In exceptional cases, however, we might process your Personal Data which we have collected for one specific purpose for another purpose which is however compatible with the purpose for which the Personal Data are initially collected. In this case, we will inform you before the intended processing about this purpose, the period for which your Personal Data will be stored, the exercise of data subject rights, the option to withdraw consent, the existence of the right to file a complaint with the data protection authority, whether the provision of the data was necessary on legal or contractual grounds and what the consequences would be if it were not provided, and whether automated decision-making or profiling is carried out.

6. SPECIAL CATEGORIES OF PERSONAL DATA

This term stems from Art 9 GDPR and includes data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as genetic and biometric data (Art 9 para 1 GDPR). In general, BitMart does not process such categories of Personal Data; however, during your onboarding, you may be asked to complete identity verification via auto-ident procedures in which, in addition to the actual verification data (e.g. screenshots of ID documents and identification data from these, residence, status of politically exposed persons, video data, etc.), biometric data (e.g. Personal Data resulting from specific technical processing in connection with the physical, physiological or behavioral characteristics of a person and enabling the unique identification of a person, e.g. facial images) is also collected. Such processing of biometric data takes place on the basis of your express consent, which you may revoke at any time, and on the basis of substantial public interest as outlined in Art 9 GDPR. We may also process and store the provided biometrical data on the grounds of public interest for the purposes of fraud prevention.

In certain circumstances, biometric data will be processed solely by our service providers and will be erased completely within 5 years after performing the identification. BitMart only receives the positive or negative verification result alongside other verification data and does not process biometric data from Users itself at any time.

7. RECIPIENTS OF PERSONAL DATA

The protection and confidentiality of your Personal Data is important to BitMart. Therefore, we transfer your Personal Data only to the extent described below or within the scope of instruction at the time the data is collected from you. In addition, Personal Data that we collect concerning you will neither be sold by us nor otherwise disclosed to third parties and in general limited to the recipients in the following groups: 

7.1 Data Transfer to Processors:

To a limited extent, we also transmit Personal Information to our Processors. Such include, service providers for video authentication services, IT services, User support, improvement of our website, monitoring of defective business cases, and application management. Processors may only use this data to the extent necessary to perform services for us or to comply with legal requirements. We contractually oblige these Processors to ensure the confidentiality and security of your Personal Data that they process on our behalf.

7.2 Disclosing Data To Public Bodies and Institutions:

Your Personal Data might be disclosed to public bodies and institutions (i) if we are required to do so by law or in the context of legal proceedings, (ii) if we believe that disclosure is necessary to prevent damages or financial loss, or (iii) in connection with an investigation into suspected or actual fraudulent or illegal activities.

7.3 Data Transfer to Other Third Parties:

BitMart will only share your Personal Data with other third parties if a legal basis applies. Such legal basis may be due to our contract with you, our legitimate interests, a legal obligation or your prior consent (withdrawable at any time).

8. INTERNATIONAL DATA TRANSFER

Due to the global nature of our operations, some of the recipients mentioned in Section 7 of this Privacy Policy may be located in countries outside the EEA, Switzerland or the UK that do not provide an adequate level of data protection as defined by data protection laws in the EEA, Switzerland and the UK. Certain third countries have been officially recognized by the European Commission, Switzerland, and the UK Secretary of State as providing an adequate level of protection. Transfers within our corporate group or to third parties located in third countries that have not received such recognition take place using an acceptable data transfer mechanism, such as the EU and/or UK Standard Contractual Clauses, Binding Corporate Rules, approved Codes of Conduct and Certifications, on the basis of permissible statutory derogations, or any other valid data transfer mechanism issued by the EEA, Swiss or UK authorities.  

Please reach out to us using the contact information in Section 17 if you want to receive further information about how we transfer Personal Data or, where available, a copy of the relevant data transfer mechanism.

9. SOCIAL MEDIA PRESENCE

BitMart maintains social media presence on different platforms in order to communicate with its active Users, prospective Users and interested social media Users about BitMart’s Services, products and other news. For your own use of such social media platforms, the general terms and conditions, as well as the privacy policies and practices (e.g. processing outside of the European Economic Area) of these operators, apply. We would like to point out that User data may also be processed outside the European Union. This can result in risks for Users due to different legal frameworks (e.g. it could make it more difficult to enforce data subject rights).

Social media platforms might track your behavior (e.g. what content you clicked on or what websites you opened) when you are logged in to your account. To prevent such associations, you may want to log out of your social media accounts. BitMart has no control and no responsibility over the general activities of social media platforms and your behavior and will therefore not assume any liability for damages incurred by them using your Personal Data. For more information regarding tracking, cookies and similar technologies as well as opt-out possibilities in BitMart’s own services and associated services, please find more details at our Cookie Policy.

Contrary to what was said about the general practices of social media platforms, BitMart is responsible for the processing of Personal Data gathered by communicating directly with us via such platforms (e.g. likes, direct messages, comments). At the same time, this Personal Data will also be processed by the social media platform itself according to their own practices and privacy policy and we have no influence on this. For a detailed explanation of the respective processing and the possibilities of exercising data subject rights and opting out of tracking with providers of social media networks, we refer to the respective privacy notices of the providers. 

10. NEWSLETTER

If you would like to receive more information in regards to our existing product, related news or new launches, you might want to read our newsletter. We will only send newsletters and other electronic notifications to you if you are subscribed.

Our newsletter might contain trackers for us to better understand our Users’ interactions with the newsletter. You can find more information on tracking in our Cookie Policy.

If you need a break from our newsletter or do not want to receive it anymore, you may unsubscribe at any time.

11. RETENTION AND DELETION PERIODS

We retain and process your Personal Data only as long as absolutely necessary. This means for the duration of the entire business relationship (from initiation through performance to termination of a contract), and after that for how long applicable legal retention periods stipulate. Beyond this, we retain your data only for a longer period, in accordance with statutory retention and documentation obligations or to defend legal claims. When we perform payment initiation services for you, we will not store the sensitive payment data obtained thereby.

Unless expressly stated in this Privacy Policy, Personal Data processed by us shall be erased as soon as they are no longer required for their intended purpose and the erasure does not conflict with any statutory retention obligations.

12. DATA SUBJECT RIGHTS

12.1 Right of Access (Art 15 GDPR): You have the right to request confirmation from us as to whether we are processing Personal Data concerning you and to receive a copy of the Personal Data concerning you which is undergoing processing.

12.2 Right to Rectification (Art 16 GDPR): You can at any time request to rectify incorrect data and provide supplementary information to an incomplete record.

12.3 Right to Erasure (Art 17 GDPR): You can at any time ask us to delete the Personal Data we have stored about you, which we will act upon unless there is an overriding exception. We may not be able to comply with your request if we still need to process the data in relation to the purposes for which we collected them in the first place (e.g. you are still in an active business relationship with us). Another case where we might deny your request is if you withdraw your consent on which the processing was based but there is another legal basis or overriding legitimate interest on our side for that. The most important case where we could not be able to delete your data is when we are required to retain it for compliance with a legal obligation under European Union or Member state law that we are subject to. In any other case, we will gladly follow-up on your request.

12.4 Right to Restriction of Processing (Art 18 GDPR): You have the right to ask us to restrict the processing of your Personal Data where one of the following conditions applies:

• you contest the accuracy of the Personal Data (the restriction shall be put in place for a period which enables BitMart to verify the accuracy of the Personal Data); 
• the processing of your Personal Data was unlawful, and you oppose the erasure of your Personal Data and request instead the restriction of their use; 
• BitMart no longer requires your Personal Data for the purposes of the processing, but you require them for the assertion, exercise or defense of legal claims; or 
• you have objected to processing of your Personal Data and it has not yet been determined whether the legitimate grounds of BitMart override your own.

12.5 Right to Data Portability (Art 20 GDPR): You have the right to receive the Personal Data concerning you which you have provided to us in a structured, commonly used and machine-readable format. The right to data portability does not apply to processing which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

12.6 Right to Object (Art 21 GDPR): YOU HAVE THE RIGHT TO OBJECT ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME IF THE PROCESSING IS BASED ON OUR LEGITIMATE INTERESTS. WE WILL STOP PROCESSING YOUR DATA FOR THIS PURPOSE UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR UNLESS THE PROCESSING IS FOR THE ASSERTION, EXERCISE OR DEFENSE OF LEGAL CLAIMS. IN REGARDS TO PERSONAL DATA PROCESSED FOR DIRECT MARKETING PURPOSES, YOU CAN OBJECT AT ANY TIME BY CONTACTING US VIA THE LISTED CONTACT POINTS. YOUR OBJECTION DOES NOT AFFECT THE LAWFULNESS OF PROCESSING YOUR PERSONAL DATA BASED ON LEGITIMATE INTERESTS BEFORE YOUR WITHDRAWAL.

12.7 Right to Withdraw Consent (Art 7(3) GDPR): You have the right to at any time withdraw your consent for processing, upon which we will stop processing your Personal Data based on this legal basis unless a different legal basis is applicable. The withdrawal does not affect the lawfulness of processing your Personal Data based on consent before your withdrawal.

12.8 Right to Not Be Subject to Automated Decision-Making (Art 22 GDPR): BitMart does not use Personal Data for automated decision-making including profiling within the meaning of Art 22 GDPR (e.g. decisions producing legal effects concerning data subjects, or otherwise significantly affecting them, based solely on automated processing of Personal Data, including profiling).

To exercise one of the above-mentioned rights you can approach us either via our customer service or simply send an email to legal@bitmart.com. Please note that for such requests we may require further identification data from you (e.g. Passport, ID card data, etc) to verify the legitimacy and legality of your request.

13. SUPERVISORY AUTHORITY

You have the right to file a complaint to the competent supervisory authority if you think your rights have been violated under the GDPR.

14. PERSONAL DATA COLLECTED

We are only collecting your data when required for our contractual relationship to be executed (necessary to create an account, etc.), required by law (KYC verification) or upon your consent. In these cases, Failure to provide the required data may result in us not being able to offer you our Service. For details, please see Section 5 above.

15. DATA SECURITY

The security of data is very important to BitMart and we are committed to protecting data we collect. We maintain comprehensive administrative, technical and physical measures designed to protect your Personal Data against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use.

We have implemented the following technical and organizational measures for example:

• Physical measures: Physical records of your Personal Information, if any, will be stored in a properly locked place against loss, theft, unauthorized use, disclosure, or modification.
• Electronic measures: Electronic data that contain your Personal Information will be stored in properly encrypted computer systems and storage media that are subject to strict login/access restrictions.
• Technical measures: Proper encryption techniques, including but not limited to Secure Socket Layer Encryption technology, the zero trust and secure access service edge (SASE), multi-factor authentication (MFA), and Data Loss Prevention (DLP) may be used to protect your Personal Information.
• Managerial measures: Only staff members duly authorized by us can access your Personal Information, and these staff members are duly trained and monitored to comply with our internal protocols concerning Personal Data protection.
• Other measures that we deem necessary to ensure the safety of your Personal Information.

Please also make sure that you use the two-factor authentication (2FA) for your BitMart account, keep your access data confidential and protect your computer against unauthorized access.

16. UPDATES OF THIS PRIVACY POLICY

BitMart is committed to upholding the principles of data protection up to date. For this reason, we regularly review and update our Privacy Policy. This is to ensure that it is correctly and clearly displayed on our website, contains appropriate information about your rights and our processing activities (also with regard to technical changes or business development) and is implemented in accordance with applicable law, thus complying with data protection requirements. We update this Privacy Policy from time to time when required, in order to take current circumstances into account. If we make significant changes to this Privacy Policy, we will notify you after you log into your account and provide you with the updated version of the Privacy Policy. If it is required by applicable law, BitMart will obtain your express consent to significant changes.

17. CONTACT US

If you have any further questions about this Privacy Policy or the processing of your Personal Data, please contact legal@bitmart.com.