Privacy Policy for XBBIT
Last Updated: 08/11/2023
Welcome to the XBBIT platform (https://xbbit.io). We respect your privacy and are committed to protecting your personal information. Please read this privacy policy in detail before using our platform.
At XBBIT, ensuring the security of your privacy and safeguarding your personal data is of utmost importance to us. This Privacy Policy has been developed to offer you a thorough understanding of our privacy procedures, covering the collection, utilization, and sharing of your personal data. This policy applies specifically to our cryptocurrency exchange platform, accessible at https://xbbit.io (referred to as the "Website"), as well as the associated mobile applications and services (collectively known as the "XBBIT Services").
Transparency and accountability are our core principles, and we strive to keep you fully informed about how we manage your personal data. If any parts of this Privacy Policy do not align with your preferences, we kindly suggest refraining from visiting, accessing, or using the XBBIT Services. Your privacy and data protection are of utmost significance to us, as we work to create a secure and seamless cryptocurrency experience.
Policy
Relevance of the Privacy Policy
Our core operations involve managing and operating a peer-to-peer cryptocurrency exchange platform, alongside related services.This Privacy Policy exclusively pertains to the XBBIT Services and does not extend to any third-party applications or software that may integrate with our platform, nor does it encompass other third-party products, services, or businesses.
Revisions to the Privacy Policy
Your privacy is of utmost importance to us, regardless of whether you are a new user or a long-standing member of the XBBIT Services community. We encourage you to acquaint yourself with our policies and practices to stay informed. Feel free to print and retain a copy of this Privacy Policy, but please bear in mind that we retain the right to modify any policies or practices as needed, with proper notification to users. You can always find the most up-to-date version of this Privacy Policy, along with its effective date, on this page.
Your agreement with the Privacy Policy
We kindly request that you carefully review this Privacy Policy before providing any personal data through the XBBIT Services. While most instances of processing your personal data are based on lawful grounds other than consent, there may be certain situations where we seek to obtain your explicit consent. These scenarios include:
Collection of additional personal data not covered in this Privacy Policy.
Utilization of your personal data for purposes not explicitly mentioned in this Privacy Policy.
Disclosure or transfer of your personal data to third parties not specified in this Privacy Policy.
Significant modifications to this Privacy Policy.
Your privacy and data protection are essential to us, and we value your informed consent when it comes to the handling of your personal data within the XBBIT Services environment.
Data
Data Types
Personal data
Personal data encompasses any information related to an identifiable individual, directly or indirectly, such as name, address, phone number, email, and IP address.
We adhere to the principles of data minimization, ensuring that we only gather the essential personal data required for your seamless utilization of the XBBIT Services.
The collection of your personal data serves specific and limited purposes, which we detail in this section. Here, we clarify the personal data we collect from you, the purposes for which we utilize this data, and the lawful bases upon which we rely when processing your personal data.
Intended uses of personal data:
We handle your personal data solely for explicit and legitimate purposes, clearly stated in this Privacy Policy. Primarily, we use your personal data to facilitate your utilization of the XBBIT Services, furnish you with the requested services, comply with our legal obligations (e.g., anti-money laundering laws and regulations), enhance and maintain the XBBIT Services, conduct business-related research, and address your inquiries. Rest assured that we will not employ your personal data for purposes other than those for which it was initially provided.
Types of personal data:
In line with data minimization principles, we gather only the necessary personal data crucial for your interactions with the XBBIT Services. This data can be directly provided by you when signing up to use our platform or contacting us, or it may be collected through automated means, such as browsing the Website or executing a transaction. The table below outlines the specific types of personal data we collect from you.
The comprehensive table below presents a detailed breakdown of the types of personal data we collect, the specific purposes for which we use this data, and the legal bases upon which we rely while processing your personal data. This transparent overview ensures your understanding of how your personal data is utilized within the XBBIT Services ecosystem.
Purpose | Types of personal data | Specific purposes | Legal bases |
Subscribe to receive notifications regarding the XBBIT Service
|
●Email address ●Phone number |
●Informing you about the XBBIT Services |
●Your consent |
Upon signing up to utilize the XBBIT Services | ●Email address ●Password
| ●Enabling your access to the XBBIT Services. ●Registering and maintaining your user account. ●Delivering the requested services. ●Contact you, if necessary. ●Analyzing and improving our business.
| ●Executing a contractual agreement with you; and ●Pursuing our legitimate business interests (managing and enhancing our business operations). |
Enhance your user account to facilitate transactions | ●Corporate name. ●Corporate establishment ●Proof of Business ●Address ●Certificate of Incorporation ●Memorandum & Articles of Association (or By-Laws) ●Business Registration ●Document or Certificate of Incumbency or Company Search Report ●Proof of Shareholders (or Members) Registration ●Proof of Directors Registration ● Company Ownership ●Structure indicating the ultimate individual shareholders ●Bank account information (bank name, bank account number, bank address, contact details, name of the beneficiary, wire instructions) ●Annual turnover ●Industry ●Source of funds ●Tax Identification Number
| ●Providing the requested services ●Confirming your identity ●Adhering to our legal responsibilities, including anti-money laundering laws and regulations ●Contacting you, if necessary ●Analyzing and improving our business | ●Carrying out a contract with you ●Pursuing our legitimate business interests, which include fulfilling legal obligations, maintaining security, and managing and improving our business. |
Engage in a transaction | ●Trading records ●Trading logs ●Addresses of digital assets ●Wallet address | ●Facilitating your transactions ●Adhering to our legal obligations (such as anti-money laundering laws and regulations) ●Administering, analyzing, and improving our business | ●Carrying out a contract with you ●Pursuing our legitimate business interests, which include fulfilling legal obligations, maintaining security, and managing and improving our business. |
Reach out to us via email or live chat | ●Full Name ●Email address ●Any additional personal data you provide in your message | ●Responding to your inquiries. ●Providing you with the requested information. | ●Pursuing our valid business interests in expanding and promoting our business. ●Obtaining your consent for any optional personal information you decide to share. |
Deposit or Withdrawal | ●Name ●Bank account information (bank account number, bank name, and billing address) ●Purpose of the transaction ●Contact information ●Relationship of the recipient ●Recipient information | ●Handling your deposits or withdrawals ●Maintaining our accountancy records ●Adhering to our legal responsibilities, including anti-money laundering laws and regulations
| ●Carrying out a contract with you ●Pursuing our legitimate business interests, which include fulfilling legal obligations, maintaining security, and managing and improving our business. |
Cryptocurrency deposit or withdrawal | ●Name ●Deposit wallet address ●Customer ID ●Transaction amount | ●Sharing the data with the originator or beneficiary VASP (Virtual Asset Service Provider) ●Complying with the FATF (Financial Action Task Force) Travel Rule | Advancing our valid business and services objectives, which encompass meeting legal responsibilities and ensuring operational security. |
Engage with the XBBIT Services | ●IP address ●Device ID, operating system, and model name ●XBBIT App version ●Errors encountered ●Cookie-related data ●Your approximate location | ●Analyzing, improving, and evaluating our business activities. ●Customizing the XBBIT Services to suit your location. ●Safeguarding the security of XBBIT Services. | Advancing our valid business interests, which encompass evaluating and improving our business activities, as well as ensuring the security of XBBIT Services. |
Security of Personal Data
At XBBIT, safeguarding your personal data and ensuring its security is of utmost importance to us. We employ robust technical measures to protect your personal data.
In this section, we provide you with information about these security measures. Our security measures encompass various safeguards to prevent unauthorized access, disclosure, modification, or destruction of your personal data. These measures include the implementation of secure networks, utilization of SSL protocol for data encryption, enforcing strong password policies, restricting access to personal data only to authorized staff, and anonymizing personal data whenever feasible. To enhance the security of your personal data, we strongly advise you to access the XBBIT Services through a secure network.
International transfers of personal data
Depending on your geographical location, it may be essential to transfer your personal data to a country outside of your jurisdiction to ensure the seamless provision of the XBBIT Services and other related purposes. For instance, if you are situated in the European Economic Area (EEA), the transfer of your personal data might be required to destinations beyond the EEA. In such cases, we will take necessary measures to ensure that the recipient third party's jurisdiction guarantees an adequate level of protection for your personal data, such as being a Privacy-Shield certified entity, or we will establish an agreement with the respective third party that ensures the necessary data protection, like a data processing agreement based on pre-approved standard contractual clauses.
Publicly disclosed personal information
In the event that you choose to publish information about yourself through the XBBIT Services, for instance, via your public user profile, you may opt to reveal certain aspects of your personal information. It is essential to exercise caution in such cases as this data will become accessible to other users of the XBBIT Services. We advise against disclosing unnecessary, extensive, or sensitive personal data, as it may be exploited by third parties for unlawful purposes. Furthermore, you are prohibited from disclosing personal data pertaining to other individuals without obtaining their prior consent for such disclosure. Should we become aware of any unlawful disclosure of personal data, we will promptly take necessary actions to remove the information or user accounts from the XBBIT Services.
Lack of submission of personal data
Unless explicitly stated otherwise, all personal data requested by XBBIT, is mandatory, and failure to provide such data may hinder us from delivering the XBBIT Services. In cases where we specify that certain personal data is not mandatory, you have the freedom to withhold this data without impacting the availability or functionality of the XBBIT Services. Please be aware that the provision of non-mandatory personal data constitutes your consent for us to process such data.
Your entitlements in relation to your personal data
In the realm of crypto operations, you hold essential rights concerning the processing of your personal data. Below, we enumerate these rights, detailing how you can exert control over your personal data:
Revoke your consent: You have the right to revoke your consent at any time if you previously granted consent for the processing of your personal data.
Raise an objection to processing: You have the ability to raise an objection against the processing of your personal data if such processing is founded on a legal basis other than the execution of a contract with you or the pursuit of our legitimate business interests.
Access your personal data:You retain the right to be aware of the personal data being processed by us and to obtain a copy of your personal data.
Verify and request correction: You can confirm the accuracy of your personal data and ask for revisions or adjustments if needed.
Limit processing: In certain situations, you retain the right to restrict the processing of your personal data.
Request deletion or removal of your personal data: Under certain circumstances, you have the right to request the removal of your personal data from our systems.
Receive and transfer your personal data: You have the right to obtain your personal data in a structured, widely used, machine-readable format, and, if technically possible, transfer it to another data controller.
File a complaint: If deemed necessary, you retain the right to submit a complaint to the relevant data protection authority.
Non-personal data
When utilizing the XBBIT Services, certain technical data about your device and visits is automatically collected in a non-personally identifiable manner. This non-personal data is used for specific purposes, and in this section, we outline the types of non-personal data we collect from you and the purposes for which we utilize this data.
Purposes of non-personal data:
The non-personal data we collect serves the following vital objectives:
User analysis: We use this data to analyze the types of users who visit and use XBBIT Services, providing us with a better understanding of our user community.
Service evaluation: By assessing the relevance, popularity, and engagement levels of XBBIT Services, we can continually improve and optimize our offerings.
Security and abuse prevention: Non-personal data is instrumental in detecting and mitigating security issues and instances of misuse of our services.
Feature development: Insights derived from non-personal data contribute to the development and provision of new features for XBBIT Services.
Personalization: Leveraging non-personal data enables us to tailor XBBIT Services to your specific needs.
Types of personal non-personal data
As you interact with XBBIT Services, we collect technical non-personal data automatically to support analytics. It's essential to recognize that de-identified personal data is also included in this grouping. However, please be assured that this data cannot be utilized to identify you. The non-personal data we gather encompasses:
Transaction data:When you carry out transactions, we capture details such as anticipated transaction volume, expected transaction frequency, and transaction specifics, including trades, deposits, withdrawals, parties participating, affiliations, and transaction intentions.
Usage data: When you access and use XBBIT Services, we collect information about the timing of your requests, the method by which they are sent to the server, the size of the server's response, server status codes (such as success or error), the country from which the request originates, details about your browser and operating system, the duration of time spent on each page, the order of pages visited, and other parameters related to your device and IT environment.
Customer interactions: If you reach out to us with questions, complaints, recommendations, or compliments, we retain records of these interactions and responses. Where possible, we will remove any identifying personal data.
Disclosure of non-personal data
Your non-personal data may be shared with third parties for various reasons. This may include sharing with potential partners or collaborators for business or research purposes, to improve XBBIT Services, respond to valid requests from public authorities, or develop new products and services.
Sensetive data
We are committed to not collecting any special categories of personal data, which are also referred to as sensitive data, from you.This includes information concerning your health, religious and political beliefs, racial origins, membership in professional or trade associations, or details about your sexual orientation. However, if you choose to voluntarily provide such sensitive data, it will be entirely your decision.
Aggregated and de-identified data
Should your non-personal data be combined with specific elements of your personal data in a manner that allows for identification, we will treat such aggregated data as personal data. Conversely, if your personal data is aggregated or de-identified to a point where it can no longer be linked to an identified or identifiable individual, it will be considered non-personal data, and we may use it for any business purpose.
Additional data and your discretion
Occasionally, we may receive additional data from you when you seek support, interact with our social media accounts, provide feedback, or communicate with us through any other means. It's important to emphasize that the submission of such data is completely optional, and you have the freedom to decide what personal information you want to share with us. We kindly encourage you to exercise caution when making your personal data publicly available. The information you provide will be used to respond to your inquiries, provide the services you've requested, and advance our legitimate business interests, such as analyzing and improving our business operations.
Retention
We retain your personal data only for the period necessary to fulfill its specific and limited purposes. This section outlines the duration for which we retain both your personal and non-personal data within our systems.
Your personal data will be processed and stored for as long as it is required to achieve the purpose for which it was collected. Therefore:
Personal data collected for purposes related to the performance of a contract between you and XBBIT will be retained until the contract is completely
Personal data collected for the purposes of XBBIT's legitimate interests will be retained for as long as necessary to accomplish those objectives.
If you grant consent for the processing of your personal data, we will retain it for (i) the duration required for the purposes for which you provided your consent or (ii) until you withdraw your consent, whichever happens first.
Once the designated retention period elapses, your personal data will be securely deleted from our systems. Consequently, the rights to access, erasure, rectification, and data portability cannot be exercised after the conclusion of the retention period.
Retention of non-personal data
We may retain non-personal data associated with you for the duration necessary to achieve the purposes as described in this Privacy Policy. This could include retaining non-personal data even after you deactivate your user account, in order to address legitimate business interests, perform audits, fulfill legal obligations, resolve disputes, and enforce agreements.
Retention as required by law
XBBIT is subject to legal obligations that may require the retention of your personal data for an extended period. This could involve compliance with regulations or directives from authorities. For instance, we may retain your personal data for as long as required to fulfill accounting record obligations or for the duration specified by anti-money laundering laws and regulations.
List of data processors
We will exclusively partner with data processors who pledge to uphold an adequate level of personal data protection in accordance with this Privacy Policy and the relevant data protection regulations. Below, we offer a comprehensive list of data processors who will be authorized to access your personal data.
Service:
Name:
Location:
More information:
Owner and data controller
The XBBIT Services is owned and operated by Zeus International (Aus) Pty Ltd.
Successor
In the event of a partial or full acquisition of our business, we may transfer your personal data to the acquiring or successor entity. We will request that the acquiring entity handles your personal data in compliance with the principles outlined in this Privacy Policy. Your data protection and privacy will continue to be a priority even in such circumstances.
Marketing Information
Marketing messages
We will send you direct marketing messages under the following circumstances:
We will provide you with updates on the latest developments related to XBBIT Services through direct marketing messages in the following situations:
You provide express consent ("opt-in") to receive direct marketing messages (please note that voluntary subscriptions to our updates or newsletters serve as consent); or
We decide to send you marketing messages about new services closely related to the XBBIT Services you already use.
Direct marketing
Occasionally, you may receive promotional communications from us. This section outlines the circumstances under which you might receive such notifications and how you can opt out of receiving our commercial messages.
Compliance to Anti-Money Laundering regulations
At XBBIT, we adhere to rigorous internal guidelines to ensure compliance with AML (Anti-Money Laundering) laws and regulations relevant to our cryptocurrency operations. These guidelines encompass a range of internal policies and procedures, including the XBBIT Financial Crime Compliance Policy, AML Policy, Sanctions Policy, ABC (Anti-Bribery & Corruption) Policy, Customer Due Diligence Policy, FATF Travel Rule, and Operational Procedures.
The FATF Travel Rule and its impact
As part of our commitment to enhancing security and preventing illicit activities within the blockchain and Virtual Asset channels, we strictly follow the FATF Travel Rule. This rule requires Virtual Asset Service Providers (VASPs), such as XBBIT, to share sender and recipient information when facilitating Virtual Asset transactions. Consequently, when you engage in cryptocurrency deposits or withdrawals, specific personal details will be exchanged to uphold regulatory compliance and guarantee the security of transactions.
Cookies
Cookies are crucial for delivering an outstanding user experience, and we use them to enhance your crypto journey. For a detailed understanding of our cookies, please consult our comprehensive cookie policy, which you can find in our cookie policy FAQ.
Transaction privacy
At XBBIT, our services empower you to engage in transactions with fellow platform users. We diligently work to preserve the confidentiality and robust protection of all transaction-related data. Accessing, managing, correcting, deleting, sharing, or disclosing transaction data is restricted to essential purposes, including providing XBBIT Services, upholding our legal terms, or complying with lawful requests from authorities. Your transaction data is handled with care and responsibility.
Processing
Children
XBBIT Services are intended for use by individuals aged 18 years or older, or the equivalent minimum age as specified by the applicable jurisdiction. Consequently, we do not intentionally collect personal data from individuals under the age of 18. If it comes to our attention that we have unintentionally gathered personal data from a child under 18, we will promptly take the necessary actions to securely remove such information from our systems. Our unwavering dedication to safeguarding the privacy and data protection of our users is a fundamental commitment we uphold.
Location
XBBIT processes personal data at its operational headquarters and at other locations where XBBIT-designated data processors are positioned. For further information regarding the locations of these data processors, please refer to the "Disclosure and Transfer of Personal Data" section. The processing of personal data is conducted utilizing computer systems and/or IT-enabled tools, adhering to stringent organizational protocols and methodologies directly associated with the specified purposes.
Security Breaches
While we are dedicated to safeguarding your personal data, we recognize that the nature of communication and information technology, as well as the inherent characteristics of the internet, may expose data to risks beyond our control. Consequently, we cannot assume liability for any unlawful destruction, loss, unauthorized use, copying, alteration, disclosure, or falsification of your personal data resulting from circumstances beyond our reasonable control.
In the event of a significant security breach, we will take necessary measures to mitigate the impact in accordance with relevant laws. However, it is crucial to understand that our liability for any security breach will be restricted to the maximum extent permitted under applicable law. Your understanding of these limitations is appreciated.
Informational notices and Service updates
We may periodically send you critical informational notices, which encompass service-related, technical, or administrative emails. These correspondences relate to vital information regarding the XBBIT Services, your transactions, user account, privacy, security, and other administrative concerns. Please note that these notifications are dispatched as required and are not sent indiscriminately.
Rights Protection
Exercise Your Rights
To exercise your rights concerning your personal data in the cryptocurrency domain, you can send your requests to XBBIT using the contact information provided at the conclusion of this Privacy Policy. You can be confident that these requests can be made at no cost, once annually, and XBBIT will promptly process them, typically responding within one month.
Submitting a complaint
If you have concerns about how we manage your personal data, we recommend that you initially contact us to voice your complaint. Upon receiving your complaint, we will conduct a thorough investigation and strive to provide you with a prompt and satisfactory response. Nevertheless, if you are still not satisfied with our resolution, you maintain the right to file a complaint with your local data protection authority. Your feedback and concerns are important to us, and we are committed to addressing them appropriately.
Important terms
As you continue to review this Privacy Policy, you'll encounter certain terms that may repeat, and we want to ensure your comprehension of their meanings:
Consent: This term refers to a voluntary, specific, well-informed, and clear agreement to the processing of personal data
Data controller: The entity responsible for determining the objectives and methods of processing personal data .
Data processor: A data processor is a natural person, legal entity, public authority, agency, or other entity that processes personal data on behalf of the data controller, following the controller's instructions and within the framework of applicable data protection laws.
Personal data: This data includes any information related to an identifiable individual, directly or indirectly. Examples of personal data include a person's name, address, phone number, email address, and IP address.
Processing: This term encompasses any form of utilizing personal data, including but not limited to, collection, storage, erasure, transfer, and disclosure. It broadly refers to all activities involving personal data.
"You" and "your": Refers to a natural person or a business entity that accesses and employs the XBBIT Services.
Understanding these terms is crucial to comprehending the intricacies of how your personal data is managed within the framework of the XBBIT Services.
Contact us
If you have any inquiries, comments, or requests regarding this Privacy Policy or the handling of your personal data in the cryptocurrency domain, please do not hesitate to reach out to our Data Protection Officer using the following contact details:
Company Name: ZEUS INTERNATIONAL (AUS) PTY LTD
Address: Floor 5, 10 Shelley Street SYDNEY, NSW 2000
Email Address: dpo@xbbit.io
Phone Number: +61 2 6100 3010