Privacy Policy photo

Privacy Policy

1.Introduction

Therefore, in this Privacy Policy, we want to transparently inform you which personal data we collect from you, how we process it and to whom we might forward it in detail.

Furthermore, we would like to inform you which precautions we take to protect your personal data, which rights you have in this context and to whom you can turn for data protection concerns.

2.Usability

This Privacy Policy applies to all persons who use 1BitUp services, the website, the apps or interact otherwise with 1BITUP including business partners, interested parties, service providers, etc. Hereinafter such persons are called “Client/client” or “You/you”.

Payment services

For data processing in connection with the usage of third-party payment services offered through 1BITUP, we also refer to the respective privacy policy of the provider.

Digital securities

For data processing in connection with the reception and transmission of orders regarding digital securities offered through 1BITUP, we also refer to the respective privacy policy of the provider.

3.Controller

The protection and the careful handling of your personal data are very important to us. 1BITUP will solely use the personal data provided by you in compliance with the applicable data protection requirements, this Privacy Policy and your consent.

4.Data categories and sources

The personal data that we receive from you within the scope of the business relationship and usage of our website/application is processed. Additionally, we might process data we receive third party business partners (e.g. payment service providers etc.) or from credit agencies, debtor directories, business analysis providers and from publicly accessible sources (e.g. commercial register, register of associations, land register, media, sanctions lists).

The following personal data might be processed when using 1BITUP’s services or interacting with 1BITUP:

Contact data

We or one of our business partners might process the following data when a new user account is created or you are communicating with 1BITUP: full name, address, telephone number, email, date of birth, photo for the account, etc.

Verification data

We or one of our business partners might process the following data for example when an account is verified (depending on the level of verification): screenshots of national identity documents (e.g.  passport, driving license, ID card) including identification data from these documents, utility bill details for residence verification, data about status of political exposed persons, video data from the video authentication process, biometric data for verification etc.

Financial data

We or one of our business partners might process the following data over the course of purchase and sale transactions: credit card information, payment service provider information, payment details, transaction-ID, etc.

Log data

We or one of our business partners might process the following data during activities on the website/application: IP-address, transaction data, deposit and withdrawal address, computer or mobile device information, frequency, time, operating system, browser type, device type, unique device identification number, identification cookies and optionally form data, crash reports, performance data, third-party cookies, etc.

Support requests

We or one of our business partners might process the following data if you contact our support: personal data provided to the support team when you submit a request to 1BITUP’s support team or any other member of the 1BITUP team.

Marketing data

We or one of our business partners might process the following data if you visit our website/application: target groups, number of visitors, frequency, clicks, time, places, data from cookies and similar technologies, consumer’s behaviour, interests and preferences, data about market research and target groups surveys, etc.

Hiring data

We might process the following data (necessary for the recruitment process) if you apply for a job on our website: contact data, curriculum vitae, qualifications, police clearance certificate, credit report, national identity documents like passport, driving licence and the data from all these documents, links to your portfolio or social media platforms, etc.

 5. Purpose and legal basis for using personal data 

All data processing is performed in accordance with the GDPR. Your personal data is processed based on at least one of the legal bases listed below. If 1BITUP has to ask for the provision of any other personal data not described above, then such data, the purpose and legal basis for the collection and processing is going to be communicated to the Client at the point of collecting the personal data.

6. Special categories of personal data

Generally, 1BITUP does not process special categories of Clients’ personal data. This includes data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as genetic and biometric.

However, there is one exception to this when you voluntarily perform the verification of your account using the automated authentication process of our service provider SumSub. 

With this verification method, in addition to the actual verification data (e.g. screenshots of ID documents and identification data from these, residence, status of politically exposed persons, video data, etc.), biometric data (e.g. personal data resulting from specific technical processing in connection with the physical, physiological or behavioural characteristics of a person and enabling the unique identification of a person, e.g. facial images, dactyloscopic data) is also collected. Such processing of biometric data takes place exclusively on the basis of your express consent, which you may revoke at any time. The biometric data will be processed solely by our processor SumSub for the purpose of verification and will be erased completely within 30 days after performing the identification.

1BITUP only receives the positive or negative verification result with other verification data and does not process biometric data from Clients itself at any time.

7. Recipients of personal data

The protection and confidentiality of your personal data is important to 1BITUP. Therefore, we transfer your personal data only to the extent described below or within the scope of an instruction at the time the data is collected from you. In addition, personal data that we collect concerning you will neither be sold by us nor otherwise disclosed to third parties.

Only those offices or employees will receive your personal data who need it to fulfil the contractual and legal obligations and legitimate interests. We transfer personal data for the purpose of our daily business operations like account management and other operations requested by you as well as to conduct internal administrative activities efficiently in a shared way and to maintain as well as improve our products and services.

7.2. Data transfer to processors

To a limited extent, personal information is transmitted to processors who perform services for us such as video authentication, IT services, Client support, improvement of our website; performance of contracts, account management, accounting, invoicing, examination of defective or suspicious business cases, application management and sending out newsletters. Processors may only use or disclose this data to the extent necessary to perform services for us or to comply with legal rules. We contractually oblige these processors to ensure the confidentiality and security of your personal data that they process on our behalf. 

7.3. Data transfer to public bodies and institutions

We might also transfer your personal data

  • if we are required to do so by law or in the context of legal proceedings,
  • if we believe that disclosure is necessary to prevent damages or financial loss, or
  • in connection with an investigation into suspected or actual fraudulent or illegal activities.

 

7.4. Data transfer to other third parties

1BITUP might transfer your personal data to any other person with your consent to the disclosure or the purpose of performing a contract or in order to take steps at the request of the data subject prior to entering into a contract.

8. International data transfer

Personal data may be accessed by staff or suppliers in, transferred to, and/or stored at a destination outside the country in which you are located, whose data protection laws might be of a lower standard than those in the European Union. 1BITUP will safeguard personal data as set out in this Privacy Policy under all circumstances.

If personal data is processed in a third country (outside the European Union or the European Economic Area or if this occurs in the context of the use of third-party services or disclosure and/or transfer of personal data to third parties, only personal data shall be transferred to the performance of our (pre)contractual obligations, based on your consent, a legal obligation or our legitimate interests. Subject to legal or contractual authorizations, we process or have personal data processed in a third country only where the conditions of Article 44 to 50 / GDPR are met.

9. Retention and deletion periods

Your personal data is retained, as far as necessary, for the duration of the entire business relationship (from initiation through performance to termination of a contract), and in principle 1 year after termination of the business relationship. Beyond this we retain your data only for a longer period, in accordance with statutory retention and documentation obligations, to defend legal claims or with your explicit consent. 

Unless expressly stated in this Privacy Policy, personal data processed by us shall be erased as soon as they are no longer required for their intended purpose and the erasure does not conflict with any statutory retention obligations.

10. Data subject rights

10.1. Right of access

You have the right to request confirmation from us as to whether we are processing personal data concerning you. Where personal data concerning you is being processed, you have the right to receive information from us within a reasonable time regarding the personal data stored about you and to receive a copy of the personal data concerning you which is undergoing processing.

10.2. Right to rectification

You shall have the right to request the rectification of inaccurate personal data concerning you. Considering the purposes of the processing, you shall also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

10.3. Right to erasure

You shall have the right to request from 1BITUP the deletion of personal data concerning you, when one of the following reasons apply and if no further processing is required:

  • the personal data is no longer necessary in relation to the purposes for which they were collected;
  • you withdraw your consent on which the processing was based and where there is no other legal basis or overriding legitimate interest for the processing;
  • the personal data have been unlawfully processed; or
  • erasure of the personal data is required for compliance with a legal obligation under European Union or Member State law to which the Controller is subject.

Requests for the erasure of personal data must include the respective ground (Article 17 / Paragraph 1/ GDPR).

10.4. Right to restriction of processing

You have the right to request from us the restriction of processing when one of the following conditions apply:

  • you contest the accuracy of the personal data (the restriction shall be put in place for a period which enables 1BITUP to verify the accuracy of the personal data);
  • the processing of your personal data was unlawful, and you oppose the erasure of your personal data and request instead the restriction of their use;
  • 1BITUP no longer requires your personal data for the purposes of the processing, but you require them for the assertion, exercise or defence of legal claims; or
  • You have objected to processing of your personal data and it has not yet been determined whether the legitimate grounds of 1BITUP override your own.

10.5. Right to data portability

You have the right to receive the personal data concerning you which you have provided to us in a structured, commonly used and machine-readable format. You shall also have the right to request that we transfer these data directly to another controller, designated by you, where this is technically feasible and does not adversely affect the rights and freedoms of others. The right to data portability may only be exercised when the basis of the processing is either your consent or a (pre)contractual necessity, and where the processing is carried out by automated means. The right to data portability does not apply to processing which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

10.6. Right to object

You have the right to object to the processing of your personal data at any time if the processing is based on our legitimate interests. If you have objected to processing, we shall no longer process your personal data, unless we can demonstrate compelling legitimate reasons for the processing which override your interests, rights and freedoms or unless the processing is for the assertion, exercise or defence of legal claims. The objection does not affect the lawfulness of processing your personal data based on legitimate interests before your withdrawal.

Contact: To exercise one of the above-mentioned rights you can send an email to [email protected]  Please note that for such requests we might require further identification data from you (e.g., Passport, ID card, etc), in order to ensure that your personal data is only shared with you.

11. Processing for other purposes

1BITUP only process personal data for the purposes for which they were collected. In exceptional cases, however, we might process your personal data which we have collected for one specific purpose for another purpose. In this case, we will inform you before the intended processing about this purpose, the period for which your personal data will be stored, the exercise of data subject rights, the option to withdraw consent, the existence of the right to file a complaint with the data protection authority, whether provision of the data was necessary on legal or contractual grounds and what the consequences would be if it were not provided, and whether automated decision-making or profiling is carried out.

12. Declaration of consent

By checking the respective box as a part of the registration process or in case of an update after the login into your 1BITUP account, you expressly confirm that you have read the Privacy Policy and that you agree to the data processing as described therein.

13. Data Security

The security of data is very important to 1BITUP, and we are committed to protecting data we collect. We maintain comprehensive administrative, technical and physical measures designed to protect your personal data against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. These measures meet the highest international safety standards and are regularly reviewed regarding their effectiveness and suitability for achieving the intended safety objectives.

We have implemented the following technical and organizational measures for example:

  • SSL encryption on our websites from which we transfer personal data;
  • two-factor authentication (2FA) for our platform; 
  • ensuring the confidentiality, integrity, availability and resilience of our systems and services;
  • use of encrypted systems;
  • pseudonymisation and anonymisation of personal data;
  • entry, access and transfer control for our offices and systems;
  • measures for rapid recoverability of the availability of personal data in the event of a physical or technical incident;
  • measures for privacy by design and default on our platform like e.g., prevention of user enumeration;
  • implementation of procedures for regular review, assessment and evaluation of the effectiveness of the technical and organisational measure to ensure the security of the processing like e.g., our bug bounty programme;
  • internal IT security guidelines and IT security trainings; 
  • incident-response management.

Please also make sure that you use the two-factor authentication (2FA) for your 1BITUP account, keep your access data confidential and protect your computer against unauthorised access.

14. Updates of this Privacy Policy

1BITUP is committed to keep the principles of data protection up to date. For this reason, we regularly review and update our Privacy Policy. This is to ensure that it is correctly and clearly displayed on our website, contains appropriate information about your rights and our processing activities and is implemented in accordance with applicable law, thus complying with data protection requirements. We update this Privacy Policy from time to time when required. If we make significant changes to this Privacy Policy, we will notify you after the login into your account and provide you with the updated version of the Privacy Policy. If it is required by applicable law, 1BITUP will obtain your express consent to significant changes.

15. Contact

If you have any further questions about this Privacy Policy or the processing of your personal data, please contact our privacy team: [email protected]