Bitbaby Privacy Statement

2025/02/22 19:35:14

Welcome to the Bitbaby Privacy Statement (the "Privacy Statement"). Please take a few minutes to read it carefully before providing us with any information about yourself or anyone else.

1. Introduction

We respect your privacy and are committed to protecting your personal data. We take our data protection responsibilities (details of which can be found in Section 3 below) very seriously.

2. Purpose

This Privacy Notice explains how we collect and process your personal data and why and how we collect and process your personal data, as detailed in Section 3 below:

Use any of our products, services or applications (collectively, the “Services”), access or use our Bitbaby.com website (the “Website”) or mobile application (the “App”).

This Privacy Policy applies to all personal data processing activities we carry out in our Services and Applications.

This privacy statement tells you about your privacy rights and how the data protection principles set out in applicable privacy legislation protect your privacy.

Please be sure to read this Privacy Statement together with any other notice or policy we may provide from time to time when we collect or process your personal data so that you are fully aware of why and how we use your data. This Privacy Statement supplements other notices and policies and is not intended to override them. In the event of any conflict between this Privacy Statement and other notices and policies, the terms of this Privacy Statement shall prevail.

Our services, websites and applications are not directed to minors under the age of 18, and we do not knowingly collect data relating to minors.

3. Introduction to Bitbaby

Data Controller

The controller of your personal data is the legal entity that determines the “means” and “purposes” of any processing activities it carries out.

Bitbaby, incorporated under the laws of the British Virgin Islands (BVI), is the controller and responsible for the processing of your personal data.

Complaints If you have any issues with the processing of your personal data, please contact us by sending an email to support@Bitbaby.com.

Our and your responsibilities in case of changes

We review our Privacy Statement regularly. This version was last updated as stated above. Please check the new version of the Privacy Statement from time to time. In addition, if there are any significant changes to this Privacy Statement, we will also notify you in an effective manner to bring these changes to your attention.

The personal data we hold about you must be accurate and kept up to date. Please inform us if your personal data changes during your relationship with us.

Third-Party Links

The Website and any applicable web browser, application, or application programming interface required to access the Services (the “App”) may contain links to third-party websites, plug-ins and applications (the “Third-Party Websites”). Clicking on those links or enabling those links may allow third parties to collect or share data about you. We do not control these Third-Party Websites and are not responsible for their privacy statements and policies. When you leave our Website or App, we encourage you to read the privacy statements or policies of each third-party website you visit or use.

IV. What data do we collect from you?

Personal Data

Personal data, or personal information, is any information that relates to an identified or identifiable living individual. This includes information you provide to us, information collected about you automatically, and information we receive from third parties.

“Data subject” means a person who can be identified, directly or indirectly, by personal data. This is typically an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

We collect the following types of information from you:

Identity Data: full name, maiden name, username or similar identifier, date of birth, biometric information including a visual image of your face, national identification card, passport, driver’s license or other form of identification

Contact Information: Country of residence, email address or phone number, proof of address (if applicable)

Financial data: bank accounts, payment card details, virtual currency accounts, stored value accounts,

Transaction Data: details of transactions with you and other details of any transactions you conduct using the Services, Website or App.

Technical Data: internet connection data, Internet Protocol (IP) address, carrier and carrier data, login data, browser type and version, device type, model and category, time zone setting and location data, language data, application version and SDK version, browser plug-in types and versions, operating system and platform, diagnostic data such as crash logs and any other data we collect to measure technical diagnostics, and other information stored on or available to your device that you allow us to access when you visit the Site or use Services or Apps.

Profile Data: Username and password, an identification number for you as our user, information about whether you have an Bitbaby Application account and the email associated with your account, your requests for products or services, your interests, preferences and feedback, other information generated when you communicate with us, such as when you make a request to our customer support department.

Usage Data: Information about how you use the Sites, Services, mobile applications, and other products we offer, including when the device was downloaded, when it was installed, the type and duration of your interactions, and the time, name, and source of events.

Marketing and Communications Data: your preferences in receiving marketing from us or third parties, your communication preferences, your survey responses.

As described in the “Identity Data” section above, we will also collect your facial visual image and use it with our subcontractors (see the “Disclosure of Your Data” section below) to check your identity, for user onboarding and fraud prevention purposes. This data is Special Category Data.

V. How we collect your data

We collect information from you using different methods, including through the following:

Direct interactions. You may provide us with your Identity Data, Social Identity Data, Contact Data, Financial Data, Profile Data, and Marketing and Communications Data through direct interactions with us, including by filling in forms, providing your visual profile through the Services, emails, or otherwise. This includes Personal Data you provide when you:

Visit our websites or apps;

Apply for our services;

create Account;

use any of our Services;

Request to send you marketing information, such as subscribing to our newsletter;

Enter a competition, campaign or survey, including through social media channels;

Or give us feedback or contact us

Automated Technologies or Interactions. When you interact with us through our websites or apps, we automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data through the use of cookies, server logs and other online identifiers. We also collect transaction data and usage data. If you visit other websites that use our cookies, we may also receive Technical Data about you and marketing and communications data. You can learn more about how we use cookies through Cookie Preferences.

Social Media Widgets and Similar Links. Our website may contain links, social media plug-ins, “widgets,” tweet, “share” and “like” buttons to social media platforms such as Facebook, X (Twitter), Instagram, Threads, Discord, LinkedIn, Reddit and Telegram.

VI. How we use your data

Legal basis

We will only use your personal data if we are allowed to do so by applicable law. In other words, we must ensure there is a lawful basis for such use.

We typically use your personal data in the following circumstances:

Performance of a Contract: means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into such a contract; we provide the Services on this basis;

Legitimate Interests: these are our interests (or those of a third party) and we make sure that your interests and personal rights do not override those interests when we use this basis;

Comply with a legal obligation: means processing your personal data where we need to comply with a legal obligation;

Consent: means the freely given, specific, informed and unambiguous expression of your wishes, by which you, by a statement or by a clear affirmative action, signify agreement to the processing of Personal Data concerning you; where applicable, such consent shall be unambiguous - if this is the case, we will ask for your consent where appropriate.

Purposes for which we use your personal data

Below we have set out in a table format the ways in which we plan to use your personal data and the legal bases we rely on to do so. We have also identified our legitimate interests where appropriate.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. If you need details about the specific legal ground we are relying on to process your personal data, please contact us.

Purpose and/or activity

• Personal data categories

• Legal basis for processing

Register you as a new customer

• Identity data

• contact information

• Financial data

• Performance of a contract

Implement and comply with anti-money laundering requirements

• Identity data

• contact information

• Financial data

• Transaction data

• Technical data

• Profile Data

• Fulfilling legal obligations

Process and provide you with our services and any App functionality, including executing, managing and processing any instructions or orders you place

• Identity data

• contact information

• Financial data

• Transaction data

• Technical data

• Performance of a contract

Preventing abuse of our services and activities

• Identity data

• contact information

• Financial data

• Transaction data

• Technical data

• Marketing and communications data

• Legitimate interests: to protect our business and customers by detecting and preventing fraud and unauthorized activity and by maintaining the security and integrity of our services

To manage our relationship with you, including asking you to leave a review, take part in a survey or keep you informed of our business and product developments

• Identity data

• contact information

• Profile Data

• Transaction data

• Marketing and communications data

• Performance of a contract

• Consent (if required)

Keep our records

• Identity data

• Legitimate Interest: Maintaining accurate customer data in order to provide effective services and make informed business decisions, and to improve our products by understanding customer interactions

Stay up to date and research

• contact information

• Consent (if required)

How customers use our

• Profile Data

Products/Services

• Transaction data

• Technical data

• Marketing and communications data

Manage, process, collect and transfer payments, fees and charges

• Identity data

• Performance of a contract

• contact information

• Financial data

• Transaction data

Comply with applicable laws and handle complaints, including

• Identity data

• Fulfilling legal obligations

Managing risk and preventing crime, including conducting anti-money laundering, counter-terrorism, sanctions screening, fraud and other background checks

• contact information

• Performance of a contract

Detect, investigate, report and prevent financial crime in a broad sense

• Financial data

• Legitimate interests: to ensure that we are not involved in processing the proceeds of criminal activity and do not assist any other illegal or

fraudulent activity, and developing and improving our internal systems for dealing with financial crime and ensuring complaints are handled effectively

Transaction Data * Special Category Data: When processing this data, we rely on significant public interest grounds set out in the Seychelles Anti-Money Laundering and Countering the Financing of Terrorism Act, the EU Anti-Money Laundering Directive, the UK Anti-Money Laundering Framework, etc.

as well as

• Technical data

Keep your account secure and to fulfill requests for information and/or account changes

• Profile Data

• Usage Data

• Sensitive Data (also known as Special Category Data*) Data that you provide to us directly, or that we receive from third parties and/or publicly available sources:

- Data that may be disclosed by identity verification (KYC) or other background checks (e.g. data provided by media reports or public registers);

- Data collected through facial scanning during the identity verification process;

- Data incidentally displayed by a photo ID, although we do not intentionally process this personal data.

To enable you to enter a sweepstakes, contest or complete a survey

• Identity data

• Performance of a contract

• contact information

• Consent (if required)

• Profile Data

• Usage Data

• Marketing and communications data

Collect market data to study customer behavior, including their preferences, interests and how they use our products/services, determine our marketing activities and develop our business

• Identity data

• Legitimate interests: understanding our customers and improving our products and services

• contact information

• Profile Data

• Usage Data

• Marketing and communications data

Administering and protecting our business, websites, applications and social media channels, including injunctions, troubleshooting, data analysis, testing, system maintenance, support, reporting, data hosting

• Identity data

• contact information

• Financial data

• Technical data

• Transaction data

• Usage Data

• Legitimate interests: operating our business, providing administration and IT services, network security, fraud prevention and in the context of a business reorganisation or group restructuring

Deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you

• Identity data

• contact information

• Profile Data

• Usage Data

• Technical data

• Marketing and communications data

• Legitimate Interests: studying how customers use our products/services, developing products/services, growing our business, developing our marketing strategy

• Consent (if required)

Use data analytics to improve our website, products/services, marketing, customer/user relationships and experiences

• Technical data

• Legitimate Interest: Identify types of customers/users of our products and services, keep our website updated and relevant, develop our business and develop our marketing strategy

• Usage Data

• Consent (if required)

• Marketing and communications data

Provide you with opinions and suggestions about products or services that may be of interest to you

• Identity data

• Legitimate interests: to develop our products/services and grow our business

• contact information

• Technical data

• Usage Data

• Profile Data

• Marketing and communications data

• Consent (if required)

Use the services of social media platforms or advertising platforms, some of which may use the personal data they receive for their own purposes, including marketing purposes

• Technical data

• Usage Data

• agree

Use the services of financial institutions, crime and fraud prevention companies, risk measurement companies, which will use the received personal data for their own purposes as independent controllers • Identity data • Legitimate interests: conduct business activities in the financial services market, actively participate in crime and fraud prevention

• contact information

• Financial data

• Transaction data

• Technical data

• Usage Data

Automated decision making

What is automated decision-making?

Automated decisions are usually decisions made automatically based on software algorithms without human intervention that may affect you. For example, we use automated decisions to complete the onboarding process for new customers or conduct anti-fraud monitoring.

Why is automated decision-making important to you?

Depending on the circumstances, the use of your personal data may result in automated decisions (including profiling) which have legal effects on you or similarly significantly affect you.

How do we protect your interests with regard to automated decision-making?

We will take appropriate measures to safeguard the rights and interests of individuals whose personal data is processed through automated decision-making. When an automated decision is made about you, you have the right to object to that decision. If you require more detailed information or wish to exercise this right, please contact us.

Marketing

We may use your Identity Data, Contact Data, Technical Data, Transaction Data, Usage Data and Profile Data to form an understanding of what we think you may want or need, or what may be of interest to you. We use this to decide which products, services and offers may be relevant to you.

If you have requested information from us and agreed to receive marketing information, or if you have purchased products from us and have not opted out of receiving such information, you will receive marketing information from us. We will use your marketing and communications data for our respective activities.

Third-party marketing

We will obtain your consent before sharing your personal data with any third party for marketing purposes.

opt out

You can opt-out of marketing messages at any time by following the opt-out link on any marketing message sent to you.

In addition, you can log in and opt out of marketing messages in notifications.

Where you have opted out of receiving marketing communications, this does not apply to service communications directly related to the use of our services (such as maintenance, changes to terms and conditions, etc.).

Cookie

You can set your browser to refuse all or some browser cookies, or to warn you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of the Services or Websites may become inaccessible or not function properly. For more information on the cookies we use, please see Cookie Preferences.

Purpose of Change

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to process it for another purpose and that purpose is compatible with the original purpose. If you would like an explanation of how the processing for a new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Sale or transfer of business

We may also need to process your data in the context of, or during negotiations of, any merger, financing, acquisition, bankruptcy, dissolution, transaction or litigation involving all or any portion of our stock, business or assets. This would be based on our legitimate interests in conducting such transaction or in order to comply with our legal obligations.

VII. Disclosure of Data

We may share your personal data with our third-party service providers, agents, subcontractors and other related organisations, our group companies and affiliates (as described below) in order to complete tasks on our behalf and provide the Services and Applications to you. When using third-party service providers, they must respect the security of your personal data and treat it in accordance with the law.

We transfer your personal data to the following entities:

Companies and organisations who assist us in processing, verifying or refunding your transactions/orders and providing any services you have requested;

The identity verification agency conducts necessary verification checks;

Fraud or crime prevention agencies, helping to combat crime including fraud, money laundering and the financing of terrorism;

anyone to whom we may lawfully transfer or may transfer our rights and obligations under the terms and conditions of use of any Service;

any third party resulting from any reorganisation, sale or acquisition of our group or any associated companies, provided that any recipient uses your information for the same purpose for which it was initially provided to us and/or used by us;

and regulatory and law enforcement authorities, whether outside or within the Republic of Seychelles, where we are permitted or required by law to do so.

Specific instructions for using blockchain

The blockchain technology used in the provision of certain services runs on a decentralized network, where transactions are recorded in an unchangeable and transparent manner. This feature ensures the integrity and security of the data stored on the blockchain. However, it also means that once data is added to the blockchain, it is almost impossible to remove or delete it.

8. International transfer (cross-border data flow)

Many of our external third parties are based outside of the Republic of Seychelles and therefore when they process your personal data this will involve transferring the data outside of the Republic of Seychelles.

Whenever we transfer your personal data out of the Republic of Seychelles we ensure a similar degree of protection is provided to your personal data by ensuring at least one of the following safeguards is implemented:

The countries to which we transfer your personal data are deemed by the European Commission to provide an adequate level of protection for personal data (note the links to third-party websites); and specific contracts approved by the European Commission, the Information Commissioner or other competent authority which provide safeguards for the processing of personal data, so-called “standard contractual clauses”.

If you would like further information on the specific mechanisms we use when transferring your personal data out of the Republic of Seychelles, please contact us.

IX. Data Security

Although there are inherent risks in sharing any data over the internet, we have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, damaged, or accessed, altered or disclosed in an unauthorised or unlawful way. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a reasonable business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

Depending on the nature of the risk posed by the proposed processing of your personal data, we will implement the following appropriate security measures:

Organizational measures (including but not limited to staff training and policy development);

Technical measures (including but not limited to physical protection of data, pseudonymisation and encryption);

Ensure the continued availability, integrity and accessibility (including but not limited to ensuring appropriate backup of Personal Data).

We have put in place procedures to deal with any suspected personal data breach and will notify you and any relevant regulator of a breach where we are legally required to do so.

10. Data Retention

When determining the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

The following are some example factors we typically consider when determining how long we need to keep your personal data:

In the event of a complaint;

If we have reason to believe that there is a prospect of litigation in the context of our relationship with you or if we deem it necessary to retain the information in order to defend against possible future legal claims (e.g. email addresses and content, chat logs, correspondence will be retained for up to 10 years after our relationship has ended, depending on the statute of limitations applicable in your country);

Comply with any applicable legal and/or regulatory requirements in relation to certain types of personal data:

In accordance with the Anti-Money Laundering and Combating the Financing of Terrorism Act, we are obliged to retain your personal data for at least 7 years after the end of the relationship between our company and you as a client; in certain circumstances, this period may be further extended as provided by applicable law;

When information is required for auditing purposes, etc.

According to relevant industry standards or guidelines;

Based on our legitimate business need to protect our campaigns from abuse. We will retain your personal data during the campaign and for a period after the campaign to protect against abuse.

Please note that in certain circumstances you can ask us to delete your data: see your legal rights below for more information. We will only comply with your deletion request if the conditions are met.

11. Your legal rights

We need to let you know about your rights. The rights you have depend on the reason why we process your personal data. If you need more information or want to exercise a right, please contact us.

You can:

Request access to your personal data;

Request that we correct information you believe is inaccurate or complete information you believe is incomplete (but we must verify the accuracy of the new data you provide to us);

Request erasure (cancellation or deletion) of your personal data; however, please note that we may not always be able to comply with your erasure request for certain reasons, and we will inform you of the specific legal reasons. In addition, please see the subsection “Specific Notes on the Use of Blockchain” above;

Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes;

Request a reconsideration of a decision if it was made solely by automated means without human intervention (explained in detail in section 6 above);

Request restriction of processing of your personal data, which enables you to ask us to suspend processing of your personal data where: you want us to establish the data's accuracy; our use of the data is unlawful; you need us to hold the data even if we no longer require it as you require it to establish, exercise or defend legal claims or you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it;

Request the transfer of your personal data to you or to a third party. We will provide you, or a third party of your choice, with your personal data (where technically feasible) in a structured, commonly used, machine-readable format; note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you;

Where we process your personal data based on consent, you may withdraw your consent at any time; however, this will not affect the lawfulness of any processing carried out before you withdraw your consent; if you withdraw your consent, we may not be able to provide certain products or services to you, but we will inform you if this is the case at the time you withdraw your consent;

You can lodge a complaint with the Seychelles Information Commissioner or contact your local competent data protection authority and seek damages in court for any perceived infringement.

Usually no fee

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is manifestly unfounded or excessive. We may also refuse to comply with your request in these circumstances.

Deadline for responding to legitimate requests

Taking into account the various requirements of the privacy laws to which we are subject, we aim to respond to legitimate requests within one month.

Please note that when you request to exercise your legal rights in relation to your personal data, we may ask you to provide some necessary details to verify your identity.