This data protection policy (hereinafter “Data Protection Policy”) describes how Bitit SAS (hereinafter “Bitit” or “We” or “Us”) collects, uses, stores, processes and protects the personal data of users browsing and/or using the services (hereinafter the “Users” or “You” or “Your” of the Website www.bitit.io (hereinafter the “Website”).
We know how important confidentiality and personal data protection is to our Users, which is why we only collect the information We need for our services offered on our Website and We will not share such personal data (hereinafter “Personal Data”) with third parties other than the parties defined in this Data Protection Policy.
Under the applicable data protection law, the data controller is Bitit SAS, in its capacity as publisher of the Website, the registered office of which is at 40 rue Alexandre Dumas, 75011 Paris - France and which is registered in France on the Paris Trade and Companies Register, under number 810 222 513.
As part of its approach to compliance, Bitit undertakes to ensure that the Personal Data it exploits is used in accordance with the applicable regulations, in particular the amended French Data Protection Act of 6 January 1978 and the General Data Protection Regulation (EU) 2016/679 of 27 April as from its effective application on 25 May 2018 (hereinafter the “Regulations”).
1 ― CATEGORIES OF DATA COLLECTED
Throughout the period of use of the Website and of the Services, Bitit may collect any information directly or indirectly identifying the User, needed to create an account on the Website and for access to the services of the Website.
Entering the Personal Data collected on the Website when creating a Bitit account is mandatory to access the services offered by Bitit via the Website, including when purchasing or selling Bitcoins (hereinafter the “Services”).
Certain Data is not regarded as Personal Data but is also processed by Bitit for the Services.
All data categories processed by Bitit are presented in the table below:
|Data Categories||Data collected by Bitit|
|Personal data identifiers||• first name(s) / last name |
• date of birth
• email address
• postal address
• telephone number
• demographic data (city, postcode, country)
|Banking and financial data||• payment methods (e.g. credit cards) |
• payment transaction data
• address of the crypto-asset wallets used
• bank transaction statement
• virtual credit card statement
• source of funds form
|Log-in data||• IP address|
|Browsing and interaction data||• Your activity on the Website (number of pages viewed, Services viewed, etc.)|
|Company data||• company name|
|Non-identifying login data||• list of Website URLs |
• your browser type and version
• operating system
|Documents needed to comply with financial regulations||• all documents containing Personal Data needed to comply with financial regulations, such as anti-money laundering (AML-CTF) and Know Your Customer (KYC), including: |
• national identity card or a passport
• proof of transfer and/or deposit of funds
• proof of address
• Client selfie
• Any other document required.
2 ― FOR WHAT PURPOSES AND ON WHAT LEGAL BASES DO WE COLLECT YOUR DATA?
2.1 We process Your Personal Data as part of our offer of Services on our Website. The legal basis of Personal Data processing is either the performance of a contract with the User (acceptance of the General Terms and Conditions of Purchase or Sale on the Website), or the legitimate interest of Bitit or compliance with regulatory obligations (e.g. anti-money laundering).
2.2 More specifically, We may use your Personal Data for the following purposes:
- Provide Services to Users on our Website;
- Process payments for Services offered by Bitit on its Website;
- Comply with anti-money laundering and counter-terrorist financing regulations or any other regulation;
- Protect Our system from fraud;
- Provide and improve customer service;
- Manage commercial prospecting periodically sent by email to offer Services similar to those already provided by Bitit and/or any company in the group.
With Your consent or when permitted by the Regulations, We may also use Your Personal Data for marketing purposes, including to contact You by email to inform you of new offers on Our Services or on services similar to those offered on our Website. However, we will not send you unsolicited commercial prospecting or SPAM and we will take all necessary measures to respect Your rights in accordance with the Regulations.
3 ― IS YOUR DATA SHARED?
Bitit shares the Personal Data provided by Users with processors involved in the supply of its Services on the Website.
The various third-party recipients who have access to Your Personal Data are listed below:
Except as expressly stated above, Bitit shall not share or transfer the Personal Data of Users to a third party, without having first informed and obtained the consent of the Users, unless the applicable law, a court order or legitimate request by a competent court or administrative authority compels Bitit to do so.
The Personal Data of Users disclosed during the performance of the Services may be the subject of a data transfer outside the European Economic Area (hereinafter “EEA”) (the EEA includes all EU Member States, plus Norway, Iceland and Liechtenstein). When Bitit transfers Personal Data to processors who are located outside the EEA, Bitit will take all appropriate measures to ensure that the Personal Data of Users is processed as securely as it would be within the EEA.
4 ― PERSONAL DATA RETENTION PERIOD
All Personal Data is processed and stored securely, for a period which is no more than the period necessary to achieve the purposes for which it was originally collected by Bitit.
Data will therefore be stored for the following periods (or the retention thereof will be determined on the following bases): Bitit stores and processes Your Personal Data throughout the duration of the supply of the Services up to the closure of your account on the Bitit Website. However, Personal Data may be stored within Bitit, with restricted access, for up to 5 years for evidentiary purposes or up to 10 years for compliance with its regulatory obligations, in particular anti-money laundering regulations.
If your account remains inactive for more than 5 years, Your Personal Data will be removed from the Bitit Website, in compliance with the right to oblivion of Users.
In order to send commercial prospecting at the end of Our contractual relationship, we may store Your contact Data in our files for a period of three (3) years as from the end of our contractual relationship and send You commercial prospecting on the base of information you have provided to Bitit.
5 ― SECURITY OF YOUR PERSONAL DATA
5.1 Bitit undertakes to protect Personal Data disclosed through its Services from any loss, misuse, disclosure, alteration, unavailability, unauthorised access and destruction, and shall take all reasonable precautions to protect the confidentiality of Personal Data, including by taking appropriate organisational and technical measures on our Website.
5.2 The measures we take to secure and protect your Personal Data include:
- The implementation and maintenance of a strict internal data protection policy (including a strict access rights and authorisation policy), which involves different rights of use and access according to the different levels of administrator authorisation.
- All access to sensitive information is protected by twofold or threefold authentication involving strong passwords, IP-address restrictions and authentication using a unique password;
- Security measures and a server firewall with end-to-end encryption of all connections and data with an SSL certificate signed and verified by a competent authority;
- Databases and all User information are regularly backed up and encrypted offline to ensure complete integrity.
5.3 Although Bitit has made every effort to protect Personal Data provided under the Services, the transmission of information via the internet cannot be fully secured. As such, Users acknowledge and accept that the security of their Personal Data transmitted via the internet cannot be fully guaranteed and that it is their responsibility to take the necessary precautions when transmitting their Personal Data.
6 ― WHAT ARE YOUR RIGHTS?
In accordance with the Regulations, you have a right to access, modify, correct, restrict, object to and remove your Personal Data.
These rights are not absolute and each of these rights is subject to certain conditions in accordance with the Regulations and applicable national laws.
- Right of access: Any User has the right to obtain confirmation from Bitit that their Personal Data is being processed by Bitit. A User also has a right to obtain additional information on their Data is used. Any User may also exercise their right of access by requesting a copy of their Personal Data.
- Right to correct: Users may contact Bitit to request the correction of their Personal Data if that Data is inaccurate or incomplete (e.g. if we have the wrong name or the wrong address).
- Right to removal or the right to oblivion: Users may request the deletion or the removal of their Personal Data when, for example, the Data is no longer necessary for the purposes for which it was collected or when its use is unlawful. However, the right to deletion is not a general right and there are some exceptions, for example, when Bitit must use the information in legal proceedings or to comply with a legal obligation.
- Right to restrict processing: Users are able to request the blocking of their Personal Data or prevent its subsequent use when Bitit analyses a request for correction or as an alternative to removal. Where the request for restriction is justified, Bitit may still retain the Personal Data, but can no longer use it for other purposes.
- Right to data portability: Users have a right to obtain disclosure and to reuse some Personal Data processed by Bitit for their own purposes and to disclose it to third parties (who are independent data controllers). This right only applies to Personal Data provided by Users, subject to automated processing by Bitit on the basis of the User's consent or for the performance of a contract. If requested by the User, Bitit will provide a copy of the User’s Personal Data in a structured, commonly-used and machine-readable format or (where technically possible) Bitit may directly send your Personal Data to another data controller.
- Right to object: Users are entitled to object to certain types of processing, in certain circumstances and for legitimate reasons. Bitit will stop processing Personal Data, except in case of a legal or regulatory obligation, or for evidentiary purposes, particularly when exercising or defending its rights further to any complaints. Such an objection may result in Bitit being unable to provide the Services subscribed to.
- Right to withdraw Your consent: for Personal Data processed by Bitit on the basis of Your consent, the User may withdraw their consent at any time. However, such withdrawal does not affect the lawfulness of any processing that took place prior to that withdrawal.
- Right to provide us with instructions on the use of your Personal Data after your death: Any User is able to provide instructions on the management (e.g. retention, removal and disclosure) of their Data after their death. You may amend or revoke Your instructions at any time.
Similarly, You have the right to file a complaint with the French Data Protection Authority (Commission Nationale Informatique et Libertés) known as CNIL for any breach by Bitit of the Regulations in force on personal data protection.
7 ― ACCESS TO YOUR PERSONAL DATA
You have the right to access Your Data and to request a copy of any of your Personal Data held by Us. Under the Regulations, no fees are payable and we will provide any information in our possession free of charge in response to Your request.
Bitit will review Your request and will respond appropriately within the time frames specified by the applicable Regulations.
For any requests relating to Your Personal Data or if you have any questions about Your Personal Data, please contact us at the following address: firstname.lastname@example.org
8 ― HOW CAN YOU CONTROL YOUR DATA?
In addition to Your rights under the Regulations set out above, when you enter Personal Data via Our Website, You can manage your Personal Data directly from your account available on the Website.
In particular, you may object, at any time, to the processing of Your Personal Data for commercial prospecting or direct marketing purposes (including refuse to receive emails from Us, which you can do by unsubscribing using the links provided in Our emails or when providing Your contact details or managing Your Account).
9 ― CHANGES TO THIS DATA PROTECTION POLICY
We reserve the right to update this Policy at any time. Please check this Policy on our Website regularly in order to be informed of any changes. We may also notify you, by any means, of any change to the processing of your Personal Data.