BitflowStock (“BitflowStock”, “we”; “us”; “our”) respects your privacy and is
committed to protecting your personal information or, as otherwise termed, your
“personal data”. In that regard, BitflowStock has launched
and offers a service that provides our clients (subject to prior account
registration) with access to certain virtual financial assets on an online
trading platform (the “Platform”) which is accessible via the website
https://bitflowstock.com/ (the “Site”
or “Website”) or any application programming interface (API) provided by
BitflowStock relating to the Site.
The Platform automatically matches trades with open orders from other traders.
In addition to the matching and trading services offered over the Platform, the
Platform also offers digital (virtual) wallet services to
registered account users, allowing them to store the virtual financial assets
which are traded over the Platform in accordance with its Terms of Use.
This Privacy Policy explains how information about you is collected, used, and
disclosed by BitflowStock and to set out the basis on which we will process your
personal data when you:
visit and use the Site and/or the Platform (regardless of where you
visit or use them from);
apply for and open an account in respect of our Platform (“Account”);
and
apply for, receive or use any of the related services that we offer in
connection with the Platform, including our virtual financial assets
exchange and digital wallet services, as well as services, specified
in our Terms of Use (the “Services”).
This Privacy Policy also informs you about:
how we will handle, protect and look after your personal data;
our obligations in regard to processing your personal data responsibly
and securely.
The Site and the Platform are not intended for minors (i.e., persons under 18
years of age) and we do not knowingly collect personal data relating to minors.
Third-Party Links: Our Site may include links to third-party websites,
plug-ins, and applications. Clicking on those links or enabling those
connections may allow third parties to collect or share data about
you. We do not control these third-party websites and are not responsible for
their privacy notices, statements, or policies.
We encourage you to read the privacy Policy of every website you visit.
THE IMPORTANCE OF THIS POLICY
This Privacy Policy specifies the BitflowStock’s policies and procedures
regarding the collection, use, disclosure, protection and other processing of
the User’s Personal Data (Personal Information) when using Our BitflowStock
Website, Wallet, Platform
and/or Services.
This Privacy Policy explains how BitflowStock processes Personal Data (Personal
Information) that can be used to directly or indirectly identify our Users
collected through the use of BitflowStock’s Website, Platform and/or Services.
This Policy applies where We are acting as a Data Controller with respect to the
Personal Data (Personal Information) of Our Website Visitors and Service Users.
In other words, where We determine the purposes and means of the processing of
that Personal
Data (Personal Information).
This Privacy Policy is a binding, mandatory and integral part of the Terms of
Use and constitutes an Additional Documents specified in the BitflowStock’s
Terms of Use.
BitflowStock is committed to protecting the Personal Data (Personal Information)
that the Users share with Us.
Any Personal Data (Personal Information) stored on BitflowStock Wallet, Website,
Platform and/or Services is treated as Confidential Information, and all such
information is stored securely and is accessed by the BitflowStock’s authorized
personnel only
in accordance with the GDPR requirements and principles.
BitflowStock implements and maintains appropriate technical, security and
organizational measures to protect Personal Data (Personal Information) against
unauthorised and/or unlawful processing, disclosure and use, including but not
limited to accidental
loss, destruction, damage, theft or disclosure of collected Personal Data
(Personal Information).
BitflowStock provides a platform for exchanging Virtual Assets, as well as
providing other Services, specified in the BitflowStock’s Terms of Use.
We will also ask You to agree to Our use of cookies in accordance with Our
Cookies Policy of when You first visit Our Website.
For the purposes of this Privacy Policy, BitflowStock defines the terms “User”
or “You” as a natural or legal person, either a User-Visitor of Our Website
and/or as the User specified in the Terms of Use. The term “We”, “Us”, and/or
“Our” refers to BitflowStock.
KEY DEFINITIONS
Set out below are key definitions of certain data protection terms which appear
in this Privacy Policy.
“BitflowStock” means Bitflow Lab s.r.o., i.e. a company
registered and incorporated under the laws of the Czech Republic with
the business registration number (Identifikační číslo): 19305800, having
its
registered office at: Antala Staška 1859/34, Krč, 140 00 Praha 4, Czech
Republic. Bitflow Lab s.r.o. has been granted a trade license
(authorisation) for providing services related to virtual assets. Please
note: Pursuant to its Terms of Use (“Terms”), Bitflowstock reserves the
right to assign or transfer any of its rights and obligations under its
Terms of Use to another affiliated or successor entity, including
in connection with corporate restructuring, licensing, or changes to the
operator of the Services, without requiring further consent from the
User. In such case, the updated entity information will be published
on the Website, and continued use of the Services will constitute
acceptance of such transfer and this Privacy Policy for such an entity.
“Consent Form” refers to separate documents which we might from
time to time provide you where we ask for your explicit consent for any
processing which is not for purposes set out in this Privacy Policy.
“Data subjects” means living individuals (i.e. natural persons)
about whom we collect and process personal data.
“Data controller” or “controller” means any entity or individual
who determines the purposes for which, and the manner in which, any
personal data is processed. For the purposes of this Policy,
BitflowStock
is the Data Controller.
“Data processor” or “processor” means any entity or individual
that processes data on our behalf and on our instructions (we being the
data controller).
“Personal data” means data relating to a living individual (i.e.
natural person) who can be identified from the data (information) we
hold or possess. The term “personal information”, where and when used
in this Privacy Policy, shall be taken to have the same meaning as
personal data.
“Processing” means any activity that involves the use of personal
data. It includes collecting, recording or holding the data, or carrying
out any operation or set of operations on the data including,
organizing, structuring, storing, adapting or altering, retrieving,
consulting, using, disclosing by transmission, disseminating, or
otherwise making available, aligning or combining, restricting, erasing
or destroying it. Processing also includes transferring personal data to
third parties.
“User-Visitor” means the User-natural person who only visits the
BitflowStock’s Website.
“DPAs” mean legally binding documents that outline the terms and
conditions under which Personal Data (Personal Information) is processed
by a third party on behalf of a Data Controller that ensures compliance
with the GDPR and other applicable EU data protection laws.
“ePrivacy Directive” means Directive 2002/58/EC of the European
Parliament and of the Council of 12 July 2002 concerning the processing
of personal data and the protection of privacy in the electronic
communications sector (Directive on privacy and electronic
communications).
“Third-Party Processor” means a person, which processes Personal
Data (Personal Information) under the direct authority and on behalf of
the Data Controller.
“Third-Party Services” mean the services provided by an external
natural or legal person that is not part of BitflowStock.
“AML” or “AML/CFT” means a set of applicable laws, regulations
and procedures aimed at preventing money laundering, terrorist financing
and any other criminal activity by using funds as legitimate income.
“KYC” means is a process used by BitflowStock as an AML/CFT
Obliged Person to verify the identity of their clients (Users).
“KYT” means is a process used by BitflowStock as an AML/CFT
Obliged Person to verify, monitor, and/or analyse individual
transactions to detect suspicious and/or unusual activity that may
indicate fraudulent
behavior or illicit financial activities.
“Cookies” mean small text files that is saved on the User’s
device when accessing the Website. They allow BitflowStock to recognize
Your device, store some information about Your preferences or past
actions
on the Website, and facilitate BitflowStock in improving the Website.
“AML/CFT Obliged Person” means BitflowStock, i.e. the person who
under applicable AML laws is obliged to prevent money laundering,
terrorist financing and any other criminal activity by using funds as
legitimate income.
“Standard Contractual Clauses” or “SCCs” mean the legal bases
that Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on
standard contractual clauses for the transfer of personal data to third
countries pursuant to Regulation (EU) 2016/679 of the European
Parliament and of the Council allow data transfer towards third
countries in the absence of an adequacy decision. e unlawful processing
or use
of personal data.
All other terms and expressions not used in this Privacy Policy shall be
interpreted in accordance with the definitions provided in the Terms of Use
(including Additional Documents) and/or in the GDPR.
Legal requirements applicable to this Privacy Policy.
The processing of Personal Data is performed in accordance with Regulations (EU)
2016/679 of the European Parliament and of the Council of 27 April 2016 on the
protection of natural persons with regard to the processing
of Personal Data and on the free movement of such data, known as the General
Data Protection Regulation (“GDPR”), and our processing will take place in
accordance with the GDPR.
In any its activities regarding processing Personal Data (Personal Information)
of its Users, BitflowStock will comply with the following principles:
Lawfulness: Any Processing of Personal Data carried out by
BitflowStock as a Controller has a legal basis under the GDPR, as well
as compliant with the requirements of the GDPR and other applicable
AML/CFT
laws (see in particular Articles 6, 7, 8, and 9 of the GDPR), and not
involve any otherwise unlawful processing or use of personal data.
Fairness: Any Processing of Personal Data carried out by
BitflowStock as a Data Controller is fair towards the Users whose
personal data are concerned, and avoid being unduly detrimental,
unexpected,
misleading, or deceptive.
Transparency: BitflowStock as a Data Controller ensures that
processing of personal data is clear and transparent to Users and
regulators
Purpose limitation: Personal data is collected by the
BitflowStock as a Data Controller for specified, explicit and legitimate
purposes, which are determined at the time of the collection of the
personal
data, and not further processed in a manner that is incompatible with
those purposes.
Data minimisation: BitflowStock as a Data Controller only
collects and processes personal data that are adequate, relevant, and
limited to what is necessary for the purposes for which they are
processed.
Accuracy: BitflowStock as a Data Controller ensures Personal Data
(Personal Information) are accurate and, where necessary, kept
up-to-date.
Storage limitation: BitflowStock as a Data Controller holds
personal data, in a form which permits the identification of Users, for
no longer than is necessary for the purposes for which the personal
data are processed.
Integrity and confidentiality: Personal Data (Personal
Information) is processed by BitflowStock as a Data Controller only in a
manner that ensures the appropriate level of security and
confidentiality
for the personal data, including protection against unauthorised or
unlawful processing and against accidental loss, destruction, or damage.
Accountability: BitflowStock as a Data Controller takes
responsibility for, and will be able to demonstrate compliance with the
other principles of data processing, specified herein
In the data processing activities regarding any AML/CFT, KYC and/or KYT
procedures, the BitflowStock’s AML/KYC Policy will be applicable mutatis
mutandis.
Legal Basis and Principles of Processing Your Personal Data (Personal Information)
Processing means any operation or set of operations which is performed by
Bitflow on personal data or on sets of personal data. Bitflow will carry out the
following processing activities:
Collection,
Organisation,
Structuring,
Storage,
Adaptation or Alteration,
Consultation,
Use,
Disclosure by Transmission,
Restriction,
Erasure, and/or
Destruction;
Processing shall be lawful only if and to the extent that at least one of the
following applies:
The data subject (User) has given consent to the processing of his or
her Personal Data for one or more specific purposes;
Processing is necessary for the performance of a contract to which the
data subject (User) is a party or in order to take steps at the request
of the data subject prior to entering into a contract;
Processing is necessary for compliance with a legal obligation to which
the controller is subject;
Processing is necessary for the performance of a task carried out in the
public interest or in the exercise of official authority vested in the
controller;
Processing is necessary for the purposes of the legitimate interests
pursued by the controller or by a third party, except where such
interests are overridden by the interests or fundamental rights and
freedoms
of the data subject which require protection of Personal Data.
Acceptance of these Privacy Policy
BitflowStock assumes that all Users (including Users-Visitors) of Our Website,
Platform, and/or Services have carefully read this Privacy Policy and completely
agree to its contents. If someone does not agree with this Privacy Policy,
he/she should refrain
from using our Website, Platform, and/or Services.
By continuing to browse our Website after seeing the cookies banner and without
changing the default settings, You consent to the processing of Your personal
data as described in this Privacy Policy.
During the account creation process, Users must actively check a box confirming
they have read and agree to the Privacy Policy and Terms of Use. Account
creation cannot be completed without providing such consent.
Use of our Website without creating an account (including browsing pages,
interacting with content, or sending messages) implies that the Visitor consents
to the use of cookies and similar technologies. Upon their first visit to the
Website, Visitors
are presented with a cookie notice with the option to manage their preferences.
For users who create an account and use BitflowStock's Services, consent to the
processing of personal data - including data required for KYC/AML and other
procedures - is given through explicit confirmation (by ticking a checkbox)
during the account
registration process, as well as through continued use of our Services. This
consent covers the processing of data in accordance with this Privacy Policy,
and the Terms of Use.
BitflowStock reserves the right to change this Policy as necessity dictates
and/or with the change of its Platform and/or Services.
This Privacy Policy may be revised, modified, updated and/or supplemented at any
time and at the BitflowStock’s sole discretion. When We make changes to this
Privacy Policy, We will make the amended Privacy Policy available on Our
Website.
By using Our Website, Wallet, Platform and/or Services for buying, selling,
and/or storing Virtual Assets, You agree with the implied changes.
The Users acknowledge and agree that they are responsible for periodically
reviewing Our Website (including this Privacy Policy) to remain informed of any
changes and/or modifications.
Any use of the Website, Wallet, Platform and/or Services following the posting
of an amendment to Our Privacy Policy constitutes Your acceptance of the revised
or amended agreement.
In case of the change in the types or purpose or processing procedure of Your
Personal Data, BitflowStock will ask for Your consent if required by EU and
national regulations.
Please note: For website visitors, only cookies and voluntarily submitted data
are processed. For registered Users, additional personal data such as
identification, transaction, and AML/KYC-related data is processed.
THE PERSONAL DATA WE COLLECT ABOUT YOU
We collect the information you provide directly to us. For example, we collect
information when you create an account, participate in any interactive feature
of the Services, fill out a form, participate in a community or forum
discussion, complete an
exchange transaction, apply for a job at BitflowStock, request customer support
or otherwise communicate with us.
Only personal information necessary for carrying out and performing our tasks
and services, or made available by you on a voluntary basis, is collected.
The categories of personal data below are applicable to customers holding a
registered account with us who start trading over the Platform and otherwise
make use of our Services.
Transaction Data includes details about:
the type of virtual financial assets involved, the order volume,
price, value, and, where applicable, the proceeds derived;
your trading and transactional history on the Platform,
including withdrawals and order activity; and
the payments which we receive, or otherwise, charge you (e.g.
our fees for your use of the Platform).
Portfolio Data includes details about the virtual financial assets and
amounts credited to your Account and your Account balances.
In all cases, we collect the following information upon access to our Site:
Technical/LOG Data includes the IP address, your login data to the
Platform (username and password), information on your internet service
provider, device type, browser type, and version, time zone setting and
location, browser plug-in types and versions,
operating system and other technology on the devices you use to access
the Site and Platform. This also includes information about your use of
the Services, including the type of browser time and date of
access, pages viewed, and the page you visited before navigating to our
Services.
Device Data includes information about the computer or mobile device you
use to access our Services, including the hardware model, operating
system and version, unique device identifiers, and mobile network
information.
Usage Data includes information about how you use the Platform.
HOW IS YOUR PERSONAL DATA COLLECTED
As you interact with the Platform and the Site, we may automatically collect
Technical Data about your equipment, browsing actions and patterns. We collect
this personal data by using cookies, server logs, and other similar
technologies.
Cookies are small data files stored on your hard drive or in device memory that
help us improve our Services and your experience, see which areas and features
of our Services are popular and count visits, manage the registration process
for accounts,
remember your site preferences, retain certain information to process orders for
exchange transactions, and retain information to provide you with support. Web
beacons are electronic images that may be used on our
Platform or emails and help deliver cookies, count visits, and understand usage
and campaign effectiveness. Cookies remain stored until you delete them. Thus,
we can recognize your browser when you visit the Site
again.
Most web browsers are set to accept cookies by default. If you prefer, you can
usually choose to set your browser to remove or reject browser cookies. Please
note that choosing to remove or reject cookies could affect the availability and
functionality
of our Services.
WHERE WE STORE YOUR PERSONAL DATA
The data that we collect from you is stored on our servers located in the
European Economic Area ("EEA"). We rely on adequacy decisions and Standard
Contractual Clauses, introduced and/or approved by the European Commission when
transferring your data
outside EEA.
The BitflowStock’s Wallet and Services are hosted in the European Union (EU) or
European Economic Area (EEA) zone.
The Personal Data (Personal Information) that We collect from You is stored
within the territories of the European Union (EU).
In the event that We transfer Your Personal Data (Personal Information) outside
the European Union (EU) or European Economic Area (EEA), We ensure that such
transfers are conducted in accordance with applicable data protection laws.
Specifically, any
transfer of Your Personal Data (Personal Information) will be governed by DPAs
that incorporate the European Commission’s Standard Contractual Clauses (SCCs)
or other legally approved mechanisms to ensure that your
data is adequately protected.
If You are a User accessing the Services from Asia, or any other region where
the laws or regulations governing the collection, use and disclosure of personal
data are different from EU laws, please note that by continuing to use the
Services, You are
transferring your Personal Information in the EU and consent to such transfer.
In processing your transactions, We may share some of your Personal Information
with third party service providers who help with our business operations. Your
information will not be sold, exchanged, or shared with any third parties
without your consent,
except to provide BitflowStock’s Services or as required by law. By using our
Services and accepting our Terms of Service, You consent to the disclosure of
your Personal Information as described in this Privacy
Policy.
USES MADE OF THE INFORMATION
We use your information in the following ways:
to carry out Our obligations relating to your contract with Us and to
provide you with the information, products and Services, to notify you
about changes to our Services;
to comply with any applicable legal and/or regulatory requirements;
in Our legitimate interests, including as part of Our efforts to keep
our Services safe and secure, to administer our Services and for
internal operations, including troubleshooting, data analysis, testing,
research, statistical and survey purposes, to
improve our Services and to ensure that they are presented in the most
effective manner, to measure or understand the effectiveness of
advertising that We serve and to deliver relevant advertising to you,
to allow you to participate in interactive features of Our Services,
when you choose to do so, to provide you with information about other
similar goods and services we offer.
We use third party services to help Us provide Our services (e.g. maintenance,
carrying out KYC, AML compliance, databases checks, analysis, crypto
transactions monitoring, crypto wallet screening, fraud detection, marketing and
development and others).
They will have access to your information as reasonably necessary to perform
these tasks on Our behalf and are obligated not to disclose or use it for other
purposes. These parties have been rigorously assessed
and offer a guarantee of compliance with the legislation on the processing of
personal data. These parties have been designated as data processors and carry
out their activities according to the instructions given
by Us and under Our control.
DISCLOSURES OF YOUR PERSONAL DATA
We may have to share your personal data with, for example:
Suppliers and external agencies that we engage to process information on
our and/or your behalf, including to provide you with the information
and/or materials that you have requested.
Third parties to whom we may choose to sell, transfer, or merge parts of
our business or our assets (successors in title). Alternatively, we may
seek to acquire other businesses or merge with them. If a change happens
to our business, then the new owners
may use your personal data in the same way and for the same purposes as
set out in this Policy.
We require all third parties to respect the security of your personal data. We
do not allow our third party business partners or service providers to use your
personal data for their own purposes and only permit them to process your data
on the basis
of strict confidentiality and subject to the appropriate security measures and
safeguards.
We may share your information with selected third parties including:
Our affiliates, business partners, suppliers and sub-contractors for the
performance and execution of any contract We enter into with them or
you;
advertisers and advertising networks solely to select and serve relevant
adverts to you and others;
analytics and search engine providers that assist Us in the improvement
and optimisation of the Website; and
our affiliates in case of assignment of the contract.
We may disclose your personal information to third parties:
in scope of business transfers. As we continue to develop our business,
we may buy, merge, or collaborate with other companies. In such
transactions (including in contemplation of such transactions), your
personal information may be among the transferred
assets;
if we are under a duty to disclose or share your personal data in order
to comply with any legal obligation, or in order to enforce or apply our
Terms of Service and other applicable agreements; or to protect the
rights, property, or safety of the Company,
our customers, or others. This includes exchanging information with
other companies and organisations for the purposes of fraud protection
and credit risk reduction;
to assist Us in conducting or co-operating in investigations of fraud or
other illegal activity where we believe it is reasonable and appropriate
to do so; to prevent and detect fraud or crime;
in response to a subpoena, warrant, court order, or as otherwise
required by law;
to assess financial and insurance risks;
to recover debt or in relation to your insolvency; and
to develop customer relationships, services and systems.
BitflowStock will disclose Your Personal Data (Personal Information) without
Your prior permission only if it believes that doing so is necessary to
identify, contact, and/or take legal action against someone who:
is suspected of violating BitflowStock's or others' rights or property,
or
if someone could be harmed by Your activities or might infringe upon
these rights and property, whether intentionally or not.
We are permitted to disclose Personal Data (Personal Information) when We have
good reason to believe that this is legally required and when the competent
authorities have required to present them with such Personal Data (Personal
Information).
DATA CONTROLLER AND THIRD-PARTY PROCESSORS
BitflowStock processes Personal Data as a Data Controller, as defined in the
GDPR.
The Users Data shall be processed by a Third-Party Processor to use, collect and
process Users data on behalf of BitflowStock.
Some services in the BitflowStock Wallet are provided by third-party
organizations (processors), such as processing bank cards when buying Virtual
Assets, paying to the addresses of projects that provide services by accepting
Virtual Assets as payment,
which requires mandatory AML/KYC procedures, which in turn are carried out by a
certified third-party service, collecting, transmitting and storing Users'
personal information on their resources.
In accordance with Article 13(1)(e) GDPR, I.e. information about the recipients
or categories of recipients of the personal data, BitflowStock engages the
following categories of third-party processors:
Cloud infrastructure and hosting providers;
Payment processors and banking partners;
AML/KYC and sanctions screening providers;
Analytics and user behavior tracking tools;
Identity verification and fraud prevention service providers;
Customer support and ticketing platforms.
Legal and audit consultants, if necessary for the fulfillment of
BitflowStock's obligations.
All engaged Processors operate strictly within the scope of contractual
obligations and GDPR requirements.
Some Third-Party Processors as experienced identity and transaction verification
companies will process Personal Data for the purposes of the necessary AML/KYC
procedures. Such third-party Processors will obtain and process the following
Users:
Name and Surname;
Address;
Residency;
Date and place of birth;
ID number;
Copy ID;
Users’ picture;
E-mail address;
Phone number;
Utility bill; and
Other Personal Information.
BitflowStock only uses such Third-Party Processors that have sufficient
guarantees to implement appropriate technical and organisational measures in
such a manner that data processing will meet the requirements of GDPR and ensure
the protection of the
rights of the data subject (Users).
BitflowStock as a Data Controller has DPAs in place with such Third-Party
Processors, ensuring compliance with GDPR. All transfers of data internally are
done in accordance with this Data Processing Agreement (DPAs) and other
applicable GDPR requirements
and industry standards.
BitflowStock may share Your Personal Information with our employees,
contractors, agents, service providers and designees to enable them to provide
certain services exclusively for us.
In respect of operations involving the collection and disclosure of the data
BitflowStock can be considered as a joint controller with Facebook, Instagram,
and Google in respect of the collection and transmission of a certain personal
data of visitors
to its Website.
THIRD-PARTY WEBSITES AND SERVICES
Our website may contain links to other third-party websites.
If You click on such link, You will be directed to that site.
Please note that these external websites are not operated by BitflowStock.
We strongly advise You to review the Privacy Policy of the third-party websites
that You visit.
We have no control over, and assume no responsibility for the content, privacy
policies, or practices of any third-party sites or services.
By submitting personal information to third-party services, You consent to the
processing of Personal Data (Personal Information) about You by these
Third-Party Services. Please note that Your use of these Third-Party Services is
subject to their respective
Terms of Use and Privacy Policy. We use and disclose any information collected
in accordance with Our own Privacy Policy.
USE, COLLECTION AND OTHER PROCESSING OF PERSONAL DATA (PERSONAL INFORMATION) FROM THE
USER-VISITOR
By using the BitflowStock’s Wallet, Website, Platform and/or Services, You
consent to the use, disclosure and other processing practices and activities,
set forth in this Privacy Policy in accordance with the GDPR requirements and
other applicable laws.
If You are solely a User-Visitor to Our Website, and not a User of Our Wallet,
Platform, and/or Services, and if You do not agree with Our Terms of Use and any
and all of the provisions set out herein, We request that You refrain from
visiting Our Website.
Your consent to the collection and processing of Personal Data as a User-Visitor
is obtained through the following procedure:
Upon first visit to the Website, You are presented with a clear and
prominent cookie and privacy banner.
This banner informs You about the use of cookies and data collection,
and includes a link to this Privacy Policy.
You give Your explicit consent by actively clicking “Accept” or a
similar button on the banner.
If You continue to browse the Website without providing consent to
non-essential cookies, only strictly necessary cookies will be placed
based on Our legitimate interest, and no other personal data will be
processed until You give further consent.
By interacting with Our Website after being presented with the
cookie/privacy banner (e.g., by navigating to another page, submitting
forms, or using interactive features), You acknowledge that You have
been informed about the data processing and, where
applicable, consented to it.
In cases required by the applicable laws, We will ask for Your clear and
explicit consent to process Your Personal Data (Personal Information), which
shall be collected on this Website and/or volunteered by You.
Please note that any consent of Our Users will be entirely free and voluntary.
However, if You do not grant the requested free, clear and explicit consent to
the processing of Your Personal Data (Personal Information) by BitflowStock, the
use of Our Website
may not be possible and/or may be limited.
Personal Data (Personal Information) collected from You as a User-Visitor, may
comprise:
Your IP address;
First and Last Name;
Your postal and Email address;
Your phone number;
Your job title;
Your occupation data;
Your data for social networks;
Your geo-location data;
Numbers of Visitors;
Length of time spent on the Website;
Data on Your interests in our Platform and/or Services;
Pages clicked on or where Users-Visitors came from.
Cookies and similar tracking technologies;
Browser type, device type, and operating system;
Pages visited and interaction data (e.g. clicks, scrolls, time spent);
Voluntarily submitted information (e.g. messages via contact forms).
The source of the usage data is Our analytics tracking system. This usage data
may be processed for the purposes of analysing the use of the Website, Platform
and/or Services and improving Users’ experience, performance and future
development of our Service.
The legal basis for this processing is legitimate interest (Art. 6(1)(f) of the
GDPR) and the user’s consent (Art. 6(1)(a) of the GDPR), which is provided when
continuing to use the website without adjusting cookies
preferences after being notified. Please note: The primary legal basis for such
processing is the User-Visitor’s consent, in accordance with Article 6(1)(a) of
the GDPR, which is deemed to be granted when the User
continues using the Website after being presented with the cookie banner and
does not change cookie preferences. In limited cases, and only where strictly
necessary (e.g. for ensuring platform security, preventing
abuse, or maintaining basic website functionality), we may rely on our
legitimate interest as a legal basis under Article 6(1)(f) of the GDPR, always
ensuring that such interests are not overridden by the fundamental
rights and freedoms of the data subjects. In such cases, we also adhere strictly
to the principles of data minimization and purpose limitation.
Data collected from non-registered visitors will be processed for:
Providing basic website functionality (language settings, security,
etc.) (Legal basis: Legitimate Interest (Art. 6(1)(f)) to ensure the
website operates properly; Performance of a Contract (Art. 6(1)(b)) if
necessary for delivering core services; Legal
Obligation (Art. 6(1)(c)) in case of security-related processing (logs
for detecting misuse));
Monitoring and improving Website, Platform and/or Services (Legal basis:
Legitimate Interest (Art. 6(1)(f)) to ensure quality and improve
services.);
Performing traffic and usage analytics (Legal basis: Consent (Art.
6(1)(a)) if analytics involve cookies or similar tracking technologies
(per ePrivacy Directive); Legitimate Interest for aggregated,
non-identifiable analytics, possibly without cookies);
Responding to submitted inquiries (Legal basis: Performance of a
Contract (Art. 6(1)(b)) if inquiries relate to user services; Legitimate
Interest (Art. 6(1)(f)) for general communications and user support);
Analysing Visitors behaviour (Please note: BitflowStock may also share
such Personal Information with Our service vendors and/or contractors to
achieve this purpose) (Legal basis: Consent (Art. 6(1)(a)) if tracking
technologies or profiling are used;
Legitimate Interest (Art. 6(1)(f)) for limited analytics without
intrusive tracking);
Improving its Website by analysing how Users-Visitors navigate its
Website (Legal basis: Consent (Art. 6(1)(a)) if based on tracking
cookies; Legitimate Interest (Art. 6(1)(f)) if data is anonymised or
aggregated);
Ensuring the proper functioning and technical delivery of our Website
and Platform (Legal basis: Legitimate Interest (Art. 6(1)(f)) to ensure
availability and integrity of services; Legal Obligation (Art. 6(1)(c))
and Legal Obligation (Art. 6(1)(c)) in
relation to cybersecurity obligations);
Improving user experience and optimizing performance (Legal basis:
Consent (Art. 6(1)(a)) if cookies or personalization tools are involved;
Legitimate Interest (Art. 6(1)(f)) for technical improvements not
involving tracking);
Performing analytics and statistical reporting (Legal basis: Consent
(Art. 6(1)(a)) for identifiable user-level tracking; Legitimate Interest
(Art. 6(1)(f)) for internal aggregated statistics);
Responding to visitor inquiries or requests (Legal basis: Performance of
a Contract (Art. 6(1)(b)); Legitimate Interest (Art. 6(1)(f)) if not
strictly contractual);
Complying with legal obligations where applicable, as well as ensuring
security and preventing misuse or fraud (Legal basis: Legal Obligation
(Art. 6(1)(c)) and Legitimate Interest (Art. 6(1)(f)), especially for
fraud prevention.);
Managing consent preferences and compliance with ePrivacy rules (Legal
basis: Legal Obligation (Art. 6(1)(c)) – to comply with ePrivacy and
GDPR rules);
Customizing content for Users-Visitors (Legal basis: Consent (Art.
6(1)(a)) if personalization relies on tracking/profiling; Legitimate
Interest (Art. 6(1)(f)) if customization is minimal or contextual);
Showing ads on other Websites to Users-Visitors (Legal basis: Consent
(Art. 6(1)(a)) required under GDPR and ePrivacy for behavioral
advertising.);
Communicating with the Users (Legal basis: Performance of a Contract
(Art. 6(1)(b)) for account-related or service communications; Legitimate
Interest (Art. 6(1)(f)) for general platform updates; Consent if for
marketing communications (Art. 6(1)(a) +
ePrivacy));
The use and processing of cookies and similar technologies is governed by our
separate Cookies Policy, which Visitors are invited to review upon first visit
to the Website. A cookie banner is provided to allow Visitors to manage their
preferences in accordance
with applicable law. The cookie banner is presented to obtain and manage consent
in compliance with applicable laws. Cookies are used to enhance Website
functionality, analyze usage, and provide personalized content
and advertising.
For more detailed information on the use and types of cookies, please refer to
our Cookies Policy. This Cookie Policy forms an integral part of BitflowStock’s
Privacy Policy and must be read in conjunction with it. Together, they govern
the use of cookies
and similar technologies on Our Website.
USE, COLLECTION AND OTHER PROCESSING OF PERSONAL DATA (PERSONAL INFORMATION) FROM THE
USER OF BITFLOWSTOCK’S WALLET, PLATFORM AND/OR SERVICES In order to provide
its Services to its Users, BitflowStock collects certain types of Personal Data
(Personal Information)
from Our Users. BitflowStock processes the following personal data from registered
users:
Identity data (e.g., full name, date of birth, nationality). For the
purposes of this Privacy Policy and pursuant to § 5 of the Czech AML Act No.
253/2008 Sb.,“identity data” shall be understood as follows:
For natural persons (individuals):
All given names and surnames;
Birth number, or if none assigned, date of birth and gender;
Place of birth;
Permanent or other residence;
Nationality;
Number and type of identity document, issuing state or authority, and
validity period;
If the individual is a sole trader, also their trade name,
distinguishing addition or other designation, registered office, and
identification number.
For legal entities (companies):
Basic identification data such as company name (including distinguishing
additions or other designation), registered office, and company
identification number or an equivalent number assigned abroad;
Identification details of any natural person who is a member of the
company’s statutory body;
Identification details of any legal entity that is a member of the
statutory body, including the natural persons representing that legal
entity.
Contact details (Email address, phone number, mailing address); KYC/KYB
documents (Scans or photos of government-issued ID, proof of address,
liveness/selfie checks);
Transaction data (Details of transactions, dates, amounts,
counterparties, status, first verification payment, etc.);
Financial data (Details on payment method used, as well as masked card
numbers, bank account informaton, IBAN/account number for fiat
transactions, payment processor identifiers, transaction references,
bank statements, trading information, etc.).
Account-related information and technical data (Login data, IP address,
location, device type, operating system, geolocation, browser type, user
settings);
Communication data (Contents of messages exchanged with support,
complaints submitted, messages or inquiries sent, etc.);
Behavioral and usage data (User interactions with the Website or
Platform, time spent on pages, click behavior, session logs,
browser/device info, operating system, other traffic data, etc.).
Sanctions and risk screening data (Results of sanctions list checks, PEP
status, adverse media, internal risk scoring, fraud indicators, etc.).
Data processed for AML compliance purposes, including additional
identification data where required under risk-based approach, such as
employment status, occupation, employer name, income level, source of
funds, or source of wealth.
Residence verification information (Utility bill details, proof of
address; phone bill and/or similar document);
Personal Data (Personal Information) collected by BitflowStock from its Users
remain as a property of the User and may not be shared with a third party by
BitflowStock without express consent from the User, unless otherwise
provided in this Privacy Policy and/or applicable laws.
BitflowStock uses the collected Personal Data:
to provide its Platform and/or Services to the Users, as well as improve
them (Legal basis: Performance of a contract (Art. 6(1)(b) GDPR);
to provide access to the functionality of the wallet and exchange
services (Legal basis: Performance of a contract (Art. 6(1)(b) GDPR);
to improve analytics, Services and functions related to the performance
of maintenance (Legal basis: Consent Art. 6(1)(a) GDPR and Legitimate
interest (Art. 6(1)(f) GDPR);
to improve the operation of our Platform and/or Services and to keep
Your assets safe (Legal basis: Legitimate interest (Art. 6(1)(f) GDPR),
Performance of a contract (Art. 6(1)(b) GDPR) and Legal obligation (Art.
6(1)(c) GDPR);
to provide technical support and maintain the proper functioning of the
Services (Legal basis: Performance of a contract (Art. 6(1)(b) GDPR);
to fulfil its legal and regulatory compliance obligations (including
AML/KYC requirements and tax regulations). Please note: For the purposes
of the maintaining Users’ accounts and reviewing users for the purposes
of AML/KYC compliance, BitflowStock will
collect and process the same data that Third-Party Processors will
collect in the process of User and/or transaction verification
procedures (KYC/KYT) (Legal basis: Compliance with a legal obligation
(Art.
6(1)(c) GDPR), including obligations under Czech AML Act No. 253/2008
Sb.);
to detect and prevent fraud and other illegal activities (Legal basis:
Legal obligation (Art. 6(1)(c) GDPR);
to verify the user's identity (Legal basis: Legal obligation (Art.
6(1)(c)), and Performance of a contract (Art. 6(1)(b));
to comply with the law or court order (Legal basis: Legal obligation
(Art. 6(1)(c) GDPR);
to cooperate with law enforcement agencies (Legal basis: Legal
obligation (Art. 6(1)(c) GDPR);
to enforce the signed agreement (Legal basis: Performance of a contract
(Art. 6(1)(b) GDPR);
to protect the rights, property, or safety of us, our employees, our
users, and/or others (Legal basis: Legitimate interest (Art. 6(1)(f)
GDPR));
to send marketing communications (only where separate consent has been
obtained) (Legal basis: Consent (Art. 6(1)(a) GDPR).
DATA SECURITY
While no online or electronic system is guaranteed to be secure, we take
reasonable measures to help protect information about you from loss, theft,
misuse, and unauthorized access, disclosure, alteration and destruction.
In relation to you visiting our Site, we use the industry standard encryption
for the connection between our servers and the user's browser.
We have put in place appropriate technical and organisational security measures
to prevent your personal data from being partially or entirely lost,
accidentally or intentionally manipulated, used or accessed in an unauthorised
way by third parties, altered,
disclosed, or destroyed. In addition, we limit access to your personal data to
those employees, agents, contractors and other third parties who have a business
need to know. They will only process your personal
data on our instructions and they are subject to a duty of confidentiality. Our
security measures are improved in accordance with technological progress.
We have put in place procedures to deal with any suspected personal data breach
and will notify you and any applicable regulator of a breach where we are
legally required to do so.
We are committed to protecting your information and employ several physical and
electronic safeguards to keep Your information secure, including encrypted user
passwords, two-factor verification and password authentication where possible,
and securing
all connections with industry-standard transport layer security. Even with all
of these precautions, We cannot fully guarantee against access, disclosure,
alteration or deletion of data as a result of events, including,
but not limited to, hardware or software failure or unauthorized use. Any
information You provide to us is transmitted solely at your own risk.
We use a variety of security measures to ensure the confidentiality, integrity,
availability and privacy of your Personal Information and to protect your
Personal Information from loss, theft, unauthorised access, misuse, alteration
or destruction.
These security measures include, among others:
Password protected databases;
Secure Sockets Layered (SSL) technology to ensure that Your Personal
Data (Personal Information) is fully encrypted and sent across the
Internet securely;
Vulnerability Scanning to actively protect our servers from hackers and
other vulnerabilities;
Regular penetration testing;
Secure coding principles;
Encryption of sensitive data during transfer and at rest;
Two-factor authentication;
Logging of activities performed in the platform;
Access controls; and
Other measures to mitigate risks identified during the risk assessment
process.
All financially sensitive and/or credit information is transmitted via SSL
technology and encrypted in Our database.
Only authorized BitflowStock personnel are permitted access to your Personal
Information, and these personnel are required to treat the information as highly
confidential. The security measures will be reviewed regularly in light of new
and relevant legal
and technical developments.
DATA RETENTION: HOW LONG WILL YOU USE MY PERSONAL DATA FOR
Please note that we consider our relationship with you to be an ongoing and
continuous customer relationship, until terminated. We will only retain your
personal data for as long as necessary to fulfil the purposes we collected it
for (i.e. the ongoing
service provision). Our retention of your personal data shall not exceed the
period of three (3) years from the date of the termination of your relationship
with us (which would typically arise from the closure/de-registration
of your account on the Platform).
BitflowStock will not retain data longer than is necessary to fulfil the
purposes for which it was obtained for or as required by applicable laws
or regulations.
In any case, BitflowStock will not retain User data longer than is
necessary to fulfil the purposes for which it was collected or as
required by the applicable laws and regulations.
When a Users’ Account is terminated or expired, all Personal Data
collected through the platform will be deleted, as required by
applicable law.
You will receive Our Answer to Your Request within one month from
receiving Your Request by BitflowStock.
BitflowStock retains personal data only for as long as necessary to
fulfill the purposes for which it was collected, including compliance
with legal, accounting, and reporting obligations. The retention periods
are determined based on the type of data,
the purpose of processing, and legal requirements, particularly under
the GDPR and Czech AML legislation.
Data Retention Periods applicable to Visitors and Users are as follows:
User and third-party data for contractual purposes - 5
years after termination (Contractual necessity, legal
obligation, legitimate interest);
Cookies, analytics, marketing, optimization - 2 years
after the relevant activity;
AML-related data and fraud monitoring - 5 to 10 years
after the relevant activity (Legal obligation (Czech AML Act No.
253/2008 Coll.));
Account and service provision - 5 years after termination
of the user relationship (Contractual necessity, legal
obligation, legitimate interest);
Fraud monitoring and security - 5 years after the
relevant activity (Legitimate interest, legal obligation);
Marketing communications - Until consent is withdrawn or
user becomes inactive (max. 2 years after last activity);
opt-out data retained indefinitely (Consent, legitimate
interest);
Analytics and website optimization - 2 years after the
relevant activity (Consent, legitimate interest);
Support inquiries - 5 years after inquiry closure
(Legitimate interest).
After the applicable retention period expires, your data will be securely
deleted or anonymized unless we are legally required to retain it longer.
YOUR RIGHTS
You may have the rights as set out below, which You may exercise by contacting
us:
Right to Access: You are entitled to ask us if We are processing
Your information and, if We are, You can request access to Your Personal
Data. This enables You to receive a copy of the personal
data We hold about You and certain other information about it to check
that We are lawfully processing it. We process a large quantity of
information, and can thus request that before the information is
delivered, You specify the information or processing activities to which
Your request relates.
Right to Correction (Right to Rectification): You are entitled to
request that any incomplete or inaccurate personal data We hold about
You is corrected
Right to Erasure (Right to be Forgotten): You are entitled to ask
Us to delete or remove Personal Data in certain circumstances. There are
also certain exceptions where We may refuse a request for
erasure, for example, where the personal data is required for compliance
with law or in connection with claims.
Right to Restriction: You are entitled to ask us to suspend the
processing of certain of your personal data about you, for example if
You want Us to establish its accuracy or the reason for processing
it.
Right to Transfer (Right to Data Portability): You may request
the transfer of certain of your personal data to another party
Right to Objection: where We are processing your personal data
based on legitimate interests (or those of a third party) You may
challenge this. However, We may be entitled to continue processing
Your information based on our legitimate interests or where this is
relevant to legal claims. You also have the right to object where We are
processing your personal data for direct marketing purposes. If
these rights apply, they may however be limited, for example if
fulfilling your request would reveal personal data about another person,
would infringe the rights of another person or legal entity (including
our rights), or if You ask us to delete or change data which We are
required by law to keep (or have other compelling legitimate interests
in keeping). We will inform You of relevant exemptions We rely upon
when responding to any request You make.
Right to lodge a complaint with supervisory authority:
You may enforce Your rights, specified above. You can find out how
to do this at the Office for Personal Data Protection of the Czech
Republic (Úřad pro
ochranu osobních údajů) (https://uoou.gov.cz/en ) or
European Data Protection Supervisor (https://edps.europa.eu/ ).
If You wish to stop receiving promotional and marketing communications from us,
please contact us to opt-out.
You can update Your opt-out preferences at any time by contacting Us. We will
process Your request as soon as reasonably possible, but please note that you
may still receive communications or data collection activities for a short
period while We process
Your request.
Users may have the right to opt out of certain data collection and processing
activities and/or practices. If you do not want Us to collect or process Your
Personal Data (Personal Information) in a particular way, please contact Us. We
will provide options
to limit the use of your data where feasible, subject to regulatory
requirements.
Certain opt-out requests may be subject to regulatory requirements and may not
be fully honored if they conflict with legal obligations.
For security purposes, We may need to verify Your identity before processing
certain opt-out requests.
It has to be noted that BitflowStock is a platform that offers buying, selling
and storing Virtual Assets. Trading Virtual Assets take place on the
Blockchains, which are decentralized databases software platforms for Virtual
Assets. Blockchains are a
list of records, called blocks, which are linked and secured using cryptography.
Each block typically contains a cryptographic hash of the previous block, a
timestamp and transaction data. By design, a Blockchain
is inherently resistant to modification of the data. Therefore, Data cannot be
modified or deleted, since there are no servers involved. Data are dispersed
among computer all around the world in an encrypted version.
You acknowledge and expressly agree that by the nature of the technology it is
not possible to delete personal data from the blockchain and invoke the right to
be forgotten. You also agree that by the nature of the technology it is not
possible to keep
personal data within the EU borders.
CHANGES TO THIS PRIVACY POLICY
We may change this Privacy Policy from time to time, particularly where we need
to take into account and cater for any (1) business developments and/or (2)
legal or regulatory developments to the issuance or trading of virtual financial
assets.
If we make changes, we will notify you by revising the date at the top of the
policy and, in some cases, we may provide you with additional notice (such as
adding a statement to our homepage or sending you notification). We encourage
you to review the
Privacy Policy whenever you access the Services or otherwise interact with us to
stay informed about our information practices and the ways you can help protect
your privacy.
