Privacy policy

Bitonic is committed to protecting the privacy of its Users. To ensure this, Bitonic strives to carefully balance the protection of Users' rights and interests with its legal obligations.

This document outlines how Bitonic collects, uses, shares and protects Personal data, in compliance with the GDPR and other applicable laws and regulations. Bitonic encourages Users to review this document thoroughly to gain a clear understanding of Bitonic's practices concerning Personal data, ensuring transparency in how such data is handled. The definitions used in this document have the same meaning as those in the User Agreement.

Article 1: General principles

  1. Bitonic minimises the collection and storage of Personal data to what is strictly necessary for the provision of its Services.
  2. The Processing of Personal data is limited to Bitonic and its carefully selected third-party service providers, in compliance with applicable laws and regulations.
  3. Bitonic uses Personal data solely for the performance of its Services and in accordance with its legal obligations, including those arising from anti-money laundering and sanction regulations.
  4. Bitonic does not disclose Personal data to governments or law enforcement agencies unless legally required to do so.

Article 2: Personal data collected by Bitonic

  1. Bitonic collects Personal data directly from Users when engaging with its Services, interacting with the App and/or Website, or communicating with Bitonic. The categories of Personal data collected include:
    1. Identity data:
      1. Full name;
      2. Date of birth;
      3. Nationality;
      4. Document number;
      5. Copies or images of identification documents (passport, driver's license, ID card, residence permit).
    2. Contact data:
      1. Residential address;
      2. Email address;
      3. Telephone number.
    3. Financial data:
      1. Bank account details (IBAN);
      2. Transaction histories;
      3. Payment card information;
      4. Other relevant financial documentation as required for compliance purposes.
    4. Transaction data:
      1. Purchase and sale amounts;
      2. Dates and times of Transactions;
      3. Bitcoin addresses;
      4. Bitcoin tansaction IDs;
      5. IP addresses;
      6. Device information.
    5. Corporate data (only applicable for business Users):
      1. Chamber of Commerce extracts;
      2. Articles of association;
      3. Shareholder registers;
      4. Organisational charts;
      5. Ultimate Beneficial Owner (UBO) information;
      6. Authorised representative details;
      7. Other relevant company documentation as required for compliance purposes.
    6. Usage data:
      1. Information about how Users interact with the App, Website and Services;
      2. Cookies and similar technologies (as further detailed in article 9).
    7. Communication data:
      1. Records of communications with Bitonic, including emails, chat logs, and phone call recordings (with prior notice).
    8. Verification data:
      1. Proof of residence;
      2. Proof of income or source of funds;
      3. Selfies or photos for identity verification;
      4. Message signing and wallet screenshots.
  2. Bitonic collects this data at various stages, including but not limited to:
    1. When creating an Account;
    2. During the identity verification process;
    3. When executing Transactions;
    4. When contacting customer support;
    5. When browsing the Website or using the App.

Article 3: Security of Personal data

  1. Bitonic implements robust security measures to protect Personal data. These include:
    1. Data storage: Personal data is stored electronically in compliance with internal security policies.
    2. ICT Security: Bitonic adheres to high standards of ICT security, using open-source software and encryption.
    3. Physical security: Personal data is stored in a secure data center with limited access.
    4. Confidentiality: All Bitonic staff members sign confidentiality agreements and access to Personal data is strictly controlled.
    5. Audit logs: Bitonic maintains audit logs to monitor the security measures in place.

Article 4: Legal grounds

  1. The Processing of Personal data is based on the following legal grounds, in accordance with article 6 GDPR:
    1. Performance of a contract (1b): Processing is necessary for the performance of a contract between Bitonic and the User, or to take steps at the User's request prior to entering into a contract;
    2. Legal obligation (1c): Processing is necessary to comply with legal obligations applicable to Bitonic, such as those relating to anti-money laundering and sanction regulations;
    3. Legitimate interests (1f): Processing is necessary for the purposes of Bitonic's legitimate interests, such as enhancing Services, ensuring platform security, and preventing fraud, except where such interests are overridden by the User's interests or fundamental rights and freedoms;
    4. Consent (1a): Where applicable, Personal data may be processed based on the User's consent. Consent may be withdrawn at any time.

Article 5: Why Bitonic collects Personal data

  1. Bitonic is committed to providing a seamless and secure Services. The collection of Personal data serves the following purposes:
    1. To provide Services: Personal data is used to set up and manage Accounts, process Transactions and offer customer support;
    2. To comply with legal requirements: Laws and regulations require Bitonic to verify identities and monitor Transactions to prevent fraud and other illegal activities;
    3. To improve Services: Understanding how Users interact with the Services allows Bitonic to enhance Services for all Users;
    4. To ensure security: Protecting User Accounts and the Services is a priority. Personal data is used to maintain security and safeguard against threats.
  2. To maintain efficiency and security, Bitonic occasionally employs automated systems:
    1. Identity checks: Automated verification is used to expedite the process of confirming identities;
    2. Risk assessments: Automated tools assist in detecting and preventing fraudulent activities.
  3. These systems enable Bitonic to enhance Services and comply with legal obligations. If there are concerns regarding automated decision-making or if human intervention is preferred, a request for manual review can be made.

Article 6: Sharing Personal data

  1. Bitonic respects the privacy of its Users and only shares Personal data when necessary to provide Services or comply with legal obligations.
  2. All partners are carefully selected to ensure they adhere to the same high standards of data protection as Bitonic. Bitonic collaborates with trusted partners who assist in delivering solutions:
    1. Data centers and hosting: Secure, Netherlands-based facilities with ISO/IEC 27001 and NEN 7510 certifications ensure the safety of Personal data of Users;
    2. Payment processors: Companies such as Mollie, Volt and Worldline facilitate payment Processing;
    3. Communication solutions: MessageBird supports SMS verification and Voys assists with customer calls;
    4. Data vendors: Organisations like the BKR Foundation and TRM Labs aid in risk assessment and compliance with anti-money laundering and sanction regulations.
  3. Bitonic shares Personal data with governments or law enforcement agencies only when legally obligated, such as in compliance with court orders or applicable regulations:
    1. Financial institutions: In certain circumstances, information may be shared with banks or other financial institutions, particularly for fraud prevention or to meet legal requirements;
    2. International data transfers: Personal data is primarily processed within the European Economic Area. Should Bitonic engage with partners outside the European Economic Area, appropriate measures will be taken to ensure the same level of protection:
      1. Adequacy decisions: Personal data is transferred to countries approved by the European Commission;
      2. Standard contractual clauses: Agreements are employed to ensure that partners commit to protecting User Personal data.

Article 7: User rights and choices

  1. The User is entitled to exercise the following rights with regard to the Processing of Personal data:
    1. Access: The User has the right to request confirmation as to whether or not their Personal data is being processed, and, if so, to access the Personal data and additional relevant information about the Processing;
    2. Rectification: The User may request the correction of inaccurate or incomplete Personal data held by Bitonic;
    3. Erasure: Under certain circumstances, the User may request the deletion of Personal data ("Right to be Forgotten"), particularly if it is no longer necessary for the purposes for which it was collected, or if consent is withdrawn (where consent is the legal basis for Processing);
    4. Data portability: The User has the right to receive their Personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another data controller, where technically feasible;
    5. Objection and restriction: The User may object to, or request the restriction of, the Processing of Personal data in specific situations, especially if the Processing does not comply with applicable legal standards;
    6. Automated decision-making: If decisions are made solely based on automated Processing of Personal data, the User may request human intervention and has the right to challenge such decisions;
  2. Requests to exercise the rights as outlined in section 1 may be submitted by contacting Bitonic at privacy@bitonic.nl. Bitonic may require additional information to verify the identity of the User making the request.
  3. All such requests will be processed free of charge, unless the request is manifestly unfounded or excessive, in which case Bitonic reserves the right to charge a reasonable fee or refuse to act on the request.
  4. Bitonic will respond to the request within one month of receipt. In the event of complex requests or other justified reasons, Bitonic may extend this period and will inform the User of any delay and its cause.
  5. The User retains the right to file a complaint with a data protection supervisory authority if the User believes that Bitonic is not Processing Personal data in compliance with the GDPR. In the Netherlands, the supervisory authority responsible for data protection is the Autoriteit Persoonsgegevens.

Article 8: Retention of Personal data

  1. Bitonic shall not retain Personal data for longer than the mandatory statutory retention period, or, in the absence of such a mandatory statutory retention period, no longer than is strictly necessary to fulfill the purposes for which Personal data was collected or processed.
  2. In accordance with legal obligations, Bitonic is subject to the following legal obligations regarding the retention of Personal data:
    1. Personal data relevant for tax purposes, in accordance with article 52 of the Dutch General Tax Act (Algemene wet inzake rijksbelastingen): retained for 7 years after the conclusion of the most recent relevant calendar year;
    2. Personal data relevant to compliance with article 33 section 3 of the Dutch Anti-Money Laundering and Counter-Terrorist Financing Act (Wwft) and article 26 TFR: retained for 5 years after the termination of the relationship;
    3. Personal data relevant to compliance with article 34 of the Dutch Anti-Money Laundering and Counter-Terrorist Financing Act (Wwft) and article 18 TFR: retained for 5 years after Bitonic has submitted a notification to the Financial Intelligence Unit (FIU).
  3. Upon the expiration of this period, Personal data will only be retained if required by law or if it has been adequately pseudonymized or anonymized.

Article 9: Cookies

  1. Bitonic aims to minimise the use of cookies and does not use third-party cookies. There is no direct integration with social media or external platforms.
  2. Bitonic uses the following cookies:
    1. Essential cookies: These cookies are necessary for the Website to function effectively. For instance, they ensure that Users remain logged in during their visit;
    2. Analytics cookies: Bitonic utilises Matomo, an open-source platform hosted on its own servers, to collect anonymized data regarding User interactions with the Website. This information assists in making improvements.
  3. Cookies can be controlled through browser settings. It is important to note that disabling cookies may impact the functionality of the Website.

Live Chat Consent

The live chat is a service provided by MessageBird B.V. which is (a.o.) subject to the EU General Data Protection Regulation (GDPR) and states they do not use your data for commercial gain. In order to load the Live Chat we ask you to consent to the processing of any data shared with us using the chat. By closing this window without giving consent the chat will not load and no data will be shared.
For more information please review the MessageBird Privacy Policy.