Bitonic B.V. (hereinafter: “Bitonic” or “we” or “us”) respects your privacy. That is why we make careful decisions to balance the protection of your interests with the legal obligations we need to adhere to.
- We store your data as little as possible and involve as few third parties as possible in the processing.
- We use your customer data exclusively for the performance of our services.
- We are required by law to verify, store and ask additional verification questions.
- We do not share any of your personal information with authorities, unless a valid legal obligation exists.
- Which personal data we may collect, for what purpose we do so and how we use it;
- How and why we disclose personal information to third parties;
- How we protect your personal information;
- How you can exercise your right to access, view, change, transfer and destroy your personal data;
1. Personal information that Bitonic collects
Every company that trades virtual assets is obligated to know who they are conducting business with. Although neither has virtual assets been officially considered a currency, nor is it regulated (yet), we adhere to rules and regulations derived from financial regulation that apply to financial institutions. Furthermore, we need information for our own administration to be able to assist you if you have any questions. This may include the following:
- Contact information, such as: names, addresses, telephone numbers and e-mail addresses, national identification document;
- Information used to verify your identity, such as: pictures of identity documents or bank statements, pictures of debit cards;
- Transaction-related information: purchase date and time, amounts, IP addresses, transaction IDs, wallet addresses, and if applicable an affiliate partner code;
- Financial information, such as: bank account numbers, bank statements;
- For companies: company information, including their shareholders and authorised representatives;
- For partners: business activity documentation, company policies and authorised representatives;
2. How we use your personal information
We may use your personal information to:
- Verify your identity in order to make sure we as a company do not do business with a sanctioned person or entity;
- Perform analysis on the provided and available information which will be used to create a risk profile in order to determine if the risk profile of the customer fits to our company risk profile;
- Create a customer account which is internally being used to have a unique identifiable number which is necessary to operate in an effective way;
- Analyse transactions on characteristic features and indicators to prevent us from doing business that is prohibited by law;
- Execute the exchange and process your transactions;
- Help you respond to requests for customer support, in which case we (may) store the our telephone conversation with you on our own servers;
- Analyse website usage and improve the user experience on our website.
3. Security of Personal Information
To protect your personal information, Bitonic has taken several measures. Your personal information is stored electronically based on our internal policies, procedures and guidelines. We adhere to the highest ICT security standards by using for example open source and trusted software. All software programs are self-hosted on company owned hardware, password protected and encrypted.
All your personal information is stored physically secure in our datacentre. Our service providers live up to the strictest standards and certifications. Access management and segregated duties will narrow down any visibility to your personal information. Besides, a confidentiality agreement is signed by each staff member of the Bitonic organisation. Finally, we make use of audit-able logs in order to control all the security controls.
4. What information we share
In order to provide you the best service as a processor, we make use of sub-processors and so we share certain personal data with these third parties. We keep the sharing to a minimum and ensure these third parties will handle your personal data with the same care as we do. Bitonic has Data Processing Agreements with all the sub-processors.
An overview of the sub-processors or categories of third parties with whom we share data can be found below.
- Datacentre and Servers all services are hosted by a Dutch-based company, that provides us with exclusive physical access to our servers, on which data is stored in encrypted form. Additionaly we make use of third party services for the purpose of load-balancing and ddos attack prevention.
- Payment Service Provider to accept online payment from you as our consumer, we make use of the services of Mollie. This company is located in Amsterdam, the Netherlands, and will process your Euro deposits.
- Your financial institution if we have a strong indication that your transactions are irregular or suspicious, we may consult the involved financial institution (where you hold your account) to protect you from being subject to fraud and to validate whether your transactions are irregular or suspicious.
- Telecommunications to communicate with you we take services from multiple vendors. MessageBird is solely being used to for sending verification messages to confirm your telephone number during the verification process. Voys makes it possible to receive and process support phone calls from you. The services of Homerun are being used to share our vacancies and to communicate with our future colleague about their application. All these companies are located in the Netherlands and comply with all applicable privacy laws in order to secure your data.
- Data Vendor we use the services of the Dutch-based BKR Foundation to determine the level of risk for potential involvement in fraud, money laundering and illegitimate behaviour.
Although very unlikely given our DIY-mentality, Bitonic may choose in the future to employ other sub-processors to process personal data. We will ensure that all sub-processors provide an adequate level of protection and that all legal requirements for such a relationship are met, by entering into a Data Processing Agreement. If we choose to employ another sub-processor we will inform you in time.
Bitonic does not share any of your personal information with national or international legal authorities, supervisors or law enforcement agencies unless under a valid legal obligation to do so. This may occur in fraud cases or other crimes that are in violation of the law.
5. Your rights as a customer
As a customer, you may request Bitonic to access your personal information. This may include correcting, updating, exporting or deleting your data. Please, contact firstname.lastname@example.org to exercise this right. We will not participate in non-oriented or a not sufficiently substantiated claims for data.
6. Retention of Personal Information
For a large portion of data points, we are legally obliged to retain this for a minimum of 5 to 7 years after ending the customer relationship. After this period, we don't store your personal data longer than legally allowed and no longer than necessary for the purposes the data was collected for. We are able to store personal data for longer periods with a valid legal ground, or when the data is sufficiently (for example) pseudonymised or anonymised.
- Session ID to recognise you on recurring visits and to adjust the website to your preferences;
- Statistics to analyse the use of our website. Some information of your visit will be recorded such as your IP address, the webpage you came from, visited pages within Bitonic and browser information.
Bitonic B.V., registered at the Chamber of Commerce under ID 58276149
Last change: 11 Februari 2020