Privacy Policy

Effective: August 29, 2023

Contents:

Introduction

  1. Personal Information We Collect
  2. How We Use Personal Information
  3. How We Share Personal Information
  4. Retention of Personal Information
  5. Protection of Personal Information 
  6. International Transfers of Personal Information
  7. Personal Information Rights
  8. Automated Processes
  9. For Customers Residing in California
  10. Your Choices
  11. Cookies, Web Tracking, and Advertising
  12. Other Disclosures
  13. Contact Us
  14. Updates to this Privacy Policy

This policy (“Privacy Policy”) describes how Kabompo Holdings, Ltd., Paxos Trust Company and each of its affiliates and subsidiaries (collectively, “Paxos,” “we,” “us,” “our”) collect, use, and share information about you, as well as your rights and choices regarding such information. This includes information we collect through, or in association with, our offered products and services, including our websites with home pages located at www.paxos.com  (the “Site”), functionality we provide via partner products, applications, and websites that utilize our services, and our social media pages (collectively, the “Services”). 

If you have questions in relation to this Privacy Policy, please contact us at [email protected] or through the other means listed in the “Personal Information Rights” and “Contact Us” sections below.  

If you are a U.S. consumer obtaining financial products and services offered by Paxos Trust Company, including our exchange and crypto brokerage services, please also see our Paxos Trust Company GLBA Privacy Notice.

What this Privacy Policy does not cover:

To the extent that we are providing the Services via our Partners’ (as defined below) or third party products, applications or websites including via embedded links or videos on our Site, this Privacy Policy only covers our privacy practices. You should refer to the applicable partner’s privacy policy and GLBA privacy notice (if applicable) for more information about their privacy practices.

This Privacy Policy does not apply to job applicants or employees. Job applicants should refer to our Applicant Privacy Policy for information about how Paxos collects and uses their personal information.  

Information that is not identifiable to you or otherwise is not reasonably capable of being associated with you, such as aggregated and anonymous data, is not considered personal information.

  1. Personal Information We Collect

We obtain various types of personal information in several ways, as described under the categories of Personal Information set out below.

  • Directly from you. For example, when you register for an account with us or use our Services through one of our partners, we collect a variety of information from you, including (as applicable and in accordance with applicable laws):

  1. Basic Customer and Contact Information: such as your name, nationality, gender, phone number, email address, and physical address. 
  2. Residence and Supplemental Verification Information: such as your utility bill details or other similar information to prove residence, such as visa or employment information. 
  3. Identity Verification Information: such as your date of birth, marital status, tax identification number, images of your government-issued identification card (passport and/or driver’s license), public employment profile, criminal and credit histories, and biometric information based on photos that identity verification services may generate. US residents may be asked to provide their social security numbers.
  4. Financial Information: such as your banking account information, brokerage account information, and other information not specified below that we collect related to our provision of financial products and services.
  5. Account Information: such as your username, password, and information that is generated by your account activity, including, but not limited to, purchases and redemptions, deposits, withdrawals and account balances.
  6. Transactional Information: to the extent identifiable to you, such as information about the transactions made on our Services, including the name of the sender, the name of the recipient, the amount, currency preferences, payment method, date, and timestamp.
  7. Institutional Information: from Partners including documentation pertaining to the legal incorporation, business licenses, and identification information of beneficial owners, principals and executive management.
  8. Additional Information you submit to us: such as preferences and other settings, survey responses, feedback, questions, comments, and any other information submitted to our customer support team or other representatives.

  • Automatically or indirectly from you. We also may collect certain information from you automatically when you access and interact with the our Services, such as: 

  1. App, Browser, Network, and Device Information: such as the type of device and operating system you are using and your IP address.
  2. Information from Cookies and Similar Technologies: including preferences and personalization (please see our Cookie Policy for more information).
  3. Services Usage Information: including what you view, use, and click on along with diagnostic information such as performance, crash, and timestamp data.
  4. Location Information: including country of access.

 

  • From our Affiliates, Partners, Service Providers, and Public Sources. We receive information from, obtain, or have parties collect on our behalf, including:

  1. Paxos Entities (“Affiliates”): which provide information, such as Account Information and Transactional Information, to one another to conduct everyday business, including the provision of our Services.
  2. Partners: including crypto brokerage partners, financial firms, institutions, and service providers, and other partners, which provide us with information needed to provide our Services and for compliance and fraud prevention purposes, such as Transactional Information to fulfill orders and transfers, and Identity Verification Information and other information to comply with so-called “Know Your Customer” and “Travel Rules” applicable to financial institutions and for other compliance and fraud verification purposes.  
  3. Service Providers and Other Vendors: such as vendors that assist us and our Partners with providing and marketing our Services or with customer identity verification, anti-fraud, anti-money laundering, counter-financing-of-terrorism, and know-your-customer obligations.
  4. Public and Commercially Available Sources: such as public databases like the United Nations Sanctions List or other public sources of personal information, as well as commercially available sources, such as KYC/AML vendors and other types of due diligence vendors.
  5. Blockchains:  from which we collect Transactional Information and other information such as IDs, timestamps, and amounts, digital signatures, wallet addresses, and beneficiaries in connection with our Services.
  6. At Your Direction: we may receive your information when you direct other individuals or third parties to share data with us.

When you are asked to provide information, you may decline to do so, but if you do not provide information that is necessary to provide some of our Services, you may not be able to use all or part of those Services.

Certain personal information that we collect and use may be considered “sensitive” under applicable laws, in which case, we will use such personal information in accordance with applicable law, adhering to any additional restrictions or requirements.  

  1. How We Use Personal Information

We use personal information for the purposes identified in the table set out below.

Processing Purpose

Personal Information Categories

Legal Basis
(Where Applicable)

To provide and administer our products and services, verify your identity, and communicate with you in connection with the products and services you have requested (such as to provide you with updates on relevant changes), as well as maintain and service accounts, provide customer service, fulfill transactions, and process payment

  • Basic Customer and Contact Information
  • Residence and Supplemental Verification Information
  • Identify Verification Information
  • Financial Information
  • Account Information
  • Transactional Information
  • Institutional Information
  • Services Usage Information

Performance of a contract
(in particular, our
General Terms and Conditions)

Compliance with legal obligations (for example, when we are required to take steps to verify your identity or adhere to rules applicable to transaction and payment processing)

To improve our products and services, evaluate and develop new products and services, and improve our service quality (including through statistical analysis of transactions and Site usage)

  • Basic Customer and Contact Information
  • Transactional Information
  • Financial Information
  • Account Information
  • Institutional Information
  • Services Usage Information

Legitimate Interests

To create financial and management reports, evaluate changes to our business, and for audit and record-keeping purposes

  • Transactional Information
  • Financial Information
  • Account Information
  • Institutional Information
  • Services Usage Information

Legitimate interests

Compliance with legal obligations (for example, where applicable law requires us to create reports, keep records, or conduct audits)

To inform our advertising and marketing strategy and tailor our messaging to you

  • Basic Customer and Contact Information
  • App, Browser, Network, and Device Information
  • Information from Cookies and Similar Technologies
  • Location Information
  • Transactional Information
  • Financial Information
  • Account Information
  • Institutional Information
  • Services Usage Information

Legitimate interests

Consent (to the extent required by applicable law – for example, for the use of cookies or trackers in certain jurisdictions)

To send you marketing communications and advertising in accordance with applicable law

  • Basic Customer and Contact Information
  • App, Browser, Network, and Device Information
  • Information from Cookies and Similar Technologies
  • Location Information

Consent (to the extent required by applicable law)

Otherwise, our legitimate interests

To comply with applicable laws, regulations, and rules, such as, by way of example, anti-money laundering (“AML”) and know-your-customer (“KYC”) laws, as well as to respond to requests of relevant law enforcement and/or other governmental authorities

  • Basic Customer and Contact Information
  • Residence and Supplemental Verification Information
  • Identify Verification Information
  • Financial Information
  • Account Information
  • Transactional Information
  • Institutional Information
  • Services Usage Information
  • App, Browser, Network, and Device Information
  • Information from Cookies and Similar Technologies
  • Location Information

Compliance with legal obligations (in particular, KYC/AML laws, “Travel Rules,” or related requirements)

Legitimate interests (to the extent certain due diligence measures are not strictly required by applicable local law)

To carry out compliance and risk management purposes, including, by way of example, to maintain, improve, and manage our credit and risk models

  • Identify Verification Information
  • Financial Information
  • Account Information
  • Transactional Information
  • Institutional Information
  • Services Usage Information

Compliance with legal obligations (for example, laws that impose specific requirements for compliance and risk management)

Legitimate interests

To detect security incidents and protect against malicious, deceptive, fraudulent, or illegal activity, and prosecute those responsible for that activity

  • Financial Information
  • Account Information
  • Transactional Information
  • Institutional Information
  • Services Usage Information
  • App, Browser, Network, and Device Information
  • Information from Cookies and Similar Technologies
  • Location Information

Legitimate interests

Compliance with legal obligations (for example, where applicable law requires us to detect or prevent security incidents or other types of illegal activities, and provide information to prosecute such activities)

To enforce our Terms and Conditions and other usage policies, including to prevent, investigate and address any complaints, claims, disputes, or suspected violations of our Terms and Conditions or other policies

  • Basic Customer and Contact Information
  • Residence and Supplemental Verification Information
  • Identify Verification Information
  • Financial Information
  • Account Information
  • Transactional Information
  • Institutional Information
  • Services Usage Information
  • App, Browser, Network, and Device Information
  • Information from Cookies and Similar Technologies

Location Information

Legitimate interests

To protect the rights, property, and safety of our users, us, and other third parties, including where necessary to prevent physical harm or financial loss

  • Basic Customer and Contact Information
  • Residence and Supplemental Verification Information
  • Identify Verification Information
  • Financial Information
  • Account Information
  • Transactional Information
  • Institutional Information
  • Services Usage Information
  • App, Browser, Network, and Device Information
  • Information from Cookies and Similar Technologies
  • Location Information

Legitimate interests

Compliance with legal obligations (for example, where applicable law requires us to protect rights, property, safety, or other interests)

To reorganize or make changes to our business in the event that we are subject to negotiations for the sale of our business or part thereof to a third party, including in the event of a merger, acquisition, sale, restructuring, or other corporate transaction

  • Basic Customer and Contact Information
  • Financial Information
  • Account Information
  • Transactional Information
  • Institutional Information
  • Services Usage Information

Legitimate interests

Compliance with legal obligations (for example, where applicable law requires us to disclose certain types of information in relation to a corporate transaction or proposed sale)

We will not use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you with notice and, if required by applicable law, obtaining your consent.

Where we rely on consent as the legal basis to the processing of your personal information, you may have the right to withdraw your consent at any time.

Where we rely on legitimate interests, our legitimate interests are stated in the “Processing Purpose” column in the table above.    

  1. How We Share Personal Information

In the regular course of business, we may share your personal information for the abovementioned business and commercial purposes with the following parties:

  • our Affiliates;
  • other financial institutions with whom we partner to process payments and transactions you have authorized;
  • when you engage in blockchain based Services, some information is recorded publicly on a distributed ledger that is accessible to others, such as IDs, timestamps and wallet addresses;
  • third-party service providers we use to help deliver our products and services to you and run our business (including, for example, marketing agencies, website hosts, advertising-related service providers, and others), on whom we impose contractual obligations to ensure they are permitted to use your personal information only to provide services to us and to you, as applicable;
  • with other financial institutions in connection with the aforementioned Travel Rules;
  • third parties approved by you, e.g. social media sites you choose to link your account to or third-party payment providers;
  • credit reference agencies;
  • third parties that may assist us in enforcing our Terms and Conditions;
  • our insurers and brokers;
  • our bank[s];
  • external auditors;
  • law enforcement agencies, tax authorities (including the U.S. Internal Revenue Service pursuant to the Foreign Account Tax Compliance Act, to the extent this applies), fraud prevention agencies, debt collection agencies, self-regulatory organizations (such as those that operate virtual currency derivative exchanges), and other regulatory bodies to comply with our legal and regulatory obligations (including to respond to a subpoena, information request, court order, or similar legal procedure); and
  • other parties at your direction or with your consent, as applicable.

We may also need to share personal information with potential buyers of some or all of our business in the context of a corporate transaction or during a restructuring, including for due diligence or related analysis of a proposed sale or reorganization. In the future, we may also sell or otherwise transfer some or all of our business, operations, or assets to a third party, whether by merger, acquisition or otherwise. In the event of such an acquisition, merger, or other corporate transaction, personal information we obtain from or about you may be disclosed to acquirers and may be among those assets transferred.

  1. Retention of Personal Information

 

We retain personal information for as long as necessary to achieve the processing purpose(s) for which it was collected and any other compatible purpose(s), and to the extent we deem necessary to comply with applicable laws, regulations, rules and requests of relevant law enforcement and/or other governmental agencies, or to protect our and our partners’ rights, property, or safety, and the rights, property, and safety of our users and other third parties, including in the context of legal proceedings and to establish, exercise or defend legal claims. Given the nature of our work in financial services, much of the personal information we obtain about you is retained for the duration of a period that is set by relevant anti-money laundering and other legal requirements.

  1. Protection of Personal Information

 

We use commercially reasonable physical, technical, and organizational safeguards designed to promote the security of our systems and protect the confidentiality, integrity, availability, and resilience of personal information in accordance with applicable data protection requirements.

 

However, no method of safeguarding information is completely secure. While we use measures designed to protect personal information, we cannot guarantee that our safeguards will be effective or sufficient. In addition, you should be aware that Internet data transmission is not always secure, and we cannot warrant that information you transmit utilizing the Services is or will be secure. 

  1. International Transfers of Personal Information

 

Your personal information may be transferred to, stored, and processed in countries outside of the country where you reside, including outside the EEA and UK. This includes in countries that have been approved by the European Commission as providing essentially equivalent personal information protections as EEA and UK data protection laws. We will transfer personal information from the EEA and UK to other non-EEA/UK countries pursuant to the standard contractual clauses approved by the European Commission, which impose equivalent data protection obligations directly on the recipient unless we are permitted under applicable data protection law to make such transfers without such formalities. If you are an EEA or UK resident, you may request a copy of such clauses. 

  1. Personal Information Rights


Where recognized by applicable laws, and depending on where you reside, you may have certain rights in relation to your personal information.  You or an agent authorized to act on your behalf may exercise your rights where they apply.  Your rights will vary depending on applicable laws (including any applicable exceptions or exemptions), but generally may include the right:

  • to be informed about the personal information we collect and/or process about you, including to know the purposes for which we process your personal information, with whom we share it, and any other disclosures required by law;
  • to access, modify, and correct your personal information;
  • to delete your personal information;
  • to object to the processing of your personal information;
  • to restrict or limit the use of your personal information;
  • to data portability (for example, by requesting that we send your data in a machine-readable format to you or to a third party);
  • to withdraw your consent, where consent is the legal basis for processing of personal information; and
  • to lodge a complaint with a supervisory authority.

You or an authorized agent acting on your behalf can submit a rights request by emailing us at [email protected].  We may request further information from you to verify your identity (or the identity and authorization of any agent acting on your behalf), as well as to clarify the nature and scope of your request.

  1. Automated Processes

Certain steps in the application and account processes involve automated credit and fraud-prevention screening and KYC/AML, economic sanctions, and counter-terrorism financing screening activities.  For example, such screening will check a customer’s information against lists published by governmental authorities.  In some cases, this may cause a transaction to be flagged or terminated, and/or suspension from the use of our platform.    

  1. For Customers Residing in California

This Section provides information to California residents whose personal information is processed pursuant to the California Consumer Privacy Act. This section does not apply to personal information that is protected under federal financial privacy laws.  

Over the preceding 12 months, we have collected, used, and disclosed the categories of personal information, including sensitive personal information, that are described in the “Personal Information We Collect” section above, and we use and share such information as explained in the sections “How We Use Personal Information” and “How We Share Personal Information.”  

We do not sell or share your personal information as defined in applicable law because we will only use third party advertising tools for the purpose of cross-contextual behavioral advertising with your consent. You can manage the consent that you have provided through our cookie manager.  

To the extent that we use or disclose any sensitive personal information, we do so to provide products and services you have requested, as well as improving those offerings, operate and oversee our business; protect rights and interests; for short-term transient uses; and for purposes that do not infer characteristics about consumers.  

This section supplements other important information in our Privacy Policy that addresses personal information rights available to you, our retention practices, and so forth.

  1. Your Choices

You have choices about certain information we collect about you, how we communicate with you, and how we process certain personal data. When you are asked to provide information, you may decline to do so; but if you choose not to provide information that is necessary to provide some of our Services, you may not be able to use those Services. In addition, it is possible to change your browser settings to block the automatic collection of certain information.

Location Information. If you want to limit or prevent our ability to receive location information from you, you can deny or remove the permission for certain Services to access location information or deactivate location services on your device. Please refer to your device manufacturer or operating system instructions for instructions on how to do this.

  1. Cookies, Web Tracking, and Advertising

We use cookies and pixel tags to personalize and enhance your experience in regard to our Services, to collect data about your visit to our Services, to help diagnose problems with our servers, to administer the Services, to evaluate the effectiveness of our marketing and advertising campaigns, to permit analytics providers to gather information about your use of the Services, to gather broad demographic information about our users, and to remember choices you have made or information you have provided (please see our Cookie Policy for more information and our cookie manager to manage your consents).

Please note that when you interact with other parties, including when you leave our Service or click embedded videos or links on our Site, those parties may independently collect information about you and solicit information from you, including through the use of advertising technologies such as cookies. The information collected and stored by those parties remains subject to their own policies and practices, including what information they share with us, your rights and choices on their services and devices, and whether they store information in the U.S. or elsewhere. We encourage you to familiarize yourself with and consult their privacy policies and terms of use.

Do Not Track

We use analytics systems and providers that process personal information about your online activities over time and across third-party websites or online services, and these systems and providers may provide some of this information to us. We do not process or comply with any web browser’s “do not track” signal or similar mechanisms.

 

  1. Other Disclosures

Children

Children under 18 years of age are not permitted to use the Services, and we do not knowingly collect information from children under the age of 18. By using the Services, you represent that you are 18 years of age or older. 

 

Links to Third-Party Websites and Services

As a convenience, we may reference or provide links to third-party websites and services, including those of unaffiliated third parties, our affiliates, service providers, and third parties with which we do business. When you access these third-party services, you leave our Services, and we are not responsible for, and do not control, the content, security, or privacy practices employed by any third-party websites and services. You access these third-party services at your own risk. Unless otherwise indicated, this Privacy Policy does not apply to such third-party services; please refer to the privacy notices or policies for such third-party services for information about how they collect, use, and process personal information.

 

  1. Contact Us

If you have any questions or concerns about this Privacy Policy and/or how we process personal information, please contact as follows:

  • If you are a resident of the United States or another jurisdiction other than as specified below, your data controller is Paxos Trust Company, and you may contact us at [email protected]. We are located at 450 Lexington Ave., Suite #3952, New York, NY 10163.  

  • If you are a resident of the EEA or UK, your data controller is Paxos Technology Limited and you can contact us and our Data Protection Officer at [email protected] or write to us at The Courtyard, High Street, Ascot, Berkshire, United Kingdom, SL5 7HP, United Kingdom.  

  • If you are a resident of Singapore, your data controller is Paxos Global Pte. Ltd. and you can contact us at [email protected] or at 48 Toh Guan Road East, #06-152, Enterprise Hub, Singapore 608586.

  1. Updates to this Privacy Policy

We reserve the right, at any time, to modify, alter, and/or update this Privacy Policy, and any such modifications, alterations, or updates will be effective upon our posting of the revised Privacy Policy, which will take effect as of the “effective date” listed at the top of this Privacy Policy. We will use reasonable efforts to notify you in the event material changes are made to this Privacy Policy, such as by posting a notice on the Services or sending you an email. Your continued use of the Services following our posting of any revised Privacy Policy will constitute your acknowledgement of the amended Privacy Policy.