Blog

Privacy Policy

Paxos Privacy Policy

Privacy Notice

Effective: October 4, 2021

Overview

Personal Data We Collect

How We Use Your Personal Data

How We Obtain Your Personal Data

Legal Bases for Processing

Automated Decision-Making

Marketing

Change of Purpose 

Your Rights Regarding Personal Data

Accessing, Modifying, Rectifying, and Correcting Collected Personal Data

Your Nevada Rights

Your European Union Privacy Rights

Your Canadian Privacy Rights

Your Choices

Communications Opt-Out

Location Information

Cookies, Web Tracking, and Advertising

Protecting Personal Data

Retention of Personal Data

Other Important Information About Personal Data and the Services

Processing for Fraud Prevention and Detection Purposes

Collection of Personal Data from Children 

Third-Party Websites and Services

Business Transfer

Do Not Track

Who We Share Your Personal Data With

International Transfers Outside of the European Economic Area and United Kingdom

Modifications and Updates to this Privacy Notice

Applicability of this Privacy Notice

Additional Information and Assistance

  1. Overview

Kabompo Holdings, Ltd., Paxos Trust Company, and each of its affiliates and subsidiaries (collectively, “Paxos,” “we,” “us,” “our”) respect your privacy and are committed to protecting the personal data we hold about you. If you have questions, comments, or concerns about this Privacy Notice or our processing of personal data, please see the bottom of this Privacy Notice for information about how to contact us. 

This Privacy Notice explains our practices with respect to personal data we collect and process about you. This includes information we collect through, or in association with, our website with home pages located at www.paxos.com and www.itibit.com (the “Site”), or otherwise through your interactions with us (the website, products, services, and social media pages, collectively, the “Services”).  

 

If you are accessing the Site from the United States:

  • Paxos Trust Company located at 450 Lexington Ave., Suite #3952, New York, NY 10163 is the data controller of the personal data collected, and is responsible for the processing of your personal data.

  • If you are a U.S. consumer obtaining financial products and services offered by Paxos Trust Company, including our exchange and crypto brokerage services, please see your Paxos Trust Company GLBA Privacy Notice.  

If you are accessing the Site from the European Economic Area (“EEA”): 

  • Paxos Global Pte. Ltd. located at 30 Duxton Road, #020-00, Singapore 089494 is the data controller of the personal data collected of all individuals located in the EEA, and is responsible for the processing of your personal data. You can contact us regarding your personal data at Castor Pollux Holdings SARL located at 13-15 Avenue de la Liberte, L-1931 Luxembourg, Grand Duchy of Luxembourg or via email at [email protected].  

If you are accessing the Site from the United Kingdom (“UK”): 

  • Paxos Technology Limited located at The Courtyard, High Street, Ascot, Berkshire, United Kingdom, SL5 7HP, United Kingdom is the data controller of the personal data collected of all individuals located in the UK, and is responsible for the processing of your personal data. You can contact us regarding your personal data at Paxos Technology Limited located at The Courtyard, High Street, Ascot, Berkshire, United Kingdom, SL5 7HP, United Kingdom or via email at [email protected].  

If you are accessing the Site from Singapore:

  • Paxos Global Pte. Ltd. located at 30 Duxton Road, #020-00, Singapore 089494 is the data controller of the personal data collected of all individuals located in Singapore and is responsible for the processing of your personal data. 

Please review the following to understand how we process and safeguard personal data about you. By using any of our Services, whether by visiting our website or otherwise, and/or by voluntarily providing personal data to us, you acknowledge that you have read and understand the practices contained in this Privacy Notice. This Privacy Notice may be revised from time to time, so please ensure that you check this Privacy Notice periodically to remain fully informed.

 

  1. Personal Data We Collect

We collect information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“personal data”). In addition, we may collect data that is not identifiable to you or otherwise associated with you, such as aggregated data, and is not personal data. To the extent this data is stored or associated with personal data, it will be treated as personal data; otherwise, the data is not subject to this notice.

  1. How We Use Your Personal Data

We collect and process your personal data for the following business and commercial purposes:

  1. Providing, predicting, or performing, including maintaining or servicing accounts, providing customer service, processing or fulfilling transactions, verifying your information, and processing payments.

  2. Communicating with you by email, mail, telephone, and other methods of communication, about products, services, and information tailored to your requests or inquiries. 

  3. Payment/financial information, including information for anti-money laundering (“AML”) and know-your-client (“KYC”) compliance purposes.

  4. Auditing related to a current interaction with the consumer and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.

  5. Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.

  6. Debugging to identify and repair errors that impair existing intended functionality.

  7. Undertaking activities to verify or maintain the quality or safety of the services and to improve, upgrade, or enhance the services or devices owned, manufactured, manufactured for, or controlled by us.

  8. Complying with applicable laws, regulations, rules and requests of relevant law enforcement and/or other governmental agencies, or for other purposes, as permitted or required by law.

  9. Enforcing our Terms and Conditions and other usage policies.

  10. As necessary or appropriate to protect the rights, property, and safety of our users, us, and other third parties.

 

We will not use the personal data we collected for materially different, unrelated, or incompatible purposes without providing you with notice and obtaining your consent.

  1. How We Obtain Your Personal Data 

 We collect your personal data from the following categories of sources: 

  • Directly from you. When you register for an account and use the Services, we collect the following information directly from you:

  1. Contact Information: your name, phone number, email address and physical address. 

  2. Residence Verification Information: your utility bill details or other similar information. 

  3. Identity Verification Information: your date of birth, marital status, tax identification number and images of your government issued identification. US residents may be asked to provide their social security numbers.

  4. Financial Information: your banking account information and brokerage account information.

  5. Account Information: your username, password, information that is generated by your account activity, including, but not limited to, purchases and redemptions, deposits, withdrawals and account balances.

  6. Organizational Information: institutional clients may also provide information pertaining to the legal incorporation, business licenses and identification information of beneficial owners, principals and executive management.

  7. Communication Information: when you contact us or respond to our communications (e.g., by email, telephone or other correspondence).

  • Automatically or indirectly from you. We also may collect certain information from you when you access the Site or use our Services, such as through: 

  1. Logging and Analytics tools, such as Google Analytics. 

  2. Cookies (please refer to our Cookie Policy

  3. Computer or Mobile Device Information, including IP address, operating system, browser type (collectively, “Technical Information”).

  4. Website Usage Information.

  5. Location Information.

  • From our Public Databases and Service Providers. We also may collect certain information about you from our business partners and identification verification partners in order to comply with legal requirements relating to our:

  1. Anti-fraud, anti-money laundering (“AML”), counter-financing-of-terrorism and know-your-customer (“KYC”) obligations.

  2. Public employment profile.

  3. Criminal history.

  4. Credit history.

  5. Other information to help validate your identity.

When we require certain personal data from you, it is because we are required by applicable law to collect this information or it is relevant for specified purposes. We may not be able to serve you as effectively or offer you all of our services if you elect not to provide certain types of information.

 

  1. Legal Bases for Processing

 If you are based in the EEA or UK, use of personal data under European Union (“EU”) and English data protection laws must be justified under one of a number of legal bases and we are required to set out the grounds in respect of each use in this Privacy Notice. Most commonly, we will use your personal data under the following circumstances:

  1. Your Consent. We may process personal data where you have specifically and unequivocally consented to our use of your information. 

  2. Performance of a Contract. We may process personal data to take steps at your request before entering into, or perform our obligations under, a contract between us.

  3. Compliance with Legal and Regulatory Obligations. We may process personal data to comply with the law and our legal and regulatory obligations.

  4. Legitimate Interests. We may process personal data for our legitimate interests, or those of a third party, and these interests outweigh any prejudice to your data protection rights.

We may also use “special categories” of personal data, which include personal data that may reveal racial/ethnic origin, religion/belief, health, sexual orientation, political affiliation, trade union membership and criminal convictions. In addition to the legal basis used to process your personal data as set out at Section 2(c) above, the principal legal bases that justify our use of your special categories of personal data:

  1. Legal Claims: Where your information is necessary for us to establish, defend, prosecute or make a claim against you, us or a third party. 

  2. Substantial Public interest: Processing is necessary for reasons of substantial public interest, on the basis of EU or local law, which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard your fundamental rights and interests.

  3. Explicit Consent: You have given your explicit consent to the processing of those personal data for one or more specified purposes. You are free to withdraw your consent by contacting us as set out in Section 11 of this Privacy Notice. If you do so, we may be unable to provide a service that requires the use of such data.

We have set out below, in a table format, a description of ways we use and share your personal data, and which of the legal bases we rely on to do so. We have also identified what our Legitimate Interests are where appropriate.

 

Purpose/Activity

Types of Personal Data

Lawful Basis 

  • To administer our services and conduct our business.

  • To develop our products and services.

  • To evaluate new products and services. 

  • To improve our service quality (including by performing statistical analysis and reporting on transactions and site usage and for financial reporting, management reporting, audit and record keeping purposes.

  1. Identity Verification Information

  2. Contact Information

  3. Financial Information

  1. Performance of a Contract 

  2. Compliance with Legal Obligation

  3. Legitimate Interests (such as to enable us to perform our obligations to you) 

  • To manage our risk we may use your personal data in managing the risk of our client base, including for assessing and processing applications, instructions or requests from you, maintaining credit and risk related models, managing our infrastructure and business operations and complying with internal policies and procedures and monitoring the use of our products and services.

  1. Identity Verification Information

  2. Contact Information

  3. Financial Information

  4. Account Information

  5. Communication Information

  6. Location Information

  7. Organizational Information

  8. Special Categories of Information

  1. Performance of a Contract

  2. Compliance with Legal Obligation

  3. Legitimate Interests (to manage the risk of our client base and to ensure you fall within our acceptable risk profile).

  4. Where this includes Special Categories of Information, we will usually rely on Substantial Public Interests (processing for the prevention and detection of fraud/crime), or very rarely where necessary, Explicit Consent

  • To receive services from our vendors and conduct our business.

  • To receive services, including to carry out our obligations arising from any agreements entered into between our vendors and us, which may include passing your data to third parties such as agents or contractors or to our advisors (e.g., legal, financial, business or other advisors). This includes vendors that provide ID verification and sanctions tools, which we use to help verify your identity and comply with our legal obligations, such as anti-money laundering laws. ID verification partners use a combination of government records and publicly available information to verify identity. This also includes the financial institutions with which we partner to process payments you have authorized. Our contracts require these vendors to only use your information in connection with the services they perform for us, and prohibit them from selling your information to anyone else.

  1. Identity Verification Information

  2. Contact Information

  3. Financial Information

  4. Account Information

  5. Communication Information

  6. Organizational Information

  7. Geolocation Information

  8. Special Categories of Information

  1. Performance of a Contract

  2. Compliance with Legal Obligation

  3. Legitimate Interests (to enable us to perform our obligations and receive services from vendors)

  4. Where this includes Special Categories of Information, we will usually rely on Substantial Public Interests (processing for the prevention and detection of fraud/crime), or very rarely where necessary, Explicit Consent

  • To verify your identity for the purposes of providing facilities, products or services, including conducting screenings or due diligence checks as may be required under applicable law, regulation, directive or our Terms and Conditions. For more information on the anti-fraud measures adopted by us, please see Section 7(a) of this Privacy Notice.

  1. Identity Verification Information

  2. Contact Information

  3. Financial Information

  4. Account Information

  5. Communication Information

  6. Organizational Information

  7. Location Information

  8. Special Categories of Information

  1. Performance of a Contract

  2. Compliance with Legal Obligation

  3. Legitimate Interests (to enable us to manage client risk)

  4. Where this includes Special Categories of Information, we will usually rely on Substantial Public Interests (processing for the prevention and detection of fraud/crime), or very rarely where necessary, Explicit Consent

  • In relation to fraud prevention, we and other organizations may also access and use certain information to prevent fraud as may be required by applicable law and regulation and best practice at any given time. If false or inaccurate information is provided or fraud is identified or suspected, details may be passed to law enforcement and fraud prevention agencies and may be recorded by us or by them. 

  • In addition, we may share information with the financial institutions with which we partner to process payments you have authorized. Paxos Trust Company may also share information with other financial institutions pursuant to Section 314(b) of the U.S. Patriot Act. For more information on the anti-fraud measures adopted by us, please see Section 7(a) of this Privacy Notice.

  1. Identity Verification Information

  2. Contact Information

  3. Financial Information

  4. Account Information

  5. Communication Information

  1. Organizational Information

  2. Location Information

  3. Special Categories of Information

  1. Compliance with Legal Obligation

  2. Legitimate Interests (to ensure that your organization falls within our acceptable risk profile and to assist with the prevention of crime and fraud)

  3. Where this includes Special Categories of Information, we will usually rely on Substantial Public Interests (processing for the prevention and detection of fraud/crime), or very rarely where necessary, Explicit Consent

  • To reorganize or make changes to our business in the event that we are:

  1. subject to negotiations for the sale of our business or part thereof to a third party;

  2. sold to a third party; or 

  3. undergo a reorganization, we may need to transfer some or all of your personal data to the relevant third party (or its advisors) as part of any due diligence process or transferred to that reorganized entity or third party and used for the same purposes as set out in this policy or for the purpose of analyzing any proposed sale or reorganization.

  1. Contact Information

  2. Financial Information

  3. Account Information

  1. Legitimate Interests (in order to allow us to change our business)

  • In connection with legal or regulatory obligations, law enforcement, regulators and the court service, we may share your information with law enforcement, regulatory authorities, tax authorities (including the US Internal Revenue Service pursuant to the Foreign Account Tax Compliance Act, to the extent this applies), self-regulatory organizations (such as those that operate virtual currency derivative exchanges) and officials, or other third parties when we are compelled to do so by a subpoena, court order, or similar legal procedure, or when we believe in good faith that the disclosure of personal data is necessary to prevent physical harm or financial loss, to report suspected illegal activity or to investigate violations of our Terms and Conditions or any other applicable policies. 

  • We may also use your personal data to otherwise comply with all applicable laws, regulations, rules, directives and orders.

  1. Identity Verification Information

  2. Contact Information

  3. Financial Information

  4. Account Information

  5. Communication Information

  6. Organizational Information

  7. Location Information

  8. Special Categories of Information

  1. Compliance with Legal Obligations

  2. Legal Claims

  3. Legitimate Interests (to cooperate with law enforcement and regulatory authorities)

  4. Where this includes Special Categories of Information, we will usually rely on Legal Claims, Substantial Public Interests (processing for the prevention and detection of fraud/crime), or very rarely where necessary, Explicit Consent

  • In order to communicate with you we may use your personal data to communicate with you, including providing you with updates on changes to products, services and banking facilities (whether made available by us or through us) including any additions, expansions, suspensions and replacements of or to such products, services and banking facilities and their terms and conditions.

  1. Identity Verification Information

  2. Contact Information

  3. Financial Information

  4. Account Information

  5. Communication Information

  1. Performance of a Contract

  2. Legitimate Interests (to enable us to perform our obligations and receive services to you)

  • In connection with disputes, we may use your personal data to address or investigate any complaints, claims or disputes and to enforce obligations owed to us.

  1. Identity Verification Information

  2. Contact Information

  3. Financial Information

  4. Account Information

  5. Communication Information

  1. Legal Claims

  2. Performance of a Contract

  3. Legitimate Interests (to enforce our rights under our agreements with you)

  4. Where this includes Special Categories of Information, we will usually rely on Legal Claims, or very rarely where necessary, Explicit Consent

  • For advertising, subject to applicable laws and regulations, we may use your personal data to inform our advertising and marketing strategy and to tailor our messaging to your needs. Where required by law, we will ask for your consent at the time we collect your data to conduct such marketing. An opt-out mechanism will be provided to you in each communication to enable you to exercise your right to opt out of any direct marketing. We never sell your information. You may withdraw this consent/opt-out at any time without affecting the lawfulness of processing based on your prior consent.

  1. Contact Information

  2. Communication Information

  1. Consent

  2. Legitimate Interests (to keep you updated with news in relation to our products and services)




  1. Automated Decision-Making

 

Our operation of the Paxos platforms relies on automated decision-making as part of our application process, alongside that received from credit referencing agencies and fraud prevention agencies. We also perform automated screening as required by KYC, economic sanctions, anti-terrorist financing, and AML laws.  For more information on the anti-fraud measures adopted by us, please see Section 7(a) of this Privacy Notice.

We may use criteria such as your Identity Verification Information (e.g., your name, tax id number or date of birth) to validate your identity against public records on an automated basis or without human/manual intervention. 

We do this on the basis that it is necessary for us to enter into a contract with you. If you fail to meet these criteria, your application to use the Paxos platform will be rejected. 

You may also request that we provide information about our methodology and ask us to verify that the automated decision has been made correctly. We may reject the request, as permitted by applicable law, including when providing the information would result in a disclosure of a trade secret or would interfere with the prevention or detection of fraud or other crime. However, generally in these circumstances we will verify (or request the relevant third party to verify) that the algorithm and source data are functioning as anticipated without error or bias.

  1. Marketing

 

You may receive marketing communications from us. We may use your Identity Verification Information, Contact Information, Account Information, Logging and Analytics Tools, Cookies, Technical Information, Website Usage Information and Location Information, for marketing purposes. 

We have a legitimate interest in using your personal data for marketing for our own purposes. This means Paxos does not need your consent to send you marketing information when using your personal data for this purpose. 

However, when we share your personal data with third parties for marketing purposes, we will separately and clearly obtain your consent. You can exercise your right to prevent such processing by not checking certain boxes on our marketing consent form. You can also exercise the right at any time by contacting us as set out below in Section 11.

  1. Change of Purpose

 

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to receive an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us as set out below in Section 11.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with this Privacy Notice, where this is required or permitted by law.

  1. Your Rights Regarding Personal Data 

 

You have certain rights regarding the collection and processing of personal data. You may exercise these rights, to the extent they apply to you, by contacting us at the information provided at the end of this Privacy Notice, or by following instructions provided in this Privacy Notice or in communications sent to you. 

 

Your rights vary depending on the laws that apply to you, but may include:

 

  • The right to know whether, and for what purposes, we process your personal data;

  • The right to be informed about the personal data we collect and/or process about you;

  • The right to access, modify, and correct personal data about you. Please see Section 3(a) below for more information;

  • The right to know with whom we have shared your personal data with, for what purposes, and what personal data has been shared (including whether personal data was disclosed to third parties for their own direct marketing purposes);

  • The right to withdraw your consent, where processing of personal data is based on your consent; and

  • The right to lodge a complaint with a supervisory authority located in the jurisdiction of your habitual residence, place of work, or where an alleged violation of law occurred.

 

See Your Nevada Privacy Rights, and “Your European Union Privacy Rights for more information about certain legal rights.

 

  1. Accessing, Modifying, Rectifying, and Correcting Collected Personal Data

 

We strive to maintain the accuracy of any personal data collected from you, and will try to respond promptly to update our records when you tell us the information in our records is not correct. However, we must rely upon you to ensure that the information you provide to us is complete, accurate, and up-to-date, and to inform us of any changes. Please review all of your information carefully before submitting it to us, and notify us as soon as possible of any updates or corrections. 

 

Depending on the laws that apply to you, you may obtain from us certain personal data in our records. If you wish to access, review, or make any changes to personal data you have provided to us through the Services, please contact us at the information provided at the end of this Privacy Notice. We reserve the right to deny access as permitted or required by applicable law.

 

  1. Your California Privacy Rights

 

California’s “Shine the Light” law, permits our users who are California residents to request and obtain from us a list of what personal data (if any) we disclosed to third parties for their own direct marketing purposes in the previous calendar year and the names and addresses of those third parties. Requests may be made only once per year per person, and may be sent to us as outlined in Section 11 below, and are free of charge.  However, we do not disclose personal data protected under the “Shine the Light” law to third parties for their own direct marketing purposes.

  1. Your Nevada Privacy Rights 

 

Nevada law permits our users who are Nevada consumers to request that their personal data not be sold (as defined under applicable Nevada law), even if their personal data is not currently being sold. Requests may be sent us as outlined in Section 11 below, and are free of charge. 

 

At any time, you may also request to be placed on Nevada’s internal do-not-call list. Nevada law also requires that we provide you with the following contact information:

  • Bureau of Consumer Protection: Office of the Nevada Attorney General 555 E. Washington Street, Suite 3900 Las Vegas, Nevada 89101

  • Consumers and Former Customers: Even if you never became, or are no longer, a customer, the terms in this Privacy Notice will continue to apply to you where applicable to your jurisdiction.

  • To Whom This Policy Applies: This Privacy Notice applies to products or services provided by Paxos to its customers.

  • Access to and Correction of Information: If you wish to review any file we may maintain for your personal data, please contact us at privacy. If you notify us that any information is incorrect, we will review it. If we agree, we will correct our records. If we do not agree, you may submit a short statement of dispute, which we will include in future disclosures of the disputed information. Information collected in connection with, or in anticipation of, any claim or legal proceeding will not be made available.

  • Further Information: We reserve the right to change this Privacy Notice. The examples contained within this Privacy Notice are illustrations and they are not intended to be exclusive. This notice complies with federal law and industry self-regulatory rules and regulations regarding privacy. 

 

  1. Your European Union Privacy Rights

 

In addition to the above-listed rights, EU privacy law provides individuals based on the EEA with enhanced rights in respect of their personal data. These rights may include, depending on the circumstances surrounding the processing of personal data:

 

  • The right to object at any time to your personal data being processed for direct marketing (including profiling); and in certain other situations to our continued processing of your personal data, e.g. processing carried out for the purpose of our legitimate interests.

  • The right not to be subject to decisions based on profiling or automated decision-making that produce legal or similarly significant effects on you;

  • The right to require us to restrict processing of your personal data in certain circumstances, e.g. if you contest the accuracy of the data; 

  • In certain circumstances, the right to data portability, which means that you have the right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party; and

  • In certain circumstances, the right to erasure and/or the right to be forgotten, which means that you can request deletion or removal of certain personal data we process about you.

 

Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g., the prevention or detection of crime) and our interests (e.g., the maintenance of legal privilege). If you exercise any of these rights, we will check your entitlement and respond in most cases within a month.

 

Note that we may need to request additional information from you to validate your request. For individuals located in EEA to exercise any of the rights above, you can contact Castor Pollux Holdings SARL located at 13-15 Avenue de la Liberte, L-1931 Luxembourg, Grand Duchy of Luxembourg or via email at [email protected].  

 

For individuals located UK, to exercise any of the rights above, you can contact Paxos Technology Limited located at The Courtyard, High Street, Ascot, Berkshire, United Kingdom, SL5 7HP, United Kingdom or via email at [email protected].

 

If we are unable to resolve an inquiry or a complaint, you have the right to contact the data protection regulator in the EEA country in which you are based. A list of the data protection regulators and their contact details can be found at https://edpb.europa.eu/about-edpb/about-edpb/members_en. If you are located in the UK and we are unable to resolve an inquiry or a complaint, you have the right to contact the Information Commissioner’s Officer with contact details found at https://ico.org.uk/global/contact-us/

 

  1. Your Canadian Privacy Rights

 

Residents of Canada are permitted to request and obtain from us information respecting the existence, use, and disclosure of their personal data as well as access to that information (subject to certain exceptions pursuant to applicable laws). Without limiting the above, residents of Canada will, upon request:

 

  • Be informed of whether we hold personal data about you;

  • Be provided with an account of third parties to which we have disclosed your personal data; 

  • Be able to challenge the accuracy and completeness of your personal data and have it amended as appropriate; and 

  • Be provided with information about our policies and practices with respect to the management of personal data, including: the name or title, and address, of the person who is accountable for our privacy policies and practices; the means of gaining access to personal data; a description of the type of personal data held by us, including a general account of its use; a copy of any brochures or other information that explain our policies, standards, or codes; and what personal data is made available to related organizations. 

 

  1. Your Choices

 

You have choices about certain information we collect about you, how we communicate with you, and how we process certain personal data. When you are asked to provide information, you may decline to do so; but if you choose not to provide information that is necessary to provide some of our Services, you may not be able to use those Services. In addition, it is possible to change your browser settings to block the automatic collection of certain information.

 

  1. Location Information. If you want to limit or prevent our ability to receive location information from you, you can deny or remove the permission for certain Services to access location information or deactivate location services on your device. Please refer to your device manufacturer or operating system instructions for instructions on how to do this.

 

  1. Cookies, Web Tracking, and Advertising. We use cookies and pixel tags to personalize and enhance your experience in regard to our Services, to collect data about your visit to our Services, to help diagnose problems with our servers, to administer the Services, to evaluate the effectiveness of our marketing and advertising campaigns, to permit analytics providers to gather information about your use of the Services, to gather broad demographic information about our users, and to remember choices you have made or information you have provided. Please consult our Cookie Policy and the “Your Choices” section of this Privacy Notice for more information about how we us cookies.

 

  1. Protecting Personal Data

 

We use commercially reasonable and appropriate physical, technical, and organizational safeguards designed to promote the security of our systems and protect the confidentiality, integrity, availability, and resilience of personal data in accordance with data protection legislative requirements. Those safeguards include: (i) the encryption of personal data where we deem appropriate; (ii) taking steps to ensure personal data is backed up and remains available in the event of a security incident; and (iii) periodic testing, assessment, and evaluation of the effectiveness of our safeguards.

 

However, no method of safeguarding information is completely secure. While we use measures designed to protect personal data, we cannot guarantee that our safeguards will be effective or sufficient. In addition, you should be aware that Internet data transmission is not always secure, and we cannot warrant that information you transmit utilizing the Services is or will be secure. 

 

  1. Retention of Personal Data. 

 

We retain personal data for as long as is necessary for the processing purpose(s) for which they were collected and any other permitted linked purpose (for example certain transaction details and correspondence may be retained until the time limit for claims in respect of the transaction has expired or in order to comply with regulatory requirements regarding the retention of such data), as well as to the extent we deem necessary to carry out the processing activities described above, including but not limited to compliance with applicable laws, regulations, rules and requests of relevant law enforcement and/or other governmental agencies, and to the extent we reasonably deem necessary to protect our and our partners’ rights, property, or safety, and the rights, property, and safety of our users and other third parties.

 

Your personal data will not be kept in a form that allows you to be identified for any longer than we reasonably consider necessary to accomplish the purposes for which it was collected or processed, or as permitted or required by applicable laws related to data retention. Our retention periods are based on business needs and legal requirements for retention, and your information that is no longer needed is either irreversibly anonymized (and the anonymized information may be retained) or securely destroyed. By way of example:

 

  1. Use to perform a contract. In relation to your personal data used to perform any contractual obligation to you, we may retain that personal data whilst the contract remains in force plus a further period (depending on jurisdiction and other factors) to deal with any queries or claims thereafter;

 

  1. Copies of evidence obtained in relation to AML checks. In relation to your personal data obtained in relation to AML checks, we may retain that personal data whilst our client relationship remains in force plus a further 5 years to deal with any queries or claims thereafter; and

 

  1. Where claims are contemplated. In relation to any information where we reasonably believe it will be necessary to defend or prosecute or make a claim against you, us or a third party, we may retain that information for as long as that claim could be pursued.

 

  1. Anonymity. PAX and other virtual currencies may not be fully anonymous as a result of the public digital ledgers reflecting these currencies. Generally, anyone can view the balance and transaction history of any public wallet address. We, and others who are able to can match your public wallet address to other information about you, and also may be able to identify you from a blockchain transaction. Furthermore, third parties may use data analytics to identify other information about you. Please note that such third parties have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your personal data.

 

Thereafter, as a general matter, your personal data will be archived and stored to be used and otherwise processed in the event of legal or regulatory requirements, statutes of limitations, disputes, or actions, and will be stored and, if applicable, used and otherwise processed until reasonably after the end of any such requirement, limitation, dispute, or action, including any potential periods of review or appeal.

 

Thereafter, your personal data will be anonymized, deleted or archived as permitted by applicable law.

 

  1. Other Important Information About Personal Data and the Services.

 

  1. Processing for Fraud Prevention and Detection Purposes.  Before we provide our services to you, we undertake checks for the purposes of preventing fraud and money laundering and to verify your identity. These checks require us to process personal data about you. The personal data you have provided, we have collected from you, or we have received from third parties will be used to prevent fraud and money laundering and to verify your identity.

 

In order to do so, we may provide information to, obtain information from, and verify information with fraud prevention and debt collection agencies and credit reference agencies (in their role as fraud prevention agents). We will continue to exchange information with such parties while you have a relationship with us.

 

We, fraud prevention and debt collection agencies and credit reference agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.

 

Fraud prevention agencies and credit reference agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.

 

As part of the processing of your personal data, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behavior to be consistent with money laundering or known fraudulent conduct, or is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity. You have rights in relation to automated decision making as set out in Section 6(a) of this Privacy Notice. 

 

As a consequence of processing, if we, or a fraud prevention agency or credit reference agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services you have requested or we may stop providing existing services to you.

 

A record of any fraud or money laundering risk will be retained by the fraud prevention agencies and credit reference agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us as per Section 11 of this Privacy Notice.

 

If you are based in the EEA, whenever fraud prevention agencies transfer your personal data outside of the EEA, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the EEA. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.

 

  1. Collection of Personal Data from Children. Children under 18 years of age are not permitted to use the Services, and we do not knowingly collect information from children under the age of 18. By using the Services, you represent that you are 18 years of age or older. 

 

  1. Third-Party Websites and Services. As a convenience, we may reference or provide links to third-party websites and services, including those of unaffiliated third parties, our affiliates, service providers, and third parties with which we do business. When you access these third-party services, you leave our Services, and we are not responsible for, and do not control, the content, security, or privacy practices employed by any third-party websites and services. You access these third-party services at your own risk. This Privacy Notice does not apply to any third-party services; please refer to the Privacy Notices or policies for such third-party services for information about how they collect, use, and process personal data.

 

  1. Business Transfer. We may, in the future, sell or otherwise transfer some or all of our business, operations or assets to a third party, whether by merger, acquisition or otherwise. Personal data we obtain from or about you via the Services may be disclosed to any potential or actual third-party acquirers and may be among those assets transferred.

 

  1. Do Not Track. We use analytics systems and providers that process personal data about your online activities over time and across third-party websites or online services, and these systems and providers may provide some of this information to us. We do not process or comply with any web browser’s “do not track” signal or similar mechanisms.

 

  1. Who We Share Your Personal Data With. We routinely share personal data with: companies within our group; third parties we use to help deliver our products and services to you; other third parties we use to help us run our business, e.g. marketing agencies or website hosts; third parties approved by you, e.g. social media sites you choose to link your account to or third party payment providers; credit reference agencies; our insurers and brokers; and our bank[s]. We only allow our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers to ensure they can only use your personal data to provide services to us and to you. We may also need to: share personal data with external auditors; disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations; and share some personal data with other parties, such as potential buyers of some or all of our business or during a restructuring—usually, information will be anonymized but this may not always be possible, however, the recipient of the information will be bound by confidentiality obligations.

 

  1. International Transfers Outside of the European Economic Area and United Kingdom 

 

This Section 8 applies to individuals located in the EEA or the UK. Your personal data will be stored and processed in certain countries outside the EEA and UK that have been approved by the European Commission as providing essentially equivalent protections to EEA and UK data protection laws and therefore no additional safeguards are required to export personal information to these jurisdictions. In countries that have not had these approvals, (see the full list here http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm), we will transfer it subject to the European Commission standard contractual clauses that impose equivalent data protection obligations directly on the recipient unless we are permitted under applicable data protection law to make such transfers without such formalities. 

 

  1. Modifications and Updates to this Privacy Notice

This Privacy Notice replaces all previous disclosures we may have provided to you about our information practices with respect to the Services. We reserve the right, at any time, to modify, alter, and/or update this Privacy Notice, and any such modifications, alterations, or updates will be effective upon our posting of the revised Privacy Notice. We will use reasonable efforts to notify you in the event material changes are made to this Privacy Notice, such as by posting a notice on the Services or sending you an email. Your continued use of the Services following our posting of any revised Privacy Notice will constitute your acknowledgement of the amended Privacy Notice. 

  1. Applicability of this Privacy Notice

This Privacy Notice is subject to the Terms and Conditions and any partner or affiliate agreements, as applicable, that govern your use of the Services. This Privacy Notice applies regardless of the means used to access or provide information through the Services. 

This Privacy Notice does not apply to information from or about you collected by any third-party services, applications, or advertisements associated with, or websites linked from, the Services. The collection or receipt of your information by such third parties is subject to their own privacy policies, statements, and practices, and under no circumstances are we responsible or liable for any third party’s compliance therewith. 

  1. Additional Information and Assistance

If you have any questions or concerns about this Privacy Notice and/or how we process personal data, please contact: [email protected], via our support page or by writing to us at 450 Lexington Ave., Suite #3952, New York, NY 10163.  

If you are based in the EEA, you can also contact Castor Pollux Holdings SARL located at 13-15 Avenue de la Liberte, L-1931 Luxembourg, Grand Duchy of Luxembourg or via email at [email protected].  

If you are based in the UK you can also contact Paxos Technology Limited located at The Courtyard, High Street, Ascot, Berkshire, United Kingdom, SL5 7HP, United Kingdom or via email at [email protected].  

If we are unable to resolve an inquiry or a complaint, you have the right to contact the data protection regulator in the EEA country in which you are based. A list of the data protection regulators and their contact details can be found at https://edpb.europa.eu/about-edpb/about-edpb/members_en. If you are located in the UK and we are unable to resolve an inquiry or a complaint, you have the right to contact the Information Commissioner’s Officer with contact details found at https://ico.org.uk/global/contact-us/