Data Protection Policy
Cayman Privacy Notice

BullionFX (the “Company”) and its subsidiaries (referred to collectively as the Company or “we” or “our”) are committed to respecting the privacy of all individuals.

This Privacy Notice (“Privacy Notice”), our website notices, your subscription agreement, and any other agreements between you and us, set out the basis on which the Company processes personal data. Please read the following carefully to understand our views and practices regarding how we handle personal data.

For the purposes of applicable data protection law (in particular, the Cayman Islands Data Protection Act (Revised) (the “DPA”)), the Company is the “data controller” of your personal data.

Personal Data We Collect
We will collect and process the following personal data:
– Information you give us:

(i) If you are inquiring about or using our products and services (including, where you invest in the Company then we will process your personal data – including your name, address, e-mail address and phone number, financial information, personal description, photograph, identification documentation (including your passport or drivers licence or other identification card), information about your dependents or beneficiaries, as well as information about your investments in the Company.

(ii) You may give us information about you when you correspond with us by phone, e-mail or other electronic means, or in writing. This includes information you provide when you subscribe to the Company, search our site, make inquiries, submit information or content to our site, when you report a problem with our site – including your name, email address, postal address, telephone and fax.

(iii) Information we collect about you: With regard to each of your visits to our site we will automatically collect the following information:

a. technical information, including the Internet Protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and

b. information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products, services or issues you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.

– Information we receive from other sources:

(i) We are a Cayman Islands exempted company formed with limited liability and intend to be registered with the Cayman Islands Monetary Authority as a virtual asset service provider.

(ii) We also work closely with third parties (for example, administrators, banks and other financial institutions, business partners, placement agents, introducers, legal, accounting, consultants, sub-contractors in technical, payment and delivery services, analytics providers, search information providers) and may receive information about you from them.

(iii) Public information about you, including public record searches, bankruptcy filings, pending litigation, judgments and liens, and criminal databases for use in required “Know Your Customer” activities, Anti-Money Laundering activities, sanctions screening, and other legal requirements to which we are subject.

(iv) Information about other people: If you provide information to us about any person other than yourself, such as your relatives, your executors, next of kin, your advisers or your suppliers, you must ensure that they understand how their information will be used, and that they have given their permission for you to disclose it to us and for you to allow us, and our outsourced service providers, to use it.

Purposes and Legal Basis

We will ask you for consent to collect or process your personal data on certain occasions, for example, and as stated below, where necessary in order to contact you with information about products and services that might be of interest to you.

We also process your personal data when we need to do this to fulfil a contract with you, such as to give effect to your investment in the Company (including verifying your identity), or when required by law, such as if we receive a request from law enforcement or other government officials.

We also process your personal data when it is in our legitimate interest to do this and when this interest is not overridden by your data protection rights. In particular:

(i) we will use your personal data to provide services to you, and to respond to any comments or requests you may send us;

(ii) we monitor use of our website, and use your personal data to help us monitor, improve and protect our services and website, both online and offline;

(iii) we monitor investor accounts to prevent, investigate and/or report fraud, terrorism, misrepresentation, security incidents or crime, in accordance with applicable law; and

(iv) we will use personal data in connection with legal claims, compliance, regulatory and investigative purposes as necessary (including disclosure of such information in connection with legal process or litigation).

For example, we have a legitimate interest in the effective administration of the Company and our business, and in ensuring the security and integrity of our website.

Disclosure of Your Personal Data

We may share your personal data with our subsidiaries and/or affiliates:

(i) to manage, administer and service the Company; and

(ii) to the following individuals employed by such subsidiaries and affiliates on a need to know basis, including without limitation, their respective attorneys, compliance professionals, human resources personnel, internal auditors, accountants, and members of senior management.

We will also share your personal data with trusted third parties including:

(i) Banks and other financial institutions which, for example, act as administrators, trustees, brokers or custodians on behalf of the Company;

(ii) Firms conducting anti-money laundering, know your customer and FATCA tax review with respect to the Company’s onboarding of new investors and updating investor information as may be required;

(iii) Legal, accounting, and other advisers, consultants and professional experts, correspondents, and suppliers and service providers of any of the above, and each of their associated businesses;

(iv) Business partners, suppliers and sub-contractors only for the purposes of performance of any contract we enter into with them or you. We take reasonable steps to ensure that our staff protect your personal data, and are aware of their information security obligations;

(v) Placement agents and introducers; and

(vi) Analytics and search engine providers that assist us in the improvement and optimization of our site.

We may disclose your personal data to third parties:

(i) If we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;

(ii) If the Company, its business, or its assets are acquired by a third party, in which case personal data held by it about its users, suppliers, or customers will be one of the transferred assets;

(iii) If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms and conditions and other agreements; or if we reasonably consider this necessary; or to protect the rights, property, or safety of the Company, our users, our customers, or others; and

(iv) For the purposes of crime prevention and fraud protection.

Marketing Communications

We, or trusted third parties on our behalf, may contact you by email or post with information about products and services that might be of interest to you. Where necessary, at the time that you provide your personal data to us, you will be given the opportunity to indicate whether or not you are happy for us to use your personal data in order to tell you about such products or services.

Where We Store Your Personal Data and How We Protect it

Some of the Company subsidiaries and/ or affiliates and third parties to whom the Company discloses your personal data (as described above) are located in countries outside the Cayman Islands that do not provide a level of protection to personal data equivalent to that provided by the Cayman Islands.

The DPA permits the transfer of personal data to countries that have not be recognized as providing adequate protection where such transfer is necessary for the performance of a contract between the data subject and data controller.

While we take reasonable steps to protect your personal data from loss or destruction, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our site; any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorized access.

Your Rights

You have various rights with respect to our use of your personal data:

– Access: You have the right to request a copy of the personal data that we hold about you. Please note that there are exceptions to this right, so that access will be denied if, for example, making the information available to you would reveal personal data about another person, or if we are legally prevented from disclosing such information. You are entitled to see the personal data held about you. If you wish to do this, please contact us using the contact details provided below.

– Accuracy: We aim to keep your personal data accurate, current, and complete. We encourage you to contact us using the contact details provided below to let us know if any of your personal data is not accurate or changes, so that we can keep your personal data up-to-date.

– Objecting: In certain circumstances, you also have the right to object to processing of your personal data and to ask us to block, erase and restrict your personal data. If you would like us to stop using your personal data, please contact us using the contact details provided below.

– Complaints: If you believe that your data protection rights may have been breached, you have the right to lodge a complaint to the applicable supervisory authority or to seek a remedy through the courts.

Please note that there are exceptions to these rights, if, for example, we are under a legal obligation to continue to process your personal data.

When we ask you to supply us with personal data we will make it clear whether the personal data we are asking for must be supplied so that we can provide the products and services to you, or whether the supply of any personal data we ask for is optional.

How Long We Keep Your Personal Data

We will retain your personal data, whether or not your account is active, for as long as we believe it necessary or desirable to fulfil our business purposes and to comply with applicable law, audit requirements, regulatory requests or orders from competent courts.

Personal Data collected will be retained pursuant to our record retention policy, and in most instances will not be retained longer than seven (7) years from the date you cease to be an investor in the Company.

Changes to our Privacy Notice

Any changes we make to our Privacy Notice in the future will be posted on our website and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our Privacy Notice.

Contact Details

Questions, comments and requests regarding this Privacy Notice are welcomed and should be addressed to hello@bullionfx.com.

DEX
Privacy Policy:

BullionFX is the provision of services of a decentralised exchange, allowing the buying and selling of $GOLD, and $BULL.

At BullionFX, we care about the privacy of your data and are committed to protecting it.

We recognise that sharing sensitive information with BullionFX is important and we want you to feel reassured that we have implemented industry-leading security practices and that this privacy policy guides how our organisation protects your information.

This Privacy Policy (‘Policy’) explains what information we collect about you and why, what we do with that information, and how we handle that information. We will also explain what choices you have with respect to the information.

BullionFX Limited is a Cayman Islands registered company.

If you have any feedback on this policy, or you wish to contact us, please email us at bullionfx@bullionfx.com We look forward to hearing from you.

How we treat privacy

In this Privacy Policy, ‘us’ ‘we’ or ‘our’ means BullionFX Limited and our subsidiaries hereby referred to as “BullionFX”. We are committed to respecting your privacy. Our Privacy Policy sets outs out how we collect, use, store and disclose your personal information.

By providing personal information to us, you consent to our collection, use and disclosure of your personal information in accordance with this Privacy Policy and any other arrangements that apply between us. We may change our Privacy Policy from time to time by publishing changes to it on our website. We encourage you to check our website periodically to ensure that you are aware of our current Privacy Policy. Personal information includes information or an opinion about an individual that is reasonably identifiable.

This Policy applies to the Sites and the Services (in each case, as defined in the Terms of Use). If you do not agree with the terms of this Policy, do not access or use the Services, the Sites, or any other aspect of our business.

What personal information do we collect?
We may collect the following types of personal information:

Contact Information, such as your name, email address, physical address and country information.

Financial Information, such as your Ethereum network address, cryptocurrency wallet information, transaction history, trading data and associated fees paid.

Transaction Information, such as information about the transactions you make on our Services, such as the type of transaction, transaction amount, and timestamp.

Correspondence, such as your feedback, questionnaire and other survey responses, and information you provide to our support teams, including via our help chat or social media messaging channels.

Online Identifiers, such as username, geo location or tracking details, browser fingerprint, operating system, browser name and version, and IP addresses.

Usage and Diagnostics Data, such as conversion events, user preferences, crash logs, device information and other data collected via cookies and similar technologies.

Information We Get from Others. We may get information about you from other sources as required or permitted by applicable law, including public databases. We may combine the information collected from these sources with the information we get from this Site in order to comply with our legal obligations and limit the use of our Services in connection with fraudulent or other illicit activities.

Information from cookies and other tracking technologies. We, and third parties we authorize, may use cookies, web beacons, and similar technologies to record your preferences, track the use of our Sites, including our mobile applications, and collect information about the use of the Services, as well as about our interactions with you. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, device information, date or time stamp, and clickstream data, and information about your interactions with the communications we send to you. We may combine this automatically collected log information with other information we collect about you. You may choose to set your web browser to refuse cookies, or to alert you when cookies are being sent. If you do so, please note that some parts of our Services may not function properly.

We may collect this information when you:

register on our website bullionfx.com or app.bullionfx.com;

communicate with us through correspondence, chats, email, or when you share information with us from other social applications, services or websites;

interact with our sites, services, content and advertising; or

invest in our business or enquire as to a potential purchase in our business.

Collection of Information from Children

Our products and services are directed at adults aged 18 years and over, and are not intended for children. We do not knowingly collect data from this age group. Any data collected from a child before their age is determined will be deleted.

If you are under the age of 18, please do not submit any personal information through the Site and/or Products and Services. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce this Policy by instructing their children never to provide personal information through the Sites and/or Products without their permission.

How We Use Information

We use your information in accordance with your instructions, including any applicable terms in the Terms of Use, required by applicable law. We may also use the information we collect for:

Providing Services and Features -

We may use the information we collect to provide, personalize, maintain, and improve our products and Services, including as we described in the Terms of Use. This includes using information to: operate, maintain, customize, measure, and improve our Services, and manage our business;

create and update user accounts;

process transactions;

send information, including confirmations, notices, updates, security alerts, and support and administrative messages; and

to create de-identified or aggregated data.

Safety and Security

We may use your information to help maintain the safety, security, and integrity of you and our Services, including to:

protect, investigate, and deter against fraudulent, unauthorized, or illegal activity;

monitor and verify identity or service access, combat spam, malware or security risks;

perform internal operations necessary to provide our Services, including to troubleshoot software bugs and operational problems;

enforce our agreements with third parties, and address violations of our Terms of Use or agreements for other products or services; and

comply with applicable security laws and regulations.

Customer Support

We may use information we collect to provide customer support, including to:

direct questions to the appropriate customer support person;

investigate and address user concerns; and

monitor and improve our customer support responses and processes.

Legal and Regulatory Compliance

We may verify your identity by comparing the personal information you provide against third-party databases and public records. We may use the information we collect to investigate or address claims or disputes relating to use of our Services, or as otherwise allowed by applicable law, or as requested by regulators, government entities, and official inquiries.

Direct Marketing

We may use the information we collect to market our Services to you. This may include sending you communications about our Services, features, promotions, surveys, news, updates, and events, and managing your participation in these promotions and events.

If you do not want us to send you marketing communications, please opt out by selecting “unsubscribe” to any marketing email sent by us or by contacting us at bullionfx@bullionfx.com

To whom do we disclose your personal information?

We may disclose personal information for the purposes described in this privacy policy to: our employees, contractors and subsidiaries;

third party suppliers and service providers (including providers for the operation of our websites and/or our business or in connection with providing our products and services to you);

professional advisers, dealers and agents;

our sponsors or promoters of any competition that we conduct via our services;

anyone to whom our assets or businesses (or any part of them) are transferred;

specific third parties authorised by you to receive information held by us; and/or

other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law.

Reasons We Can Share Your Personal Information

We need to share users’ personal information to operate certain aspects of the BullionFX Whether we share your personal information, the reasons for which we share your personal information and whether you can limit this sharing include the following:

We share users’ personal information for our everyday business purposes, such as to process and match your orders and respond to court orders and legal investigations. You cannot limit our sharing of this information.

We share users’ personal information for our marketing purposes, such as to offer our products and services to you. You cannot limit our sharing of this information.

We do not share users’ personal information for joint marketing with financial companies.

We do not share users’ personal information for our affiliates’ everyday business purposes.

We do not share users’ personal information for our affiliates to market to you.

We share users’ personal information for nonaffiliates to market to you.

Accessing or correcting your personal information

You can access the personal information we hold about you by contacting us using the information on the contact page of our website. Sometimes, we may not be able to provide you with access to all of your personal information and, where this is the case, we will tell you why. We may also need to verify your identity when you request your personal information. If you think that any personal information, we hold about you is inaccurate, please contact us and we will take reasonable steps to ensure that it is corrected.

Cost for accessing my personal information

Depending on the amount of information you request, we may charge you a fee for organising the information you request from us. We will give you an estimate of the fee before we organise the information. Then, we can work with you to check whether you wish to limit your request to reduce the charges.

To view or update your information, contact us at bullionfx@bullionfx.com. We store your information throughout the life of your use of the Services and thereafter.

Security

We may hold your personal information in either electronic or hard copy form. We take reasonable steps to protect your personal information from misuse, interference and loss, as well as unauthorised access, modification or disclosure and we use a number of physical, administrative, personnel and technical measures to protect your personal information.

We operate in line with the principles of the international information security standard (ISO 27001).

Although we take steps to secure your information, we cannot guarantee that your information, searches, or other communication will always remain secure. You are responsible for all activity on BullionFX relating to any of your network addresses or cryptocurrency wallets.

Links

Our website may contain links to websites operated by third parties. Those links are provided for convenience and may not remain current or be maintained. Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content on, those linked websites, and have no control over or rights in those linked websites. The privacy policies that apply to those other websites may differ substantially from our Privacy Policy, so we encourage individuals to read them before using those websites.

Additional rights under General Data Protection Regulation (GDPR) if you are located in the EEA

The General Data Protection Regulation (GDPR) regulates the way we process information, from which you can be identified or from which you are identifiable, that we collect about you while you reside in a country in the European Economic Area (EEA) or Switzerland. This policy refers to that information as “personal data”. The term “personal information” in this policy also includes that “personal data”. For GDPR purposes, we process personal data about you when we collect and use that personal data. Also, we are the controller of that personal data. When we collect personal data, we manage that personal data under this policy, the GDPR and any other law that applies to processing that personal data.

The EEA countries are: Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, the United Kingdom, Iceland, Liechtenstein and Norway.

The following explains how we comply with the GDPR for residents of the European Economic Area (EEA) or Switzerland.Note the following does not apply if you reside outside of the above countries.

We will retain personal data about you only for as long as is necessary for the purposes set out in this policy. We will retain and use that personal data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

We may transfer personal data about you to, and maintain it on, computers located outside of your State, province, country or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction.

We may transfer that personal data to other jurisdictions and process it there. We will take all steps reasonably necessary to ensure that personal data about you is treated securely and in accordance with this policy and no transfer of that personal data will take place to an organization or a country, unless there are adequate controls in place including the security of that personal data.

If you are a resident of an EEA country or Switzerland, you have certain data protection rights with respect to personal data we collect about you while you reside in that country. We will take reasonable steps to allow you to correct, amend, delete, or limit the use of that personal data. If you wish to do so, please email us.

If you wish to know what personal data we hold about you and if you want us to remove that personal data from our systems, please contact us.

You have the right to complain to a data protection authority about our collection and use of personal data we hold about you. For more information, please contact your local data protection authority in the country (an EEA country or Switzerland) of which you were a resident when we collected personal data about you.

As an EU resident, you have various rights in connection with the processing of your personal data as follows:

You have the right to information about your personal data processed by us and to the following information: (a) the processing purposes; (b) the categories of personal data being processed; (c) the recipients or categories of recipients to whom the personal data have been or are being disclosed, in particular recipients in third countries or international organizations; (d) if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration; (e) the existence of a right to rectification or deletion of your personal data, to restricting the processing of your personal data or to objecting to such processing; (f) the existence of a right of appeal to a supervisory authority; (g) if the personal data is not collected from you, all available information about the origin of the data; (h) the existence of automated decision-making and, at least in these cases, meaningful information on the logic involved and the scope and intended impact of such processing on the data subject; and (i) in the case of the transfer of personal data to a third country or an international organization, on the appropriate safeguards in relation to the transfer.

You have the right to immediately request the rectification of inaccurate personal data concerning you and, taking into account the purposes of the processing, the completion of incomplete personal data, by means of providing a supplementary statement.

You have the right to request the immediate erasure of personal data concerning you and we are obliged to delete this data immediately if one of the following reasons applies: (i) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed; (ii) you revoke your consent on which the processing was based under Article 6(1)(a) or Article 9(2)(a) of the GDPR and there is no other legal basis for the processing; (iii) you object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for processing or you object to the processing pursuant to Article 21(2) of the GDPR; (iv) your personal data has been processed unlawfully; (v) the deletion of your personal data is necessary to fulfill a legal obligation under EU law or the law of the member states to which we are subject; (vi) the personal data have been collected in relation to information society services provided in accordance with Article 8(1) of the GDPR. If we have made personal data public and are obliged to erase personal data in accordance with Article 17(1) of the GDPR, we will take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform controllers who process the personal data you have requested the erasure by such controllers of any links to or copies or replications of, such personal data.

The rights in the foregoing paragraph do not apply to the extent that processing is necessary (A) to exercise the right of freedom of expression and information; (B) to fulfill a legal obligation required for processing under EU law or the law of the member states to which we are subject; or (C) to assert, exercise or defend legal claims.

You have the right to request us to restrict processing if one of the following conditions is met: (1) the accuracy of the personal data is contested by you, for a period of time that enables us to verify the accuracy of the personal data; (2) the processing is unlawful and you oppose to delete the personal data and instead requests the restriction of the use of your personal data; (3) we no longer need your personal data for the purposes of processing, but you do need it to assert, exercise or defend legal claims; or (4) you have objected to the processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate interests of our company override your legitimate interests.

You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format and you have the right to transmit this data to another controller without hindrance, provided that the processing is based on a consent pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR and the processing is carried out by automated means. When exercising your right to data portability, you have the right to have your personal data transferred directly by us to another controller, to the extent that such transfer is technically feasible.

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) of the GDPR, including profiling based on these provisions. We will no longer process your personal data unless we can demonstrate compelling legitimate reasons for the processing that override your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims.

You have the right to revoke your consent to the processing of your personal data at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until revocation.

Making a complaint

If you have a concern or complaint about how we have handled your personal information, let the BullionFX team know and we’ll try to fix it. We try to get things right the first time – but if we don’t, we’ll do our best to sort it out. If you are satisfied with how we respond to your complaint about how we’ve handled your personal information, there are other things you can do.

Contact Us

For further information about our Privacy Policy or practices, or to access or correct your personal information, or make a complaint, please contact us using the using the information on the contact page of our website or email us at bullionfx@bullionfx.com