Who Are We?
Bitnomics.co website is owned by Money Flow OÜ , a company registered under the number 14845103. Until July 18, 2023, Money Flow OÜ provided virtual currency services under licence number: FVT000047. After this date, Money Flow OÜ discontinued the provision of crypto exchange services at its own discretion and own decision, and the legal entity underwent a change in its area of economic activity. Money Flow OÜ has its registered and operational address at Valukoja tn 8/1, 11415, Estonia, located in Harju maakond, Tallinn, Lasnamäe linnaosa.
Your Acknowledgment of this Policy
You are not legally required to provide us with any personal data. This means that if you provide us with data, you are doing so out of your own volition and consent; we cannot force you to provide any personal data, but without your personal data, we cannot provide you with the services.
You have the right to withdraw from this consent at any time and, in such a case, request that we either cease processing your personal data or that we delete whatever personal data is no longer required to retain under law. Such removal of data may also prevent you from receiving updates and support.
Which Personal Data Do We Collect About You?
We collect these types of personal data:
Non-Personally Identifiable Data. The first type is non-personally identifiable data and statistical information. Non-personally identifiable data gathered consists of technical and behavioural information that does not pertain to a specific individual (“Non-Personal Data”). This includes your device type, browser type and version, IP data, screen size and resolution, language and other technical data. While it is not specifically personally identifiable, it may be reverse-engineered to be identifiable and therefore is considered personal data.
Personally Identifiable Data. The other type of data we collect is individually identifiable data. To put it simply, this data identifies an individual or is of a private and/or sensitive nature, such as your contact information and financial data, including:
- Your contact details include your email address, phone number, full name, date of birth, gender and residence.
- Your financial data, including the identity of cryptocurrency accounts you transferred sums to or from, your bank details, and your transaction list.
- Your documents and data are uploaded in our Know-Your-Customer process, including a photocopy of your ID, a video containing your image, your proof of address and utility bills and other data filled in our forms such as your source of wealth and source of funds.
How Do We Collect Personal Data?
Personal data is collected from your use of the services and service providers who provide us with financial services, know-your-customer services, and intelligence services.
What Are The Purposes of the Collection and Processing of Data?
The purposes of collecting and processing the data are to provide you with the services, which means we use your data to provide you with the services and support you.
Moreover, we may use personal data to improve the services. This means that we use aggregated insights of how our users interact with our services to obtain insights that lead to the improvement of future versions, bug reports, and feature requests.
The basis for our use is both your consent under this privacy policy and that processing is necessary for compliance with legal obligations to which we are subject, such as financial regulations and anti-money-laundering regulations; processing is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into a contract, such as to provide you with the services. Processing is necessary for the purposes of our legitimate interests, such as providing you with our services and complying with industry standards.
We may create look-alike audiences and share our customer lists with advertising services that may provide us with such services, all under confidentiality obligations.
We may also use your email address to send you our services and promotional material information.
When we say “our services”, we mean our cryptocurrency exchange service and website.
How Can We Contact You?
If you registered for our service, we might contact you with periodic updates and promotional emails relating to the service and the products or services we offer.
You may opt out of these at any time, but not from transactional emails, such as updates on payments, withdrawals, or cryptocurrency purchase orders.
Moreover, if you showed interest in one of our products or services, we may contact you in relation to such product or service either by email, phone, text or post.
Your Personal Data Rights
Right of Access and Rectification
You have the right to know what personal data we collect about you and ensure that such data is accurate and relevant for the purposes we collected it. You can receive a copy of your personal data and rectify such personal data if it is not accurate, complete, or updated. However, we may first ask you to provide us with certain credentials to permit us to identify you before rectifying, deleting, or reviewing.
Right to Delete Personal Data or Restrict Processing
Right to Withdraw Consent
You have the right to withdraw your consent to processing your personal data. This right will not affect the lawfulness of processing your personal data based on your consent before its withdrawal. Please note that withdrawal of your consent would most likely cause us to delete your personal data rather than cease processing in most cases.
You have the right to delete your personal data or restrict its processing by ourselves and third parties. We may postpone or deny your request if your personal data is currently used for the purposes for which it was collected or for other legitimate purposes such as compliance with legal obligations.
Right of Data Portability
Where technically feasible, you have the right to ask to transfer your personal data in accordance with your right to data portability. In order to apply for this, please contact us at [email protected].
The Right to Lodge a Complaint
You also have the right to complain to a data protection supervisory authority regarding the processing of your personal data.
Your Brazilian LGPD Rights
Notwithstanding anything in this privacy policy, you may exercise your LGPD rights, including your rights for (i) confirmation of the existence of the processing; (ii) access to the data; (iii) correction of incomplete, inaccurate or out-of-date data; (iv) anonymisation, blocking or deletion of unnecessary or excessive data or data processed in non-compliance with the provisions of the LGPD; (v) portability of the data to another service or product provider, using an express request and subject to commercial and industrial secrecy, according to the regulation of the controlling agency; (vi) deletion of personal data processed with your consent, except in the situations provided in Art. 16 of this the LGPD; (vii) information about public and private entities with which the controller has shared data; (viii) information about the possibility of denying consent and the consequences of such denial; (ix) revocation of consent as provided in §5 of Art. 8 of the LGPD.
We respond to “Do Not Track” signals
If you do not wish your browser to allow us to use trackers, please use your browser’s “Do Not Track” option.
Exercising Your Rights
We acknowledge you have the right to access and change the Personal Data we collect and process. If you wish to access, correct, amend, or delete Personal Data, please email [email protected]. We will respond within a reasonable timeframe, but no later than permitted by applicable law in any event.
Additionally, please note that to ensure you have as much control over your Personal Data and other information as possible, you may modify certain parts of your information by contacting us.
Sharing Personal Data with Third Parties
We respect your privacy and will not disclose, share, rent, or sell your Personal Data to any third party unless the sharing of your Personal Data is made upon your specific, explicit request or for our legitimate interests, which are in compliance with regulatory requirements and performance of our obligations, as set out below.
- We share data with third parties that assist us in providing the Service. They are given access to customers’ accounts and Service Data only as reasonably necessary to provide the Service and will be subject to confidentiality obligations in their service agreements;
- We share data with third-party service providers providing us with services such as research and analytics, anti-spamming and anti-phishing services, marketing and data enrichment.
- We share data with third-party payment processors who process your credit card and other payment information.
- We share data with third-party partners to assist us in KYC and provide any further support needed to use our Service.
- We may share data with auditors, lawyers, accountants and other professional advisers who advise and assist us in relation to the lawful and effective management of the Service and relation to any disputes we may become involved in.
- We may share data with Law enforcement or other government and regulatory agencies and bodies or other third parties as required by and according to applicable law and regulations.
This list is non-exhaustive, and there may be circumstances where we need to share Personal Data with other third parties.
Where necessary (such as when we transfer data to service providers), we put in place appropriate contractual arrangements and security mechanisms to protect the Personal Data shared and comply with our data protection, confidentiality and security standards and obligations.
We may also disclose data to comply with government agencies’ authorisation requests or judicial warrants. Unless prohibited under the law from doing so, we shall notify you about such a request.
Location of Your Data
As detailed in this Privacy Policy, the personal data collected from you may be transferred to and stored at servers that may be located in countries outside of your jurisdiction and countries according to our third-party provider’s standard contractual obligations.
It may also be processed by our suppliers and service providers or partners’ staff operating outside your country.
We are committed to protecting your Personal Data. We will take appropriate steps to ensure that your Personal Data is processed and stored securely and in accordance with applicable privacy laws, as detailed in this Privacy Policy. Such steps include implementing data transfer agreements or ensuring our third-party service providers comply with our data transfer protection measures.
We will ensure the confidentiality, integrity and availability of your Personal Data by Transferring your personal data only to (i) countries approved by the European Commission as having adequate data protection laws; (ii) entities that executed standard contracts that have been approved by the European Commission and which provide an adequate level of high-quality protection, with the recipients of your Personal Data; and (iii) Transferring your Personal Data to organisations that are Privacy Shield Scheme certified, as approved by the European Commission.
By submitting your personal data through the service, you acknowledge and agree to such transfer, storing and/or processing of personal data in a jurisdiction where such consent is required.
Cookies
We use both first-party and third-party cookies. A cookie is a small file placed on your computer meant to authenticate or verify your session with us. However, a cookie may have some identifying features.
Minors / Children
The service is intended for users over the age of eighteen (18).
Therefore, we do not intend and do not knowingly collect Personal Data from children under the age of sixteen (16) and do not wish to do so.
We reserve the right to request proof of age at any stage to verify that minors under the age of sixteen (16) are not using the service.
If we learn that we collected Personal Data from minors under the age of sixteen (16), we will delete that data as quickly as possible.
If you have reasons to suspect that we collected Personal Data from minors under the age of sixteen (16), please notify us at [email protected], and we will delete that personal data as quickly as possible.
Security
We take appropriate measures to maintain the security and integrity of our service and prevent unauthorised access to it or use thereof through generally accepted industry standard technologies and internal procedures.
Please note, however, that there are inherent risks in the transmission of information over the Internet or other methods of electronic storage, and we cannot guarantee that unauthorised access or use will never occur.
We will comply with applicable law in the event of any breach of the security, confidentiality, or integrity of your Personal Data. We will inform you of such a breach if required by applicable law.
To the extent that we implement the required security measures under applicable law, we shall not be responsible or liable for unauthorised access, hacking, or other security intrusions or failure to store or the theft, deletion, corruption, destruction, damage, or loss of any data or information included in the personal data.
Data Retention
We will retain the Personal Data for as long as we believe that it is accurate and can be relied upon. Personal Data that is no longer required for the purpose for which it was initially collected will be deleted unless we have a valid justification to retain it that is permitted under applicable law, such as to resolve disputes or comply with our legal obligations.
Data Breach Notification
We comply with local authorities in data breach notifications. In any case, where a severe data breach occurs, we will also notify data subjects after such breach and cooperate with the legal authorities to reduce the exposure of personal data.
Complaints and Arbitration
If you feel or believe that your personal data rights were harmed in any way, you may contact our data protection officer at [email protected] and complain. Such complaints shall include how and why you believe your personal data rights were harmed and the required evidence. Our data protection officer will respond to most complaints within 14 days and shall offer the required remedies.
We will resolve all complaints according to applicable regulations. We also agree to resolve all complaints and deal with disputes with the local data protection authorities.
This section does not limit your right to complain to your respective data protection authority.
Merger, Transfer of Ownership
We may, in the future, merge, sell our operation or transfer the operation of the service to a third party. In such an event, the data would be used in accordance with the then relevant privacy policy, where no change shall have a retroactive effect.
Updates to the Privacy Policy
We reserve the right to amend this Privacy Policy at any time; we will provide you with updates on any change, and such updates shall not have a retroactive effect.