Crypto exchange | Buy cryptocurrency on WhiteBIT WhiteBITAU

Privacy policy

If you reside, access, and use our Services from the territory of the Commonwealth of Australia, it means that you accept this Privacy Policy and its terms.

If you reside, access, and use our Services outside of the territory of the Commonwealth of Australia, this Privacy Policy should not apply to you. Please follow the Privacy Policy for the corresponding region.

INTRODUCTION

a. The purpose of this Privacy Policy is to inform you of how WhiteBIT Operations Australia Pty Ltd, ACN 645 644 702 (hereinafter - "WhiteBIT", "we", "our" or "us") manage, collect, use, process and disclose of your personal information. This Policy complies with the requirements of the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APP).

b. Please read and review this Privacy Policy, which will inform you how we collect, use, process and disclose your Personal Information. This Privacy Policy should be read together with our User Agreement of which this Privacy Policy forms part.

c. We collect personal information to provide you with the services that you ask for, as well as information about other services we offer.

d. We disclose relevant personal information to external organizations that help us provide our services. These organizations are bound by confidentiality arrangements. These external organizations may include overseas organizations.

e. This Policy may change. We will let you know of any changes to this Policy by posting a notification on our website.

f. Any information collected after an amended privacy statement has been posted on the site, will be subject to that amended privacy statement.

WHAT THIS POLICY DEALS WITH

This Policy deals with:

a. The kinds of personal information that we collect and hold

b. How we collect and hold personal information

c. The purposes for which we collect, hold, use and disclose personal information

d. How you may access personal information that we hold about you and seek the correction of such information

e. How to complain about a breach of the APP and how we will deal with such a complaint

f. If we disclose personal information to overseas recipients---the countries in which such recipients are likely to be located if it is practicable to specify those countries in the Policy.

TYPES OF PERSONAL INFORMATION WE COLLECT

a. We only collect personal information that is reasonably necessary for one or more of our functions or activities.

b. The types of personal information that we collect and hold about you could include:

Account Personal Information:

i. name;

ii. gender

iii. date of birth;

iv. postal or email address;

v. residence address

vi. telephone numbers;

vii. occupation;

viii. other contact details such as social media handles;

ix. bank account details including institution name, account name, bank identifier and account number or IBAN;

x. your wallet address;

xi. financial details such as your tax file number;

xii. identification documentation as required under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (AML/CTF Act), including:

a. passport;

b. driver's license;

c. national identity card;

d. utility bills;

e. trust deed;

xiii. your password;

xiv. your account and marketing preferences

xv. other information we think is necessary to our functions and activities.

Know Your Customer (KYC) Personal Information from you, third parties and/or publicly available sources including**:**

i) passport or another government-issued identity document (as well as the number and expiry date of the identity document);

ii) your photo and video verification records;

iii) documents establishing your source of funds and proof of address;

iv) results of KYC or Politically Exposed Person (PEP) checks, including information collected by our suppliers;

v) other Personal Information if provided during passing KYC/compliance/verification procedures (including additional), or required to be collected according to the applicable regulations.

Personal Information relating to your use of our Services, including:

i) your orders, and instructions to us;

ii) your transactions using your account(s), including your account(s) in a third-party bank(s), financial institution(s), payment card details, etc., the amount, originator or beneficiary, and time/date of the transfers you make and receive;

iii) information about the digital device through which you access our Services, such as device type, operating system, screen resolution, unique device identifiers, the mobile network system;

iv) IP address;

v) date and time of log-in and requests;

vi) Personal Information in your correspondence with us, by e-mail, telephone, messaging, texts, online chats, via social media, or otherwise;

vii) whether you've clicked on links in electronic communications from us, including the URL clickstream to our website;

viii) Personal Information that you provide in response to our surveys;

ix) Personal Information related to payments to or from your accounts with us, provided by payment processing services, banks, card schemes and other financial services firms;

x) Personal Information from credit reference agencies or fraud prevention agencies.

Personal Information that we collect from individuals representing organizations such as our corporate customers and suppliers, including:

i) names, roles, and contact details of individuals working for organizations;

ii) other Personal Information regarding such individuals;

iii) any Personal Information contained in correspondence with those individuals.

Technical Information: browser type, operating system, device type, device information such as operating system, unique device identifiers, the mobile network system, hardware and browser settings, date and time of visits, the pages you visit, the length of the visit, your interactions with the page (such as scrolling, clicks and mouse-overs), methods to browse away from our website, and search engine terms you use, IP address, and other similar technical information received from a browser or device automatically when visiting or interacting with Our Website. This may include the referring URL that led you to Our Website.

Usage Information: the pages you visited on Our Website, where you clicked, searches performed on Our Website, and other similar information related to how you have used Our Website. It may also include information related to whether you received, opened, or clicked on any links in an email sent to you.

Cookies Data:

i) Session Cookies. We use Session Cookies to operate Our Website.

ii) Preference Cookies. We use Preference Cookies to remember your preferences and various settings.

iii) Security Cookies. We use Security Cookies for security purposes.

Log Data: We collect information that your browser sends whenever you visit a Website, such as your IP address, device information, standard web log information, such as your browser type, browser version and the pages you accessed on the Website, access times, website navigation paths, unique device identifiers and other diagnostic data, etc.

We may also use the services of third-party KYC verification vendors, such as SumSub, to perform a facial similarity or 'liveness' check which involves checking the image provided in your identity document against a video or series of quickly taken selfies that you submit. The information collected from your photos/videos may include biometric data.

HOW WE COLLECT AND HOLD PERSONAL INFORMATION

a. We must collect personal information only by lawful and fair means.

b. Before and at the time of collecting personal information, we will obtain your consent for the purposes for which we intend to use and disclose your personal information.

c. Having provided consent, you are able to withdraw it at any time. To withdraw consent, please contact our office.

d. We may not be able to provide you with our Services if you provide incomplete or inaccurate information, or if you withdraw your consent to use this information.

e. We must collect your personal information from you unless it is unreasonable or impracticable to do so. Any information collected from you will be collected from sources permitted under the AML/CTF Act. For example, if we are unable to contact you, and we then rely on publicly available information to update your contact details or if, at your request, we exchange information with your legal or financial advisers or other representatives.

f. We might collect your information when you fill out a form with us, when we speak with you on the telephone, used our website or face to face. We may also verify your information via electronic means, such as email.

g. If we receive personal information that we did not solicit, then within a reasonable period after receiving the information, We must determine whether or not we could have collected the information under APP 3 (collection of solicited personal information) if we had solicited the information, and we may use or disclose the personal information to make this determination.

h. Then, if we determine that we could not have collected the personal information and the information is not contained in a Commonwealth record, We must, as soon as practicable, but only if it is lawful and reasonable to do so, destroy the information or ensure that the information is de-identified. If however, this does not apply in relation to the personal information, then APP 5 to 13 apply in relation to the information as if we had collected the information by solicitation.

i. We will do all that we can to ensure that the personal information that we collect, use and disclose is accurate, up-to-date, complete and relevant.

4.1 Dealing with unsolicited information

(a) If we receive personal information that is not solicited by us, we will only retain it, if we determine that it is reasonably necessary for one or more of our functions or activities and that you have consented to the information being collected or given the absence of your consent that it was impracticable or unreasonable for us to obtain it under the circumstances.

(b) If these conditions are not met, we will destroy or de-identify the information.

(c) If such unsolicited information is sensitive information, we will obtain your consent to retain it regardless of what the circumstances are.

4.2 Aggregated Data

(a) Aggregated data is general data about groups of people which does not identify anyone personally, for example, the number of people in a particular industry that engage in derivative trading. We use aggregated data to:

(i) help us to understand how you use our services and improve your experience with us; and

(ii) customize the way that we communicate with you about our services so that we can interact with you more effectively.

(b) We may share aggregated data with our business or industry partners.

4.3 Sensitive information

We do not collect or process sensitive information, such as racial or ethnic origin, membership in political parties or political opinions, religious or philosophical beliefs, trade union membership, genetic/biometric data, health, sex life or sexual orientation. Nor do we collect any information about criminal convictions and offenses.

NOTIFYING YOU

a. When we receive personal information from you directly, we will take reasonable steps to notify you how and why we collected your information, who we may disclose it to and outline how you can access it, seek correction of it or make a complaint.

b. Sometimes we collect your personal information from third parties. You may not be aware that we have done so. If we collect information that can be used to identify you, we will take reasonable steps to notify you of that collection.

THE PURPOSES FOR WHICH WE COLLECT, HOLD, USE AND DISCLOSE PERSONAL INFORMATION

a. We collect personal information when it is reasonably necessary for one or more of our functions and activities. These include:

i.  Providing you with the Services you ask for, and unless you tell
    us otherwise, to provide information on services offered by us
    and external product and service providers for whom we act as
    agents. (If you have provided us with your email address or
    mobile phone details, we may provide information to you
    electronically with respect to those services);

ii. Verifying your identity;

iii. Complying with our legal obligations;

iv. Gathering and aggregating information for statistical,
    prudential, actuarial and research purposes;

v.  Providing you with technical support and

vi. Taking measures to detect and prevent fraud, crime or other
    activity which may cause harm to our business or our services.

b. We may collect information about you because we are required or authorized by law to collect it. There are laws that affect us, including company and tax law, which require us to collect personal information. For example, we require personal information to verify your identity under the AML/CTF Act.

c. If we collect and hold your personal information for a primary purpose, we will not use or disclose the information for a secondary purpose unless:

i.  you have consented to the use or disclosure of the information;

ii. you would reasonably expect us to use or disclose the
    information for the other purpose and the other purpose is
    related to the first particular purpose;

iii. the use or disclosure of the information is required or
     authorized by or under an Australian law or a court/tribunal
     order;

iv. a permitted general situation exists in relation to the use or
    disclosure of the information by us; or

v.  We reasonably believe that the use or disclosure of the
    information is reasonably necessary for one or more
    enforcement-related activities conducted by, or on behalf of, an
    enforcement body (and, if we use or disclose personal
    information in accordance with this point, We must make a
    written note of the use or disclosure).

d. If we collect personal information from any of our related bodies corporate, this principle applies as if our primary purpose for the collection of the information were the primary purpose for any of our related bodies corporate collected the information. This principle does not apply to the use or disclosure by us of personal information for the purpose of direct marketing or government-related identifiers.

e. If we hold personal information about an individual, we must not use or disclose the information for the purpose of direct marketing, unless we collected the information from the individual and the individual would reasonably expect us to use or disclose the information for that purpose, and we provide a simple means by which the individual may easily request not to receive direct marketing communications from us and the individual has not made such a request to us.

f. We may also use or disclose personal information about an individual for the purpose of direct marketing if we collected the information from the individual and the individual would not reasonably expect us to use or disclose the information for that purpose or someone other than the individual and either the individual has consented to the use or disclosure of the information for that purpose, or it is impracticable to obtain that consent, and we provide a simple means by which the individual may easily request not to receive direct marketing communications from us, and in each direct marketing communication with the individual, we include a prominent statement that the individual may make such a request, or we otherwise draw the individual's attention to the fact that the individual may make such a request and the individual has not made such a request from us.

g. If you have general inquiry type questions, you can choose to do this anonymously or use a pseudonym. We might not always be able to interact with you this way however as we are often governed by strict regulations that require us to know who we are dealing with. In general, we will not be able to deal with you anonymously or where you are using a pseudonym when it is impracticable, or we are required or authorized by law or a court/tribunal order to deal with you personally.

WHO WE MAY COMMUNICATE WITH

a. Depending on the product or service you have, the entities we exchange your information with may include but are not limited to:

i.  brokers and agents who refer your business to us;

ii. affiliated product and service providers and external product
    and service providers for whom we act as agent (so that they may
    provide you with the product or service you seek or in which you
    have expressed an interest);

iii. auditors we appoint to ensure the integrity of our operations;

iv. any person acting on your behalf, including your solicitor,
    settlement agent, accountant, executor, administrator, trustee,
    guardian or attorney;

v.  if required or authorized to do so, regulatory bodies and
    government agencies;

vi. credit reporting agencies;

vii. insurers, including proposed insurers and insurance reference
     agencies (where we are considering whether to accept a proposal
     of insurance from you and, if so, on what terms);

viii. other financial institutions and organizations at their
      request if you seek credit from them (so that they may assess
      whether to offer you credit);

ix. investors, advisers, trustees and ratings agencies where credit
    facilities and receivables are pooled and sold (securitized);

x.  other organizations and associations who in conjunction with us
    provide services (so that they may provide their services to
    you); and

xi. professional associations or organizations with whom we conduct
    an affinity relationship (to verify your membership of those
    associations or organizations).

Our use or disclosure of personal information may not be limited to the examples above.

b. We may be required to disclose customer information by law e.g. under official legal requests of law enforcement authorities, court orders or statutory notices pursuant to taxation, AML/CTF or social security laws.

7.1 Outsourcing

(a) We disclose personal information when we outsource certain functions, including KYC/KYB verification, bulk mailing, market research, direct marketing, Fiat money transactions monitoring, statement production, debt recovery and information technology support. We also seek expert help from time to time to help us improve our systems, and services.

(b) Financial institutions which process Fiat money transactions may collect personal information. We use banking agents, for example, local businesses, to help provide you with face-to-face banking services. These agents collect personal information on our behalf.

(c) In all circumstances where personal information may become known to our contractors, agents and outsourced service providers, there are confidentiality arrangements in place. Contractors, agents and outsourced service providers are not able to use or disclose personal information for any purposes other than our own.

(d) We take our obligations to protect customer information very seriously, we make every effort to deal only with parties who share and demonstrate the same attitude.

INTEGRITY OF YOUR PERSONAL INFORMATION

8.1 Quality of your personal information

(a) We ensure that the personal information we collect and use or disclose is accurate, up-to-date, complete, and relevant.

(b) Please contact us if any of the details you have provided to us change or if you believe that the information we have about you is not accurate or up to date.

(c) We may also take steps to update the personal information we hold, for example, an address, by collecting personal information from publicly available sources such as telephone directories or electoral rolls.

8.2 Security of personal information

(a) We are committed to protecting any personal information we hold about you from misuse, interference, loss, unauthorized access, modification and disclosure.

(b) For this purpose we have a range of practices and policies in place to provide a robust security environment. We ensure the ongoing adequacy of these measures by regularly reviewing them.

(c) Our security measures include, but are not limited to:

(i) educating our staff as to their obligations with regard to your personal information;

(ii) requiring our staff to use passwords when accessing our systems;

(iii) encrypting data sent from your computer to our systems during Internet transactions and customer access codes transmitted across networks;

(iv) employing firewalls, intrusion detection systems and virus scanning tools to protect against unauthorized persons and viruses from entering our systems;

(v) using dedicated secure networks or encryption when we transmit electronic data for purposes of outsourcing;

(vi) providing secure storage for physical records; and

(vii) employing physical and electronic means such as alarms, cameras and guards (as required) to protect against unauthorized access to buildings.

(d) Where information we hold is identified as no longer needed for any purpose we ensure it is effectively and securely destroyed, for example, by shredding or pulping in the case of paper records or by degaussing (demagnetization of the medium using alternating electric currents) and other means in the case of electronic records and equipment.

YOUR RIGHTS UNDER THIS PRIVACY POLICY

9.1 You have the following rights, which We are obligated to fulfill:

a. Right to withdraw - you have the right to withdraw your consent where you have previously given your consent to the processing of your Personal Information;

b. Right to object - you have the right to object to the processing of your Personal Information if the processing is carried out on a legal basis other than consent.

c. Right to be informed - you can ask Us what categories of your Personal Information is being collected;

d. Right to opt-out - you can ask Us to stop using your Personal Information for business and other benefits;

e. Right to erasure (right to be forgotten) - you can ask Us to delete your Personal Information;

f. Right of access - you can ask Us to provide the list of actual Personal Information values collected;

g. Right to non-discrimination - We provide equal services, meaning they cannot discriminate against your rights;

h. Right to rectification - you can ask Us to correct your Personal Information in a situation when such data available Us or disclosed to third parties is inaccurate or incomplete;

i. Right to restrict - you can ask Us to introduce the restriction regime on the processing of your Personal Information, so that in each case the data may be processed only upon separate consent from you.

j. Right to data portability - if We process your Personal Information based on your consent, or the processing is carried out by automated means, you may request to receive your Personal Information in a structured, commonly used and machine-readable format, and to have Us transfer your Personal Information directly to another Controller, where technically feasible unless the exercise of this right adversely affects the rights and freedoms of others. (Controller is a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of your Personal Information).

k. Right to lodge a complaint - if you believe that We have infringed your rights, We encourage you to contact us first at support@whitebit.au so that We can try to resolve your issue or dispute informally. You also have a right to lodge a complaint with a competent supervisory authority.

l. Storage of your personal information - We will try to limit the storage of your Personal Information to the extent that storage is necessary to serve the purpose(s) for which the Personal Information was processed, to resolve disputes, enforce Our agreements, and as required or permitted by.

9.2 How We Execute Our Obligations

a) We will always give you access to your personal information unless there are certain legal reasons why we cannot do so. By law, we do not have to provide you with access to your personal information if:

i.  We believe there is a threat to life or public safety;

ii. there is an unreasonable impact on other individuals;

iii. the request is frivolous;

iv. the information wouldn't be ordinarily accessible because of
    legal proceedings;

v.  it would prejudice negotiations with you;

vi. it would be unlawful;

vii. it would jeopardize taking action against serious misconduct by
     you;

viii. it would be likely to harm the activities of an enforcement
      body (e.g. the police); or

ix. it would harm the confidentiality of our commercial information.

b) If we cannot provide your information in the way you have requested, we will tell you why in writing. If you have concerns, you can send us an email to support@whitebit.au

c) If you believe that there is something wrong with the information, for example, if you think that the information we hold is inaccurate, out of date, incomplete, irrelevant or misleading, please send the completed form to support@whitebit.au, so we can update your details.

d) If we refuse to correct the personal information as requested by you, we will give you a written notice setting out the reasons for the refusal, the mechanisms available to complain and any other relevant information.

e) If you are worried that we have given incorrect information to others, you can ask us to tell them about the correction. We will correct this if we can, or we will notify you if we are unable to change the details.

f) You can ask us to access your personal information that we hold by sending us an email to support@whitebit.au.

g) We will give you access to your information as soon as possible in the form you want it where it is reasonable and practical to do so. We will endeavor to comply with your request within fourteen (14) days of its receipt, but if that deadline cannot be met owing to exceptional circumstances, your request will be dealt with within thirty (30) days. It will help us provide access if you can tell us what you are looking for.

h) We are required to help you ask for the information to be corrected if we cannot correct this for you. Accordingly, We may need to talk to third parties. However, the most efficient way for you to make a correction request is to send it to the organization which you believe made the mistake.

i) If we are able to correct the information, we will notify you within five (5) business days of deciding to do this. We will also notify the relevant third parties as well as any others you notify us about. If there are any instances where we cannot do this, then we will notify you in writing.

j) If we are unable to correct your information, we will explain why in writing within five (5) business days of making this decision. If we cannot resolve this with you internally, you are able to make a complaint via the Office of the Australian Information Commissioner (OAIC).

k) If we agree to correct your information, we will do so within thirty (30) days from when you asked us, or a longer period as agreed between us and you.

l) If we are unable to make corrections within a thirty-day time frame or the agreed time frame, we must notify you of the delay, the reasons for it and when we expect to resolve the matter, ask you to agree in writing to give us more time and let you know you can complain to the OAIC.

CROSS-BORDER INFORMATION TRANSFER

a. You acknowledge that it may be necessary for your information to be transferred to organizations that provide a service to us outside of Australia, and you consent to such transfer.

b. In the event of any cross-border information transfer, We ensure that a binding contract with the recipient:

i.  requires the recipient to handle the personal information for limited purposes essential for the execution of Services

ii. requires the recipient's subcontractors to agree to the same obligations as stated in this Policy, and

iii. provides Us effective control of how the Personal information is handled by the recipient.

c. We may store your information in cloud or other types of networked or electronic storage. As electronic or networked storage can be accessed from various countries via an internet connection, it is not always practicable to know in which country your information may be held. If your information is stored in this way, disclosures may occur in countries other than those listed.

d. Overseas organizations may be required to disclose information we share with them under a foreign law. In those instances, we will not be responsible for that disclosure.

e. By using our services, you are consenting to the disclosure of your information as described in this Clause. However, you may withdraw consent at any time by contacting our office. We may be unable to continue providing you with our Services if you withdraw your consent.

GOVERNMENT IDENTIFIERS

a. Sometimes we may be required to collect government-related identifiers such as your tax file number.

b. We will not use or disclose this information unless we are authorized or required to do so by law or the use of the government-related identifier is reasonably necessary for us to verify your identity for the purposes of Our business activities or functions.

HOW YOU CAN COMPLAIN

a. If an individual feels that we have breached our obligations in the handling, use or disclosure of their personal information, they may raise a complaint. We encourage individuals to discuss the situation with one of Our representatives in the first instance, before making a complaint.

b. The complaints handling process is as follows:

The individual should make the complaint including as much detail about the issue as possible, in writing to us:

The Compliance Department

WhiteBIT Operations Australia Pty Ltd

Suite 88, Level 14, 333 Collins Street,

Melbourne VIC 3000

support@whitebit.au

We will investigate the circumstances included in the complaint and respond to the individual as soon as possible (and within thirty (30) calendar days) regarding our findings and actions following this investigation.

To assist us in helping you, we ask you to follow a simple three-step process:

  1. Gather all supporting documents relating to the complaint;
  2. Contact us and we will review your situation and if possible, resolve your complaint immediately.
  3. If the matter is not resolved to your satisfaction, please contact WhiteBIT Data Protection Officer at:

The Data Protection Officer

support@whitebit.au

After considering this response, if the individual is still not satisfied they make escalate their complaint directly to the Information Commissioner for investigation:

Office of the Australian Information Commissioner

www.oaic.gov.au

Phone: 1300 363 992

When investigating a complaint, the OAIC will initially attempt to conciliate the complaint, before considering the exercise of other complaint resolution powers.

DEFINITIONS

a. AML/CTF means anti-money laundering and counter-terrorism financing.

b. AML/CTF Act means the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth).

c. APP means the Australian Privacy Principals defined in the Privacy Act.

d. WhiteBIT, we, our or us means WhiteBIT Operations Australia Pty Ltd, ACN 645 644 702.

e. OIAC means the Office of the Australian Information Commissioner.

f. Personal information is any information or opinion about you that is capable, or reasonably capable, of identifying you, whether the information or opinion is true or not and is recorded in material form or not.

g. Policy means this Privacy Policy, as updated and amended from time to time.

h. Privacy Act means the Privacy Act 1998 (Cth).

CHANGES TO THE PRIVACY POLICY

We reserve the right to amend the Privacy Policy at our discretion and at any time. Any changes to this Policy will take effect from the moment this Policy is published on https://whitebit.au/terms/privacy-policy You shall regularly review the Privacy Policy and pay attention to its revisions. Your continued use of our Website and Services following the posting of changes constitutes your acceptance of the amended Privacy Policy. We always indicate the date the last changes were published.