We protect your privacy. You will be able to feel confident when you entrust us with your personal data. Therefore, we have established this policy. It is based on current data protection legislation and clarifies how we work to safeguard your rights and integrity.
The purpose of this policy is to tell you how we treat your personal data, what we use them for, who will get to access to them and under what perquisites and how you can exercise your rights.
Goobit Exchange AB, org no 556911-9992 (”Goobit”) is data controller. Contact information for Data protection Officer see end of this document.
The principles apply if a Customer uses, has used or has expressed an intention to use, or otherwise is associated with, any of the services provided by Goobit, including such conditions established before the Policy entered into force.2 Definitions
Customer means a physical person who uses, has used or expressed a wish to use or otherwise be related to any of the services provided by Goobit. Personal data means all information that can be directly or indirectly related to a natural person. Processing means all handling of Personal Data (including collection, recording, recording, storage, transfer, deletion, etc.). Data Protection Officer supervises that the organization complies with the Data Protection Regulation.3 General provisions
3.1 This policy describes overall how Goobits process Personal Data. Specific information about the processing of Personal Data may also be disclosed in agreements and other documents related to Goobit’s services.
3.2 Goobit secures, within the applicable law, the privacy of personal data and has appropriate technical and organizational measures to protect Personal Data from unauthorized access, illegal processing or clearing of information, accidental loss, alteration or destruction.
3.3 Goobit uses personal data advisory services for processing personal data, or transmits personal data to other recipients. In these cases, Goobit takes Exceptional Measures to ensure that Personal Data Advisers handle Personal Data according to Goobit’s instructions, in accordance with applicable law and require adequate security measures.4 Categories of personal data
Personal data can be retrieved from a Customer through Customer’s use of services and from external sources, such as from public and private records or by third parties. Categories of Personal Data collected and processed by Goobit, primarily, but not only are:
Identification information such as name, social security number, date of birth, information about identity document (eg copy of passport, ID card) etc.
Contact information such as address, telephone number, e-mail address, communication language.
Information about relationships with legal entities such as data provided by the Customer or obtained from public sources or through third party service providers for the fulfillment of transactions on behalf of the legal person concerned etc.
Financial information such as accounts, ownership, transactions, trade requests or completed transactions.
Information on the origin of assets such as the Customer’s transaction partner and business activities etc. Credibility and due diligence data such as payment behaviour, damage caused to Goobit or other data that allows Goobit to take measures to prevent Anti money laundering and terrorist financing and to ensure compliance with international sanctions, including the purpose of the business relationship and whether the Customer is a person in politically exposed position.
Information obtained and / or created in fulfilment of an obligation by law such as information arising from requests from authorities such as the Swedish Tax Agency, courts, Swedish Enforcement Authority. Information about the customer’s tax residence, such as information about the country of residence, tax identification number, etc.
Communications information collected when Goobit provides services or when the Customer communicates with Goobit through telephone, e-mail, messages and other communication tools such as social media, personal Data related to Customer’s visit to Goobit’s websites or communications through other Goobit Channels.
Information related to the services such as the performance of the agreement or lack of performance, including transactions carried out, use of bitcoin addresses or similar, terminated agreements, submitted applications, requests and complaints and fees, etc.
Information about habits, preferences and customer satisfaction such as the level of activity in the use of the services, the services used, personal settings, questionnaires, etc.
Details of participation in competitions and promotions such as points, competitions or promotional prizes etc.5 Purpose and legal basis for processing of Personal Data
Goobit process Personal Data mainly to:
5.1 Managing Customer Relationship and Providing and Managing Access to Products and Services To conclude and fulfil an agreement, such as a transaction with the Customer, keep Personal Data updated and correct by verifying and enriching Personal Data through external and internal records based on: performance of agreements or to take action at Customer’s request before entering into an agreement or due to legal obligations.
5.2 Perform risk assessments To conduct internal risk assessments to determine what services and products and terms and conditions that may be offered to a Customer and to comply with applicable law regarding risk assessments and analyses based on: performance of agreements or to take action at the Customer’s request prior to entering into agreements or compliance with legal obligations or Goobit’s legitimate interests for sound risk management.
5.3 Protecting Customer and / or Goobit’s interests To protect the interests of the Customer and / or Goobit and to investigate the quality of the services provided by Goobit for the purpose of providing proof of a commercial transaction or other business communication based on: performance of agreements or actions taken at the customer’s request prior to the conclusion of an agreement or compliance with legal obligation or consent of the Customer or Goobit’s legitimate interests in preventing, limiting and investigating abuse or illegal use or interference with Goobit’s services and products, internal training or quality assurance of services.
5.4 To guarantee Goobit and / or Customer’s security, protect Customer’s life and health and his / her representatives and other rights for the Goobit and Customer based on: Goobit’s legitimate interests in protecting its Customers, Employees, Visitors, and their and Goobit’s assets.
5.5 Provide Additional Services, Make Customer Surveys, Market Analysis and Statistics Offer the Customer of Goobit’s, or carefully selected Partner Services, including Personalized offer-
Buses based on: Consent from Customer or Goobit’s legitimate interests to offer additional services.
5.6 Conduct customer surveys, market analyses and statistics; Organize Competitions and Campaigns for a Customer Based on: Goobit’s legitimate interests to improve Goobit’s services, enhance Customer experience as a service user, and develop new products and services, or consent from the Customer.
5.7 Compliance with legal obligations and verification of identity To comply with applicable laws, including related to due diligence by the Customer, prevent, detect, investigate and report potential money laundering or terrorist financing, whether the Customer is subject to financial sanctions or if the Customer is a person in a politically exposed position and to verify identity based on: performance of agreements or to take action at customer’s request prior to entering into agreements or compliance with legal obligations or Goobit’s legitimate interests for sound risk management and governance.
5.8 Prevent abuse of services and ensure appropriate terms of service To approve and manage access control and functionality of digital channels, prevent unauthorized access and abuse of these and to ensure information security based on: performance of agreements or actions taken at the customer’s request prior to the conclusion of an agreement or compliance with legal obligations or consent of the Customer or Goobit’s eligible interests in controlling access and functionality of digital services.
5.9 Improve technical systems, IT infrastructure, customize display of service to Customer User Unit, and develop Goobit services, including testing and improving technical systems and IT infrastructure based on: Goobit’s legitimate interests in improving technical systems and IT infrastructure.
5.10 Determining, exercising and defending legal claims To determine, exercise and defend legal claims based on: performance of agreements or to be able to take action at Customer’s request before entering into or complying with legal obligations or Goobit’s legitimate interests in taking legal action.
5.11 Execute transactions in national and international payment systems To execute national and international payments and transactions through credit institutions and payment systems based on: performance of agreements or actions taken at the customer’s request prior to the conclusion of an agreement or compliance with legal obligations.6 Profiling, personal offers and automated decision making
6.1. Profiling refers to the automatic processing of Personal Data used to assess certain personal characteristics of the Customer, in particular to analyze personal preferences, interests and Customer’s domicile. Profiling is used to conduct analysis for marketing, system development, automated decision making such as risk management and transaction monitoring to counter fraud based on: Goobit’s legitimate interests, compliance with legal obligations, performance of agreements or consent of the Customer.
6.2 Goobit can process Personal Data to improve Customer’s user experience of the digital services, for example, by customizing display of the Services to Customer User Unit and creating appropriate customer offers. Unless direct marketing has been restricted by the Customer, the Goobit Chamber may process Personal Data in order to provide personal offers of Goobit’s services. Such marketing may, inter alia, be based on services that the Customer uses and how the Customer uses the services, and how the Customer moves in Goobit’s digital channels.
6.3 Goobit will collect statistical information about the Customer, e.g. typical behavior and lifestyle based on demographic household data. Statistical data for creating segments / profiles can be collected from external sources and may be combined with Goobit’s internal data.7 Recipient of Personal Data
Personal data is shared with other recipients, for example:
Authorities, such as the Swedish Tax Agency, regulatory authorities and the Swedish Financial Supervisory Authority.
Credit institutions and financial institutions, and intermediaries of financial services, third parties involved in the execution of orders, settlement or reporting, organized trading venues as well as market makers, trade repositories and regulated reporting mechanisms. Financial and legal consultants, auditors or other service providers to Goobit. Third parties that maintain databases and registers eg to credit registers, population registers, trade registers, or other records that hold or convey Personal Data. Debt Collection Companies, bankruptcy trustees and Credit information Institute. And such data processor that Goobit utilize according to section 3.3 above.8 Geographical area for personal data processing
In general, personal data are processed within the European Union / European Economic Area (EU / EEA), but may in some cases be transferred and processed in non-EU / EEA countries.
The transfer and processing of personal data outside the EU / EEA may occur if there is a legal basis, i.e. according to a legal obligation or the Customer’s consent and that appropriate safeguards are available.
Appropriate safeguards are to:
- -There is an on-the-spot agreement that includes EU standard agreement clauses or other approved clauses, codes of conduct, certifications, etc., approved in accordance with the General Data Protection Regulation (GDPR);
- The country outside the EU / EEA where the recipient is located has an appropriate level of data protection established by the EU Commission;
- The recipient is certified in accordance with Privacy Shield (applicable to recipients in the United States).
Upon request, the Customer may receive further information about the transfer of Personal Data to countries outside the EU / EEA.9 Storage periods
Personal data is no longer processed than necessary. Personal data will be saved as long as the contractual relationship exists and thereafter for a maximum of 10 years with regard to limitation rules. In some cases, data may be saved for longer due to legislation that Goobit has to meet. Other deadlines may also apply when Personal Data is stored for purposes other than due to the contractual relationship. The storage period may then be based on Goobit’s compliance with applicable legislation, for example, against money laundering (5 years) and accounting (7 years).10 Customer’s rights as registered
A Customer (Registered) has rights regarding processing of Customer’s Personal Data. Such rights generally mean that:
- Require that Customer’s Personal Data be corrected if they are inadequate, incomplete or incorrect.
- Invert against certain processing of Customer’s Personal Data.
- Require deletion of Customer’s Personal Data.
- Limit processing of Customer Personal Data.
- Get information about Customer’s Personal Data processed by Goobit and, if so, get a copy of your Personal Information.
- Receive Customer’s Personal Data provided by him / her and processed based on consent or agreement in written or commonly used electronic format and, when possible, transfer such Personal Data to another Service Provider (Data Portability)
- Revoke Customer’s consent to process his / her Personal Data.
- Not to be subject to fully automated decision making, including profiling, if such decision-making has legal consequences or similarly substantially affect the Customer. This right does not apply if the decision-making is necessary to conclude or complete an agreement with the Customer, if the decision is allowed under applicable law or if the Customer has given his express consent.
- Make complaints regarding the processing of Personal Data to the Data Protection Authority, www.datainspektionen.se if Customer considers that processing of Customer’s Personal Data violates the Customer’s rights and interests under applicable law.
The customer may contact Goobit with questions, request for registry extract, request for revocation of consent, or if Customer wishes to request other rights and make complaints regarding the processing of Personal Data.
For personal offers and direct marketing, which takes place under Goobit’s legitimate interests, Goobit ensures that the Customer can make his or her choice.
The customer may change certain tasks, approvals and choices in the service or by contacting Goobit’s support via firstname.lastname@example.org
Contact information for Goobit is available on Goobit’s website: www.bt.cx
Goobits dataskyddsombud nås via: Dataskyddsombud Goobit AB Box 3332 10367 Stockholm Sweden
The latest version of this policy is available on our website at https://bt.cx/en/privacy-policy or by contacting support.