PRIVACY AND PERSONAL DATA PROTECTION POLICY
IDENTIFICATION OF THE CONTROLLER, DATA SUBJECTS, AND INITIAL INFORMATION
BitJeton s.r.o., with its registered office at Cimburkova 916/8, 130 00 Praha – Žižkov, Identification No.: 21289875, registered in the Commercial Register of the Municipal Court in Prague, Section C, Insert No. 399609/MSPH (hereinafter referred to as the “Controller,” “we,” “us,” or “our”), hereby informs you, in accordance with our obligations under Articles 13 and 14 of the General Data Protection Regulation (EU) 2016/679 (“GDPR”), about the manner in which your personal data is processed.
The data subjects include, in particular, consumers who enter into a BitJeton Purchase Agreement (the “Agreement”) with us. Data subjects also include other natural persons who have granted us their consent to process personal data for relevant purposes or visitors to our website at https://bitjeton.io (for more information, see the provisions on cookies). The terms “you,” “your,” and any variations thereof are used to identify the data subject in this document.
We have prepared this Privacy and Personal Data Protection Policy (the “Policy”) to ensure sufficient transparency and to explain the basic principles we adhere to in protecting your privacy and personal data.
We place great importance on the security and lawfulness of processing your personal data. Therefore, we have established specific binding processing rules in this Policy based on the fundamental principles of personal data processing provided in Article 5(1) of the GDPR.
This Policy serves as our internal privacy protection policy, implemented in accordance with Article 24 of the GDPR to demonstrate our compliance with the GDPR.
This Policy addresses the processing of personal data and adherence to the fundamental principles of lawful processing, focusing on processing personal data lawfully, fairly, and transparently for all interested parties. We continually emphasize the security of personal data processing while minimizing data and processing operations to what is necessary to properly enter into our mutual Agreement, fulfill our obligations under it, and enable the use of our website.
At the same time, this Policy provides you with the mandatory information pursuant to Article 13 of the GDPR and informs you about its content before personal data is collected when you provide us with personal data for the first time or directly when you grant your consent to the processing of personal data for specified purposes.
POLICIES OF THE CONTROLLER AND GUARANTEES
When creating a personal account on our website, we process your email address and access password to the account. The legal basis for processing this personal data is the performance of the Agreement pursuant to Article 6(1)(b) of the GDPR. The period during which the personal data is processed is unlimited—until the termination of the Agreement or the cancellation of the account. This personal data is necessary for the performance of the Agreement.
If you decide to purchase BitJeton, we will process the following personal data: name, surname, address, and telephone number. The legal basis for processing this personal data is the performance of the Agreement pursuant to Article 6(1)(b) of the GDPR and compliance with legal obligations pursuant to Article 6(1)(c) of the GDPR arising from laws regulating taxes and accounting. The period during which the personal data is processed is set for the term of the Agreement in the case of processing pursuant to Article 6(1)(b) of the GDPR, and for a period of 10 years following the year in which the accounting event occurred (invoice issuance) pursuant to Article 6(1)(c) of the GDPR. This personal data is necessary for the performance of the Agreement.
In connection with the payment for BitJeton, we are required to request personal data necessary for verifying your identity under Czech laws on anti-money laundering and terrorist financing (the “AML Law”). In this context, we require the processing of personal data specified on your identity document, including but not limited to: name, surname, address, date of birth, date of issue and expiry of your identity document, identity document number, photograph, source of funds, designation of the purchase, and other personal data relevant for compliance with our statutory obligations. The legal basis for processing this personal data is compliance with legal obligations arising from the relevant laws pursuant to Article 6(1)(c) of the GDPR. This personal data is necessary for the performance of the Agreement.
Please note that as a provider of virtual assets services, we are subject to certain legal obligations under European anti-money laundering regulations. Consequently, we may be required to retain certain personal data for a period mandated by law, even after the termination of our contractual relationship, in order to comply with these obligations.
Our website is primarily used for processing personal data when using the account and purchasing BitJeton. When processing personal data to verify your identity to prevent money laundering and terrorist financing, we may also use an automated personal identity verification system operated by our processor.
We also process information on “how did you learn about us?” based on our legitimate interest pursuant to Article 6(1)(f) of the GDPR, which is the interest in creating statistical information on information flows related to awareness of our services. We process this personal data solely in aggregated form, without relating it to any particular data subject. These statistical data are processed pursuant to Article 89 of the GDPR for an indefinite period.
We do not publish or transfer personal data without your consent to any third country that does not provide an appropriate level of personal data protection. We guarantee the processing of personal data exclusively within the territory of the Member States of the European Union.
Personal data may be published only based on your individually expressed consent or your conscious conduct (e.g., posting content on our official profiles on social networks). By posting messages, photos, or performing any activity resulting in your identification on our official social network profiles, you consent to the processing of your personal data for our marketing activities.
We regularly review and revise security measures to ensure a high level of security in personal data processing, as well as other procedures and rules designed to protect privacy and personal data. We may collaborate with an expert appointed as a Data Protection Officer (DPO).
During data transfer through publicly accessible computer networks between your end device and our server, we use appropriate encrypted protection measures (SSL certificates). Similarly, we store all data and personal data on specified data storage protected by appropriate encrypted measures.
We guarantee that we will not make any consents to the processing of personal data conditional on entering into or performing an Agreement. You can freely express your consent to the processing of personal data without compromising your access to our services. You may withdraw your consent to the processing of personal data at any time by contacting us via a written request sent to the email address [email protected]; withdrawal of your consent does not affect the lawfulness of processing prior to its withdrawal.
All entities other than us that legally participate in the processing of personal data are transparently identified in this Policy along with their status under the GDPR. We will not perform any processing operation on your personal data with respect to a third party and/or a recipient if the third party and/or the recipient is not transparently identified in this Policy and we lack the legal basis to do so under Article 6 of the GDPR.
All recipients of personal data access this data exclusively based on an authorization granted by us; they are legally bound by specific obligations and warranties enhancing the personal data protection of data subjects.
We do not disclose your personal data to any parties for commercial purposes without your individual and prior consent. When using the Google Analytics service, personal data of website visitors may under certain circumstances be processed by Google LLC, acting as a third party and independent controller; this processing of personal data is outside our control and influence. Additionally, part of the personal data processing related to the use of features integrated into the website may be performed separately and independently of us by third parties acting as independent controllers; these are mainly operators of “payment gateways” for making cashless payments via the Internet. You provide these third parties with your personal data directly without our involvement or influence. This processing of personal data is governed by internal policies and precautions adopted by these third parties, and we have no influence on it, including your ability to exercise data subject rights, which we inform you about in this Policy.
We have carefully screened our business partners (the so-called processors) whom we have allowed to process your personal data, focusing on their ability to ensure the safety and lawfulness of the processing.
When processing personal data and communicating with data subjects, we use, in addition to regular telephone and email communication, our website and official profiles on Facebook and Instagram.
Please refrain from disclosing any unnecessary or private information not directly related to the Agreement in our mutual communication.
IDENTIFICATION OF PROCESSORS, RECIPIENTS, AND THIRD PARTIES INVOLVED IN THE PROCESSING OF PERSONAL DATA
When processing your personal data, we use the following sufficiently verified and professionally qualified business partners capable of guaranteeing the security of personal data processing who, pursuant to Article 28 of the GDPR, act as processors:
- The website provider
- The provider of user behavior analysis on the website
- The accounting services company
MARKETING
We are interested in staying in touch with you and informing you about news, offers of our services, and information from the world of cryptocurrencies. To this end, we offer you the possibility of expressing your consent to the processing of your personal data for marketing purposes.
If you grant us your consent, we will process the following personal data for as long as the consent is valid or until you withdraw it: name, surname, and email address. We will use this personal data to send you relevant information enabling you to make use of our offers and services.
Failure to grant this consent does not affect the entering into of our mutual Agreement as specified in this Policy.
You may withdraw your consent to the processing of personal data at any time by sending a written request to the email address [email protected]; withdrawal of your consent does not affect the lawfulness of processing prior to its withdrawal. Unsubscribing from marketing information, which is a part of each marketing email sent (via a separate button or web link), is also considered a withdrawal of consent.
PRINCIPLES OF PRIVACY PROTECTION WHEN USING THE WEBSITE AND USE OF COOKIES
We use the website www.bitjeton.io (the “Website”) to process some of your personal data. We reserve the right to occasionally send you an email requesting feedback via the Trustpilot platform.
The Website uses cookie files. A cookie is a small text file that the Website stores on your computer or mobile device during browsing. Thanks to this file, the Website retains information about your steps and preferences (such as login name, language, font size, and other display settings) for a certain period, so you don’t have to re-enter them each time you visit the Website or browse its subpages.
We use our own cookies (“first-party cookies”) to optimize the functions of the Website and enhance user convenience, as well as other cookies (“third-party cookies”) to display behavioral ads.
The Website also uses “session cookies” that are automatically erased after you close your internet browser. In some cases, “persistent cookies” may also be used, remaining on your device and allowing us to recognize that the Website has been repeatedly visited by your device, which may be associated with remembering your pre-set access password, depending on your settings.
We inform you and all Website visitors that all cookie files stored on your device can be inspected and erased. By appropriately setting your internet browser preferences, you can effectively prohibit the use of cookies. Specific information and instructions regarding the settings of individual internet browsers can be found here: https://www.aboutcookies.org/how-to-control-cookies/; and information necessary to erase cookies from your device can be found here: https://www.aboutcookies.org/how-to-delete-cookies/. Generally, you need to enable the function usually called “Do Not Track” in your internet browser.
If your web browser permits the Website to use cookies to access and view its content, we may deem this as your valid consent to the use of cookies.
On the Website, we use Google’s internet analytical services; however, we do not process any personal data or other identifiers (such as IP addresses) that can be used for indirect identification of data subjects. However, this does not mean that personal data processing by Google LLC, the operator of Google Analytics and Google AdWords services, does not take place.
Google Analytics and Google AdWords services also use cookies stored on your device (computer, tablet, smartphone) to analyze your behavior on the Website. Google anonymizes the portion of the IP address related to your device immediately after acquiring it, enhancing your privacy protection. Google LLC uses the information acquired during your use of the Website to evaluate Website usage, issue reports about Website activities, and provide us with other services associated with Website and internet use. You can prevent this data processing by Google Analytics and Google AdWords by appropriately setting your internet browser preferences or installing the browser plug-in available here: https://tools.google.com/dlpage/gaoptout?hl=en.
We may use Google Analytics and Google AdWords services on the Website to generate online ads through re-marketing, meaning our marketing communications may be displayed by other digital service providers and internet content providers, including Google LLC, on various web pages displayed on your device after you leave the Website.
We also use Google Analytics reports to conduct more efficient marketing communication, whereby the processing of demographic characteristics and interests related to data subjects (such as age, gender, interests) acquired by Google LLC may also take place. However, we will not process your personal data when using Google Analytics, as we do not have sufficient identifiers to allow your direct or indirect identification.
You may prevent personalized commercial banners by Google from displaying through this link.
For more information about data use by Google LLC in the context of Website use, visit: https://www.google.com/policies/privacy/partners/.
Please note that if you are signed into other internet services provided by Google LLC during your visit and use of the Website, Google LLC may process your personal data. We have no control over or influence on this processing of personal data.
In connection with the use of the Website by data subjects, Google LLC acts as a third party and separate controller. Data subjects can find more information about Google’s current privacy protection rules here: https://www.google.com/policies/privacy/?hl=en.
We also use the Instagram social network operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA, to promote our goods and services. When processing your personal data through our profiles on this social network, we act only as administrators. This company is an independent personal data controller, and the processing of your personal data is performed in accordance with Instagram’s conditions. Your personal data may be provided to third parties, and cross-border transfers to third countries may occur via Instagram, over which we have no control or responsibility. An overview of Instagram add-ons, their features, and how your personal data is processed can be found at: https://help.instagram.com/519522125107875.
On our Website, we also use Facebook social network add-ons such as Facebook Conversion Pixel and Facebook Remarketing services provided by Facebook, Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. We also promote our goods and services through our company profile on Facebook. When you visit our Website containing such an add-on, a link is established between your browser and the social network. The social network receives information about your visit from your browser. If you are logged into Facebook, your visit may be associated with your social network profile. Any information and metadata produced by the add-on can be saved by the social network operator. Using Facebook Conversion Pixel, we and Facebook can determine that you clicked on our Facebook ad and were redirected to our Website. However, we do not have access to data from other sites you have visited. Information gathered using Facebook Conversion Pixel is used to compile statistics on our Facebook advertising campaigns. We do not obtain any information that could identify you. With Facebook Remarketing technology, users who have already visited our sites can be re-targeted with advertising on other Facebook pages or sites that cooperate with Facebook. We do not obtain any information about the directness of this advertising towards specific individuals. For more information about the purpose and scope of data collection and processing by Facebook, as well as your privacy protection settings on Facebook, please see the Facebook Data Use Policy available here. You can prevent online interest-based ads from Facebook and other participating companies from displaying here. To prevent this personal data from being collected, you must log out of the social network before visiting our Website.
INSTRUCTIONS ABOUT THE RIGHTS OF THE DATA SUBJECT
We are committed to preserving the integrity and confidentiality of your personal data. Therefore, we strive to protect personal data not only through modern technical and organizational measures but also by enabling you to exercise your rights at any time through a written, signed application indicating your identity and the specific right you wish to exercise. You may send applications to exercise your rights to our email address: [email protected].
Please note that if the legal basis for processing your personal data is your consent, you may withdraw your consent at any time by contacting us at any establishment or by sending a written request to the email address [email protected]; withdrawal of consent does not affect the lawfulness of processing prior to its withdrawal.
In cases where the legal basis is a contractual relationship, it is necessary to provide us with the required personal data; otherwise, it is not possible to enter into the contractual relationship and provide you with the goods or services.
You have the following rights regarding your personal data:
- Right of access (Article 15 of the GDPR)
- Right to rectification (Article 16 of the GDPR)
- Right to erasure (Article 17 of the GDPR)
- Right to restriction of processing (Article 18 of the GDPR)
- Right to data portability (Article 20 of the GDPR)
- Right to object to processing (Article 21 of the GDPR)
- Right not to be subject to automated individual decision-making (Article 22 of the GDPR)
Please be aware that in certain circumstances, we may be legally obligated to retain specific personal data even after a request for erasure, particularly to comply with obligations under anti-money laundering laws and other legal regulations applicable to providers of virtual assets services. In such cases, we will retain the necessary personal data strictly in accordance with the applicable laws and only for as long as required.
Each application to exercise your rights under the GDPR may be made by a signed written application sent to our company’s registered office address as specified in the Commercial Register or to our email address: [email protected].
Please note that we may request that you credibly demonstrate your identity when dealing with your application, especially if you apply in a manner other than by a signed written letter, email with a qualified electronic signature, or in person at our registered office (e.g., in the case of common email requests or phone calls).
Each delivered application to exercise your rights will be assessed individually and competently; we will inform you of the result within 30 days of receiving the application. The process of handling your application is free of charge. If, in your opinion, we have not dealt with your application in accordance with the GDPR, you may file a complaint with the supervisory authority (www.uoou.cz) or seek a judicial remedy directly with the competent court.
If you have any questions regarding privacy and personal data protection, information about the content and enforcement of your rights, or require additional explanations of this Policy, you may contact us at any time at: [email protected].
FINAL PROVISIONS
If you do not agree with or do not fully understand any part of this Policy, we welcome your reservations and comments, which we will discuss with you to protect and support your rights and prevent any risks to your rights and freedoms that could arise from using our website and/or other processing of personal data described in this Policy.
We regularly review and update this Policy; the current version published on the website is always valid.
You may address complaints related to the processing of personal data to the supervisory authority:
Office for Personal Data Protection of the Czech Republic
Pplk. Sochora 27
170 00 Praha 7
Phone: +420 234 665 111
Email: [email protected]
In Prague, Czech Republic
Dated 21 October 2024