- Administrator - the Administrator of personal data pursuant RODO, which is BitBay;
- BitBay - Pinewood Holdings Limited company with its registered office in 35 Strait Street Valletta VLT 1434, entered into the Registration of Entrepreneurs under number C86244, Malta;
- Personal Data - Users' personal data within the meaning of RODO transferred in connection with using the Service;
- Processing of personal data - all operations performed on personal data within the meaning of RODO;
- RODO - Regulation of the European Parliament and of the Council (UE) 2016/679 of 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/CE (J. o L. UE 2016 it. L119);
- Website - website made available through the agency of bitbay.net and subdomains;
- Services - Services rendered by BitBay electronically that guarantee the possibility to associate the Users via the Service for the purpose of performing the purchase or sale of crypto currency available in the Website;
- User - natural or legal persons, who accepted the Statute of the Website and concluded the agreement for performance of the Service with BitBay.
All terms written with a capital letter and not defined above ought to be understood in conformity with the definitions included in the Statute of the Website.
II. General Information
- The Website performs the functions of obtaining information on the Users and their behavior as follows:
- by entering information into forms;
- by storing files (called “cookies”) on terminal devices;
- by collecting web server logs and other information occurring in connection with or as a result of functioning of and using of the Service.
III. Principles of Collection of Users' Personal Data
- Using Services is connected with the necessity to provide Personal Data by the Users. Failure to provide all Personal Data required by BitBay can lead to impossibility to provide Services by BitBay.
- The Website collects information provided by the User.
- The Website can moreover record information on the parameters of connection (determination of time, IP address etc.).
- Data obtained from the Users is not made available to third parties unless:
- the User expresses their consent;
- it is justified by the provisions of law;
- it is necessary for the purpose of providing Services, in particular in the technical scope of Services dealing with payments and also of other entities that BitBay cooperates with by performance of the Service.
IV. Scope of Data Protection and processing thereof
- In connection with the performance of the given Service, the Administrator can request that the User provides Personal Data. In particular in case of:
- a. a natural person: the features of the document stating the User's identity as well as their name, surname, citizenship, address of residence, country of birth, information on tax residence and occupied exposed political position, telephone number, date of birth and PESEL (Personal Identification Number). In case of foreign Users who have no PESEL, one should provide the equivalent of such number (the national identification number) (or file a statement on non-possession of PESEL number);
- b. in case of an institutional User: to send a scan of extract from the Commercial Register, data concerning business activity, a scan of a confirmation of assigning it a NIP (tax identification number) and assigning it a REGON (national business registry number) - unless the given number is shown in the transcript from the Trade Register, as well as, providing the features of the document stating the identity of the person authorized to represent the User, his/her name, surname, citizenship, address of residence, information on tax residence and occupied exposed political position, telephone number, date of birth and PESEL (personal identity number). In the case of the person representing the User who is a foreigner without PESEL (personal identity number), an equivalent of this number (or a statement about not having PESEL (personal identity number)) must be provided. The User is also obliged to provide the above information regarding all actual beneficiaries of the User up to the indication of natural persons.
- For the purpose of verification of data the User must present to the BitBay employee an identity document or send a scan or photo thereof in the .jpg or .png format by means of the form on the Website. The scan/photo of the identity document must meet the following terms: data on the document must be clearly visible, all edges of the document must be visible, no data can be covered. The file cannot contain any signs of digital remake (e.g. painting over of an element using a graphic program). Placement of a water line is admissible. In case of doubts BitBay can ask the User to send the photo of their identity document made so that both the User's face and their identity document can be seen simultaneously (the so-called selfie).
- Confirmation of the User's or User's representative's address can take place on the basis of a photo in the .jpg or .png format, a bill (for electricity, water, gas etc.), an agreement with a public trust institution or an official letter with the User's address data with the name and surname as well as the date of preparation (not older than 6 months).
- Personal data is processed pursuant to the provisions of the Regulation of the European Parliament and of the Council (UE) 2016/679 of 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/CE (J. o.L. UE 2016, it. L119) and provisions of the Chapter 373 of the Act on money laundering of September 23, 1994 (CAP 373).
- The basis for the processing of data are the User's consent or provisions of law that authorize to process personal data.
- The provision of data by the User is voluntary, however indispensable for rendering the Services.
- Personal data shall not be made available to other entities without the User's knowledge except for the entities authorized under the provisions of law.
- Each User has the right to inspect their personal data, amendment or removal thereof inasmuch it fails to violate the provisions of law and can be performed from the level of the user's panel.
- The Administrator can deny the performance of the rights indicated in p.8 if it results so from the provisions of law, information is subject to the pending dispute or it is indispensable for explanation of circumstances of User's violation of the Statute.
V. User's Rights
- The User has the right to access the content of Personal Data and amendment thereof.
- The User is authorized to demand supplementation, updating, correction of personal data, temporary or permanent cessation of processing thereof or removal thereof if it is incomplete, outdated, untrue or has been collected contrary to the law or is useless for the performance of the purpose for which it was collected.
- In case of amendment of Personal Data, the User is obliged to perform actions aiming at updating Personal Data on their Account.
- The Administrator can deny removal of Personal Data in a justified case, and in particular if the User:
- a. has not paid all amount due to the Administrator, or
- b. has violated the statute of the Website or of any Service, or
- c. has violated the effective provisions of law,
and the maintenance of Personal Data is indispensable for explanation of such circumstances and determination of the scope of User's liability. In each case of denial of Personal Data removal, the Administrator shall inform the User on the reasons of such denial along with the legal grounds thereof.
- In case of doubts regarding the method of processing Personal Data, the User can receive explanation from the Administrator and has the right to file an inquiry, a reservation or a complaint to the supervisory body.
- The basis for processing data are in particular the effective regulations and provisions of law and the consent if it was given by the User.
- On the basis of the processed Personal Data decisions shall not be made automatically as well as data shall not be used for profiling.
- Personal Data will be processed for the duration of the Agreement for rendering the Service.
- Contact with the Administrator of Data: [email protected]
VII. Server logs
- Information on some actions of the Users are subject to log into the server layer. This data is only used to administrate the Website and to ensure the most efficient hosting services, also for evidential purposes in connection with committed crimes or due to circumstances connecte with seeking claims in civil proceedings.
- Browsed resources are being identified by URLs. Moreover, the following data may be stored:
- date of request,
- time of reply,
- name of User's station - identification carried out by HTTP, HTTPS protocols,
- information on errors that occurred during the HTTP, HTTPS transactions,
- URL of the page previously visited by the User (referer link) - when the transition to the Website took place by reference,
- information about the User's browser,
- IP address information.
- Some of the above data is not associated with particular Users using the Website. The Administrator does not associate this data with the User's Personal Data and does not use it for User's identification as it is only used for the purpose of server administration.
The User can anytime contact the Administrator to obtain information under the following address: [email protected]