1. INTRODUCTION

Thank you for visiting Bitgauss.com or the Bitgauss app (the “Site”). Your use of the Site is being facilitated by one of the following parties (“Bitgauss”, “We”, “Us” or “Our”, and collectively the “Parties”):

• Bitgauss USA Inc., a U.S. Delaware corporation, if you are a resident of one of our approved operating locations within the U.S. or Canada;
• Bitgauss Europe LTD, a Malta limited liability company, if you are a resident of one of our approved operating locations within the European Economic Area (“EEA”);
• Bitgauss, a Singapore limited liability company, if you are a resident of Singapore or Brunei who registered on or after October 15, 2019; or
• Bitgauss Technology Company Limited, a Hong Kong registered corporation, if you are a resident of any other approved country that is not specifically listed above.

Bitgauss, as a/the data controller, provides this Privacy Policy Statement (the “Privacy Policy”) to describe our practices regarding the collection, storage, use, disclosure, and other processing of Personal Data (defined below). By visiting, accessing, or using the Site and associated application program interfaces or mobile applications, you (a) acknowledge that you have the right, capacity, and authority to accept this Privacy Policy; (b) acknowledge that you have read and understand this Privacy Policy; and (c) consent to the policies and practices outlined in this Privacy Policy. So please read them carefully to understand what we do.This Privacy Policy explains what data we collect, why we collect it, how such data is used and stored, how such data may be shared by us, rights you may have, and how you can contact us about our privacy practices. If you do not wish for your Personal Data (as defined below) to be used in the ways described in this Privacy Policy, you should not use the Site or any services, software, API (application program interface), technologies, products and/or functionalities offered by this Site (collectively, the “Service(s)”).

2. DEFINITIONS

Digital Asset

“Digital Asset” means a digital asset (also called a “virtual financial asset”, “convertible virtual currency”, “cryptocurrency”, “virtual currency”, “digital currency”, “digital commodity”, or “digital payment token”), which is based on the cryptographic protocol of a computer network that may be (i) centralized or decentralized; (ii) closed or open-source; and (iii) used as a medium of exchange and/or store of value.

Personal Data

“Personal Data” typically means any information which, either alone or in combination with other data, enables you to be directly or indirectly identified, such as your name, email address, username, contact details, identification number, location data, an online identifier such as a complete IP address, device ID, or one or more factors specific to the physical, economic, cultural, or social identity of you. Only the personal data from applicable national law of your legal residence will apply to you and be deemed your Personal Data.

For Australian users, we will not adopt identifiers assigned by the Government (such as drivers’ license numbers) for our own file recording purposes, unless one of the exemptions in the Privacy Act 1988 (Cth) (the “Privacy Act”) applies. Under Australian law, Personal Data is referred to as ‘personal information’ and has the same meaning.

Sensitive Information

“Sensitive Information” is Personal Data that includes information relating to a person’s racial or ethnic origin, political opinions, religion, trade union or other professional or trade association membership, sexual preferences,criminal record, and/or biometric or health information.

3. WHAT PERSONAL DATA WE COLLECT AND HOLD, AND HOW WE COLLECT IT

Bitgauss collects, processes, and stores Personal Data via your use of the Service or where you have given your consent. This Personal Data may include contact details, copies of identification documentation provided by you or derived from publicly accessible databases, your government identification number, as well as information relating to your device or internet service (such as an IP address and a MAC number).

To understand how Bitgauss protects the data it collects from its users, please see the details below.

Furthermore, we conduct business and collect Personal Data from individuals and entities located within the EEA (“European Residents”). We are required to protect Personal Data processed in the EEA in accordance with the General Data Protection Regulation (the “GDPR”). To understand more about how we protect the data collected from individuals and entities located within the EEA, please see the sections below entitled “Additional Information for Persons Subject to the EU GDPR” and “Sending Information to Other Countries.”

We collect information you provide during the Bitgauss onboarding process, which may be a completed, incomplete, or abandoned process. We also collect Personal Data when you communicate with us through customer support, subscribe to marketing communications, correspond with us by phone, email, or other communication channels, or when you conduct a transaction on the Site. We may actively or automatically collect, use, store, or transfer your Personal Data, which may include, without limitation, the following:

• Personal identification information such as name, email, phone number, nationality, date of birth, address, image, and government identification information;
• Photographs or images, which then we provide to third parties that process that information and generate and store biometric information solely for identity verification purposes (please see the section below entitled “Identity Verification and Biometric Data Privacy Policy” for more information);  
• Institutional details such as corporate legal name, corporate registration information, government identification number, proof of identity and legal existence, address, business description, and beneficial owner information;
• Commercial information such as data related to transactions conducted on the Site;
• Financial information such as bank account information;
• Correspondence information such as communications with our Customer Support team and responses to user surveys;
• Information required by regulatory agencies such as state and federal licensing authorities and consumer protection agencies; and
• Other identifiers such as device fingerprint data, IP address, and geolocation information.

We may also collect Personal Data about you from a third party, such as electronic verification services, referrers, marketing agencies, or liquidity providers. If so, we will take reasonable steps to ensure that they are made aware of applicable privacy laws. We may also use third parties to analyze traffic at the Site, which may involve the use of Cookies (please see the section below entitled “Cookie Usage” for more information). Information collected through such analysis is not anonymous.

We will not collect Sensitive Information about you without your consent, unless an exemption or exception applies. These exemptions or exceptions include if the collection is required or authorized by law, or necessary to take appropriate action in relation to suspected unlawful activity or serious misconduct.

If the Personal Data we request is not provided by you, we may not be able to provide you with the benefit of our Services or meet your needs appropriately. Accordingly, we do not give you the option of dealing with us anonymously or under a pseudonym.

4. UNSOLICITED PERSONAL DATA

We may receive unsolicited Personal Data about you. We destroy or de-identify all unsolicited Personal Data we receive, unless it is relevant to the purposes stated in this Privacy Policy for collecting Personal Data or otherwise required by applicable law. We may retain additional information we receive about you if it is combined with other information we are required or entitled to collect. If we do this, we will retain the information in the same way we hold your other Personal Data.

5. WHO WE COLLECT PERSONAL DATA ABOUT

The Personal Data we may collect and hold includes (but is not limited to) Personal Data about users, potential users, service providers or suppliers of the Site or our Services, prospective employees, as well as employees, contractors, and other third parties with whom we come into contact.

6. HOW WE USE YOUR PERSONAL DATA

Bitgauss uses Personal Data to administer, deliver, improve, and personalize the Service for you and to comply with our legal and regulatory obligations. We also may use such data to communicate with you in relation to other products or services offered by Bitgauss and/or its partners to consider any concerns or complaints you may have.

We may use and disclose your Personal Data for any of these purposes. We may also use and disclose Personal Data for secondary purposes which are related to the primary purposes set out in this section or in other circumstances authorized by the law.

Sensitive Information will be used and disclosed for the purpose for which it was provided (or a directly related secondary purpose), unless you explicitly consent otherwise, or an exemption under law applies.

Below are specific ways in which we may process your Personal Data:

1. Verifying your eligibility for our Services. We use your Personal Data to assess your eligibility for our Services pursuant to our legal obligations. For example, we utilize your name, address, nationality, Social Security number (for U.S. users), government identification number, date of birth, and biometric information generated by our third-party service provider to verify your identity to provide you access to our Services.    
2. Providing you with our Services. We use your Personal Data to provide you with our Services pursuant to our contractual agreement. For example, we need to know certain financial information to conduct fiat currency transfers into and out of your account.
3. Detecting and preventing fraud. Your Personal Data is used to detect and prevent fraud.
4. Protecting the security of our Services. We process your Personal Data, such as information about your device and activity, to maintain the security of your account and our Services.
5. User/customer support. We process your Personal Data when you contact our Customer Service team to help us address your requests.
6. Enhancing our Services. We process your Personal Data to understand how our products and Services are being used to improve our Services and develop new products.
7. Product marketing. We process your Personal Data to identify our products and Services that we believe may be of interest to you. We may contact you about them. You may opt out of marketing communications with us at any time. If you do not want to receive these communications, please send an email to support@bitgauss.com.
8. Consent. We may use your Personal Data for additional purposes with your consent.
9. Other business purposes. We may use your Personal Data for other reasonably expected business purposes as permitted by law or required to comply with our legal obligations.

To Whom We Might Disclose Personal Data

Bitgauss may disclose Personal Data to:

• Members of our corporate group, which includes our subsidiaries, holding companies, and companies under common control including their respective contractors, affiliates, employees, or representatives;
• Our service providers and other third parties who assist us in providing Services to you and/or as required or permitted by law or professional standards including, for example, payment processing, customer support, data analytics, information technology, data processing, network infrastructure, storage, identity verification, and tax reporting;
• Entities in connection with corporate transactions involving Bitgauss, including any financing, acquisition, or dissolution proceedings which involve disclosing a certain portion or all of our business or assets;
• Government entities or other parties to legal process, including law enforcement agencies and authorities, officers, regulators, or other third parties to comply with any law, court order, subpoena, or government request;
• Professional advisors, including legal, accounting, or other consulting services for purposes of audits or to comply with our legal obligations;
• Consent. We may share or disclose your information with your consent; and
• Other business purposes as permitted by law or required to comply with our legal obligations.

Other than as disclosed in this Privacy Policy, Bitgauss does not share your Personal Data with any other third parties unless required to do so by law or legal obligation. This Site may contain links to other third-party websites where their own privacy policies may apply, and Bitgauss is not responsible for the privacy policies of such third-party websites.

If we disclose your Personal Data to service providers that perform business activities for us, they may only use your Personal Data for the specific purpose for which we supply it. We will take reasonable steps to ensure that all contractual arrangements with third parties adequately address compliance with applicable privacy laws.

Additionally, we have implemented standards to prevent money laundering, terrorist financing, and circumvention of applicable trade and economic sanctions, which require us to undertake due diligence on our users. This may include the use of third-party data and service providers to cross-reference your Personal Data for identity verification, fraud detection and prevention, transaction monitoring, credit verification, and security threat detection.

7. HOW WE STORE YOUR PERSONAL DATA

Bitgauss is a global business and Personal Data may be stored and processed in any country where we have operations or where we engage service providers. We may disclose information to third party storage providers or affiliates that are located outside your country of residence or disclose to third-party storage providers or affiliates that are located outside your country of residence. 

We may transfer Personal Data that we maintain about you to recipients in countries other than the country in which the Personal Data was originally collected. Those other countries may have data protection or privacy rules that are different from those of your country. However, we will take measures to ensure that any such transfers comply with applicable data protection laws and that your Personal Data remains protected to the standards described in this Privacy Policy. In certain circumstances, courts, law enforcement agencies, regulatory agencies, or security authorities in those other countries may be entitled to access your Personal Data. By communicating electronically with Bitgauss, you acknowledge and agree to your Personal Data being processed in this way.

In relation to Australian users, we will not send Personal Data to recipients outside Australia unless we have taken reasonable steps to ensure that the recipient does not breach the Australian Privacy Principles (“APPs”) or the Privacy Act, the recipient is subject to an information privacy scheme similar to the Privacy Act, or you have consented to the disclosure.

If an Australian user consents to their Personal Data being disclosed to an overseas recipient, and the recipient breaches the APPs, we will not be accountable for that breach under the Privacy Act, and you will not be able to seek redress under the Privacy Act.

In relation to residents of Singapore and Brunei, we will apply a level of protection to the Personal Data transferred outside Singapore that is at least comparable to the protection provided under each of the following (collectively, the “Transfer Regulations”): (a) the Singapore Personal Data Protection Act 2012; (b) any applicable laws of the other countries to which your Personal Data will be transferred; and (c) this Privacy Policy. We will apply the greater standard of protection to the transferred Personal Data if any Transfer Regulation provides a greater standard of protection than another Transfer Regulation.

Collection and Transfer of Data Outside of The EEA

As discussed above, we collect Personal Data from users located in the EEA. To facilitate the Services we provide to users located in the EEA, we request explicit consent for the transfer of Personal Data from the EEA to outside of the area. If you are an individual located in the EEA and you decline to consent to such a transfer, you will no longer be able to use Bitgauss and our Services. You will have the ability to withdraw your Digital Assets and fiat currency; however, all other functionalities will be disabled.

If you are located in the EEA, we comply with applicable laws to provide an adequate level of data protection for the transfer of your Personal Data to other countries outside of the EEA. Bitgauss relies on data processing agreements and the European Commission’s standard contractual clauses to facilitate the transfer of such Personal Data. We may transfer Personal Data from the EEA to countries outside of the EEA where the transfers are necessary to satisfy our obligations to you under our Terms of Service (including providing you with our Services and optimizing and enhancing Bitgauss) and where, to the extent applicable, you have consented to the transfer of your personal data to a country outside of the EEA.

9. ACCESS, CORRECTION, AND DELETION OF YOUR PERSONAL DATA

Subject to certain exceptions prescribed by applicable law, you have the right to obtain a copy of your Personal Data upon request and ascertain whether the information we hold about you is accurate and up-to-date. We will provide access within 30 days of your request. If we refuse to provide the information, we will provide reasons for the refusal. We will require identity verification and specification of what information is required before providing you with access. If any of your Personal Data is inaccurate, you may request to update your information. Where we are satisfied that the request to update the information is accurate, we will take reasonable steps to correct the information within 30 days, unless you agree otherwise. You may also request to delete your Personal Data, with the exception that we may refuse your deletion request in certain circumstances, such as compliance with applicable law or legal obligations. For data access, correction, or deletion requests, or to request withdrawal of your previously provided consent, please contact support@bitgauss.com with the subject “DATA INQUIRY”.

In response to data access, correction, or deletion requests, we will verify the requesting party’s identity to ensure that they are legally entitled to make such request. While we aim to respond to these requests free of charge, we reserve the right to charge you a reasonable fee should your request be repetitive or onerous. Please note that you may not be able to continue receiving the Services, depending on the extent of your withdrawal of consent.

10. CHILDRENS’ PERSONAL DATA

Bitgauss does not knowingly offer services to or collect the Personal Data of anyone under the age of 18. If we learn that we have collected Personal Data of anyone under the age of 18, we will promptly delete it from our systems. If you are aware of anyone under the age of 18 using our Services, please notify us so we can take prompt action to prevent access to our Services.

11. IDENTITY VERIFICATION AND BIOMETRIC DATA PRIVACY POLICY

To comply with applicable laws, regulations, and other legal obligations in the United States and in other countries, including “know your customer” obligations, we require all users to verify their identity before using our Services. 

In order to verify a user’s identity for the use of certain Services, the user is asked to capture an image of their government ID (e.g., a passport or driver’s license) and take a real-time selfie image of their face. We provide those images to our identity verification service provider, who then uses a combination of machine learning tools and statistical algorithms to confirm the authenticity of the government ID and selfie image, and to perform biometric facial comparisons to determine whether the face contained in the government ID and selfie image belong to the same person. Through this process, the verification service provider will typically generate a confidence score representing the confidence level that the images of the individuals match, which we or the relevant service provider may use in determining the level of confidence that the individual submitting the selfie image is the same person as the individual on the government ID. 

We do not receive, store, or collect any facial biometric information generated by our third-party identity verification service provider from the images, and our identity verification service provider retains biometric information only as long as necessary for us to provide our Service to you and to help us comply with our legal obligations. We do not use, disclose, or retain facial biometric information for any other commercial purpose. However, we do retain the information and images you provide in connection with the identity verification process, along with the results of the identity check, as long as necessary to provide our service to you and to comply with our legal obligations. 

We currently use identity verification services provided by Au10tix. For additional information about our current identity verification service provider’s biometric data practices, please review the Au10tix Biometric Data Policy.

12. MARKETING

We may only use Personal Data we collect from you for the purposes of direct marketing without your consent if the Personal Data does not include Sensitive Information, you would reasonably expect us to use or disclose the information for the purpose of direct marketing, we provide a simple way of opting out of direct marketing, and you have not requested to opt out of receiving direct marketing from us.

If we collect Personal Data about you from a third party, we will only use that information for the purposes of direct marketing if you have consented (or it is impracticable to obtain your consent), and we will provide a simple means by which you can easily request not to receive direct marketing communications from us. We will draw your attention to the fact that you may make such a request in our direct marketing communications.

You have the right to request us not to use or disclose your Personal Data for the purposes of direct marketing, or for the purposes of facilitating direct marketing by other organizations. We must give effect to the request within a reasonable period of time. You may also request that we provide you with the source of the information. If such a request is made, we must notify you of the source of the information free of charge within a reasonable period of time.

We may communicate company news, promotions, and information relating to our products and services provided by Bitgauss. We may share Personal Data with third parties to help us with our marketing and promotional projects or sending marketing communications.

Users can opt out from these marketing communications at any time. If you do not want to receive these communications, please send an email to support@bitgauss.com.

For product related communications, such as policy/terms updates and operational notifications, you will not be able to opt out of receiving such information.

13. COOKIE USAGE

While you access our Site, we may use the industry practice of placing a small amount of data that will be saved by your browser (“Cookies”). This information can be placed on your computer or other devices used to visit our Site. We use Cookies to enhance your experience of using our Site. The information is used to identify users, remember user preferences, and allow users to complete tasks without having to re-enter information when browsing from one webpage to another or when re-visiting the Site at a later date. We also use Cookies to collect and analyze Site usage data related to user use and patterns. This data is used to improve our Site and enhance users’ experience. We may also use the information collected to ensure compliance with our Bank Secrecy Act of 1970 (“BSA”) and Anti-Money Laundering (“AML”) program (“BSA/AML Program”) and to ensure that your account security has not been compromised by detecting irregular, suspicious, or potentially fraudulent account activities.

You can set your browser to block or alert you about these Cookies, but this may affect the functionality of our Services or your user experience. Session Cookies are added when a user starts to browse our Site or interacts with a specific feature and are deleted when the browser is closed. Persistent Cookies are added when a user starts to browse our Site or interacts with a specific feature, but may remain stored on your device until a certain termination date is reached.

14. INFORMATION SECURITY

We endeavor to protect our Site and you from unauthorized access, alteration, disclosure, or destruction (or other similar risks) of Personal Data we collect and store. We take various measures to ensure information security, including: encryption of our Site communications; required two-factor authentication for all sessions; periodic review of our Personal Data collection, storage, and processing practices; and restricted access to your Personal Data on a need-to-know basis for our employees and service providers who are subject to strict contractual confidentiality obligations.

If you have any questions about information security or report any security issues, please contact us by sending an email to the following address security@bitgauss.com with the subject “INFORMATION SECURITY REQUEST”.

15. CONTACTING BITGAUSS ABOUT PRIVACY QUESTIONS OR CONCERNS

If you have any questions about this Privacy Policy or the use of your Personal Data, please contact us by sending an email to the following address support@bitgauss.com with the subject “PRIVACY REQUEST”. For users from the EEA, you have the right to make a complaint for unresolved questions in relation to the collection, use or disclosure of your Personal Data to the applicable supervisory authority within your jurisdiction. For users from Australia, if you are not satisfied with our response to your complaint, you can also refer to the Office of the Australian Information Commissioner by:

• Telephoning:
• Writing:
• Emailing:
• Online:

For users from Singapore or Brunei, you may email our Data Protection Officer directly at 

16. CHANGES TO OUR PRIVACY POLICY

We may update this Privacy Policy at any time by posting the amended version on this Site including the effective date of the amended version, so please check frequently to see if there are any updates or changes. Your continued access to or use of this Site and/or the Services constitutes your acknowledgment and acceptance of such changes to this Privacy Policy.

17. LANGUAGES

This Privacy Policy may be posted in different languages. If there are any discrepancies, the English version shall prevail.

18. VERMONT CONSUMER PRIVACY STATEMENT

This Vermont Consumer Privacy Statement applies solely to Vermont consumers. Since Bitgauss is a licensed money transmitter under Chapter 79 of Title 8 V.S.A it will comply with provisions set form within Regulation B-2018-01. For the purposes of complying with Vermont law, Bitgauss will limit the sharing of Vermont consumer information.

Information Bitgauss can share:	Will Bitgauss Share Vermont consumer information without consent:
Information about your creditworthiness	NO
Personal information, financial information, or credit report for non-affiliated third parties to market to you	NO

Vermont specifically requires consumers to be provided the opportunity to “opt-in” to sharing or to the disclosure of any nonpublic personal financial information pertaining to a consumer to a nonaffiliated third-party for purposes that are not otherwise permitted by Vermont law. The consumer may “opt-in” in writing or electronically.

For Vermont Members/Customers

• We will not disclose information about your creditworthiness to our affiliates and will not disclose your personal information, financial information, or credit report to nonaffiliated third parties to market to you, other than as permitted by Vermont law, unless you authorize us to make those disclosures.
• Additional questions concerning our privacy policies can be answered by contacting Bitgauss at support@bitgauss.com.

19. ADDITIONAL INFORMATION FOR PERSONS SUBJECT TO THE EU GDPR

For European Residents, we adhere to relevant and applicable EU data protection laws and provide them with the following additional information. For the purposes of this section, Personal Data has the applicable meaning provided for in the GDPR.

Legal Basis For Processing Personal Data

We process Personal Data subject to the GDPR on one or more of the following legal bases:

• To comply with legal obligations and regulations. To comply with applicable laws, regulations and legal obligations, including “know your customer” obligations based on applicable anti-money laundering and anti-terrorism requirements, financial crime and fraud prevention, suspicious activity reporting, responding to requests from public authorities, complying with economic and trade sanctions requirements, performing customer due diligence, performing audit and risk assessments, preparing tax reports, fulfilling our retention obligations, and handling legal claims.
• To comply with contractual obligations. To comply with our contractual obligations to you under our Terms of Service, including to provide you with our Services and customer support and to optimize and enhance the Site.
• Consent. To provide and market our Services to you based on your consent. You may withdraw your consent at any time without affecting the lawfulness of processing based on consent before it is withdrawn.
• Legitimate interest. To monitor the usage of the Site, fraud prevention, network, and information security, conduct automated and manual security checks of our Services, to engage in direct marketing activities, and to protect your rights. When we process your personal data for our legitimate interests, we consider and balance any potential impact on you and your rights under data protection laws.

European Privacy Rights

European Residents have the following rights under the GDPR with respect to their Personal Data, subject to certain exceptions provided under the law.

• Right to Access and Rectification. You may submit a request that Bitgauss disclose the Personal Data we process about you and correct any inaccurate Personal Data.
• Right to Erasure. You may submit a request that Bitgauss delete the Personal Data that we have about you.
• Right to Restriction of Processing and Right to Object. You have the right to restrict or object to our processing of your Personal Data under certain circumstances.
• Right to Data Portability. You have the right to receive the Personal Data you have provided to us in an electronic format and to transmit the Personal Data to another data controller.
• Right to complain. You may lodge a complaint with a data protection supervisory authority.

When handling requests to exercise European privacy rights, we check the identity of the requesting party to ensure that they are the person legally entitled to make such a request. While we endeavor to respond to these requests free of charge, should your request be repetitive or unduly onerous, we reserve the right to charge you a reasonable fee for compliance with your request.

Automated Decision-Making

We may engage in automated decision-making for purposes of risk and fraud detection. When we do, we implement suitable measures to safeguard your rights and freedoms and legitimate interests, including the right to obtain human intervention, to express your point of view and to contest the decision.

20. ADDITIONAL INFORMATION FOR PERSONS SUBJECT TO THE AUSTRALIAN PRIVACY ACT, INCLUDING THE APPs.

For Australian users, we do not adopt identifiers assigned by the Government (such as drivers’ license numbers) for our own file recording purposes, unless one of the exemptions in the Privacy Act applies. Under Australian law, Personal Data is referred to as “personal information” and has the same meaning.

In relation to Australian users, we will not send Personal Data to recipients outside Australia unless we have taken reasonable steps to ensure that the recipient does not breach the APPs or the Privacy Act, the recipient is subject to an information privacy scheme similar to the Privacy Act, or you have consented to the disclosure.

If an Australian user consents to their Personal Data being disclosed to an overseas recipient, and the recipient breaches the APPs, we will not be accountable for that breach under the Privacy Act, and you will not be able to seek redress under the Privacy Act.

21. ADDITIONAL INFORMATION FOR PERSONS SUBJECT TO THE UK DATA PROTECTION LAW.

For users who are located in the UK and receive services by Bitgauss, we adhere to relevant UK data protection laws, and provide individuals with the following additional information. For purposes of this section, “Personal Data” has the meaning provided in the GDPR. Refer to this Privacy Policy section 19 for (i) “Legal Basis for processing Personal Data” and (ii) your individual rights set out under “European Privacy Rights”. If you have any questions about this Privacy Policy or the use of your Personal Data, please contact us by sending an email to the following address: support@bitgauss.com.