Unauthorized
Unauthorized
Unauthorized
Unauthorized
Unauthorized
Unauthorized
Unauthorized
Unauthorized
Unauthorized
Unauthorized
Unauthorized
Unauthorized
Unauthorized
Unauthorized
Unauthorized
Unauthorized
Unauthorized
Unauthorized
Unauthorized
Unauthorized
Log inSign up
user
language

GOBITZ EXCHANGE INC — PRIVACY POLICY

Effective Date: January 1, 2025 | Version 2.0


1. INTRODUCTION

GOBITZ EXCHANGE INC ("Company," "we," "our," or "us") is committed to protecting the privacy and personal data of all users ("you," "your") who access or use the Gobitz platform, including our website (www.gobitz.io), mobile applications, APIs, and related services (collectively, the "Platform").

This Privacy Policy explains what personal data we collect, why we collect it, how we use and share it, and what rights you have with respect to your data. This Policy is incorporated into and forms part of our Terms of Service.

By accessing or using the Platform, you acknowledge that you have read and understood this Privacy Policy and consent to the collection and processing of your personal data as described herein.


2. DATA CONTROLLER

Gobitz is the data controller responsible for the personal data collected through the Platform.


3. PERSONAL DATA WE COLLECT

We collect the following categories of personal data, depending on how you use the Platform:

3.1 Identity and Verification Data

  • Full legal name
  • Date of birth
  • Nationality and country of residence
  • Government-issued identification (passport, national ID, driver's license)
  • Facial biometric data collected during liveness verification
  • Taxpayer Identification Number (TIN) or equivalent, where required

3.2 Contact Information

  • Email address
  • Phone number
  • Residential address (including postal/ZIP code)

3.3 Financial and Transaction Data

  • Bank account details (IBAN, account number, routing number)
  • Payment card information (processed through PCI-compliant third parties; Gobitz does not store full card numbers)
  • Cryptocurrency wallet addresses (both Platform-generated and external)
  • Full transaction history (deposits, withdrawals, trades, fees)
  • Source of funds declarations
  • Asset balances and portfolio data

3.4 Usage and Technical Data

  • IP address and geolocation data
  • Device type, operating system, and browser information
  • Unique device identifiers (UDID, IMEI)
  • Login timestamps and session duration
  • Platform navigation and feature usage data
  • API usage logs and call patterns

3.5 Communications Data

  • Support ticket content and chat transcripts
  • Email correspondence with Gobitz
  • Survey responses and feedback submissions
  • Recorded phone calls (where applicable and disclosed)

3.6 Compliance and Due Diligence Data

  • PEP (Politically Exposed Person) screening results
  • Sanctions screening records
  • Risk classification and scoring
  • Enhanced Due Diligence (EDD) documentation
  • Source of wealth documentation for high-value accounts

3.7 Marketing Preferences

  • Opt-in/opt-out records for marketing communications
  • Referral codes and affiliate tracking data
  • Promotional participation history

4. HOW WE COLLECT YOUR DATA

We collect personal data through the following means:

4.1 Directly from You

  • During account registration and KYC verification
  • When you submit support requests or contact us
  • When you complete surveys or participate in promotions
  • When you configure account settings and preferences

4.2 Automatically Through Platform Use

  • Via cookies and similar tracking technologies (see Article 10)
  • Through server logs, analytics tools, and performance monitoring systems
  • Via API calls and programmatic access to the Platform

4.3 From Third Parties

  • Identity verification providers (e.g., Jumio, Onfido, or equivalent)
  • Sanctions and PEP screening databases (e.g., World-Check, Dow Jones Risk & Compliance)
  • Fraud detection and risk intelligence providers
  • Blockchain analytics companies for transaction monitoring (e.g., Chainalysis, Elliptic)
  • Public blockchain records (which are inherently public and immutable)
  • Credit reference agencies, where permitted by law
  • Business partners and affiliate programs, where you have provided consent

5. LEGAL BASIS FOR PROCESSING

We process your personal data on the following legal grounds:

5.1 Performance of a Contract Processing is necessary to create and manage your Account, execute trades, process deposits and withdrawals, and provide the Services you have requested.

5.2 Legal Obligation Gobitz is required by applicable law to collect and process certain data, including for Anti-Money Laundering (AML), Counter-Terrorism Financing (CTF), Know Your Customer (KYC), and tax reporting obligations under applicable financial regulations, including but not limited to FATF recommendations, GDPR, the EU's AMLD, and local financial crime legislation.

5.3 Legitimate Interests We process data to pursue our legitimate business interests, including fraud prevention, platform security, product development, risk management, and improving our services, provided such interests are not overridden by your fundamental rights and freedoms.

5.4 Consent For marketing communications and the use of non-essential cookies, we rely on your explicit consent. You may withdraw consent at any time without affecting the lawfulness of prior processing.

5.5 Vital Interests In exceptional circumstances, we may process data to protect the vital interests of a data subject or another person.


6. HOW WE USE YOUR DATA

We use your personal data for the following purposes:

6.1 Account and Service Delivery

  • Creating, verifying, and managing your Account
  • Executing and recording transactions
  • Processing deposits, withdrawals, and fiat conversions
  • Providing customer support and responding to inquiries
  • Sending service notifications (trade confirmations, security alerts, withdrawal confirmations)

6.2 Compliance and Legal Obligations

  • Conducting KYC/AML/CTF screening and ongoing due diligence
  • Monitoring transactions for suspicious activity
  • Screening against global sanctions lists and PEP databases
  • Filing Suspicious Activity Reports (SARs) or Suspicious Transaction Reports (STRs) with relevant authorities
  • Meeting tax reporting obligations (e.g., FATCA, CRS, local requirements)
  • Responding to lawful requests from regulators, law enforcement, and courts

6.3 Security and Fraud Prevention

  • Detecting, investigating, and preventing fraudulent, unauthorized, or illegal activity
  • Monitoring for account takeover attempts and cybersecurity threats
  • Verifying the legitimacy of transactions using blockchain analytics tools
  • Enforcing Gobitz's Terms of Service and other policies

6.4 Product Development and Analytics

  • Analyzing usage patterns to improve Platform features and performance
  • Conducting internal research and product testing
  • Generating aggregated, anonymized statistical data for business intelligence

6.5 Marketing and Communications

  • Sending promotional emails, newsletters, and product updates (with your consent)
  • Personalizing marketing content based on your trading activity and preferences
  • Managing referral programs and affiliate partnerships

7. DATA SHARING AND DISCLOSURE

Gobitz does not sell your personal data to third parties. We may share your data with the following categories of recipients under appropriate data protection measures:

7.1 Service Providers Gobitz engages carefully selected third-party processors who support our operations, including:

  • Cloud infrastructure and hosting providers (e.g., AWS, Google Cloud)
  • Identity verification and KYC platforms
  • Payment processors and banking partners
  • Customer support software providers
  • Email delivery and communications platforms
  • Analytics and performance monitoring tools
  • Cybersecurity and fraud prevention services

All service providers are bound by data processing agreements that restrict their use of your data to the specific purposes for which they were engaged.

7.2 Regulatory and Law Enforcement Authorities Gobitz may disclose personal data to government agencies, financial regulators, tax authorities, law enforcement bodies, and courts when:

  • Required by applicable law or regulation
  • In response to a valid subpoena, court order, or official legal request
  • Necessary to prevent or report financial crime
  • Required by our licensing conditions as a regulated exchange

7.3 Group Companies We may share data within the Gobitz corporate group for the purposes described in this Policy, subject to appropriate intra-group data transfer agreements.

7.4 Business Transfers In the event of a merger, acquisition, restructuring, or sale of all or part of Gobitz's business, your personal data may be transferred to the acquiring entity, subject to equivalent privacy protections.

7.5 Blockchain Networks Please note that transaction data broadcast to public blockchain networks is inherently public and immutable. Wallet addresses, transaction amounts, and timestamps on public blockchains cannot be deleted or modified by Gobitz or any party.

7.6 With Your Consent We may share data with third parties in other circumstances where you have given your explicit consent.


8. DATA RETENTION

Gobitz retains your personal data for as long as necessary to fulfill the purposes outlined in this Policy, subject to the following minimum retention periods:

Data CategoryRetention PeriodAccount and KYC records5 years after account closureTransaction records5–7 years (per AML regulations)Communications (support, email)3 yearsSecurity and access logs2 yearsMarketing consent recordsUntil consent is withdrawn + 1 yearLegal hold dataDuration of proceedings + 5 years

After the applicable retention period, data will be securely deleted or anonymized unless we are required by law to retain it longer. In some jurisdictions, applicable AML or financial regulations may require retention for periods exceeding those listed above.


9. COOKIES AND TRACKING TECHNOLOGIES

10.1 Types of Cookies We Use

  • Strictly Necessary Cookies: Essential for the Platform to function. These cannot be disabled. They enable login sessions, security features, and core functionality.
  • Performance and Analytics Cookies: Used to analyze how users interact with the Platform, measure feature adoption, and identify technical issues. (e.g., Google Analytics, Mixpanel)
  • Functional Cookies: Used to remember your preferences, language settings, and customizations.
  • Marketing and Targeting Cookies: Used to deliver relevant advertising and track campaign effectiveness. These are only set with your consent.

10.2 Cookie Management You can manage your cookie preferences through Gobitz's Cookie Consent Manager, accessible via the cookie banner on the Platform or in your Account settings. You may also manage cookies through your browser settings; however, disabling certain cookies may impair Platform functionality.

10.3 Do Not Track The Platform does not currently respond to "Do Not Track" (DNT) signals from browsers, as no universally accepted standard exists. Gobitz relies on our Cookie Consent Manager for preference management.


10. YOUR PRIVACY RIGHTS

Depending on your jurisdiction, you may have the following rights with respect to your personal data:

11.1 Right of Access You have the right to request a copy of the personal data Gobitz holds about you and information about how it is processed.

11.2 Right to Rectification You have the right to request correction of inaccurate or incomplete personal data. Note that certain transaction records cannot be altered for legal and audit trail integrity reasons.

11.3 Right to Erasure ("Right to be Forgotten") You may request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, consent has been withdrawn, or processing is unlawful. This right is subject to overriding legal retention obligations (e.g., AML record-keeping requirements).

11.4 Right to Restriction of Processing You may request that Gobitz limit the processing of your data in certain circumstances, such as while a correction request is being assessed.

11.5 Right to Data Portability Where processing is based on consent or contract and carried out by automated means, you may request that we provide your data in a structured, commonly used, machine-readable format (e.g., CSV or JSON).

11.6 Right to Object You have the right to object to processing based on legitimate interests, including for direct marketing purposes. Gobitz will honor objections to marketing immediately upon receipt.

11.7 Rights Related to Automated Decision-Making Where Gobitz makes solely automated decisions (including profiling) that have a significant legal or similarly significant effect on you, you have the right to request human review, express your point of view, and contest the decision.

11.8 Right to Withdraw Consent Where processing is based on consent, you may withdraw it at any time by contacting support@gobitz.io or adjusting your account settings. Withdrawal does not affect the lawfulness of processing before withdrawal.

11.9 How to Exercise Your Rights Submit requests to support@gobitz.io with the subject line "Privacy Rights Request." Gobitz will verify your identity before processing the request and respond within 30 days (extendable by 60 days for complex requests). There is no charge for reasonable requests.


11. SECURITY MEASURES

Gobitz implements industry-standard technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, or alteration, including:

  • AES-256 encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • Multi-factor authentication for internal system access
  • Cold storage and hardware security modules (HSMs) for sensitive cryptographic material
  • Role-based access controls (RBAC) with least-privilege principles
  • Regular penetration testing and vulnerability assessments
  • 24/7 security operations monitoring
  • ISO 27001-aligned information security management practices
  • Annual third-party security audits

Despite these measures, no transmission over the internet or electronic storage system is completely secure. In the event of a data breach that is likely to result in a high risk to your rights and freedoms, Gobitz will notify you and relevant supervisory authorities in accordance with applicable law.


12. LINKS TO THIRD-PARTY SERVICES

The Platform may contain links to third-party websites, applications, or services. This Privacy Policy does not apply to such third-party services. We encourage you to review the privacy policies of any third-party services you access through the Platform, as Gobitz has no control over and is not responsible for their data practices.


13. CHANGES TO THIS PRIVACY POLICY

Gobitz may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Post the updated Policy on the Platform with a revised effective date
  • Send an email notification to your registered email address at support@gobitz.io
  • Display a prominent notice on the Platform for at least 30 days

Your continued use of the Platform after the effective date of any change constitutes your acceptance of the updated Policy. If you do not agree with the changes, you should close your Account before the effective date.


14. CONTACT AND COMPLAINTS

Privacy Inquiries & Data Protection Officer: support@gobitz.io


Last Updated: January 1, 2025 | Gobitz | Version 2.0

This document is provided as a template for informational purposes. It should be reviewed and adapted by qualified legal counsel to ensure compliance with the laws and regulations applicable to your specific jurisdiction and business operations.