Professional Documents
Culture Documents
Banxa operates internationally through different entities (together “Banxa,” “we,” “us,” or “our”) to
provide fiat on ramp and fiat off ramp services for buying and selling cryptocurrency. Please see the
table below in “Contact Us” to determine which Banxa entity or entities you are contracting with.
This Privacy Policy is designed to help you understand how we collect, use, process, and share your
personal information, and to help you understand and exercise your privacy rights.
B. Administrative Purposes
We use your information for various administrative purposes, such as:
● Pursuing our legitimate interests such as direct marketing, research and development (including
marketing research), network and information security, and fraud prevention;
● Detecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity,
and prosecuting those responsible for that activity;
● Measuring interest and engagement in our Services;
● Short-term, transient use, such as contextual customization of ads;
● Improving, upgrading, or enhancing our Services;
● Developing new products and services;
● Ensuring internal quality control and safety;
● Authenticating and verifying individual identities, including requests to exercise your rights under
this Privacy Policy;
● Debugging to identify and repair errors with our Services;
E. Other Purposes
We also use your personal information for other purposes as requested by you or as permitted by
applicable law.
● Automated Decision Making. We may engage in automated decision making, including
profiling. For example, we may engage in automated decision making for purposes of fraud
prevention. Banxa’s processing of your personal information will not result in a decision based
solely on automated processing that significantly affects you unless such a decision is
necessary as part of a contract we have with you, we have your consent, or we are permitted
by law to engage in such automated decision making. If you have questions about our
automated decision making, you may contact us as set forth in “Contact Us” below.
● De-identified and Aggregated Information. We may use personal information to create de-
identified and/or aggregated information, such as demographic information, information about
the device from which you access our Services, or other analyses we create.
The categories of sources from which we collect personal information and our business and commercial
purposes for using personal information are set forth in “Personal Information We Collect” and “How
We Use Your Personal Information” above, respectively.
Additional Privacy Rights for California Residents
“Sales” of Personal Information under the CCPA. For purposes of the CCPA, Banxa does not “sell”
personal information, nor do we have actual knowledge of any “sale” of personal information of minors
under 16 years of age.
Non-Discrimination. California residents have the right not to receive discriminatory treatment by us
for the exercise of their rights conferred by the CCPA.
Authorized Agent. Only you, or someone legally authorized to act on your behalf, may make a
verifiable consumer request related to your personal information. You may also make a verifiable
consumer request on behalf of your minor child. To authorize an agent, provide written authorization
signed by you and your designated agent and contact us as set forth in “Contact Us” below for additional
instructions.
Verification. To protect your privacy, we will take steps to reasonably verify your identity before fulfilling
your request. These steps may involve asking you to provide sufficient information that allows us to
reasonably verify you are the person about whom we collected personal information or an authorized
representative, or to answer questions regarding your account and use of our Services.
If you are a California resident and would like to exercise any of your rights under the CCPA, please
contact us as set forth in “Contact Us” below. We will process such requests in accordance with
applicable laws.
De-Identified Information. If we create or receive de-identified information, we will not attempt to
reidentify such information, except to comply with applicable law.
C. Supplemental Notice for the European Economic Area and the United Kingdom
This Supplemental Notice for the European Economic Area and the United Kingdom only applies to our
processing of personal information that is subject to the applicable data protection laws of the European
Economic Area or the United Kingdom.
These are the processing goals, legal processing grounds and retention terms for personal data we
collected directly from you:
Account administration To onboard you as our Necessary for the 1 year after closing your
customer and to provide performance of our contract account
our Services and to take steps prior to
Such as: name, date of entering into a contract (art.
birth, age, nationality, 6.1 sub b GDPR)
country of residence,
gender, occupation,
signature, utility bills, To comply with legal Necessary for compliance As long as the applicable
professional details, obligations, such as tax-, with a legal obligation (art. legal obligation dictates.
photographs, video footage, social security legislation 6.1 sub c GDPR)
laws to counter money Tax legislation
phone number, home
address, email address, laundering and financing of In UK, LU and LV: 10 years.
government issued terrorism In NL: 7 years
identification such as Anti-money laundering
passport, driver’s license,
national identification card In UK, LU and NL: 5 years
with photograph, tax after the end of your
identification number, relationship with us. In LV: 8
national insurance number, years after the end of your
social security number, visa relationship with us.
Financial and
transactional information
Such as: wallet address, To provide our services Necessary for the 1 year after closing your
bank account numbers, performance of our contract account
bank statements, (art. 6.1 sub b GDPR)
transaction history, trading
data, credit/debit card
numbers.
Information about the To comply with legal Necessary for compliance As long as the applicable
transactions you make obligations, such as tax-, with a legal obligation (art. legal obligation dictates
using the Services, the social security- and anti- 6.1 sub c GDPR)
purpose of the transactions, money laundering laws Tax legislation
information on sources of In UK, LU and LV: 10 years.
your funds, sender and In NL: 7 years
receiver of funds, and
ultimate beneficiary Anti-money laundering
information In UK, LU and NL: 5 years
after the end of your
relationship with us. In LV: 8
years after the end of your
relationship with us.
Your communications with To answer your questions Necessary for the 1 year after closing your
us and to provide our performance of our contract account
Services (art. 6.1 sub b GDPR)
To document our rights Necessary for the purposes As long as the applicable
and obligations towards of a legitimate interest (art. statute of limitations for
you 6.1 sub f GDPR) rights or liabilities that are
connected to the topic of
the communication
Your responses in surveys To develop our business Your consent (art. 6.1 sub a 3 years after your
and enhance our services GDPR) participation in the survey,
or until you withdraw your
consent (whichever is
sooner)
Information you provide If you communicate with us Necessary for the 1 year after closing your
through our Interactive directly (privately) through performance of our contract account
Features our Interactive Features: to (art. 6.1 sub b GDPR)
answer questions you
might have or provide
services that you request
If you publicly post Your consent (art. 6.1 sub a Until you withdraw your
something on our GDPR) consent
Interactive Features: to
Banxa – Privacy and Cookies Policy – 1 January 2023 Page 13 of 21
Category of data Processing goals Processing grounds Retention term
share information for the
benefit of others who take
an interest in our services
and our Interactive
Features
Information you provide at For market research, in Necessary for the purposes 2 years after the
conferences, trade shows or order to develop our of our legitimate interest (art. conference, trade show or
other events business and enhance our 6.1 sub f GDPR), taking into event
services consideration that the
processed personal data
was provided of your own
volition at the
conference/trade show/event
and that our processing is in
To contact you, e.g. with
line with the spirit in which
questions or offers the data was provided
connected to the expertise
or interests you displayed
at the conference, trade
show, or event
Information you provide in a To evaluate your Your consent (art. 6.1 sub a 6 months after we gave you
job application application and respond to GDPR) our final decision on your
it application, or one year with
your permission
These are the processing goals, legal processing grounds and retention terms for personal data that
are collected automatically when you use our Service:
Internet protocol (IP) To allow our computers to Necessary for the For the duration of your
address, user settings, MAC recognize your device and performance of our contract session
address, cookie identifiers, communicate with it, in (art. 6.1 sub b GDPR)
mobile carrier, mobile order to perform our
advertising and other Services
unique identifiers, browser
or device information, To monitor the use of our Necessary for the purposes 24 hours after ending your
location information Services for the purpose of of our legitimate interest session
(including precise location recognizing and combating (art. 6.1 sub f GDPR)
information and/or attacks on its security
approximate location
derived from IP address), To better understand the Your consent (art. 6.1 sub a 2 years, or until you
and Internet service way people use our GDPR) withdraw your consent;
provider. Services, so that we can whichever is sooner
improve on them
To share this information Your consent (art. 6.1 sub a 2 years, or until you
with our advertising GDPR) withdraw your consent;
partners, so that they may whichever is sooner
offer you information or
advertisements that are
tailored to you interests
Information regarding your To better understand the Your consent (art. 6.1 sub a 2 years, or until you
use of our Services, such as way people use our GDPR) withdraw your consent;
pages that you visit before, Services, so that we can whichever is sooner
during and after using our improve on them
Biometric data, e.g. for For identification and Your explicit consent (art. 1 year after closing your
facial recognition authentication only 6.1 sub a GDPR) account, or until you
withdraw your consent;
whichever is sooner
These are the processing goals, legal processing grounds and retention terms for personal data that
we collect elsewhere:
Information we receive if To identify you and Necessary for the As long as is technologically
you access our Services authorize your access to our performance of our contract necessary to grant you
through an app store, a Services (art. 6.1 sub b GDPR) access to our Services
third-party login service, or a
social networking site, that
you have made available via
your privacy settings To offer you information or Your consent (art. 6.1 sub a Until you withdraw your
advertisements that are GDPR) consent
tailored to you interests
Information we receive from To assess our risks when Necessary for the 1 year after closing your
credit bureaus and identity contracting with you performance of our contract account
verification partners (art. 6.1 sub b GDPR)
Information about your To develop our business Necessary for the purposes 1 year after closing your
transactions, wallet and enhance our services of our legitimate interest account
balances or usage, and (art. 6.1 sub f GDPR)
other information we obtain
through analysis of To comply with legal Necessary for compliance As long as the applicable
blockchain information of obligations, such as tax-, with a legal obligation (art. legal obligation dictates
from third parties social security- and anti- 6.1 sub c GDPR)
money laundering laws Tax legislation
In UK, LU and LV: 10 years.
In NL: 7 years
Anti-money laundering
In UK, LU and NL: 5 years
after the end of your
Banxa – Privacy and Cookies Policy – 1 January 2023 Page 15 of 21
Category of data Processing goals Processing grounds Retention term
relationship with us. In LV: 8
years after the end of your
relationship with us.
Your email address or other To send you the information Our legitimate interest (art. For as long as is
contact information if we that your friend/relation 6 sub f GDPR) technologically necessary to
received it through our thinks you are interested in send the information to you.
referral service
To send you further Your consent (art. 6.1 sub a Until you withdraw your
communications, if you opt GDPR) consent
in
To monitor the effect of our Our legitimate interest (art. 2 years after the referral
referral service 6 sub f GDPR)
Financial companies choose how they share your personal information. Federal law gives
consumers the right to limit some but not all sharing. Federal law also requires us to tell
Why?
you how we collect, share, and protect your personal information. Please read this notice
carefully to understand what we do.
The types of personal information we collect and share depend on the product or service
you have with us. This information can include:
■ Name, date of birth, age, nationality, country of residence, gender, occupation,
What? signature, professional details, social security number, and driver’s license or ID
number.
■ Wallet address and wallet transactions
■ Banking information
All financial companies need to share customers’ personal information to run their
everyday business. In the section below, we list the reasons financial companies can
How? share their customers’ personal information; the reasons Banxa chooses to share; and
whether you can limit this sharing.
Reasons we can share your personal information Does Banxa Can you limit this
share? sharing?
For our everyday business purposes— Yes No
such as to process your transactions, maintain your
account(s), respond to court orders and legal
investigations, or report to credit bureaus
For our marketing purposes— Yes No
to offer our products and services to you
For joint marketing with other financial companies Yes Yes
Please note:
If you are a new customer, we can begin sharing your information 30 days from the date
we sent this notice. When you are no longer our customer, we continue to share your
information as described in this notice.
However, you can contact us at any time to limit our sharing.
Who we are
Who is providing this notice? BNXA USA MTL Inc.
What we do
How does Banxa protect my To protect your personal information from unauthorized access
personal information? and use, we use security measures that comply with federal law.
These measures include computer safeguards and secured files
and buildings.
How does Banxa collect my We collect your personal information, for example, when you
personal information? ■ Open an account with us.
■ Use our services.
We also collect your personal information from others, such as
credit bureaus, affiliates, or other companies.
Why can’t I limit all sharing? Federal law gives you the right to limit only
■ sharing for affiliates’ everyday business purposes—
information about your creditworthiness
■ affiliates from using your information to market to you
■ sharing for nonaffiliates to market to you
State laws and individual companies may give you additional
rights to limit sharing. See below for more on your rights under
state law.
What happens when I limit Your choices will apply to everyone on your account.
sharing for an account I hold
jointly with someone else?
Definitions
Affiliates Companies related by common ownership or control. They can
be financial and nonfinancial companies. Our affiliates include
financial companies such as:
■ Banxa Holdings Inc.
■ BTC Corporation Holdings Pty Ltd
■ BNXA USA Holding Inc.
■ BNXA USA MTL Inc.