Professional Documents
Culture Documents
Crypto Assets are not FDIC-insured products and may lose value.
Banxa operates internationally through different entities (together “Banxa,” “we,” “us,” or “our”) to provide
fiat on ramp and fiat off ramp services for buying and selling cryptocurrency. Please see the table below
in “Contact Us” to determine which Banxa entity or entities you are contracting with.
This Privacy Policy is designed to help you understand how we collect, use, process, and share your
personal information, and to help you understand and exercise your privacy rights.
2. NOTICE AT COLLECTION
We collect information from you and about you. Here are some examples of the information we may collect,
how we may collect it, how we may use it, how we may disclose it and whether we share it for cross-
contextual marketing purposes or sell it. Below this Notice At Collection, you will find more detailed
descriptions of how we may use and disclose these categories of personal information. For information
regarding our data retention criteria, please see the Retention of Personal Information section below.
B. Administrative Purposes
We use your information for various administrative purposes, such as:
● Pursuing our legitimate interests such as direct marketing, research and development (including
marketing research), network and information security, and fraud prevention;
● Detecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity,
and prosecuting those responsible for that activity;
● Measuring interest and engagement in our Services;
● Short-term, transient use, such as contextual customization of ads;
● Improving, upgrading, or enhancing our Services;
● Developing new products and services;
● Ensuring internal quality control and safety;
● Authenticating and verifying individual identities, including requests to exercise your rights under
this Privacy Policy;
● Debugging to identify and repair errors with our Services;
● Auditing relating to interactions, transactions, and other compliance activities;
● Disclosing personal information to our services providers as needed to provide the Services;
● Enforcing our agreements and policies; and
● Carrying out activities that are required to comply with our legal obligations.
E. Other Purposes
We also use your personal information for other purposes as requested by you or as permitted by
applicable law.
● Automated Decision Making. We may engage in automated decision making, including profiling.
For example, we may engage in automated decision making for purposes of fraud prevention. This
automated decision making may involve the processing of your name, contact information and
government identification numbers. This process allows us to verify the identity of the users of the
Services and protect ourselves and our users by allowing us to detect and prevent fraudulent or
criminal transactions. As a result of our use of automated decision making, your account, or specific
transactions through the Services, may be suspended or denied. You may have the right to opt out
of the processing of your personal information for profiling in furtherance of decisions about you
that produce legal or similarly significant effects. Banxa’s processing of your personal information
will not result in a decision based solely on automated processing that significantly affects you
unless such a decision is necessary as part of a contract we have with you, we have your consent,
or we are permitted by law to engage in such automated decision making. If you have questions
about our automated decision making, you may contact us as set forth in “Contact Us” below.
● De-identified and Aggregated Information. We may use personal information to create de-
identified and/or aggregated information, such as demographic information, information about the
device from which you access our Services, or other analyses we create.
C. Supplemental Notice for the European Economic Area and the United Kingdom
This Supplemental Notice for the European Economic Area and the United Kingdom only applies to our
processing of personal information that is subject to the applicable data protection laws of the European
Economic Area or the United Kingdom.
These are the processing goals, legal processing grounds and retention terms for personal data we
collected directly from you:
Account administration To onboard you as our Necessary for the 1 year after closing your
customer and to provide performance of our contract account
our Services and to take steps prior to
Such as: name, date of entering into a contract (Art.
birth, age, nationality, 6.1(b) of the GDPR and UK
country of residence, GDPR)
gender, occupation,
signature, utility bills,
professional details, To comply with legal Necessary for compliance As long as the applicable
photographs, video footage, obligations, such as tax-, with a legal obligation (Art. legal obligation dictates.
phone number, home social security legislation 6.1(c) of the GDPR and UK
laws to counter money GDPR) Tax legislation
address, email address,
government issued laundering and financing of In UK, LU and LV: 10 years.
identification such as terrorism In NL: 7 years
passport, driver’s license, Anti-money laundering
national identification card
with photograph, tax In UK, LU and NL: 5 years
identification number, after the end of your
relationship with us. In LV: 8
To send you information or Your consent (Art. 6.1(a) of Until you withdraw your
commercial offers that are the GDPR and UK GDPR) consent
different from the Services
that we already provide to
you
Financial and
transactional information
Such as: wallet address, To provide our services Necessary for the 1 year after closing your
bank account numbers, performance of our contract account
bank statements, (Art. 6.1(b) of the GDPR and
transaction history, trading UK GDPR)
data, credit/debit card
numbers.
Information about the To comply with legal Necessary for compliance As long as the applicable
transactions you make obligations, such as tax-, with a legal obligation (Art. legal obligation dictates
using the Services, the social security- and anti- 6.1(c) of the GDPR and UK
purpose of the transactions, money laundering laws GDPR) Tax legislation
information on sources of In UK, LU and LV: 10 years.
your funds, sender and In NL: 7 years
receiver of funds, and
ultimate beneficiary Anti-money laundering
information In UK, LU and NL: 5 years
after the end of your
relationship with us. In LV: 8
years after the end of your
relationship with us.
Your communications with To answer your questions Necessary for the 1 year after closing your
us and to provide our performance of our contract account
Services (Art. 6.1(b) of the GDPR and
UK GDPR)
To document our rights Necessary for the purposes As long as the applicable
and obligations towards of a legitimate interest (Art. statute of limitations for
you 6.1(f) of the GDPR and UK rights or liabilities that are
GDPR) connected to the topic of
the communication
Your responses in surveys To develop our business Your consent (Art. 6.1(a) of 3 years after your
and enhance our services the GDPR and UK GDPR) participation in the survey,
or until you withdraw your
consent (whichever is
sooner)
Information you provide If you communicate with us Necessary for the 1 year after closing your
through our Interactive directly (privately) through performance of our contract account
Features our Interactive Features: to (Art. 6.1(b) of the GDPR and
answer questions you UK GDPR)
might have or provide
services that you request
If you publicly post Your consent (Art. 6.1(a) of Until you withdraw your
something on our the GDPR and UK GDPR) consent
Interactive Features: to
share information for the
benefit of others who take
an interest in our services
and our Interactive
Features
Information you provide at For market research, in Necessary for the purposes 2 years after the
conferences, trade shows or order to develop our of our legitimate interest (Art. conference, trade show or
other events business and enhance our 6.1(f) of the GDPR and UK event
services GDPR), which legitimate
interest is research and
development (including
marketing research) and
taking into consideration that
the processed personal data
To contact you, e.g. with was provided of your own
questions or offers volition at the
connected to the expertise
conference/trade show/event
or interests you displayed and that our processing is in
at the conference, trade line with the spirit in which
show, or event the data was provided
Information you provide in a To evaluate your Your consent (Art. 6.1(a) of 6 months after we gave you
job application application and respond to the GDPR and UK GDPR) our final decision on your
it application, or one year with
your permission
These are the processing goals, legal processing grounds and retention terms for personal data that are
collected automatically when you use our Service:
Internet protocol (IP) To allow our computers to Necessary for the For the duration of your
address, user settings, MAC recognize your device and performance of our contract session
address, cookie identifiers, communicate with it, in (Art. 6.1(b) of the GDPR and
mobile carrier, mobile order to perform our UK GDPR)
advertising and other Services
unique identifiers, browser
or device information, To monitor the use of our Necessary for the purposes 24 hours after ending your
location information Services for the purpose of of our legitimate interest session
(including precise location recognizing and combating (Art. 6.1(f) of the GDPR and
information and/or attacks on its security UK GDPR), which legitimate
approximate location interest is network and
derived from IP address), information security and
and Internet service fraud prevention
provider.
To better understand the Your consent (Art. 6.1(a) of 2 years, or until you
way people use our the GDPR and UK GDPR) withdraw your consent;
Services, so that we can whichever is sooner
improve on them
To share this information Your consent (Art. 6.1(a) of 2 years, or until you
with our advertising the GDPR and UK GDPR) withdraw your consent;
partners, so that they may whichever is sooner
offer you information or
advertisements that are
tailored to you interests
Information regarding your To better understand the Your consent (Art. 6.1(a) of 2 years, or until you
use of our Services, such as way people use our the GDPR and UK GDPR) withdraw your consent;
pages that you visit before, Services, so that we can whichever is sooner
during and after using our improve on them
Services, information about
the links you click, the types To share this information Your consent (Art. 6.1(a) of 2 years, or until you
of content you interact with, with our advertising the GDPR and UK GDPR) withdraw your consent;
the frequency and duration partners, so that they may whichever is sooner
of your activities, and other offer you information or
information about how you advertisements that are
use our Services tailored to you interests
Biometric data, e.g. for For identification and Your explicit consent (Art. 1 year after closing your
facial recognition authentication only 6.1(a) of the GDPR and UK account, or until you
GDPR) withdraw your consent;
whichever is sooner
These are the processing goals, legal processing grounds and retention terms for personal data that we
collect elsewhere:
Information we receive if To identify you and Necessary for the As long as is technologically
you access our Services authorize your access to our performance of our contract necessary to grant you
through an app store, a Services (Art. 6.1(b) of the GDPR and access to our Services
third-party login service, or a UK GDPR)
social networking site, that
you have made available via
your privacy settings To offer you information or Your consent (Art. 6.1(a) of Until you withdraw your
advertisements that are the GDPR and UK GDPR) consent
tailored to you interests
Information we receive from To assess our risks when Necessary for the 1 year after closing your
credit bureaus and identity contracting with you performance of our contract account
verification partners (Art. 6.1(b) of the GDPR and
UK GDPR)
Information about your To develop our business Necessary for the purposes 1 year after closing your
transactions, wallet and enhance our services of our legitimate interest account
balances or usage, and (Art. 6.1(f) of the GDPR and
other information we obtain UK GDPR), which legitimate
through analysis of interest is research and
blockchain information of development (including
from third parties marketing research) and
network and information
security and fraud
prevention
Your email address or other To send you the information Our legitimate interest (Art. For as long as is
contact information if we that your friend/relation 6(f) of the GDPR and UK technologically necessary to
received it through our thinks you are interested in GDPR), which legitimate send the information to you.
referral service interest is direct marketing
To send you further Your consent (Art. 6.1(a) of Until you withdraw your
communications, if you opt the GDPR and UK GDPR) consent
in
To monitor the effect of our Our legitimate interest (Art. 2 years after the referral
referral service 6(f) of the GDPR and UK
GDPR), which legitimate
interest is direct marketing
and to provide our Services
13. CONTACT US
The following table describes which entity (or entities) you are contracting with:
Where you reside Services and/or Payment Banxa entity you are Banxa entity contact Governing
Method contracting information law and
venue
Peru Bank / Wire Global Internet Ventures Level 2, 2-6 Gwynne Victoria,
Pty Ltd Street, Cremorne VIC Australia
3121, Australia
privacy@banxa.com
South Africa Bank / Wire Global Internet Ventures Level 2, 2-6 Gwynne Victoria,
Pty Ltd Street, Cremorne VIC Australia
3121, Australia
privacy@banxa.com
Thailand Bank / Wire – PromptPay Global Internet Ventures Level 2, 2-6 Gwynne Victoria,
– Thai QR Pty Ltd Street, Cremorne VIC Australia
3121, Australia
privacy@banxa.com
Turkey Bank / Wire BNXA Teknoloji Anonim Dikilitas Mahallesi, Istanbul,
Sirketi Ayazmadere Caddesi, No: Turkey
6-1/16, Elit Fulya Plaza,
Besiktas, Istanbul, Turkey
privacy@banxa.com
United Kingdom All EU Internet Ventures B.V. Piet Heinkade 93 B, Amsterdam,
1019GM Amsterdam, Netherlands
Netherlands 70850984
privacy@banxa.com
United Kingdom All (unless expressly BNXA UK VASP Limited1 Cannon Place, 78 Cannon English,
identified elsewhere in this Street, London, England, England and
table) EC4N 6AF Wales
privacy@banxa.com
United States of ACH EU Internet Ventures B.V. Piet Heinkade 93 B, Amsterdam,
America 1019GM Amsterdam, Netherlands
Netherlands 70850984
privacy@banxa.com
United States of Wire Global Internet Ventures Level 2, 2-6 Gwynne Victoria,
America Pty Ltd Street, Cremorne VIC Australia
3121, Australia
privacy@banxa.com
United States of Card EU Internet Ventures B.V. Piet Heinkade 93 B, Amsterdam,
America 1019GM Amsterdam, Netherlands
Netherlands 70850984
privacy@banxa.com
United States of All (unless expressly BNXA USA MTL Inc.2 1 East Liberty Street, Nevada,
America identified elsewhere in this Suite 600, Office 16, U.S.A.
table) Reno, NV USA 89501
privacy@banxa.com
Vietnam Bank / Wire Global Internet Ventures Level 2, 2-6 Gwynne Victoria,
Pty Ltd Street, Cremorne VIC Australia
3121, Australia
privacy@banxa.com
1 BNXA UK VASP Limited has not and will not commence contracting with any persons until (at the earliest) 1 February 2024. Accordingly, all
United Kingdom based persons contracting with Banxa will be contracting with EU Internet Ventures B.V – subject always to clause 20 in Part A
of the Customers T&Cs.
2
BNXA USA MTL Inc has not and will not commence contracting with any persons until (at the earliest) 1 February 2024. Accordingly, all U.S.
based persons contracting with Banxa will be contracting with (depending upon the Services and/or Payment Method) Global Internet Ventures
Pty Ltd or EU Internet Ventures B.V – subject always to clause 20 in Part A of the Customer T&Cs.
Banxa – Privacy and Cookies Policy – 28 December 2023 Page 18 of 22
The Banxa entity (or entities) you are contracting with (each a “Banxa Party”) is the controller of the
personal information processed under this Privacy Policy. However, the Banxa Party may also disclosure
your personal information to other Banxa affiliates and such affiliates may also act as a controller of your
personal information.
If you have any questions about our privacy practices or this Privacy Policy, or to exercise your rights as
detailed in this Privacy Policy, please contact us using the information set forth above.
Financial companies choose how they share your personal information. Federal law gives
consumers the right to limit some but not all sharing. Federal law also requires us to tell
Why?
you how we collect, share, and protect your personal information. Please read this notice
carefully to understand what we do.
The types of personal information we collect and share depend on the product or service
you have with us. This information can include:
■ Name, date of birth, age, nationality, country of residence, gender, occupation,
What? signature, professional details, social security number, and driver’s license or ID
number.
■ Wallet address and wallet transactions
■ Banking information
All financial companies need to share customers’ personal information to run their
everyday business. In the section below, we list the reasons financial companies can
How? share their customers’ personal information; the reasons Banxa chooses to share; and
whether you can limit this sharing.
Reasons we can share your personal information Does Banxa Can you limit this
share? sharing?
For our everyday business purposes— Yes No
such as to process your transactions, maintain your
account(s), respond to court orders and legal
investigations, or report to credit bureaus
For our marketing purposes— Yes No
to offer our products and services to you
For joint marketing with other financial companies Yes Yes
Please note:
If you are a new customer, we can begin sharing your information 30 days from the date
we sent this notice. When you are no longer our customer, we continue to share your
information as described in this notice.
However, you can contact us at any time to limit our sharing.
Who we are
Who is providing this notice? BNXA USA MTL Inc.
What we do
How does Banxa protect my To protect your personal information from unauthorized access
personal information? and use, we use security measures that comply with federal law.
These measures include computer safeguards and secured files
and buildings.
How does Banxa collect my We collect your personal information, for example, when you
personal information? ■ Open an account with us.
■ Use our services.
We also collect your personal information from others, such as
credit bureaus, affiliates, or other companies.
Why can’t I limit all sharing? Federal law gives you the right to limit only
■ sharing for affiliates’ everyday business purposes—
information about your creditworthiness
■ affiliates from using your information to market to you
■ sharing for nonaffiliates to market to you
State laws and individual companies may give you additional
rights to limit sharing. See below for more on your rights under
state law.
What happens when I limit Your choices will apply to everyone on your account.
sharing for an account I hold
jointly with someone else?
Definitions
Affiliates Companies related by common ownership or control. They can
be financial and nonfinancial companies. Our affiliates include
financial companies such as:
■ Banxa Holdings Inc.
■ BTC Corporation Holdings Pty Ltd
■ BNXA USA Holding Inc.
■ BNXA USA MTL Inc.