Effective Date: June 15, 2023
This Privacy Notice describes how Bitkey, its affiliated and associated entities, as further detailed below (collectively, ‘Bitkey’, ‘we’, and ‘us’) collects, uses, discloses, transfers, stores, retains, or otherwise processes your personal data as part of the Bitkey external beta application process.
If you are selected to join the beta after you apply, we will provide you with a separate privacy notice detailing how your personal data will be processed in connection with the product. You will have an opportunity to review the product privacy notice before you decide to participate in the beta.
I. Information Collection & Use
We will collect information about you when you provide it to us directly when you complete the beta application form. The following table provides more information about the different categories and examples of personal data that we process about you:
|Category of Personal Data||Types of Personal Data||Purpose for Processing|
|Identifiers and Contact Information||Name, Email Address||To communicate with you during the application process|
|Identifiers and Contact Information||Country||To ensure we can ship to the country you live in during the external beta and to make sure we invite a balanced mix of international customers to join the beta program.|
|Device Type||Mobile phone make/model and operating system||To invite a balanced mix of iOS and Android customers to take part in external beta and to ensure your mobile phone is compatible with our mobile app given it requires the mobile phone to have NFC to communicate with the hardware device.|
|Profiling Information||Context about your experience with bitcoin, such as your level of experience, how often you buy or sell, and how you currently hold it||To invite a balanced mix of experienced and inexperienced customers to help us shape the product|
All information collected as part of the beta application form is collected with your consent. You are free to withdraw your consent at any time (see section IX. How to Contact Us).
II. When and with whom we share your information
We share your data with the following third parties for the purposes specified in section I of this privacy notice:
|Category of Recipient||Why We Share your Data|
|Our affiliates and group companies||Bitkey is part of Block, Inc. and its affiliates. We have offices and we carry out daily business operations from various locations in Europe and in the United States. We may share your data with our affiliated companies, which we rely on to provide our services for the purposes outlined in this Privacy Notice.|
|Processors (service providers)||We engage trusted service providers which process personal data on our behalf and according to our instructions. Our written agreements set out our mutual obligations and responsibilities, including technical and organizational measures which the processors need to adopt to adequately protect the personal data they process on our behalf. Some of these processors include cloud service providers, which operate the technical infrastructure we use to process and store your data and to deliver our Services; content delivery networks; customer relationship management platforms; customer data platforms; user-testing platforms; shipping vendors; and contractors who help us deliver customer support services.|
|Law enforcement and other public and private agencies||We may share your personal data if we believe that disclosure is reasonably necessary (i) to comply with any applicable law, regulation, legal process or governmental request (e.g., from creditors, tax authorities, law enforcement agencies, in response to a garnishment, levy, or lien notice, etc.); (ii) to establish, exercise or defend our legal rights; (iii) to enforce or comply with our terms of service or other applicable agreements or policies; (iv) to protect our or our customers’ rights or property, or the security or integrity of our Services; (v) for an investigation of suspected or actual illegal activity; or (vi) to protect us, users of our Services or the public from harm, fraud, or potentially prohibited or illegal activities.|
We may de-identify your data, and combine and aggregate your de-identified information with other information in a way that it no longer enables your identification and share that de-identified, aggregated information with other third parties not mentioned above. Such de-identified and aggregated statistics may include demographic data, such as how many applicants reside in a certain country.
Although we disclose your personal information to third parties as described above, we do not sell your personal information.
III. How long we will keep your information
We will store your personal information, in a form which permits us to identify you, for no longer than is necessary for the purpose for which the personal information is processed. We may retain your personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements and rights, or if it is not technically and reasonably feasible to remove it. Otherwise, we will seek to delete your personal information within a reasonable timeframe upon request.
IV. Your Rights
Depending on the jurisdiction in which you reside, you may be entitled under applicable law to request:
- To be provided with access to your personal data held by us;
- To request that your data be transferred to a third party (data portability);
- To request the rectification or erasure of your personal data held by us;
- To request that we cease or restrict processing your data;
- To object to profiling activities based on our own legitimate interests;
- To object to solely automated processing; and
- In addition, where you have provided your consent to our processing of your personal data you can withdraw this at any time. If we process your information on the basis of your consent and you withdraw your consent, this does not affect the lawfulness of the processing prior to your withdrawal.
In order to exercise your rights (including the right to withdraw your consent), you can email email@example.com. We may need to verify your identity before granting access or otherwise changing or correcting your information. You may also designate an authorized agent to make a request on your behalf as permitted under law, though before we process that request, we will require that you provide the authorized agent written permission to do so and verify your identity directly with us.
V. International Data Transfers
We operate in many countries, and we (or our service providers) may move your data and process it outside the country where you live. We use third-party service providers to process and store your information in the United States, Japan, the EU, and other countries. When we transfer your personal data to our affiliates outside the EU, we make use of standard contractual clauses (which have been approved by the European Commission) to help ensure your information is afforded a high standard of protection, and that your privacy rights can be vindicated.
If you wish to obtain further details regarding the contractual arrangements we enter into to protect your personal data when it is transferred outside the EU, you may do so by contacting us at [LINK TO CS FORM]. You can also access the standard contractual clauses approved by the European Commission at: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en.
VI. Data Security
We do a lot to keep your data safe. While we think we have strong defenses in place, no one can ever guarantee that hackers won’t be able to break into our sites or steal your data while it is stored or flowing from you to us or vice versa.
We take reasonable measures, including administrative, technical, and physical safeguards, to protect your information from loss, theft, and misuse, and unauthorized access, disclosure, alteration, and destruction. Nevertheless, the internet is not a 100% secure environment, and we cannot guarantee absolute security of the transmission or storage of your information. We hold information about you both at our own premises and with the assistance of third-party service providers. Your personal information will be accessible by our employees, contractors and service providers who require access for the purposes described in this Privacy Notice.
VII. Note about Children’s Privacy
Our Services are general audience services not directed at children under the age of 18. We do not knowingly collect, share, or sell any information from children under the age of 18.
VIII. Changes to this Privacy Notice
We reserve the right to change this Privacy Notice from time to time, as may be required. We will provide you with reasonable prior notice of any material changes in how we use your information, including by email if you have provided one. If you disagree with these changes, you may cancel your account at any time. Any amendments will be published by posting a revised version of the Privacy Notice and updating the “Effective Date” above. The revised version will be effective on the “Effective Date” listed.
IX. How to Contact Us
If you have any questions or concerns regarding this Privacy Notice, please reach out to us via firstname.lastname@example.org.
Please note that when you make a request to exercise your rights, we may require that you provide information and follow procedures so that we can verify your identity. Where possible, we will attempt to match the information that you provide in your request to information we already have on file to verify your identity. If we are able to verify your request, we will process it.
We will assess any request to exercise these rights on a case-by-case basis. We will respond to your request within the periods required by applicable data protection law. However, we may not always be able to comply fully with your request. We will notify you in that event.