Home
Services
Business
Support

This Privacy Policy describes how companie constituting exchange24 collect, use, store, share and protect client`s personal information while client uses website www.exchange24.io.

exchange24 only collects the information which is necessary and will not share client′s personal information with any third parties unless it is necessary. Even within exchange24, access to client′s personal information is limited to only those employees who require such information to handle matters relating to compliance, identity verification, fraud prevention and customer support.

exchange24 may change or update this Privacy Policy from time to time. Whenever these changes are made, an updated complete version and/or consolidated version of the Privacy Policy will be uploaded to the exchange24 website www.exchange24.io with the respective date of commencement. If the changes to the Privacy Policy are significant, an overview will be posted in the “News” section at the exchange24 website www.exchange24.io, and a notification will appear when opening the exchange24 website www.exchange24.io each time it is opened from a new device.

1. Definitions

  • Data subject - identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
  • exchange24 - a group of exchange24 companies consisting of: [1] exchange24 incorporated exchange24.io is an EU exchange regulated and licensed by the Estonian Ministry of Economics, The Financial Intelligence Unit (FIU) license number FVR001251;
  • exchange24 website the official website of exchange24, www.exchange24.io;
  • Application form - an online application at the exchange24 website, that the clients fill out and submit to exchange24 in order to open an account at exchange24.
  • Client - a living individual who can be identified, directly or indirectly, in particular by reference to - an identifier such as a name, an identification number, location data or an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the individual, which has opened the exchange24 website;
  • Privacy Policy –the Data Protection and Privacy Policy drafted and issued by exchange24 on the 20 of January 2020 and all of its subsequent amendments;
  • GDPR - REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);
  • Data protection bill - Data Protection Bill [HL] 2017-19 of the United Kingdom;
  • Personal data - any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. exchange24 does not consider personal data to include information that has been anonymised;
  • Processing data - any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  • Order-book - electronic list of anonymous buy and sell orders for a specific Cryptocurrency, organised by price level.
  • Filing system - any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis;
  • Data Controller - exchange24 Ltd, which determines the purposes and means of the processing of personal data;
  • Data protection officer (DPO) - exchange24 has appointed a data protection officer, who will oversee the process of the processing data. The data protection officer is certified by Data State Inspectorate (the Republic of Latvia).
  • Processor - a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
  • Recipient - a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with European Union laws or United Kingdom laws shall not be regarded as recipients; the processing of those data by those public authorities shall follow the GDPR according to the purposes of the processing;
  • Third party - a natural or a legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
  • Consent - any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. By browsing the exchange24 website - www.exchange24.io and by submitting registration forms available at the exchange24 website - www.exchange24.io, the natural person consents to the use of his or her personal data;
  • Video call - a conversation between a client and representatives of exchange24. This conversation is recorded and both the video and voice records are stored for as long as the client has an active account and up to 5 (five) years after the account is deleted.
  • Cookies (HTTP cookie) - a small piece of data sent from exchange24 website and stored on the client′s computer by the client′s web browser while the client is browsing exchange24 website. This allows exchange24 to identify its clients and provide a customised exchange24 experience.

2. PERSONAL DATA COLLECTED BY exchange24

2.1. When a client creates a exchange24 account, exchange24 collects important details about the client - his/her name, surname, address, phone number, e-mail, birth date, IP address.

2.2. In order to process fiat currency payments, exchange24 will collect more information about the client, one being bank account details - IBAN/BIC numbers. At this stage also, an identification document (passport or ID card) will be required. exchange24 will store these documents in accordance with this Privacy Policy, the GDPR and the Data Protection Bill. As the clients upgrade their accounts for higher trading limits they will be asked to provide additional information.

2.3. In cases when exchange24 needs to request more information to verify the client′s identity or to meet legal and regulatory obligations, the client will be asked to provide additional information and/or documentation, which will be stored and processed in accordance with this Privacy policy, the GDPR and the Data Protection Bill.

2.4. exchange24 retains its rights to invite the client to participate in a video-call between the client and exchange24. These video calls will be conducted exceptionally. The video call will be no more than 5 (five) minutes long, the sound and image of the video call has to have such a level of quality where the client can be clearly seen and heard. During the time of the video call, the client will have to show his/her identification document (passport or national ID card) and other documents, that he/she has submitted to exchange24 as well as other documents that have been requested by exchange24 in order to confirm the identity of the client and its compliance with Anti-Money Laundering and Counter-Terrorist Financing.

2.5. In some cases (e.g. for the purpose of direct marketing) client`s personal data may be processed based on data client`s freely given and unambiguous consent. Client may easily withdraw his/her consent at any time free of charge.

3. INFORMATION COLLECTED AUTOMATICALLY

3.1. Certain information is automatically collected as a client browse the exchange24 website and submits the application form. This information is used to improve the products, handle customer support issues and protect client′s accounts. This information includes:

  • Device Information: exchange24 collects information about client′s device, including the type of device (computer or mobile device), operating system, browser type and language, and device identifiers (such as IMEI and MAC address).
  • Location Information: exchange24 collects client′s IP address location in order to better protect client`s accounts.
  • Photos: if a client chooses to attach photos to his/her account, exchange24 will save and store these photos for as long as the client has an active account. Once the client asks to delete the account, the photos will be deleted along with the account.
  • Message Content: if a client writes and sends a message with his/her payments, the content of that message is stored and accessible to exchange24.
  • Transactions: exchange24 collects information about client`s payment and trading activities such as the amount/order size, date, time, recipient for each payment.
  • Cookies: like most websites, exchange24 uses cookies. exchange24 uses both session and persistent cookies when a client accesses the exchange24 website or content. Session cookies expire and no longer have any effect when a client logs out of his/her accounts or close his/her browsers. Longer lasting cookies, known as persistent cookies, remain on client′s browser until they are erased or they expire. Each client is free to decline these cookies if client′s browser or browser add-on permits. The help section of most browsers or browser add-ons provide instructions on blocking, deleting or disabling cookies.

4. PROTECTION OF PERSONAL DATA

4.1. exchange24 protects client′s personal data using physical, technical, and administrative security measures to reduce the risks of loss, misuse, unauthorised access, disclosure and alteration. Some of the safeguards exchange24 uses are firewalls and data encryption, physical access controls to its servers, and information access authorisation controls. In order to better secure client′s information and ensure that it is used for the purposes contemplated by this Privacy Policy, certain personal data may be stored with exchange24′s third party partners and service providers. All of exchange24′s physical, electronic and procedural safeguards are designed to comply with applicable laws and regulations.

4.2. In exceptional cases, the data that exchange24 collects may be transferred to places outside the European Economic Area (EEA). It may also be processed by authorised data processors operating outside the EEA who work for exchange24 or one of its service providers (including affiliate entities of exchange24). These processors may be engaged in the fulfilment of services provided by exchange24 and/or the processing of client data and the provision of support services. By submitting personal data, a client agrees to this transfer and / or processing. exchange24 will take all steps reasonably necessary to ensure that client`s data are treated securely and in accordance with this Privacy Policy, the GDPR and the Data Protection Bill.

5. USAGE OF PERSONAL DATA

5.1. exchange24 collects information in order to provide clients with a safe and convenient way to access and use exchange24 services. The information collected allows exchange24 to:

  • provide access to the crypto currency exchange platform and process payments;
  • maintain contact with clients through support or other channels;
  • verify client identities so that exchange24 can prevent fraud or unauthorised activity;
  • improve exchange24 and add new products/features by analysing usage trends;
  • personalise the exchange24 experience;
  • fulfil any other purpose for which the information was collected;
  • comply with regulatory obligations.

    • exchange24 will not sell or rent client′s personal information to third parties. exchange24 may combine the information received from clients with information exchange24 collects from other companies and uses it to improve and personalise the Services, content and advertising.

6. SHARING OF PERSONAL DATA

6.1. In order to provide clients with exchange24 services and meet legal and regulatory obligations, exchange24 may share the collected information as detailed below:

  • exchange24 will share client′s bank account information with payment service providers in order for the payments to be processed.
  • In order to prevent fraud, exchange24 might need to share client′s information with third party identity verification services. This will allow exchange24 to make sure the clients do not hide their identity, by comparing the information the client has submitted to public records and other thirdparty databases.
  • In order to improve exchange24′s functionality, anonymised data can be shared with service providers that helps exchange24 to analyse how people are using its services.
  • As a financial institution, exchange24 may need to share client′s information with law enforcement or government officials. exchange24 will only do this when compelled to do so by law or formal request, or otherwise believe in good faith that exchange24 needs to share such information to prevent physical harm, financial loss, or are obligated to report illegal activity.
  • In order to complete third party financial, technical and legal audits of exchange24 operations, there might be an obligation for exchange24 to share information about client accounts as part of such review.
  • If exchange24 merges with or gets acquired by another legal entity, it will have access to information provided by the clients. In such circumstances, exchange24 will ensure that the new entity follows this Privacy Policy, the GDPR and the Data Protection Bill and will notify all clients of any such changes.
  • exchange24 will share client′s personal data with exchange24 affiliated entities as necessary in order to provide a client with the best possible product and customer support.
  • exchange24 can share personal data with other third parties, only in case when the client has explicitly authorised exchange24 to do so.

7. SHARING WITH OTHER exchange24 USERS

7.1. Orders and trades are matched on the exchange24 crypto currency exchange platform on anonymous basis. Therefore, exchange24 will not disclose buyer`s and seller`s identities to each other.

7.2. exchange24 may introduce new features and services which require sharing client′s personal information, e.g. payments between exchange24 clients. In that case, exchange24 will notify all of its clients before activation such new services.

8. CHANGING OR DELETING ACCOUNT INFORMATION

8.1. If a client needs to add or change any information (for example, personal contact information), it can be done by logging into his/her exchange24 account and making any necessary changes to the account details. Certain details - a client`s name, surname, financial information etc. - can only be changed through exchange24 client support ([email protected]).

8.2. Each client has the right to ask for a copy of all of his/her personal data which are processed by exchange24. In that case a client will receive a complete extract, except where otherwise provided by regulatory enactments.

8.3. When a client decides to terminate his/her account at exchange24, a request has to be sent to exchange24 support. An account can only be deleted when done by exchange24. As a financial institution, exchange24 is obliged to retain a part of the personal information submitted by the client; such information includes all the personal information a client has submitted to exchange24 or exchange24 has received during legal relations between exchange24 and a client, for example: a client`s name, surname, personal code or personal identity number, passport data etc. This information has to be stored for at least 10 (ten) years, in order to comply with the requirements stipulated in the legal acts of the Republic of Latvia.

8.4. Once per year exchange24 can provide the information about processing of data subject`s personal data free of charge after receiving an information request sent to [email protected]. If data subject applies more than once per year, or if data subject`s request is groundless, repetitive or disproportionate, exchange24 may charge a reasonable fee based on administrative costs. exchange24 may ask data subject to provide the proves for verification of data subject`s identity (e.g. identification document). exchange24 also may ask data subject to clarify data subject`s request in order to speed up exchange24 response. exchange24 replies to data subject`s request within 30 (thirty) days since receipt of data subject`s application; this term may be extended if data subject`s request is complicated or if data subject has submitted a lot of requests (in such case exchange24 will inform data subject about the delay of the response).

9. QUESTIONS AND COMPLAINTS

9.1. exchange24 has appointed Data protection officer (DPO). And in case of any questions or concerns related to data subjects` personal data, data subjects can easily contact Data protection officer by e-mail: [email protected]. exchange24 commits to resolve complaints about the collection and/or use of personal data. Inquiries and/or complaints from clients regarding this Privacy Policy or a treatment of personal data and information has to be addressed to either to the exchange24 DPO ([email protected]) or exchange24 support ([email protected]).

9.2. exchange24 appreciates for data subjects` feedback and kindly asks data subjects to submit their concerns related to protection of personal data to exchange24 Data protection officer ([email protected]). exchange24 assures that will thoroughly investigate all the incidents of possible non-compliance with this Privacy Policy and legal acts and will adopt all the necessary risk remediation measures to ensure the maximum protection of data subjects` personal data. If exchange24 doesn′t manage to solve the dispute, data subject also may submit the official complaint to the supervisory authority licensed by the Estonian Ministry of Economics, The Financial Intelligence Unit (FIU) license number FVR001251.

Sign up to our newsletter and keep track on our platform updates and news
Try with as little

Terms and conditions
AML and KYC
Privacy Policy
©2022 Exchange24