Data protection and the security of transactions are core elements of cryptocurrencies, blockchain technology and their entire global movement. Bitgron values the trust that customers place in us when trading cryptocurrencies and other digital assets on our platform. For this reason, privacy and data security are extremely important to Bitgron. It is very important to us that you feel safe when you visit our website and use our services, as well as in all other business transactions with us. As soon as you use Bitgron's products and / or services, you entrust us with the processing of your personal data. Bitgron wants to offer you the best possible experience with our platform to ensure that you can enjoy using our products and services now and in the future. That is why we want to understand user behavior on our platform in order to continuously improve it. The processing of your personal data is therefore not only necessary for the services we provide, but also to improve user-friendliness.
2. About Bitgron Group
Bitgron UAB and its direct and indirect subsidiaries (hereinafter referred to as “Bitgron” or “Bitgron Group” or “we”) offer through its website www.bitgron.com and its mobile application (“Mobile App”) (together hereinafter referred to as " website" or " platform") services and products in connection with the purchase and sale of cryptocurrencies and other digital assets as well as payment and IT services.
Bitgron UAB with its business address in J. Basanaviciaus 26, Vilnius, 03224, Vilnius, Lithuania, registered in the commercial register of the Tartu County Court Registration Department under Company Code 305951481 is the content provider of the platform and responsible for the offer of cryptocurrencies on it.
Bitgron Group consists of the following companies:
Bitgron UAB: has its business address at J. Basanaviciaus 26, Vilnius, 03224, Vilnius, Lithuania, registered in the commercial register of the Tartu County Court Registration Department under Company Code 305951481 and offers various payment services through the platform www.bitgron.com .
Bitgron GmbH: has its business address at Pappelallee 78/79, 10437 Berlin, Germany, is enrolled in the commercial register of the Amtsgericht Charlottenburg under HRB 154344B and acts as a service provider for the Bitgron Group.
Are minors allowed to use Bitgron's services?
No, Bitgron's products and services are not meant for anyone under the age of 18. Only people of legal age are allowed to use Bitgron's services and register for an account. We therefore do not knowingly collect personal data from minors. So if you are under 18 years of age, please do not use the Bitgron platform and do not provide us with any personal data.
Who is responsible for data processing and who can you contact?
In general, every company in the Bitgron Group is responsible and / or co-responsible within the meaning of Art 4 para 7 GDPR and is therefore in charge of the processing of personal data in connection with the services provided by the respective company (for the various services see Point 2).
Due to the high data security standards in the Bitgron group, Bitgron considers it necessary to execute a group-wide uniform data protection strategy. Bitgron UAB therefore acts as the central point of contact for all data protection issues relating to all services that the Bitgron Group offers via the platform or the Mobile App.
If you have any questions regarding the processing of your personal data and the exercise of your rights under the GDPR, you can contact our data privacy team: [email protected]
Please note that we require additional identification data from you for certain inquiries (e.g. Passport, ID card, etc.) in order to ensure that your personal data is only passed on to you.
6. Data categories and sources:
What personal data do we process and what sources does the data come from?
We process the personal data that we receive from you as part of the business relationship and use of our website. In addition, we may process data that we receive within the Bitgron Group and data that we have received from credit agencies, debtor directories, business analysis providers and from publicly accessible sources (e.g. commercial register, register of associations, land register, media, sanction lists).
When using Bitgron's services or interacting with Bitgron, the following personal data might be processed:
Contact data: when creating a new user account or communicating with Bitgron, we may process, for example: name, address, telephone number, e-mail, date of birth, photo for the account, etc.
Verification data: if an account is verified, also depending on the verification level, we may therefore process, for example: screenshots of national identity documents such as passport, driver's license, ID card and identification data from these documents, utility bill details for residence verification, data about the status of political exposed persons, video data from the video authentication procedure, biometric data for verification (see point 8), etc.
Financial data: in the context of purchase and sale transactions, we might process, for example: bank details (IBAN, BIC), information about the payment service provider, payment details, transaction-ID, etc.
Log data: during activities on the website, we might process, for example: IP-address, transaction data, deposit and withdrawal address, computer or mobile device information, frequency, time, operating system, browser type, device type, unique device identification number, identification cookies (e.g. for the Affiliate - and Tell-a-Friend program), optionally form data, crash reports, performance data, third-party cookies, etc.
Mobile app data: when using the mobile app, we might process, for example: IP address, transaction data, deposit and withdrawal address, information on mobile devices, frequency, time, operating system, browser type, device type, unique device identification number, optional form data, crash reports, performance data and only with your express consent, data from: camera, microphone, storage, phone (read SMS confirmation).
Company data: if you use a business account, we might process, for example: commercial register reports, data of or concerning beneficial owners, records or additional information about recent, past or planned business activities, other data required to determine / validate the structure, the beneficial ownership or any power of attorney from the company, etc.
Details to and proof of funds: if proof of funds is required, we might process, for example: banking statements or other data provided by banks or financial institutions, sales contracts or contracts in general, or other suitable data to prove or determine the origin of the funds, if the daily / monthly or general limits on Bitgron are exceeded. In order to determine the purpose of the Customer for the use of the above-mentioned services or the trading volume, additional information about the recent, past or planned business or personal activities of business or private customers or other data may be processed to determine the intentions of the Customer as requested by Bitgron or provided by the Customer.
Support inquiries: if you contact our support, we might process, for example: personal data transmitted to the support team when you send a request to the Bitgron’s support team or any other member of the Bitgron team.
Photo, video and audio data: when we attend or organize events or fairs or conduct interviews with people, we may take photos and other recordings of such events and process photo, video and audio data. However, we will always inform you separately about such recordings.
Hiring data: if you apply for a job on our website or via LinkedIn, we may process data that is necessary for the recruitment process, for example: contact details, curriculum vitae, qualifications, police clearance certificate, credit report, national identity documents such as passport, driver's license and the data from all of these documents, links to your portfolio or social media platforms, etc.
7. Purpose and legal basis for using personal data:
For what purposes and on what legal basis do we process your personal data?
All processing is carried out in accordance with the GDPR and the Lithuanian Data Protection Act. We process your personal data on the basis of at least one of the legal bases mentioned below. If Bitgron requests the provision of other personal data not described above, this data as well as the purpose and legal basis for the collection and processing will be communicated to the Customer at the point of collecting the personal data.
7.1. For the performance of contractual obligations (Art 6 para 1 lit b GDPR):
Processing of personal data may be necessary to perform the contract with you or to take steps at your request prior to entering into a contract. Such contractual obligations include, for example, the following data processing operations:
- general provision of our services, all tasks necessary for the operation, performance and administration of Bitgron and its platform;
- account management (e.g. continuous updating of Customer data);
- execution of your orders (e.g. payment processing, chargebacks, proof of purchase and sale);
- performance of the Affiliate program and the Tell-a-Friend program;
- Customer service and support requests (e.g. contacting us about complications, Intercom / Zendesk);
- video authentication process if you register for an account on our website (verification of identity);
- analysis and improvement of the quality of the platform and the general user experience (e.g. performance monitoring on the platform);
- data security and IT security on our website and securing our network (e.g. preventing identity theft and incorrect or suspicious access to our websites);
- data processing and data transmission to precious metals vendors for the transferral of ownership of precious metals to you in accordance with your order;
- recruiting process for new employees.
7.2. For compliance with legal obligations (Art 6 para 1 lit c GDPR):
Processing of personal data may also be necessary to abide by various legal obligations (examples for legal obligations). Such legal obligations include, for example, the following data processing operations:
- contract management, accounting and invoicing;
- compliance and risk management;
- Know-Your-Customer measures such as video authentication procedures (identity verification) and proof of funds;
- monitoring to prevent fraud, misuse (e.g. for illegal purposes), money laundering and terrorist financing;
- providing information to fiscal criminal authorities in the context of fiscal criminal proceedings or for prosecution according to official orders;
- consulting credit agencies to determine creditworthiness and default risks.
7.3. To protect legitimate interests (Art 6 para 1 lit f GDPR):
Where necessary, data processing can occur beyond the performance of the contract to ensure the legitimate interests of Bitgron or a third party. Such a legitimate interest includes the following data processing operations:
- prevention of fraud, misuse (e.g. for illegal purposes), money laundering and terrorist financing;
- risk management and risk minimization, e.g. through inquiries to credit agencies, debtor directories or providers of business analysis;
- identification and examination of potentially incorrect or suspicious business cases and access to our websites (e.g. website analysis via Sift Science);
- data transfer within the Bitgron group for internal administrative purposes;
- account management and processing of general Customer requests and inquiries;
- measures to protect our Customers and Partners as well as to ensure network and information security; also measures to protect our employees, Customers and Bitgron's property, e.g. through video surveillance and external data centers and service providers;
- processing of inquiries from authorities, lawyers, collection agencies in the context of legal prosecution and enforcement of legal claims in the context of legal proceedings;
- market research, business management and further development of services and products;
- processing of statistical data, performance data and market research data via the website, the Mobile App or social media platforms (e.g. Facebook, Instagram, LinkedIn, YouTube etc.);
- direct marketing and advertising (e.g. implementation of marketing strategies, targeting of Customers, dispatch of vouchers, advertisement from Bitgron and its partner companies);
- use of audio, video and photo data from public spaces (e.g. public events, fairs, etc.) for marketing and other representing purposes on our social media channels or our website;
- performance monitoring of the Affiliate program and the Tell-a-Friend program.
7.4. Based on your consent (Art 6 para 1 lit a GDPR):
If you have given us your consent to the processing of your personal data, the processing will only occur for the defined purposes and to the extent agreed in the declaration of consent. A given consent can be revoked at any time without giving reasons with effect for the future if you no longer agree to the processing. With your consent, we process data for the following purposes, for example:
- for the use of all functions of the mobile app (e.g. telephone permission to read the SMS confirmation, camera to scan barcodes, microphone for commands, etc.);
- direct marketing and advertising (e.g., Customer satisfaction surveys, newsletters, sweepstakes, and other advertising communications);
- certain uses of audio, video and photo data (e.g., commercials, interviews, etc.) for marketing and other representing purposes through various channels;
- automated authentication process when you verify yourself using the Onfido Limited’s service (“Onfido”) (identity verification);
- application management system, recruitment process and processing of your application (e.g. voluntary retention of application data for 2 years, data transfer from your social media account when using the "Apply with LinkedIn" tool, see point 11).
Please note that revoking your consent does not affect the legality of the processing carried out on the basis of your consent up to the point of withdrawal.
8. Special categories of personal data:
Does Bitgron process special categories of personal data?
No, in general, Bitgron does not process any special categories of personal data from customers. This includes data that reveal racial or ethnic origin, political opinions, religious or ideological convictions or trade union membership, as well as genetic and biometric data (Art 9 para 1 GDPR). However, there is an exception to this if you voluntarily verify your account using the automated authentication process (Onfido) of our service provider Onfido Limited (3 Finsbury Avenue, London EC2M 2PA).
With this verification method, in addition to the actual verification data (e.g. screenshots of ID documents and identification data from them, place of residence, status of politically exposed persons, video data, etc.), biometric data (e.g. personal data resulting from specific technical processing in connection with the physical, physiological or behavioral characteristics of a person and data for the clear identification of a person, e.g. B. facial images, dactyloscopic data) are recorded. Such processing of biometric data takes place exclusively on the basis of your express consent, which you can revoke at any time.
The biometric data are processed by our processor Onfido Limited exclusively for verification purposes and are completely deleted within 30 days after the identification has been carried out. Bitgron only receives the positive or negative verification result with other verification data and does not process biometric data from Customers itself at any time.
9. Recipients of personal data:
Who receives your personal data?
The protection and confidentiality of your personal information is important to Bitgron. We therefore only transmit your personal data to the extent described below or as part of an instruction at the time the data was collected from you. In addition, personal data that we collect about you will not be sold by us or otherwise passed on to third parties.
9.1. Data transfer within the Bitgron Group:
Within the Bitgron Group, those departments or employees will receive your personal data who need it to fulfill contractual and legal obligations and legitimate interests. We transfer personal data for the purpose of our day-to-day business operations such as account management and other processes you have requested, as well as for the efficient performance of internal administrative activities in a joint manner and for the maintenance and improvement of our products and services.
9.2. Data transfer to processors:
To a limited extent, we also transfer personal data to processors who provide services for us such as video authentication services (e.g. Onfido Limited, Sum And Substance Limited), IT services (Amazon Web Services Inc.), customer support (Intercom / Zendesk Inc.), improvement our website ( BrowserStack, Inc.) ; performance of contracts, account management, accounting, invoicing ( Zoho Corporation Pvt. Ltd. ), application management (Lever Inc.) and sending newsletters. Processors may only use or pass on this data insofar as this is necessary to provide services for us or to comply with legal regulations. We contractually oblige these processors to guarantee the confidentiality and security of your personal data that they process on our behalf.
9.3. Data transfer to public bodies and institutions:
We may also transfer your personal data (i) if we are required to do so by law or in the course of legal proceedings, (ii) if we believe that disclosure is necessary to avoid damage or financial loss, or (iii) in connection with an investigation into suspected or actual fraudulent or illegal activities.
9.4. Data transfer to other third parties:
Joint Controllership: If Bitgron acts together with other parties as joint controller (e.g. processing of data for jointly defined purposes within the Bitgron group), we may provide those parties with personal data if applicable and based on at least one of the legal bases mentioned above under Point 7. In case of a joint controllership, we transfer your personal data only based on a sufficient agreement with our partners (Art 26 GDPR).
10. International data transfer:
Is data transferred to third countries or international organisations?
If we process personal data in a third country (outside the European Union (EU) or the European Economic Area [EEA]) or if this happens in the context of the use of third-party services or disclosure and / or transfer of personal data to third parties, we only transmit personal data to the performance of our (pre)contractual obligations based on your consent, a legal obligation or our legitimate interests. Subject to legal or contractual permissions, we process or have personal data processed in a third country only if the conditions of Art 44 et seq GDPR are met. This means, for example, that the processing and transmission takes place on the basis of special guarantees, such as compliance with a code of conduct or a certification mechanism as well as binding and enforceable commitments from the recipient in the third country to apply the appropriate guarantees for the protection of the data or compliance with officially recognized special contractual obligations, which have been announced by the European Commission (known as "Standard Contractual Clauses").
Please contact [email protected] if you require further information on international data transfer or if you would like to view a copy of the specific safeguards regarding the export of your personal data.
11. Social Media presence:
General: Bitgron maintains social media presences on various platforms (see below) in order to communicate with its active customers, potential customers and interested social media users about Bitgron's services, products and other news. When accessing such social media platforms, the general terms and conditions and the privacy policies of these operators also apply. We would like to point out that user data can also be processed outside of the European Union. This can result in risks for users due to different legal frameworks (e.g. the enforcement of data subject rights could be made more difficult).
As part of the technical process of various social media platforms (e.g. Google, Facebook, Twitter etc.), when you click on a content or a website you are visiting, they find out whether you are logged into your social media account at the same time. This information is collected by social media platforms and assigned to your social media accounts, regardless of whether you click on the content of this platform or not. By logging out of your accounts, you can prevent these companies from associating the collected information with your accounts.
Controller: Bitgron may only process personal data from social media users if they communicate directly with Bitgron via such platforms (e.g. visitors number, posted articles, likes, direct messages, customer inquiries, comments, etc.). In these cases, Bitgron is also responsible for processing the personal data collected thereby. In addition to data processing by us, other providers, in particular operators of social networks and platforms, also process personal user data. We have no influence on this data processing and are not responsible for it - the data processing takes place exclusively in the area of responsibility of the other providers.
For a detailed explanation of the respective processing and the possibilities of objection (opt-out) by providers of social media networks, we refer to the respective privacy policies of the providers (see below). In the case of requests for information and the assertion of data subject rights to data processing by other providers, we point out that these can be asserted with the providers listed below. Only the providers have access to the data of the users and can directly take appropriate measures and provide information.
Our social media pages and channels and links to their privacy policies:
Our social media pages and channels
Facebook Insights: Bitgron maintains a Facebook page and uses the associated analysis tool "Facebook Insights". With this tool, Bitgron receives anonymous statistical evaluations via its fan page (e.g. visitors number, frequency, target groups, etc.). For the processing of personal data in this context Bitgron and Facebook Ireland Limited ("Facebook") are joint controllers (Art 4 para 7 GDPR) and therefore jointly responsible for data processing. There is a corresponding agreement between Bitgron and Facebook in accordance with 26 para 1 GDPR, which can be accessed via this link. However, Bitgron does not store any of this data; the data is only stored by Facebook and processed via Insights. For all questions and inquiries about Facebook Insight, Facebook acts as a single point of contact and can be reached via this link .
What is the legal basis for electronic notifications and how to unsubscribe?
In our e-mail newsletter we inform you about Bitgron's services and products. If you would like to receive our newsletter, you have to register with your email address. We only send newsletters and other electronic notifications with your express consent if you have subscribed to them (double opt-in) or which are recorded when registering for a Bitgron account or if there is a legal basis for this. In the double opt-in procedure, we check whether you are the owner of the specified email address or whether the owner agrees to receive electronic notifications. This procedure serves as proof in the event that a third party misuses an e-mail address by registering for the newsletter without the knowledge of the authorized party.
You can unsubscribe from our newsletter, e.g. by revoking your consent at any time. You can unsubscribe if you are logged into your account and you will also find a link to unsubscribe at the end of each notification. Please note that we will process your personal data until you revoke your consent to the storage of the data so that we can prove the previously given consent to receive the newsletter. The processing of this data is limited to the purpose of a possible defense against claims and you have the right to request the deletion of your personal data.
13. Retention and deletion periods:
How long will my personal data be processed (stored) and when will it be deleted?
If necessary, we store your personal data for the duration of the entire business relationship (from initiation through performance to termination of a contract) and generally for 1 year after the end of the business relationship. Beyond this we retain your data only for a longer period, in accordance with statutory retention and documentation obligations, to defend legal claims or with your express consent.
The retention period is therefore based on the statutory retention periods or limitation periods. According to the Lithuanian Enterprise Code and the Federal Tax Code X years, in accordance with the Financial Market Money Laundering Act Y years ... if data is required as evidence for legal disputes or for as long as there are other legitimate interests in retention.
14. Data subject rights:
Right of access:
You have the right to request confirmation from us as to whether we are processing personal data related to you. When processing personal data related to you, you have the right to receive information from us about the personal data stored about you and to receive a copy of the personal data processed about you within a reasonable period of time. Please use this link if you are logged into your account to make such a data access request.
Right to rectification:
You shall have the right to request the rectification of incorrect personal data concerning you. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed - also by means of providing a supplementary statement.
Right to erasure:
You shall have the right to request Bitgron to delete your personal data if one of the following reasons applies and no further processing is required:
- the personal data are no longer necessary for the purposes for which they were collected;
- you revoke your consent on which the processing was based and there is no other legal basis or an overriding legitimate interest for the processing;
- the personal data have been illegally processed; or
- the deletion of personal data is necessary to fulfill a legal obligation under European Union or Member State law to which the Controller is subject.
Requests for the deletion of personal data must contain the respective ground (Art 17 para 1 GDPR).
Right to restriction of processing:
You shall have the right to request that we restrict processing if one of the following conditions is met:
- you dispute the accuracy of the personal data (the restriction applies for a period of time that enables Bitgron to verify the accuracy of the personal data);
- the processing of your personal data was unlawful and you refuse to delete your personal data and instead request that its use is to be restricted;
- Bitgron no longer needs your personal data for processing purposes, but you need them to assert, exercise or defend legal claims; or
- you have objected to the processing of your personal data and it has not yet been determined whether Bitgron's legitimate grounds outweigh your own.
Right to data portability:
You shall have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format. You also shall have the right to have this data transmitted directly to another controller named by you, insofar as this is technically feasible and the rights and freedoms of others are not impaired. The right to data portability can only be exercised if the processing is based either on your consent or on a (pre)contractual necessity and where the processing is automated. The right to data portability does not apply to processing which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Right to object:
You have the right to object to the processing of your personal data at any time if the processing is based on our legitimate interests. If you object to the processing, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. The objection does not affect the legality of the processing of your personal data based on legitimate interests until you withdraw your consent.
Contact: To exercise any of the above rights, you can send an email to [email protected] or a letter to Bitgron UAB, J. Basanaviciaus 26, Vilnius, 03224, Vilnius, Lithuania. Please note that for such inquiries we need further identification data from you (e.g. Passport, ID card, etc.) in order to ensure that your personal data is only passed on to you.
14. Objection Advertisement:
How can I object to the processing of my data for advertising purposes?
You can also object to any use of your personal data for advertising purposes. Please contact us by email [email protected] if you would like to object in general to the processing of your data for advertising purposes. The objection does not affect the legality of the processing of your personal data based on legitimate interests until you withdraw your consent.
Please note, however, that such an objection will only be made to the Bitgron Group and, even after such an objection, you may still receive advertising about Bitgron from other providers on other websites over which we have no control.
Does Bitgron use my personal data for automated decision-making including profiling?
Bitgron does not use any personal data for automated decision-making including profiling within the meaning of Art 22 GDPR (e.g. decisions that have legal effects on data subjects, or significantly affecting them in any other way that are based solely on automated processing of personal data including profiling).
Is my personal data processed for purposes other than those for which the personal data was collected?
As a general principle of Bitgron, we process personal data only for the purposes for which they were collected. In exceptional cases, however, we may process your personal data that we have collected for another purpose. In this case, before the intended processing, we will inform you of this purpose, the duration of the storage of your personal data, the exercise of data subject rights, the possibility of revoking consent, the existence of a right to complain to the data protection authority, whether the provision of the data was necessary on legal or contractual grounds and possible consequences of non-provision and whether automated decision-making or profiling is carried out.
Which supervisory authority can I submit a complaint to?
You have the right to complain to the responsible supervisory authority if you are of the opinion that your rights under the GDPR have been violated. In Lithuania this is the Data Protection Authority.
18. Declaration of consent:
How do I give my consent and how can I withdraw my consent?
By checking the respective separate box for news and updates by email (newsletter), you expressly consent to receiving electronic communication as described above in point 12.
You have the right to revoke your consent at any time to Bitgron UAB, J. Basanaviciaus 26, Vilnius, 03224, Vilnius, Lithuania, or by email to [email protected]. Please note that if you withdraw your consent, we may no longer be able to offer you all of our services. Withdrawing your consent does not affect the legality of the processing of your personal data based on your consent up to the point of withdrawal.
19. Data Security:
How is my personal data protected?
The security of data is very important to Bitgron and we are committed to protecting the data we collect. We maintain comprehensive administrative, technical and physical measures to protect your personal data from accidental, unlawful or unauthorized destruction, loss, modification, access, disclosure or use. These measures correspond to the highest international safety standards and are regularly checked for their effectiveness and suitability for achieving the desired safety requirements.
For example, we have implemented the following technical and organizational measures:
- SSL encryption on our websites from which we transfer personal data;
- two-factor authentication (2FA) for our platform;
- ensuring the confidentiality, integrity, availability and resilience of our systems and services;
- use of encrypted systems;
- pseudonymization and anonymization of personal data;
- entry, access and transfer control for our offices and systems;
- measures of quick restoring of the personal data availability in the event of a physical or technical incident;
- measures for privacy by design and default on our platform such as preventing user enumeration;
- implementation of procedures for the regular review, assessment and evaluation of the effectiveness of the technical and organizational measures to ensure the security of processing, e.g. our bug bounty program;
- internal IT security guidelines and IT security training courses;
- incident-response management.
Please also make sure that you use two-factor authentication (2FA) for your Bitgron account, treat your access data confidentially and protect your computer from unauthorized access.
21. How to contact us?