Privacy Policy

1. GENERAL INFORMATION

1.1 About the Privacy Policy. This Privacy Policy governs the processing of personal data collected from individual users (“you” and “your”) through the website https://www.bitvalve.com and the related mobile applications and services (collectively, “BitValve”). This Privacy Policy does not cover any third-party applications or software that integrate with BitValve or any other third-party products, services or businesses.

1.2 Data controller. The data controller that is responsible for the processing of your personal data through BitValve is HODLER P.C, 4 Aglaonikis Str. P.C. 15772, Athens, Greece, Commercial Registration Number 166546201000, email: [email protected] (“we”, “us”, and “our”).

1.3 What is BitValve? BitValve is a P2P exchange platform that facilitates the process of buying and selling crypto currencies.

1.4 Important terms. In this Privacy Policy, you will encounter recurrent terms. For your convenience, we would like to explain what such terms mean:

• “Consent” means a freely given, specific, informed and unambiguous agreement to the processing of personal data;
• “Data controller” means the entity that determines the purposes and means of the processing of personal data;
• “Data processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller;
• “Personal data” means any information relating to a natural person who can be
identified, directly or indirectly, by using such information (e.g., name, address, email, and IP address); and
• “Processing” means the use of personal data in any manner, including, but not limited to, collection, storage, erasure, transfer, and disclosure of personal data.

1.5 Your consent to the Privacy Policy. Your use of BitValve is subject to this Privacy Policy. Before you submit any personal data through BitValve, you are encouraged to read this Privacy Policy. In some cases (where required by the applicable law), we may seek to obtain your consent for the processing of your personal data. For example, we may seek your prior consent for the following purposes:

• If we intend to collect other types of personal data that are not mentioned in this Privacy Policy;
• If we intend to use your personal data for purposes that are not indicated in this Privacy Policy;
• If we would like to disclose or transfer your personal data to third parties that are not specified in this Privacy Policy; or
• If we significantly amend this Privacy Policy.

1.6 Cookies. We use cookies on BitValve in order to ensure the full functionality of BitValve. When you visit BitValve for the first time, we may ask you to provide us with your consent to our use of cookies via a cookie consent banner. When we ask you to provide your consent to our use of cookies, you have a freedom not to provide such consent. If you would like to refuse our use of cookies on BitValve, you can do it at any time by declining cookies in your browser or device. Please note that some parts of BitValve may not function properly without cookies. More specifically:

• Cookies used by us: We use cookies for Session management, when you create and use your BitValve account.
• Cookies used by our service providers: We use Google Analytics, the service provided by Google, Inc. (“Google”) to analyse your use of BitValve. Google Analytics generates statistical and other information by means of cookies and we use its services to create reports about your use of BitValve. If you would like to opt out from Google Analytics, you can do so by installing a Google Analytics opt-out browser add-on available at https://tools.google.com/dlpage/gaoptout?hl=en

2. WHAT PERSONAL DATA DO WE COLLECT AND FOR WHAT PURPOSES DO WE USE IT?

2.1 Types of personal data. We comply with data minimisation principles and we collect only a minimal amount of personal data that is necessary for ensuring your proper use of BitValve. The list of the types of personal data that we collect from you is provided in Section 2.3 below.

2.2 Purposes of personal data. We process your personal data only for specified and legitimate purposes explicitly mentioned in this Privacy Policy. In short, we will use personal data only for the purposes of enabling you to use BitValve, ensuring security and compliance of BitValve, maintaining and improving BitValve, conducting research about our business activities, and replying to your enquiries. We will not use your personal data for any purposes that are different from the purposes for which your personal data was provided.

2.3 Overview of types and purposes of your personal data. The table below provides a detailed description of the types of personal data that we collect, the purposes for which we use it, and the legal bases on which we rely when processing personal data.

2.4 Additional data. From time to time, we may receive certain additional data if you participate in a focus group, contest, activity or event, request support, interact with our social media accounts, submit your feedback and reviews or otherwise communicate with us.

Please note that the provision of such data is optional and you may choose what personal data you would like to share with us. We kindly request you to exercise your due diligence when making your personal data publicly available. We will use such personal data to reply to you, provide you with the requested services, or for pursuing our legitimate business interests (i.e., to analyse and improve our business).

2.5 Sensitive data. We do not collect, under any circumstances, special categories of personal data (“sensitive data”) from you, such as your health information, opinion about your religious and political beliefs, racial origins, membership of a professional or trade association, or information about your sexual orientation, unless you decide to provide such sensitive data, at your own sole discretion.

2.6 Failure to provide personal data. If you fail to provide us with the personal data when requested, we may not be able to perform the requested operation and you may not be able to use the full functionality of BitValve, receive the services provided through BitValve, or get our response.

3. NON-PERSONAL DATA

3.1 What non-personal data do we collect? When you use BitValve, we automatically collect certain non-personal data about your use of BitValve for analytics purposes. Such non-personal data does not allow us to identify you in any manner. The non-personal data collected by us includes information about: (i) the type of device that you use; (ii) operating system that you use; and (iii) URL address clicked from BitValve. Please note that de- identified personal data is also considered to be non-personal data.

3.2 Your feedback. If you contact us, we may keep records of any questions, complaints or compliments made by you and the response, if any. Where possible, we will de-identify your personal data. Please note that de-identified personal data is also considered to be non- personal data.

3.3 How do we use non-personal data? We will use non-personal data in furtherance of our legitimate interests in operating BitValve, conducting our business activities, and developing new products and services. More specifically, we collect the non-personal data for the following purposes:

• To analyse what kind of users visit and use BitValve;
• To examine the relevance, popularity, and engagement rate of the content available on BitValve;
• To investigate and help prevent security issues and abuse;
• To develop and provide additional features to BitValve; and
• To personalise BitValve for your specific needs.

3.4 Aggregated data. In case your non-personal data is combined with certain elements of your personal data in a way that allows us to identify you, we will handle such aggregated data as personal data. If your personal data is aggregated or de-identified in a way that it can no longer be associated with an identified or identifiable natural person, it will not be considered personal data and we may use it for any business purpose.

4. MARKETING COMMUNICATION

4.1 Marketing messages. To keep you up-to-date with BitValve, we may send you marketing messages, such as newsletters, brochures, promotions and advertisements, informing you about our new services or new features of BitValve. You will receive such marketing messages or be contacted by us for marketing purposes only if:

• We receive your express (“opt-in”) consent to receive marketing messages (please note that your voluntary subscription to our newsletters and updates substitutes such consent); or
• We decide to send you marketing messages about our new services that are closely related to the services already used by you.

4.2 Opting-out. You can opt-out from receiving marketing messages at any time free of charge by clicking on the “unsubscribe” link contained in any of the messages sent to you or by contacting us directly.

4.3 Informational notices and service updates. From time to time (if we have your email address), we may send you informational notices, such as service-related, technical or administrative emails, information about BitValve, your payments, your user account, privacy and security, and other important matters. Please note that we will send such notices on an “if-needed” basis and they do not fall within the scope of direct marketing communication that requires your prior consent.

5. HOW LONG DO WE KEEP YOUR DATA?

5.1 Retention of personal data. We will store your personal data in our systems only until (i) such personal data is required for the purposes described in this Privacy Policy, (ii) you delete your user account, or (iii) you request us to delete your personal data, whichever comes first. After your personal data is no longer necessary for its purposes and there is no other legal basis for storing it (e.g., we are not obliged by law to store your personal data), we will immediately delete your personal data from our systems.

5.2 Retention of non-personal data. We may retain non-personal data pertaining to you for as long as necessary for the purposes described in this Privacy Policy. This may include keeping non-personal data after you have deactivated your user account for the period of time needed for us to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.

5.3 Retention as required by law. Please note that, in some cases, we may be obliged by law to store your personal data for certain period of time. In such cases, we will store your personal data for the time period stipulated by the applicable law and delete the personal data as soon as the required retention period expires.

6. HOW DO WE SHARE AND DISCLOSE DATA?

6.1 Do we disclose your personal data? If necessary, we will disclose your personal data to the service providers with whom we cooperate (our data processors). For example, we may share your personal and non-personal data with entities that provide certain technical support services to us, such as web analytics, hosting providers, advertising, and email distribution services, or if you explicitly request us to disclose the personal data.

6.2 When do we disclose your personal data? The disclosure of your personal data is limited to the situations when such data is required for the following purposes:

• Ensuring the proper operation of BitValve;
• Ensuring the delivery of the services requested by you;
• Providing you with the requested information;
• Pursuing our legitimate business interests;
• Enforcing our rights, preventing fraud, and security purposes;
• Carrying out our contractual obligations;
• Law enforcement purposes; or
• If you provide your prior consent to such a disclosure.

6.3 Sharing of non-personal data. We may disclose or use non-personal data and de- identified data for any purpose. For example, we may share it with prospects or partners for business or research purposes, for improving BitValve, responding to lawful requests from public authorities or developing new products and services.

6.4 Legal requests. If necessary, we will disclose information about the users of BitValve to the extent necessary for pursuing a public interest objective, such as national security or law enforcement.

6.5 Successors. In case our business is sold partly or fully, we will provide your personal data to a purchaser or successor entity and request the successor to handle your personal data in line with this Privacy Policy.

7. INTERNATIONAL TRANSFERS OF PERSONAL DATA

Some of our data processors listed in Section 6 of this Privacy Policy are located outside the country in which you reside. For example, if you reside in the European Economic Area (EEA), we may need to transfer your personal data to jurisdictions outside the EEA. In case it is necessary to make such a transfer, we will make sure that the jurisdiction in which the recipient third party is located guarantees an adequate level of protection for your personal data (e.g., the recipient is a Privacy-Shield certified entity) or we conclude an agreement with the respective third party that ensures such protection (e.g., a data processing agreement based pre-approved standard contractual clauses).

8. PROTECTION OF PERSONAL DATA

8.1 Our security measures. We put our best efforts to keep your personal data safe and secure. We implement organisational and technical information security measures to protect your personal data from loss, misuse, unauthorised access, and disclosure. The security measures taken by us include secured networks, encryption, SSL, strong passwords, limited access to your personal data by our staff, and anonymisation of personal data (when possible). In order to ensure the security of your personal data, we kindly ask you to use BitValve through a secure network only.

8.2 Handling security breaches. Although we put our best efforts to protect your personal data, given the nature of communications and information processing technology and the Internet, we cannot be liable for any unlawful destruction, loss, use, copying, modification, leakage, and falsification of your personal data caused by circumstances that are beyond our reasonable control. In case a serious breach occurs, we will take reasonable measures to mitigate the breach, as required by the applicable law. Our liability for any security breach will be limited to the highest extent permitted by the applicable law.

9. YOUR RIGHTS REGARDING PERSONAL DATA

9.1 What rights do you have? Subject to any exemptions provided by law, you may ask us to:

• Get a copy of your personal data that we store;
• Get a list of purposes for which your personal data is processed;
• Rectify inaccurate personal data;
• Move your personal data to another processor;
• Delete your personal data from our systems;
• Object and restrict processing of your personal data;
• Withdraw your consent, if you have provided one;
• or Process your complaint regarding your personal data.

9.2 How to exercise your rights? Some of your rights listed above can be exercised through your user account. In all other cases, please contact us by email at [email protected] and explain in detail your request. In order to verify the legitimacy of your request, we may ask you to provide us with an identifying piece of information, so that we would be able to identify you in our system. We will answer your request within a reasonable timeframe but no later than four (4) weeks.

9.3 How to launch a complaint? If you would like to launch a complaint about the way in which we handle your personal data, we kindly ask you to contact us first and express your concerns. After you contact us, we will investigate your complaint and provide you with our response as soon as possible.

10. TERMINATION AND AMENDMENTS

10.1 Termination. This Privacy Policy remains valid until terminated or updated by us.

10.2 Amendments. The Privacy Policy may be changed from time to time to address the changes in laws, regulations, and industry standards. The amended version of the Privacy Policy will be posted on this page. We encourage you to review our Privacy Policy to stay informed. For significant material changes in the Privacy Policy or, where required by the applicable law, we may seek your consent. If you disagree with the changes to the Privacy Policy, you should cease using BitValve.

11. CONTACT US

Please feel free to contact us if you have any questions about the Privacy Policy, our privacy and security practices, or would like to exercise your rights listed in Section 9 of the Privacy Policy. You may contact us by using the following contact details:

Email: [email protected]