“Data Privacy Law” or “DP Law” means data protection law applicable to Bybit, including the EU General Data Protection Regulation 2016/679, its successors or implementing texts. “Personal Data” has the meaning set forth in DP Law. This notice covers our use of your personal data arising from use of the Bybit website (www.bybit.com) as well as registering/subscribing/buying/using our apps, products and services. If you have any questions or need any further clarity, please get in touch. Contact details are set out below in the Contact Us section.
● The types of Personal Data we collect and how it may be used;
● How and why we may disclose your Personal Data to third parties;
● The transfer of your Personal Data within and outside of the European Economic Area (“EEA”);
● Your statutory rights concerning your Personal Data;
● The security measures we use to protect and prevent the loss, misuse, or alteration of Personal Data; and
● Bybit’s retention of your Personal Data.
2. COLLECTION AND USE OF PERSONAL INFORMATION
A. PERSONAL INFORMATION WE COLLECT
We collect the Personal Data you provide directly to us or which we generate when you open a Bybit Account, perform any transactions on the Bybit Platform, or use other Bybit Services or our website. This may include:
● Contact information, such as name, home address, and email address;
● Account information, such as username, password, account settings and preferences;
● Financial information, such as bank account numbers, bank statement, and trading information;
● Identity verification information, such as images of your government issued ID, passport, national ID card, or driving licence;
● Residence verification information, such as utility bill details or similar information;
● Information regarding the way in which you use our services, such as when you use our services and the specific services used; and
● Information relating to communications with us, whether through the Bybit website or via e-mail, over the phone or via any other medium.
We also automatically collect certain computer, device and browsing information when you access the Bybit website or use Bybit Services. This information is aggregated to provide statistical data about our users’ browsing actions and patterns, and does not personally identify individuals. This information may include:
● Computer or mobile device information, including IP address, operating system, network system, browser type and settings; and
● Website usage information.
Finally, we may collect Personal Data from third-party partners and public sources, which include:
● Reputational information;
● Financial information;
● Business activities of corporate customers.
It is important to note that the Personal Data we collect on you when you create an account will be retained for the mandatory retention period set forth by applicable law and as necessary for us to maintain an exhaustive documentation of our operations as required from us as regulated financial sector professionals, even if your account has not been successfully activated (e.g., if account verification has not been completed) or no transaction has been made using it.
We do not collect fingerprints, facial recognition data, or other biometrics, other than photos and/or videos of yourself and/or your photo ID that you submit during our ID verification processes and which may be processed by facial recognition software for that purpose. Where you enable biometric security (such as fingerprint or Face ID login), your biometrics will be handled by your device, not by us.
The Bybit website is using cookies. Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
We use third-party service provider(s), to assist us in better understanding the use of our website. Our service provider(s) will place cookies on the hard drive of your computer and will receive information that we select that will educate us on such things as how visitors navigate around our site, what products are browsed, and general transaction information. Our service provider(s) analyses this information and provides us with aggregate reports. The information and analysis provided by our service provider(s) will be used to assist us in better understanding our visitors’ interests in our website and how to better serve those interests. The information collected by our service provider(s) may be linked to and combined with information that we collect about you while you are using the Platform. Our service provider(s) is/are contractually restricted from using information they receive from our website other than to assist us.
If you want to avoid using cookies altogether, you can disable cookies in your browser. However, disabling cookies might make it impossible for you to use certain features of our website or services, such as logging into your Bybit Account or making transactions. Your use of our website or service with a browser that is configured to accept cookies constitutes an acceptance of our and third-party cookies.
C. HOW WE USE YOUR PERSONAL INFORMATION
We collect and use your information for a variety of reasons. We need some information to enter into and perform our contract, for example your contact and payment details. Some information processing is required by law due to our anti-fraud screening obligations or in the public interest such as making sure we verify our customers’ identities. Some information is processed because you have given your consent to that, which can be withdrawn in your account preferences and settings. Other information we collect and use because we have legitimate business interests to so, having taken into account your rights, interests and freedoms.
We may use your Personal Information to:
● Create and administer your Bybit account and generally for accounting, billing, maintenance of legal documentation and claim and dispute management. Related processing operations are necessary for the performance of a contract with you (or to take steps at your request prior to entering into a contract), and for compliance with legal obligations to which we are subject;
● Process your Bybit transactions. Related processing operations are necessary for the performance of a contract with you and for compliance with legal obligations to which we are subject;
● Verify your identity in accordance with applicable know-your-customer, money laundering and other financial sector legislation or regulations, including as required for compliance with the Bybit Anti Money Laundering policy, as well as address other law enforcement needs as more fully described in our Terms of Service, and generally as required for compliance with legislation and regulations applicable to Bybit;
● Personalise your Bybit Services experience. Related processing operations are necessary for purposes of our legitimate interests (that is, improving our services);
● Analyse Bybit website usage and improve our website as well as website offerings. Related processing operations are necessary for purposes of our legitimate interests (that is, improving and promoting our services);
● Help us respond to your customer service requests and support needs. Related processing operations are necessary for the performance of a contract with you, and for purposes of our legitimate interests (that is, improving our services and offering you the best experience);
● Contact you about Bybit Services. The email address you provide may be used to communicate information and updates related to your use of the Bybit Services.
D. AUTOMATED DECISIONS MAKING
We may make automated decisions on certain matters. For example, we may do this to decide whether we can provide our services to you based on a credit check/risk profiling. Depending on the outcome of the credit check/risk profiling, a decision will be reached automatically as to whether we are able to provide products or services to you based on your credit worthiness.
Other significant automated decision-making that uses your personal data may also be employed, to protect accounts and to uphold our Terms of Service. In particular, if you attempt to access our services from a jurisdiction in respect of which our services are restricted, your account may be automatically restricted. In addition, if the information provided during any identity verification or onboarding process (including self-reported information, information that is derived from your ID document, proof of address, or any other document provided by you, or your IP address or browser location information) suggests that you may be in breach of our Terms of Service or may have provided false or inaccurate information, your account may be automatically restricted. During an account lockout, you may be unable to view your positions, make any trades, or open or close any orders.
API usage and behaviour is monitored in order to protect our systems and to uphold our terms of service. Automated decision-making may be employed to manage your account’s API access or rate limit permits based on your API usage and trading behaviour (this may include limiting or preventing access and activity on your account).
We may also occasionally communicate company news, updates, promotions and related information relating to similar products and services provided by Bybit. We may also administer a contest, promotion, survey or other site features as will be more explained on the website. We shall only do this where you have given us your consent or otherwise where we are permitted to do so under Data Privacy Law in pursuit of our legitimate interests (that is, promoting our services).
We may share personal data with third parties to help us with our marketing and promotional projects, or sending marketing communications.
If you want to opt out of receiving promotional and marketing emails, text messages, post and other forms of communications from us or our promotional partners in relation to which you might receive in accordance with this section, you can best opt out by using one of the following ways:
● Log into your account and update your profile;
● Click 'unsubscribe' at the bottom of an email we sent you;
● contact us at email@example.com to opt out.
If you do opt out of receiving promotional and marketing messages, we can still contact you regarding our business relationship with you, such as account status and activity updates, survey requests in respect of products and services we have provided to you after you reserve from us, reservation confirmations or respond to your inquiries or complaints, and similar communications.
3. RELYING ON OUR LEGITIMATE INTERESTS
To the extent required by law, we aim to carry out balancing tests when significant data processing activities are justified on the basis of our legitimate interests, in particular:
● to provide services you have requested;
● to monitor, improve and protect the services on our website and apps, in particular by looking at how they are used, testing alternatives (e.g. by “A/B testing”, and running “beta” version trials), and by learning from feedback and comments you provide;
● to personalise our website, apps and services;
● by publishing de-identified records of market data, including trading records, for third party monitoring and research purposes;
● to monitor customer accounts to prevent, investigate and/or report misconduct such as spam, misrepresentation, security incidents, market manipulation or crime (such as fraud), in accordance with applicable law, and to cooperate with authorities seeking to do the same;
● to investigate any complaints received from you or from others;
● in connection with legal claims, compliance, regulatory or investigative purposes (including disclosure in connection with legal process or litigation); and
● to invite individuals to take part in market research and beta tests.
4. DISCLOSING AND TRANSFERRING PERSONAL DATA
We may disclose your Personal Data to third parties, legal and regulatory authorities, and transfer your Personal Data outside the EEA, as described below.
A. DISCLOSURES TO THIRD PARTIES
There are certain circumstances where we may transfer your personal data to employees, contractors and to other parties.
● We may also share your information with certain contractors or service providers. They may process your personal data for us, for example, if we use a marketing agency. Other recipients/service providers include advertising agencies, IT specialists, database providers, backup and disaster recovery specialists, email providers or outsourced call centres. Our suppliers and service providers will be required to meet our standards on processing information and security. The information we provide them, including your information, will only be provided in connection with the performance of their function;
● Personal data may be shared with third party participants in our affiliate programme (or any other successor or parallel programme of a similar nature) who referred you to our Website or Service (so they can track successful referrals), and partners for promotions or service integrations. Information on historical trades may also be shared with other trading platforms and exchanges. Personal data may be shared with courts or public authorities if required as described above, mandated by law or regulation, or required for the legal protection of our or third party legitimate interests, in compliance with applicable laws and regulations, and relevant / competent public authorities’ requests.
● We may also share your information with certain other third parties. We will do this either when we receive your consent or because we need them to use your information to provide products or services to you. These include credit reference agencies, anti-fraud databases, screening agencies and other partners we do business with.
Your personal data may be transferred to other third-party organisations in certain scenarios:
● If we are discussing selling or transferring part or all of our business – the information may be transferred to prospective purchasers under suitable terms as to confidentiality;
● If we are reorganised or sold, information may be transferred to a buyer who can continue to provide services to you;
● If we are required to by law, or under any regulatory code or practice we follow, or if we are asked by any public or regulatory authority – for example the Police;
● If we are defending a legal claim your information may be transferred as required in connection with defending such claim.
Your personal data may be shared if it is made anonymous and aggregated, as in such circumstances the information will cease to be personal data. Your information will not be sold, exchanged, or shared with any third parties without your consent, except to provide Bybit Services or as required by law. Bybit’s third-party service providers are contractually bound to protect and use such information only for the purposes for which it was disclosed, except as otherwise required or permitted by law.
B. DISCLOSURES TO LEGAL AUTHORITIES
We may share your Personal Data with law enforcement, data protection authorities, government officials, and other authorities when:
● Compelled by court order, or other legal procedure;
● Disclosure is necessary to report suspected illegal activity;
C. INTERNATIONAL TRANSFERS OF PERSONAL DATA
We store and process your Personal Data in data centres around the world, wherever Bybit facilities or service providers are located. As such, we may transfer your Personal Data outside of the European Union. Some of the countries to which your personal data may be transferred for these purposes that are located outside the EU do not benefit from an adequacy decision issued by the EU Commission regarding protection afforded to personal data in that country. Details of these specific countries can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en. Such transfers are undertaken in accordance with our legal and regulatory obligations and appropriate safeguards under Data Privacy Law will be implemented, such as standard data protection clauses with data recipients or processors approved by competent authorities. A copy may be requested at the address set out in the Contact Us section.
5. YOUR STATUTORY RIGHTS
Depending on applicable law (in particular, whether the laws of the UK or EEA countries apply), you may have the rights as set out below, which can be exercised by contacting us at support@Bybit.com.
● Access: you are entitled to ask us if we are processing your information and, if we are, you can request access to your personal data. This enables you to receive a copy of the personal data we hold about you and certain other information about it to check that we are lawfully processing it. We process a large quantity of information, and can thus request, in accordance with DP Law, that before the information is delivered, you specify the information or processing activities to which your request relates.
● Correction: you are entitled to request that any incomplete or inaccurate personal data we hold about you is corrected.
● Erasure: you are entitled to ask us to delete or remove personal data in certain circumstances. There are also certain exceptions where we may refuse a request for erasure, for example, where the personal data is required for compliance with law or in connection with claims.
● Restriction: you are entitled to ask us to suspend the processing of certain of your personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
● Transfer: you may request the transfer of certain of your personal data to another party.
● Objection: where we are processing your personal data based on legitimate interests (or those of a third party) you may challenge this. However, we may be entitled to continue processing your information based on our legitimate interests or where this is relevant to legal claims. You also have the right to object where we are processing your personal data for direct marketing purposes.
● Automated decisions: you may contest any automated decision made about you where this has a legal or similar significant effect and ask for it to be reconsidered.
If these rights apply, they may however be limited, for example if fulfilling your request would reveal personal data about another person, would infringe the rights of another person or legal entity (including our rights), or if you ask us to delete or change data which we are required by law to keep (or have other compelling legitimate interests in keeping). We will inform you of relevant exemptions we rely upon when responding to any request you make.
6. CRYPTOGRAPHIC HASHES
Users sending Bitcoins or Ethereum or any other virtual currency to this website through the use of cryptographic hashes and keys take full responsibility for the risks involved. By using services offered by Bybit you will automatically accept liability of any loss, damages or implications incurred through the use of this website. Bybit and its owners will not be held liable for any loss of Bitcoin or Ethereum or any other virtual currency.
Users who do not agree can request the return of their Bitcoin or Ethereum or any other virtual currency through the use of a withdrawal once logged in.
7. SECURITY OF PERSONAL DATA
We use a variety of security measures to ensure the confidentiality of your Personal Data, and to protect your Personal Data from loss, theft, unauthorised access, misuse, alteration or destruction. These security measures include, but are not limited to:
● Password protected directories and databases;
● Secure Sockets Layered (SSL) technology to ensure that your information is fully encrypted and sent across the Intercom securely;
● PCI Scanning to actively protect our servers from hackers and other vulnerabilities.
All financially sensitive and/or credit information is transmitted via SSL technology and encrypted in our database. Only authorised Bybit personnel are permitted access to your Personal Data, and these personnel are required to treat the information as highly confidential. The security measures will be reviewed regularly in light of new and relevant legal and technical developments.
You are responsible for keeping your account passcode, membership numbers and pin numbers safe and secure. Do not share those with anyone. If there is an unauthorised use or any other breach of security involving your information, you must notify us below as soon as possible.
8. RETENTION OF PERSONAL DATA
● How long you have been a Bybit member;
● Whether there are contractual or legal obligations existing that require us to retain the data for a certain period of time;
● Whether there is any ongoing legal or financial claim that relates to your relationship with us;
● Whether any applicable law, statute, or regulation allows for a specific retention period; and
● What the expectation for retention was at the time the data was provided to us.
In accordance with our record keeping obligations, we will retain Account and other Personal Data for at least five years (and some up to ten years, as required by applicable law) after an Account is closed.
Where we process personal data in connection with performing an agreement with you, we keep the data for 6 years from your last interaction with us.
Where we process personal data for marketing purposes or with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a record of that request indefinitely, so that we can continue to respect your request in future.
Where we process personal data for site security purposes, we retain it for 3 years.
Longer retention periods may apply, such as where ongoing access to records continues to be important to our defence of legal claims or where we are required by law or regulation to retain information for specific periods.
9. EXTERNAL LINKS
Although our website and apps only look to include quality, safe and relevant external links, users should always adopt a policy of caution before clicking any links to non-Bybit websites or apps. We cannot control, guarantee or verify their contents. They will have their own policies and practices, for example with regard to privacy and personal data, and you should acquaint yourselves with those before further engaging with those third party websites or apps.
Bybit Platform. Hardware and software technologies used by Bybit to provide the Bybit Service as set out in our Terms of Service;
Data Privacy Law or DP Law. Data protection law applicable to Bybit, including the EU General Data Protection Regulation 2016/679, its successors or implementing texts as well as equivalent legislation, which apply to the processing of Personal Data by Bybit.
Personal Data. Information that identifies an individual, such as name, address, e-mail address, trading information, and banking details. Personal Data does not include anonymised and/or aggregated data that does not identify a specific user;