1. Introduction

New Bit Ventures Ltd. and/or Cmama CA Inc. (both companies, jointly and severally, shall be referred to as “us“, “we” or “Company“) respect the privacy of our users (each, “you” or “User“) and are committed to protecting the privacy of Users who access, visit, use or engage with our website or any other online services we provide (collectively: the “Services“).

The Company has prepared this Privacy Policy to outline its practices with respect to collecting, using and disclosing your information when you use the Services.

We encourage you to read the Privacy Policy carefully and use it to make informed decisions. By using the Services, you agree to the terms of this Privacy Policy and your continued use of the Services constitutes your ongoing agreement to the Privacy Policy.

The Privacy Policy is a part of the Terms of Service and is incorporated herein by reference.

In this Privacy Policy you will read about, among other things:

• What type of information we collect and our legal basis for its collection
• How we use the information
• With whom we share the information and for what purpose
• International transfer
• Your privacy rights
• For how long we retain the information
• How we protect your information
• Marketing
• Minors
• How to contact us

“You” and “Your” refers to you, the person accessing the Website and which by doing so, accepts this Privacy Policy. Any use of the above terminology or other words in the singular, plural, capitalization are taken as interchangeable and therefore as referring to the same.

2. What type of information we collect and our legal basis for its collection

We may collect two types of data and information from our Users.

The first type of information is un-identified and non-identifiable information pertaining to you, which may be made available or gathered via your use of the Services (“Non-personal Information“). We are not aware of the identity from which the Non-personal Information is collected. Non-personal Information which is collected may include your aggregated usage information and technical information transmitted by your device, including certain software and hardware information about your device (e.g., the device you use, the type of browser and operating system your device uses, language preference, access time and the website’s domain name from which you linked to the Services, etc.), in order to enhance the functionality of the Services. We may also collect information about your activity on the Services (e.g., clicks, actions, online browsing, etc.).

The second type of information is individually identifiable information, namely information that identifies an individual or may with reasonable effort identify an individual (“Personal Information“). Such information may include:

• Account Information: When you sign-up and register to the Services, you will be asked to provide us certain details about yourself. You may register to the Services directly through our website.
  • Registering through our website: When you register to the Services through our website, we may collect from you the following information: full name, email address, phone number, full home address (country, state/province, zip code, city, street, house number), gender, date of birth, ID information (issuing country, number, expiry date, etc.), images of identification documents, images of proof-of-residence (utility bills, bank/credit card statements, government-issued letters), biometric identifiers or biometric information such as images of yourself (selfie photos), information required for our compliance with regulatory Know Your Customer requirements (e.g., contents of KYC Questionnaire and Service Applicant Declaration Form [estimated amount of intended activity, purpose of buying virtual currency, source of the funds used to buy virtual currency, employment status, profession and job title or position, field of activity of employing company or own business, name of employing company or own business, URL to the website of employing company or own business, signature sample, ultimate beneficiary of purchased virtual currency], etc.), as well as any other information you agreed to share with us.
• Voluntarily Provided Information: We may collect information which you provide to us voluntarily. For instance, when you share additional information about yourself through your use of the Services. We may also collect the feedback, suggestions, complaints and reports which you send to us. Please note that we may also collect complaints about you from other Users, which may include your Personal Information.
• Communication Information: We may collect information from your communications with us. For example, when you communicate with us, or respond to communications from us, via email, chat, audio or video calls (“Communications“). We may record and keep all the Communications.
• Device Information: We may collect Personal Information from your device. Such information may include geolocation data, IP address, unique identifiers, as well as other information which relates to your activity through the Services.

For the avoidance of doubt, if we combine Personal Information with Non-personal Information, the combined information will be treated as Personal Information as long as it remains combined.

Processing of Personal Information is necessary for the performance of our contractual obligations towards you and providing you with our services, to protect our legitimate interests and to comply with our legal obligations.

3. How we use the information

We use and share Personal Information in the manners described in this Privacy Policy. In addition to the purposes listed above, the information we collect, which may include your Personal Information, is used for the following purposes:

• To set up your account and to provide the Services;
• To identify and authenticate your access to certain features of the Services;
• To authenticate your identity for the purpose of compliance with regulatory Know Your Customer requirements;
• To communicate with you and to keep you informed of our latest updates;
• To market our website and the Services;
• To perform research or to conduct analytics in order to improve and customize the Services to your needs and interests;
• To support and troubleshoot the Services and to respond to your queries;
• To investigate and resolve disputes in connection with your use of the Services;
• To detect and prevent fraudulent and illegal activity or any other type of activity that may jeopardize or negatively affect the integrity of the Services; and

To investigate violations and enforce our policies, and as required by law, regulation or other governmental authority, or to comply with a subpoena or similar legal process or respond to a government request.

4. With whom we share the information and for what purpose

We do not rent, sell, or share your Personal Information with third parties except as described in this Privacy Policy.

We may share Personal Information with the following recipients: (i) our subsidiaries; (ii) affiliated companies; (iii) subcontractors and other third-party service providers; (iv) auditors or advisers of our business processes; and (v) any potential purchasers or investors in the Company.

In addition to the purposes listed in this Privacy Policy, we may share Personal Information with our recipients for any of the following purposes:
(i) storing or processing Personal Information on our behalf (e.g., cloud computing service providers);
(ii) processing such information to assist us with our business operations;
(iii) performing research, technical diagnostics, personalization and analytics;
(iv) identity verification and fraud prevention services (these recipients include Forter – to learn more about Forter’s data protection practices, please visit https://www.forter.com/service-privacy-policy); and
(v) transmitting promotional and informational materials, in accordance with our marketing policy (see below under “Marketing”).

Please note that some of the recipients are considered as Data Controllers, in respect of the Data Subject’s Personal Data (these recipients include, among others, Worldpay: for more information about Worldpay’s data protection practices, visit https://online.worldpay.com/terms/privacy, or ProcessOut: for more information about ProcessOut’s data protection practices, visit https://www.processout.com/privacy-policy/). 

Please note that for the purposes of identity verification and required regulatory screenings, we utilize certain third party identity verification and authentication services, provided by Au10tix. Au10tix’s collection and use of the information, which includes a copy of a government-issued ID and a photo selfie for biometric comparison, is described in Au10tix’s privacy policy (here https://www.au10tix.com/privacy-notice/) and Au10tix’s biometric data policy (here https://www.au10tix.com/legal/biometric-data-policy/). We do not store or otherwise process any Users’ facial scans. We may access the verification results generated by Au10tix, including relevant identification data disclosed by you.

We may also disclose Personal Information or any information you submitted via the Services if we have a good faith belief that disclosure of such information is helpful or reasonably necessary to: (i) comply with any applicable law, regulation, legal process or governmental request; (ii) enforce our policies, including investigations of potential violations thereof; (iii) investigate, detect, prevent, or take action regarding illegal activities or other wrongdoing, suspected fraud or security issues; (iv) to establish or exercise our rights to defend against legal claims; (v) prevent harm to the rights, property or safety of us, our affiliates, our Users, yourself or any third-party; (vi) for the purpose of collaborating with law enforcement agencies; and (vii) in case we find it necessary in order to enforce intellectual property or other legal rights.

You acknowledge that third-party service providers may use your Personal Information or any information you submitted via the Services for analytics purposes, while ensuring that their processing of such information only results in anonymized and aggregated data.

5. Third-party collection of information

Our policy only addresses the use and disclosure of information we collect from you. To the extent that you disclose your information to other parties via the Services (e.g., by clicking on a link to any other website or location) or via other sites throughout the Internet, different rules may apply to their use or disclosure of the information you disclose to them.

You acknowledge that we are not responsible for the products, services, or descriptions of products or services that you receive from third-party sites or to the content or privacy practices of those sites and that this Privacy Policy does not apply to any such third-party products and services. You are knowingly and voluntarily assuming all risks of using third-party sites to purchase products and services. You agree that we shall have no liability whatsoever with respect to such third-party sites and your usage of them.

6. International transfer

Since we operate globally, it may be necessary to transfer data, including Personal Information, to countries outside the European Union. The data protection and other laws of these countries may not be as comprehensive as those in the European Union − in these instances we will take steps to ensure that a similar level of protection is given to Personal Information, including through adequate contractual measures.

7. Your privacy rights

We respect your privacy rights and therefore you may contact us at any time and request: (i) to access, delete, change or update any Personal Information relating to you (for example, if you believe that your Personal Information is incorrect, you may ask to have it corrected or deleted); or (ii) that we cease any further use of your Personal Information (for example, you may ask that we stop using or sharing your Personal Information with third-parties) or that we remove your Personal Information (subject to any other legal obligation that may require us to keep the information).

However, please note that the exercise of these rights is not absolute and may be subject to other regulatory requirements or our legitimate interests.

If you wish to raise a complaint on how we have handled your Personal Information, please contact us directly at privacy@coinmama.com.

If you are not satisfied with our response or believe we are collecting or processing your Personal Information in discordance with the laws, you can file a complaint with the applicable data protection authority.

8. For how long we retain the information

We retain the information we collect for as long as needed to provide the Services (including aspects of risk management) and to comply with our legal and regulatory obligations, resolve disputes, and enforce our agreements (unless we are instructed otherwise). Retention periods will be determined taking into account the type of information that is collected and the purpose for which it is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable time. Under applicable regulations, we will keep records containing account opening documents, communications, and anything else as required by applicable laws and regulations.

To the extent that we process biometric data (including any biometric information or biometric identifier), we will retain such data only in accordance with the provisions of the applicable laws, and following the satisfaction of the initial purpose of collecting or obtaining such data or following passing 3 years of your last interaction with us (whichever occurs first), we will instruct Au10tix to permanently destroy biometric identifiers associated with you and your biometric information as detailed in Au10tix’s biometric data policy (here: https://www.au10tix.com/legal/biometric-data-policy/).

We may rectify, replenish, or remove incomplete or inaccurate information at any time and at our own discretion.

9. How we protect your information

We take great care of implementing and maintaining the security of the Services and your information. We aspire to continuously employ industry standard procedures and policies to ensure the safety of your information and prevent unauthorized use of any such information. Although we take reasonable steps to safeguard information, we cannot be responsible for the acts of those who gain unauthorized access or abuse the Services, and we make no warranty, express, implied, or otherwise, that we will manage to prevent such access.

If you feel that your privacy was treated in discordance with our policy, or if any person attempted to abuse the Services or acted in an inappropriate manner, please contact us directly at privacy@coinmama.com.

10. Marketing

Your Personal Information, such as your full name, email address, etc., may be used by us, or by our third-party subcontractors to provide you with promotional materials, concerning our Services.

Out of respect to your right to privacy, within such marketing materials, we provide you with means to decline receiving further marketing offers from us. In addition, at any time, you may request to unsubscribe and discontinue receiving marketing offers by sending us a blank message with the word “remove” to privacy@coinmama.com.

Please note that even if you unsubscribe from our marketing mailing list, we may continue to send you service-related updates and notifications.

11. Corporate transaction

We may share information, including Personal Information, in the event of a corporate transaction (e.g., the sale of a substantial part of our business, a merger, consolidation of assets, the sale of an asset, or transfer in the operation thereof) of the Company. In the event of the above, the acquiring company or transferee will assume the rights and obligations as described in this Privacy Policy.

12. Minors

The Services are not designated to individuals under the age of 18. If you are under 18 years old, you should not use the Services or provide any Personal Information to us.

We reserve the right to access and verify any Personal Information collected from you. In the event that we become aware that an individual under the age of 18 has shared any of their information, we will discard such information. If you have any reason to believe that a minor has shared any information with us, please contact us at privacy@coinmama.com.

13. Cookies

We use cookies when you visit our website located at www.coinmama.com, or any other websites, pages, features, or content we own or operate (collectively, the “Site”) to operate and administer the Site, conduct analytics and improve the Site and your experience on it. For more information on our use of cookies, please see the Privacy Preference Center on our Site (by clicking Cookie Settings link found at the bottom of the page).

14. Updates or amendments to the Privacy Policy

We may revise this Privacy Policy from time to time, at our sole discretion, and the most current version will always be posted on our website (as reflected in the “Last Revised” section). In the event of a material change to the Privacy Policy, we may notify you through the Services or via email. We encourage you to review this Privacy Policy regularly for any changes.

Your continued use of the Services, following the notification of such amendments, constitutes your acknowledgment and consent of such amendments to the Privacy Policy and your agreement to be bound by the terms of such amendments.

15. How to contact us

If you have any general questions regarding the Services or the information that we collect about you and how we use it, please contact us at privacy@coinmama.com.

16. Information about us

Our details are as follows:

New Bit Ventures Ltd., company #514907880 – 5 Shoham, Ramat Gan 5251001, Israel;

Cmama CA Inc., OCN #2751183 – 100-55 Albert St., Markham, ON L3P 2T4, Canada.

————————

Last revision: 2 November 2023