Date of last update: September 1, 2021
SECTION 1: INTRODUCTION
Symbridge is a trade name of Symbridge, LLC (“we”, “us”, “our” and “Symbridge”). Symbridge provides a platform for the exchange of digital assets (the “Platform” and “Services”). We are committed to protecting and respecting your privacy, and place a high priority on maintaining the confidentiality and security of your non-public personal information.
Please read this notice carefully to understand Symbridge’s privacy policies and procedures.
you have any right or rights under:
the General Data Protection Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with regard to the Processing of Personal Data and on the Free Movement of Such Data and Repealing Directive 95/46/EC (“GDPR”); and/or
the UK Data Protection Act 2018 and/or Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016 on the Protection of Natural Persons with regard to the Processing of Personal Data and on the Free Movement of Such Data (United Kingdom General Data Protection Regulation), as amended from time to time, together (“UK DPR”); and/or
the Swiss Federal Act on Data Protection 1992 (“Switzerland DPR”); and/or
the California Consumer Privacy Act of 2018 (“CCPA”);
Collectively (the “Applicable Data Protection Laws”); and
Symbridge has any obligation or obligations under the Applicable Data Protection Laws and/or any other applicable data protection laws and/or regulations in relation to personal data (including special categories of personal data and/or information regarding an individual’s criminal record or alleged criminal activities) of and/or about you. “Personal Data” under the Applicable Data Protection Laws includes any information relating to an individual by which that individual can be identified, directly or indirectly, particularly by reference to an identifier such as the name, identification number, location data or an online identifier of that individual or by reference to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.
SECTION 2: GENERAL
For the purposes of the applicable laws and regulations, Symbridge will act as the “Controller” of your Personal Data for the purposes detailed in Section 4 and 5 and will share your Personal Data in accordance with those purposes with specified third parties as detailed in Section 8 and transfer your Personal Data to third countries in accordance with those purposes as detailed in Section 9. Symbridge will process your Personal Data fairly, lawfully and securely.
SECTION 3: TYPES OF PERSONAL DATA THAT SYMBRIDGE PROCESSES AND HOW IT IS COLLECTED
Symbridge processes Personal Data for the purpose of, or in connection with, providing the Platform. We may process the following kinds of Personal Data:
If you register as a user of the Platform, you will be asked to complete an application which will require you to provide your personal details, including, but not limited to, your name, company name, address, email address, telephone number, bank account details, bitcoin wallet details, trading experience, a proof of identity, and a proof of address;
When you contact us, by email, telephone, or through any contract form provided by us, we may ask you to provide some or all of the information set out in the paragraph above. We keep personally identifiable information associated with your message, such as your name and email address, in order to be able to track our communications with you to provide a high-quality service;
We may collect, store, and use information about your computer, mobile device or other item of hardware through which you access the Platform and your visits to and use of the Platform (including, without limitation, your IP address, geographical location, browser/platform type and version, Internet Service Provider, operating system, referral source/exit pages, length of visit, page views, Platform navigation, and search terms that you use);
We may, from time to time, ask you to complete surveys and give feedback. We use this for research purposes, although you do not have to respond.
While you are browsing Symbridge’s website, we may collect information which can be used to identify your computer and its browser program or any mobile devices that you use to surf the internet. It is collected by installing small text files called “Cookies” and other, similar information technology techniques (which are referred to in this document as “Cookies”). In addition to other functions, when you visit our website(s) again, the Cookies previously stored allow us to recognize your browser. Cookies may store unique identifiers, user preferences, or other information. All information collected through Cookies will be tracked through Google Analytics and stored on our third party marketing cloud Salesforce.
SECTION 4: PURPOSES OF PROCESSING PERSONAL DATA
We will only use your Personal Data when the Applicable Data Protection Laws allows us to. Most commonly, we may use your Personal Data for the following purposes:
To manage and administer the Platform and enable you to use the Platform;
To improve your browsing experience by personalizing the Platform;
To send you technical notices, updates, security alerts and support administrative messages (such as changes to our terms, conditions and policies) and to respond to your comments, questions and customer service requests;
To send you newsletters and other relevant and targeted promotional communications about products, services and events offered by Symbridge and others;
To deal with inquiries, complaints, and feedback from you and our service providers;
To provide third parties with statistical anonymized information about our users;
To publish generic transactional information relating to trades undertaken using the Symbridge platform;
To perform compliance checks;
To send you emails offering you to take part in voluntary polls and surveys (we may use third parties to deliver incentives to you to participate in such polls and surveys, and you may be required to provide your contact details to the third party in order to fulfill the incentive offer) and/or to give feedback;
To analyze and improve the services offered on the Platform;
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; and
Where we need to comply with a legal obligation.
The lawful bases on which we process your Personal Data for the purposes set out above are the following:
We need to use your Personal Data to perform our responsibilities under our contract with you or to take steps at your request prior to entering into a contract.
We have a legitimate interest in processing your Personal Data. For example, we may process your Personal Data to send you marketing communications, to communicate with you about changes to the Services, and to provide, secure, and improve our Services.
We find such processing is necessary to comply with our legal obligations.
SECTION 5: TYPES AND PURPOSES OF PROCESSING SPECIAL CATEGORIES OF PERSONAL DATA
Symbridge may process “special categories of personal data” of individuals, which includes data revealing an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data (such as passport photos and other ID photos) processed for the purpose of uniquely identifying an individual, data concerning health or data concerning an individual’s sex life or sexual orientation.
Symbridge may process the following categories and specific types of personal information belonging to California residents, as enumerated in the CCPA:
Identifiers: Real names, postal addresses, email addresses, passport numbers, social security numbers, and driver’s license numbers or other identification numbers.
Information that identifies, relates to, describes, or is capable of being associated with, a particular individual: Real names, signatures, postal addresses, email addresses, telephone numbers, fax numbers, birth dates, passport numbers, social security numbers, driver’s license numbers or other identification numbers, credit history, bank account details, and other financial and tax-related information.
Characteristics of protected classifications under California or federal law: Age (40 years or older), national origin, citizenship, marital status, race, color, sex, veteran or military status, sexual orientation, religion or creed, medical condition, physical or mental disability, political affiliations or activities, or genetic information (including familial genetic information).
Commercial information: Records and information related to source of funds, source of wealth, investor qualification, financial sophistication, contributions, withdrawals, distributions, account statements, other account-related information, past transactions entered into, meetings with, and visits to, Symbridge, and tax-related information.
Internet or other electronic network activity information: IP addresses, browser types and versions, device identifiers, location and time zone settings, network and/or service providers, operating systems and platforms, page response times and download errors, browsing history, search history, and length of visits to certain pages of websites.
Professional or employment-related information: Professional relationships and background, employment, and employment history.
Symbridge processes such data of individuals for the following purposes, all of which are for the purpose of, or in connection with, the provision the Platform by Symbridge:
To manage and administer the Platform and enable you to use the Platform; and
To comply with all legal and regulatory requirements Symbridge is subject to, including anti-bribery laws and know-your-client checks.
The lawful bases on which we process your special categories of personal data for the purposes set out above are the following:
You have given explicit consent to the processing of your Personal Data for the purposes set out above.
Processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
Processing relates to Personal Data which is manifestly made public by the individual to whom the data relates.
In addition, Symbridge may, where appropriate, process data relating to an individual’s criminal offenses or confirmation of clean criminal record, if permitted and/or required by applicable laws and/or regulations.
SECITON 6: FAILURE TO PROVIDE INFORMATION
Where the provision of your Personal Data is a statutory, regulatory or contractual requirement or a requirement necessary to enter into a contract and you do not provide the Personal Data to Symbridge, Symbridge may not be able to perform, or may have to cease performing, Services for you and you may not be able to continue to use the Platform.
SECTION 7: SOURCES OF PERSONAL DATA
The sources Symbridge collects your Personal Data from may include:
directly from you;
third parties connected with you, including an employer or service provider;
publicly available material.
SECTION 8: CATEGORIES OF RECIPIENTS OF PERSONAL DATA
The categories of recipients of Personal Data processed by Symbridge may also include:
service providers, including providers for Symbridge’s marketing cloud and providers for the Platform;
banks, financial institutions, accountants and/or insurers;
sub-contractors and/or agents of Symbridge;
courts and/or tribunals;
law enforcement agencies;
regulators, other governmental and/or supervisory bodies;
any registrar of a public register;
postal and/or courier services providers; and/or
potential parties Symbridge intends to merge with or sell any part to.
Symbridge may use a qualified third party to perform anti-money laundering checks and other necessary and appropriate checks on you. In order for the third party to do this, Symbridge will disclose documentation containing Personal Data about you, including, without limitation, your proof of identity.
Where Symbridge engages a third party to sub-process any data covered by the Applicable Data Protection Laws or other applicable laws, for one of the purposes listed in sections 4 and 5 above, Symbridge will enter into a contract with that third party which is compliant with Symbridge’s obligations as a controller of the Personal Data under the Applicable Data Protection Laws.
SECTION 9: CROSS-BORDER TRANSFERS OF PERSONAL DATA
Your Personal Data may be stored and processed in any country where we have facilities or in which we engage service providers.
Symbridge servers are based in the United States, and therefore all Personal Data will automatically be transferred to the United States. We may also use outsourced services in countries outside the United States from time to time. Accordingly, your data may be processed outside the United States.
The legal bases for the transfers of Personal Data are as follows:
Transfers of such Personal Data from the EEA to any non-EEA country that is recognized by the European Commission as providing adequate protection for GDPR purposes (the full list of these countries is available here).
Transfers of such Personal Data from the UK to any non-UK country that is recognised by the United Kingdom Government as providing adequate protection for UK DPR purposes.
Transfers of such Personal Data from Switzerland to any non-Switzerland country that is recognised by Switzerland Federal Council as providing adequate protection for Switzerland DPR purposes.
The transfer is necessary for the performance of a contract between you and Symbridge, or the implementation of pre-contractual measures taken at the your request
The transfer is necessary for the conclusion or performance of a contract concluded in your interest between Symbridge and another natural or legal person.
The transfer is necessary for the establishment, exercise or defence of legal claims.
SECTION 10: RETENTION PERIOD FOR PROCESSING PERSONAL DATA
Symbridge shall only retain Personal Data for as long as needed or permitted in light of the purpose(s) for which it was obtained and consistent with applicable laws. The criteria used to determine our retention periods include:
The length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you keep using the Services);
Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); or
Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation, or regulatory investigations).
An individual’s Personal Data will typically be retained by Symbridge for the duration of our provision of Services to you and up to 10 years thereafter unless we believe that such information is or may be otherwise required to be retained for a longer period by any applicable laws or regulations and/or professional or regulatory rules and/or standards to which Symbridge is subject, in which case such Personal Data will be retained for such longer period.
All Personal Data collected will be stored for a minimum of seven years.
SECTION 11: NEWSLETTERS AND OTHER PROMOTIONAL COMMUNICATIONS
If you wish to subscribe to any newsletter published by us or wish to receive other targeted and relevant promotional communications from us, we offer you the option to “opt-in” to this service below by selecting “I AGREE”. If you change your mind and wish to stop receiving any such communications, please click the “unsubscribe” link in any email from us. You can also exercise this right at any time by contacting us at firstname.lastname@example.org.
SECTION 12: ADVERTISING AND ANALYTICS SERVICES PROVIDED BY OTHERS
For more information about interest-based ads, or to opt out of having your web browsing information used for behavioural advertising purposes, please visit www.aboutads.info/choices. Your device may also include a feature (“Limit Ad Tracking” on iOS or “Opt Out of Interest-Based Ads” or “Opt Out of Ads Personalization” on Android) that allows you to opt out of having certain information collected through apps used for behavioural advertising purposes.
SECTION 13: LINK TO OTHER WEBSITES
SECTION 14: DATA SECURITY
We take the security of your Personal Data very seriously. We take all reasonable endeavours to ensure that appropriate security measures are in place to protect your personal data in compliance with our obligations under the Applicable Data Protection Laws.
Symbridge has implemented appropriate personal data security policies and technical measures to protect Personal Data under our control from unauthorized access, improper use, unauthorized modification, unauthorized disclosure or accidental loss. Symbridge has put in place procedures to deal with any Personal Data breach in accordance with their respective legal obligations in this regard.
As part of this, we use Secure Sockets Layer (SSL) certificates to verify our identity to your browser and to encrypt any data you give us.
Unfortunately, the transmission of information via the internet is not completely secure and so we cannot guarantee the security of your data transmitted through the Platform. Any transmission is at your own risk. Once we have received your information, we use strict procedures and security features in an effort to prevent unauthorized access.
SECTION 15: YOUR RIGHTS UNDER THE APPLICABLE DATA PROTECTION LAWS
You have, or may have, the following rights under the Applicable Data Protection Laws in relation to your Personal Data that we process:
Right to information about your Personal Data;
Right of access to their Personal Data;
Right to rectification of their Personal Data which is inaccurate or incomplete;
Right to erasure of their Personal Data (“right to be forgotten”);
Right to restriction of processing of your Personal Data;
Right to data portability of the Personal Data you have provided to Symbridge;
Right to object to the processing of their Personal Data where it is processed for direct marketing purposes or processed by automated means; and
Right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them, or similarly significantly affects them.
If the Applicable Data Protection Laws grant you these rights and you would like to exercise one or more of your rights, you can do so at any time by contacting the Symbridge Compliance Officer at email@example.com to obtain and complete a request form. For your protection, we may only implement requests with respect to the Personal Data associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request.
If you choose to exercise one of your rights to erase, restrict or object to the processing of your Personal Data, Symbridge may be unable to continue to provide Services to you, or the Services that Symbridge can provide may be limited.
We will comply with your request as soon as practicable and within the time period set by the Applicable Data Protection Laws.
Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion.
SECTION 16: CCPA-SPECIFIC RIGHTS
We may collect such categories of personal information directly from you, such as when you complete forms; indirectly from you, such as observing your actions on the Site; and from publicly available sources. More specific information on data collection practices can be found in Section 3.1 of this Policy.
In the preceding 12 months,
We have not sold personal information about California residents, and
We have collected, used, and disclosed to one or more third parties and/or service providers the following categories of personal information for business purposes:
Information that identifies, relates to, describes, or is capable of being associated with, a particular individual;
Characteristics of protected classifications under California or federal law;
Internet or other electronic network activity information; and
Professional or employment-related information.
California residents have the following rights, subject to certain exceptions as set forth in the CCPA:
Right to Notice. You have the right to be notified which categories of personal data are being collected and the purposes for which the personal data is being used.
Right to Access and/or Take Your Personal Information. On receipt of a verifiable request from you, we will disclose:
The categories of personal information we have collected about you;
The categories of sources from which the personal information is collected;
Our business or commercial purpose for collecting or selling personal information;
The categories of third parties with whom we share personal information, if any;
The specific pieces of personal information we have collected about you; and
If we sold or disclosed your personal information for a business purpose:
The categories of personal information about you that we sold and the categories of third parties to whom the personal information was sold, by category or categories of personal information for each third party to whom the personal information was sold; and
The categories of personal information that we disclosed about you for a business purpose.
Right to Say No to the Sale of Personal Data. You also have the right to ask us not to sell your personal data to third parties. You can submit such a request by sending an email to firstname.lastname@example.org.
Right to Delete Personal Data. On receipt of a verifiable request from you, subject to certain exceptions permitted under applicable law, we will:
Delete your personal information from our records; and
Direct any service providers to delete your personal information from their records.
Protection from Discrimination: You have the right to not be discriminated against by us because you exercised any of the CCPA rights described above. This right includes, but is not limited to, protection from discrimination by:
Denying goods or services to you;
Charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
Providing a different level or quality of goods or services to you; or
Suggesting that you will receive a different price or rate for goods or services or a different quality level of goods or services.
Notwithstanding the foregoing, Symbridge may charge different prices or rates, or provide a different level or quality of services, if such difference is reasonably related to the value provided to Symbridge by your data.
California residents that wish to make any requests as listed above (to the extent the CCPA applies), please either call us, toll-free, at (203)-485-5500 or email us at email@example.com. You will need to provide us with enough information to identify you, including proof of your identity and address, and a description of what right you wish to exercise. Please note that you may only make a CCPA access request twice within a 12-month period.
Symbridge will disclose and deliver the required information free of charge within 45 days of receiving your verifiable request. The time period to provide the required information may be extended once by an additional 45 days when reasonable necessary and with prior notice. If you elect to withdraw your consent, or request that Symbridge stop collecting, using, and/or retaining your personal data, we may nevertheless be legally required to retain some or all of your personal data, notwithstanding your request.
Under California law, if you are a resident of California, you are entitled once per year to request and obtain certain information regarding Symbridge’s disclosure, if any, of your personal information to third parties for their direct marketing purposes during the immediately prior calendar year. To make such a request, please send an email to firstname.lastname@example.org with your full name, email address, and postal address in your message. In response to your request, Symbridge will provide you with a notice describing the cost-free means to opt-out of our sharing your personal information with third parties with whom Symbridge does not share the same brand name, if the third party will use it for their direct marketing purposes.
SECTION 17: PROTECTING CHILDREN
Symbridge takes special care to protect the safety of children in accordance to the Children’s Online Privacy Protection Act of 1998. While this website is a general audience website, Symbridge does not permit children under the age of 13 to register or purchase any products or services. Symbridge also does not collect or maintain personal information about children under the age of 13.
SECTION 18: COMPLAINTS
Individuals to whom the Applicable Data Protection Laws apply whose Personal Data is processed by Symbridge have a right to lodge a complaint with the relevant supervisory authority. You may lodge a complaint with a data protection authority for your country or region where an alleged infringement of applicable data protection law has occurred. A list of data protection authorities is available here.
Section 20: Contact details