🔒Privacy Policy
PRIVACY POLICY
EFFECTIVE DATE: May 9, 2023
This Privacy Policy (this “Policy”) applies to the crypto assets trading platform (including any applicable mobile applications and websites used to access the same) (collectively the “Platform”) provided by Virtual assets service provider (the “VASP”) iDAX Limited Liability Company (the “Company,” “we,” “us” or “our”). It describes how the Company collects, uses, and discloses Personal Information that we obtain from Users of the Platform and any account services provided through the Platform, and how we use and disclose that information. For purposes of this Policy, “Personal Information” refers to information supplied by a User from which the identity of such User may be directly or indirectly determined. By registering for and using the Platform, you agree that your Personal Information will be handled as described in this Policy and the Terms and Conditions applicable to the Platform (the “Service Agreement”);
WHO WE ARE (IDENTITY OF COMPANY)
idax Limited Liability Company (Registration number: 6803016) is an authorized Virtual asset service provider in accordance with Resolution No.504 dated September 21, 2022 of the Financial Regulatory Commission of Mongolia, under the Law on Virtual asset service provider. Legal address is 17th floor, Central Tower, Sukhbaatar district, Ulaanbaatar, Mongolia, 14200.
THE INFORMATION WE COLLECT ABOUT YOU
We collect and process Personal Information about you directly from you when you register to use the Platform or submit such information as a part of the Know-Your-Client (“KYC”), as well as automatically through your use of the Platform.
When you use the platform, it will record information about your browser and computer, including, but not limited to, data concerning your IP address, the type of browser, the language in which you are using, the date and time of access, hardware and software features, and web pages and history that you require.
We may collect your data through automated means, such as tracking your use of our website, application, and services. Please also refer to the Cookie Notice.
We also collect your data from third parties who are either entitled or required to disclose that information to us under applicable law, such as:
third parties you have a legal or personal relationship with, your transaction partners, and other parties related to you;
our cooperation partners and third-party vendors, service providers, contractors or agents who perform functions on our behalf;
financial institutions and other virtual asset service providers;
state registers and regulatory authorities;
other public sources (public blockchain, social media profiles, media articles);
INFORMATION WE COLLECT DIRECTLY FROM YOU
Categories of personal data | Examples |
Personal identification information | First name, Middle name, Last name, country, country of birth, gender, nationality, Legal name, age, citizenship identity document details, passport details, facial image |
Contact details | Email address, phone number, home or work address, information on a utility bill, or another document serving as proof of address |
Regulatory status data | PEP status, sanction status, and other relevant information available in open source |
Tax data | Tax residence and related documentation, tax identification number (TIN), tax declarations and payments, tax arrears |
Financial data | Your annual income level, liquid net worth, estimated net worth, source of funds, and source of wealth and whether you have had the opening of an account declined by another financial institution |
Payment instrument data | Bank/payment account number, card details (type, term of validity, status, limits, number), virtual asset wallet/account identifier, data about operations with the payment instrument (e.g., suspension, seizure) |
Transaction data | Type of transaction (fiat currency, virtual asset), currency, time, amount, data on counterparties, data on contested or canceled transactions, blockchain addresses, public keys |
Customer activity data | Status, the purpose of the business relationship, records of our communications with you, log-in and authentication data, activity in the use of the services, services used, inquiries and complaints |
Online identifiers | Type of device, device identifier, IP address, location, browser data |
Data on offenses | Data on committed offenses or suspicion of offenses, punishment |
Right of representation data | Data on a power of attorney or another authorization document |
Third-party relationship data | Relationships with parties involved in the provision of services (payment counterparty, company, beneficiary), relationships with politically exposed persons or sanctioned individuals/entities |
Data on official inquiries | Data related to inquiries of competent state and local authorities, courts |
We collect information you give us during any support and feedback communications via email or when you contact us through contact forms on the Platform. We use this information to respond to your inquiries, provide support, facilitate transactions, and improve our Platform.
Please note that if you are acting as an Authorized Individual on behalf of a User and are providing Personal Information for such User, you are responsible for ensuring that you have all required permissions and consents to provide such Personal Information to us for use in connection with the Platform and that our use of such Personal Information you provide to the Platform does not violate any applicable law, rule, regulation or order.
WHY WE PROCESS PERSONAL DATA
We generally process your data based on your consent, the legal relationship between you and us, applicable statutory requirements, and our legitimate interests, as applicable.
We mainly need to process your data to provide our services to you, that is, to enter into a business relationship with you and fulfill the agreement(s) entered into between you and us. Such processing includes the necessary steps we need to take before we decide to enter into an agreement with you (such as identifying you and verifying the accuracy of the data you provide) by applicable laws and regulations. While in a business relationship, we also process personal data for administering the customer relationship and processing support requests and complaints.
As a highly regulated entity, we are also required to process personal data to comply with the applicable AML/CFT and sanctions laws and regulations, including the obligations to apply due diligence measures and monitor the business relationship.
Furthermore, we process your data to comply with our other statutory obligations (e.g., VASP regulation, auditing, financial reporting). We may process your data for these purposes regardless of your consent, but where we rely solely on statutory obligations as the basis for processing your data, we undertake not to process such personal data for other purposes.
Processing of your data may also be based on our legitimate interests, regardless of your consent. You may contact us if you want more information about our legitimate interests in processing your data. For example, we have a legitimate interest in processing your data in the following situations:
We process the data received from your use of our services to improve our website and product offering, conduct market analysis and research, education and training programs for our staff, and plan and forecast business activities.
We process personal data for risk management purposes. We have a legitimate interest in and are required by applicable regulatory requirements to hedge and manage the risks we encounter in our day-to-day operations.
If we’re being offered to buy products or services or enter into any other sort of cooperation (including if you apply for a job with us), we may process personal data to do our due diligence and take measures to hedge regulatory, reputational, legal, financial, and other risks.
We have a legitimate interest in ensuring protection against legal disputes and exercising and defending our legal rights in court or extra-judicially, and we may process your data for that purpose.
We may also process personal data for quality assurance and proper and secure operation of our platform.
We may use profile analysis and/or automated decision-making if necessary for entering into a business relationship with you or allowed/required by applicable law (e.g., AML/CFT and sanctions laws and VASP regulations).
HOW WE USE YOUR PERSONAL INFORMATION
Compliance with laws and regulations: Most of our services are subject to laws and regulations, requiring us to collect, use and store your personal information in specific ways. For example, we must identify and verify customers that are using our services comply with cross-jurisdictional anti-money laundering laws. This includes collecting and storing photos of your ID. We will have to close your account if you do not provide the personal information as required by law.
Enforce the terms of this agreement: We actively monitor, investigate, prevent and mitigate any potential prohibited or illegal activities, enforce our agreements with third parties, and prevent and inspect violations of this Agreement. In addition, we may need to charge you for your use of our services. We collect information about your account usage and closely monitor your interactions with our services. We may use any personal information we collected about you for these purposes.
Detection and prevention of fraud and/or loss of funds: We process your personal information to help detect, prevent and reduce fraud and abuse of our services, and to protect your account security.
Provide services: We will require access to your personal information to provide you with services. For example, when you wish to use the OTC service on our platform, we will require specific information such as your identity, contact information, and payment information, or we cannot provide you with services without such information. Third parties such as identity verification service providers may also collect your personal information when providing identity verification and/or fraud prevention services.
Provide service communication: We will send you management or account-related information to let you know about the latest information about our services, to notify you of related security issues or updates, or to provide other trade-related information. Without these communications, you may not be aware of the important developments related to your account, which may affect your use of our services. You cannot choose to refuse to receive critical service communications, such as emails or text messages sent for legal or security purposes.
Provide customer care: We will access to your personal information when you contact us to resolve any issues. We will not be able to respond to your request and ensure that you use the service uninterrupted if you do not process your personal information.
Ensure network and information security: We will process your personal information to improve security, monitor and verify your identity and access to our services, combat spam or other malicious software or security risks, and comply with applicable security laws and regulations. We must obtain timely and accurate information about how you use our services. We may not be able to ensure the security of our services if you do not process your personal information.
For research and development: We will access your personal information to better understand how you use and interact with our services. In addition, we will also use this information to customize and improve the content and layout of our services, as well as to develop further services. We may not be able to ensure that you will be able to continue to enjoy our services if you do not process your personal information.
Enhance your experience: We will access your personal information to provide you with a personalized experience and to fulfill your needs. For example, you can allow us to access certain personal information stored by third parties. We may not be able to ensure that you can continue to enjoy some or all of our services if you do not process your personal information.
To facilitate company acquisitions, mergers or trades: We may access any information about your account and your use of our services in the event of a corporate acquisition, merger or other corporate transaction. If you do not wish for your personal information to be processed for these purposes, you may choose to close your account.
Engage in marketing activities: We may send you marketing communications (such as emails or text messages) to inform you about our events or the activities of our partners, to provide targeted marketing, and to offer you promotional offers. Our marketing strategy will be based on your advertising and marketing preferences and as permitted by applicable law. If you do not wish for us to send you marketing information, please submit a request to our Customer Service at support@dax.mn
For any other purpose: We may disclose your personal information for any purpose that you have consented to.
Company will not provide, sell, lease, share or trade your personal information to any unrelated third party, unless we have obtained your prior consent, unless the third party and company (including our affiliates) individually or jointly has provided the service to you, and after the end of the service, the access to such information, including all information that was once previously accessible, will be denied. Company also does not allow any third parties to collect, edit, sell or distribute your personal information by any means. If any company user engages in the above activities, upon discovery, the company has the right to terminate the service agreement with the user immediately.
If you are not a natural person with full capacity for civil rights and civil conduct, you are not authorized to use the service. Henceforth, we hope that you do not provide any of your personal information.
DISCLOSURE OF INFORMATION
We may forward your data to the following categories of third parties:
financial institutions, virtual asset service providers, and other cooperation partners and organizations related to the services we provide or make available (such as our banking partners, the card issuer, service provider, our Co-Brand Partner through whom you access our services, the virtual asset service provider of a counterparty to a virtual asset transaction, etc.) – to fulfill the agreement we entered into with you and, in some cases, to comply with our legal obligations (such as those arising from applicable AML/CFT and sanctions laws and regulations);
third-party service providers (e.g., server and cloud service providers, website analytics service providers, mail and other communication service providers, other providers of information technology services, identification, screening, monitoring, and accounting service providers, etc.). We transmit your data to these parties to be able to provide our services and fulfill the contract with you, as well as to comply with our legal obligations (such as data retention, AML/CFT, and sanctions laws and regulations);
attorneys, auditors, financial consultants, and other professional consultants and advisors – to pursue our legitimate interests (such as defending our legal rights) as well as to comply with our legal obligations (such as auditing);
other third parties upon your consent (such as your authorized representative, adviser, or another third party you have contacted and involved in the matters between you and us);
competent authorities (such as investigative bodies, the Tax and Customs Board, Financial Intelligence Unit) and courts – to comply with our legal obligations.
Whenever a recipient is not a separate data controller but our data processor, the processor shall not have an independent right or legal basis for processing personal data, and your data is processed on behalf of and under the responsibility of company We exercise diligence and care in selecting our data processors and ensure that they process personal data by our instructions, generally recognized security standards, and applicable requirements of the data protection legislation. However, when we transmit your data to data controllers (i.e., persons or organizations who themselves decide what data to process and why), they are processing your data on behalf of and under the responsibility of themselves.
To provide the products and services you require, your personal information must be shared with third parties;
In a trade created on platform, if any party of the trade fulfills or partially fulfills their trade obligations and makes a request for the disclosure of information, company shall have the right to determine whether to provide the user with the contact information of the counterparty and other necessary information to facilitate the completion of the trade or settlement of disputes;
Company implements appropriate disclosure according to laws, regulations or website policies.
SECURITY AND DATA RETENTION
Your account is secure and protected, please preserve your account and password information properly. We will ensure that your information is not lost, abused and altered by storing backups of other servers and encrypting the user passwords. Despite the aforementioned security measures, please note that there are no “perfect security measures” on the information network. When using our platform services for online trades, you will inevitably disclose your personal information, such as contact information or postal address, to the counterparty or other potential counterparties. Please protect your personal information and provide it to others only if necessary. If you find that your personal information have been leaked, especially your account and password, please contact our customer care immediately so that we can take appropriate measures.
We take commercially reasonable technical and organizational precautions to prevent the loss, misuse, or alteration of your personal information. Accordingly, we store all the personal information you provide on secure servers.
We also use suitable legal, technical, and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
Please note that no transmission of information via email or other telecommunication channels or your access to our platform and services through the internet could be fully secured. Therefore, you should take due care when you are accessing our platform and services via internet or sharing confidential information via e-mail or other telecommunication channels.
We do not retain personal data for longer than necessary to achieve the processing objectives, including, as applicable, to provide the services to you, comply with our legal obligations, and maintain the protection of our legal rights and legitimate interests.
Where the law prescribes specific limitation periods or data retention terms, we may retain personal data for a different time.
Upon the expiry of the retention period, we will erase your data or anonymize it irreversibly.
We may charge you a reasonable fee for the handling and processing of your requests to access your data. If we choose to charge a fee, we will provide you with a written estimate of the fee that we will be charging. Please note that we are not required to respond to or deal with your request for access unless you have agreed to pay the fee.
We reserve the right to refuse to correct your data by the provisions as set out in the Personal Data Protection Act and/or other applicable laws, where they require and/or entitle an organization to refuse to correct personal data in the stated circumstances.
YOUR RIGHTS
You have the right to know whether we process your data, receive a copy of your data, and demand corrections to your data due to inaccuracies or changes in your data. Your data is available to you through our platform, but you also have the right to contact us to access the personal data we process. However, please note that your right to access the personal data we process may be limited by legal acts, others’ privacy rights, and our rights and other obligations (such as protection of business secrets, confidentiality obligations).
You may also demand the deletion of your data if we lack the right to process such data or if we process the data solely based on your consent and you withdraw your consent. Note that this right may be overridden by our right or legal obligation to process such data (compliance with laws and regulations, performing a contract, pursuing our legitimate interests).
You can withdraw your consent for the processing of your data. After you have withdrawn your consent, we shall no longer process your data for the purpose you consented to.
You may object to processing your personal data, including the performance of profile analysis, and if we process the data based on our legitimate interest. Upon receiving your objection, we shall not process your data unless our interests outweigh the potential effect on your rights (e.g., compliance with legal obligations).
You may require that we terminate the processing of your data if we don’t have a legal basis to process your data.
To exercise your rights, please contact us via the contact details provided in this Policy. In certain instances, determined in applicable legislation, we may require a fee before processing your application for exercising your rights as a data subject, which we will notify you before processing your application.
PROTECTION OF YOUR RIGHTS
You may withdraw your consent for the collection, use and/or disclosure of your data in our possession or under our control by sending an email to our Customer Service support@dax.mn
However, your withdrawal of consent may mean that we cannot continue providing the Services to you, and we may need to terminate your contract with us.
You may request to access and/or correct your data currently in our possession or under our control by submitting a written request to us. We will need enough information from you to ascertain your identity and the nature of your request to be able to handle your request. Hence, please submit your written request by sending an email to our Customer Service support@dax.mn
Our contact details: 17th floor, Central Tower, Sukhbaatar district, Ulaanbaatar, Mongolia, 14200, support@dax.mn
THE USE OF COOKIES
If you do not reject the usage of cookies, we will set or use cookies on your computer so that you can log in or use our platform services or functions that rely on such cookies. We use cookies to provide you with more thoughtful personalized services including promotion services. You have the right to choose to accept or reject the cookies. You can reject the cookies by modifying your browser settings. But if you choose to reject the cookies, you may not be able to log in or use our platform services or functions that rely on such cookies. This paragraph shall apply to any relevant information obtained through cookies set forth by company.
CHILDREN UNDER 18
Our Platform is not designed for children under 18. If we discover that a child under 18 has provided us with Personal Information, we will delete such information from our systems.
FINAL PROVISIONS
We reserve the right to amend this Policy at any time unilaterally. We will notify you of amendments to the Policy on our website and/or, at our discretion, through a communication channel you have provided us.
This Policy applies to all personal data we process (except for our employees’ data), including personal data collected before the entry into force of the Policy.
This Policy does not extend to any external links that lead to services or websites of third parties. These third-party websites and services are subject to the terms and conditions and the privacy policy of the respective provide
Last updated