Privacy Policy
Globalbitex.com | GDPR, International Data Privacy & Financial Compliance
At Globalbitex.com, we recognize that privacy is not a privilege — it is a fundamental right. This Privacy Policy explains in detail how we collect, store, manage, protect, and disclose your personal data when you use our platform.
As a registered digital asset exchange operating within European jurisdictions and serving a global clientele, we adhere to:
The General Data Protection Regulation (EU) 2016/679 (GDPR)
The UK Data Protection Act 2018
The European Data Protection Board (EDPB) guidelines
Other applicable international and regional data protection laws
Our commitment is not only to comply with regulatory requirements but to surpass them, ensuring maximum transparency, fairness, and accountability in our handling of your personal data.
2. Scope of This Policy
This Privacy Policy applies to:
All users accessing Globalbitex.com
All products, services, mobile applications, APIs, and web-based services provided by us
Personal data collected both online and offline
This policy forms an integral part of our Terms & Conditions and other contractual agreements.
3. Categories of Data We Collect
We only collect personal data that is adequate, relevant, and limited to what is necessary for the intended purposes. Data collected includes:
A. Identification Data:
Full name, date of birth, nationality, government-issued identification (passport, ID card, driver’s license)
B. Contact Data:
Email address, phone number, residential address
C. Financial Data:
Bank account information, wallet addresses, transaction records, payment data
D. Compliance & Verification Data:
KYC documents, AML screening records, politically exposed person (PEP) status, sanctions lists checks, utility bills, source of funds declarations
E. Device & Technical Data:
IP address, geolocation, browser type, device identifiers, operating system, website usage statistics
F. Communication Records:
Email correspondences, support tickets, chat transcripts, recorded phone calls (where legally permissible)
G. Marketing & Analytics Data:
Preferences, consents, behavioral data from platform interactions
4. Purpose and Legal Basis for Processing
Under GDPR, every data processing activity must have a valid legal basis. We process your personal data for the following purposes:
| Purpose | Legal Basis (GDPR Article) |
|---|---|
| Account creation and management | Art. 6(1)(b) Contract |
| Transaction processing and reporting | Art. 6(1)(b) Contract |
| KYC/AML regulatory compliance | Art. 6(1)(c) Legal Obligation |
| Fraud prevention and risk management | Art. 6(1)(f) Legitimate Interest |
| Customer support and communication | Art. 6(1)(b) / Art. 6(1)(f) |
| Marketing communications (with opt-in consent) | Art. 6(1)(a) Consent |
| Platform security, audit, and data integrity | Art. 6(1)(f) Legitimate Interest |
| Legal disputes and enforcement | Art. 6(1)(f) Legitimate Interest |
5. Data Sharing and Third-Party Processors
We do not sell or lease your personal data. Data is shared strictly on a need-to-know basis:
Regulatory Authorities: For legal compliance (FCA, CSSF, BaFin, or other relevant bodies)
AML/KYC Service Providers: For identity and compliance verification
Payment Processors and Banks
Cloud Hosting and IT Infrastructure Providers
Legal, Auditors, and Security Consultants
Third-Party Marketing Providers (only with your explicit consent)
All third parties are contractually bound by Data Processing Agreements (DPAs) and adhere to equivalent data protection standards.
6. International Data Transfers
Where personal data is transferred outside the European Economic Area (EEA), we implement one of the following safeguards:
Adequacy Decisions from the European Commission
Standard Contractual Clauses (SCCs) approved by the European Commission
Binding corporate rules, where applicable
We rigorously monitor these arrangements to reflect evolving regulatory guidance.
7. Data Retention Policy
We retain your personal data for:
A minimum of 5 years post-account closure to comply with AML/CTF obligations
Or longer where necessary to establish, exercise, or defend legal claims
After retention periods lapse, personal data is irreversibly anonymized or securely destroyed.
8. Data Security
We employ multiple layers of protection:
End-to-end encryption (at rest and in transit)
Multi-factor authentication for access control
Continuous monitoring and penetration testing
Data minimization and role-based access management
Secure data centers compliant with ISO 27001
9. Automated Decision-Making
Certain processes, including fraud detection and transaction risk assessments, may involve automated decision-making. You retain the right to request human intervention, express your point of view, and contest such decisions.
10. Your Rights Under GDPR
You have the right to:
Access your data
Rectify inaccuracies
Request erasure (‘right to be forgotten’)
Restrict processing
Object to processing
Data portability
Withdraw consent at any time for processing based on consent
To exercise these rights, contact our Data Protection Officer (DPO) at:
privacy@globalbitex.com
11. Cookies and Tracking Technologies
We use strictly necessary, performance, and analytical cookies. Consent is obtained for non-essential cookies as per PECR and GDPR Article 6(1)(a).
A full Cookie Policy is available [here].
12. Data Breach Notification
In the event of a personal data breach, we will notify:
Affected users without undue delay
Relevant supervisory authorities within 72 hours where required
Our incident response protocols meet the highest industry standards.
13. Changes to This Policy
We reserve the right to update this policy to reflect changes in legislation, technology, or business operations. Substantial changes will be communicated prominently via email or platform notifications.
14. Contact Information
For any data protection inquiries or complaints:
Data Protection Officer (DPO)
privacy@globalbitex.com
[Insert Number]
[Insert Registered Address]