Last Updated: October 2021
Please read this policy carefully to understand what information we collect, why we collect it, and how you can update, manage, export, and delete Personal Information (as defined below). In the cases where we require your consent to process your Personal Information, we will ask for your consent to the collection, use, and disclosure of your Personal Information. We may provide additional “just-in-time” disclosures or information about the data processing practices of specific Apifiny Services. If you do not agree with our policies and practices, do not use Apifiny Services.
- Who May Use our Services
Apifiny Services are not intended for use by residents of, domiciles in, or entities with principal offices, operations, or other connections in the following U.S. states:
- Alaska, Colorado, Connecticut, Hawaii, Kentucky, Maine, Michigan, New Mexico, New York, Ohio, and Pennsylvania
Apifiny Services are not intended for use by residents of or domiciles in the following countries:
- Algeria, Bangladesh, Bolivia, China, Cuba, Egypt,Iran, Iraq, Libya, Mali, Morocco, Nepal, North Korea, Pakistan, Syria, South Sudan, Somalia, Sudan, Jordan, Ukraine, Venezuela, Yemen, and Zimbabwe
Apifiny Services are only intended for adults eighteen (18) years of age and older. We do not knowingly collect Personal Information from persons under the age of 18. If we learn that we have collected any Personal Information from persons under the age of 18, we will promptly take steps to delete such information and terminate their account.
- Personal Information We Collect and How We Use It
We collect several types of information from and about customers, users and visitors (collectively “Individuals”) depending on how they are using the Apifiny Services, including:
(a) Types of Personal Information We Collect
(i) Information You Provide Directly to Us. When you use the Apifiny Services or engage in certain activities, such as registering for an Apifiny account with us, creating a digital asset wallet and using digital assets on our digital asset exchange platform, requesting information, or contacting us directly, we may ask you to provide the following types of information:
Account Information. If you create an account, we may collect certain information that can be used to identify you. The requested information may include:
(A) for Individuals, certain personal information, including your name and last name, address, telephone number, e-mail address, gender, date of birth, username, and encrypted password which enables you to utilize certain features of the Apifiny Services; and
(B) for entities, information about its business, financial condition, corporate structure, shareholders, directors, officers, ultimate beneficial owners, agents and other representatives.
(ii) Communications with Us. We may collect Personal Information from you such as name, phone number, email address, or mailing address when you choose to request information about Apifiny Services, request to receive customer or technical support, or otherwise communicate with us.
(iii) Automatic Data Collection. We may collect certain information automatically through Apifiny Services or other methods of web analysis, such as your Internet protocol (IP) address, cookie identifiers (see Section 4(c)), and other device identifiers that are automatically assigned to your computer or device when you access the Internet, browser type and language, geo-location information, hardware type, operating system, user settings, location information, mobile carrier, Internet service provider, pages that you visit before and after using the Apifiny Services, the date and time of your visit, the amount of time you spend on each page, information about the links you click and pages you view within the Marketplace, and other actions taken through use of the Marketplace such as preferences. Although we do not correlate tracking information to Individuals, some information collected, such as IP addresses, will be unique.
(iv) Information from Other Sources. We may receive information about you from other sources, including through our service providers who perform the KYC and AML checks. These service providers may collect information from other sources in order to supplement information provided by you. Information we collect through our service providers may include your name, government issued identification number, location, gender, birth date, and email address. This supplemental information allows us to verify information that you have provided to us and to enhance our ability to provide you with information about our business, products, and Apifiny Services.
(v) Do Not Track Settings. Do Not Track (“DNT”) is a privacy preference that Individuals can set in certain web browsers to inform websites that they do not want certain information about their webpage visits collected over time and across websites or online Marketplace. We do not track, plant cookies, or use advertising when a DNT browser mechanism is in place.
(b) How We Use Your Information
We collect the Personal Information in an effort to provide you with secure and efficient customer experience, to protect you from risks of improper use and fraud and to improve, develop and improve Apifiny Services. We use information that we collect about you or that you provide to us, including Personal Information:
(i) To provide you with information, products, or services that you request from us. We may use information about you to:
- Generally manage customer information and accounts;
- To provide you with information, products, or services that you request from us;
- Provide access to certain areas, functionalities, and features of our Marketplace; and
- Contact you to answer requests for customer support or technical support.
(ii) Administrative Purposes. We may use Personal Information about you for administrative purposes, including to:
- Measure interest in our Services;
- Ensure internal quality control;
- Verify Individual identity;
- Communicate about Individual accounts and activities on our Marketplace and systems, and, in our discretion, changes to Apifiny Services or any of our policies;
- Send email to the email address you provide to us to verify your account and for informational and operational purposes, such as account management, customer service, or system maintenance;
- Verify the information that you provide to use and validate you through the KYC/AML process required by our fiduciary partners;
- Meet the requirements to make disclosures under the requirements of any law binding on the Marketplace under and for the purposes of any guidelines issued by regulatory or other authorities with which the Marketplace is expected to comply;
- Process payment for products or Apifiny Services purchased;
- Provide you with notices about your account and payments;
- Process applications and transactions;
- Prevent potentially prohibited or illegal activities;
- Carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection and
- Enforce our Terms.
(iii) Limiting Use. We will only use Personal Information for the purposes identified above, and to provide you with important messages about our Services and transactional communications regarding your activity on our website, such as deposit and withdrawal notifications.
(iv) Anonymous and Aggregated Information Use. We may use Personal Information and other information about you to create anonymized and aggregated information, such as de-identified demographic information, de-identified location information, information about the computer or device from which you access Apifiny Services, or other analyses we create. Anonymized and aggregated information is used for a variety of functions, including the measurement of visitors’ interest in and use of various portions or features of the Apifiny Services. Anonymized or aggregated information is not Personal Information, and we may use such information in a number of ways, including research, internal analysis, analytics, and any other legally permissible purposes. We may share this information within us and with Third Parties for our or their purposes in an anonymized or aggregated form designed to prevent anyone from identifying you.
(v) Other Uses. We may use Personal Information for which we have a legitimate interest, such as direct marketing, individual or market research, anti-fraud protection, or any other purpose disclosed to you at the time you provide Personal Information or with your consent.
(c) Cookies, Pixel Tags/Web Beacons, Analytics Information, and Interest-Based Advertising
(i) Cookies. Cookies are small text files placed in visitors’ devices to store their preferences. Most browsers allow you to block and delete cookies. However, if you do that, some features of the Apifiny Services may not work properly.
(ii) Pixel Tags/Web Beacons. A pixel tag (also known as a web beacon) is a piece of code embedded on the Site or the App that collects information about Individuals’ engagement on the Site or the App. The use of a pixel allows us to record, for example, that a user has visited a particular web page or clicked on a particular advertisement.
Our uses of such Technologies fall into the following general categories:
- Advertising or Targeting Related. We may use first-party or Third Party cookies and web beacons to deliver content, including ads relevant to your interests, on our Site, or on Third Party websites. This includes using Technologies to understand the usefulness to you of the advertisements and content that has been delivered to you, such as whether you have clicked on an advertisement.
If you would like to opt out of the Technologies we employ through Apifiny Services, applications, or tools, you may do so by blocking, deleting, or disabling them as your browser or device permits. Please note however that certain functionality of the Apifiny Services may not be available or function properly if you opt out of certain Technology uses.
- Information for European Data Subjects
If you are a resident of the European Economic Area, United Kingdom or Switzerland (collectively, the “European Region”), you may have additional rights under the General Data Protection Regulation (the “GDPR”) and other applicable laws with respect to your Personal Information, as outlined below. To the extent applicable to us, we adhere to relevant data protection laws. For purposes of this section, terms of “Personal Information” and “processing/processed” have the meanings provided in the GDPR.
(i) Processing Based on Lawful Basis Only. We only process your Personal Information if we have a lawful basis for doing so. Below are the legal bases we process the Personal Information subject to GDPR:
(a) Consent: To enhance your user experience, to engage in third party marketing activities, direct marketing activities and any other purposes to be indicated to you in order to receive your consent.
We will clearly and expressly indicate to you if we process Personal Information based on your consent, at the time of collection. You may withdraw your consent at any time without affecting the lawfulness of processing based on consent before consent is withdrawn. To withdraw consent, please contact us by using the information provided in the “Contact Us” section below.
(b) Contractual necessity: To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection, to provide Apifiny Services, customer support service and service communications and to improve Apifiny Services and ensure internal quality control.
(c) Legitimate interest: To conduct research and development of new products, to monitor the usage of Apifiny, to facilitate corporate acquisitions, mergers or transactions, to engage in direct marketing activities, to protect our rights. When we process Personal Information based on our legitimate interests, we always consider and balance any potential impact on you and your rights under data protection laws.
(d) Legal obligation, Public Interest or in your Vital Interest: To conduct anti-fraud, anti-money laundering and identity verification/authentication checks, to comply with legal and regulatory applications binding on Apifiny, to satisfy retention obligations and to ensure network and information security.
(ii) Collection and Use of Sensitive Personal Information. Some of the Personal Information we collect is considered sensitive by applicable law and referred to as Sensitive Personal Information. We may collect and process Sensitive Personal Information when you voluntarily provide them for us to comply with our legal obligations, or as applicable law otherwise permits. For example, we may collect your biometric data to conduct anti-fraud, anti-money laundering and identity verification/authentication checks, to comply with legal and regulatory applications binding on Apifiny.
Direct Marketing: We may, from time to time, send direct marketing materials to you that are only based on advertising our products, services, facilities or activities. We will only communicate to you based on our legitimate interests, subject to the applicable laws and regulations, or with your consent. You may opt-out of such communications by following the directions provided in any marketing communication.
Third Party Marketing: We will not provide your Personal Information to any third parties for third party marketing purposes without obtaining your consent.
- How We Share Your Personal Information
We only collect Personal Information that we believe to be relevant and required to conduct our business. We may share your Personal Information with our service providers, but only to the extent that they each need to know specific information to continue to provide Services to you. This includes:
(i) Vendors and Service Providers We may share any information we receive with vendors and service providers. The types of service providers (processors) to whom we entrust Personal Information include service providers for: (i) provision of IT and related services; (ii) provision of information and Marketplace you have requested; (iii) payment processing; (iv) customer service activities; (v) fraud prevention; and (vi) in connection with the provision of the services, including KYC/AML checks. We have executed appropriate contracts with the service providers that prohibit them from using or sharing Personal Information except as necessary to perform the contracted Marketplace on our behalf or to comply with applicable legal requirements.
(ii) Disclosures to Protect Us or Others (e.g., as required by law and similar disclosures). We may access, preserve, and disclose your Personal Information, other account information, and content if we believe doing so is required or appropriate to: (i) comply with law enforcement or national security requests and legal process, such as a court order or subpoena; (ii) respond to your requests; (iii) protect your, our or others’ rights, property, or safety; (iv) enforce our policies or contracts; (v) collect amounts owed to us; (vi) prevent physical harm or financial loss or in connection with an investigation or prosecution of suspected or actual illegal activity; or (vii) disclose your Personal Information in good faith where it is otherwise necessary or advisable.
(iii) Security Reasons In addition, from time to time, server logs may be reviewed for security purposes – e.g., to detect unauthorized activity on the Marketplace. In such cases, server log data containing IP addresses may be shared with law enforcement bodies in order that they may identify Individuals in connection with their investigation of the unauthorized activities.
(v) For any other purpose disclosed by us and consented by you when you provide the information. We may disclose aggregated information about our users, which means information that does not identify any individual, without restriction. As an example, we may include in our marketing materials that a certain percentage of our users are female, but we will not share a list of the female users in these materials.
- Data Transfers
(i) International Data Transfers. You agree that all Personal Information collected via or by us may be transferred, Processed, and stored anywhere in the world, including but not limited to the United States, in the cloud, on our servers, on the servers of our affiliates or the servers of our service providers. Your Personal Information may be accessible to law enforcement or other authorities pursuant to a lawful request. By providing information to us, you explicitly consent to the storage of your Personal Information in these locations.
(ii) Collection and Transfer of Data outside the European Region Apifiny operates globally with many of its systems based in the United States. Therefore, we may need to transfer your Personal Information outside of the country from which it was originally provided, and which have no data protection laws or laws that are less strict in comparison to those in the European Region. You agree that all Personal Information collected via or by us may be transferred, Processed, and stored anywhere in the world, including but not limited to the United States, in the cloud, on our servers, on the servers of our affiliates or the servers of our service providers. Your Personal Information may be accessible to law enforcement or other authorities pursuant to a lawful request.
When we transfer Personal Information outside of the European Region, we take steps to ensure appropriate safeguards are in place to protect your Personal Information. We contractually obligate recipients of your Personal Information to agree to at least the same level of privacy safeguards as required under applicable data protection laws. By communicating electronically with Apifiny, you explicitly consent to the storage of your Personal Information in these locations.
When we transfer your Personal Information based on your consent, you may withdraw your consent at any time. In the event of withdrawal of consent and thus we are being unable to transfer Personal Information to third countries, Apifiny Services may become unavailable to you.
8. Your Privacy Rights
Subject to applicable law of where you reside, you may be able to exercise certain rights regarding your Personal Information, as explained below. These rights may not be available to all users, depending on the local law applicable to you based on the jurisdiction in which you reside. If you are a resident of the European Region, you have such rights pursuant to GDPR.
We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect. Although we make good faith efforts to provide Individuals with access to their Personal Information, there may be circumstances in which we are unable to provide access, including but not limited to: where the information contains legal privilege, would compromise others’ privacy or other legitimate rights, where the burden or expense of providing access would be disproportionate to the risks to the Individual’s privacy in the case in question or where it is commercially proprietary. If we determine that access should be restricted in any particular instance, we will provide you with an explanation of why that determination has been made and a contact point for any further inquiries. To protect your privacy, we will take commercially reasonable steps to verify your identity before granting access to or making any changes to your Personal Information.
While you are exercising any of the rights mentioned below, please include your full name, email address associated with your account, and a detailed description of your data request. To submit a request, please contact us by using the information provided in the “Contact Us” section below. Such requests will be Processed in line with applicable local laws. Apifiny has absolute discretion in providing you with those rights if any of the rights mentioned below are not provided under the applicable local laws of the jurisdiction in which you reside.
(i) Rights of Access You can review and change your Personal Information by logging into the Marketplace and visiting your account page. You may also inquire as to whether we are Processing Personal Information about you or request access to your Personal Information.
(ii) Rectification You have the right to request the rectification of inaccurate Personal Information and to have incomplete data completed.
(iii) Objection You have the right to object to the processing of your Personal Information for compelling and legitimate reasons relating to your particular situation, except in cases where legal provisions expressly provide for that processing.
(iv) Right to Refuse or Withdraw Consent
(a) General. To the extent the processing of your Personal Information or Sensitive Personal Information is based on your consent, you may withdraw your consent and opt out of further Processing by contacting us as described below, at any time. Your withdrawal will not affect the lawfulness of Apifiny’s Processing based on consent before your withdrawal.
We maintain telephone “do-not-call” lists as mandated by law. We process requests to be placed on do-not-phone and do-not-contact lists within 60 days after receipt, or such shorter time as may be required by law.
(v) Erasure You may request to erase your Personal Information if (i) it is no longer necessary for the purposes for which we have collected it, (ii) you have withdrawn your consent and no other legal ground for the processing exists, (iii) you objected and no overriding legitimate grounds for the processing exist, (iv) the processing is unlawful, or erasure is required to comply with a legal obligation. Upon complying with your erasure request, we may still keep certain account information in our database for a certain amount of time in order to satisfy our legal obligations.
(vi) Restriction Subject applicable law, you may have the right to restrict or object us to Process your Personal Information under certain conditions.
(vii) Portability You may receive your Personal Information that you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit it to other data controllers without hindrance. This right only exists if the processing is based on your consent or a contract and the processing is carried out by automated means.
(viii) Right to lodge a complaint European data subjects also have the right to lodge a complaint with a supervisory authority in the place of their residence or the location where the issue that is the subject of the complaint occurred.
- Data Retention
- Data Retention
- Information for California Residents
If you are a resident of California, you may have additional rights under the California Consumer Privacy Act (the “CCPA”) and other applicable laws with respect to your Personal Information, as outlined below.
(i) Right to Know. You may request, twice per calendar year, to know (i) the specific pieces of Personal Information we have collected about you; (ii) the categories of Personal Information we have collected about you; (iii) the categories of sources from which we collected your Personal Information, (iv) our business purpose for collecting your Personal Information; and (v) the categories of third parties with whom we shared your Personal Information.
(ii) Right to Delete. You may request to delete the Personal Information we have collected about you. We may deny your request under certain circumstances, such as if we need to comply with a legal obligation.
(iii) Right to Correct. We would like to maintain accurate Personal Information. If you believe that the Personal Information we have collected about you is inaccurate, you may request to correct the Personal Information.
(iv) Non-Discrimination. We will not discriminate against you for exercising these rights.
(v) “Shine the Light.” You may request, once per calendar year, certain information regarding our disclosure of your Personal Information to third parties for their own direct marketing purposes.
For more information about our compliance with “Do Not Track” browser mechanisms, please see Section 4(a)(v) above.
If you wish to make a request pursuant to this section or learn more about our compliance, please contact us using the information provided in the “Contact Us” section below.
- Security of Your Personal Information
The safety and security of your information also depends on you. Where you have chosen a password for access to certain parts of the Marketplace, you are responsible for keeping this password confidential. We ask you not to share your password with anyone and be careful about giving out information to other Individuals on the Marketplace if requested.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your Personal Information, we cannot guarantee the security of your Personal Information transmitted to the Marketplace. Any transmission of Personal Information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Marketplace, and we do not accept liability for unintentional disclosure.
By using Apifiny Services or providing Personal Information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Apifiny Services. If we learn of a security system’s breach, we may attempt to notify you electronically by making a notice available to you through the Marketplace or sending an e-mail to you. You may have a legal right to receive this notice in writing.
- International Users
- International Users
- Third Party Links
Our website may contain links that lead to other websites, and Apifiny is not responsible for the privacy practices, content, and/or activities of these linked websites. Nonetheless, we seek to protect the integrity of our Services and welcome any feedback about these external websites.
- Third Party Links
- Redress/Compliance and Accountability
- Redress/Compliance and Accountability
- Other Rights and Important Information
(iii) New Uses of Personal Information. Additionally, before we use Personal Information for any new purpose not originally authorized by you, we will endeavor to provide information regarding the new purpose and give you the opportunity to opt out. Where consent of the Individual for the Processing of Personal Information is otherwise required by law or contract, we will endeavor to comply with the law or contract.
The following capitalized terms will have the meanings herein as set forth below.
- “Agent” means any Third Party that Processes Personal Information pursuant to the instructions of, and solely for, us or to which we disclose Personal Information for use on its behalf.
- “Personal Information” is information relating to an identified or identifiable natural person (“Individual”).
- “Process” or “Processing” means any operation which is performed upon Personal Information, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
- “Sensitive Data” or “Sensitive Personal Information” is a subset of Personal Information which, due to its nature, has been classified by law or by policy as deserving additional privacy and security protections. Sensitive Personal Information includes Personal Information consisting of the following data elements: (1) race or ethnic origin; (2) political opinions; (3) religious or philosophical beliefs; (4) trade union membership; (5) genetic data; (6) biometric data where Processed to uniquely identify a person; (7) health information; (8) sexual orientation or information about the Individual’s sex life; or (9) information relating to the commission of a criminal offense.
- “Third Party” is any company, natural or legal person, public authority, agency, or body other than you, us or our Agents.
- Contact Us
If you would like to contact us about our privacy practices, or exercise any of your data subject rights, please send a written request to us by emailing firstname.lastname@example.org.
Data Protection Officer and contact information:
Data Protection Officer
Apifiny Asset Network Inc.,
New York, NY 10019