Products
Who We Serve
Resources
Company
Legal
BitGo Privacy
Effective Date: August 1, 2013
Global Privacy Notice
1. INTRODUCTION
BitGo Holdings, Inc. and its subsidiaries and affiliates (“BitGo,” “we”, “our” or “us”) offer a variety of custodial and liquidity products and services for cryptocurrency management and trading for consumers and institutions (“you” or “Individuals”). These include, but are not limited to, wallets for managing and moving cryptocurrency assets, trading, lending, staking, settlement services, escrow services and portfolio management tools to visualize your digital asset portfolio. Privacy and data protection are a top priority for us, and we encourage you to read this Privacy Notice fully to understand our privacy practices. Please understand that BitGo reserves the right to change this notice at any time but you can find the latest version here on this page.
2. SCOPE AND APPLICABILITY
This Global Privacy Notice (“Notice”) explains how we collect, use, store, share, delete, and protect your Personal Data when you interact with us in any of the following ways (collectively, the “services”):
By visiting BitGo’s websites at www.bitgo.com,
By using our services and platform products, such as hot wallets, qualified custody cold wallets, BitGo Prime trading, lending, staking, settlement services, escrow services, and portfolio management and the BitGo Portfolio and Tax reporting and reconciliation tool,
By interacting or communicating with us as part of our marketing practices,
By connecting with us at industry events and conferences,
By applying for a job,
By communicating for legal or compliance reasons, which may include litigation and defense of claims, and
By interacting or transacting with us in connection with partnership, licensing or other business opportunities.
Note that certain BitGo products or relationships may be covered under separate agreements with BitGo Holdings, Inc.’s subsidiaries and/or affiliates. If you have such an agreement in place with BitGo, please reference the agreement for details on how the services collect and use Personal Data.
This Policy also describes the choices that Individuals have with respect to their Personal Data, and how to contact BitGo to learn more about our privacy practices.
If you have obtained a financial product or service with BitGo to be used primarily for personal, family, or household purposes, we will use and share any information, including Personal Data that we collect from or about you in accordance with our U.S. CONSUMER PRIVACY NOTICE, which provides certain choices with respect to the use and sharing of your Personal Data.
If you are a California resident, you may have rights under the California Consumer Privacy Act. For more information please visit our CALIFORNIA PRIVACY NOTICE below.
Residents of the European Economic Area (“EEA”) or the United Kingdom (“UK”) may have additional rights regarding their Personal Data. For more information please visit our GDPR PRIVACY NOTICE below.
3. PERSONAL DATA WE COLLECT
We may collect personal data about you (all such personal data, “Personal Data”) iin several ways when you use our services, as described below.
Information You Provide. We collect the information you provide to us directly when you use our services. You can choose to provide Personal Data for:
Website Use – We collect some or all of the following Personal Data about you when you use or otherwise interact with any of our websites, social media pages, mobile applications, online advertisements, or marketing or sales communications:
name
email address
phone number
country and region
other information you choose to provide to us when you contact us with your inquiries.
Platform – We collect the same Personal Data described under “Website Use,” when you use our platform to sign up for a BitGo account or Pay As You Go hot wallet.
Identity Verification – In addition to the Personal Data described under “Website Use,” we may collect the following Personal Data for identity verification for BitGo business wallets, qualified custody, BitGo Prime and hot wallet users:
country of citizenship
Social Security Number
tax ID number
video call footage to verify your identity,
copies of your government-issued identification,
proof of residency documentation (e.g., copies of utility bills), and
other information you choose to provide to us as part of identity verification.
Job Applications – If you apply for a job with BitGo, in addition to the Personal Data described under “Website Use,” we may collect the following Personal Data about you:
mailing address
job history
resume/CV
information about your references
any other Personal Data you choose to submit along with your application including your LinkedIn profile or U.S. Equal Opportunity Employment Information.
Marketing Activities – If you attend our events, business meetings, or visit our booth at industry conferences, in addition to the Personal Data described under “Website Use,” we may collect one or more of the following business contact information about you:
company
job title/role
other information that may be contained on your business card, if you choose to provide one
other information you choose to provide with us.
Information We Collect from Third Parties. When you use our services, we collect the following information from third parties:
Referrals and Account Participant Invitations – We receive information about you, such as your name and email address, if a BitGo user refers you to our platform or invites you to participate on their account as an administrator, viewer, or spender.
Integrations – We receive information about you via services you choose to integrate, such as where you link accounts from other service providers including other cryptocurrency service providers, (for example, Kraken), to your BitGo account.
Third Party Sign In – If you log in to our services using credentials from a third party (for example, Google), we will receive information that you have made public via your privacy settings with that third party.
Publicly Available Information. We collect information about you via the following publicly available resources when you use our services:
ZoomInfo
Social Medias
Google search
Blockchain
Public digital address
Note that we may combine information received from third parties or publicly available resources with information we have collected directly from you. We will also combine information from an Individual’s profile with information submitted from surveys.
Information We Collect. When you use our websites, with your consent, we use cookies and other tracking technologies to collect the following information about you:
Browser and Device Information – Using cookies and other tracking technology, we collect:
unique device identification numbers
device type
operating system version
browser type
pages viewed
links clicked
IP address
date and time of visit
number of times you return to our website.
For information on how to manage your cookies preferences, please see our Global Privacy Notice or visit www.aboutcookies.org.
4. COOKIES AND OTHER TRACKING TECHNOLOGIES
What Are Cookies? Cookies are small text files that are stored through the browser on your computer or mobile device. Cookies serve a variety of functions; they help you navigate between website pages efficiently and may improve the user experience on a website. Cookies vary in duration (they can be “persistent” or “session-based”), and by whom they are served (“first party” cookies are directly from us; “third party” cookies are from other parties on our behalf). They are only one of several types of technologies used to track online behavior.
Why We Use Cookies and Other Tracking Technologies. At BitGo, we use cookies to:
Administer our services
Analyze services usage and trends
Track your browsing history
Improve the services functionality
Types of Cookies We See. On our website, we use the following types of cookies:
Functional Cookies – We use cookies that are necessary for our services to run, including optimizing or powering features on the services and helping us identify irregular or fraudulent behavior on the services.
Performance and Analytics Cookies – We use performance and analytics cookies to understand how visitors engage with our website. These cookies help us:
understand how visitors arrive at our website
monitor website usage and performance
remember you when you return to the website, and
improve our website content.
Targeting cookies – We use targeting cookies to make advertising messages more relevant to you. They may perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.
Google Analytics – Google Analytics helps us understand how users engage with our website. Like many services, Google Analytics uses first party cookies to track user interactions and in our case, they are used to collect information about how users use our website. This information is used to compile reports and to help us control the use of cookies. You can control the use of cookies through your web browser settings. Please note that if you reject or delete cookies, some of our website features may no longer function to improve our website and services. To learn more about Google Analytics’ privacy practices, please visit Google’s Privacy Policy page here.
Managing Cookies & Online Tracking. Where appropriate or legally required, we will describe how we use the information collected about you so that you can make choices about how your information is used.
Managing Cookies – You can control the use of cookies on your device at any time by changing your preferences or options in your browser settings. Each browser provides different mechanisms for managing cookies. You can usually find these settings in the “Options” or “Preferences” menu of your browser; otherwise, look at your browser’s help menu to determine the best way to modify your browser’s cookie storage. You can also block, disable, or delete the cookies that are stored on your device. However, blocking, disabling, or deleting cookies may limit your ability to view all the pages on our services. To find out more about cookies, including how to see what cookies have been set and how to block and delete cookies, please visit http://www.aboutcookies.org/.
Analytics Preferences –For information on how Google Analytics collects and processes data, visit www.google.com/policies/privacy/partners/. To learn more about Google Analytics, visit Google's "How you can control the information collected by Google on these sites and apps" article available here.
“Do-Not-Track” – Some browsers allow a user to send “Do-Not-Track” signals to a website to prevent tracking of that Individual’s activity. At this time, we do not respond to web browser “Do-Not-Track” signals. To learn more about browser tracking signals and DNT, visit http://www.allaboutdnt.com.
5. HOW WE USE PERSONAL DATA
We use Personal Data we have about you as described below.
Provide Our Services – We use the information we have about you to manage your account and provide our services. We also use your information to diagnose and resolve issues with our services, provide technical and customer support, ensure the safety, quality, and availability of the services, including verifying your identity and detecting, preventing, and prosecuting those responsible for security incidents or malicious, deceptive, fraudulent, or illegal activity.
Communicate with You – We use the information we have about you to respond to your inquiries, requests, and/or send important notices. This includes, for example, delivering periodic emails related to company news, updated policies, product/service updates and information, job openings, or press releases.
Market Our Services – We use the information we have about you to market our services. This includes, for example, sending you email communications about products, offerings, events and webinars or customized offers or materials.
Improve Our Services – We use the information we have about you to improve our services. This includes, for example, identifying usage trends, developing data analysis, determining the effectiveness of our promotional campaigns, evaluating our business performance, researching, demonstrating, developing and improving our products and services, and ensuring quality control.
Comply with The Law – We use the information we have about you to comply with applicable laws, regulations, and contractual obligations. This includes, for example, conducting compliance and/or security checks, audits, or assessments, enforcing our contracts and agreements with our customers, or complying with applicable law enforcement obligations.
Protect Our Assets – We use the information we have about you to protect our rights and interests, ensure the security of our assets, systems and networks, prevent, detect and investigate fraud, unlawful or criminal activities in relation to our services, and enforce our terms and conditions.
Other Purposes that require your consent – We may share or disclose your information only if you provide your prior consent.
De-identified or Aggregate Information – We use the information we have about you to create de-identified or aggregate information, such as de-identified demographic or location information, information about devices used to access our services, or other relevant analyses.
If we decide to modify the purpose for which your Personal Data is collected and used, we will amend this Privacy Notice.
6. HOW WE SHARE PERSONAL DATA
BitGo may share the Personal Data we have about you as described below.
Service Providers and Other Third Parties – We share information we have about you with third parties and service providers who assist us with administering the services. This may include, for example, IT service providers, data storage providers, identity verification service providers, and marketing service providers.
Across Our Companies – We share information across BitGo’s family of companies to, among other reasons, provide you with our services, prevent fraud, conduct identity verifications, comply with the law, in the event of a sale, merger, acquisition, or other liquidity event.
Business Transaction – In the event of a reorganization, acquisition, merger, divestment or other sale of some or all of our assets or stock, or other business decision or transaction, such activity may require and/or result in the sharing of your information as part of that transactional event.
Legal, Regulatory, Safety, and Compliance Purposes – In certain situations, we may be required to share your information as required by law. These situations may include, but are not limited to:
complying with a subpoena or other legal process requests;
protecting your rights;
protecting your safety or the safety of others;
investigating fraud; and
responding to a government request.
Any third parties that we share your Personal Data with are limited by law and by contract in their ability to use your Personal Data. BitGo requires third party service providers acting on our behalf or with whom we share your information to provide appropriate security measures in accordance with industry standards and in compliance with this Policy, their privacy and security obligations, and any other appropriate confidentiality and security measures. However, we are not responsible for the privacy and data security practices of third parties outside of Personal Data we receive from or transfer to them.
If you elect to receive periodic email communication from us (i.e., company news, product and service information), you may choose to opt out from receiving such communications by clicking the ‘Unsubscribe’ link provided in these emails.
7. HOW WE PROTECT PERSONAL DATA
At BitGo, we take our responsibility to protect the security and privacy of your Personal Data seriously. We are committed to maintaining the confidentiality, integrity, and security of your Personal Data and taking precautions to protect such information. We use reasonable and appropriate administrative, technical, and physical safeguards to protect information we have about you from loss, theft, and unauthorized use, access, modification, or destruction. We also require third party service providers acting on our behalf or with whom we share your information to maintain security measures consistent with industry standards in accordance with applicable data protection laws and regulations.
Additionally, to help protect your privacy and maintain security, we verify your identity before granting you access to your information or your account. Our verification methods include requesting that you log into your BitGo account, participate in a video call, and/or provide documents for identity verification. Notwithstanding our security safeguards, it is impossible to guarantee absolute security in all situations.
8. RETENTION AND DELETION
We will retain personal information we collect from you where we have a justifiable business need to do so and/or for as long as is needed to fulfill the purposes outlined in this Notice, unless a longer retention period is required or permitted by law (such as tax, legal, accounting or other purposes).
When we have no justifiable business need to process your personal information or there is no such required or permitted longer retention period, we will either delete or anonymize it. If deletion or anonymization is not possible (for example, your personal information may be stored in backup archives or for technical reasons), we will securely store your personal information and implement appropriate measures to prevent any further processing until deletion is possible.
If you request deletion of your personal information, we will consider your request in accordance with applicable laws.
9. CHILDREN’S PRIVACY
Our services are not intended for persons under the age of 18, and we do not knowingly or intentionally collect any Personal Data from, or market to, Individuals under the age of 18.
If you learn that an individual under the age of 18 has provided us with Personal Data contrary to these rules, please contact us as described in Section 14 “Contact Us” and we will delete the information from our systems.
10. INTERNATIONAL DATA TRANSFERS
Your Personal Data may be shared with or processed by us outside the country in which your Personal Data was collected. The laws on processing such Personal Data in these locations may be less stringent than in your country. It may also be processed by staff operating outside of your country. We will take all steps reasonably necessary and/or required by applicable data protection laws to ensure your Personal Data is treated in accordance with this notice and applicable law.
11. VERMONT FINANCIAL PRIVACY ACT
The Vermont Financial Privacy Act limits what we can do with your financial information and gives you rights to limit our sharing of your financial information. Under the Vermont Financial Privacy Act, Vermont residents have the right to receive notice and opt-in to sharing non-public Personal Information with non-affiliated third parties. Additionally, residents must consent to us sharing information regarding credit worthiness.
We do not share your information with affiliates and non-affiliated third parties, except for certain business purposes (e.g., to service your accounts), to market our products and services, as permitted by law, or with your consent. Additionally, we will not disclose credit information about you with our affiliates or non-affiliated third parties, except as required or permitted by law. Please contact us to opt-in to, or opt-out of, sharing your non-public Personal Information.
12. THIRD PARTY SERVICES, APPLICATIONS, AND WEBSITES
Certain third-party services, websites, or applications used to navigate to and from BitGo services have separate user terms and privacy policies that are independent of this Policy. We are not responsible for the privacy practices of these third-party services or applications. We recommend carefully reviewing the user terms and privacy statement of each third-party service, website, and/or application before use.
13. CHANGES TO THIS NOTICE
We may change or update this Online Notice in the future, and reserve the right to do so. When we do, we will post the revised version on our website. This notice was last updated and became effective on the date posted at the top of this page. If we make material changes to this Online Notice, it will either be noted on our website that material changes have been made or we will notify our clients by email.
14. CONTACT US
If you have questions about this Notice, or if you wish to exercise any of your rights in relation to your Personal Data, please contact us. You can write to us at the email address below: privacy@bitgo.com
California Privacy Notice
1. APPLICABILITY OF CALIFORNIA PRIVACY NOTICE
This Privacy Notice (“Notice”) applies solely to California residents and supplements BitGo’s Global Privacy Notice. We adopt this Notice to comply with the California Consumer Privacy Act of 2018, as amended (“CCPA”) and other California privacy laws.
This Notice provides the additional details regarding the information defined as ‘personal information’ under applicable California law and related to a California resident or household (“Consumers” and “you”) further referred to as “Personal Information.” This Notice describes the categories of Personal Information we have collected, the categories of Personal Information we have disclosed, the categories of Personal Information we have sold or shared, and a description of your rights.
This Notice does not cover certain Personal Information subject to the Gramm-Leach-Bliley Act (“GLBA”), the Fair Credit Reporting Act, and certain other state or federal privacy laws. For example, this Notice does not apply to personal information that we collect about individuals who seek, apply for, or obtain our financial products and services for personal, family, or household purposes, which is subject to our U.S. CONSUMER PRIVACY NOTICE
2. CATEGORIES OF PERSONAL INFORMATION WE COLLECT AND DISCLOSE
Most of the personal information we collect from California residents is in the context of providing financial products or services and is therefore not subject to the CCPA. We do collect Personal Information relating to California residents in other contexts, for example, marketing activities.
In the past 12 months, we may have collected and disclosed to third parties for our business purposes the following categories of Personal Information about you in several ways when you use our services, as described below:
Category of Personal Information (corresponding to CCPA Section 1798.140(v)(1)) | Examples |
Identifiers | Name, email, and address and in some cases we may collect your Social Security Number |
Personal Information listed in § 1798.80 of the California Customer Records statute | Contact and financial information |
Commercial Information | Products or services purchased and account information |
Internet or other electronic network activity information | Browser type, pages viewed, and links clicked |
Geolocation data | Device location such as IP addresses |
Professional or employment-related information | Occupation or prior employer |
Audio, electronic, visual, thermal, olfactory, or similar information | Audio recordings of customer care calls, electronic, visual or similar information, including video call footage for identification purposes. |
Account credentials | Log-in information and account credentials in connection with our services or products. Passwords are hashed and encrypted into a form that allows for authentication, but not account access. |
Characteristics of protected classifications under California or federal law | Age |
We do not collect or process ‘Sensitive Personal Information’ (as defined by applicable California law) for the purpose of inferring characteristics about consumers. We do not, as a matter of course, use or disclose Sensitive Personal Information for purposes other than those specified in Section 7027(l) of the California Consumer Privacy Act Regulations.
3. SOURCES OF PERSONAL INFORMATION
The categories of sources from whom we collect Personal Information are:
Directly from a California Resident: We collect information when you use or otherwise interact with any of our websites to contact us, social media pages, mobile applications, online advertisements, or marketing or sales communications. We also collect information when you place an order, subscribe to a newsletter or respond to a survey.
From Third Parties: We may collect information from an Individuals’ company and from those who validate identity.
From Individuals Passively: We use third party tools to collect information from Individuals from websites and in emails.
Combining Information: We combine information received from third parties with information already stored. BitGo may also combine information from an Individuals profile with information submitted from surveys.
For additional information on the sources where we may collect Personal Information see our GLOBAL PRIVACY NOTICE above.
4. HOW WE USE PERSONAL INFORMATION
Most of the information we use is for the provision of financial products or services and is therefore not subject to the CCPA. We may use Personal Information of California residents for one or more of the following business purposes as described in our GLOBAL PRIVACY NOTICE above.
5. PERSONAL INFORMATION “SOLD” OR “SHARED”
We do not sell or share your Personal Information with third parties for monetary consideration. However, under California law, some uses of cookies may be characterized as “selling” or “sharing”. Because we use such cookies, in the preceding 12 months we may have “sold” or “shared” your cookies to serve advertisements, to analyze the success of marketing campaigns, or to understand the use of our websites.
6. CATEGORIES OF THIRD PARTIES DISCLOSURE
We may disclose Personal Information to the following categories of third parties for a business purpose.
Category | Examples |
Affiliates | BitGo Trust Company, BitGo New York Trust Company LLC, BitGo, Inc., BitGo Prime, LLC |
Service Providers | Google Analytics, HubSpot, Marketo, Mailchimp, Google G Suite, Amazon Web Services, Salesforce, Jumio, Refinitiv, etc. |
Government Entities | Law enforcement agencies, auditors |
Third Party Responsibilities – Any third parties that we share your Personal Information with are limited by law and by contract in their ability to use your Personal Information. We require third-party service providers acting on our behalf or with whom we share your information to provide appropriate security measures in accordance with industry standards and in compliance with this Policy, their privacy and security obligations, and any other appropriate confidentiality and security measures. However, we are not responsible for the privacy and data security practices of third parties outside of Personal Information we receive from or transfer to them.
7. PRIVACY CHOICES AND RIGHTS
If you are a California resident, you may have the following consumer rights regarding your Personal Information under California law. Please note that these rights are not absolute and are subject to conditions or limitations:
Request we disclose to you free of charge the following information covering the 12 months preceding your request:
the categories of Personal Information about you that we collected;
the categories of sources from which the Personal Information was collected;
the business or commercial purpose for collecting Personal Information about you;
the categories of third parties with whom we share that Personal Information; and
the specific pieces of Personal Information we collected about you in a portable and (if technically feasible) readily usable format (also called a data portability request).
Request that we delete any of your Personal Information we collected from you, subject to certain exceptions and limitations.
Be free from unlawful discrimination for exercising your rights under the CCPA subject to certain parameters.
Request the correction of your Personal Information that we maintain.
Opt-out of “sharing” or “selling” of cookies by turning off cookies per your preference on our Cookie Settings menu.
We will acknowledge receipt of your request and advise you how long we expect it will take to respond if we are able to verify your identity. Requests for specific pieces of Personal Information will require additional information to verify your identity.
Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your Personal Information. If you are an authorized agent, please send us proof that the consumer gave you written permission to submit the request and we will verify your identity as provided above. We may also require the consumer to verify their own identity with us and/or directly confirm with us that they have given you permission to submit the request.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative.
Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use Personal Information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.
We will work to process all verified consumer requests within 45 days of its receipt pursuant to the CCPA. If we need an extension for up to an additional 45 days in order to process your request, we will notify you of this need and provide you with an explanation for the delay within the initial 45-day period. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. If applicable, our response will also explain the reasons we cannot comply with all or part of a request.
We will usually not request a fee to exercise any rights listed above. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. We may refuse to comply with your requests under these circumstances.
If you are a California resident, you may submit a verifiable consumer request by:
Emailing us at privacy@bitgo.com with the subject line of “CCPA Request”.
8. CALIFORNIA SHINE THE LIGHT
Under California Civil Code Section 1798.83, California residents, who have an established business relationship with us, may request that we disclose the categories of Personal Information we share with third parties, if any, for the third parties’ direct marketing purposes, and the list of third parties to whom the Personal Information was shared in the preceding calendar year. To request this disclosure, please contact us at privacy@bitgo.com. Please note, the request is free of charge and we are required to respond to one request per California resident each year.
9. CALIFORNIA FINANCIAL INFORMATION PRIVACY ACT
The California Financial Information Privacy Act limits what we can do with your financial information and gives you rights to limit our sharing of your financial information. Under the California Financial Information Privacy Act, California residents have the right to: receive notice and opt-in to us sharing non-public Personal Information with non-affiliated third parties; receive notice and opt-out of sharing non-public Personal Information with affiliates; and opt-out of Personal Information sharing resulting from joint-marketing agreements with non-affiliated third parties to market financial products and services.
We do not share your information with affiliates and non-affiliated third parties, except for certain business purposes (e.g., to service your accounts), to market our products and services, as permitted by law, or with your consent. You can access our Privacy Notice for information about our practices in accordance with the California Financial Privacy Act. Please contact us (add link) to opt-in to, or opt-out of, sharing your non-public Personal Information.
10. CALIFORNIA “DO NOT TRACK” POLICY
California law requires us to inform you how we respond to web browser Do Not Track (“DNT”) signals. Because no industry or legal standard exists for recognizing or honoring DNT signals, we do not respond to them at this time. This Privacy Policy is subject to change as the privacy community and industry develop best practices for responding to DNT signals.
11. CHANGES TO THIS NOTICE
We may change or update this CCPA Notice in the future, and reserve the right to do so. When we do, we will post the revised CCPA Notice on our website. This CCPA Notice was last updated and became effective on the date posted at the top of this page. If we make material changes to this CCPA Notice, it will either be noted on our website that material changes have been made or we will notify our clients by email.
12. CONTACT US
If you have questions about this Notice, or if you wish to exercise any of your rights in relation to your Personal Information, please contact us. You write to us by email at privacy@bitgo.com with the subject line of “CCPA Request.”
General Data Protection Regulation Privacy Notice
1. APPLICABILITY OF THE GDPR PRIVACY NOTICE
This Privacy Notice (“Notice”) applies to Individuals that are located within the European Economic Area (EEA) and the United Kingdom (UK), and supplements BitGo’s Global Privacy Notice above. We adopt this Notice to comply with the General Data Protection Regulation. For purposes of this section, “Personal Data” has the meaning provided in the General Data Protection Regulation (EU) 2016/679 as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 (“GDPR”).
2. LEGAL BASIS FOR PROCESSING PERSONAL DATA
If you are located in the EEA or the UK, we only process your Personal Data for specific and limited purposes and when we have a valid legal basis for processing under applicable data protection laws.
The legal bases on which we rely on to process your Personal Data, as appropriate, are set out below:
Contractual Obligation: Necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract.
Legal Obligation: Necessary for our compliance with a legal obligation or regulatory obligation,
Legitimate Interest: Necessary for us to realize a justified and legitimate (business) interest considering your privacy and other fundamental rights and interests. This may include:
running an effective operation of the BitGo services and administering related services,
operating our services,
protecting the security of our systems, detecting or preventing fraud, as permitted by applicable law,
marketing, market research and business development,
internal group administrative purposes,
to manage our relationship with you, such as by answering inquiries or requests made by you,
to enable us to make corporate transactions such as mergers, reorganizations, acquisitions and asset transfers, and
Consent: With your consent.
Where applicable, wherever we rely on the consent legal basis, you may withdraw such consent at any time, without affecting the lawfulness of processing based on consent before such withdrawal.
3. PERSONAL DATA WE COLLECT
Personal Data is data relating to an identified or identifiable Individual. We may collect personal information from you in several ways when you use our services as described below. For more information, please see our Global Privacy Notice above.
Directly from Individuals: We will collect information when you use or otherwise interact with any of our websites to contact us, social media pages, mobile applications, online advertisements, or marketing or sales communications . We will also collect information when you buy a product or service from us. This information includes names, email addresses, phone numbers, and other demographic and contact information.
Information We Collect from Third Parties. When you use our services, we collect the following information from third parties:
Referrals and Account Participant Invitations – We receive information about you, such as your name and email address, if a BitGo user refers you to our platform or invites you to participate on their account as an administrator, viewer, or spender.
Integrations – We receive information about you via services you choose to integrate, such as where you link accounts from other service providers including other cryptocurrency service providers, (for example, Kraken), to your BitGo account.
Third Party Sign In – If you log in to our services using credentials from a third party (for example, Google), we will receive information that you have made public via your privacy settings with that third party.
Publicly Available Information. We collect information about you via the following publicly available resources when you use our services:
ZoomInfo
Social Medias
Google search
Blockchain
Public digital address
Note that we may combine information received from third parties or publicly available resources with information we have collected directly from you.
From Individuals Passively: We will use third party tools to collect information from Individuals, from its websites and in emails. Using cookies and other tracking technologies, we will automatically collect:
unique device identification numbers
device type
operating system version
browser type
pages viewed
links clicked
IP address
date and time of visit
number of times you return to our website
For information on how to manage your cookies preferences, please see our Online Privacy Notice or visit www.aboutcookies.org.
Combining Information: We combine information received from third parties with information already stored. We will also combine information from an Individual’s profile with information submitted from surveys.
4. PURPOSES FOR PROCESSING YOUR PERSONAL DATA
We use the Personal Data we have about you for the purpose for which it was collected or provided to us (as stated at the point of collection). Your Personal Data will be used to: provide our services, communicate with you, market and improve our services, conduct surveys, comply with the GDPR, protect our assets, perform other purposes with your consent, and create de-identified or aggregate information. For more information about how we use your Personal Data, please see our GLOBAL PRIVACY NOTE.
5. PERSONAL DATA RETENTION & STORAGE
BitGo only keeps or Processes Personal Data for as long as reasonably necessary to carry out its business and legal purposes. Personal Data is deleted or anonymized when no longer required for the purposes for which it was collected. The specific periods for which we keep information about you vary depending on the nature of the information, why we need it, and whether the Personal Data is de-identified. We also consider the minimum necessary retention period prescribed by applicable laws, recommended by industry standards, and contractual and other legal obligations. Additionally, you may request deletion of your Personal Data consistent with Section 7 “Data Subject Rights” below.
We may be legally required to retain your Personal Data to:
comply with legal obligations;
resolve disputes; and
enforce rights.
Storage: We use data hosting service providers in the U.S. to store information we have about you, and we use reasonable technical measures to secure your information.
6. PERSONAL DATA SHARED WITH THIRD PARTIES
We share information we have about you with third parties, service providers, and affiliate companies who assist us with administering our services. Any third parties that we share your Personal Data with are limited by law and by contract in their ability to use your Personal Data. BitGo requires third party service providers acting on our behalf or with whom we share your information to provide appropriate security measures in accordance with industry standards and in compliance with this Policy, their privacy and security obligations, and any other appropriate confidentiality and security measures. However, we are not responsible for the privacy and data security practices of third parties outside of Personal Data we receive from or transfer to them, as such liability is limited by law. Additionally, we may share Personal Data with other parties in connection with corporate transactions, which may include, among others, mergers, asset transfers or bankruptcy. We also may provide Personal Data with other parties with your consent or at your direction. For additional information, please see our GLOBAL PRIVACY NOTE.
7. DATA SUBJECT RIGHTS
BitGo would like to make sure you are fully aware of all of your data protection rights under the GDPR. Every user is entitled to the following:
The right to access: You have the right to request copies of your Personal Data from BitGo.
The right to be informed: You have a right to be informed about the collection and use of your Personal Data.
The right to rectification: You have the right to request that BitGo corrects any information you believe is inaccurate. You also have the right to request that we complete any information you believe is incomplete.
The right to erasure: You have the right to request that BitGo erases your personal data, under certain circumstances.
The right to restrict processing: You have the right to request that BitGo restricts the processing of your personal data, under certain circumstances.
The right to object to processing: You have the right to object to BitGo’s processing of your personal data, under certain circumstances.
The right to data portability: You have the right to request that BitGo transfer its data on you to another organization, or directly to you, under certain conditions.
The right to not to be subject to a decision based solely on automated processing: You have a right to not to be subject to a decision when it is based on automated processing and it produces an adverse legal effect.
If you make a request, we have one month to respond to you. However, if the request is complex and/or numerous, we are permitted to extend the deadline. We will inform you, within one month, if we need an extension and why the extension is necessary. If you would like to exercise any of these rights, please contact us at our email privacy@bitgo.com with the subject “GDPR Request”.
8. COOKIES
Cookies are small text files that are stored through the browser on your computer or mobile device. Cookies serve a variety of functions; they help you navigate between website pages efficiently and may improve the user experience on a website. Cookies vary in duration (they can be “persistent” or “session-based”), and by whom they are served (“first party” cookies are directly from us; “third party” cookies are from other parties on our behalf).
BitGo and our service providers use cookies to collect information about your browsing activities over time and across different website pages. At BitGo, we use cookies to:
Administer our services
Analyze services usage and trends
Track your browsing history
Improve the services functionality
For further information please review Section 4 of BitGo’s GLOBAL PRIVACY NOTE.
9. INTERNATIONAL DATA TRANSFER
BitGo is a company based in the United States (U.S.). We use data hosting service providers in the U.S. to host the information we collect from or about you. When we transfer your Personal Data outside of the EEA or the UK, we will do so in accordance with the GDPR using a valid cross-border transfer mechanism. To the extent required by applicable law, we will protect the cross-border transfer of your Personal Data through the use of applicable legal adequacy mechanisms. We generally use approved Standard Contractual Clauses to ensure the Personal Data is adequately protected when it is transferred outside the EEA or the UK to countries without an adequate level of data protection.
Please contact us via email at privacy@bitgo.com with the subject “GDPR Request.” If you would like more information about cross-border transfers or to obtain a copy of the Standard Contractual Clauses. We also transfer your Personal Data to third parties as described above in Section 6, “Personal Data Shared with Third Parties”.
10. PRIVACY POLICIES OF OTHER WEBSITES
The BitGo website contains links to other websites and services. Our privacy notice applies only to our website, so if you click on a link to another website or service, you should review their privacy notice.
11. CHANGES TO THIS NOTICE
We may change or update this Online Notice in the future, and reserve the right to do so. When we do, we will post the revised version on our website. This notice was last updated and became effective on the date posted at the top of this page. If we make material changes to this Online Notice, it will either be noted on our website that material changes have been made or we will notify our clients by email.
12. CONTACTING SUPERVISORY AUTHORITY
Should you wish to report a complaint or if you feel that BitGo has not addressed your concerns to your satisfaction or has otherwise violated your rights, you may contact the data protection authority of the country where you work, live, or otherwise believe your rights have been infringed.
13. CONTACT US
If you have any questions about this policy or our privacy practices please contact us by email at privacy@bitgo.com with the subject “GDPR Request.”
