개인정보보호 정책
Last updated and effective: Jan 19, 2022
BITFISH LIMITED d/b/a stakefish (“Stakefish”, “we”, “us” or “our”) respects your privacy and is committed to protecting your personal information or, as otherwise termed, “personal data”.
The purpose of this privacy policy (the “Policy”) is to provide you with information about our privacy practices generally and what information we may collect, use and share about you when you visit our website stake.fish (the “Website”) and/or when you use our stakefish Ethereum staking 2.0 service (the “Services”), details about which may be obtained here.
This Policy informs you about: (i) how we will handle and look after your personal data, (ii) our obligations in regard to processing your personal data responsibly and securely, (iii) your data protection rights as a data subject, and (iv) how the law protects you. This Policy should be read in conjunction with our Terms of Service.
For purposes of clarity, this Policy does not apply to any other service/s which we may offer, whether or not accessed through our website, unless otherwise specified.
WHO WE ARE AND HOW TO CONTACT US
Stakefish is the controller and responsible for determining what personal information we collect and how it is used or shared.
We are registered in Malta with company registration number C88863 and have our registered office at 3 Ta Grezzja Triq Dun Karm Cachia, Zebbug (Gozo), Malta.
stake.fish is a Website operated by us, BITFISH LIMITED. The Website is not intended for minors and the Services are not offered to minors. As such, we do not knowingly collect personal data relating to minors.
From time to time, we may update and change this Privacy Policy. When we make changes to this Privacy Policy, we will update the Effective Date listed above. We encourage you to check regularly for updates to this Privacy Policy. Every time you wish to use our site, please check these terms to ensure you understand the terms that apply at that time.
If you have any questions about our Privacy Policy or privacy practices, please contact us by email at [email protected].
QUERIES AND COMPLAINTS
We have appointed a data protection contact point (“DPCP”) who is responsible for overseeing questions in relation to this Notice and our processing activities in general.
If you have any questions or requests, including any requests to exercise your legal rights as a data subject, please contact the DPCP using the details set out below.
Contact Details
Full name of legal entity: | BITFISH LIMITED |
Name of DPCP: | Eduardo Tongson |
Email address: | [email protected] |
Postal address: | 3 Ta Grezzja Triq Dun Karm Cachia, Zebbug (Gozo), Malta |
You have the right to lodge a complaint at any time to a competent supervisory authority on data protection matters, such as in particular the supervisory authority in the place of your habitual residence or your place of work. In the case of Malta, this is the Office of the Information and Data Protection Commissioner (the “IDPC”) (https://idpc.org.mt). We would, however, appreciate the opportunity to deal with your concerns before you approach the supervisory authority, so please contact us in the first instance.
Third-Party Links
Our Website and/or Services may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy notices, statements or policies.
We encourage you to read the privacy notice of every website you visit.
INFORMATION WE COLLECT ABOUT YOU
We collect personal information directly from you and indirectly about you when you contact us or use our Services or Website. The information we may collect from or about you includes:
- Identifying and Contact Information: name, email address or phone number.
- Transaction Information: information about the Signing Key that we create and use at your direction, validation metrics and other metrics in connection with our Service, and other information related to your Deposit Contract (all as defined in your Service Agreement), as well as information about accounts you use for payment for our Service, such as the address from which you send Ether or other payment.
- Technical Information: internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website or Service.
- Usage Information: information about how you use our website or Service, such as duration, time of day and pages you visit.
- Marketing Information: your preferences to receive marketing information from us.
- Geolocation Information: identifying your location to ensure we provide our Service only in certain countries.
We do not knowingly collect special categories of personal data or sensitive personal data about you. Should we receive sensitive personal data about you, we will only process that data where there is lawful ground and reason to do so and, in all circumstances, in accordance with our obligations at law and under the appropriate safeguards.
HOW WE USE YOUR INFORMATION
We use the information that we collect from and about you only when the law allows us to and for the following business purposes:
- To provide our Services, as requested by you
- To fulfill a contract with you or a third-party
- To protect the security and integrity of our business and Service
- For marketing purposes
- The sale, merger or other reorganization of our business
- For compliance with legal obligations, such as the prevention, detection or investigation of a crime, loss prevention or fraud
- When necessary for our legitimate interests (and your interests and fundamental rights do not override those interests).
OUR LEGAL BASIS TO COLLECT INFORMATION
The chart below describes the ways we may use your personal information and the legal basis we rely upon to use your information. We have also identified our legitimate interests where appropriate.
Purpose/Activity | Type of Information | Lawful basis for Processing |
---|---|---|
To register you as a customer | Identifying and Contact Information | Performance of a Contract with you |
To deliver the Service | Identifying and Contact Information; Transaction Information; Geolocation Information | Performance of a Contract with you Necessary for our legitimate interests (recovering any owed amounts) |
To manage our relationship with you, including responding to questions, providing requested marketing information, engaging on social media platforms. | Identifying and Contact Information; Transactional Information; Social Media Application Information; Marketing Information. | Performance of a Contract with you Necessary for our legitimate interests (improve our Service, grow our business) |
(a) To detect, investigate and prevent and/or report fraudulent activity and/or any other criminal activity. (b) To assist and cooperate in any criminal or regulatory investigations against you, as may be required of us. (c) Risk Management: to effectively operate our audit, compliance controls and other risk management functions. | Identifying and Contact Information, Technical Information, Usage Information, Geolocation Information. | Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security and prevention of hacks and other attacks, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) Necessary to comply with a legal obligation. |
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data) | Identifying and Contact Information, Technical Information, Usage Information, Geolocation Information. | Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud, and in the context of a business reorganization) Necessary to comply with a legal obligation |
To use data analytics to improve our website, products and services, marketing, customer relationships, and experiences | Technical Information; Usage Information. | Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business, and to inform our marketing strategy) |
Marketing
We strive to provide you with choices regarding certain personal data uses in relation to your account. Through your Identifying, Usage and Marketing Data, we can form a view on what we think you may want or need in regard to our Services.
You may receive marketing from us (which may consist of newsletters, industry updates, mailshots, publications, promotional materials and/or information about our events) where:
- you provide your consent to receiving such marketing material; or
- you have an ongoing commercial or contractual relationship with us (e.g. where we consider you to be an active customer); AND
- PROVIDED you have not opted out of receiving marketing from us (see Your right to object below).
Third-Party Marketing
We will get your express opt-in consent before we share your personal data with any third parties (including our associated or related corporate entities) for marketing purposes.
Opting Out
You can ask us to stop sending such advertising and marketing communications at any time by:
- following the opt-out links on any marketing message sent to you;
- contacting us at any time at [email protected].
Where you opt out of receiving such communications, this will not apply to personal data processed or provided to us as a result of your entry into a customer relationship with us and our Platform or as a user of our Services.
CHANGE OF PURPOSE
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose, or we are obliged to process your data by applicable laws or court or other enforceable orders.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without the need to obtain your consent, in compliance with the above rules, where this is required or permitted by law.
Additional information about our policies governing cookies and other track technologies on our Website can be found here.
HOW WE SHARE YOUR INFORMATION
We may disclose or share your information with other parties/entities for a business purpose.
- Service Providers/Vendors. We outsource certain support services to vendors or service providers. We require all service providers/vendors to process your information in accordance with applicable law and consistent with our specific instructions.
- Business Partners. In order to provide the Service you request, we may need to share your information with our Business Partners.
- Our professional advisers. (such as our auditors, accountants, financial advisers and legal counsel);
- To regulators, government bodies and tax authorities (local and overseas) when required by applicable laws and/or regulations).
- To any relevant party, claimant, law enforcement agency or court, to the extent necessary for the establishment, exercise or defence of legal claims in accordance with applicable law and regulation; and
- To any relevant party for the purposes of prevention, investigation, detection or prosecution of criminal offences in accordance with applicable law and regulation.
- Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets (successors in title). Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, the new owners may use your personal data in the same way as set out in this Notice.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law.
Data Transfer
Your information may be stored and processed outside of your home country.
Due to the global nature of our business and service providers, your personal data may be transferred and stored in countries outside of the EEA. Some of these countries may have been deemed by the European Commission to have the same level of protection as countries in respect of which EU data protection law applies. For any such transfer, we will ensure that at least one of the following safeguards applies or is otherwise implemented:
- The country to which your data is being transferred has been deemed to provide an adequate level of protection for personal data by the European Commission (i.e. an “adequacy decision”); or
- In the absence of an adequacy decision, we will use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
Failing those safeguards, we will only transfer your data provided that:
- the transfer is necessary for the performance of a contract concluded in your interests between us and another person;
- the transfer is necessary for important reasons of public interest;
- the transfer is necessary for the filing, or defence, of legal claims; OR
- you have explicitly consented to the transfer.
YOUR LEGAL RIGHTS
Depending on your location, applicable law may provide you with certain rights to manage your personal information. These rights may include:
- Access to your personal data: this enables you to receive a copy (first copy is free of charge) of the personal data we hold about you and to check that we are lawfully processing it.
- Correction of your personal data: this enables you to have any incomplete or inaccurate data we hold about you corrected and/or updated, though we may need to verify the accuracy of the new data you provide us with. It is in your interest to keep us informed of any changes or updates to your personal data.
Erasure: this enables you to ask us to delete or remove your personal data only where:
- There is no good reason for us to continue to process such;
- You have successfully exercised your right to object to processing (see below);
- We may have processed your information unlawfully; or
- We are required to erase your personal data to comply with local law.
Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. Most commonly, this will be where further processing of the personal data is required by us to:
- comply with a legal obligation to which we are subject;
- assert, exercise or defence of legal claims (including possible future claims).
- Objection to the processing of your personal data: where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts your fundamental rights and freedoms.
Restricting the processing of your personal data: this enables you to ask us to suspend the processing of your personal data in the following scenarios:
- If you want us to establish the data’s accuracy;
- Where our use of the data is unlawful but you do not want us to erase it;
- Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend a legal claim; or
- You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Transferring your personal data: you may request to have your personal data transferred to a third party in a structured commonly used machine readable format. This right only applied to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you; and
- Withdrawing your consent to the processing of your personal data at any time: where we are relying on consent to process your personal data (which will not generally be the case). This will not however affect the lawfulness of any processing which we carried out before you withdrew your consent.
Kindly note that none of these data subject rights are absolute, and must generally be weighed against our own legal obligations and legitimate interests. If a decision is taken to override your data subject request, you will be informed of this by our data protection team along with the reasons for our decision.
If you would like to exercise any of your rights, please complete the Data Subject Request Form which may be accessed via this link.
SECURITY
We have security measures in place that follow ISO27001/ISMS standards to protect against the loss, misuse, and alteration of any personal information we receive from you. We will notify you and any applicable regulator of a breach where we are legally required to do so.
As with any transmission over the Internet, however, there is always some element of risk involved in sending personal information.
DATA RETENTION
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We will only retain your personal data for as long as necessary in order to fulfil the purposes for which we collected it, i.e. the performance of our customer relationship with you (whilst ongoing), and thereafter:
- for the purpose of satisfying any legal, accounting, tax or reporting obligations to which we may be subject; and/or
- to the extent that we may also need to retain your personal data to be able to assert, exercise or defend possible future legal claims against or involving you.
By and large, we will maintain and retain your personal data throughout the period of your customer relationship with us and for a further period of five (5) years from the date of its termination. This retention period enables us to make use of your personal data in order to satisfy any applicable reporting obligations to public authorities and/or for the assertion, filing or defense of possible legal claims by or against you (taking into account applicable prescriptive periods). In certain cases, we may need to retain personal data for a period of up to eleven (11) years to comply with applicable accounting and tax laws (this will primarily consist of your Transaction Data and records).
There may also be other instances where the need to retain certain items of personal data about you for longer periods, as dictated by the nature of the relationship and/or services provided.
Kindly contact us at [email protected] for further details about the retention periods that we apply.
CONTACT
If you have any questions about this Privacy Policy or our privacy practices, please contact us at: [email protected]