This comprehensive privacy policy ("Policy") is designed to inform you, in extensive detail, of your rights and our practices in relation to your Personal Information (as defined in Section 3). For the purposes of this Policy, "we," "us," "our," and the "Company" refer to ZircuitDEX, a decentralized finance protocol operating on the blockchain, with its primary operational base located at Beachmont, Kingstown, Saint Vincent and the Grenadines.
This Policy provides an in-depth explanation of all areas of our Platform and Services that may affect your privacy and personal details. It meticulously outlines how we process, collect, manage, and store those details, and elaborates on your rights in relation to your personal data.
For the purpose of this Policy, "Personal Information" encompasses any and all information relating to an identified or identifiable individual, including but not limited to names, identification numbers, location data, online identifiers, or factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that individual. This definition also extends to include any information relating to your use of our Platform and Services, your interaction with our smart contracts, your wallet addresses, and your transaction history on the blockchain.
By accessing, interacting with, or registering on the Platform, you explicitly acknowledge and consent to our rules and policies which set out how we handle your Personal Information. You understand and agree that we may collect, process, use, and store your Personal Information as described in this Policy, which includes both on-chain and off-chain data processing. If you do not agree with any part of this Policy, you are strongly advised to refrain from accessing the Platform or using our Services.
It is crucial to note that this Policy does not apply to information that you may submit to third-party websites, decentralized applications, or smart contracts that may link to the Platform or be linked to on the Platform. We bear no responsibility for the actions, smart contract interactions, or privacy practices of third-party websites, applications, or smart contracts. You are strongly encouraged to consult those websites, applications, and smart contract documentation directly to understand their privacy practices and data handling procedures.
As this Policy constitutes an integral and inseparable part of the Terms & Conditions, all capitalized terms used in this Policy shall have the same meanings as those defined in the Terms & Conditions, unless explicitly stated otherwise herein.
At ZircuitDEX, we are steadfastly committed to protecting the privacy and security of Personal Information entrusted to us by our Users. To ensure the utmost transparency and rigorous compliance with applicable data protection laws and regulations, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant international data protection frameworks, we adhere to the following comprehensive principles of Personal Information processing:
We process Personal Information in a lawful, fair, and transparent manner at all times. This principle is the cornerstone of our data processing activities and governs every aspect of our interactions with your data.
- Lawfulness: Every instance of data processing is based on at least one of the lawful grounds specified in applicable data protection laws. These may include consent, contractual necessity, legal obligation, vital interests, public task, or legitimate interests.
- Fairness: We ensure that our data processing practices do not have any unjustified adverse effects on our Users. We consider the impact of our processing activities on individuals and balance our interests against those of our Users.
- Transparency: We provide clear, unambiguous information about our data processing activities. This includes:
- Detailed explanations of the purposes for which Personal Information is collected, used, and disclosed.
- Comprehensive information about the types of Personal Information collected and the methods of collection.
- Clear communication about the duration for which Personal Information will be stored.
- Explicit information about any automated decision-making processes, including profiling.
- Detailed information about Users' rights in relation to their Personal Information.
- Clear guidelines on how Users can exercise their rights.
We strive to ensure that Users are fully aware of how and why their Personal Information is being processed. We provide this information in clear, plain language, avoiding legal and technical jargon wherever possible to ensure accessibility for all Users.
We collect and process Personal Information for specified, explicit, and legitimate purposes only. We are committed to ensuring that we do not process Personal Information in a manner that is incompatible with those purposes.
- Specified Purposes: Before collecting any Personal Information, we clearly define and document the specific purposes for which the data will be used. These purposes are communicated to Users at the point of data collection.
- Explicit Purposes: We ensure that the purposes for data processing are clearly explained and not hidden or implied. Users are made fully aware of how their data will be used.
- Legitimate Purposes: All our data processing purposes are lawful and align with our business objectives while respecting Users' rights and expectations.
- Compatible Processing: If we intend to process Personal Information for a new purpose that is not compatible with the original purpose of collection, we will seek new consent from the User or ensure that the new processing is based on a new lawful ground.
We only collect and use Personal Information to the extent necessary to fulfill the stated purposes and in accordance with:
- The consent obtained from the User
- Our contractual obligations
- Our compliance with legal obligations
- Legitimate interests pursued by the Company, provided these interests are not overridden by the Users' interests or fundamental rights and freedoms
We are committed to collecting and processing only Personal Information that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed. This principle is fundamental to our data protection strategy and is implemented across all our data processing activities.
- Adequacy: We ensure that the Personal Information we collect is sufficient to properly fulfill the stated purposes, but does not go beyond what is needed.
- Relevance: All Personal Information collected has a direct and clear link to the purpose of processing. We regularly review our data collection practices to ensure we are not collecting any irrelevant data.
- Limitation: We limit our data collection and processing to what is strictly necessary. This includes:
- Collecting only the specific data points required for each purpose
- Limiting access to Personal Information within our organization on a need-to-know basis
- Regularly reviewing and updating our data collection forms and processes to remove any unnecessary fields or requests
We strive to minimize the amount of Personal Information we collect and retain, ensuring that the data is accurate, up-to-date, and necessary for the intended purposes. This includes:
- Regular data accuracy checks and updates
- Implementing data deletion and anonymization processes when data is no longer needed
- Providing Users with easy-to-use tools to update their own information
We take extensive and reasonable steps to ensure the accuracy of Personal Information and keep it up-to-date. This principle is crucial for maintaining the integrity of our data processing activities and ensuring fair treatment of our Users.
- Data Input Accuracy: We implement validation checks at the point of data entry to minimize errors.
- Regular Updates: We have processes in place to regularly verify and update the Personal Information we hold. This includes:
- Periodic prompts for Users to review and update their information
- Cross-referencing data across different systems to identify and resolve inconsistencies
- Implementing data cleansing techniques to identify and correct inaccuracies
- User-Driven Accuracy: We rely on Users to provide accurate and complete information, and we provide easily accessible mechanisms for them to update or correct their Personal Information when necessary. This includes:
- Self-service portals for Users to review and update their information
- Clear instructions on how to request corrections to Personal Information
- Prompt handling of update requests received through our customer support channels
- Third-Party Data Verification: When appropriate and with User consent, we may use third-party services to verify the accuracy of certain data points, such as address verification services.
- Data Accuracy Audits: We conduct regular audits of our databases to identify potential inaccuracies or inconsistencies in Personal Information.
- Training: We provide training to our staff on the importance of data accuracy and the procedures for maintaining accurate records.
We are committed to correcting any inaccurate Personal Information promptly upon discovery or notification. If we identify that incorrect Personal Information has been shared with third parties, we take reasonable steps to inform those third parties of the correction.
We retain Personal Information only for as long as is necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law. This principle is crucial for minimizing data protection risks and ensuring that we do not keep Personal Information for longer than needed.
- Purpose-Based Retention: We define retention periods for different categories of Personal Information based on the purpose for which it was collected. These retention periods are regularly reviewed and updated as necessary.
- Legal and Regulatory Compliance: We ensure our retention periods comply with all applicable legal and regulatory requirements. This includes:
- Retaining certain types of Personal Information for specific periods as mandated by law
- Implementing longer retention periods where necessary for the establishment, exercise, or defense of legal claims
- User Account Lifecycle Management: We have clear policies for retaining and deleting Personal Information throughout the lifecycle of a User's account, including:
- Retention during active use of the account
- Handling of data when an account becomes dormant
- Processes for data deletion or anonymization when an account is closed
- Data Minimization Over Time: We regularly review the Personal Information we hold to determine whether it is still necessary for the purposes for which it was collected. This includes:
- Identifying and securely deleting or anonymizing data that is no longer needed
- Implementing data archiving strategies to move older, less frequently accessed data to separate storage systems
- Consent Withdrawal and Account Deletion: If a User withdraws their consent for the processing of their Personal Information, or deletes their account, and we have no other legal basis for retaining the data, we promptly delete or anonymize the relevant Personal Information.
- Exception Handling: In certain cases, we may need to retain Personal Information for longer periods. These exceptions are clearly defined and justified, and may include:
- Retention for scientific, historical research, or statistical purposes
- Retention to comply with legal obligations or to protect the vital interests of the User or another natural person
When Personal Information is no longer necessary for the purposes for which it was collected or processed, we take appropriate steps to delete or anonymize the data. These steps include:
- Removal from active databases and systems
- Secure erasure of electronic records
- Shredding of physical documents
- Overwriting of digital storage media
- Use of specialized data erasure software for secure deletion
- Discontinuation of data processing activities related to that data
We maintain detailed logs of our data deletion activities to demonstrate compliance with this principle.
We implement robust and appropriate technical and organizational measures to protect Personal Information against unauthorized access, accidental loss, alteration, or disclosure. This principle is fundamental to maintaining the trust of our Users and protecting their rights.
- Comprehensive Information Security Management System (ISMS): We have implemented an ISMS that adheres to international standards such as ISO 27001. This system includes:
- Regular risk assessments and audits
- Incident response and business continuity plans
- Employee training and awareness programs
- Access Control: We maintain strict access controls to ensure that Personal Information is only accessible to authorized personnel on a need-to-know basis. This includes:
- Role-based access control (RBAC) systems
- Multi-factor authentication for accessing sensitive systems
- Regular review and updating of access privileges
- Data Encryption: We use industry-standard encryption technologies to protect Personal Information both in transit and at rest. This includes:
- SSL/TLS encryption for data transmission
- Encryption of sensitive data fields in databases
- Full-disk encryption for portable devices
- Network Security: We employ multiple layers of network security controls, including:
- Next-generation firewalls
- Intrusion Detection and Prevention Systems (IDS/IPS)
- Regular vulnerability scanning and penetration testing
- Physical Security: We maintain strict physical security measures for our offices and data centers, including:
- Access control systems
- CCTV surveillance
- Environmental controls (fire suppression, climate control, etc.)
- Data Loss Prevention (DLP): We have implemented DLP solutions to prevent unauthorized exfiltration of sensitive data.
- Vendor Management: We carefully select and monitor our third-party service providers, ensuring they maintain appropriate security standards through:
- Vendor security assessments
- Contractual obligations for data protection
- Regular compliance checks
- Incident Response: We have a comprehensive incident response plan in place to quickly detect, respond to, and mitigate any data breaches or security incidents.
- Data Integrity Checks: We use checksums, error-correcting codes, and other techniques to ensure the integrity of stored data.
- Secure Development Practices: Our development team follows secure coding practices and conducts regular security code reviews.
- Continuous Monitoring: We employ 24/7 monitoring of our systems to detect and respond to potential security threats in real-time.
We maintain the confidentiality, integrity, and availability of Personal Information through these physical, technical, and administrative safeguards, constantly updating our practices to address new and emerging threats.
We take full responsibility for our data processing activities and have implemented comprehensive measures to ensure compliance with applicable data protection laws. This principle underpins all our data protection efforts and demonstrates our commitment to responsible data handling.
- Data Protection Officer (DPO): We have appointed a qualified DPO who oversees our data protection strategy and ensures compliance with data protection laws. The DPO:
- Reports directly to the highest level of management
- Acts as a point of contact for Users and supervisory authorities
- Provides expert advice on data protection matters
- Comprehensive Data Protection Policies: We have developed and implemented a suite of data protection policies that cover all aspects of our data processing activities. These policies are regularly reviewed and updated.
- Data Protection Impact Assessments (DPIAs): We conduct DPIAs for high-risk processing activities to identify and mitigate potential privacy risks before they occur.
- Employee Training: We provide regular, mandatory data protection training to all employees, with specialized training for roles that handle sensitive data.
- Record Keeping: We maintain detailed records of our data processing activities, including:
- Purposes of processing
- Categories of Personal Information processed
- Recipients of Personal Information
- Data retention periods
- Security measures implemented
- Privacy by Design and Default: We integrate data protection considerations into all our projects and processes from the outset, ensuring that privacy is built into our systems and practices.
- Regular Audits and Assessments: We conduct regular internal and external audits of our data protection practices to identify areas for improvement and ensure ongoing compliance.
- Breach Notification Procedures: We have established clear procedures for detecting, reporting, and investigating personal data breaches, in line with legal requirements.
- Vendor Management: We carefully select and monitor our data processors, ensuring they comply with our data protection standards through contractual obligations and regular audits.
- Continuous Improvement: We continuously review and update our data protection practices to address new risks, technologies, and regulatory requirements.
- Transparency: We are committed to being open about our data processing activities and provide clear, accessible information to our Users about how we handle their Personal Information.
- User Rights Management: We have implemented robust processes to handle User requests related to their data protection rights, ensuring timely and comprehensive responses.
It is imperative to note that these principles guide our approach to Personal Information processing, and we continuously review and update our practices to ensure ongoing compliance with evolving legal and regulatory requirements. Our commitment to these principles is unwavering, and they form the foundation of our data protection strategy.
At ZircuitDEX, we collect and use various types of Personal Information to provide, improve, and protect our Services. This section provides a comprehensive overview of the categories of Personal Information we collect, the methods of collection, and the purposes for which this information is used.
We receive and store information that you provide to us directly or give to us in any other way. This includes:
- Wallet Information:
- Wallet addresses
- Types of cryptocurrencies held
- Transaction history
- Communication Data:
- Contents of messages, emails, or other communications you send us
- Support ticket information
- Feedback or survey responses
- Preference Information:
- Language preferences
- Notification settings
- Privacy settings
This information is collected and used for various purposes, including:
- Provision of Services: To fulfill our contractual obligations and provide you with access to our Platform and Services.
- Account Management: To create, maintain, and secure your account.
- Identity Verification: To comply with Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations.
- Communication: To respond to your inquiries, provide support, and send important updates about our Services.
- Personalization: To tailor our Services to your preferences and improve your user experience.
- Legal Compliance: To meet our legal and regulatory obligations.
When you contact us through our customer support channels, we may collect additional information to assist you effectively. This includes:
- Full name and contact details provided during the support interaction
- Account identifiers (e.g., username, email address)
- Details of the issue or query you're contacting us about
- Any additional information you choose to provide to help us resolve your issue
- Transcripts or recordings of support calls (with your consent)
- Chat logs from live support sessions
This information is collected and used for the following purposes:
- To provide efficient and effective customer support
- To improve our Services based on common issues or feedback
- To train our customer support team
- To maintain a record of our interactions for quality assurance and legal purposes
We automatically collect certain information about you and your devices when you access or use our Platform. This information is crucial for enhancing and personalizing your experience, as well as ensuring the security and proper functioning of our Services. The information we automatically collect includes:
- Device Information:
- Device type (e.g., desktop, mobile, tablet)
- Operating system and version
- Browser type and version
- Screen resolution
- Device identifiers (e.g., IMEI number, MAC address)
- Mobile carrier (for mobile devices)
- Network Information:
- IP address
- Connection type (e.g., WiFi, cellular data)
- Internet Service Provider (ISP)
- Network performance data
- Geolocation Data:
- Approximate location derived from IP address
- Precise location (with your consent, for mobile devices)
- Usage Information:
- Pages or screens viewed
- Features and functions used
- Time spent on the Platform
- Navigation paths between pages or features
- Search queries within the Platform
- Frequency and timing of your use of the Services
- Transaction Data:
- Types of transactions performed
- Transaction amounts
- Transaction timestamps
- Sending and receiving addresses
- Log Data:
- Access times and dates
- Hardware and software errors
- Crash reports
- Request and response payloads
- Cookies and Similar Technologies:
We use cookies, web beacons, pixels, and similar technologies to collect information about your interactions with our Platform. For more detailed information about our use of these technologies, please refer to our Cookie Policy. The types of information collected through these methods include:
- Session identifiers
- Authentication status
- Personalization preferences
- Analytics data (e.g., page views, click patterns)
- Advertising identifiers
This automatically collected information is used for various purposes, including:
- Ensuring the security and integrity of our Platform
- Detecting and preventing fraud and unauthorized access
- Analyzing usage patterns to improve our Services
- Personalizing content and features
- Optimizing performance and user experience
- Conducting statistical analyses and generating aggregated insights
- Complying with legal and regulatory requirements
We may receive information about you from third parties to enhance our Services, improve security, and comply with legal obligations. This includes:
- Information from Social Media Platforms:
When you interact with our Platform using social media accounts or choose to log in through a social media service, we may collect:
- Account ID or username
- Profile information (e.g., name, profile picture)
- Email address associated with the social media account
- Friends lists or connections
- Posts or comments made on our social media pages
- Analytics Information:
We work with third-party analytics providers to better understand how users interact with our Platform. The information collected may include:
- User behavior data (e.g., click patterns, navigation flows)
- Performance metrics (e.g., page load times, error rates)
- Demographic information (in aggregate form)
- Blockchain and Cryptocurrency Data:
We may collect publicly available blockchain data related to wallet addresses that interact with our Platform, including:
- Transaction histories
- Token balances
- Smart contract interactions
This information received from third parties is used for purposes including:
- Enhancing the security and integrity of our Platform
- Improving our fraud detection and prevention capabilities
- Personalizing and optimizing our Services
- Complying with legal and regulatory obligations
- Analyzing market trends and user behavior to improve our offerings
- Targeting and optimizing our marketing efforts
We do not collect any special categories of Personal Information about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data) unless explicitly required for regulatory compliance or with your express consent.
It's important to note that while we collect and process this wide range of information, we do so in accordance with the principles outlined in Section 2 of this Policy, always striving to minimize data collection and ensure that we only process information that is necessary for our stated purposes.
At ZircuitDEX, we collect and use your Personal Information for various purposes, always ensuring that our processing activities are lawful, fair, and transparent. This section provides a comprehensive overview of the reasons why we collect and process your Personal Information, along with the legal bases for such processing under applicable data protection laws.
We may process your Personal Information where it is necessary for our legitimate interests (or those of a third party), provided that your fundamental rights and freedoms do not override those interests. Our legitimate interests include:
- Fraud Prevention and Security:
- Detecting and preventing fraudulent transactions
- Protecting our Platform from unauthorized access or cyber attacks
- Ensuring the integrity of our blockchain operations
- Implementing and maintaining robust security measures
- Network and Information Security:
- Monitoring and improving the performance of our systems
- Identifying and mitigating technical issues and vulnerabilities
- Ensuring the reliability and stability of our Services
- Business Operations and Improvement:
- Analyzing user behavior to enhance our Services
- Developing new features and functionalities
- Conducting market research and analysis
- Managing our business operations efficiently
- Legal and Regulatory Compliance:
- Adhering to applicable laws and regulations in the jurisdictions where we operate
- Cooperating with law enforcement and regulatory authorities when required
- Maintaining records for audit and compliance purposes
- Risk Assessment and Management:
- Evaluating and managing financial, operational, and reputational risks
- Conducting due diligence on users and transactions
- Implementing appropriate risk mitigation measures
Some processing activities based on legitimate interests include:
- Analyzing transaction patterns to detect unusual activity
- Using log data to investigate and prevent security incidents
- Aggregating user data to generate insights for service improvements
- Maintaining blacklists of known fraudulent actors or compromised accounts
We process Personal Information where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract. This includes:
- Service Provision:
- Facilitating cryptocurrency transactions and exchanges
- Providing access to blockchain-based financial services
- Executing smart contracts and decentralized applications (dApps)
- Calculating and displaying account balances and transaction histories
- Customer Support:
- Responding to your inquiries and support requests
- Resolving technical issues or disputes
- Providing information about our Services and your account
- Feature Access:
- Granting access to specific platform features based on your account type or subscription level
- Implementing and enforcing usage limits or restrictions as per our terms of service
Processing activities based on contractual necessity include:
- Processing transaction requests initiated by you
- Storing and retrieving your wallet information for transaction purposes
- Calculating and applying fees for our Services as per our fee schedule
- Implementing security measures required by our terms of service, such as two-factor authentication
We may process your Personal Information when it is necessary to comply with a legal obligation to which we are subject. This includes:
- Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) Compliance:
- Conducting Know Your Customer (KYC) checks
- Monitoring transactions for suspicious activity
- Reporting suspicious transactions to relevant authorities
- Maintaining records of customer due diligence
- Tax Compliance:
- Collecting and reporting tax-related information as required by law
- Providing transaction histories for tax reporting purposes
- Cooperating with tax authorities in case of audits or investigations
- Regulatory Reporting:
- Submitting required reports to financial regulators
- Complying with information requests from regulatory bodies
- Maintaining records of regulatory compliance activities
- Legal Proceedings:
- Responding to subpoenas, court orders, or legal process
- Establishing, exercising, or defending legal claims
- Cooperating with law enforcement investigations
Processing activities based on legal obligations include:
- Verifying user identities against government-issued ID documents
- Screening users against sanctions lists and politically exposed persons (PEP) databases
- Generating and maintaining transaction logs for regulatory reporting
- Implementing and enforcing transaction limits as required by AML regulations
In some cases, we may process your Personal Information based on your explicit consent. This is particularly relevant for processing activities that are not necessary for the performance of our contract with you or for our legitimate interests. Examples include:
- Marketing Communications:
- Sending promotional emails or newsletters about our Services
- Conducting marketing campaigns through various channels (e.g., email, SMS, push notifications)
- Personalizing marketing content based on your preferences and behavior
- Cookie Usage:
- Using non-essential cookies and similar technologies for analytics and advertising purposes
- Tracking your online behavior across different websites and services for targeted advertising
- Special Categories of Personal Data:
- Processing sensitive information, such as biometric data for enhanced security features (if applicable)
- Collecting health information for specific Services or features (if applicable)
- Third-Party Data Sharing:
- Sharing your Personal Information with third parties for purposes not directly related to our Service provision
- Allowing third-party integrations that may access your account information
- Location-Based Services:
- Accessing precise location data from your mobile device for location-specific features
Processing activities based on consent include:
- Sending you personalized investment recommendations or market analyses
- Using your transaction history to display targeted advertisements within our Platform
- Sharing your contact information with selected partners for joint marketing initiatives
It's important to note that you have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
In rare circumstances, we may process your Personal Information to protect your vital interests or those of another person. This could include:
- Emergency Situations:
- Contacting emergency services if we believe you or another user is in immediate danger
- Sharing location information with authorities in case of a life-threatening situation
- Fraud Prevention:
- Taking immediate action to prevent substantial financial loss or harm due to fraudulent activity
Processing activities based on vital interests are exceptional and will only be carried out when no other legal basis is applicable and the processing is necessary to protect life or prevent severe harm.
By understanding these various grounds for processing your Personal Information, you can better appreciate how we balance our need to provide efficient and secure Services with your privacy rights. We are committed to ensuring that all our data processing activities are lawful, necessary, and proportionate to the purposes for which the data is collected.
At ZircuitDEX, we recognize the importance of maintaining the confidentiality of your Personal Information. However, in certain circumstances, we may need to share your information with third parties to provide our Services, comply with legal obligations, or further our legitimate business interests. This section provides a detailed overview of the categories of recipients with whom we may share your Personal Information and the purposes for such sharing.
We may share your Personal Information with carefully selected third-party service providers and vendors who perform various functions on our behalf. These include:
- Cloud Service Providers:
- Data storage and hosting services
- Cloud computing resources for processing transactions and running our platform
- Backup and disaster recovery services
- Analytics Providers:
- Web and mobile analytics services to help us understand user behavior
- Performance monitoring tools to ensure the reliability of our platform
- User segmentation and cohort analysis services
- Customer Support Services:
- Ticketing and customer relationship management (CRM) systems
- Live chat and chatbot providers
- Call center and support desk services
- Payment Processors:
- Fiat currency payment gateways
- Cryptocurrency payment processors
- Banking partners for fiat-to-crypto conversions
- Security and Fraud Prevention Services:
- Anti-fraud and transaction monitoring systems
- Cybersecurity and threat intelligence providers
- Multi-factor authentication services
- Marketing and Communication Services:
- Social media management tools
- Legal and Compliance Services:
- Legal counsel and advisory services
- Regulatory compliance software and services
- Audit and accounting firms
These service providers are contractually obligated to protect your Personal Information and may only use it for the specific purposes we've outlined. We ensure that all our service providers adhere to strict data protection standards and have appropriate safeguards in place.
We may share your Personal Information with other companies within our corporate group or affiliated entities. This sharing is based on our legitimate interests in running and developing our business. Such sharing may occur in the following contexts:
- Shared Services:
- Centralized IT systems and infrastructure
- Group-wide risk management and compliance functions
- Shared customer support and operations centers
- Business Development:
- Cross-promotion of services within our group of companies
- Development of new products and services that complement our offerings
- Corporate Governance:
- Internal audits and investigations
- Implementation of group-wide policies and procedures
We ensure that any such sharing is subject to appropriate confidentiality and data protection agreements within our corporate group.
To facilitate cryptocurrency trading and ensure optimal liquidity, we may share certain Personal Information with partner exchanges and liquidity providers. This includes:
- Trading data necessary to execute orders
- Wallet addresses for transaction processing
- Aggregated trading volume and pattern data
These partners are responsible for the processing of your information in accordance with their own privacy policies. We recommend that you review the privacy policies of any partner exchanges you interact with through our platform.
If we include advertising services on our platform, we may share certain information with advertising partners. This sharing is always subject to your consent and privacy settings. Information shared may include:
- Advertising identifiers (e.g., Google Advertising ID, Apple IDFA)
- Demographic information (in aggregate form)
- Interest categories based on your use of our Services
- Information about your interactions with advertisements
We provide options for you to limit or opt-out from personalized advertising. For more information on how to manage your advertising preferences, please refer to our Cookie Policy.
We may be required to disclose your Personal Information to law enforcement agencies, regulatory bodies, or other public authorities in certain circumstances. These may include:
- Responding to court orders, subpoenas, or other legal processes
- Complying with regulatory investigations or audits
- Reporting suspicious activities as required by anti-money laundering (AML) regulations
- Cooperating with law enforcement in case of criminal investigations
When disclosing information in these contexts, we carefully review each request to ensure it is legally valid and limit the information disclosed to what is strictly necessary to comply with the request.
We may share your Personal Information with professional advisors acting as processors or joint controllers, including:
- Lawyers
- Accountants
- Auditors
- Insurers
- Bankers
This sharing is typically necessary for:
- Obtaining professional advice
- Establishing, exercising, or defending legal claims
- Managing our business risks and compliance obligations
In the event of a merger, acquisition, reorganization, bankruptcy, or other similar event, your Personal Information may be transferred to another entity. This may occur in the context of:
- Due diligence processes during mergers and acquisitions
- Asset transfers in corporate restructurings
- Bankruptcy proceedings
We will notify you via email and/or a prominent notice on our website of any change in ownership or uses of your Personal Information, as well as any choices you may have regarding your Personal Information.
We may share your Personal Information with third parties when you explicitly direct us to do so. This could include:
- Integrations with third-party applications or services you choose to connect to your ZircuitDEX account
- Sharing transaction details with counterparties in peer-to-peer transactions
- Providing proof of funds or transaction history to financial institutions at your request
We may share aggregated or anonymized data that does not directly identify you with third parties for various purposes, including:
- Industry analysis and market research
- Improving our Services and developing new features
- Marketing and promotional materials
- Academic or scientific research in the field of blockchain and cryptocurrencies
This data is stripped of any personal identifiers and cannot be used to identify individual users.
It's important to note that when you access the Platform through third-party services ("Third Party Services"), you must understand that those Third Party Services may collect other information about you (including information you share with them directly or about your use of the Platform) in accordance with their own terms and privacy policies. The privacy practices described in this Policy do not apply to Third Party Services. Any links to Third Party Services do not imply that we endorse or have reviewed the Third Party Services.
ZircuitDEX operates globally, and as such, your Personal Information may be processed in various locations around the world. This section provides detailed information about where your data is processed and the measures we take to ensure its protection.
Your Personal Information will be processed by our employees and service providers on servers located in European Union (EU).
For users within the European Union (EU) or European Economic Area (EEA), we prioritize processing your data within these regions. When data is transferred between EU/EEA countries, it is protected by the uniform data protection standards established by the General Data Protection Regulation (GDPR).
Your Personal Information may be transferred to – and maintained on – computers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ from those of your jurisdiction.
When we transfer Personal Information outside the EU/EEA or UK, we ensure that adequate safeguards are in place. We rely on various legal mechanisms for these transfers, including:
- Adequacy Decisions: Transfers to countries recognized by the European Commission as providing an adequate level of data protection.
- Standard Contractual Clauses (SCCs): We use the European Commission's approved SCCs for data transfers to third countries.
- Binding Corporate Rules (BCRs): For intra-group transfers, we may use approved BCRs.
- Derogations: In limited circumstances, we may rely on specific derogations provided in Article 49 of the GDPR.
To protect your Personal Information when it is transferred internationally, we implement the following safeguards:
- Encryption: Data in transit is protected using industry-standard encryption protocols.
- Access Controls: Strict access controls and authentication measures are in place to ensure only authorized personnel can access Personal Information.
- Data Minimization: We transfer only the Personal Information that is necessary for the specific purpose of the transfer.
- Contractual Safeguards: We enter into data processing agreements with recipients that require them to protect Personal Information to the same standard as required under EU law.
- Regular Audits: We conduct regular audits of our data transfer mechanisms and recipient's data protection practices.
For transfers to jurisdictions deemed high-risk from a data protection standpoint, we implement additional measures, which may include:
- Enhanced encryption and anonymization techniques
- More frequent audits and assessments of data protection practices
- Implementing data localization where required by local laws
- Obtaining additional consent from users for such transfers, where appropriate
We are committed to transparency regarding our data processing locations:
- We will inform you if your Personal Information is to be transferred to a third country or international organization.
- Upon request, we will provide you with information on the appropriate safeguards relating to the transfer.
- You have the right to obtain a copy of the data transfer mechanism under which your Personal Information is transferred outside the EU/EEA.
While we strive to apply consistent data protection standards globally, we also comply with local data protection laws in the jurisdictions where we operate. This may result in some variations in data processing practices to meet local requirements.
In jurisdictions with strict data localization requirements, we maintain local data storage and processing capabilities to ensure compliance with these laws.
Your consent to this Privacy Policy, followed by your submission of Personal Information, represents your agreement to the transfers described in this section. ZircuitDEX will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy. No transfer of your Personal Information will take place to an organization or a country unless there are adequate controls in place, including the security of your data and other personal information.
ZircuitDEX is committed to retaining your Personal Information only for as long as necessary to fulfill the purposes for which it was collected, as outlined in this Privacy Policy, and as required or permitted by applicable laws. This section provides a detailed explanation of our data retention practices.
Our data retention practices are guided by the following principles:
- Purpose Limitation: We retain data only as long as it serves the original purpose for which it was collected.
- Legal and Regulatory Compliance: Retention periods are set to comply with applicable laws and regulations.
- Data Minimization: We regularly review stored data and securely delete or anonymize information that is no longer needed.
- User Rights Respect: We honor user requests for data deletion, subject to legal and operational requirements.
While retention periods may vary depending on the type of data and its purpose, here are general guidelines for common data categories:
- Active Accounts: Retained for the duration of the account's existence.
- Closed Accounts: Basic information retained for 2 years after account closure for legal and operational purposes.
- Completed Transactions: Retained for 2 years to comply with financial regulations and tax requirements.
- Pending or Failed Transactions: Retained for 2 months for troubleshooting and fraud prevention.
- Customer Support Interactions: Retained for 2 years from the date of last interaction.
- Marketing Communications: Retained until you unsubscribe or for 2 years of inactivity, whichever comes first.
- Access Logs: Retained for 3 months for security and performance analysis.
- Usage Statistics: Aggregated and anonymized after 3 months, with raw data deleted.
- Verified Users: Retained for the duration of the account plus 2 years after account closure.
- Unverified or Rejected Applications: Retained for 2 months for fraud prevention and regulatory compliance.
- Payment Details: Retained for the duration of the business relationship plus 2 years for accounting purposes.
- Retained for 2 years from the last interaction or until consent is withdrawn.
In certain circumstances, we may need to retain Personal Information for longer periods:
- Ongoing Investigations: Data relevant to open investigations, audits, or legal proceedings may be retained until the matter is resolved.
- Regulatory Requirements: Specific regulations may require longer retention periods for certain types of data.
- Contractual Obligations: Data may be retained longer if required by contracts with users or third parties.
- Archiving for Public Interest: Some data may be archived for scientific, historical research, or statistical purposes.
We have implemented a systematic review process to ensure our retention practices remain appropriate:
- Annual Review: We conduct an annual review of our data inventory and retention schedules.
- Data Protection Impact Assessments: Retention periods are reassessed when new processing activities are introduced.
- User Feedback: We consider user feedback and requests when reviewing our retention practices.
When Personal Information is no longer necessary for the purposes for which it was collected or processed, we take appropriate steps to delete or anonymize it:
- Secure Deletion: We use industry-standard data wiping techniques to ensure data cannot be recovered.
- Anonymization: Where possible, we anonymize data to retain valuable insights without compromising individual privacy.
- Pseudonymization: In some cases, we may pseudonymize data to reduce privacy risks while retaining necessary information.
You have certain rights regarding the retention of your Personal Information:
- Right to Erasure: You can request the deletion of your Personal Information, subject to legal and operational constraints.
- Data Portability: You can request a copy of your data in a structured, commonly used, and machine-readable format.
- Account Closure: If you choose to close your account, we will initiate our data deletion process, subject to the retention periods outlined above.
If we make significant changes to our data retention practices that affect your Personal Information, we will notify you through email or prominent notice on our Platform.
It's important to note that while we strive to adhere to these retention periods, blockchain technology's immutable nature means that certain transaction data may persist on the blockchain indefinitely. We will clearly communicate which data elements fall into this category during the data collection process.
By understanding our data retention practices, you can be assured that we handle your Personal Information responsibly throughout its lifecycle. If you have any questions about how long we retain specific types of information, please contact us using the details provided in the "Contact Us" section of this Privacy Policy.
At ZircuitDEX, we are committed to upholding your rights under applicable data protection laws. This section provides a comprehensive overview of your rights in relation to your Personal Information and how you can exercise them.
Depending on your jurisdiction, you may have some or all of the following rights:
You have the right to know whether we are processing your Personal Information and to obtain information about such processing. Specifically, you can request:
- Confirmation that we are processing your data
- Access to your Personal Information
- Additional information about how your data is processed
You have the right to have inaccurate Personal Information corrected and incomplete information completed.
In certain circumstances, you have the right to request the deletion of your Personal Information. This right applies when:
- The Personal Information is no longer necessary for the purposes for which it was collected
- You withdraw consent (where processing is based on consent)
- You object to the processing and there are no overriding legitimate grounds for the processing
- The Personal Information has been unlawfully processed
- The Personal Information must be erased for compliance with a legal obligation
You have the right to request the restriction of processing of your Personal Information in certain situations, such as:
- When you contest the accuracy of the data
- When the processing is unlawful, but you oppose erasure
- When we no longer need the data, but you require it for legal claims
- When you have objected to processing pending verification of legitimate grounds
You have the right to receive your Personal Information in a structured, commonly used, and machine-readable format, and to transmit this data to another controller without hindrance.
You have the right to object to processing of your Personal Information in certain circumstances, including:
- Processing based on legitimate interests or public interest
- Direct marketing purposes
- Processing for scientific or historical research or statistical purposes
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.
Where processing is based on consent, you have the right to withdraw that consent at any time.
To exercise any of these rights, please follow these steps:
1. Submit a request:
- Email us at privacy@zircuitdex.com with the subject line "Data Subject Rights Request"
- Contact our Data Protection Officer at dpo@zircuitdex.com
2. Verify your identity:
To protect your information, we will need to verify your identity before processing your request. We may ask you to provide additional information for this purpose.
3. Provide details of your request:
Please be as specific as possible about the right you wish to exercise and any relevant details that can help us process your request efficiently.
We will respond to your request within one month of receipt. If your request is complex or we have received a large number of requests, we may extend this period by an additional two months. In this case, we will inform you of the extension and the reasons for it within one month of receiving your request.
While we strive to honor all valid requests, please note that there may be situations where we are unable to fully comply due to:
- Legal or regulatory requirements
- Contractual obligations
- Technical limitations (especially regarding data stored on the blockchain)
- Potential impact on the rights of other individuals
In such cases, we will explain the reasons for our decision and inform you of your right to complain to a supervisory authority and to seek judicial remedy.
You will not have to pay a fee to access your Personal Information or to exercise any of your other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Please note that if you have accessed our Services through a third-party platform or service, or if you have authorized a third-party application to access your data, exercising your rights with us may not change what information those third parties have collected or have access to. You may need to contact those parties directly to exercise your rights with respect to data they control.
If you are located in the EEA or UK, you have additional rights under the General Data Protection Regulation (GDPR) and UK GDPR, including:
- The right to lodge a complaint with a supervisory authority
- The right to object to processing based on legitimate interests
- The right to restrict processing for direct marketing purposes
If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including:
- The right to know what Personal Information we collect about you and how it is used and shared
- The right to delete Personal Information collected from you (with some exceptions)
- The right to opt-out of the sale of your Personal Information
- The right to non-discrimination for exercising your CCPA rights
- The right to limit the use and disclosure of sensitive personal information
To exercise your rights under the CCPA/CPRA, please follow the general process outlined in section 8.2, or call our toll-free number at [Insert Toll-Free Number].
We are committed to complying with data protection laws in all jurisdictions where we operate. If you are located in a jurisdiction with specific data protection rights not mentioned above, please contact us, and we will provide information about your rights and how to exercise them.
As data protection laws evolve, we may update this section to reflect changes in your rights or how you can exercise them. We encourage you to review this Privacy Policy regularly for any updates.
At ZircuitDEX, we prioritize the security and confidentiality of your Personal Information. We implement and maintain robust technical, organizational, and physical security measures to protect against unauthorized access, alteration, disclosure, or destruction of your Personal Information.
- We use industry-standard encryption protocols (e.g., TLS/SSL) to protect data in transit.
- Sensitive data at rest is encrypted using strong encryption algorithms.
- Private keys and other cryptographic materials are stored securely using hardware security modules (HSMs) where appropriate.
- We implement strict access controls based on the principle of least privilege.
- Multi-factor authentication (MFA) is required for all administrative access to our systems.
- Regular access reviews are conducted to ensure that access rights remain appropriate.
- Our infrastructure is protected by next-generation firewalls and intrusion detection/prevention systems (IDS/IPS).
- We use virtual private networks (VPNs) for secure remote access to our systems.
- Regular vulnerability scans and penetration tests are conducted to identify and address security weaknesses.
- We maintain comprehensive logs of system activities and security events.
- Real-time monitoring systems are in place to detect and alert on suspicious activities.
- We use Security Information and Event Management (SIEM) tools for advanced threat detection and response.
- We have established and maintain a comprehensive set of information security policies and procedures.
- Regular security awareness training is provided to all employees and contractors.
- Incident response plans are in place and regularly tested to ensure rapid and effective response to security incidents.
- We conduct thorough due diligence on our vendors and service providers.
- Contractual agreements include strict data protection and security requirements.
- Regular assessments are performed to ensure ongoing compliance with our security standards.
- Our security practices are aligned with industry standards such as ISO 27001 and NIST Cybersecurity Framework.
- We undergo regular internal and external security audits.
- We maintain compliance with relevant regulatory requirements, including PCI-DSS for payment card data handling.
- Our data centers are equipped with 24/7 security personnel, video surveillance, and access logging.
- Biometric access controls are used for critical areas.
- Environmental controls, including fire suppression and climate control systems, are in place to protect against physical threats.
- Physical access to our offices is restricted and monitored.
- Clean desk policies are enforced to prevent unauthorized access to physical documents.
- Secure disposal methods are used for physical media containing sensitive information.
- All smart contracts undergo rigorous security audits by internal teams and reputable third-party auditors.
- We implement formal verification processes for critical smart contract components where feasible.
- Bug bounty programs are maintained to incentivize the responsible disclosure of security vulnerabilities.
- We use multi-signature wallets for managing significant cryptocurrency holdings.
- Cold storage solutions are employed for long-term storage of digital assets.
- Regular security reviews of our wallet infrastructure are conducted.
- We stay informed about emerging security threats and best practices in the blockchain and cybersecurity industries.
- Our security measures are regularly reviewed and updated to address new risks and technological advancements.
- We have a dedicated incident response team ready to address security incidents promptly.
- Post-incident reviews are conducted to learn from any security events and improve our defenses.
While we implement robust security measures, the security of your account also depends on your actions:
- Keep your account credentials and private keys confidential.
- Use strong, unique passwords and enable two-factor authentication where available.
- Be vigilant against phishing attempts and suspicious communications.
- Regularly update your devices and software to patch known vulnerabilities.
Despite our best efforts, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your Personal Information, we cannot guarantee its absolute security. In the event of a security breach affecting your Personal Information, we will notify you in accordance with applicable laws.
ZircuitDEX reserves the right to suspend account access without notice if there is a reasonable suspicion of a security breach or unauthorized access. If you believe that your account or information is no longer secure, please notify us immediately by sending a message to security@zircuitdex.com.
At ZircuitDEX, we are committed to continuously improving our services and adapting to new technologies and regulatory requirements. As such, we may update our Privacy Policy from time to time. This section outlines how we manage changes to our Policy and how we will keep you informed.
- We conduct regular reviews of our Privacy Policy to ensure it remains current, comprehensive, and compliant with applicable laws and regulations.
- These reviews take into account changes in our services, technological advancements, and evolving privacy standards in the blockchain and cryptocurrency industry.
We may update our Policy for various reasons, including:
- Changes in applicable data protection laws and regulations
- Introduction of new features or services on our Platform
- Modifications to our data collection, use, or sharing practices
- Organizational changes, such as mergers or acquisitions
- Responses to user feedback or concerns
- The most current version of our Privacy Policy will always be posted on our Platform.
- We will update the "Last Updated" date at the beginning of the Policy to indicate when the latest changes were made.
- For significant changes that materially affect your rights or how we process your Personal Information, we will provide notice through one or more of the following methods:
- Email notification to the address associated with your account
- Prominent notice on our Platform's homepage or when you next log in
- In-app notifications or messages
- The notice will summarize the key changes and their potential impact on you.
- When possible, we will strive to provide advance notice of significant changes to allow you time to review the updates before they take effect.
- The notice period will typically be at least 30 days, unless shorter notice is required for legal or security reasons.
- By continuing to access or use our Platform and Services after the changes become effective, you will be deemed to have accepted the updated Privacy Policy.
- If you do not agree with the changes, you should discontinue use of our Services and close your account.
- For certain material changes, especially those involving new types of data collection or use, we may require your affirmative consent before continuing to use our Services.
- In such cases, you may be prompted to review and accept the changes when you next access our Platform.
- We maintain archives of previous versions of our Privacy Policy for reference.
- Upon request, we can provide you with access to historical versions of the Policy that were in effect during your use of our Services.
- We encourage all users to regularly check our Privacy Policy for any updates.
- If you have any questions or concerns about changes to our Policy, please contact us using the information provided in the "Contact Us" section.
- Any disputes arising from changes to this Privacy Policy will be governed by the laws specified in our Terms of Service.
- In case of any conflict between different language versions of the Policy, the English version shall prevail.
By staying informed about changes to our Privacy Policy, you can make informed decisions about your continued use of our Services and the management of your Personal Information. We value your privacy and strive to maintain transparency in all our data practices.
We value open communication with our users and are committed to addressing any questions, concerns, or requests you may have regarding our Privacy Policy and data practices. This section provides detailed information on how to contact us and what you can expect when you do.
For any questions about this Privacy Policy or requests related to your Personal Information, please contact us by email at:
privacy@zircuitdex.com
When contacting us, please include:
- Your full name
- Your account email address (if applicable)
- A detailed description of your inquiry or request
We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact our DPO using the following details:
Email: dpo@zircuitdex.com
To exercise your data protection rights as outlined in Section 8 of this Policy, please send your request to:
rights@zircuitdex.com
Please use the subject line "Data Subject Rights Request" and specify which right(s) you wish to exercise in your email.
If you believe there has been a breach of security or have concerns about the safety of your account or Personal Information, please contact our security team immediately at:
security@zircuitdex.com
We are committed to resolving any complaints about our collection or use of your Personal Information. If you would like to make a complaint, please contact us at:
complaints@zircuitdex.com
We will acknowledge receipt of your complaint within 5 business days and provide a full response within 30 days.
If you are located in the European Union or United Kingdom and believe we have not adequately resolved your complaint, you have the right to lodge a complaint with your local data protection authority. Contact details for EU data protection authorities can be found at: https://edpb.europa.eu/about-edpb/board/members_en
For press or media-related inquiries regarding our privacy practices, please contact:
media@zircuitdex.com
We strive to respond to all inquiries within 14 business days, though complex requests may take longer to address fully.
We provide support in the following languages:
- English (primary)
For support in languages other than English, please specify your language preference in your initial communication.
We may update our contact information from time to time. The most current contact information will always be available in this Privacy Policy on our website.
We appreciate your trust in ZircuitDEX and are committed to protecting your privacy and addressing your concerns. Don't hesitate to reach out to us with any questions or feedback about our Privacy Policy or data practices.
