Privacy Policy

This Privacy Policy was prepared in the English language. The English version shall prevail in the event of any conflict, discrepancy or ambiguity between translations.

 Deribit is an online platform which facilitates the trading of cryptocurrency-related products. In order to be able to provide our services to you, we need to process certain data about you. We take your privacy very seriously and will always process your personal data in accordance with the guidelines of this Privacy Policy. You can also find information about us, the platform and our legal basis to process your personal data in this Privacy Policy. Any capitalized terms you may encounter are defined in our Terms of Service.

 

1.          Who does this Privacy Policy apply to?

This Privacy Policy applies to all visitors of the Website www.deribit.com, or users of the related APIs, that share personal information with us. Whether you are a mere visitor of our Website, contact us directly or submit personal information in another way, we will always process your personal data in accordance with this Privacy Policy.

 

2.          Who are we?

The Platform is made available by DRB Panama Inc., a corporation incorporated under the laws of Panama, registered at the (Mercantile) Record No 155684990 on 11 September 2019, Panama City, Republic of Panama. DRB is the controller for the processing of your personal data.

You can contact us via the email addresses provided on the ‘Contact Us’ page on our Website.

 

3.          Which types of personal data do we process?

During your use of our Website and the Platform, we may process the following personal data of you:

a.          Personal data you provide when creating an Account, which includes:

·       Email address;

·       Login details (username and password);

·       Country of residence;

·       Security details (two-factor authentication token seed, app passcode).

b.          Personal information we require to verify your identity and comply with “Know Your Customer” and anti-money laundering regulations, which information depends on the degree of the identity check to be performed. If you register a personal Account, we may require you to provide the following information in this respect:

·       Name;

·       Address;

·       Bank account information, such as a bank account statement;

·       A copy/image of your passport, driver’s license or ID card;

·       Residency verification information (e.g. utility bill).

If you register an Account on behalf of a registered entity (corporate Account), we require the following personal data to verify your Account:

·       Your full name;

·       The statutory name and any deviating trade names of the entity;

·       The company address registered with Chamber of Commerce;

·       A valid business incorporation document (from the Chamber of Commerce and/or Financial Services Commission);

·       URL of government website containing your company details that verifies the authenticity of the registration;

·       A Certificate of incorporation;

·       Memorandum and Articles of Association (containing the structure and rules of the company);

·       Sources of funding;

·       Register of shareholders/partners/members (complete list of names, addresses and number of shares of every current shareholder);

·       Ownership structure chart showing the percentages of each shareholder, the ultimate beneficial owner(s) and the countries of residence/incorporation;

·       List of full names and ownership percentages of shareholders who own 25% or more of the shares in the company;

·       ID and a recent proof of residential address of all shareholders who own 25% or more of the shares in the company;

·       List of full names, date of birth, address details of all directors;

·       ID and a recent proof of residential address of all directors;

·       List of individuals who are allowed to trade on the Platform;

·       ID and a recent proof of residential address of all individuals who will trade on the platform of Deribit.

c.           In order to facilitate your trading of Products on our Platform, we require the following information:

·       The address of your wallet from which you deposit/withdraw Cryptocurrency into/from your Account;

·       Your orders, trades, positions and balances.

d.          Information related to communication between you and us:

·       Name;

·       Email address; and

·       Details of your request and/or complaint and other information you provide us with in the course of the communication session.

e.          Information you provide us with when you visit our Website and use our Platform:

·       Login records;

·       A unique token of your browser session;

·       IP address;

·       Information about your device, browser, operating system, and network system;

·       Viewing time and online behaviour on the Platform.

 

4.          For which purposes do we process your personal data?

We may use your personal data to:

·       Create and administer your Account;

·       Give you access to our Platform and to provide our services;

·       Verify your identity and to comply with applicable laws and regulations in that respect;

·       Cooperate with requests of law enforcement agencies;

·       Process your trades;

·       Analyse your use of our Website and Platform;

·       Provide you customer support;

·       Send you updates, newsletters, surveys or promotions;

·       Contact you about other aspects of our services.

We will not process your personal data for other purposes.

 

5.          Which legal grounds apply to our processing of personal data?

We are entitled to process your personal data pursuant to different legal grounds. The following table contains an overview of the legal grounds we invoke to process specific personal data:

Processing activity

Legal ground

Creating your account

Performance of a contract

Verifying your (company’s) identity (KYC/CDD)

Compliance with a legal obligation

Marketing activities (promotional communication)

Consent (which you can revoke at any time)

Trading facilitation

Performance of a contract

Communication details to handle enquiries

Performance of a contract

Browsing information or sharing with law enforcement

Our legitimate interests

 

6.          How long do we retain your personal data?

We will not retain your personal data longer than necessary for the purposes for which we have obtained such data. In principle we may retain your personal data up to a maximum of three (3) years upon the ending of our business relationship.

We will not delete your personal data if we are required to retain such data to comply with any statutory obligation. In particular, we reserve our rights to retain the information to verify your identity for a period of at least five (5) years. In addition, we may retain personal data that are necessary for the purposes of legal proceedings, complaints and disputes for as long as this is necessary to protect our legitimate interests.

 

7.          Who has access to your personal data?

Our authorised personnel shall have access to your personal data on a need-to-know basis. These persons have undergone background screening before they were employed and are required to treat the information as highly confidential.

In addition, we may engage third party service providers to provide ancillary services. If and to the extent such parties will come into the possession of your personal data, such parties will act as our data processor. These are, for example, cloud service providers and suppliers of certain software solutions. We will enter into a data processing agreement with these parties, which shall include arrangements on data security to protect your personal data against data breaches. Such data processors will only process your personal data to the extent required for the provision of services for which they are engaged.

We may also share personal data with affiliates who referred you to our Website, and partners for promotions or co-branded service integrations.

We may provide your personal data to competent authorities upon their request to the extent legally required or to the extent necessary to defend our rights in legal proceedings or investigations.

 

8.          Will your personal data be transferred to countries outside the European Economic Area?

Our third party service providers may be located in countries outside the European Economic Area (EEA), which may not offer an adequate level of protection of personal data. In order to protect your personal data and to live up with our obligations, we shall enter into a data transfer agreement on the basis of the Standard Contractual Clauses as approved by the European Commission prior to engaging service providers outside the EEA.

 

9.          Is your personal data secure?

We process your personal data with the greatest possible care and scrutiny. This means we will adopt appropriate technical and organisational measures to ensure that all the information is correct, current and complete and to prevent it from being accessed by unauthorised persons inside and outside our organisation. We use ‘best practices’ to secure your personal data. For instance, your personal data is encrypted with Secure Sockets Layered (SSL) technology and our directories and databases are password protected.

 

10.        What are your rights in respect of my personal data?

You are entitled to ask us if we are processing your personal data. You may at any time, with reasonable intervals, exercise your right of access to your personal data. Upon your inspection, you may request us to rectify or erase any (inaccurate) information or have us restrict or terminate the processing of your personal data. However, we reserve our right to deny such a request to restrict or terminate the processing of your personal data if we have a legitimate interest to continue the processing of your personal data, in particular if we require the information in (possible) legal proceedings.

You are entitled to request us to transfer (certain of) your personal data to you or to another party.

If your personal data is being processed based on your consent, you may withdraw your consent at any time. In order to exercise this right and the rights as mentioned above please contact us using the contact information set out in this Privacy Policy.

 

11.        Use of Cookies

We use cookies when you visit our Website and use our Platform. A cookie is a small file that is saved on your computer, tablet or mobile phone when viewing a website. With the help of cookies user preferences may be saved for later use, or browsing habits can be tracked for statistical purposes. A lot of improvements in a website’s user experience and performance are possible thanks to the implementation of cookies.

We use the following cookies:

·       Functional cookies to enable your use of our Website and Platform, and clear gifs in our emails so that we can check the receipt of our emails;

·       Analytical cookies to show us which pages you visited and clicked on within our Website. We use the web statistics of this behaviour to improve our services, and more specifically our search results. The collected data through cookies - including IP addresses – remain anonymous but can be stored by Google on servers in the United States. Read more about Google’s Privacy Policy here: https://www.google.com/policies/privacy/;

These cookies are saved until you delete them in your Internet browser. You can block the use of cookies by changing the settings in your browser. This may, however, limit your user experience. More information on enabling, disabling and deleting cookies can be found in the Help-function of your browser.

 

12.        How can I file a complaint?

If you have complaints about how we handle your personal data, you can contact us using the contact details in this Privacy Policy. We are happy to help you find a solution. In addition, you may file a complaint about the way we process your personal data with the supervisory authority in the country where you are resident (where applicable).

 

13.        Questions?

If you have any questions concerning the manner in which we process your personal data, or you wish to invoke any of your statutory rights, you may contact us via the email address provided on the “Contact Us” page on our Website.

We may update this Privacy Policy from time to time. We will inform you when we make changes to our Privacy Policy and you can always find the most recent version of the Privacy Policy on www.deribit.com.