Privacy Policy
Date of publication: 17.01.2025
1. INTRODUCTION. WHAT IS PERSONAL DATA?
ITradingBot Limited, a Seychelles registered company, registration number 240583 (“ITradingBot”, “our“, “we” or “us” as applicable) provides You the software (SaaS Platform, the “Platform”) for online trading of VFAs (or also known as virtual financial assets, cryptographic tokens or digital tokens or cryptographic currency) and derivatives linked to VFAs or indices thereof. The Platform does not provide any brokerage, or exchange services. Your privacy is important to us and therefore, it is our policy to respect your privacy and take appropriate measures to protect your personal data.
This Privacy Policy (the “Policy”) explains how we process, including how we use, store and disclose your personal data when: (i) you visit or otherwise interact with our website at https://itradingbot.net/ (“Website”), and/or our Platform; (ii) you wish to use your Telegram account or other opportunities provided by the ITradingBot platform for logging into it as an Authorized User and / or by accessing ITradingBot platform, our services or our Website, including agreeing to our Terms of Service at https://docs.itradingbot.net/company/term-of-service; (iii) you subscribe to our newsletter and/or receive other direct marketing; (iv) communicate with us through our Website, Platform or other communication channels (e.g., by email or our official social media accounts); or (v) take any other actions on our Website and / or our Platform, which entails us receiving and processing your personal data. The data we process may differ based on your interactions with us, so if anything here only applies to one specific use case, we’ll point this out to you.
As used herein, “personal data” means any information relating to an identified or identifiable natural person, such as a name, an identification number, location data, an online identifier, etc. We process your personal data as described in this Policy and in accordance with applicable legislation, including the European Union’s General Data Protection Regulation (2016/679) (“GDPR”) and other relevant laws and regulations, as applicable towards the controller stated in Section 2 of this Policy.
In case you disclose any personal data regarding any third person(s) (e.g., your employee, management board member, co-worker, etc.) to us, you are obligated to refer them to this Policy.
We do not knowingly allow children (under the age of 18) to use our Website and / or our Platform, and therefore, do not knowingly process children’s personal data. Should we discover that an individual below the age of 18 uses our Website and / or our Platform, we will take appropriate measures to promptly remove their personal data from our database. If you believe an underage person has signed up for a user account or is in any way using our Website and / or our Platform, please reach out to our DPO at admin@itradingbot.net
2. CONTROLLER
For the personal data processing purposes set out in Section 4 of this Policy, the controller of your personal data is ITradingBot Limited, a Seychelles registered company, registration number 240583, with email address at admin@itradingbot.net
In case of personal data protection - related inquiries, including questions or comments about this Policy or if you wish to exercise your data subject’s rights, please contact us by writing to our DPO at admin@itradingbot.net
3. CATEGORIES AND SOURCES OF PERSONAL DATA
Personal data is any information that can be used to directly or indirectly uniquely identify you as a private individual. Anonymous data is not personal data, as it cannot be linked back to you. We may obtain and process the following categories of your personal data:
Main Data
For concluding and managing the contractual relationship with you, we may process the following personal data: Name, data, related to your Telegram account, e-mail address, 2FA key (when it will applicable), data regarding account (e.g., internal and external activity IDs, results of the authentication), authentication and profile data received from third parties exchanges (e.g., ID, profile name and picture, e-mail) and, if any, social-handlers
Billing Data
For managing the contractual relationship and processing payments, we may process the following personal data: Main Data, billing information, including payment method details (e.g., the service provider used, payment type, network, card’s brand, last four digits and expiration year and month, presence of a digital wallet), location (e.g., country, postal code), results of payment checks (e.g., CVC and address check, third-party checks (null or pass)). Additionally, your contact phone number, and specific preferences regarding invoice names
Transaction Data
For managing the contractual relationship and executing transactions, we may process the following personal data: API key and secret, exchange account data (e.g., exchange platform, account ID, deposit address, date when portfolio was generated), account status data (e.g., deleted, locked, hedge mode enabled), transaction data (e.g., transaction’s date, time, amount, currency action, order type, unique identifiers, transaction request and response). When accessing the ITradingBot API: data related to any changes, manipulations, or interactions developers make with end user accounts.
Communication Data
If you communicate with us through our Website, Platform or other communication channels (e.g., by email or our official social media), we may process the following personal data depending on the channel you communicate with us: Main Data, your username on the platform through which you interact with us, conversation ID, date, time and contents of your message.
Technical Data
When you visit our Website and / or our Platform, or in any way use our our services, we may also collect data about the device you are using and automatically log standard data provided by your web browser or device, which may include your personal data: IP address, data about device (e.g., device type, language, model, unique device identifiers, operating system, session key), log data (e.g., referring URL, visitor ID number, date and time of visit, location data (down to city level), browser type, version and language, internet service provider).
Usage Data
When you visit our Website and / or our Platform, or in any way use our our services, we may process the following data, which may include your personal data: Main Data (user ID), data about actions made (e.g., user role, attributes to that action, error logs, web pages visited on Website).
Cookie Data
4. PURPOSES OF PROCESSING AND LEGAL BASES
4. PURPOSES OF PROCESSING AND LEGAL BASES
We process your personal data lawfully and in a transparent manner, including only where we have a legal basis for doing so. The legal basis for processing your personal data depends on the objective and context in which we collect personal data. The following depicts a descriptive list of processing purposes that are linked to the specific data categories and legal bases for processing:
Handling pre-contractual negotiations and communications and concluding the Terms of Service, including using your Telegram account and providing a free trial
Taking and implementing the pre-contractual measures of the potential Terms of Service to be concluded between us.
Main Data, Communication Data
Performing the contract and managing contractual relationship, including but not limited to providing the Platform, executing transactions, managing the subscription, invoicing, mediating payments to Third-Party Services, determining location for designating applicable VAT rate, receiving payments, providing refunds (where applicable), providing customer support, monitoring the fulfilment of the Terms of Service
Performance of the Terms of Service concluded between us.
Main Data, Billing Data, Transaction Data, Communication Data
Offering you the opportunity to interact with pre-release or beta features of the Software (e.g., Beta testing)
Consent
Main Data, Transaction Data, Communication Data
Responding to your enquiries and requests submitted e.g., via the Website, Platform, social media platforms, sign-up forms, e-mail
If you are interested in our Software: legitimate interest in ensuring effective relationship management with potential clients and other interested parties. If you as a natural person wish to become or are already our client taking and implementing the pre-contractual measures of the potential Terms of Service to be concluded between us or performing the Terms of Service concluded between us.
Main Data, Communication Data, depending on the purpose and content of the message all data categories
Sending information about Software’s updates, including new features and other news
Our legitimate interest in informing users about the Software’s updates
Main Data
Utilising Artificial Intelligence technologies for our provision of services (e.g., GPT for our FAQ Chatbot)
Our legitimate interest in providing an enhanced user experience and effective customer service
Main Data, Billing Data, Transaction Data, Communication Data. Please note however that as per Section 8 of this Policy, we do not actively process your personal data
Offering prizes, promotions or discounts
Our legitimate interest in improving client relationships and/or rewarding new or regular customers
Main Data. Please note that to offer personalised information and promotions, we may carry out profiling, however such processing does not have legal or similarly significant impact on you
Providing information via notifications by your chosen channel (e.g., Platform, e-mail, Telegram Bot)
Consent
Sending general and personalised marketing information regarding our Software, features, offers, promotions and events via email, push notification, text message or newsletter
If you are our client: our legitimate interest in informing you about Software and information that we consider may be interest to you.
Consent.
Sending our existing clients with information about our other products and services that we think they might be interested in based on the products and services they have previously sourced from us
Our legitimate interest in providing information on our products and services similar to which you have already previously sourced from us
Carrying out marketing on social media platforms
Consent
Carrying out promotions and marketing competitions
Consent or legitimate interest in communicating necessary information regarding the promotions or competitions and providing and delivering competition prizes or performance of the terms and conditions concluded between you and us regarding the promotions or competitions
Measuring the effectiveness of marketing tools
Our legitimate interest in improving the efficiency of marketing tools
Making available the basic functions of the Website, Platform and administering it, including gathering information about your navigation; enabling to customise or personalise experience
Our legitimate interest in providing the Website, Platform and understanding the use patterns to be able to improve the Website, Platform and enhance the user experience
Technical Data, Usage Data.
Please note that to personalise the experience, we may carry out profiling, however such processing does not have legal or similarly significant impact on you
Diagnosing and repairing problems with the Website and Platform
Our legitimate interest in ensuring the functioning of the Website and Platform; providing data security and preventing fraudulent actions related to the Website and the Platform
Analysing the use of the Website and Platform
Our legitimate interest in ensuring security and integrity and detecting and deterring suspicious and fraudulent actions related to the Website and Platform
All data categories
Analysing the use of the Website and Platform, including anonymising data, carrying out predictive analytics and insights, and A/B testing
Our legitimate interest in (i) analysing the use of the Website and Platform to understand the suitability; (ii) improving, upgrading and enhancing the operation of the Website, and Platform; (iii) developing new features and functionalities
Storing information containing personal data in our backup systems
Our legitimate interest in ensuring the continuity and security of data processing operations
Complying with legal or regulatory obligations or requests, including creating and managing accounting documents
Performance of legal obligations
Disclosing data to public sector authorities, supervisory and law enforcement authorities
Performance of legal obligations.
Our legitimate interests in preventing and addressing fraud, violations to the Website and Platform or other harmful or illegal activity
Disclosing data to our legal advisors and establishing, exercising, or defending legal claims, whether in court proceedings or in an administrative or out-of-court procedure in relation to our, our clients’ or employees’ rights
Our legitimate interest in seeking legal advice and managing legal claims, facilitating effective establishment, exercise, or defence of legal claims
Arranging the sale or merger of our company and providing information for conducting the legal or other audit and the data exchange thereof; disclosing data to legal successors and/or potential acquirers of the company
Our legitimate interest in facilitating proper due diligence process and business continuity by ensuring a successful merger, acquisition or restructuring of the company
Disclosing data to our service providers
Our legitimate interest in providing the Website and Platform, utilising the IT infrastructure and services provider by our service providers and ensuring our proper economic activity
We may process your personal data for other purposes, provided that we disclose the purposes and use to you at the relevant time, and that you either consent to the proposed use of the personal data, other legal grounds exist for the new processing purposes, or the new purpose is compatible with the original purpose brought out above.
5. RECIPIENTS OF PERSONAL DATA AND DATA TRANSFERS
We may disclose your personal data to separate controllers, who process your personal data for their own purposes, and processors, who process your personal data on our behalf to help us to provide the Website and Platform. These data recipients belong to the following categories:
Public sector authorities, supervisory and law enforcement authorities
To fulfil our statutory obligation, a court order, to establish, exercise or defend our legal rights or in other cases where this is necessary to prevent and deter unlawful acts.
For example: Government body and Border Guard Board.
Professional advisors
To ensure our proper economic activity and to establish, exercise or defend our legal rights. For example: auditors, legal advisors.
Our legal successors and/or potential acquirers of the company
To successfully transfer our business or for the purposes of merger and/or acquisition, we would include data among the assets transferred to any parties who acquire us.
Group companies
For organisational and operational management in order to ensure unified work and strategy across all group companies.
Third-Party Services
To provide user-selected access to relevant external content, applications, and services, as specified in our Terms of Service.
For example: crypto-signallers
Service providers
To help us in providing the services, including our Website and Platform, to you.
For example, the service providers in the following categories:
- core service providers - who manage and optimise our primary operations and technical infrastructure, which we need to provide you with our services. They also assist us in protecting and securing our systems and services;
- payment service providers - who help us to accept payments by processing them;
- data analytics and traffic attribution service providers - who help us understand the performance of our services, including identifying the sources you come from and improve our offerings and user experience.
The data that we collect from you may be transferred to, and stored at, a destination outside of Seychelles. It may also be processed by staff operating outside of Seychelles who work for us or for one of our suppliers. By submitting your personal data, you agree to this transfer, storing or processing, except customers located in the European Economic Area (“EEA”), as detailed above. All information you provide to us is stored on our and/or third party cloud servers.
6. SECURITY OF YOUR PERSONAL DATA
We take reasonable technical and organisational security measures designed to protect your personal data against accidental or unlawful destruction, loss or alteration, unauthorised disclosure, abuse or other processing in violation of applicable law. These measures vary based on the sensitivity of the personal data we process and the current state of technology.
However, please be advised that no security measure can be 100% effective, and we cannot guarantee the security of your data, including against unauthorised acts, access, hacking or data breaches by third parties.
We also encourage you to take measures to ensure the safety of your personal data, including protecting your account. In particular, we strongly recommend you to enable two-factor authentication for your account and keep your password confidential and stored in a secure location. In addition, we advise you to make sure of your device security and avoid using public unencrypted internet connection spots.
7. PERSONAL DATA RETENTION PERIODS
We retain your personal data for the duration necessary to fulfil the objectives outlined in Section 4 of this Policy or for as long as we have a legal obligation to do so. In deciding the appropriate retention period for personal data, we consider the quantity, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the processing purposes and whether we can achieve these purposes through other means, and applicable statutory obligations. Whilst retaining your personal data, we take into account the viable need to resolve disputes and enforce the contract between us, or anonymise your personal data and retain this anonymised information indefinitely. The specific retention periods are the following:
Main Data and Billing Data relating to transactions
7 years from the end of the financial year when the respective transaction took place, to comply with our obligations arising from applicable laws.
Other Main Data, Billing Data and Transaction Data relating to the taking and implementing the pre-contractual measures of the potential Terms of Service to be concluded between us or performing the Terms of Service concluded between us
3.5 years from the termination of the Terms of Service, including deletion of User Account, under our legitimate interests to establish, exercise, or defend against potential legal claims, or termination or expiration of other applicable terms and conditions. In case we have reasonable doubt that a party has breached the contractual relationship between us intentionally, we may prolong such retention period for a maximum of 10 years.
Communication Data
3.5 years from the moment the respective communication-flow was closed, under our legitimate interests to establish, exercise, or defend against potential legal claims. In case we have reasonable doubt that a party has breached the contractual relationship between us intentionally, we may prolong such retention period for a maximum of 10 years.
Technical Data and Usage Data
30 days as of the collection of such data.
Following the retention period or if we no longer need the personal data for the purposes specified in Section 4 of the Policy, we shall destroy the respective personal data within a reasonable time, unless the retention of personal data is required to perform duties or requirements arising from the applicable law or to protect against ongoing or threatened disputes, in which case we retain the personal data as long as the dispute is solved.
After the expiry of the retention period determined above or the termination of the legal basis for processing purpose, we may retain the materials containing the personal data in our backup systems, from which the respective materials will be deleted after the end of the backup cycle. We ensure that during the backup period appropriate safeguards are applied and the backed-up materials are put beyond use. Access to these backups is strictly limited to essential personnel on a need-to-know basis.
8. AUTOMATED DECISION MAKING
We incorporate Artificial Intelligence technologies such as the Generative Pre-training Transformer technology (“GPT”) into our services, including but not limited to, our FAQ Chatbot. While we do not actively process your personal data within these services, any personal data you input may be subject to automated decision making. This activity will not result in any legal consequences for you. We prioritise the protection of your personal data and take all necessary precautions to ensure its security. Should you believe that your personal data has been processed in this regard, you may reach out to us for further actions regarding your data protection rights to our DPO at admin@itradingbot.net. For more detailed information about this use case, please also contact us at the aforementioned email address.
9. YOUR RIGHTS AS A DATA SUBJECT
You may, at any time, exercise the following rights with respect to our processing of your personal data:
Right to access: you have the right to request access, including receive a copy, of your personal data. This includes the right to be informed on whether we process your personal data, what personal data categories are being processed by us, and the purpose of the data processing.
Right to rectification: you have the right to request that we correct any of your personal data if you believe that we are processing incorrect, inaccurate or incomplete personal data.
Right to object: you are entitled to object to certain processing of your personal data, for example when we process your personal data based on our legitimate interest or for direct marketing purposes;
Right to restriction: you have the right to request that we restrict the processing of your personal data, for example if you wish to dispute the accuracy of certain personal data we are processing or if we no longer need the personal data for the purposes of the processing, but you require the personal data to establish, exercise or defend legal claims;
Right to erasure: you have the right to request that we erase your personal data for example if the personal data is no longer necessary for the purposes for which it was collected or if you consider that the processing is unlawful. You can initiate the deletion procedure of your Platform settings. Please note that an extended authentication procedure may be required before we proceed with the account deletion.
Right to data portability: you have the right to receive your personal data in a structured, commonly used and machine-readable format if the processing is carried out by automated means and is based on your consent or a mutual contractual relationship. Moreover, you may request that the personal data is transmitted to another controller. Bear in mind that the latter can only be done if that is technically feasible.
Right to withdraw your consent: in cases where the processing is based on your consent, you have the right to withdraw your consent to such processing at any time. To stop receiving our direct marketing messages, either reach out to us directly or click the ‘unsubscribe’ link provided in the message. Using this link will remove you from future messages of that type. For preferences regarding all categories of direct marketing, visit the Account Settings page. Please note however that essential service emails like password resets, billing information, or updates to our terms, will continue unless you deactivate your account.
Right not to be subject to a decision based solely on automated processing, including profiling: Our use of automated decision-making is limited, and should not result in any legal impact to you. You may read more about our use of automated decision-making in Section 8.
Complaints: If you wish to make a complaint, please contact us. We will promptly investigate your complaint and respond to you. If you are not satisfied with our response to your request in relation to personal data processing or you believe we are processing your personal data not in accordance with the applicable law, you can submit your claim to the data protection authority.
To exercise the data subject’s rights please contact us as specified in Section 2 of this Policy. Please note that you should supply us with adequate information for us to respond to your requests concerning your rights. Prior to answering your request, we may ask you to provide additional information for the purposes of authenticating you and evaluating your request (e.g., if you seek to exercise the rights on behalf of someone else as a legal representative).
We will respond to your request promptly and in any case within one month from the date we receive it. If necessary, due to the complexity and number of the requests, this period may be extended by up to two additional months. We will inform you of any such extension within one month of receiving your request, along with the reasons for the delay.
10. OTHER JURISDICTIONS
You may also have certain additional rights regarding the information we hold about you under other data protection and privacy laws. Please contact us at admin@itradingbot.net about your specific situation for more information.
11. LINKS TO OTHER WEBSITES, PLATFORMS OR SERVICES
Our Website and Platform may link to external sites that are not operated by us, or offer access to platforms and services not under our operation or control. Therefore, this Policy applies solely to the personal data we may collect or receive from these third-party sources but does not apply to data processing conducted by such third parties. Please be aware that we neither endorse nor have any control over the content and policies of those sites, platforms or services, and, thus, cannot accept responsibility or liability for their respective practices. To find out more about how such third parties process your personal data, please refer to the respective privacy notices on the other websites you visit, or platforms and services you use.
12. CHANGES TO THIS POLICY
This Policy is written in English. For the convenience of users, the Policy can be translated into other languages. In case of contradictions between the English version and the version in another language, the English version takes precedence.
We regularly review and revise this Policy as necessary to reflect the changes in the way we process personal data, and in such cases, we publish any updates directly on this page.
Please check back periodically, and especially before you provide any new personal data. In case of material changes, we will send a direct notification to the email address you’ve registered with us.
ITradingBot Limited. Registration number 240583
Last updated