Last updated: 8th February, 2023
Ceffu (“Ceffu”, “we”, or “us”) is committed to protecting the privacy of our customers, and we take our data protection responsibilities seriously.
This Privacy Notice describes the Personal Data that we collect, use, and share about you when you explore, sign up or access Ceffu websites and applications (“Services”), how it is used, when and how it is shared, the rights and choices that you have, and how you can contact us about our privacy practices. This Privacy Notice also outlines your data subject rights, including the right that you have to object to certain uses of your Personal Data.
“Personal Data” means any information that relates to an identified or identifiable individual, and can include information that you provide to us and that we collect about you, such as when you engage with our websites (e.g. device information, IP address).
This Privacy Notice applies to all Personal Data processing activities carried out by us, across our platform websites and departments.
To the extent that you are a customer or user of our services, this Privacy Notice applies together with any terms of business and other contractual documents, including but not limited to any agreements we may have with you.
To the extent that you are not a relevant stakeholder, customer or user of our services, but are using our website, this Privacy Notice also applies to you together with our Cookie Notice.
This Notice should therefore be read together with our Cookie Notice, which provides further details on our use of cookies on the website. Our Cookie Notice can be accessed here.
| What personal data does Ceffu collect and process? | Why does Ceffu process my personal data? | Legal Basis for our use of Personal Data |
|---|---|---|
Personal Data related to company Directors, UBOs and Authorised persons, including: - Email address | Managing our contractual relationship with you, to create and maintain your account. | Performance of a contract when we provide you with products or services or communicate with you about them. This includes when we use your Personal Data to take and handle orders, and process payments. The consequences of not processing your Personal Data for such purposes is the inability to open an account with us or the termination of your account where one is already open. |
Personal Data related to company Directors, UBOs and Authorised persons, including: - Email address | To maintain legal and regulatory compliance. We collect and process your Personal Data to comply with our Know Your Customer (“KYC”)/ Due Diligence obligations imposed under applicable laws and regulations. This helps us identify and verify our customers. | Legal obligation processing is necessary to comply with our legal obligations under applicable laws and regulations, such as Anti-Money Laundering laws and regulations. |
- Email address | To communicate with you on services and transaction related matters. We use your Personal Data to communicate with you in relation to our services on administrative or account related information. We will communicate with you to keep you updated about our Services, for example, to inform you of relevant security issues, updates, or provide other transaction-related information. Without such communications, you may not be aware of important developments relating to your account that may affect how you can use our Services. You may not opt-out of receiving critical service communications, such as emails or mobile notifications sent for legal, compliance or security purposes. | Performance of a contract when we provide you with products or services, or communicate with you about them. This includes when we use your Personal Data to take and handle orders, and process payments. |
- Email address | To provide customer services. We process your personal data when you contact us in order to provide support with respect to questions, disputes, complaints, troubleshoot problems, etc. Without processing this Personal Data for this purpose, we can’t respond to your requests. | Performance of a contract. Processing is necessary for the performance of a contract to which you are a party. |
- IP address | - To promote the safety, security and integrity of our platform. We process your Personal Data in order to enhance security, monitor and verify identity or service access, combat malware or security risks and to comply with applicable security laws and regulations. | Performance of a contract. Processing is necessary for the performance of a contract of which you are a party. |
- IP address | To promote safety, security, and integrity of our Services. Fraud prevention and detection and credit risks. We process your Personal Data to prevent and detect, prevent and mitigate fraud and abuse of our Services and in order to protect you against account compromise or funds loss and in order to ensure the security of our users, our Services and others. We may also use scoring methods to assess and manage credit risks. | Our Legitimate Interests. Processing is necessary for the purpose of the legitimate interests pursued by us and the interests of our users when, for example, we detect and prevent fraud and abuse in order to protect the security of our users, ourselves, or others. |
- Email address | To provide and improve our Services. We process your Personal Data to provide the services to you and process your orders. For example, when you want to use the exchange service on our platform, we ask for certain information such as your identification, contact information and payment information. | Performance of a Contract. Processing is necessary for the performance of a contract to which you are a party. |
- E-mail address | To provide you with promotions. We use your Personal Data to provide you with promotions, including offers, rewards and other incentives to use our Services. | Our legitimate interests and the interests of our users when, for example, we would like to provide promotions and offers and reward your customer loyalty. |
- E-mail address | To provide you with promotions. We use your Personal Data to provide you with promotions, including offers, rewards and other incentives to use our Service | Your Consent. We ask for your consent to process your Personal Data for a specific purpose that we communicate to you. When you consent to processing your Personal Data for a specified purpose, you may withdraw your consent at any time and we will stop processing your Personal Data for that purpose. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. |
- E-mail address. | Our legitimate interests. Processing is necessary for the purpose of our legitimate interes to improve and run our Services throught the information obtained from these surveys. |
Ceffu does not allow anyone under the age of 18 to use our Services and does not knowingly collect personal data from children under 18.
We use cookies and similar tools to enhance your user experience, provide our services, and enhance our efforts and understand how customers use our services so we can make improvements. Depending on applicable laws in the region you are located in, the cookie banner on your browser will tell you how to accept or refuse cookies. A copy of our cookie policy is available here.
We may share your Personal Data with third parties (including other Ceffu entities) if we believe that sharing your Personal Data is in accordance with, or required by, any contractual relationship with you or us, applicable law, regulation or legal process. When sharing your Personal Data with other Ceffu entities, we will use our best endeavors to ensure that such entities are either subject to this Privacy Notice, or follow practices at least as protective as those described in this Privacy Notice.
We may also share personal data with the following persons or in the following circumstances:
Personal Data that we process and collect may be transferred between companies, Services, and employees affiliates with us as a normal part of conducting business and offering our Services to you.
We employ other companies and individuals to perform functions on our behalf. Examples include analysing data, providing marketing assistance, processing payments, transmitting content, and assessing and managing credit risk. These third-party service providers only have access to personal data needed to perform their functions, but may not use it for other purposes. Further, they must process the personal data in accordance with our contractual agreements and only as permitted by applicable data protection laws.
We may be required by law or by Court to disclose certain information about you or any engagement we may have with you to relevant regulatory, law enforcement and/or other competent authorities. We will disclose information about you to legal authorities to the extent we are obliged to do so according to the law. We may also need to share your information in order to enforce or apply our legal rights or to prevent fraud.
As we continue to develop our business, we might sell or buy other businesses or services. In such transactions, user information generally is one of the transferred business assets but remains subject to the promises made in any pre-existing Privacy Notice (unless, of course, the user consents otherwise). Also, in the unlikely event that Ceffu or substantially all of its assets are acquired by a third party, user information will be one of the transferred assets.
We release accounts and other personal data when we believe release is appropriate to comply with the law or with our regulatory obligations; enforce or apply our Terms of Use and other agreements; or protect the rights, property or safety of Ceffu, our users or others. This includes exchanging information with other companies and organisations for fraud protection and credit risk reduction.
To facilitate our global operations, we may transfer, store and process within our Affiliates, third-party partners, and service providers based throughout the world. The EEA includes the European Union countries as well as Iceland, Liechtenstein, and Norway. Transfers outside of the EEA are sometimes referred to as “third country transfers”.
In cases where we intend to transfer personal data to third countries or international organisations outside of the EEA, we put in place suitable technical, organizational and contractual safeguards (including Standard Contractual Clauses), to ensure that such transfer is carried out in compliance with applicable data protection rules, except where the country to which the personal data is transferred has already been determined by the European Commission to provide an adequate level of protection.
We also rely on decisions from the European Commission where they recognise that certain countries and territories outside of the European Economic Area ensure an adequate level of protection for personal data. These decisions are referred to as “adequacy decisions”.
We design our systems with your security and privacy in mind. We have appropriate security measures in place to prevent your information being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We work to protect the security of your personal data during transmission and while stored by using encryption protocols and softwares. We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of your personal data. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know.
Our security procedures mean that we may ask you to verify your identity to protect you against unauthorised access to your account. We recommend using a unique password for your Ceffu account that is not utilized for other online accounts and to sign off when you finish using a shared computer.
In order for us to provide you with the best user experience, we may share your Personal Data with our marketing partners for the purposes of targeting, modeling, and/or analytics as well as marketing and advertising. You have a right to object at any time to processing of your personal data for direct marketing purposes (see Section 8 “What Rights Do I Have”? below).
Subject to applicable law, as outlined below, you have a number of rights in relation to your privacy and the protection of your Personal Data. You have the right to request access to, correct, and delete your Personal Data, and to ask for data portability. You may also object to our processing of your personal data or ask that we restrict the processing of your personal data in certain instances. In addition, when you consent to our processing of your personal data for a specified purpose, you may withdraw your consent at any time. If you want to exercise any of your rights please contact us at dpo@ceffu.com. These rights may be limited in some situations - for example, where we can demonstrate we have a legal requirement to process your Personal Data.
If you have any questions or objections as to how we collect and process your personal data, please contact dpo@ceffu.com.
We keep your Personal Data to enable your continued use of Ceffu Services, for as long as it is required in order to fulfill the relevant purposes described in this Privacy Notice, and as may be required by law such as for tax and accounting purposes, compliance with Anti-Money Laundering laws, or as otherwise communicated to you.
Our data protection officer can be contacted at dpo@ceffu.com, and will work to address any questions or issues that you have with respect to the collection and processing of your Personal Data.
Ceffu is a registered trademark Binance Institutional Holdings Limited (BIH), (company number: 724668, registered office address :6th Floor, South Bank House, Barrow Street, Dublin 4, D04 TR29, the Republic of Ireland) is the Data Controller for the personal data collected and processed in connection with the provision of Ceffu Services.
However, depending on your place of legal residence certain Ceffu entities could be involved in your processing activities. Below you will find a table for your reference, the Ceffu entity you contract with determines the means and purposes of processing your personal data in relation to the services provided to you.
What country is the company providing the service from? | Your operating entity | Registered office |
|---|---|---|
Singapore | Binance Institutional SG Pte. Ltd. | 317 Outram Road, #B1-03, Concorde Shopping Centre, Singapore 169075 |
Lithuania | Bifinity UAB | J. Balcikonio str 3., Vilnius, the Republic of Lithuania |
Ceffu companies may share your Personal Data with each other and will use that data in a way which is consistent with this Privacy Notice.
If you have any concerns about privacy at Ceffu, please contact us, and we will try to resolve it. You also have the right to contact your local Data Protection Authority.
Our business changes regularly, and our Privacy Notice may change also. You should check our websites frequently to see recent changes. Unless stated otherwise, our current Privacy Notice applies to all information that we have about you and your account.