HeapX Privacy Policy

Effective date: August 01, 2018

This Privacy Policy explains how HeapX Holdings Limited (“HeapX”) collects, uses, shares, and protects user information obtained through the HeapX.com website. The terms “we,” “us,” and “our” refer to HeapX Holdings Limited and its affiliates. When we ask for certain personal information from users it is because we are required by law to collect this information or it is relevant for specified purposes. Any non-required information you provide to us is done so voluntarily. You decided whether to provide us with these non-required information; you may not be able to access or utilize all of our Services if you choose not to.

This Privacy Notice applies to any HeapX Services, as defined below, regardless of how you access or use them, including through mobile devices. HeapX may revise this Privacy Policy to reflect changes in law or our personal data collection and use practices. If material changes are made to this Privacy Policy, the changes will be announced by posting on the site. We will ask for your consent before using your information for any purpose that is not covered in this Privacy Policy.

We strictly follow industry best practices in the industry and adhere to the rules set forth in General Data Protection Regulation, OPPA, CAN-SPAM and COPPA.

This privacy policy applies to the Site and all Services offered by HeapX.

1. What information do we collect?

1.1. Information you give us at registration- When you create a HeapX Account, you provide us with personal information that includes your contact information (Email Address, name, and a password). You can also choose to add a phone number for SMS or Google Authenticator account to be used for 2FA verification for improved security.

1.2. Information we collect when authenticating user identity- To comply with global industry regulatory standards including Anti-Money Laundering (AML), Know-Your-Customer (KYC), and Counter Terrorist Financing (CTF), HeapX requires user accounts to undergo user identity authentication for both Personal & Enterprise-level accounts. This entails collecting formal identification.

1.3. Information we collect each-time you use our services- We also monitor and collect technical information, including the Internet protocol (IP) address used to connect your computer or other device to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform. And information about your visit, including the dates and times you use the Site length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call the contact phone number provided on our Site. This service usage data helps us our systems to ensure that our interface is accessible for users across all platforms and can aid during criminal investigations.

1.4. We may receive information about you if you use any of the other websites we operate or the other services we provide. We are also working closely with third parties and may receive information about you from them. For example:

1. The banks you use to transfer money to us will provide us with your basic personal information, such as your name and address, as well as your financial information such as your bank account details;

2. Business partners may provide us with your name and address, as well as financial information;

3. Advertising networks, analytics providers and search information providers may provide us with anonymized or de-identified information about you, such as confirming how you found our website;

4. Credit reference agencies do not provide us with any personal information about you, but may be used to corroborate the information you have provided to us.

1.5. Personal Information you provide during the registration process may be retained, even if your registration is left incomplete or abandoned. If you are located within the EEA, this Information will not be retained without your consent.

In providing the personal data of any individual (other than yourself) to us during your use of the HeapX Exchange Services, you promise that you have obtained consent from such individual to disclose his/her personal data to us, as well his/her consent to our collection, use and disclosure of such personal data for the purposes set out in this Privacy Notice.

2. Purposes for which we collect your Personal Information

If you wish to transact on and use the Site or use the Services, HeapX will collect information about you for the purposes set out below.

2.1. We use the information collected to deliver our services and verify user identity. We use the IP address and unique identifiers stored in your device’s cookies to help us authenticate your identity and provide our service. Given our legal obligations and system requirements, we cannot provide you with services without data like identification, contact information and transaction-related information.

2.2. We use the information collected to protect our platform, users’ accounts and archives. We use IP addresses and cookie data to protect against automated abuse such as spam, phishing and Distributed Denial of Service (DDoS) attacks. We analyse trading activity with the goal of detecting suspicious behavior early to prevent potential fraud and loss of funds to bad actors.

2.3. Respect for the privacy and security of data you store with HeapX informs our approach to complying with regulations, governmental requests and user-generated inquiries. We will not disclose or provide any personal information to third party sources without review from our legal case team and/or prior consent from the user.

2.4. We actively measure and analyse data to understand how our services are used. This review activity is conducted by our operations team to continually improve our platform’s performance and to resolve issues with the user experience. We continuously monitor our systems’ activity information and communications with users to look for and quickly fix problems.

2.5. We use personal information collected, like an email address to interact with users directly when providing customer support on a ticket or to keep you informed on log ins, transactions, and security. Without processing your personal information for confirming each communication, we will not be able to respond to your submitted requests, questions and inquiries. All direct communications are kept confidential and reviewed internally for accuracy.

2.6. It is very important for us and our customers that we continually review, investigate and prevent any potentially prohibited or illegal activities that violate our Terms of Service. For the benefit of our entire user base, we carefully enforce our agreements with third parties and actively investigate violations of our posted Terms of Use. HeapX reserves the right to terminate the provision of service to any user found engaging in activities that violate our Terms of Use.

3. Our legal bases for processing your Personal Information

3.1. We will process your Personal Information on the following grounds:

- where it is necessary for us to perform contract with you or in your interests; and/or

- where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. Legitimate interest means the interest of our organisation in conducting and managing our business to enable us to better serve you and the best and provide you with a secure experience on the Site. (We ensure that we balance any potential impact on you and your rights before we process your Personal Information for our legitimate interests. We do not use your Personal Information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.)

3.2. Generally we do not rely on consent as a legal basis for processing your Personal Information other than in relation to our use of cookies (please see section 4 below) or when we send third party direct marketing communications to you via email or text message.

4. Cookies

4.1. The Site may use “cookies”. We use cookies and similar tracking technologies to track the activity on our Service and hold certain information.

Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Examples of Cookies we use:

- Session Cookies. We use Session Cookies to operate our Service.

- Preference Cookies. We use Preference Cookies to remember your preferences and various settings.

- Security Cookies. We use Security Cookies for security purposes.

4.3. We set cookies (first party cookies) on web pages, however, where we require additional information, we may also allow other companies to host cookies on our Site (third party cookies). These companies have been carefully selected by us and are required to meet contractual obligations they have with us.

Access to information

Subject to applicable laws, you may have the right to access information we hold about you. Your right of access can be exercised in accordance with the relevant data protection legislation. For further information, please contact [email protected]

For how long do we retain your personal information?

In general, we keep your personal information throughout your relationship with us. Once you terminate your relationship with us, we generally will continue to store archived copies of your personal information for legitimate business purposes and to comply with the law, except when we receive a valid erasure request. We will continue to store anonymous or anonymized information, such as website visits, without identifiers, in order to improve our Services.

How do we keep your personal information secure?

- We follow industry standards on information security management to safeguard sensitive information, such as financial information, intellectual property, employee details and any other personal information entrusted to us. Our information security systems apply to people, processes and information technology systems on a risk management basis.

- HeapX is committed to protecting your privacy. We have implemented a number of security measures to ensure that your information is not lost, abused, or altered. Our data security measures include, but are not limited to: PCI Scanning, Secured Sockets Layered encryption technology, pseudonymisation, internal data access restrictions, and strict physical access controls to buildings & files.

- Please note that it is impossible to guarantee 100% secure transmission of data over the Internet nor method of electronic storage. As such, we request that you understand the responsibility to independently take safety precautions to protect your own personal information.

5. How does HeapX protect user data

The Site’s systems and data are periodically reviewed to ensure that you are getting a quality service and that leading security features are in place. If you suspect that your personal information has been compromised, especially account and/or password information, please lock your account and contact HeapX customer service immediately.

Your rights.

You may access and verify your Personal Information held by HeapX by submitting a written request to us.

For EEA Customers: You have a number of rights in relation to how we process your Personal Information. These include the right to:

- access the Personal Information that we may hold about you;

- rectify any inaccurate Personal Information that we may hold about you;

- have your Personal Information erased in certain circumstances, for example, where it is no longer necessary for us to process your Personal Information to fulfill our processing purposes; or where you have exercised your right to object to the processing;

- restrict the processing of your Personal Information where, for example, the information is inaccurate or it is no longer necessary for us to process such information or where you have exercised your right to object to our processing;

- object to the processing of your Personal Information which may be exercised in certain circumstances, for example, where we are processing your Personal Information for direct marketing purposes, or where your own legitimate interests outweigh ours; and

- have your data ported to a new service provider if you no longer wish to use the Services.

You will not have to pay a fee to access your personal information or to exercise any of your other rights. But, we may charge a reasonable fee if fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

As a part of security measure and to ensure that personal information is not disclosed to any person we may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information. We may also contact you to ask you for further information in relation to your request to speed up our response.

Transfer Of Data

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.

If you are located outside United Kingdom and choose to provide information to us, please note that we transfer the data, including Personal Data, to United Kingdom and process it there.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

HeapX Limited will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

6. Disclosures

6.1. You agree that we have the right to share your Personal Information with:

- Any member of our group, which means our contractors, affiliates, employees, representatives, subsidiaries, our ultimate holding company and its subsidiaries.

- Our service providers, to the extent necessary to supply the Services to you.

- Selected third parties, including analytics and search engine providers that assist us in the improvement and optimization of the Services.

6.2. We will also disclose your Personal Information to third parties:

- If HeapX or substantially all of its assets are acquired by a third party, in which case Personal Information held by it about its customers will be one of the transferred assets.

- If we are under a duty to disclose or share your Personal Information in order to comply with any legal obligation, or in order to enforce or apply our Terms of Service and other agreements; or to protect the rights, property, or safety of us, our clients, or others. HeapX reserves the right to share current and historical bids, asks, and market prices; opening and closing range prices; high–low prices; trade prices; estimated and actual trade volumes; settlement prices; and other aggregate data and information related to the Digital Tokens traded on the Site.

Service Providers

We may employ third party companies and individuals to facilitate our Service ("Service Providers"), to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used.

These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

Analytics

We may use third-party Service Providers to monitor and analyze the use of our Service.

- Google Analytics

- Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.

- For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en

Links To Other Sites

Our Service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

7. Changes to this privacy policy

This Policy may be amended at our full discretion without prior notice. We encourage you to review it periodically in order to be aware of the changes we may have made. Also, any changes we make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Reading it carefully and checking for any modifications is your responsibility. By using the Website, you accept and agree to the Policy and the terms of use.

8. Contacting Us

If you have any questions about this Privacy Policy, the practices of this site, or your dealings with this site, please contact us:

- By email: [email protected] - By visiting this page on our website: www.heapx.io/contactus