Privacy Policy

Please read the following carefully to understand what data we collect, how that data is used and the ways it can be shared by us. If you do not wish for your Personal Information to be used in the ways described within this Privacy Policy then you should not access or use the Site or use the services, functions, or features offered from time to time on the Site.


This Privacy Policy explains how ( is a trade name of CoinFarm OÜ, a company incorporated and acting under the laws of Estonia, with registered number 14767047 and its legal address at Mäealuse 3a-11a, Mustamäe linnaosa, Tallinn, 12619, Harju maakond, Estonia) uses client’s Personal Data (defined below) company provides access and utility through our digital asset trading platform via software, API (application program interface), technologies, products and/or functionalities (“Service”). In the course of providing Service, to abide by the laws in the jurisdictions that the company operates, and to improve services, company needs to collect and maintain personal information about the client. As a rule, the company never discloses any personal information about our customers to any non-affiliated third parties, except as described below.

Company may update this Privacy Policy at any time by posting the amended version on this site including the effective date of the amended version.

Company communicates any material changes to this Privacy Policy via email.

This privacy policy applies to the Site and all Services offered by BitExChain.


Virtual Financial Asset

As used herein, “Virtual Financial Asset”, also called “convertible virtual currency,” “cryptocurrency,” or “digital goods”, such as bitcoin or ether, which is based on the cryptographic protocol of a computer network that may be

Centralized or decentralized,

Closed or open-source, and:

Used as a medium of exchange and/or store of value.

Personal Data

As used herein, “Personal Data” means any information relating to an identified or identifiable natural person, such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, economic, cultural or social identity of you as a natural person.

Collection of Personal Data

Company collects, processes, and stores Personal Data collected from you via client’s use of the Service or where client has given consent

This Personal Data may include contact details, copies of identification documentation provided by client or derived from publicly accessible databases, government identification number as well as information relating to devices or internet service (such as an IP address and a MAC number). Company collects information provided during the onboarding process, which may be a completed, incomplete, or abandoned process.

Where such processing of your personal data is not strictly necessary to perform our contractual obligations to you or to comply with legal requirements (such as in connection with providing financial services to you), we will use this personal data based on our legitimate interest to verify your identity, to respond to your inquiry, to contact you if we have any questions about your inquiry, to follow up on your inquiry, to process your registrations, applications or orders, to develop, enhance and improve our products and services, to bring you the best possible experience or to safeguard the security and stability of our services.

Company collects, uses, stores, and transfers Personal Data, which may include the following:

Operating within the European Economic Area (“EEA”).

Company collects, stores, and processes personal information in accordance with the Best Practices of Data Collection in the EU, in addition to GDPR [General Data Protection Regulation - (EU) REGULATION 679/2016].

Types of client defined in APPENDIX A.

We take the protection of your personal information seriously. We use industry-standard data encryption technology and have implemented restrictions related to the storage of and the ability to access your personal information. However, despite all of our efforts, please note that no transmission over the Internet or method of electronic storage can be guaranteed to be 100% secure.

Collection and Storing of Data Outside the EU

As outlined above, company may collect Personal Data from customers located in the EEA. To facilitate the services company provides to customers located in the EEA, company requests explicit consent for the transfer of Personal Data from the EEA to outside of the area. If client is an individual located in the EEA and declines to consent to such transfer, client will no longer be able to use company services.

Client will have the ability to withdraw digital assets; however, all other functionalities will be disabled.

Personal Data Usage

Company uses Personal Data to communicate with the client and to administer, deliver, improve, and personalize the Service. Company might also generate generic data out of any Personal Data collected and use it for company purposes.

Company may also use such data to communicate with you in relation to other products or services offered by company and/or its partners. Company does not share Personal Data with third parties (other than partners in connection with their services) except where client have given consent and further detailed below.

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for (i.e. the ongoing service provision) and, thereafter, for the purpose of satisfying any legal, accounting, tax, KYC and AML, and reporting requirements or obligations to which we may be subject and/or to the extent that we may also need to retain your personal data to be able to assert, exercise or defend possible future legal claims against or otherwise involving you.

Company may share Client’s Personal Data with third parties:

If company deems that sharing it is necessary to enforce the Terms of Service;

To comply with government agencies, including regulators, law enforcement and/or justice departments;

To third parties who provide services to the company (such as administration or technical services);

in connection with the sale or transfer of our business or any part thereof.

Additionally, company has implemented international standards to prevent money laundering, terrorist financing and circumventing trade and economic sanctions and will implement final Virtual Financial Asset rules and regulations when effective, which will likely require us to undertake due diligence on our customers.

This may include the use of third-party data and service providers which we will cross-reference with your personal information.

Storage of Personal Data

The data that company collects from the client may be transferred to, and stored at, a destination outside of the EU.

It may also be processed by staff operating outside of the EU who work for the company or for one of company suppliers. By submitting client personal data, client agrees to this transfer, storing or processing, except customers located in the EEA, as detailed above.

All information you provide to us is stored on company and/or third party cloud servers.

We apply adequate technical and organizational security measures, commensurate with the level of known risk, in order to protect the confidentiality and integrity of the personal data we collect on the website.

Access and Correction of Personal Data

Client has the right to obtain a copy of Personal Data upon request and ascertain whether the information company holds about client is accurate and up-to-date.

If any of the Personal Data is inaccurate, client may request to update the information. Client may also request to delete Personal Data, with exception that the company may refuse client deletion request in certain circumstances, such as compliance with law or legal purposes. For data access, correction, or deletion requests, please contact company.

In response to data access, correction, or deletion request, company will verify the requesting party’s identity to ensure that he or she is legally entitled to make such request. While company aims to respond to these requests free of charge, company reserve the right to charge client a reasonable fee should the request be repetitive or onerous.


Company may communicate company news, promotions, and information relating to our products and services provided. Company may share Personal Data with third parties to help with marketing and promotional projects, or sending marketing communications. By using our services, client accepts this Privacy Policy and agrees to receive such marketing communications.

Customers can opt out from these marketing communications at any moment. If you do not want to receive these communications, please send an email to [email protected]

For product related communications, such as policy/terms updates and operational notifications, client will not be able to opt out of receiving such information.

Information Security

10.1. While no online or electronic system is guaranteed to be secure, we take reasonable measures to help protect information about you from loss, theft, misuse, and unauthorized access, disclosure, alteration and destruction.

10.2. Company endeavors to protect clients from unauthorized access, alteration, disclosure, or destruction of Personal Data that the company collects and stores. Company take various measures to ensure information security, including encryption of the communications with SSL; required two-factor authentication for all sessions; periodic review of our Personal Data collection, storage, and processing practices; and restricted access to client’s Personal Data on a need-to-know bases for our employees and vendors who are subject to strict contractual confidentiality obligations.

10.3. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Contacting Company about Privacy Concerns

If client has any questions about this Privacy Policy or the use of Personal Data, please contact company by sending an email to the following address [email protected] with the subject “PRIVACY REQUEST”. We will certainly strive to deal with any complaint or grievance that you may have speedily and fairly.

Changes to Privacy Policy

Any changes made to company Privacy Policy in the future will be posted on this company website and, when appropriate, company will notify client by email.


We may use cookies to identify you from other users on the Site. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer or device. You can block or deactivate cookies in your browser settings. We use log-in cookies in order to remember you when you have logged in for a seamless experience. We use session cookies to track your movements from page to page and in order to store your selected inputs so you are not constantly asked for the same information. This Site uses Google Analytics which is one of the most widespread and trusted analytics solutions on the web for helping us to understand how you use the Site and ways that we can improve your experience. These cookies may track things such as how long you spend on the Site and the pages that you visit so we can continue to produce engaging content. By continuing to use the Site, you are agreeing to the use of cookies on the Site as outlined above. However, please note that we have no control over the cookies used by third parties. For further information on types of cookies and how they work visit


Definition of Clients

1. Individual clients:

Email address

Mobile phone number

Full legal name (including former name, and names in local language)


Passport number, or any government issued ID number

Date of birth (“DOB”)

Proof of identity (e.g. passport, driver’s license, or government-issued ID)

Residential address

Proof of residency

Additional Personal Data or documentation at the discretion of our Compliance Team

2. Corporate clients:

Corporate legal name (including the legal name in local language)

Incorporation/registration Information

Full legal name of all beneficial owners, directors, and legal representatives

Address (principal place of business and/or other physical locations)

Proof of legal existence

Description of the business

Percentage of ownership for Individual/corporate owners

Contact information of owners, principals, and executive management (as applicable)

Proof of identity (e.g., passport, driver’s license, or government-issued ID) for significant individual beneficial owner of the institutional customer entity

Personal Data for each entity’s significant beneficial owner of the institutional customer entity (see the “Individual Customer” section above for details on what Personal Data we collect for individuals)

Source of wealth

Amount of bitcoin or other digital assets projected to be injected