Privacy Policy
1. INTRODUCTION
PANDA Terminal (“PANDA Terminal”, “our“, “we” or “us” as applicable) provides tools that allow managing cryptocurrency holdings, including application program interface(s) (“Software”). Your privacy is important to us and therefore, it is our policy to respect your privacy and take appropriate measures to protect your personal data.
This privacy notice (“Notice”) explains how we process, including how we use, store and disclose your personal data when: (i) you visit or otherwise interact with our application, (ii) you (or the legal entity you represent) wish to register or have registered a user account, including agreeing to our Terms of Use, and using the Software; (iii) you subscribe to our newsletter and/or receive other direct marketing; (iv) communicate with us through our Website, App or other communication channels (e.g., by email or our official social media accounts); or (v) take any other actions on our Website, App, which entails us receiving and processing your personal data. The data we process may differ based on your interactions with us, so if anything here only applies to one specific use case, we’ll point this out to you.
This policy was prepared in the English language and, where any translation is made available, the English language version shall prevail in the event of any conflict, discrepancy or ambiguity between translations.
2. CONTROLLER
For the personal data processing purposes set out in this Notice, the controller of your personal data is PANDA Terminal.
In case of personal data protection related inquiries, including questions or comments about this Notice or if you wish to exercise your data subject’s rights, please contact us by writing to support@pandaterminal.com.
3. CATEGORIES AND SOURCES OF PERSONAL DATA
Personal data is any information that can be used to directly or indirectly uniquely identify you as a private individual. Anonymous data is not personal data, as it cannot be linked back to you. We may obtain and process the following categories of your personal data:
Category Personal Data Main Data For concluding and managing the contractual relationship with you or the legal entity you represent, we may process the following personal data: Name, e-mail address, the legal entity’s information you represent (e.g., name, address, registry code) (if applicable), user ID, data regarding account (e.g., internal and external activity IDs, results of the authentication), authentication and profile data received from third parties exchanges (e.g., ID, profile name and picture, e-mail). Billing Data For managing the contractual relationship and processing payments, we may process the following personal data: Main Data, billing information, including payment method details, including wallet address(es); results of payment checks (e.g., CVC and address check, third-party checks (null or pass)). Additionally, your contact phone number, and specific preferences regarding invoice names. Transaction Data For managing the contractual relationship and executing transactions, we may process the following personal data: API key and secret, exchange account data (e.g., exchange platform, account ID, deposit address, date when portfolio was generated), account status data (e.g., deleted, locked, hedge mode enabled), transaction data (e.g., transaction’s date, time, amount, currency action, order type, unique identifiers, transaction request and response). Communication Data If you communicate with us through our Website, App or other communication channels (e.g., by email or our official social media), we may process the following personal data depending on the channel you communicate with us: Main Data, your username on the platform through which you interact with us, conversation ID, date, time and contents of your message. Marketing Data For marketing purposes, we may process the following personal data: Main Data, Google Analytics client ID, information about interests, given and withdrawn consents, engagement data (e.g, actions made), responses to user surveys, data regarding sources (e.g., original source, identifiers including but not limited to Appsflyer ID, ad ID, media source, channel, campaign and Affise ID (also known as click ID)), data regarding performance of marketing campaigns and contents (e.g., UTM parameters), data regarding actions (e.g., email confirmation, subscription and bot activation, trade commencement). Technical Data When you visit our Website or App, or in any way use the Software, we may also collect data about the device you are using and automatically log standard data provided by your web browser or device, which may include your personal data: IP address, data about device (e.g., device type, language, model, unique device identifiers, operating system, session key), log data (e.g., referring URL, visitor ID number, date and time of visit, location data (down to city level), browser type, version and language, internet service provider). Usage Data When you visit our Website or App or in any way use the Software, we may process the following data, which may include your personal data: Main Data (user ID), data about actions made (e.g., user role, attributes to that action, error logs, web pages visited on Website). Cookie Data We use cookies to understand how you use the Website in order to optimise the Website and its functionalities. We may also utilise cookies when you use our application. Cookies may collect your personal data. To learn more about the cookies we use, please refer to our Cookies Notice.
4. PURPOSES OF PROCESSING AND LEGAL BASES
We process your personal data lawfully and in a transparent manner, including only where we have a legal basis for doing so. The legal basis for processing your personal data depends on the objective and context in which we collect personal data. The following depicts a descriptive list of processing purposes that are linked to the specific data categories and legal bases for processing:
Processing Purpose To fulfil (or take steps linked to) a service agreement with you. This includes: creating your account; verifying your identity; taking payments (and making refunds); allowing you to configure your alerts, integrate third party platforms, create and monitor trade instructions and information, implement algorithms and execute trading instructions, maintain your account and history, and monitoring positions, in each case in accordance with our policies and terms of service; communicating with you; and providing customer services. As required by JLabs Digital or third parties to conduct their business and pursue their other legitimate interests, in particular: to provide services you have requested; to monitor, improve and protect the services we provide (on our own or with others), in particular by looking at how they are used, testing alternatives, and by learning from feedback and comments you provide; to personalise our services and user interfaces; by maintaining and sharing de-identified records of market data, including trading records, for monitoring and research purposes (including by third parties); to monitor customer accounts to prevent, investigate and/or report misconduct such as spam, misrepresentation, security incidents, market manipulation, or crime (such as fraud), in accordance with applicable law, and to cooperate with authorities seeking to do the same; to investigate any complaints received from you or from others; in connection with legal claims, compliance, regulatory, or investigative purposes (including disclosure in connection with legal process or litigation); and to invite individuals to take part in market research and beta tests. Where you give us consent (so far as that consent is required): we will send you direct marketing in relation to our relevant products and services, or other products and services provided by us and carefully selected partners; we place cookies, monitor email engagement, and use other similar technologies in accordance with our cookies policy and the information provided to you when those technologies are used; on other occasions where we ask you for consent, we will use the data for the purpose which we explain at that time. For purposes which are required by law, in particular: in response to requests by relevant courts and public authorities, such as those conducting an investigation.
We may process your personal data for other purposes, provided that we disclose the purposes and use to you at the relevant time, and that you either consent to the proposed use of the personal data, other legal grounds exist for the new processing purposes, or the new purpose is compatible with the original purpose brought out above
5. RECIPIENTS OF PERSONAL DATA AND DATA TRANSFERS
We may disclose your personal data to separate controllers, who process your personal data for their own purposes, and processors, who process your personal data on our behalf to help us. These data recipients belong to the following categories:
Category Purpose of disclosure Public sector authorities, supervisory and law enforcement authorities To fulfil our statutory obligation, a court order, to establish, exercise or defend our legal rights or in other cases where this is necessary to prevent and deter unlawful acts. Professional advisors To ensure our proper economic activity and to establish, exercise or defend our legal rights. For example: auditors, legal advisors. Our legal successors and/or potential acquirers of the company To successfully transfer our business or for the purposes of merger and/or acquisition, we would include data among the assets transferred to any parties who acquire us. Group companies For organisational and operational management in order to ensure unified work and strategy across all group companies. Third-Party Services To provide user-selected access to relevant external content, applications, and services, as specified in our Terms of Use. For example: dynamic xyz Service providers To help us in providing the services, including our Website, App and overall Software, to you. For example, the service providers in the following categories:
core service providers - who manage and optimise our primary operations and technical infrastructure, which we need to provide you with our services. They also assist us in protecting and securing our systems and services;
payment service providers - who help us to accept payments by processing them;
marketing and advertising service providers (partners) - who enable us to customise the advertising content you may receive, deliver relevant ads and promotional messages, including promotional email campaigns;
data analytics and traffic attribution service providers - who help us understand the performance of our services, including identifying the sources you come from and improve our offerings and user experience.
6. SECURITY OF YOUR PERSONAL DATA
We take reasonable technical and organisational security measures designed to protect your personal data against accidental or unlawful destruction, loss or alteration, unauthorised disclosure, abuse or other processing in violation of applicable law. These measures vary based on the sensitivity of the personal data we process and the current state of technology.
However, please be advised that no security measure can be 100% effective, and we cannot guarantee the security of your data, including against unauthorised acts, access, hacking or data breaches by third parties.
We also encourage you to take measures to ensure the safety of your personal data, including protecting your account. We also advise you to make sure of your device security and avoid using public unencrypted internet connection spots.
7. PERSONAL DATA RETENTION PERIODS
Personal data category Retention period Main Data and Billing Data relating to transactions 7 years from the end of the financial year when the respective transaction took place, to comply with our obligations arising from applicable laws. Other Main Data, Billing Data and Transaction Data relating to the taking and implementing the pre-contractual measures of the potential Terms of Use to be concluded between us or performing the Terms of Use concluded between us 3.5 years from the termination of the Terms of Use, including deletion of User Account, under our legitimate interests to establish, exercise, or defend against potential legal claims. In case we have reasonable doubt that a party has breached the contractual relationship between us intentionally, we may prolong such retention period for a maximum of 10 years. Communication Data 3.5 years from the moment the respective communication-flow was closed, under our legitimate interests to establish, exercise, or defend against potential legal claims. In case we have reasonable doubt that a party has breached the contractual relationship between us intentionally, we may prolong such retention period for a maximum of 10 years. Marketing Data 30 days after the termination of the Terms of Use, including deletion of the User Account, or upon withdrawal of consent. In case the legal basis for processing your Personal Data is consent and you decide to withdraw the consent, we will stop processing the personal data for the previously communicated purpose, however, we will retain a note regarding your withdrawal of consent for the purposes of administering your decision and our data processing activities at least for a period of 3 years. Technical Data and Usage Data 30 days as of the collection of such data.
8. YOUR RIGHTS AS A DATA SUBJECT
Depending on applicable law (in particular, whether the laws of the UK or EEA countries apply), you may have the right to ask us for a copy of personal data about you; to correct or delete that personal data; restrict the processing of that personal data; and to obtain a copy of personal data about you that you provided to us (in connection with our agreement with you, or with your consent), in a structured, machine readable format, and to ask us to port this data to (i.e. share that data with) another organisation.
In addition, applicable law may provide the right to object to the processing of personal data about you, in some circumstances (in particular, where we don't have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing).
You have the right to appeal the result of significant fully automated decisions. This should be done by emailing us within 3 working days from the date of the decision, which we will then review.
If these rights apply, they may however be limited, for example if fulfilling your request would reveal personal data about another person, would infringe the rights of another person or legal entity (including our rights), or if you ask us to delete or change data which we are required by law to keep (or have other compelling legitimate interests in keeping). We will inform you of relevant exemptions we rely upon when responding to any request you make.
To exercise any of these rights, or to obtain other information, such as a copy of a legitimate interests balancing test, you can get in touch using the details set out below. If you have unresolved concerns, you typically have the right to complain to regulators, depending on applicable law. For example, in the EEA, your complaint can likely be taken to data protection authorities where you live, work or where you believe a breach may have occurred.
9. OTHER JURISDICTIONS
You may also have certain additional rights regarding the information we hold about you under other data protection and privacy laws. Please contact us at support@pandaterminal.com about your specific situation for more information.
10. EXTERNAL LINKS
Our Website and App may link to external sites that are not operated by us, or offer access to apps and services not under our operation or control. Therefore, this Notice applies solely to the personal data we may collect or receive from these third-party sources, but does not apply to data processing conducted by such third parties. Please be aware that we neither endorse nor have any control over the content and policies of those sites, apps or services, and thus cannot accept responsibility or liability for their respective practices. To find out more about how such third parties process your personal data, please refer to the respective privacy notices on the other websites you visit, or apps and services you use.