OKX WEB3 ECOSYSTEM Privacy Notice

Published on 5 Dec 2022

Last Updated: 28 November 2023

1. INTRODUCTION

Thank you for visiting https://www.okx.com/web3 (“Website”). OKX (as defined below) provides this Privacy Notice Statement to describe our practices regarding the collection, storage, use, disclosure and other processing of Personal Data (as defined below). By visiting, accessing, or using the Website and associated application program interfaces or mobile applications (the “OKX Web3 Platform”), you (a) acknowledge that you have the right, capacity and authority to accept this Privacy Notice Statement (the “Privacy Notice”); (b) acknowledge that you have read and understand this Privacy Notice and (c) consent to the policies and practices outlined in this Privacy Notice. So please read them carefully to understand what we do.

This Privacy Notice explains what Personal Data we collect, why we collect it, how such Personal Data is used and stored, how such data may be disclosed by us, rights you may have, and how you can contact us about our privacy practices. If you do not wish for your Personal Data to be used in the ways described in this Privacy Notice, you shall not use this OKX Web3 Platform, technologies, products or functionalities offered by the OKX Web3 Platform (collectively, the “Web3 Services”).

2. CONTROLLER AND CONTACT DETAILS

The OKX Web3 group is made up of different legal entities, details of which can be found in the below table (“OKX”, “we”, “us” or “ours”). OKX acts as a controller of your Personal Data where we determine how and why Personal Data can be used, and the OKX entity is the primary controller of your Personal Data. This Privacy Notice does not apply where we act as a processor or service provider to another controller.

Relevant OKX entity Who you are Relevant DPO Email
OKX Technology Services Pte. Ltd. All user using the Web3 Services dposg@okx.com

3. DEFINITIONS

DPO means the relevant OKX data protection officer responsible for data protection and that may be contacted at the relevant email address set out in Section 2 above.
Personal Data means any information relating to an identified natural person, or one who can be identified directly or indirectly by way of linking data, using identifiers such as name, voice, picture, identification number, online identifier, geographic location, or one or more special features that express the physical, psychological, economic, cultural or social identity of such person. Personal Data does not include data where the identity has been irreversibly removed (anonymous data).

4. WHAT PERSONAL DATA WE COLLECT, HOLD AND PROCESS, AND HOW WE COLLECT IT

OKX collects, processes, and stores Personal Data via your use of the OKX Web3 Platform and/or Web3 Services or where you have given your consent.

To understand how OKX protects the data it collects from its users, please see Section 13 (Information Security) below.

We collect information you provide when the OKX Web3 Platform and/or the Web3 Services are used. We also collect Personal Data when you communicate with us through our Customer Support or when you conduct a transaction on the OKX Web3 Platform. We may actively or automatically collect, use, store, process or transfer your Personal Data, which may include, without limitation, the following:

  • Commercial information such as data related to transactions conducted on the OKX Web3 Platform and balances in the wallets connected to the OKX Web3 Platform;

  • Correspondence information such as communication with our Customer Support team and response to user survey; and

  • Other identifiers such as IP address, MAC number, geolocation information, unique device identifiers and session information for the devices used to access the OKX Web3 Platform and/or Web3 Services.

We may also use third parties to analyze traffic on our Website, which may involve the use of Cookies (additional information on Cookie Usage is set out in Section 12 below). Information collected through such analysis is not anonymous.

5. WHAT INFORMATION WE NEVER COLLECT

When you use the OKX Web3 Platform and/or Web3 Services, we NEVER COLLECT OR STORE:

  • The password to your wallet on the OKX Web3 Platform

  • Your private key shards if you have a keyless wallet (MPC wallet)

  • Your private key and seed phrase (mnemonic phrase) if you have any other wallet

6. WHO WE COLLECT PERSONAL DATA ABOUT

The Personal Data we may collect, process and hold includes (but is not limited to) Personal Data about users of the OKX Web3 Platform or our Web3 Services.

7. HOW WE PROCESS YOUR PERSONAL DATA

OKX processes Personal Data to administer, deliver, improve, and personalize the Services for you and to comply with our legal and regulatory obligations. We also may process such data to communicate with you to consider any concerns or complaints you may have on products or services offered by OKX and/or its partners.

We may use and disclose your Personal Data for any of these purposes. We may also use and disclose Personal Data for secondary purposes which are related to the primary purposes set out in this section, or in other circumstances authorized by the law.

Below are specific ways in which we may process your Personal Data:

  • Provide you with our Web3 Services. We use your Personal Data to provide you with our Web3 Services, including but not limited to personalizing our Web3 Services to you, pursuant to our terms of service.

  • Detect and prevent fraud. Your Personal Data is used to detect and prevent fraud.

  • Protect the security of our Web3 Services. We process your Personal Data, such as information about your device and activity, to maintain the security of the OKX Web3 Platform.

  • User/customer support. We process your Personal Data when you contact our Customer Support team to help us address your questions and carry out your instructions.

  • Enhance our Web3 Services. We process your Personal Data to understand how our Web3 Services are being used to improve our Web3 Services and develop new Web3 Services.

  • Consent. We may use your Personal Data for additional purposes with your consent.

  • Other business purposes. We may use your Personal Data for other reasonably expected business purposes as permitted by law or when required to comply with our legal obligations.

Processing Personal Data Without Consent

If you do not provide us with consent to process your Personal Data, we may still process your Personal Data under one of the following bases:

  • Public interest. We will process your Personal Data without your consent where it is necessary to protect the public interest.

  • Legal Proceedings. We will process your Personal Data without your consent where it is necessary to initiate or defend legal proceedings or in relation to judicial or security procedures.

  • Protection of your interests. We will process your Personal Data without your consent where it is necessary to protect your interests.

  • Performance of a contract. We will process your Personal Data without your consent where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract; we use this basis for provision of our Web3 Services.

  • Compliance with a legal obligation. We will process your Personal Data without your consent where we need to comply with a legal obligation we are subject to.

To Whom We Might Disclose Personal Data

OKX may disclose Personal Data to:

  • Members of our corporate group, which includes our subsidiaries, holding companies and companies under common control including their respective contractors, affiliates, employees or representatives.

  • Our service providers and other third parties which assist us in providing Web3 Services to you and/or as required or permitted by law or professional standards including, for example, customer support, data analytics, information technology, data processing, network infrastructure, and storage.

  • Entities in connection with corporate transactions involving OKX, including any financing, acquisition or dissolution proceedings which involve disclosing a certain portion or all of our business or assets.

  • Government entities or other parties to legal process, including law enforcement agencies and authorities, officers, regulators or other third parties to comply with any law, court order, subpoena or government request.

  • Professional advisors, including legal, accounting or other consulting services for purposes of audits or to comply with our legal obligations.

Other than as set out in this Privacy Notice, OKX does not disclose your Personal Data with any other third parties unless required to do so by law or legal reporting obligations. The OKX Web3 Platform may contain links to other third-party websites, services and applications where their own privacy policies may apply and OKX is not responsible for the privacy policies of such third-party websites, services and applications. If we disclose your Personal Data to service providers that perform business activities for us, they may only use your Personal Data for the specific purpose for which we supply it. We will take reasonable steps to ensure that all contractual arrangements with third parties and/or their legal obligations adequately address compliance with applicable privacy laws.

8. HOW WE STORE YOUR PERSONAL DATA

We recognize the importance of securing the Personal Data of our users. We take steps to ensure your Personal Data is protected from misuse, loss, and unauthorized access, modification, interference or disclosure. Your Personal Data is generally stored in our or our affiliates’ computer databases and/or with third party storage providers. In relation to information that is held on our computer database, we apply data security guidelines to ensure that your Personal Data is managed securely.

For more information, please refer to Section 13 (Information Security) below.

The Personal Data that we collect from you may be transferred to, and stored at, a destination outside of the country of your residence. It may also be processed by staff operating outside of your residence who work for us or for one of our service providers. By submitting your Personal Data, you expressly consent to this transfer, storing or processing.

We retain your Personal Data for as long as is reasonably necessary to provide services to you, for our legitimate business purposes, and to comply with our legal and regulatory obligations.

9. TRANSFERRING INFORMATION TO OTHER COUNTRIES

The OKX Web3 group operates a global business and Personal Data may be stored and processed in any country where we have operations or where we engage service providers. We may disclose information to third party storage providers or affiliates that are located outside your country of residence or disclose to third-party storage providers or affiliates that are located outside your country or residence.

We may transfer Personal Data that we maintain about you to recipients in countries other than the country in which the Personal Data was originally collected. Those other countries may have data protection or privacy rules that are different from those of your country. However, we will take measures to ensure that any such transfers comply with applicable data protection laws and that your Personal Data remains protected to the standards described in this Privacy Notice. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Data. By communicating electronically with OKX, you acknowledge and agree to your Personal Data being processed in this way.

10. ACCESS, CORRECTION, AND DELETION OF YOUR PERSONAL DATA

Subject to exceptions set out in the law, you have the right to obtain a copy of your Personal Data upon request and ascertain whether the information we hold about you is accurate and up-to-date. We will provide access within 30 days of your request. If we refuse to provide the information, we will provide reasons for the refusal.

We will carry out necessary confirmations in order to verify that you are the person legally entitled to make such a request and specification of what information is required before providing you with access. If any of your Personal Data is inaccurate, you may request to update your information. Where we are satisfied that the request to update the information is accurate, we will take reasonable steps to correct the information within 30 days, unless you agree otherwise. You may also request to delete your Personal Data, with the exception that we may refuse your deletion request in certain circumstances, such as compliance with law or legal purposes. For data access, correction, or deletion requests, or to request withdrawal of your previously provided consent, please send an email with your request to the relevant email address set out in Section 2 above with the subject “DATA INQUIRY REQUEST”.

11. CHILDRENS’ PERSONAL DATA

OKX does not knowingly offer services to or collect the Personal Data of anyone under the age of 18. If we learn that we have collected Personal Data of anyone under the age of 18, we will promptly delete it from our systems. If you are aware of anyone under the age of 18 using our Services, please notify us so we can take prompt action to prevent access to our Services.

12. COOKIE USAGE

While you access our Website we may use the industry practice of placing a small amount of data that will be saved by your browser (“Cookies”). This information can be placed on your computer or other devices used to visit our Website. We use Cookies to enhance your experience of using our Website. The information is used to identify users, remember user preferences and allow users to complete tasks without having to re-enter information when browsing from one webpage to another or when re-visiting our Website at a later date. We also use Cookies to collect and analyze website usage data, related to user use and patterns. This data is used to improve our Website and enhance users ‘experience.

Set up, you can set your browser to block or alert you about these Cookies, but this may affect the functionality of the Web3 Services or your user experience. Session Cookies are added when a user starts to browse our Website or interacts with a specific feature and are deleted when the browser is closed. Persistent Cookies are added when a user starts to browse our Website or interacts with a specific feature but may remain stored on your device until a certain termination date is reached.

13. INFORMATION SECURITY

We have put in place appropriate information security measures to prevent your Personal Data from being accidentally lost, accessed, altered, disclosed, used or destroyed in an unauthorized way (or other similar risks). We take various measures to ensure information security, including encryption of the OKX Web3 Platform communications; periodic review of our Personal Data collection, storage, and processing practices; and restricted access to your Personal Data on a need-to-know basis for our employees and vendors who are subject to strict contractual confidentiality obligations.

If you have any questions about information security or report any security issues, please contact us by sending an email to the relevant email address set out in Section 2 above with the subject “INFORMATION SECURITY REQUEST”.

14. CONTACTING OKX ABOUT PRIVACY QUESTIONS OR CONCERNS

If you have any questions about this Privacy Notice or the use of your Personal Data, please contact us by sending an email to the relevant email address set out in Section 2 above with the subject “PRIVACY REQUEST”.

When handling requests to exercise your privacy rights, we will carry out necessary confirmations in order to verify that the requesting party is the person legally entitled to make such a request. While we endeavor to respond to these requests free of charge, should your request be repetitive or unduly onerous, we reserve the right to charge you a reasonable fee (if applicable) for compliance with your request. To exercise your privacy rights, please send an email with your request to the relevant email address set out in Section 2 above with the subject “DATA INQUIRY REQUEST”.

15. CHANGES TO OUR Privacy Notice

We may update this Privacy Notice at any time by posting the amended version on the OKX Web3 Platform including the effective date of the amended version, so please check frequently to see if there are any updates and changes. Your continued access to or use of the OKX Web3 Platform and/or the Web3 Services constitutes your acknowledgment and acceptance of such changes to this Privacy Notice.

16. LANGUAGES

This Privacy Notice may be posted in different languages. If there are any discrepancies, the English version shall prevail.