Privacy Notice - OKX Middle East Fintech FZE

Published on Sep 17, 2024

1. INTRODUCTION

Thank you for visiting OKX.com ("OKX"), a digital asset trading website, which is provided by OKX Middle East Fintech FZE. OKX as a/the data controller, provides this OKX Middle East Fintech FZE Privacy Notice (the “Privacy Notice”) to describe our practices regarding the collection, storage, use, disclosure and other processing of Personal Data (defined below). By visiting, accessing, or using OKX.com and associated application program interfaces or mobile applications, you (a) acknowledge that you have the right, capacity and authority to accept this Privacy Notice; (b) acknowledge that you have read and understand this Privacy Notice and (c) consent to the policies and practices outlined in this Privacy Notice. So please read them carefully to understand what we do.

This Privacy Notice explains what data we collect, why we collect it, how such data is used and stored, how such data may be shared by us, rights you may have, and how you can contact us about our privacy practices. If you do not wish your Personal Data (as defined below) to be used in the ways described in this Privacy Notice, you shall, shall not use this Site or any services, software, API (application program interface), technologies, products and/or functionalities offered by this Site (collectively, the “Service”).

2. DEFINITIONS

Data Protection Officer means the OKX Data Protection Officer responsible for data protection and that may be contacted at dpo@okx.com
Digital Asset means a digital asset (also called a “virtual financial asset”, “convertible virtual currency”, “cryptocurrency”, “virtual currency”, “digital currency”, “digital commodity”, or “digital payment token”), such as bitcoin or ether, which is based on the cryptographic protocol of a computer network that may be (i) centralized or decentralized, (ii) closed or open-source, and (iii) used as a medium of exchange and/or store of value.
Personal Data means any information relating to an identified natural person (a “Data Subject”), or one who can be identified directly or indirectly by way of linking data, using identifiers such as name, voice, picture, identification number, online identifier, geographic location, or one or more special features that express the physical, psychological, economic, cultural or social identity of such person. It does not include data where the identity has been removed (anonymous data). This includes Sensitive Data or Sensitive Information.
Sensitive Information means any data that directly or indirectly reveals a natural person's family, racial origin, political or philosophical opinions, religious beliefs, criminal records, biometric data, or any data related to the health of such person, such as his/her physical, psychological, mental, genetic or sexual condition, including information related to health care services provided thereto that reveals his/her health status.

3. WHAT PERSONAL DATA WE COLLECT AND HOLD, AND HOW WE COLLECT IT

OKX collects, processes, and stores Personal Data via your use of the Service or where you have given your consent. This Personal Data may include contact details, copies of identification documentation provided by you or derived from publicly accessible databases, your government identification number as well as information relating to your device or internet service (such as an IP address and a MAC number).

To understand how OKX protects the data it collects from its users, please see the details below.

Furthermore, we conduct business and collect Personal Data from individuals and entities located within the United Arab Emirates (“UAE”). We are required to protect Personal Data processed in the UAE in accordance with the applicable UAE data protection laws. To understand more about how we protect the data collected from individuals and entities located within the UAE, please see the sections below entitled “Additional Information For Persons Subject To The UAE Data Protection Law”.

We collect information you provide during the OKX on-boarding process, which may be a completed, incomplete, or abandoned process. We also collect Personal Data when you communicate with us through customer support, subscribe to marketing communications, correspond with us by phone, email, or other communication channels, or when you conduct a transaction on our website. We may actively or automatically collect, use, store, or transfer your Personal Data, which may include, without limitation, the following:

  • Personal identification information such as name, email, phone number, nationality, date of birth, address, and government identification information;

  • Institutional details such as corporate legal name, corporate registration information, government identification number, proof of identity and legal existence, address, business description, and beneficial owner information;

  • Commercial information such as data related to transactions conducted on the Site;

  • Financial information such as bank account information;

  • Correspondence Information such as communication with our Customer Support team and response to user survey;

  • Information required by regulatory agencies such as state and federal licensing authorities and consumer protection agencies; and

  • Other identifiers such as device fingerprint data, IP address, and geolocation information.

We may also collect Personal Data about you from a third party, such as electronic verification services, referrers, marketing agencies or liquidity providers. If so, we will take reasonable steps to ensure that they are made aware of applicable privacy laws. We may also use third parties to analyze traffic at our website, which may involve the use of cookies. Information collected through such analysis is not anonymous.

We will not collect Sensitive Information about you without your consent, unless an exemption or exception applies. These exemptions or exceptions include if the collection is required or authorized by law, or necessary to take appropriate action in relation to suspected unlawful activity or serious misconduct.

If the Personal Data we request is not provided by you, we may not be able to provide you with the benefit of our Services or meet your needs appropriately. Accordingly, we do not give you the option of dealing with us anonymously or under a pseudonym.

4. UNSOLICITED PERSONAL DATA

We may receive unsolicited Personal Data about you. We destroy or de-identify all unsolicited Personal Data we receive, unless it is relevant to the purposes stated in this Privacy Notice for collecting Personal Data. We may retain additional information we receive about you if it is combined with other information we are required or entitled to collect. If we do this, we will retain the information in the same way we hold your other Personal Data.

5. WHO WE COLLECT PERSONAL DATA ABOUT

The Personal Data we may collect, and hold includes (but is not limited to) Personal Data about users, potential users, service providers or suppliers of the Site or our Service, prospective employees, employees and contractors and other third parties with whom we come into contact.

6. HOW WE USE YOUR PERSONAL DATA

OKX uses Personal Data to administer, deliver, improve, and personalize the Service for you and to comply with our legal and regulatory obligations. We also may use such data to communicate with you in relation to other products or services offered by OKX and/or its partners to consider any concerns or complaints you may have.

We may use and disclose your Personal Data for any of these purposes. We may also use and disclose Personal Data for secondary purposes which are related to the primary purposes set out in this section, or in other circumstances authorized by the law.

Sensitive Information will be used and disclosed for the purpose for which it was provided (or a directly related secondary purpose), unless you explicitly consent otherwise, or an exemption under law applies. Below are specific ways in which we may process your Personal Data:

  • Provide you with our Services. We use your Personal Data to provide you with our Services pursuant to our contractual agreement. For example, we need to know certain financial information to conduct fiat transfers into and out of your account.

  • Detect and prevent fraud. Your Personal Data is used to detect and prevent fraud. Protect the security of our Services. We process your Personal Data, such as information about your device and activity, to maintain the security of your account and our exchange.

  • User/customer support. We process your Personal Data when you contact our Customer Support team to help us address your question.

  • Enhance our Services. We process your Personal Data to understand how our products and services are being used to improve our services and develop new products.

  • Product marketing. We process your Personal Data to identify our products and services that we believe may be of interest to you. We may contact you about them. You may opt out of marketing communications with us at any time. If you do not want to receive these communications, please send an email to dpo@okx.com with the subject “OPT OUT”.

  • Consent. We may use your Personal Data for additional purposes with your consent.

  • Other business purposes. We may use your Personal Data for other reasonably expected business purposes as permitted by law or required to comply with our legal obligations.

Processing Data Without Consent

If you do not provide us with consent to process your Personal Data, we may still process your Personal Data under one of the following bases:

  • Public interest: we will process your data without your consent where it is necessary to protect the public interest;

  • Legal Proceedings: we will process your data without your consent where it is necessary to initiate or defend legal proceedings or in relation to judicial or security procedures;

  • protection of your interests: we will process your data without your consent where it is necessary to protect your interests;

  • performance of a contract: we will process your data without your consent where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract; we use this basis for provision of our Services; and

  • compliance with a legal obligation: we will process your data without your consent where we need to comply with a legal obligation we are subject to.

To Whom We Might Disclose Personal Data

OKX may disclose Personal Data to:

Members of our corporate group, which includes our subsidiaries, holding companies and companies under common control including their respective contractors, affiliates, employees or representatives.

  • Our service providers and other third parties who assist us in providing Service to you and/or as required or permitted by law or professional standards including, for example, payment processing, customer support, data analytics, information technology, data processing, network infrastructure, storage and tax reporting;

  • Entities in connection with corporate transactions involving OKX, including any financing, acquisition or dissolution proceedings which involve disclosing a certain portion or all of our business or assets;

  • Government entities or other parties to legal process, including law enforcement agencies and authorities, officers, regulators or other third parties to comply with any law, court order, subpoena or government request;

  • Professional advisors, including legal, accounting or other consulting services for purposes of audits or to comply with our legal obligations.

Consent. We may share or disclose your information with your consent; and Other business purposes as permitted by law or required to comply with our legal obligations.

Other than as disclosed in this Privacy Notice, OKX does not share your Personal Data with any other third parties unless required to do so by law or legal reporting obligations. This Site may contain links to other third-party websites where their own privacy policies may apply and OKX is not responsible for the privacy policies of such third-party websites.

If we disclose your Personal Data to service providers that perform business activities for us, they may only use your Personal Data for the specific purpose for which we supply it. We will take reasonable steps to ensure that all contractual arrangements with third parties adequately address compliance with applicable privacy laws. Additionally, we have implemented standards to prevent money laundering, terrorist financing and circumventing trade and economic sanctions compliant with their respective local jurisdictions as applicable, which requires us to undertake due diligence on our users. This may include the use of third-party data and service providers which will cross-reference your Personal Data for identity verification, fraud detection and prevention, transaction monitoring, credit verification and security threat detection.

7. HOW WE STORE YOUR PERSONAL DATA

We recognize the importance of securing the Personal Data of our users. We take steps to ensure your Personal Data is protected from misuse, interference or loss, and unauthorized access, modification or disclosure. Your Personal Data is generally stored in our or our affiliates ‘computer databases and/or with third party storage providers. In relation to information that is held on our computer database, we apply data security guidelines to ensure that your Personal Data is managed securely.

For more information, refer to the section "Information Security" below.

The data that we collect from you may be transferred to, and stored at, a destination outside of the country of your residence. It may also be processed by staff operating outside of your residence who work for us or for one of our suppliers. By submitting your Personal Data, you expressly consent to this transfer, storing or processing, except users located in the UAE, as detailed in the section below “Collection and Transfer of Data Outside of the UAE”.

We retain your Personal Data for as long as is reasonably necessary to provide services to you, for our legitimate business purposes, and to comply with our legal and regulatory obligations. If you close your account with us, we will continue to retain your Personal Data as necessary to comply without legal and regulatory obligations. For example, we are subject to certain anti-money laundering laws which require us to retain records we used to comply with our client identification and due diligence obligations for a period of 8 years after our business relationship with you has ended.

8. SENDING INFORMATION TO OTHER COUNTRIES

OKX is a global business and Personal Data may be stored and processed in any country where we have operations or where we engage service providers. We may disclose information to third party storage providers or affiliates that are located outside your country of residence or disclose to third-party storage providers or affiliates that are located outside your country or residence. These recipients may be located in the following countries: EU and the USA.

We may transfer Personal Data that we maintain about you to recipients in countries other than the country in which the Personal Data was originally collected. Those other countries may have data protection or privacy rules that are different from those of your country. However, we will take measures to ensure that any such transfers comply with applicable data protection laws and that your Personal Data remains protected to the standards described in this Privacy Notice. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Data. By communicating electronically with OKX, you acknowledge and agree to your Personal Data being processed in this way.

In relation to United Arab Emirates (“UAE”) users, we will apply a level of protection to the Personal Data transferred outside UAE that is at least comparable to the protection provided under each of the following (collectively, the “Transfer Regulations”): (a) the Federal Decree-Law No. 45 of 2021 regarding the Protection of Personal Data (“PDPL”); (b) any applicable laws of the other countries to which your Personal Data will be transferred; and (c) this Privacy Notice. We will apply the greater standard of protection to the transferred Personal Data if any Transfer Regulation provides a greater standard of protection than another Transfer Regulation.

Collection And Transfer Of Data Outside Of The UAE

As discussed above, we collect Personal Data from users located in the UAE. To facilitate the Services, we may transfer your Personal Data outside the UAE.

If you are in the UAE, we comply with applicable laws to provide an adequate level of data protection for the transfer of your Personal Data to other countries outside of the UAE.

In the event that we transfer your Personal Data outside of the UAE, we ensure that a similar degree of protection is afforded to your Personal Data. We set out below the mechanisms which permit us to transfer your Personal Data outside the UAE.

Countries Certain countries we transfer data to are on the UAE list of countries that provide an adequate level of protection for Personal Data or may have a bilateral or multilateral agreement with the UAE in respect to protecting Personal Data. Such countries are deemed safe countries.

Where the country is not deemed a safe country, we ensure one of the following safeguards:
  • Contractual arrangements with third parties requiring them to implement measures as required under the UAE PDPL;
  • You provide us with express consent for the transfer of your Personal Data; or
  • The purpose of the transfer of your Personal Data is: a) to fulfill obligations and establish, exercise or defend rights before judicial authorities; b) for us to enter into or execute a contract with you; c) for us to enter into or execute a contract with a third party to achieve your interests; d) to perform a procedure relating to international judicial cooperation; or e) to protect the public interest;
Assessment We may assess the availability of adequate legal bases for transfers outside the UAE in order to transfer your Personal Data.
Consent You expressly consent to such transfer in writing. You are already deemed to have done so by using OKX’s services.

9. ACCESS, CORRECTION, AND DELETION OF YOUR PERSONAL DATA

Subject to exceptions set out in the law, you have the right to obtain a copy of your Personal Data upon request and ascertain whether the information we hold about you is accurate and up-to-date. We will provide access within 30 days of your request. If we refuse to provide the information, we will provide reasons for the refusal. We may require identity verification and specification of what information is required before providing you with access. If any of your Personal Data is inaccurate, you may request to update your information. Where we are satisfied that the request to update the information is accurate, we will take reasonable steps to correct the information within 30 days, unless you agree otherwise. You may also request to delete your Personal Data, with the exception that we may refuse your deletion request in certain circumstances, such as compliance with law or legal purposes. For data access, correction, or deletion requests, or to request withdrawal of your previously provided consent, please contact dpo@okx.com with the subject “DATA INQUIRY”.

In response to data access, correction, or deletion requests, we will verify the requesting party’s identity to ensure that he or she is legally entitled to make such request. While we aim to respond to these requests free of charge, we reserve the right to charge you a reasonable fee should your request be repetitive or onerous. Please note that you may not be able to continue receiving the Services, depending on the extent of your withdrawal of consent.

10. CHILDRENS’ PERSONAL DATA

OKX does not knowingly offer services to or collect the Personal Data of anyone under the age of 18. If we learn that we have collected Personal Data of anyone under the age of 18, we will promptly delete it from our systems. If you are aware of anyone under the age of 18 using our Services, please notify us so we can take prompt action to prevent access to our Services.

11. MARKETING

We may only use Personal Data we collect from you for the purposes of direct marketing without your consent if the Personal Data does not include Sensitive Information, you would reasonably expect us to use or disclose the information for the purpose of direct marketing, we provide a simple way of opting out of direct marketing and you have not requested to opt out of receiving direct marketing from us.

If we collect Personal Data about you from a third party, we will only use that information for the purposes of direct marketing if you have consented (or it is impracticable to obtain your consent) and we will provide a simple means by which you can easily request not to receive direct marketing communications from us. We will draw your attention to the fact you may make such a request in our direct marketing communications.

You have the right to request us not to use or disclose your Personal Data for the purposes of direct marketing, or for the purposes of facilitating direct marketing by other organizations. We must give effect to the request within a reasonable period of time. You may also request that we provide you with the source of the information. If such a request is made, we must notify you of the source of the information free of charge within a reasonable period of time.

We may communicate company news, promotions, and information relating to our products and services provided by OKX. We may share Personal Data with third parties to help us with our marketing and promotional projects or sending marketing communications.

Users can opt out from these marketing communications at any time. If you do not want to receive these communications, please send an email to dpo@okx.com

For product related communications, such as policy/terms updates and operational notifications, you will not be able to opt out of receiving such information.

12. COOKIE USAGE

While you access our website, i.e., www.okx.com, we may use the industry practice of placing a small amount of data that will be saved by your browser (“Cookies”). This information can be placed on your computer or other devices used to visit our Site. We use Cookies to enhance your experience of using our Site. The information is used to identify users, remember user preferences and allow users to complete tasks without having to re-enter information when browsing from one webpage to another or when re-visiting the Site at a later date. We also use Cookies to collect and analyze Site usage data, related to user use and patterns. This data is used to improve our Site and enhance users ‘experience. We may also use the information collected to ensure compliance with our regulatory and Anti-Money Laundering (“AML”) requirements, and to ensure your account security has not been compromised by detecting irregular, suspicious, or potentially fraudulent account activities.

Set up, you can set your browser to block or alert you about these cookies, but this may affect the functionality of OKX services or your user experience. Session cookies are added when a user starts to browse our Site or interacts with a specific feature and are deleted when the browser is closed. Persistent Cookies are added when a user starts to browse our Site or interacts with a specific feature but may remain stored on your device until a certain termination date is reached.

13. INFORMATION SECURITY

We endeavor to protect our website (i.e., www.okx.com, our app, and you from unauthorized access, alteration, disclosure, or destruction (or other similar risks) of Personal Data we collect and store. We take various measures to ensure information security, including encryption of our Site communications; required two-factor authentication for all sessions; periodic review of our Personal Data collection, storage, and processing practices; and restricted access to your Personal Data on a need-to-know basis for our employees and vendors who are subject to strict contractual confidentiality obligations.

If you have any questions about information security or report any security issues, please contact us by sending an email to the following address dpo@okx.com with the subject “Information Security Request”.

14. CONTACTING OKX ABOUT PRIVACY QUESTIONS OR CONCERNS

If you have any questions about this Privacy Notice or the use of your Personal Data, please contact us by sending an email to the following address dpo@okx.com with the subject “PRIVACY REQUEST”.

For users from the UAE, you have the right to make a complaint for unresolved questions in relation to the collection, use or disclosure of your Personal Data to the applicable supervisory authority within your jurisdiction.

15. CHANGES TO OUR PRIVACY NOTICE

We may update this Privacy Notice at any time by posting the amended version on this Site including the effective date of the amended version, so please check frequently to see if there are any updates and changes. Your continued access to or use of this Site and/or the Service constitutes your acknowledgment and acceptance of such changes to this Privacy Notice.

16. LANGUAGES

This Privacy Notice may be posted in different languages. If there are any discrepancies, the English version shall prevail.

17. ADDITIONAL INFORMATION FOR PERSONS SUBJECT TO THE UAE DATA PROTECTION LAW

If you are a UAE user, you have the following rights under the UAE PDPL:

Access

You have the right to access your Personal Data which enables you to obtain confirmation of whether we are processing your Personal Data, to receive a copy of the personal data we hold about you and information regarding how your Personal Data is being used by us.

Rectification

You have the right to request rectification of your Personal Data by asking us to rectify information you think is inaccurate and to complete information you think is incomplete, though we may need to verify the accuracy of the new data you provide to us.

Erasure

You have the right to request erasure of your Personal Data by asking us to delete or remove Personal Data we hold about you; note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you.

Object to automated tools

You have the right object to or require that decisions be reconsidered if they are made solely by automated means, without human involvement; we use automated tools to make sure that you are eligible to be our customer taking into account our legal obligations.

Restriction

You have the right to request restriction of processing your Personal Data, which enables you to ask us to suspend the processing of your Personal Data, if you want us to establish the data accuracy; where our use of the data is unlawful, but you do not want us to erase it; where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims, or if you have objected to our use of your data.

Object to processing

You have the right to object to and request that the processing of your Personal Data, if the processing is unlawful, or for the purposes of direct marketing (including profiling) or conducting statistical surveys (provided the survey is not necessary to achieve the public interest).

Request Transfer

You have the right to request the transfer of your Personal Data to you or to a third party, and we will provide to you, or a third party you have chosen (where technically feasible), your Personal Data in a structured, commonly used, machine-readable format; note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Withdraw Consent

You have the right to withdraw consent at any time where we are relying on consent to process your Personal Data; however, this will not affect the lawfulness of any processing carried out before you withdraw your consent; if you withdraw your consent, we may not be able to provide certain products or services to you, but we will advise you if this is the case at the time you withdraw your consent.

Complain

You have the right to complain to the UAE Data Office or any relevant authority about any perceived violation and to seek compensation for damages in the courts.