Privacy Policy​

What personal data we collect and why we collect it

We collect and hold a range of personal information including:

  • Your full name, residential address, date of birth, contact details, identification documents.
  • Any additional personal information you provide by email, telephone or other correspondence;
  • Your Occupation;
  • Your Payment details;
  • Transaction information;
  • Your IP address, Browser and Operating System information, geolocation details;
  • Biometric information (only for the purposes of verifying your identity); and
  • Demographic information such as age, gender.
  • Contact details (phone number, e-mail)

We will process your personal Information only for the purpose(s) of providing you the service or while responding to regulatory requirements, placed upon us by legislation.

Based on our legal obligations we may request other documents for your identity verification and the sources of your funds confirmation for the purposes of money laundering and fraud prevention.


We may use cookies, for example, to keep track of your preferences and profile information. Cookies are also used to collect general usage and volume statistical information that does not include personal information.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

What rights you have over your data

Subject to the exceptions in legislation, you can access the personal information that we hold about you by contacting the Privacy or Compliance Officer. We will generally provide you with the requested information within 30 days of request. In the event that we are unable to do so or not required by law to do so, we will inform you of the reasons for refusal.

Additional information

We may receive personal information about you when we have taken no active steps to collect that information. This is known as ‘unsolicited’ personal information. We destroy or de-identify all unsolicited personal information we receive, unless it is relevant to our purposes for collecting personal information. We may retain additional information we receive about you if it is combined with other information we are required or entitled to collect. If we do this, we will retain the information in the same way we hold your other personal information.

How we protect your data

We have implemented technical and organisational security measures to ensure the confidentiality, integrity and accountability of your Personal Information and to protect your Personal Information from loss, misuse, alteration or destruction. Such measures include:

Security procedures:

  • The encryption of user`s personal data;
  • The ability to ensure the ongoing confidentiality of processing systems;
  • The ability to restore the Service due to some technical incident;
  • If any user`s personal data in the control of the Company is lost or corrupted, the Company will restore the personal data, using its backup. In the event of a breach, the Company shall inform you after becoming aware of a personal data breach (no later than 48 after it).
  • The Company saves all documents up to date and under the adopted rules of the General Data Protection Regulation.
  • Only authorised personnel has access to your personal Information, and these personnel are required to treat the information as confidential.
  • Where you have consented to, or we are obliged to pass on personal Information to third parties to provide you with a requested service or in the carrying out of a regulatory or legal obligation, we will request that the same levels of technical and organisational security measure be applied through contractual arrangements, where possible.
  • We conduct testing, assessment and evaluation of our technical and organisational measures effectiveness on a regular basis.

Industry regulatory disclosure requirements

We can disclose your personal information to:

  • Our correspondent banking partners, disbursement and payment provider partners for the purposes of processing your requested transaction;
  • The identification verification services used to confirm your identity and meet the applicable identification and verification regulatory requirements;
  • To government agencies, law enforcement bodies and courts where required by law.

As for information on card operations, as merchant we will not sell, purchase, provide, exchange or in any other manner disclose account or transaction data, or personal information of or about client (cardholder) to anyone, except, it’s acquirer, Visa/Mastercard Corporations or in response to valid government demands.

Information disclosed to third parties will only be information required for the supply and fulfilment of service, or for customer assistance purposes or as required by law. Strict confidentiality agreements will be adhered to by the respective receiving third party.

Bitobit is committed to the protection of your information and only deal with ethical suppliers and business partners who demonstrate similar values and are bound by privacy laws of the same standard.

GDPR policy

The Company is protecting individual rights regarding data privacy. As part of Company`s rules to GDPR requirements, it takes the relevant data protection but not limited to:

Data Protection Act 1998;

Regulation 2016/679 of the European Parliament and of the Council of the European Union of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and the repealing Directive 95/46/EC, and any successor laws arising out of the withdrawal of a member state from the European Union (General Data Protection);

Privacy and Electronic Communication (EC Directive) Regulations 2003 (SI2003/2426).

  • By using the Service from the Company, you as the User, have agreed to enter into a contractual agreement with the Company. As part of our GDPR policy, we will ensure that any supporting data processing activities, will:
  • store of personal data strictly in accordance with our policies in accordance with GDPR;
  • process user`s data only on developed instructions from the Company;
  • follow strict security measures when processing user`s personal data.