At BITSA® we want to explain that your privacy is important to us and that is why we will only use your information for the purposes described, respecting your right to data protection. In any case, whenever we are going to ask you to provide us with your data, we will inform you in detail about it.

1.Who is the responsible for such treatment?

The person responsible for processing your data is BITSA, a simplified joint stock company (SAS) registered with the Registre du Tribunal de Commerce de NICE under number 885097345, with a capital of 1,150,000 euros, VAT number FR79885097345 and whose registered office is located at 37-41 Boulevard Dubouchage, 06000 Nice, France. With commercial denomination and registered trademark: BITSA®, whose Tax Identification Number is FR79885097345. Contact: E-mail: soporte@bitsacard.com and telephone: +33.422.530.991.

As we care about your privacy we have appointed a person to protect your privacy, ensuring that we comply with data protection regulations, and you can contact him at the following email address dpd@bitsacard.com.

2. How do we obtain your personal data?

We collect your personal information through different means, but you will always be informed at the time of collection through informative clauses about the data controller, the purpose and legal basis of the processing, the recipients of the data and the period of conservation of your information, as well as the way in which you can exercise your rights regarding data protection. We may collect your personal data on different occasions, both on the website and on the App:

• When you contact us, such as through the web in the contact or subscription forms, or by calling us.
• When you register by creating a user account.
• When you give permission to your Contacts App to search for contacts from your address book, with whom you can send and receive money.
• When you participate in marketing campaigns, including raffles or promotions.
• When we have a recruitment process and you send us your CV.
• When with your authorization other legal entities communicate your data to us, such as when you perform the verification of your identity (KYC), through the online identity verification process.

BITSA® uses social media and this is another way we interact. The information collected through the messages and communications you post may contain personal information that is available online and accessible to the public. These social networks have their own privacy policies explaining how they use and share your information, so BITSA® recommends that you consult them before using them to confirm that you agree with the way in which your information is collected, treated and shared.

Through our website and App we collect personal information related to your navigation through the use of cookies. For a clear and precise description of the cookies we use, their purpose, and how you can configure or disable them, please see our Cookies Policy.

3. What information can we obtain?

We may obtain different information from you, such as:

• Contact information, name, mailing address or proof of residence, telephone or email.
• Use of the website and communications, as we use cookies and may collect information about you, which can be managed with the appropriate cookie manager enabled.
• Account information, such as your ID card to identify you, including a copy of the document, not just the number.
• Contact list, in the case that you give us permission and thus you can search for your contacts within the App to be able to receive and send money.
• Connection metadata, as well as the IP address.
• Biometric data of your face in order to identify you and comply with Money Laundering Prevention regulations.
• Details of your card or bank account, as well as the origin of the funds.
• Other data that we may explicitly request from you in the identification process.
• Curricular data. In case you send it to us in a spontaneous application or in a selection process.

From BITSA® we can use your data for different purposes:

• If you are a customer, we will use your data to manage the services we provide you, and for this we must identify you, as part of the prevention of money laundering and terrorist financing.
• If you have given permission to access your address book, we can facilitate the sending and receiving of money between BITSA® users.
• In order to request and send you the BITSA® card.
• If you request information, we will use your information to respond to your inquiries.
• To keep you informed about events, offers, products and services that may be of interest to you through different communication channels as long as you have given your consent.
• Manage the subscription requests on our channels.
• Manage contests or promotions that we may carry out.
• To channel requests for information, suggestions and complaints that you may send us.
• Recruitment process.
• Management of the commercial relationship with our suppliers.
• For Money Laundering Prevention compliance.

As data controllers, we are subject to the law and must comply with it. That is why we have a series of legal obligations that we must comply with, such as the delivery, in certain cases, of certain data that we have to send to judicial authorities, control and supervisory bodies or the State Security Forces and Corps.

Therefore, we will use your data for the legitimate purposes set out in the regulations, in the following cases:

• When you consent to the processing of your personal data for one or more specific purposes;
• When the processing is necessary for the performance of a contract to which you are a party or for the implementation at your request of pre-contractual measures;
• When the processing is necessary for compliance with a legal obligation applicable to the controller, such as the prevention of money laundering and terrorist financing;

5. How do we protect your personal data?

As we take your personal data very seriously, at BITSA® we have adopted the technical and organizational measures required by data protection regulations to maintain the security, availability and integrity of your data.

In addition, all personnel with access to personal data have been trained and are aware of their obligations in relation to the processing of their personal data.

In the case of the contracts we sign with our suppliers, we include clauses in which they are required to maintain the duty of secrecy regarding the personal data to which they have had access by virtue of the order made, as well as to implement the technical and organizational security measures necessary to guarantee the confidentiality, integrity, availability and permanent resilience of the systems and services for the processing of personal data.

All of these security measures are reviewed periodically to ensure their adequacy and effectiveness.

However, absolute security cannot be guaranteed and no security system is impenetrable, so in the event that any information under our treatment and under our control is compromised as a result of a security breach, we will take appropriate steps to investigate the incident, notify the Control Authority and, where appropriate, those users who may have been affected to take appropriate action.

6. How long do we keep your data?

At BITSA® we only keep your information for the period of time necessary to fulfill the purpose for which it was collected, to comply with the legal obligations imposed on us and to meet the possible responsibilities that may arise from the fulfillment of the purpose for which the data was collected. If your data is used for several purposes that require us to keep it for different periods of time, we will apply the longest retention period.

In any case, and as a general rule, we will keep your personal information as long as there is a contractual relationship that binds us or you do not exercise your right of deletion and / or limitation of treatment, in which case, the information will be blocked without giving use beyond its conservation, while it may be necessary for the exercise or defense of claims or could derive some kind of liability that had to be addressed.

7. ¿Compartimos sus datos con otras empresas?

In order to develop and provide the requested service with your BITSA® card, we may share your data with other companies and/or collaborating startups, since it is necessary for us to share your data with the electronic money institution issuing the card. PECUNIA CARDS EDE, S.L.U. with CIF B86972346, and with registered office at calle Guzmán el Bueno nº 133, Edificio América, Bajo B, 28003, Madrid. Pecunpay, in compliance with current legislation on data protection, has appointed a Data Protection Officer, who can be contacted through the e-mail address datos@pecuniacards.es, or by mail to Calle Guzmán el Bueno nº 133, Edificio América, Bajo B, 28003, Madrid.

You can inform us of your opposition to the disclosure of your data, although in this case, it would not be possible to provide the requested service. Although it is not a transfer of data, in order to provide you with the requested service, it may be that third party companies, acting as our suppliers, access your information to carry out the service we have contracted with them. These persons in charge access your data following our instructions and without being able to use them for a different purpose and maintaining the strictest confidentiality. Among others, we rely on Sum and Substance Ltd (UK), mainly for the validation or identification process, as required by Law 10/2010, of April 28, 2010, on the prevention of money laundering and terrorist financing or any other related applicable regulation. To do so, you must expressly accept the terms of service before starting the identification process.

Furthermore, your personal information will be at the disposal of the Public Administrations, Judges and Courts, for the attention of possible liabilities arising from the treatment.

Do we process data on behalf of other companies?

We may process personal data obtained by other companies, within the framework of a business relationship for which we sign a data processor contract with these companies to regulate this situation. In this case, we only process the data on behalf of those who have obtained it and on the basis of the order they have given us.

8. Transfer

We may transfer your personal data to service providers located in different parts of the world. Where we intend to transfer personal data to third countries or international organizations outside the EEA. BITSA® establishes the appropriate technical, organizational and contractual measures in order to ensure that such transfer is carried out in accordance with the applicable data protection regulations.

9. Responsibility of the user

By providing us with his/her data through electronic channels, the user guarantees that he/she is over 18 years of age and that the data provided to BITSA® are true, accurate, complete and up to date. To this effect, the user confirms that he/she is responsible for the veracity of the data communicated and that he/she will keep said information suitably updated so that it corresponds to his/her real situation, taking responsibility for any false or inaccurate data that he/she may provide, as well as for any damages, direct or indirect, that may arise.

10. What rights do you have to safeguard your personal data?

Data protection regulations allow you to exercise your rights of access, rectification, deletion and portability of data and opposition and limitation to their processing, as well as not to be subject to decisions based solely on the automated processing of their data, where appropriate.

These rights are characterized by the following:

• Its exercise is free of charge, except in the case of manifestly unfounded or excessive requests ( for example, repetitive nature), in which case BITSA® may charge a fee proportional to the administrative costs incurred or refuse to act.
• You may exercise your rights directly or through your legal representative or volunteer.
• We must respond to your request within one month, although, taking into account the complexity and number of requests, the deadline may be extended by another two months.
• We have the obligation to inform you about the means to exercise these rights, which must be accessible and without being able to deny you the exercise of the right for the sole reason of choosing another means. If the request is submitted electronically, the information will be provided electronically whenever possible, unless you ask us to do otherwise.
• If BITSA® does not comply with the request, it will inform you, within one month at the latest, of the reasons for its failure to act and the possibility of complaining to a Control Authority.

Specifically, we remind you that you have the following rights:

• You have the right to know if we are processing your data, the category of data we process, the purpose, the source from which we obtain it, as well as if we transfer or share it and if you believe it is erroneous or inaccurate you can contact us to correct it or even request its deletion if there is a lawful reason for it.
• You can also object to our further processing of your data or limit our use of your data.
• You have the right to be informed if we develop behavioral profiles and do so in a fully automated manner and make decisions in that manner, and you may request an intervention by one of our agents and challenge any decision we make on that basis.
• You also have the right of portability, that is, to have us send your data to you or to a third party of your choice in a structured, commonly used, machine readable format.
• Finally, we remind you that you have the right to file any claim or complaint before BITSA® or before the Control Authority competent in this matter.

How can you exercise your rights?

To exercise your rights BITSA® offers you the following methods:

1. By written and signed request addressed to BITSA SAS, 37 Boulevard DUBOUCHAGE (06000 NICE) with the “Ref. Exercise of Data Protection Rights” written on the letter for proper handling of this letter.
2. By sending a signed letter to the following addressdpd@bitsacard.com indicating in the subject line Exercise of Rights LOPD.

In both cases, you must prove your identity by attaching a photocopy or, if applicable, a scanned copy of your ID card or equivalent document in order to verify that we are only responding to the interested party or his legal representative, in which case you must provide proof of representation.