BITSA® PRIVACY POLICY

At BITSA® we want to explain that your privacy is important to us and that is why we will only use your information for the purposes described, respecting your right to data protection. In any case, whenever we are going to ask you to provide us with your data, we will inform you in detail about it.

1. ¿Who is responsible for the processing of your data?

The person responsible for processing your data is BITSA, a simplified joint stock company (SAS) registered with the Greffe du Tribunal de Commerce de NICE under number 885097345, with a capital of 1,150,000 euros, VAT number FR79885097345 and whose registered office is located at 37-41 Boulevard Dubouchage, 06000 Nice, France. With trade name and registered trademark: BITSA®, whose VAT number is FR79885097345. Contact: E-mail: soporte@bitsacard.com and telephone: +33.422.530.991.

As we care about your privacy we have appointed a person to protect your privacy, ensuring that we comply with data protection regulations, you can contact him at the email address dpo@bitsacard.com.


2. How do we obtain your personal data?

We collect your personal information through different means, but you will always be informed at the time of collection through informative clauses about the data controller, the purpose and legal basis of the processing, the recipients of the data and the period of conservation of your information, as well as the way in which you can exercise your rights regarding data protection. We may collect your personal data on different occasions, both on the website and on the App:

  • When you contact us, such as through the web in the contact forms, or by calling us by phone.
  • When you register by creating a user account.
  • When you participate in marketing campaigns, including raffles or promotions.
  • When we have a recruitment process and you send us your CV.
  • When with your authorization other legal entities communicate your data to us, such as when you perform the verification of your identity (KYC), through the online identity verification process.

BITSA® uses social media and this is another way we interact. The information collected through the messages and communications you post may contain personal information that is available online and accessible to the public. These social networks have their own privacy policies explaining how they use and share your information, so BITSA® recommends that you consult them before using them to confirm that you agree with the way in which your information is collected, treated and shared.

Through our website and App we collect personal information related to your navigation through the use of cookies. To find out clearly and precisely what cookies we use, what their purposes are and how you can configure or disable them, please see our  Cookies Policy.


3. What information can we obtain?

We may obtain different information from you, such as:

  • Contact information, name, mailing address or proof of residence, telephone or email.
  • Use of the website and communications, as we use cookies and may collect information about you, which can be managed with the appropriate cookie manager enabled.
  • Account information, such as your ID card for identification purposes, including a copy of the document, not just the number.
  • Connection metadata, as well as the IP address.
  • Biometric data of your face in order to identify you and comply with Money Laundering Prevention regulations.
  • Details of your card or bank account, as well as the origin of the funds.
  • Other data that we may explicitly request from you in the identification process.
  • Curricular data. In case you send it to us in a spontaneous application or in a selection process.


4. for what purposes do we use your data?

From BITSA® we can use your data for different purposes:

  • If you are a customer, we will use your data to manage the services we provide you, and for this we must identify you as part of the prevention of money laundering and terrorist financing.
  • In order to request and send you the BITSA® card.
  • If you request information, we will use your information to respond to your inquiries.
  • To keep you informed about events, offers, products and services that may be of interest to you through different communication channels as long as you have given your consent.
  • Manage contests or promotions that we may carry out.
  • To channel requests for information, suggestions and complaints that you may send us.
  • Recruitment process.
  • Management of the commercial relationship with our suppliers.
  • For Money Laundering Prevention compliance.

As data controllers, we are subject to the law and must comply with it. That is why we have a series of legal obligations that we must comply with, such as the delivery, in certain cases, of certain data that we have to send to judicial authorities, control and supervisory bodies or the State Security Forces and Corps.

Therefore, we will use your data for the legitimate purposes set out in the regulations, in the following cases:

  • When you gave your consent to the processing of your personal data for one or more specific purposes;
  • When the processing is necessary for the performance of a contract to which you are a party or for the implementation at your request of precontractual measures;
  • When the processing is necessary for compliance with a legal obligation applicable to the controller, such as the prevention of money laundering and terrorist financing;


5. how do we protect your personal data?

As we take your personal data very seriously, at BITSA® we have adopted the technical and organizational measures required by data protection regulations to maintain the security, availability and integrity of your data.

In addition, all personnel with access to personal data have been trained and are aware of their obligations in relation to the processing of their personal data.

In the case of the contracts we sign with our suppliers, we include clauses in which they are required to maintain the duty of secrecy regarding the personal data to which they have had access by virtue of the order made, as well as to implement the technical and organizational security measures necessary to guarantee the confidentiality, integrity, availability and permanent resilience of the systems and services for the processing of personal data.

All of these security measures are reviewed periodically to ensure their adequacy and effectiveness.

However, absolute security cannot be guaranteed and no security system is impenetrable, so in the event that any information under our treatment and under our control is compromised as a result of a security breach, we will take appropriate steps to investigate the incident, notify the Control Authority and, where appropriate, those users who may have been affected to take appropriate action.


6. how long do we keep your data?

At BITNOVO® we only keep your information for the period of time necessary to fulfill the purpose for which it was collected, to comply with the legal obligations imposed on us and to meet the possible liabilities that may arise from the fulfillment of the purpose for which the data were collected. If your data is used for several purposes that require us to keep it for different periods of time, we will apply the longest retention period.

In any case, and as a general rule, we will keep your personal information as long as there is a contractual relationship that binds us or you do not exercise your right of deletion and / or limitation of treatment, in which case, the information will be blocked without giving use beyond its conservation, while it may be necessary for the exercise or defense of claims or could derive some kind of liability that had to be addressed.


7. do we share your data with other companies?

In general, at BITSA® we do not share your personal information, except for those assignments that we must make based on legally imposed obligations.

However, in order to develop and provide you with the requested service and be able to use your BITSA® card, we may share your data with other companies and/or collaborating startups, as it is necessary for us to share your data with the electronic money institution issuing the card. PECUNIA CARDS EDE, S.L.U. with CIF B86972346, and with registered office at calle Guzmán el Bueno nº 133, Edificio América, Bajo B, 28003, Madrid. Pecunpay, in compliance with current data protection regulations, has appointed a Data Protection Delegate, who can be contacted via the e-mail address datos@pecuniacards.es, or by post at Calle Guzmán el Bueno nº 133, Edificio América, Bajo B, 28003, Madrid.

You can inform us of your opposition to the transfer of your data, although in this case, it would not be possible to provide you with the requested service.  Although it is not a transfer of data, in order to provide you with the requested service, it may be that third party companies, acting as our suppliers, access your information to carry out the service we have contracted with them. These persons in charge access your data following our instructions and without being able to use them for a different purpose and maintaining the strictest confidentiality. Among others, we rely on Sum and Substance Ltd (UK), mainly for the validation or identification process, as required by Law 10/2010, of April 28, 2010, on the prevention of money laundering and terrorist financing or any other related applicable regulation. To do so, you must expressly accept the terms of service before starting the identification process.

Furthermore, your personal information will be at the disposal of the Public Administrations, Judges and Courts, for the attention of possible liabilities arising from the treatment.

Do we process data on behalf of other companies?

We may process personal data obtained by other companies, within the framework of a business relationship for which we sign a data processor contract with these companies to regulate this situation. In this case, we only process the data on behalf of those who have obtained it and on the basis of the order they have given us.


8. Transfer

There are no international transfers of your data to countries outside the European Union (EU).

We have agreed with our suppliers that, for the provision of the contracted service, they make use of servers located in the EEA and if, in the future, we need to make use of servers located outside the territory of the EU, appropriate measures will be taken, which will be incorporated into this Privacy Policy, ensuring that such suppliers are under the Privacy Shield agreement (or the one that is replaced as it has been declared invalid by the CJEU) or that there are other appropriate safeguards to protect your personal data.


9. Responsibility of the user

By providing us with his/her data through electronic channels, the user guarantees that he/she is over 18 years of age and that the data provided to BITSA® are true, accurate, complete and up to date. To this effect, the user confirms that he/she is responsible for the veracity of the data communicated and that he/she will keep said information suitably updated so that it corresponds to his/her real situation, taking responsibility for any false or inaccurate data that he/she may provide, as well as for any damages, direct or indirect, that may arise.


10. What rights do you have to safeguard your personal data?

Data protection regulations allow you to exercise your rights of access, rectification, deletion and portability of data and opposition and limitation to their processing, as well as not to be subject to decisions based solely on the automated processing of their data, where appropriate.

These rights are characterized by the following:

  • Its exercise is free of charge, except in the case of manifestly unfounded or excessive requests ( for example, repetitive nature), in which case BITSA® may charge a fee proportional to the administrative costs incurred or refuse to act.
  • You may exercise your rights directly or through your legal representative or volunteer.
  • We must respond to your request within one month, although, taking into account the complexity and number of requests, the deadline may be extended by another two months.
  • We have the obligation to inform you about the means to exercise these rights, which must be accessible and without being able to deny you the exercise of the right for the sole reason of choosing another means. If the request is submitted electronically, the information will be provided electronically whenever possible, unless you ask us to do otherwise.
  • If BITSA® does not comply with the request, it will inform you, within one month at the latest, of the reasons for its failure to act and the possibility of complaining to a Control Authority.

Specifically, we remind you that you have the following rights:

  • You have the right to know if we are processing your data, the category of data we process, the purpose, the source from which we obtain it, as well as if we transfer or share it and if you believe it is erroneous or inaccurate you can contact us to correct it or even request its deletion if there is a lawful reason for it.
  • You can also object to our further processing of your data or limit our use of your data.
  • You have the right to be informed if we develop behavioral profiles and do so in a fully automated manner and make decisions in that manner, and you may request an intervention by one of our agents and challenge any decision we make on that basis.
  • You also have the right of portability, that is, to have us send your data to you or to a third party of your choice in a structured, commonly used, machine readable format.
  • Finally, we remind you that you have the right to file any claim or complaint before BITSA® or before the Spanish Data Protection Agency (competent Control Authority in this matter), by writing to the same, C/ Jorge Juan, n.º 6, 28001 – Madrid, or through the web: https://www.agpd.es

How can you exercise your rights?

To exercise your rights BITSA® offers you the following means:

  1. By written and signed request addressed to BITSA SAS, 37 Boulevard DUBOUCHAGE (06000 NICE) with Ref. Exercise of LOPD rights written in the letter for a proper management of the letter.
  2. By sending a signed letter to the e-mail address dpo@bitsacard.com indicating in the subject Exercise of Rights LOPD.

In both cases, you must prove your identity by attaching a photocopy or, if applicable, a scanned copy of your ID card or equivalent document in order to verify that we are only responding to the interested party or his legal representative, in which case you must provide proof of representation.

Version 2. October 14, 2022.