UPDATED ON JULY 31, 2018
This policy describes the ways BitPay, Inc. and its subsidiaries (BitPay B.V. and Stichting Client Funds BMSE, hereinafter, “BitPay”, “we”, “our” or “us”) collect, store, use and protect Personal Data. The purpose of this policy is to ensure that BitPay complies with applicable United States (US) federal and state regulations, and European Union (hereinafter, “EU”) data protection laws such as the General Data Protection Regulation (hereinafter, “GDPR”). BitPay’s Services include merchant processing services, products, or any other features, technologies or functionalities (hereinafter: “Services”) offered by BitPay, Inc.
This policy describes the ways BitPay, Inc. and its subsidiaries (hereinafter, “BitPay”, “we”, “our” or “us”) collect, store, use and protect Personal Data. The purpose of this policy is to ensure that BitPay complies with applicable United States (US) federal and state regulations, and European Union (hereinafter, “EU”) data protection laws such as the General Data Protection Regulation (hereinafter, “GDPR”). BitPay’s Services include merchant processing services, products, or any other features, technologies or functionalities (hereinafter: “Services”) offered by BitPay, Inc. Users accept this Policy by visiting our website and/or by using our Services.
There are six types of data subjects whose personal data we may process:
“Personally Identifiable Information” (hereinafter: “Personal Data”) is any information that can be directly associated with a specific person and can be used to identify that person. A prime example of identifiable information is a person’s name.
The Personal Data we collect depends on the type of user:
We may collect information about a visitor’s computer or other access devices for fraud prevention purposes.
We may use this Personal Data for risk-management purposes (i.e. to verify merchant’s identity or address). We may also obtain information about our merchants from third parties such as credit bureaus and identity verification services. We ensure that such third parties adhere to the same data protection principles as BitPay.
The email address is either automatically provided by the merchant or manually entered by the shopper. This enables our system to send an email to Shoppers directly to obtain a cryptocurrency refund address in case of a payment exception (e.g. overpayments, underpayments, etc.). This creates a more seamless payment experience for both the merchant and the shopper.
Additionally, only upon the merchant’s explicit request, we will collect and store Personal Data for the merchant’s benefit only and as a service through our invoicing service. Personal Data that merchants may request from the shoppers are:
Additionally, for donations that are made through BitPay’s processing platform, the merchant might opt for BitPay to collect the following Personal Data as required by the US Federal Election Commission (FEC) or other applicable local regulations:
In all cases mentioned above, Shoppers’ or Donors' information is processed and stored according to the same principles as we process / store our merchant’s Personal Data.
Please note that our Card Program is currently only available to US residents. BitPay only stores date of birth and social security number until the time the card application is accepted or archived.
The email address collection is optional in case the user would like to receive email notifications and (if selected) BitPay news and product updates and can be removed at any point in time.
BitPay does not process any sensitive personal information, such as religion, race, ethnicity and/or political views.
Our primary purpose for collecting Personal Data is to provide you with a secure, smooth, efficient, and customized experience. We may use your Personal Data to:
We take security of data very seriously. We use computer safeguards such as firewalls and data encryption, we enforce physical access controls to our buildings and files, and we authorize access to Personal Data only for those employees who require it to fulfill their job responsibilities.
We are a regulated Financial Institution in the United States and per the applicable Bank Secrecy Act provisions, we will retain Personal Data that has been obtained as a part of our Customer Identification Program for a period of 5 years after an account has been closed or became dormant.
We may share your Personal Data with:
Please note that these third parties may be in other countries where the laws on processing Personal Data may be less stringent than in your country. We deploy the following safeguards if we transfer Personal Data originating from the European Union or Switzerland to other countries not deemed adequate under applicable data protection law:
BitPay shall be liable for the acts and omissions of any third parties with whom we share Personal Data unless BitPay proves that it is not responsible for the event giving rise to the damage.
Individuals located in the European Union have statutory rights in relation to their Personal Data. Subject to any exemptions provided by law, you may have the right to request access to Information, as well as to seek to update, delete, correct, or restrict the processing of this Personal Data. If you are located in the European Union and would like to exercise the right of access, you can make a request via our support form which can be found here: https://help.bitpay.com/requestHelp.
Merchants can review and edit their information by logging in to their account and reviewing their Personal Data under the Settings tab on the Dashboard. If you wish to change information relating to your industry or company website, or if you wish delete your account, you can send an email to email@example.com or submit a request at help.bitpay.com/requestHelp. If you choose to delete your BitPay account, we will mark your account in our database as "Closed". We will retain the information on the account in line with the data retention principles as outlined in Section VII.
We do not sell your Personal Data to third parties for their marketing purposes without your explicit consent. We may combine your information with information we collect from other companies and use it to improve and personalize the BitPay Services, content and advertising. If you do not wish to receive marketing communications from us or participate in our ad-customization programs, you can simply click the “unsubscribe” link at the bottom of the e-mail or you can send an email to firstname.lastname@example.org.
To communicate with our Data Protection Officer, please email email@example.com. Subject to applicable law, you also have the right to lodge a complaint with your local Data Protection Authority or the Dutch Data Protection Commissioner, which is BitPay’s lead supervisory authority in the EU. If you are residing within the European Union and believe we maintain your Personal Data within the scope of the GDPR, you may direct questions or complaints to our lead supervisory authority:
Autoriteit PersoonsgegevensPostbus 93374
2509 AJ Den Haag
Phone (+31) - (0)70 - 888 85 00
Fax: (+31) - (0)70 - 888 85 01
In the United States, BitPay is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). Complaints may be submitted by completing the form that can be found here: www.ftccomplaintassistant.gov.
A cookie is a small piece of data that a website asks your browser to store on your computer or mobile device. The cookie allows the website to “remember” your actions or preferences over time. Most browsers support cookies, but you can set your browser to decline them and can delete them whenever you like.
We send a “session cookie” to your computer when you log in to your account or otherwise use the BitPay Services. This type of cookie helps us to recognize you if you visit multiple pages on our site during the same session, so that we do not need to ask you for your password on each page. Once you logout or close your browser, this cookie expires and no longer has any effect.
We also use longer-lasting cookies for other purposes such as to display your email address on our login page, so that you don't need to retype the email address each time you login to your account.
We encode our cookies so that only we can interpret the information stored in them. You are free to decline our cookies if your browser permits, but doing so may interfere with your use of our website. We may also collect information about your computer or other access device to mitigate risk and for fraud prevention purposes.
You may encounter cookies from third parties when using the BitPay Services on websites that we do not control (for example, if you view a web page created by a third party or use an application developed by a third party, there may be a cookie placed by that web page or application.)
You can manage cookies through the settings of your Internet browser. You can have the browser notify you when you receive a new cookie, delete individual cookies or delete all cookies. Please note that, if you choose to delete BitPay cookies, your access to some functionalities and areas of our website may be degraded or restricted.
For more information on cookies and how to opt-out of them, please visit the following third party website: Your Online Choices.
The BitPay Visa® Prepaid Card is issued by Metropolitan Commercial Bank, member FDIC, pursuant to a license from Visa, U.S.A. Inc. “Metropolitan” and “Metropolitan Commercial Bank” are registered trademarks of Metropolitan Commercial Bank © 2014. Use of the Card is subject to the terms and conditions of the applicable Cardholder Agreement and fee schedule, if any.