BACXN Exchange respects the privacy of everyone who interacts with our platform and is committed to being transparent about our privacy. We are a platform that supports millions of businesses and in order to provide services to our business users and end users, we collect and process personal data. This Privacy Agreement contains important information about your personal data and we encourage you to read it carefully. prerequisites BACXN Exchange provides financial infrastructure for the Internet. Individuals and businesses of all sizes use our technology and services to facilitate purchases, accept payments, send payments, and manage online operations. This Privacy Agreement ("Agreement") describes the personal information we collect, how we use and share it, and details of how you can contact us for privacy-related inquiries. The Agreement also outlines your rights and choices as a data subject, including the right to object to the way certain personal information is used. Depending on its activities, BACXN Exchange assumes the role of "data controller" and/or "data processor" (or "service provider"). More detailed information about our privacy practices, including our role, the specific BACXN Exchange entities responsible under this Agreement and the legal basis on which we process your personal data. Definition of terms For the purposes of this Agreement, BACXN Exchange, the Exchange, this Exchange, we or our refer to the BACXN Exchange entity responsible for the collection, use and processing of the personal data described in this document. "Services" means the products, services, devices and applications; websites and other applications and online services that we offer under the Exchange Service Agreement or the Consumer Terms of Service. We provide commercial services to entities, and we also provide end-user services directly to individuals or visitors for their personal use. "Financial Partners" means the financial institutions, banks and other partners with whom we work to provide our services, such as payment method acquirers, payment providers and card networks. "Transaction Data" means data collected and used to facilitate the transaction you have requested. Some transaction data is personal data and may include: your name, e-mail address, contact telephone number, billing and shipping address, payment method information (such as credit or debit card number, bank account information, or a picture of the payment card you have chosen), merchant and location information, amount and date of purchase and in some cases, information about the merchandise purchased. A. What personal information do we collect? We collect your personal data in a number of ways: you provide it to us directly, or we collect it from external sources, or we collect it using automated means. We may also automatically collect information about your use of our Services, such as the pages you visit before, during, and after you use our Services, information about the links you click on, the types of content you interact with, the frequency and duration of your activity, and other information about how you use our Services. Type of information collected: Identity information: including your name, identity document number, date of birth, nationality, etc is used to verify your identity and comply with the requirements of relevant laws and regulations. Contact information: e.g, e-mail address, contact phone number, residential address, etc. to contact you, provide customer support and send important notices. Financial information: Includes bank account information, payment card details, transaction records, etc., which are used to process transactions, prevent fraud, and for accounting and tax management. Transaction Data: relates to your trading activities on the Platform, such as the type, quantity, time, and counter-party of digital assets purchased or sold, for the purpose of executing transactions, providing transaction history, and improving our services. Technical information: e.g. IP address, browser type, operating system, device identifier, access time and date, etc., used to secure the platform and optimize transaction services. Location information: Geographic location data obtained via IP address or device location services for risk assessment and regional compliance management. Information we are required to collect by law, regulation or statute: Depending on the service, we may collect information from you in order to fulfill our Know Your Customer ("KYC") and Anti-Money Laundering ("AML") regulatory obligations. The information we collect from you includes the following: Are you a political figure Proof of source of funds and address Passport and/or state driver's license or government-issued ID used to verify your identity Transaction history and account balances associated with your use of certain services. From time to time, we use "cookies", which are small text files stored on your computer, to help personalize your online experience on our website. The personal data collected through cookies will be processed in accordance with this Privacy Agreement. If you have set your browser to alert you before accepting a cookie, you will receive a reminder message before accepting each cookie. You can refuse the use of cookies by turning them off in your browser, but you should understand that our website, like most other popular websites, may not function properly with cookies disabled. We may analyze public chain data to ensure that parties using our services are not engaging in illegal activities or activities prohibited by our user agreements; we may also analyze trading trends for research and development purposes. The bank or payment processor you use to transfer legal tender may provide us with basic personal data such as your name, address and bank account information. Advertising or data analytic providers may provide us with anonymized information about you, including, but not limited to, how you found our website. B. On what basis do we collect your data? We will only use your personal data where there is a legal basis to do so: Consent. For certain processing activities, we need to obtain your prior consent. This applies, for example, to some of our direct marketing activities that are governed by the GDPR. If you have given us your consent to carry out processing operations, you can change your mind and easily withdraw your consent at any time; simply email [email protected] to withdraw your consent. Fulfillment of a contract. We process some of your personal data for the performance of a contract with you or for measures to be taken at your request before you enter into a contract with us. Legal obligations. In some cases, we must process your personal data to comply with legal obligations, including those applicable to financial services organizations, such as those under the Bank Secrecy Act and other anti-money laundering laws. Legitimate interests. In most cases, when we process personal data within the scope of our services, we will rely on our legitimate interests in carrying out our normal business as the legal basis for such processing. Our legitimate interests include identifying or preventing fraud, enhancing the security of our network and information systems, or carrying out data processing for statistical purposes. C. What are the purposes for which we collect personal data? We collect your personal data for: Provide services (including customer support); Process transactions and send notifications related to your transactions; Resolve disputes, collect fees, and troubleshoot problems; To communicate with you about our services and business and to inform you of matters that are important to your account and/or use of the website. We also use your personal data to respond to any questions, requests or comments you make to us and to deal with any complaints you may have; Comply with applicable laws and regulations; To raise, exercise and defend legal rights; Monitor and report compliance issues; (customizing, evaluating and improving the content and layout of our business, services and our websites and applications, as well as improving and maintaining the quality of our customer service); Perform data analysis; Deliver targeted marketing, service update notifications and promotional offers based on your communication preferences and measure their effectiveness. Perform risk management, including comparing the accuracy of information and verifying it with third parties, guarding against, identifying and preventing fraud and other prohibited or illegal activities, claims and other liabilities; and enforcing the terms of our contracts. D. How long do we keep your data? We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including fulfilling any legal, accounting, reporting obligations and resolving disputes. Although data retention requirements vary from jurisdiction to jurisdiction, the following describes the general retention periods for different types of personal information. Personal information collected to fulfill legal obligations under financial or anti-money laundering laws continues to be retained after the account is closed for as long as required by such laws. Contact details used for marketing purposes (such as your name, email address and telephone number) are retained until you unsubscribe. Thereafter, we will add your details to our opt-out list to ensure that we do not inadvertently market to you. Content you post on our site, such as comments, photos, videos, blog posts, etc. in the Support Center, may be retained after you close your account for auditing and crime prevention purposes (e.g., to prevent known fraudsters from opening new accounts). Information collected by technical means such as cookies, web counters and other analytical tools will be retained for up to one year after the cookie expires. When the personal data collected is no longer required for the original purpose, we will delete any details that identify you or, where permitted, securely destroy the records. However, depending on the requirements of the legislation, we may need to retain records long after you have stopped using a particular service. For example, as required by certain anti-money laundering laws, we retain the following for five years after the end of our business relationship with you. E. Who do we share your personal data with? We may share your information with selected recipients in order to provide you with certain features required for the Services and/or features related to the prevention and investigation of fraud or other criminal activity. All such third parties are contractually bound to protect data in compliance with our Privacy Agreement. The categories of recipients include: Service providers that help us run our business and provide services, e.g., cloud service providers that provide cloud infrastructure; Provider of identity verification solutions and other due diligence solutions such as Know Your Customer and Anti-Money Laundering; Web analytic provider; Customer service solution provider; Marketing automation platform provider. When we ourselves deem it necessary to disclose data in order to report suspected illegal or fraudulent activity or to investigate violations of the User Agreement. We may also share personal data with a buyer or other successor in the event of a merger, divestiture, reconstruction, reorganization, dissolution or other sale or transfer of some or all of the assets of the Exchange. Funding and transaction information related to your use of certain Services may be recorded on a public chain. Because blockchains are decentralized or third-party networks that are not controlled or operated by the Exchange or its affiliates, we are unable to remove, change or modify personal data from such networks. F. Will your data be transferred outside of the United States? This is an important issue that touches on the sensitive topic of data privacy and security. Given that the physical presence of our Exchange is located within the United States, it is our responsibility to ensure that all entities involved in data processing, including our data processing service providers as well as those affiliates that transfer personal data to us from the United States, strictly adhere to appropriate security measures. We understand the importance of data protection and are committed to maintaining high standards of data security. Therefore, whether your personal data is transferred to us from another jurisdiction by our service providers (i.e., those who perform data processing on our behalf) or by one of our business partners, we ensure that this transfer process fully complies with relevant laws and regulations, safeguarding your data security and privacy interests. To ensure this, we have implemented stringent data transfer protocols and concluded detailed data protection agreements with all service providers and business partners involved in data transfers. These agreements specify the scope, purpose and duration of the data processing and security measures to ensure that personal data is adequately protected during the transfer. In addition, we conduct regular audits and assessments of entities involved in data processing to ensure their continued compliance with our data protection agreements and the requirements of relevant laws and regulations. Through these measures, we are committed to providing you with a safe and secure data environment so that you can use our services with confidence. G. What are your rights? Individuals have legal rights to their personal data in accordance with their relevant legislation. Please remember that these rights are not unconditional and may be subject to certain restrictions. You have an important right to object. Where we process your personal data on the basis of legitimate interests (as described above), you have the right to object. In certain circumstances, we may have good legal grounds for continuing to process your personal data. If your personal data is used for direct marketing purposes (including customer profiling for direct marketing), we will ensure that your request to object is respected. In addition, you have the following rights: Right to withdraw consent. If our data processing is based on your consent (as described above), you have the right to withdraw that consent at any time. Right of access. You have the right to request to see your personal data. Right to correction. You have the right to ask us to correct any inaccuracies in your personal data. Right to erasure. You have the right to ask us to delete your personal data. This right allows you to ask us to delete or remove your personal data in certain circumstances. Right to restriction. You have the right to request that we restrict the processing of your personal data. Right to data migration. In certain circumstances, you have the right to request that we transfer your personal data to you or to a third party designated by you. Right to complain. If you believe that our processing of your personal data violates relevant regulations, you have the right to file a complaint with the relevant supervisory authority. We will fully cooperate with the supervisory authority's investigation and take necessary measures to rectify any violation. Right to interpret automated decision making. In some cases, we may use automated decision-making systems to process your personal data. In such cases, you have the right to ask us to provide an explanation of the logic, purpose and potential consequences of that decision so that you can better understand it and react accordingly. The exercise of the above rights are free of charge. If you wish to exercise these rights, you can visit our official website and contact us. Before processing your request, if there are doubts about your identity, we will carry out identity verification and/or ask you for more information. We are committed to processing your request as quickly as possible within one month. To ensure the security of personal data, we will take appropriate security measures when processing your request to prevent leakage, loss or misuse of data. We encourage you to review and update your personal data regularly to ensure its accuracy and completeness. If you have any questions or concerns about our data processing or need further assistance in understanding your rights, please contact us through our official e-mail box at [email protected]. We are committed to providing transparent and fair personal data processing practices and respecting your privacy choices. H. How is the privacy of children protected? Protecting the privacy of children has become especially important in today's digitalized world. As a responsible company, BACXN Exchange takes strict measures to ensure the security of minors' personal information. First and foremost, BACXN Exchange expressly states that it is not open to anyone under the age of 18. We are aware of the special characteristics and vulnerabilities of the youth population and therefore we do not knowingly collect personally identifiable information from any child under the age of 18. Our protocols and procedures are designed to prevent the inappropriate collection and use of children's data. If you are a parent or legal guardian of a child and discover that your child has unknowingly provided us with personal data, we strongly recommend that you take immediate action. please contact us through our official e-mail box at [email protected]. We will take your concerns seriously and take the necessary measures promptly. In addition, as soon as we become aware that we have collected personal data from children without parental or guardian consent, we will take immediate action. We will delete all relevant information from our servers and ensure that this data is not used or stored further. We are committed to protecting the privacy of all our users, especially for those children who are most vulnerable. I. What happens if we change this Privacy Agreement? We may update this Agreement to reflect changes in the way we process information, but we will not reduce your rights under this Agreement without your express consent. We will post any changes we make to this Agreement on this page, and for major changes, we will notify you in a more prominent manner. We will also archive an older version of this Privacy Agreement for your review. We recommend that you periodically review our Privacy Agreement for the latest information on our privacy practices. If you have any questions or concerns, please contact us. When we make updates to our privacy agreement, we make sure that you are aware of what has changed and provide a clear change log so that you can keep track of all the updates that have taken place since you last viewed it. We are committed to being transparent about how we handle your personal information and ensuring that you are always in control of your privacy. In addition, we encourage you to contact us if you become aware of any changes that do not meet your expectations so that we can discuss and address any concerns you may have. We are committed to ensuring that you are adequately notified of any changes that may affect your rights via email or other direct communication. In some cases, we may send you direct notices about updates to our Privacy Agreement, especially when those updates involve significant changes to the way your personal information is handled. We understand that your privacy is of the utmost importance to you, and we make every effort to ensure that you maintain full knowledge of and confidence in our Privacy Agreement . By providing clear change logs and timely notifications, we hope to establish a transparent and trusting channel of communication that meets your expectations of our privacy practices. If you have any questions or feedback about our privacy agreement or our information handling practices, we always welcome your contact and will be happy to answer and address them.