Last Updated January 4, 2022
As used herein, “Digital Currency” means a digital asset (also called a “cryptocurrency,” “virtual currency”), such as, but not limited to, bitcoin or ether, which is based on a cryptographic protocol(s) of an electronic system that may be (i) centralized or decentralized, (ii) proprietary or open-source, and (iii) used as a medium of exchange and/or store of value.
2. Information We Collect
We will collect and process the following information about you:
- Information required by Section 326 of the USA PATRIOT ACT. This Act requires all financial institutions to obtain, verify, and record information that identifies each person who opens an account. This federal requirement applies to all Conduit counter parties. This information is used to assist the United States government in the fight against the funding of terrorism and money-laundering activities. When you complete an application with us, we ask you for your:
- Name, address, date of birth, and other identifying information. For more details, please see below.
- Verification Information we collect about individual customers. (“Individual Verification Information”) We collect information that you provide during a completed, incomplete, or abandoned application. This may include the following information:
- Full legal name;
- Social Security Number (“SSN”) or any comparable identification number issued by a government;
- Date of birth (“DOB”);
- Proof of identity (e.g., driver’s license, passport or government-issued ID);
- Home address (not a mailing address or P.O. Box);
- Bank, statements, tax documents, or other proof of income or net worth; and
- Additional information or documentation at the discretion of our Compliance Team as may be required for compliance with law, regulations or internal policies. This may include information relating to health, relationship status and criminal convictions.
- Verification Information we collect about Institutional customers. (“Institutional Verification Information”) We collect information that representatives of an entity provide during a completed, incomplete, or abandoned application. This may include following information:
- Full legal names;
- Government-issued identification numbers;
- Contact information; and
- Proof of identity.
- Device Information. Information that is automatically collected about your device (including hardware, operating system, browser, device type, IP address, message authentication code (“MAC”), the hard drive and location services).
- Location Information. Information that is automatically collected via analytics systems providers to determine your location, including your IP address and/or domain name and any external page that referred you to us.
- Log Information. Information that is generated by your use of Conduit that is automatically collected and stored in our server logs. This may include, but is not limited to, device-specific information, location information, system activity and any internal and external information related to Conduit pages that you visit.
- Financial Information. Information that is generated by your financial activity including, but not limited to transaction amounts, asset types, rate of return, and wallet addresses.
- Correspondence. Information that you provide to us in correspondence, including opening an application, and with respect to ongoing customer support.
- Cookies. When you access the Conduit website, we may collect technical information using the standard practice of placing tiny data files called cookies, flash cookies, pixel tags, or other tracking tools on your computer or other devices used to visit Conduit.
3. How We Use Information We Collect
The information collected and the practices described above are done in an effort to provide you with the best experience possible, protect you from risks related to improper use and fraud, and help us maintain and improve Conduit.
In particular, we may use your information to:
- comply with, and in order to assess, applicable laws, rules and regulations and internal policies and procedures, including carrying out conduct anti-fraud and identity verification and authentication checks (you authorize us to share your information with our third-party service providers, who may also conduct their own searches of publicly available information about you);
- set up / on-board and allow you to use Conduit products and services;
- keep our records up to date and for the administration and maintenance of databases storing your personal information;
- communicate with you in order to respond to queries, provide Conduit products and services or information about Conduit products and services;
- manage and administer our business;
- monitor the usage of Conduit, and conduct automated and manual security checks of our service; and
- create aggregated and anonymized reporting data about Conduit.
4. Direct Marketing
Subject to applicable laws and regulations, we may from time to time send direct marketing materials promoting services, products, facilities, or activities to you using information collected from you.
5. How We Share Personal Information with Other Parties
We may share your personal information with our affiliates in the circumstances described below:
- Certain services that you request from us, or that may be required by law or regulation, may be performed by an affiliate. In these circumstances we may share Individual Verification Information, Institutional Verification Information, or details of transactions you have requested or completed, including but not limited to transaction amounts and wallet addresses.
We may also share your personal information with:
- Third party identity verification services in order to prevent fraud. This allows Conduit to confirm your identity by comparing the information you provide us to public records and other third-party databases;
- Third party service providers under contract who help with parts of our business operations such as bill collection, marketing, and technology services. Our contracts require these service providers to only use your information in connection with the services they perform for us, and prohibit them from selling your information to anyone else;
- Financial institutions with which we partner;
- Companies or other entities that purchase Conduit assets pursuant to a court-approved sale under U.S. Bankruptcy law;
- Law enforcement, and officials, or other third parties when:
- we are compelled to do so by a subpoena, court order, or similar legal procedure; or
- we believe in good faith that the disclosure of personal information is necessary to prevent physical harm or financial loss, to report suspected illegal activity or to investigate violations of our User Agreement; and
- Other third parties with your consent or direction or any third party that might be required by law.
We do not sell customer information to third parties for the purposes of marketing.
6. Digital Currencies
Be aware that bitcoin, ether, and other Digital Currencies are not anonymous. Anyone can see the balance and transaction history of any Digital Currency address (public key). We, and any others who can match your Digital Currency address (public key) to other information about you, may be able to identify you from a blockchain transaction. This is because information published on a blockchain can be correlated with information that we and others may have. This may be the case even if we, or they, we're not involved in the blockchain transaction. Furthermore, by using data analysis techniques on a given blockchain, it may be possible to identify other information about you. As part of our security, anti-fraud and/or identity verification and authentication checks, we may conduct such analysis to collect and process such information about you. You acknowledge and agree to allow us to perform such practices.
7. Information for Individuals Who Are Resident in the European Economic Area (“EEA”)
Legal Basis for Using Your Personal Data
- we are performing our contractual obligations with you;
- we have legal and regulatory obligations that we have to discharge;
- we may need to do so in order to establish, exercise or defend our legal rights or for the purpose of legal proceedings;
- we have obtained your consent; or
- the use of your personal data as described is necessary for our legitimate business interests (or the legitimate interests of one or more of our affiliates), such as:
- allowing us to effectively and efficiently manage and administer the operation of our business;
- in order to operate your account properly and provide you with the services;
- to manage your account and communicate with you in relation to your account and the services we provide; and
- maintaining compliance with internal policies and procedures.
Transfers of Your Personal Data Outside the EEA
The personal data that we collect from you may be transferred to, and stored at, a destination outside the EEA. In particular your information will be transferred to us in the United States. It may also be processed by staff operating outside of the EEA who work for our affiliates or for one of our suppliers.
Where we transfer your personal data outside the EEA, we will ensure that it is protected in a manner that is consistent with how your personal data will be protected by us in the EEA. This can be done in a number of ways, for instance:
- the country that we send the data to might be approved by the European Commission; or
- the recipient might have signed up to a contract based on “model contractual clauses” approved by the European Commission, obliging them to protect your personal data (this is the basis on which personal data is sent from the EEA to our operations in the United States).
In other circumstances we may be required to transfer personal data to any country in which Conduit or a Conduit affiliate conducts business or has a service provider or to other countries for law enforcement purposes.
Retention of Your Personal Data
How long we hold your personal data for will vary. The retention period will be determined by various criteria including:
- the purpose for which we are using it – we will need to keep the data for as long as is necessary for that purpose; and
- legal obligations – laws or regulation may set a minimum period for which we have to keep your personal data.
If you are an EEA resident, you have a number of legal rights in relation to the personal data that we hold about you. These rights include:
- the right to obtain information regarding the processing of your personal data and access to the personal data which we hold about you;
- the right to withdraw your consent to our processing of your personal data at any time. Please note, however, that we may still be entitled to process your personal data if we have another legitimate reason (other than consent) for doing so;
- in some circumstances, the right to receive some personal data in a structured, commonly used and machine-readable format and/or request that we transmit those data to a third party where this is technically feasible. Please note that this right only applies to personal data which you have provided to us;
- the right to request that we rectify your personal data if it is inaccurate or incomplete;
- the right to request that we erase your personal data in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal data, but we are legally entitled or required to retain it;
- the right to object to, and the right to request that we restrict, our processing of your personal data in certain circumstances. Again, there may be circumstances where you object to, or ask us to restrict, our processing of your personal data but we are legally entitled to continue processing your personal data and / or to refuse that request; and
- the right to lodge a complaint with the data protection regulator (details of which are provided below) if you think that any of your rights have been infringed by us.
We cannot agree to obligations of confidentiality or nondisclosure with regard to any unsolicited information you submit to us, regardless of the method or medium chosen. By submitting unsolicited information or materials to Conduit, you or anyone acting on your behalf, agree that any such information or materials will not be considered confidential or proprietary.
Transmission of information via regular email is inherently insecure – so please DO NOT do so. Contact us if you need to submit sensitive personal information and we can arrange for a method of secure transmission. The definition of sensitive personal information varies from jurisdiction to jurisdiction. For your own protection, assume all of your information to be sensitive and act accordingly.
Cookies are small bits of information that are automatically stored on the web browser of your device that can be retrieved by us.
The type of information we collect includes, but is not limited to, uniquely identifying visitor information and information related to your usage preferences. We use these technologies to help us recognize you as a user, collect information about your use of Conduit to better customize our services and content for you, and collect information about your computer or other access devices to (i) ensure compliance with our BSA/AML Program and (ii) ensure that your account security has not been compromised by detecting irregular or suspicious account activities.
Third Party Cookies and Technology Partners
Some of the cookies described above are provided on our behalf by third party service providers to aid in the reporting of user behavior on our website. This behavior is analyzed to provide an improved user experience.
By using Conduit, you acknowledge and agree that we may collect and/or transmit any data collected to our third-party service providers, such as analytics providers, which may also make use of such technologies described above.
10. Information for Individuals Residing in California
As of January 1, 2020, California law permits residents of California to request certain details about how their personal information is shared with third-parties or affiliated companies for direct marketing purposes. California consumers have the following rights under the California Consumer Privacy Act (CCPA) with respect to their personal information.
You have the right to know what personal information is being collected. You may submit a request, that Conduit disclose:
- the categories of personal information about you that we collected;
- any categories of personal information about you that we sold;
- the business or commercial purpose for collecting your personal information;
- the categories of third parties with whom we have shared your personal information; and
- the business or commercial purpose for selling your personal information in the past 12 months.
Under the CCPA, you, as a California resident, may submit a request that Conduit:
- deletes your personal information, provided that the information to not required to complete a transaction for you, to detect and protect against fraudulent and illegal activity, to exercise our rights, or to comply with a legal obligation; and
- honors your request to opt out of the sale of your personal information. Conduit does not sell your personal information.
You can submit a request to access or delete personal information by emailing Conduit at email@example.com. Conduit will be legally obligated to verify the identity of the consumer who submitted the request. Therefore, Conduit may request additional information from you to verify your identity. We will respond to your request within 45 days of receipt of your request, after proper verification, unless we need additional time, in which case we will let you know. You have the right to not be discriminated against. You have the right to exercise the privacy rights conferred by the CCPA without discriminatory treatment.
You may designate an authorized agent to make a request under the CCPA on your behalf. We may deny a request from a purported authorized agent who does not provide proof of authorization to act on your behalf pursuant to Probate Code sections 4000 to 4465.
12. How to Contact us