This P2P Privacy Agreement (this “Policy”) describes how Bybit Limited (the “Company,” “we,” “us” or “our”) collect and use your personal data and serves to supplement our Privacy Policy found at https://www.bybit.kz/help-center/article/Bybit-KZ-Privacy-Policy. In the event of any conflict between this Policy and the Privacy Policy, this Policy shall prevail. "Personal Data" in this Policy refers to any information, that may directly or indirectly be used to identify you, whether used alone or in combination with other data, such as your name, email address, username, contact information, bank details, payment confirmations or any other unique identifying information, including your IP address, device ID, and other online identifiers or your personal data necessary for execution of your transaction. We fully acknowledge the importance of the above personal data to you and truly appreciate your trust when using Platform services. This Policy will be used to inform you (“you”, “your” or “User”), how the Bybit Kazakhstan P2P platform collects, stores, protects, and shares your data, as well as to clearly define your rights. 

 

This Policy is closely related to your use of Platform services. Please carefully read and understand the terms and conditions contained within this Privacy Policy to ensure your confidence in the ways we process your personal data and make the appropriate decisions. You may not use our services unless you accept, approve, and agree to be bound by the terms and conditions of this Policy. Usage of our service indicates that you have carefully read and fully understand this Policy and accept and agree to this Policy. Any terms and conditions that may materially affect your rights or involve sensitive personal data will be highlighted in boldface throughout this Policy to bring them to your attention.

 

We reserve the exclusive right to update, amend, change, republish, or revise this Policy at any time hereafter and whenever necessary. We recommend you regularly visit this page and occasionally review this Policy to ensure that you fully understand the latest effective version of this Policy. Your continued use of the Platform after any amendment constitutes your irrevocable acceptance of the amended Policy, and you waive any right to receive specific notice of such changes beyond their posting on the Platform.

 

BY TICKING THE BOX DECLARING “I AGREE” AT THE BOTTOM OF THE REGISTRATION FORM, YOU HAVE GIVEN EXPLICIT CONSENT FOR OUR COLLECTION, STORAGE, USE, DISCLOSURE, AND PROCESSING* OF YOUR PERSONAL DATA IN ACCORDANCE WITH THIS POLICY.

 

You acknowledge and agree that we may rely on this consent as evidence of your continuing agreement to all processing activities described herein, including cross-border transfers and processing by our affiliates and service providers worldwide. You waive any requirement that we obtain additional or renewed consent unless expressly required by non-waivable applicable law.

*Process, in relation to Personal Data means perform any operation or set of operations on the Personal Data, whether or not by automatic means, and includes, for example, the collection, recording, organization, storage, adaptation or alteration, retrieval, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction of the Personal Data.

1. Applicable Scope of this Policy

This Policy applies to all Bybit Kazakhstan P2P Platform users, including general users, verified advertisers, and other users.

 

1.1. Registration

You must provide all personal information required when registering or using an account on this website, including without limitation your username, nationality, phone number, email address, bank details and other identifying information.

 

1.2. Identity Verification

Access "Account and Security" to complete identity verification after registering and logging in. You will be required to provide the Platform with your nationality, real name, and ID card or passport details, bank details during identity verification. In addition to the information required by identity verification, you may also be prompted to complete other verification procedures, including facial recognition and voice recording as required by the Platform. Facial recognition involves uploading a video stream or photos of your face to the Platform. Certain features of video verification may require access to device audio or video recording features. However, you will be asked for consent before the above features are enabled. We may retain biometric identifiers and related data for as long as reasonably necessary to meet legal, regulatory, fraud-prevention, or risk-management requirements, even after account closure, unless a longer period is required by law.

 

1.3 Security Management

We need to automatically collect and record your device and browser information, including device identification information (device type and model used for logging into your account), your IP address and history of webpages accessed, your location, network environment, device fingerprint information, service logs, software information, and location information when you use the service provided by this website or visit this website to ensure transaction security and service stability.

 

1.4. Transaction Record Keeping and Queries

This website and app will collect data on transactions you conduct on this website/app, including without limitation transaction records. If you need to access your transaction records, you may check your personal transaction records under "Transaction Records" of the Platform if necessary, including the counterparty username, transaction date, transaction number, transaction unit price, transaction total price and type, and payment method.

 

Please note that you must enable the camera function under the following circumstances to save online chat records with counterparty and relevant screenshots as the transaction evidence for any potential disputes hereafter.

 

1.5 Information Required for the Platform to Process Customer Complaints

The Platform may request you to provide detailed transaction documentation (such as transaction details, payment receipts, wire transfer slips, receipts, and payment account information) as necessary whenever the Platform manages disputes such as "Paid but did not receive digital assets" or "Released digital assets but did not receive payment" while using Platform services.

 

1.6 Verification of Sensitive Operations

We may need to verify your identity or the legality of the asset source when you conduct certain sensitive operations or your transaction may be involved in suspected money laundering (including password recovery, reporting losses, account suspensions, and account registration) to protect your account and assets. Therefore, you may be required to provide us with a photograph of yourself holding your ID card, transaction receipt, or other identification documents that may be used to verify your identity with your consent during the transaction. You may not be able to conduct certain operations if you refuse to provide the above information. However, your use of other services we provide will remain unaffected.

 

1.7 Any other personal data legally obtained by this website

Please note that the services we provide to you are constantly being developed and updated. We will obtain your consent to data collection via website popups, interactive processes, agreements, or prompts should you choose to use any other services not covered by the above and the collection of your personal data is required to provide such. We will use, store, share, and protect your data pursuant to this Policy and the applicable user agreement. Your access to one or some of these services may be restricted if you refuse to provide the above information. However, this shall not affect your access to other services we provide.

2. The Purposes and Uses for Which We Collect Your Personal Data

We collect personal data for specific purposes, including without limitation to:

 

2.1 Process your registration and provide you with the services offered by this website;

 

2.2 Notify you of any change to our services;

 

2.3. Submit reports to regulatory agencies as required by the competent authority in the applicable sovereignty countries or regions;

 

2.4 During the use of services provided by this website/app, this website/app shall use your data for legal purposes, including identity verification, customer service, security, fraud monitoring, marketing and promotion, archiving and backups, collaborating with third parties for the promotion of this website, and ensuring the products and services the website provides to you are secure.

 

2.5 Collect and process data to help the website/app design new products and services and improve the existing services provided by the website;

 

2.6 You agree that this website/app may send marketing messages, commercial electronic messages, and advertisements in lieu of general and comprehensive advertisements to make you aware of the specific services provided by this website;

 

2.7 Invite you to participate in surveys about the services provided by this website;

 

2.8 Data analysis in collaboration with government agencies, public institutions, and associations;

 

2.9 For accounting purposes and when collecting fees;

 

2.10 To personalize your experience (your data will help us better serve your individual needs);

 

2.11. Any other legal purposes and other purposes authorized by you.

3. Protecting and Storing Your Personal Data

3.1 We will use reasonably practical measures, procedures, and steps to protect your personal data, including appropriate physical, electronic, and management measures. However, no transfer through a network or electronic storage method is completely secure. Therefore, we cannot warrant that any measure we take will provide complete, risk-free protection, despite our best efforts. To the maximum extent permitted by law, we disclaim all liability for any resulting loss or damage.

 

3.2 We will store your personal data for the period of time required to fulfill the purposes stated in this Policy and as required by applicable laws, regulations, and regulatory requirements. The above data will be stored overseas for at least five (6) years.

 

3.3 We warrant to use a range of general security technologies and management systems currently available to minimize risks of data leaks, damage, abuse, unauthorized access, unauthorized disclosure, or manipulation to ensure the security of your data. For example, Secure Sockets Layer (SSL) software will be used for encrypted file transfer and data storage, and strict control access to data centers. We will take security measures, including encryption, access controls, anonymization, and desensitization when transferring and storing sensitive personal data (including personal biometric identification data).

 

3.4 You must store your identification data, including your account and transaction password, properly. You will be identified via your username and other identifying features when using Platform services. Disclosing any of the above data may cause you to suffer losses and put you at a disadvantage. Please immediately contact us should you discover that your username/other identification information has been or may be disclosed so that we may take the necessary action to avoid or mitigate any losses.

 

3.5 We will stop collecting and using your personal data when you stop using the Platform services, unless otherwise provided by applicable laws, regulations, or regulatory agencies. We will stop collecting your personal data if we cease operations and inform you of such closure through a published notice or announcement, and delete or anonymize any of your personal data we hold unless retention is required by law.

 

3.6 The above rules may not apply when you access any other website maintained by any third party. Your access to such third party websites is not protected by this Policy. Please check and read the third party privacy policy in such cases. The third party websites are not owned or controlled by us. We do not authorize these websites to collect any personal data from you. Therefore, we shall not assume any liability for any losses arising from the disclosure or use of your personal data by third party websites or third party website practices or policies.

 

3.7 The access to your personal data is kept strictly confidential and access to it must be approved by Bybit Kazakhstan management. Approval shall be restricted only to those employees who need to know your personal data.

4. Disclosure of Your Personal Data

4.1 We may disclose your personal data to the following parties (who may use your personal data within or out of your jurisdiction), provided that they commit to assuming data protection obligations by using the same degree of care as that used under this Privacy Policy:

• Our affiliates, Makers; including those that partner with or provide services to Bybit Kazakhstan.

• Customer personal data held by Bybit Kazakhstan will form part of the assigned assets should a third party acquire Bybit Kazakhstan or all of its assets.

• Banks, credit or debit card issuers, or other financial institutions required to establish and support any payment you request or purchase.

• We are entitled to share current and past offers, quotes and market prices, opening price and closing prices, high and low prices, transaction prices, estimated and actual transaction volumes, settlement prices, and other data and information related to digital assets traded on the Platform with other websites whenever we are obliged to disclose or share your personal data to comply with legal obligations, perform or enforce the terms and conditions of this Privacy Policy or other agreements, or protect our rights, property, and security.

• Any other legal entity, government agency, regulatory agency, or securities exchange, broker whenever such disclosure is mandatory or required by a legal or contractual obligation, or required by law, a court order, or any competent securities exchange (regardless of whether national or international).

 

4.2 We may collect, use and disclose your personal data without your consent pursuant to applicable law and national standards in the appropriate jurisdictions under the following circumstances:

 

(1) When such collection and use is directly related to national security and/or national defense & security;

 

(2) When such collection and use is directly related to public safety, public health, or material public interests;

 

(3) When such collection and use is directly related to criminal investigations, prosecutions, trials, and executions of court judgments;

 

(4) When such collection and use is necessary to protect your or others' life, property, or any other material legal rights and obtaining your consent is not possible;

 

(5) When the personal data collected is data you have publicly disclosed;

 

(6) We may collect and use your personal data from legally disclosed sources, such as legal news reports and publicly available government information;

 

(7) We may collect, use and disclose your personal data when such is deemed necessary to execute or perform the contract, transaction, order pursuant to your request;

 

(8) We may collect, use and disclose your personal data when such is deemed necessary to maintain the security and stability of the service provided under this Agreement, such as to detect and resolve service failures;

 

(9) Any other circumstances provided by applicable laws and regulations.

 

4.3 We will not provide your personal data to any third parties without your prior and express consent under any circumstances other than those expressly stated in this Policy. However, anonymized personal data may be disclosed, i.e., your identity cannot be determined through the disclosure of such data.

 

4.4 You hereby agree that we may use the personal data you submit to provide you with direct marketing information and advertise products and services to you, and also from our subsidiaries and affiliates, business partners, and third party suppliers.

 

4.5 Personal data you provide with Us may be transferred or transmitted to a country or region outside of your jurisdiction due to the global nature of the internet. Such countries or regions may not provide similar protection as in your jurisdiction. However, the above personal data may be used to improve security measures and monitoring procedures. You hereby expressly consent to the transfer, storage and transmission of any personal data you provide to Us in any jurisdiction in which we or our service operators operate, regardless of whether such jurisdiction offers equivalent data-protection safeguards, and you waive any objection based on such transfer.

5. Your Rights to the Personal Data We Hold

For all users:

You may submit a written request to our employees to access and verify your personal data held by Bybit Kazakhstan. We will endeavour to respond to requests to access, correct, or delete personal data within a reasonable period, but we reserve the right to deny or limit such requests where we believe doing so would compromise our security measures, conflict with our legal obligations, or expose us to undue risk or expense.

6. Cookies

• You agree to allow us to track your activities with Cookies when you use this website and collect and save all information available, including without limitation your IP address and location.

• We will use Google Stats via Cookies to record our performance and review the effectiveness of our online advertising when you visit our website. Cookies are small data files sent to your web browser and saved to your computer’s hard drive. Cookies will only be sent to your computer’s hard drive when using your computer to access our website.

• Cookies are generally used to record the visitor behaviors and preferences when accessing certain various items on our website. Cookies collect anonymous collective statistical data and do not collect personal data.

• Cookies cannot be used to access your hard drive data, email address, or personal data, rather they allow website owners and service providers to identify your browser, collect, and record information. Most web browsers are set to accept Cookies by default. You can change your browser settings to block Cookies or notify you when new Cookies are saved. However, you may not be able to activate or use certain website features if you disable Cookies in your browsers.

• By continuing to use the Platform you consent to our use of cookies and similar technologies for analytics, security, and advertising, and you waive any claim arising from such use to the maximum extent permitted by law.

7. Access, Modification, and Deletion of Your Personal Data

You are entitled to receive your personal data upon your request and confirm whether the personal data we hold is accurate and up to date. You may request to update any incorrect personal data. You may also request to delete your personal data. However, there may be circumstances in which we reject your requests to delete personal data, such as when required by law or for other legal purposes. 

 

We will verify the identity of any user requesting to access, modify, or delete personal data to ensure the requester is legally entitled to make such requests. We aim to respond to such requests free of charge. However, we are entitled to charge reasonable fees if your request is repetitive or complex.

 

You may access the appropriate dashboards or contact our customer service department directly to close your account if you decide to terminate your use of the Platform and its services. We will store any data submitted or generated when using the Bybit Kazakhstan P2P service pursuant to regulatory agency requirements, even if you meet account closure conditions and close your Bybit Kazakhstan account. We will cooperate with data inquiries by regulatory agencies during the retention period.

8. Indemnity

To the fullest extent permitted by applicable law, Bybit Kazakhstan and its affiliates, directors, officers, employees, and agents shall not be liable for any indirect, incidental, consequential, punitive, or special damages, or for any loss of profits, data, goodwill, or revenue, arising out of or related to this Policy or the processing of personal data, even if advised of the possibility of such damages.

 

You agree to indemnify, defend, and hold harmless Bybit Kazakhstan and its affiliates, officers, employees, and agents from and against any claims, liabilities, damages, losses, or expenses (including legal fees) arising out of or in connection with (a) your breach of this Policy, (b) your violation of any law or the rights of a third party, or (c) any dispute between you and a third party relating to your use of the Platform.

9. How to Contact Us

Please contact us via compliance@bybit.kz if you have any questions about this policy or any complaints or comments about how we process personal data. We only issue announcements through our website, and do not assume liability for any losses or damages caused by relying on information not obtained from the above sources.

10. Governing Law & Jurisdiction

This Policy and any dispute or claim arising out of or in connection with it shall be governed by and construed in accordance with the laws of the Astana International Financial Centre (AIFC). Any dispute shall be subject to the exclusive jurisdiction of the AIFC Court.