General
Bithex ehf. (Plc.), id. 570102-2140, Skeifunni 19, 108 Reykjavík, does care for the privacy of its customers and their employees. We take the protection of personal data seriously. We place emphasis on always handling with personal information in accordance with valid personal privacy laws.
This privacy policy does explain what personal information Bithex ehf. collects and in what purpose. This policy does also contain information on other, if any, recipients of personal data in our storage and how long we store personal data. This policy also outlines the methods Bithex ehf. does employ in processing or storing personal data, what rights apply to individuals and other important information in relation to the laws on protection of privacy data and how they may be processed, see: Icelandic Laws nr. 90/2018 (icelandic: persónuverndarlöggjöfin).
Our websites are www.bithex.is, www.bithex.com, securewerk.bithex.com.
Regarding what is to be defined as personal data and what processing of personal data does encompass, please consult the laws on protection of privacy data.
A business partner and an individual who uses Bithex ehf. services accepts and contents to this privacy policy, as presented in this document, when he/she enters into a business relationship with, and uses the services of, Bithex ehf.
What personal data we collect, and how we process them and store
The personal identifiable data connected to our business partners and their employees, that we collect and process are the following:
- Names, email addresses and telephone numbers of our contacts and business partners are stored in our files and systems. If other personal data is included in emails from our contacts, it is our policy and customs to delete them terminally.
- Usernames (email addresses), passwords and IP-addresses (by user login) of users connecting to Bithex SecureWerk are stored in a database. All passwords of Bithex SecureWerk are stored encrypted and “salted”. Information on IP-addresses of users (by user login to Bithex SecureWerk) are deleted automatically according to the user’s settings. Longest duration of storing IP-addresses is five (5) years.
- Our backups of data, e.g. from our databases an files, are stored encrypted on our own equipment and servers and are not stored longer than three (3) years.
- Bithex ehf does rent virtual network servers, e.g. for our core systems, email servers, Bithex SecureWerk etc., from third party, hosted in their environment. We never grant third party access to our information assets and data. However, we do not control how these third party may physically access the rented equipment in their own buildings. We choose only hosting providers operating within the European Economic Area, and who do declare that they follow strong security measures in their operations and service offerings.
- We neither collect nor trace the browser cookies from our web sites and applications (Bithex SecureWerk) in marketing purposes. Session cookies from Bithex ehf. web sites and Bithex SecureWerk (https://securewerk.bithex.com) are only to be counted as necessary operational browser cookies and are deleted at user logout, or after 24 minutes of user idle time.
Our purpose in collecting personal data
Our reason for collecting personal data is:
- to fulfill our commitment and contracts to our customers;
- to provide our service to our business partners;
- to care for our legitimate business interests and rights;
- to care for the interests of others;
- to fulfill our duties as prescribed by laws.
Sharing of personal data
The general rule is that we do not share personal data with any third party. It may however be necessary and required that we share information with, and to, a third party, e.g. to fulfill our contracted duties and to provide service to our business partners. It may at times also be required by law that we share data to the authorities of the Republic of Iceland, e.g. to office of customs, to courts of law or to the police.
Rights of individuals
If an individual has granted his/her permission for the processing of personal data about him/her, he/she has the right, according to law, to revoke that permission at any given time. That right does, however, not affect the processing of the data a priori to the permission being revoked. He/she has also the right: to be informed of the processing of the data; to be given access to the data; to have incorrect or false data about him/her rectified; to have data about him/her deleted; to stop the processing of data about him/her; to have data about him/her transferred to other party; and more. It should be pointed out that these rights of individuals are not always without limits or restrains and may be pursuant to varying conditions.
Revisions and changes to this privacy policy
This privacy policy may be changed according to the appropriate laws and regulations thereon, or if changes are implemented to the way Bithex ehf. does process and handle personal data. In such a case, the changes will be published on the Bithex ehf. website.
After any changes have been made to this privacy policy, and it has been published, they shall take effect right away.
Updated on April 24th, 2024. First version written and published on April 23th, 2024.