1. When we collect your Personal Data?

When you interact with the Biswap website (hereinafter referred to as ”the Services”), we collect only the following:

• Publicly-available blockchain data

When you connect your blockchain wallet to the Services, we collect and log your publicly-available blockchain address to learn more about your use of the Services and to screen your wallet for any prior illicit activity. Note that blockchain addresses are publicly-available data that are not created or assigned by us or any central party and by themselves are not personally identifying.

The legal basis for this is our legitimate interests, such as monitoring and improving the Biswap Interface, the proper protection of the Biswap Interface against risks, and partly the contract performance basis to provide you with the Interface. Note that we are not responsible for your use of any of the blockchains and your data processed in the DeFi space.

Keep in mind that the use of our Service is based on public blockchains designed to record transactions on networks of computer systems permanently. Many blockchains are open to forensic analysis, which can lead to de-anonymization and unintentional disclosure of personal data, especially when blockchain data is combined with other data. Because blockchain is a decentralized and/or third-party network that is not controlled or managed by us, we cannot delete, change or modify Personal Data from the such network.

• Information from Local Storage and other tracking technologies

Our third-party services providers and we may access and collect information from local Storage, mobile device ID, cookies, web beacons, and other similar technologies to provide and personalize the Services and features of the Services for you across sessions. For example, we may use this information to remember the tokens you import. We may also use this information to learn about your preferences, your use of the Services, and our interactions with you. Information we collect from these technologies may include things such as browser type, referring/exit pages, operating system, device or browser language, and other device information. We group and analyze these user journeys collectively, in the aggregate, to improve our product user experience.

• Information from other sources

We may receive information about your wallet address or transactions made through the Services from our service providers to comply with our legal obligations and prevent using our Services in connection with fraudulent or other illicit activities.

• Correspondence

We will receive any communications and information you provide directly to us via customer support, social media, or other official channels or when you participate in the official Biswap events. Suppose you participate in events where our merch is raffled. In that case, we will record the delivery information or identity documents you directly provide to us (for example, your name, email, zip code, country, city, residential address, phone number, or ID documents), the responses you provide to us, and your interactions with the Services.

Remember, we will never ask you to share your private keys or seed phrase of your wallet. Keep this information confidential.

2. How We Use Data

We use the data we collect in accordance with your instructions, including any applicable terms and as required by law. We may also use data for the following purposes:

• Providing the services. We use the data we collect to provide, maintain, customise and improve our Services and features;

• Customer support. We may use the information to provide customer support and answer inquiries about the Services;

• Safety and security. We may use data to protect against, investigate, and stop fraudulent, unauthorised, or illegal activity. We may also use it to address security risks, solve potential security issues such as bugs, enforce our agreements, and protect our users and Company;

• Legal Compliance. We may use the information we collect as needed or requested by regulators, government entities, and law enforcement to comply with applicable laws and regulations.

3. How We Share Data

We may share or disclose the data we collect:

• With service providers. We may share your information with our service providers and vendors to assist us in providing, delivering, and improving the Services. For example, we may share your wallet address with service providers like Cloudflare to provide technical infrastructure services, your wallet address with blockchain analytics providers to detect, prevent, and mitigate financial crime and other illicit or harmful activities, and your activity on our social media pages with our analytics provider to learn more about you interact with the Services and us;

• To comply with legal obligations. We may share your data during litigation, regulatory proceedings, compliance measures, and when compelled by subpoena, court order, or other legal procedure. We may also share data when we believe it is necessary to prevent harm to our users, our Company, or others and to enforce our agreements and policies;

• Safety and Security. We may share data to protect against, investigate, and stop fraudulent, unauthorized, or illegal activity. We may also use it to address security risks, solve potential security issues such as bugs, enforce our agreements, and protect our users and project;

• Business changes. We may transfer or share data with another entity in case of a merger, acquisition, bankruptcy, dissolution, reorganization, asset or stock sale, or other business transaction;

• With your consent. We may share your information any other time you provide us with your consent to do so;

• We do not share your information with any third parties for marketing purposes.

4. Your rights under GDPR

• Right to be informed - We are publishing this Privacy Policy to inform you what we do with your Personal Information. You can ask us for information regarding any data of yours that we keep at any time. This information concerns, among other things, the data categories we process, for what purposes we process them, the origin of the data if we did not acquire them directly from you, and, if applicable, the recipients to whom we have sent your data;

• Right of access - You may ask us whether we process your Personal Information, and you have the right to request a copy of the information we hold about you;

• Right of rectification - You have the right to correct inaccurate or incomplete data about you;

• Right to be forgotten - You can ask for the information we hold about you to be erased from our system, and we will comply with this request unless we have a legitimate reason not to do so;

• Right to restriction of processing - Where certain conditions apply, you can ask us to ‘block’ the processing of your data;

• Right to data portability - You have the right to have the data we hold about you transferred to another organization and to receive Personal Information in a structured, commonly used format;

• Right to object - You can object to processing your data at any time for reasons arising from your particular situation, provided the data processing is based on your consent, our legitimate interest, or that of a third party. In this case, we will no longer process your data. The latter does not apply if we can prove there are compelling, defensible reasons for the processing that outweigh your interests or if we require your data to assert, exercise or defend against legal claims;

• Right to withdraw consent - Withdraw the consent you gave us with regard to the processing of your Personal Information for specific purposes;

• Right to complain - We take your rights very seriously. However, if you are of the opinion that we have not dealt with your complaints adequately, you have the right to submit a complaint to the data privacy protection authorities responsible.

5. Third-Party Cookies

We use services provided by Google and other third parties that use tracking technology, such as cookies, and Local Storage, to collect information about your use of the Services and our interactions with you. You can opt out of having your online activity and device data collected through these third-party services, including by:

• Blocking cookies in your browser by following the instructions in your browser settings. For more information about cookies, including how to see the cookies on your device, manage them, and delete them, visit www.allaboutcookies.org;

• Blocking or limiting the use of your advertising ID on your device through the device settings;

• Using privacy plug-ins or browsers. Certain browsers and browser extensions can be configured to block third-party cookies and trackers;

• Using the platform opt-out provided by Google at https://adssettings.google.com. You can learn more about how Google uses your information by reviewing Google’s privacy policy at https://policies.google.com/privacy;

• Using advertising industry opt-out tools on each device or browser where you use the Services, available at http://optout.aboutads.info and http://optout.networkadvertising.org.

6. Disclosures for European Union Data Subjects

We process personal data for the purposes described in the “How We Use Data” section above. Our bases for processing your data include: (i) you have given consent to the process to us, or our service provides for one or more specific purposes; (ii) processing is necessary for the performance of a contract with you; (iii) processing is necessary for compliance with a legal obligation; and/or (iv) processing is necessary for the purposes of the legitimate interested pursued by a third party or us, and your interests and fundamental rights and freedoms do not override those interests.

Your rights under the General Data Protection Regulations (“GDPR”) include the right to (i) request access and obtain a copy of your personal data, (ii) request rectification or erasure of your personal data, (iii) object to or restrict the processing of your personal data; and (iv) request portability of your personal data. Additionally, you may withdraw your consent to our collection at any time. Nevertheless, we cannot edit or delete information stored on a particular blockchain. Information such as your transaction data, blockchain wallet address, and assets held by your address that may be related to the data we collect is beyond our control.

To exercise any of your rights under the GDPR, please contact us at legal@biswap.org. We may require additional information from you to process your request. Please note that we may retain information as necessary to fulfil the purpose for which it was collected and may continue to do so even after a data subject request in accordance with our legitimate interests, including to comply with our legal obligations, resolves disputes, prevent fraud, and enforce our agreements.

7. Security of Personal Information

You acknowledge that no data transmission over the Internet is fully secure. Accordingly, Biswap does not guarantee or warrant the security of any information you transmit. Any information which you transmit to BISWAP is transmitted at your own risk. However, once BISWAP receives your transmission, BISWAP will take reasonable steps to protect your Personal Information from misuse, loss, and unauthorized access, modification, and disclosure, including by using password-protected systems and databases and Secure Socket Layer (SSL) technology. By using our Services or providing personal information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Services.

BISWAP employees, agents, and contractors must maintain the confidentiality of members' Personal Information and trading behavior. The information posted on bulletin boards or communicated within a social media environment (for example, Facebook, Twitter, Chat Rooms) becomes public information. BISWAP cannot guarantee the security of this type of disclosed information.

We take seriously the responsibility to exclude children from access to our services. It is, however, ultimately the responsibility of parents or guardians to monitor their children’s Internet activities, including where appropriate, by using Internet screening software.

Remember always to disconnect and lock your wallet extension or app when you have completed your time on the website. This is particularly important if you share a computer with another person. You are responsible for securing and accessing your own computer, mobile device, or other handset used to access the website.

Ultimately, you are solely responsible for maintaining the secrecy of your username, password, and private data. Please be careful whenever using the Internet and our website.

8. Changes to this Policy

If we make material changes to this Policy, we will notify you about it on our website. Please keep track of any changes we may make to this Privacy Policy. Your continued access and use of the Services means that you have reviewed all changes to this Privacy Policy as of the date you access and use the Services. Therefore, we encourage you to review this Privacy Policy regularly, as you must comply with it. If, for any reason, you are dissatisfied with our privacy practices, you may stop using the Services. You are not obligated to inform us if you do not intend to exercise any data protection rights outlined in the GDPR and defined in this Privacy Policy.

9. Contact Us

If you have any questions about this Policy or how we collect, use, or share your information, please contact us at legal@biswap.org.