Nicehash

MINING SERVICES PRIVACY POLICY

Add Comment

Home Page/Legal &amp. PrivacyUpdated 01. June 2023NICEHASH MININGNiceHash Platform Terms of Use and NiceHash Mining Terms of ServicePrivacy PolicyLEGALLaw Enforcement RequestNICEHASH SHOPTerms of ServicePrivacy PolicyNICEHASH PLATFORM &amp. MINING SERVICES PRIVACY POLICY This Privacy Policy (“Policy”) explains how NICEHASH Ltd., company organized and existing under the laws of the British Virgin Islands, with registered address at Intershore Chambers, Road Town, Tortola, British Virgin Islands, registration number: 2048669 and H-BIT, d.o.o., a limited liability company organized and existing under the laws of Slovenia, with registered address at Radvanjska cesta 128, 2000 Maribor, Slovenia, registration number: 6633994000 ("NiceHash," "we" or "us "), collects, uses, discloses and protects your personal information regarding the use of the NiceHash Platform and Mining Services.  This Policy along with the NiceHash Platform Terms of Use and NiceHash Mining Terms of Service (“Terms”) provide the basis for&nbsp. the collection, use, processing and protecting your information. This Policy also explains what options our users have with regards to their personal information. For more information on the definitions of terminology used in this Policy please refer to our Terms. Personal information means any data relating to an identified or identifiable natural person. This Policy applies to information we collect when you access or use NiceHash Platform, NiceHash Hashing power marketplace, NiceHash API, NiceHash OS, NiceHash Mining Software including licence for NiceHash Miner, NiceHash Private Endpoint, NiceHash Account, NiceHash Mobile applications and all other software products, applications and services associated with these products (collectively, "NiceHash Platform and Services") or otherwise interact with us as described below. We are compliant with applicable laws in the countries in which we operate. By using the NiceHash Platform or Mining Services or interacting with us as described below, you confirm that you are aware of this Privacy Policy. Users subject to the data migration due to the terms and conditions changes on the NiceHash Platform dated March 1, 2021 must confirm and accept the transfer of the data collected, processed and controlled by H-BIT d.o.o. during the usage of the NiceHash Services prior to the changes, by accepting this Policy and confirming the transfer to NICEHASH Ltd under the provisions of this Policy and Terms.   We may amend this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the bottom of this Policy, and in some circumstances, we may provide you with additional notice, including, for example, by adding a statement to the homepage of the NiceHash Services or by sending you an email notification. We strongly encourage you to review the Privacy Policy whenever you access or use NiceHash Platform to stay informed about our information practices and your privacy rights and choices.  1. DATA WE COLLECT   We collect information you provide directly to us and we also get some information about you when you interact with NiceHash Services. For example, we collect information about you when you create an online account, complete a transaction, fill out a form, complete a verification (KYC) procedure as a security measure, use our software products and mobile applications, respond to surveys, post messages to our forums or wikis or otherwise communicate with us. Bitcoin or other Digital Asset address does not in itself allow us to identify an individual person and would as such in certain jurisdictions not be considered Personal Data. In such jurisdictions, if non-personal data is combined with Personal Data, the combined information will be treated as Personal Data for as long as it remains combined. The types of information we may collect are as follows:   <ul> <li> Account information, such as username, password, two-factor authentication keys, Account settings and preferences; </li> <li> Computer or mobile device information, including IP address, operating system, network system, browser type and settings; </li> <li> Contact information, namely your email address and phone number; </li> </ul> <ul> <li> Your bitcoin address or other Digital Assets addresses; </li> <li> Information about transactions and usage of the NiceHash Platform and NiceHash Mining Services; </li> </ul> <ul> <li> Any information that might be required for the tax purposes, namely your VAT identification number; </li> <li> When applicable, your personal information, such as your name, surname, company name, email, address and nationality (registered seat of the legal entity), bank account, ID number and image of the ID document, date and place of birth, personal picture, phone number, utility bill and other data relating to user verification (KYC) procedure (hereinafter “User Data”); </li> <li> Transaction history data.  </li> </ul> 2. HOW WE USE YOUR DATA    2.1. SERVICES  We use your data to operate effectively, in a secure manner and to provide the best experience with our services.  We use your data to: <ul> <li> authorize your access to the NiceHash Platform and usage of Services, </li> <li> manage your NiceHash Account, </li> <li> to provide customer support and send you technical notices, notices about your transactions, updates, security alerts and support and administrative messages, </li> <li> to process transactions,  </li> <li> to help prevent potentially prohibited or illegal activities and enforce our user agreement.  </li> </ul> With the help of the data you provide us and with linking or combining it with information we obtain from others, we personalize, measure and improve the NiceHash Services. Any optional personal data that you choose to disclose within your profile settings will be solely used for identification and communication purposes and will not be processed or shared in any other way.  We may also carry out any other purpose for which the data was collected, to the extent such purpose is necessarily contemplated by the collection of such information or as otherwise notified in the NiceHash Services at the time of collection.  We use third party services to help us provide our services effectively (e.g., maintenance, analysis, audit, transactions, fraud detection, marketing and development). They will have access to your information as reasonably necessary to perform these tasks on our behalf and are obligated not to disclose or use it for other purposes.  2.2. COMMUNICATIONS  We use your email address to get in contact with you, to deliver marketing and promotional offers on behalf of NiceHash and others.  You may opt out of receiving promotional communications from us by following the instructions in those communications. You may also opt out of receiving our newsletter or certain administrative emails by modifying your communications preferences through the settings feature of your online account. If you opt out of receiving promotional communications, we may still send you transactional or relationship messages, such as those about your account or our ongoing business relations.   2.3. ADVERTISING   We target (and measure the performance of) ads to users, visitors and others both on and off our services directly or through a variety of partners. We are using data from advertising technologies on and off NiceHash Services, like web beacons, pixels, ad tags, cookies, and device identifiers.  3. HOW AND WHY WE SHARE YOUR DATA   We will only use and disclose your personal information internally in order to:  <ul> <li> understand and meet your needs and preferences;   </li> </ul> <ul> <li> develop new and enhance existing service and product offerings;   </li> </ul> <ul> <li> manage and develop our business and operations;   </li> </ul> <ul> <li> carry out any purposes for which we have received your consent;  </li> </ul> <ul> <li> meet legal and regulatory requirements.   </li> </ul> We may disclose any information we collect about you, whether you are a current or former customer, with law enforcement, data protection authorities, government officials, and other authorities, when:   <ul> <li> compelled by subpoena, court order or other legal procedure;  </li> </ul> <ul> <li> we believe the disclosure is necessary to prevent physical harm or financial loss;  </li> </ul> <ul> <li> disclosure is necessary to report suspected illegal activity;  </li> </ul> <ul> <li> disclosure is necessary to investigate violations of this Policy or our Terms;  </li> </ul> <ul> <li> we obtain your consent or at your direction.  </li> </ul> Other than in connection with a merger, sale of NICEHASH’s assets, financing or acquisition, we will not sell or rent any of your information to third parties for their own marketing purposes. 4.1. TRANSFER OF DATA TO COUNTRIES OUTSIDE THE EU/EEA We do not transfer any personal data to countries outside the EU/EEA. The Processing of Personal Data takes place exclusively in countries in the EU/EEA.  4.2. SHARING DATA WITH THIRD PARTY SERVICE PROVIDERS 3.1.1. EXCHANGE SERVICE We share some of your data with third party service providers for analytic purposes in order to use your data as described in section 2.  When user enables EUR Exchange Services provided by FintechX OÜ the following data might be shared with FintechX OÜ in order to perform the requested services: <ul> <li> Contact information, namely your email address; </li> <li> Public blockchain addresses; </li> <li> Information regarding your usage of the NiceHash Platform or Mining Services; </li> <li> When applicable, any information that might be required for the tax purposes; </li> <li> When applicable, User Data; </li> </ul> For more information please refer to KRIPTOMAT Privacy Policy, accessible at https://kriptomat.io/privacy-policy/.  When applicable, User Data shall be processed by a third party SUM AND SUBSTANCE LTD incorporated and registered in England with company number 09688671, whose registered office is at 80 Wood Ln, Central Working White City, London, United Kingdom, W12 0BZ. (hereinafter “Sum&Sub”). NICEX is the controller of the personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter “GDPR”). Sum&Sub is an experienced identity verification company that will process User Data for the purposes of AML/CTF and security measures and has sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of GDPR and ensure the protection of the rights of the data subject. For more information please refer to Sum&Sub Privacy policy available at https://sumsub.com/privacy-notice-service/.  We have data processing agreements in place with its providers, ensuring compliance with GDPR. All hosting is performed in accordance with the highest security regulations. All transfers of data internally are done in accordance with this data processing agreement. All User data, which is collected and processed within the KYC procedure by Sum&Sub and are stored on servers in European data regions. Such personal data is not transmitted to other data regions. We use Coinfirm Limited services for the usage of blockchain address to conduct investigations, compliance, and risk management checks. We share public blockchain addresses. For more information please refer to Coinfirm Privacy policy available at https://www.coinfirm.com/privacy-policy/.  3.2. AUTOMATED DECISION MAKING AND PROFILING If we make a decision about you based solely on an automated process that affects your ability to access NiceHash Services or has another significant effect on you, you can request not to be subject to such a decision, unless such decision is necessary for entering into, or the performance of a contract between you and us. Even if a decision is necessary for entering into or performing a contract, you may contest the decision and require human intervention. In case you contest such a decision, we may not be able to offer our products or services to you. 4. LEGAL BASIS FOR PROCESSING DATA  We collect, use and share data as described above.  We will only collect, process and use personal data about you where we have lawful bases. Lawful bases include: <ul> <li> when it is necessary for the performance of our contract with you, to prepare for entering into a contract at your request (e.g. for services provided by one of our partners) or&nbsp. otherwise to protect your vital interests; </li> <li> where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. Legitimate interests mean the interests of our organization to conduct and manage our business to enable us to better serve you and provide you with a secure experience of the Exchange Services; </li> <li> as may be required to comply with any legal or regulatory obligations that may apply to us, for instance under anti-money laundering and sanctions regimes; </li> </ul> <ul> <li> consent where you have given your consent. </li> </ul> Where we rely on your consent to process personal data, you have the right to withdraw or decline your consent at any time and where we rely on legitimate interests, you have the right to object. If you have any questions about the lawful bases upon which we collect and use your personal data, please contact our Data Protection Officer at dpo@nicehash.com.  4.1. TRANSFER OF DATA TO COUNTRIES OUTSIDE THE EU/EEA We do not transfer any personal data to countries outside the EU/EEA. The Processing of Personal Data takes place exclusively in countries in the EU/EEA.  4.2. SHARING DATA WITH THIRD PARTY SERVICE PROVIDERS We share some of your data with third party service providers for analytic purposes in order to use your data as described in section 3 of this Policy.  When your enable EUR Exchange Services provided by FintechX OÜ the following data might be shared with FintechX OÜ in order to perform the requested services: <ul> <li> Contact information, namely your email address and phone number; </li> <li> Public blockchain addresses; </li> <li> Information regarding your usage of the NiceHash Platform or Mining Services; </li> <li> When applicable, any information that might be required for the tax purposes; </li> <li> When applicable, User Data. </li> </ul> For more information please refer to KRIPTOMAT Privacy Policy, accessible at https://kriptomat.io/privacy-policy/.  When applicable, User Data shall be processed by a third party, SUM AND SUBSTANCE LTD., incorporated and registered in England with company number 09688671, whose registered office is at 80 Wood Ln, Central Working White City, London, United Kingdom, W12 0BZ. (hereinafter “Sum&Sub”). NICEX is the controller of the personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Sum&Sub is an experienced identity verification company that will process User Data for the purposes of AML/CTF and security measures and has sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of GDPR and ensure the protection of the rights of the data subject.  For more information please refer to Sum&Sub Privacy policy available at https://sumsub.com/privacy-notice-service/.  We are sharing data gathered from cookies, device identifiers and usage data with:  <ul> <li> Facebook SDK to track and examine the use of NiceHash Miner and NiceHash Platform to prepare reports and analysis; </li> <li> Google Analytics to track and examine the use of NiceHash Platform in order to prepare reports and analysis. </li> </ul> 4.2.3. ADVERTISING AND ANALYTICS (Non-Personally Identifiable Information Only).  We use third-party analytics and advertising providers to help us analyse and improve our services. We are sharing data gathered from cookies and usage data and do not share information that personally identifies you. We use analytic tool Facebook Pixel to measure the effectiveness of our advertising, to understand your actions on NiceHash Platform and to optimize our advertising. We also use Google AdWords to connect data gathered from Google AdWords advertising network with actions performed on NiceHash Platform.  5. YOUR CHOICES AND OBLIGATIONS  5.1. DATA RETENTION  We retain personal data for as long as necessary to fulfil the purposes described in this Policy, subject to our own legal and regulatory obligations. In accordance with our record keeping obligations, we will retain basic account information and information about performed transactions for at least 5 years after the account is closed.   5.2. ACCESSING AND CONTROLLING YOUR PERSONAL DATA  Regarding your personal data, you have the following rights: The right to be informed <ul> <li> You may ask us whether we are processing your Personal Data and, if so, what data we are Processing and, if requested, provide with a copy of that information within 30 days from the date of the request. </li> </ul> The right of access <ul> <li> You may ask us to provide you a copy of your Personal Data, and other supplementary information.  </li> </ul> The right to rectification <ul> <li> You may ask us to rectify your Personal Data. The Personal Data can be rectified if they are inaccurate or incomplete. Our Data Protection Officer will make sure that we will rectify any inaccurate Personal Data that relates to the Data Subject without undue delay, and in any event within 30 days. </li> </ul> The right to erasure <ul> <li> You may ask us to delete the Personal Data that we have about you. We will delete the data that we are not legally obliged to keep, but since some of the data is necessary to provide NiceHash Services to you, you will not be able to use the NiceHash Services after the deletion. </li> </ul> The right to restrict processing  <ul> <li> You may ask us to restrict the Processing of Personal Data. You can request that we stop using all or some of your personal data (e.g. if you feel that we don’t have a legal right to keep using it), or to limit the use of it (e.g. if your Personal Data is inaccurate or unlawfully held). </li> </ul> The right to data portability <ul> <li> You may ask our Data Protection Officer to receive personal Data that you have provided to us, in a structured, commonly used and machine readable format. You may also ask our Data Protection Officer, that we transmit this data to a third party of your choice.  </li> </ul> The right to object <ul> <li> You may object to the Processing of your Personal Data at any time. This effectively allows you to stop or prevent us from Processing your Personal Data. An objection may be in relation to all of the Personal Data we hold about you or only to certain information. It may also only relate to a particular purpose we are Processing the Personal Data for. Some of the data is necessary to provide NiceHash Services to you. Therefore if you object to Processing of such data, you may not be able to use the NiceHash Services anymore. </li> </ul> Rights in relation to automated decision making and profiling  <ul> <li> You have the right to object to decisions based solely on computer processing and to question the decisions made about you by a computer. You can have any decisions explained to you and also ask for a person to be involved in the decision making, particularly if the decision has a significant effect on you. You cannot object to automated decision making, including profiling, if it’s required for a contract you have entered into, if it is required by law or if you have given your explicit consent. </li> </ul> You can make a request for any of the above mentioned actions by sending an email to dpo@nicehash.com.  5.3. ACCOUNT INFORMATION AND ACCOUNT CLOSURE  You may access and review or update your NiceHash Account information at any time by logging into your account.  If you choose to close your NiceHash Account, please navigate through the NiceHash Account settings and request to close the NiceHash Account. If for any reason you can not close the account via Account settings, please contact us at dpo@nicehash.com. Your account will be closed within 30 days of receiving your request.  If you made no transactions during the time of use of the NiceHash Platform, your personal data will be deleted within 30 days. However if you made one or more transactions during the time of use of the NiceHash Platform, we will retain your personal data even after you have closed your account if reasonably necessary to comply with our legal obligations, meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse or enforce our Terms of Service. The retained data will be pseudonymised and fully encrypted.  If you have EUR Exchange Services enabled on your account and you decide to close your NiceHash Account, the closure request will be forwarded to FintechX OÜ aswell. The closure of your KRIPTOMAT account will be arranged in accordance with the KRIPTOMAT Privacy Policy. For more information on how to close your KRIPTOMAT account, refer to support@kriptomat.io. 6. SECURITY  We implement reasonable security practices and procedures to help protect the confidentiality and security of your information, including any non-public personal information.   We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy. All data you provide to us is processed and stored on our secure servers within the EU.  We use a variety of security measures to ensure the confidentiality, integrity, availability and privacy of your Personal information and to protect your data from loss, theft, unauthorised access, misuse, alteration or destruction. These security measures include but are not limited to: <ul> <li> Password protected directories and databases; </li> <li> Preventing any unauthorized physical access, damage and interference to information and information processing areas; </li> <li> Vulnerability Scanning and regular penetration testing; </li> <li> Encryption of sensitive data during transfer and at rest; </li> <li> 2-factor authentication; </li> <li> Logging of activities performed on the platform; </li> <li> Access controls; </li> <li> other measures to mitigate risks identified during the risk assessment process. </li> </ul> We protect your information using reasonable physical, technical and administrative security measures, including by limiting access to your information to employees with a need to know such information. To make sure your personal information is secure, we communicate our privacy and security guidelines to our employees and strictly enforce privacy safeguards within the company.   6.1. SECURITY AUDITS  We regularly implement security audits of our own work with safeguarding of Personal Data from unauthorized or unlawful access, alteration, erasure, damage, loss, or unavailability. Security audits shall include the party’s security objectives and security strategy, security organization, guidelines and procedures for security work, established technical, physical and organizational security measures and its sub-contractors work on information security. It also includes routines for notification of joint controllers in the event of security breaches and routines for testing of contingency and continuity plans. 7. COOKIES  Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. They are typically stored on your computer’s hard drive.  We use both session and persistent cookies. Session cookies expire when you log out of your account or close your browser. Persistent cookies remain on your computer or mobile device until you erase them or they otherwise expire. Most web browsers are set to accept cookies by default. You are free to decline most of our cookies if your browser or browser add-on permits, but choosing to remove or disable our cookies may interfere with your use and functionality of the Exchange Services. Additionally, we may use certain persistent cookies that are not affected by your browser settings, but will use such cookies solely for identity verification and fraud prevention purposes. You may refuse cookies by turning them off in your browser, however, you should be aware that our site, like most other popular sites, may not work well with cookies disabled. For more information about cookies and how to block, delete or disable them, please refer to your browser instructions, or contact us.  8. COMPETENT SUPERVISORY AUTHORITY In relation to all procedures relating to the collection, processing and storage of personal data, Data Subjects have the right to appeal to the Information Commissioner of the Republic of Slovenia, who is the lead supervisory authority in the scope of Article 56 of the GDPR. The contact information is available on the following website: https://www.ip-rs.si/o-pooblascencu/osebna-izkaznica. 9. CONTACT US You may give NiceHash a notice under this Policy by sending an email to dpo@nicehash.com. All communication and notices pursuant to this Policy must be given in English language. You shall receive an answer from our Data Protection Officer within 30 days of receiving the e-mail. Last updated: June 01, 2023