Last Updated: January 23, 2023
Thanks for visiting the platform of Genesis (defined herein as any or all of Genesis Global Trading, Inc, its affiliates. Details can be found here). By visiting, accessing, or using this platform, you agree to the terms and practices described in this privacy notice (the “Privacy Notice”), so please read them carefully. If any terms or practices described in this Privacy Notice are unacceptable to you, please do not visit, access, or use the Genesis platform. Use of the words “we” or “our” in this Privacy Notice refers to any or all of the aforementioned Genesis entities.
2. About This Privacy Notice
This Privacy Notice explains what information we collect, why we collect it, and how we treat your personal information. For purposes of this Privacy Notice, references to “personal information” shall be synonymous with “personal data”.
By visiting, accessing, or using the Genesis platform, you confirm that you are at least eighteen (18) years old and agree to be bound by the terms and practices described in this Privacy Notice in their entirety. Your privacy matters to us, so whether you are new to Genesis or a long-time user of our website or services, please do take the time to get to know and familiarize yourself with our policies and practices. If you do not want to be bound by this Privacy Notice, you should not visit, access or use our website or services.
As used herein, “Digital Currency” means a digital asset (also called a “cryptocurrency,” “virtual currency”), such as, but not limited to, bitcoin or ether, which is based on a cryptographic protocol(s) of an electronic system that may be (i) centralized or decentralized, (ii) proprietary or open-source, and (iii) used as a medium of exchange and/or store of value.
3. Information We Collect
We will collect and process the following information about you:
- Information required by Section 326 of the USA PATRIOT ACT (the “Patriot Act”). The Patriot Act requires all financial institutions to obtain, verify, and record information that identifies each person who opens an account. This federal requirement applies to all Genesis counterparties. This information is used to assist the United States government in the fight against the funding of terrorism and money-laundering activities. When you complete an application we ask you for your:
- name, address, date of birth, and other identifying information. For more details, please see below.
- Verification Information we collect about individual customers. (“Individual Verification Information”) We collect information that you provide during a completed, incomplete, or abandoned application. This may include the following information:
- Full legal name;
- Social Security Number (“SSN”) or any comparable identification number issued by a government;
- Date of birth (“DOB”);
- Proof of identity (e.g., driver’s license, passport or government-issued ID);
- Home address (not a mailing address or P.O. Box);
- Bank, statements, tax documents, or other proof of income or net worth; and
- Additional information or documentation at the discretion of our Compliance Team as may be required for compliance with law, regulations or internal policies. This may include information relating to health, relationship status and criminal convictions.
- Verification Information we collect about Institutional customers. (“Institutional Verification Information”) We collect information that representatives of an entity provide during a completed, incomplete, or abandoned application. This may include following information:
- Full legal names;
- Government-issued identification numbers;
- Contact information; and
- Proof of identity.
- Device Information. Information that is automatically collected about your device (including hardware, operating system, browser, device type, IP address, message authentication code (“MAC”), the hard drive and location services).
- Location Information. Information that is automatically collected via analytics systems providers to determine your location, including your IP address and/or domain name and any external page that referred you to us.
- Log Information. Information that is generated by your use of Genesis that is automatically collected and stored in our server logs. This may include, but is not limited to, device-specific information, location information, system activity and any internal and external information related to Genesis pages that you visit.
- Trading Information. Information that is generated by your trading activity including, but not limited to transaction amounts, asset types, quoted prices of trades, and wallet addresses.
- Correspondence. Information that you provide to us in correspondence, including opening an application, and with respect to ongoing customer support.
- Cookies. When you access the Genesis website, we may collect technical information through the use of the standard practice of placing tiny data files called cookies, flash cookies, pixel tags, or other tracking tools on your computer or other devices used to visit Genesis. For more information on the cookies used by Genesis, please see the “Cookies” section of this Privacy Notice below.
4. How we Collect Data
We use different methods to collect data from and about you including through:
- Direct interactions. You may provide us with your identity, contact and/or financial data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
- apply for our products or services;
- create an account on our website;
- subscribe to our service or publications;
- request marketing to be sent to you;
- enter a competition, promotion or survey; or
- give us feedback or contact us.
- Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources as set out below:
- Technical Data from the following parties:
- analytics providers such as Google based outside the UK;
- Contact, Financial and Transaction Data from providers of technical, payment and delivery services.
- Identity and Contact Data from publicly available sources.
5. How We Use Information We Collect
The information collected and the practices described above are done in an effort to provide you with the best experience possible, protect you from risks related to improper use and fraud, and help us maintain and improve the Genesis platform.
In particular, we may use your information to:
- comply with, and in order to assess, compliance with applicable laws, rules and regulations and internal policies and procedures, including carrying out conduct anti-fraud and identity verification and authentication checks (you authorize us to share your information with our third party service providers, who may also conduct their own searches of publicly available information about you);
- set up / on-board and allow you to use Genesis products and services;
- keep our records up to date and for the administration and maintenance of databases storing your personal information;
- communicate with you in order to respond to queries, provide Genesis products and services or information about Genesis products and services;
- manage and administer our business;
- monitor the usage of Genesis, and conduct automated and manual security checks of our service; and
- create aggregated and anonymized reporting data about Genesis.
6. Direct Marketing
Subject to applicable laws and regulations, we may from time to time send direct marketing materials promoting services, products, facilities, or activities to you using information collected from you.
7. How We Share Personal Information with Other Parties
We may share your personal information with our affiliates in the circumstances described below:
- Certain services that you request from us, or that may be required by law or regulation, may be performed by an affiliate. In these circumstances we may share Individual Verification Information, Institutional Verification Information, or details of transactions you have requested or completed, including but not limited to transaction amounts and wallet addresses.
We will take steps to ensure that personal information is accessed only by employees of such affiliates that have a need to do so for the purposes described in this Privacy Notice.
We may also share your personal information with:
- Third party identity verification services in order to prevent fraud. This allows Genesis to confirm your identity by comparing the information you provide us to public records and other third party databases;
- Third party service providers under contract who help with parts of our business operations such as bill collection, marketing, and technology services. Our contracts require these service providers to only use your information in connection with the services they perform for us, and prohibit them from selling your information to anyone else;
- Financial institutions with which we partner;
- Companies or other entities that we plan to merge, combine or consolidate with or be acquired by (whether in whole or in part). Should a merger, combination or consolidation occur, we will require that the new combined and/or surviving entity (as the case may be) follow this Privacy Notice substantially with respect to your personal information;
- Companies or other entities that may purchase assets, liabilities and / or whole or part of a business of Genesis, including pursuant to a court-approved sale under U.S. Bankruptcy law;
- Law enforcement, and officials, or other third parties when:
- we are compelled to do so by a subpoena, court order, or similar legal procedure; or
- we believe in good faith that the disclosure of personal information is necessary to prevent physical harm or financial loss, to report suspected illegal activity or to investigate violations of our User Agreement; and
- Other third parties with your consent or direction or any third party that might be required by law.
We do not sell customer information to third parties for the purposes of marketing.
8. Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
9. Digital Currencies
Be aware that bitcoin, ether, and other Digital Currencies are not anonymous. Anyone can see the balance and transaction history of any Digital Currency address (public key). We, and any others who can match your Digital Currency address (public key) to other information about you, may be able to identify you from a blockchain transaction. This is because information published on a blockchain can be correlated with information that we and others may have. This may be the case even if we, or they, were not involved in the blockchain transaction. Furthermore, by using data analysis techniques on a given blockchain, it may be possible to identify other information about you. As part of our security, anti-fraud and/or identity verification and authentication checks, we may conduct such analysis to collect and process such information about you. You acknowledge and agree to allow us to perform such practices.
10. Information For Individuals Who Are Resident In The European Economic Area (“EEA”) or in the United Kingdom (“UK”)
This section of our Privacy Notice only applies where you are a resident in the EEA or in the UK. If you are a resident in the EEA or in the UK, please read this section carefully.
LEGAL BASIS FOR USING YOUR PERSONAL DATA
- We are entitled to use your personal data in the ways set out in this Privacy Notice because:
- we are performing our contractual obligations with you;
- we have legal and regulatory obligations that we have to discharge;
- we may need to do so in order to establish, exercise or defend our legal rights or for the purpose of legal proceedings;
- we have obtained your consent; or
- the use of your personal data as described is necessary for our legitimate business interests (or the legitimate interests of one or more of our affiliates), such as:
- allowing us to effectively and efficiently manage and administer the operation of our business;
- in order to operate your account properly and provide you with the services;
- to manage your account and communicate with you in relation to your account and the services we provide; and
- maintaining compliance with internal policies and procedures.
TRANSFERS OF YOUR PERSONAL DATA OUTSIDE THE EEA OR THE UK
The personal data that we collect from you may be transferred to, and stored at, a destination outside the EEA or the UK. In particular your information will be transferred to us in the United States. It may also be processed by staff operating outside of the EEA or the UK who work for our affiliates or for one of our suppliers.
Where we transfer your personal data outside the EEA or the UK, we will ensure that it is protected in a manner that is consistent with how your personal data will be protected by us in the EEA or in the UK. This can be done in a number of ways, for instance:
- the country that we send the data to might be approved by the European Commission or by the UK Government; or
- the recipient might have signed up to a contract based on “model contractual clauses” approved by the European Commission or by the UK Government, obliging them to protect your personal data (this is the basis on which personal data is sent from the EEA or the UK to our operations in the United States).
In other circumstances we may be required to transfer of personal data to any country in which Genesis or a Genesis affiliate conducts business or has a service provider or to other countries for law enforcement purposes.
You can obtain more details of the protection given to your personal data when it is transferred outside the EEA or the UK (including a copy of the standard data protection clauses which we have entered into with recipients of your personal data) by contacting us in accordance with the “Questions and Concerns” section below.
RETENTION OF YOUR PERSONAL DATA
How long we hold your personal data for will vary. The retention period will be determined by various criteria including:
- the purpose for which we are using it – we will need to keep the data for as long as is necessary for that purpose; and
- legal obligations – laws or regulation may set a minimum period for which we have to keep your personal data.
If you are an EEA or a UK resident, you have a number of legal rights in relation to the personal data that we hold about you. These rights include:
- the right to obtain information regarding the processing of your personal data and access to the personal data which we hold about you;
- the right to withdraw your consent to our processing of your personal data at any time. Please note, however, that we may still be entitled to process your personal data if we have another legitimate reason (other than consent) for doing so;
- in some circumstances, the right to receive some personal data in a structured, commonly used and machine-readable format and/or request that we transmit those data to a third party where this is technically feasible. Please note that this right only applies to personal data which you have provided to us;
- the right to request that we rectify your personal data if it is inaccurate or incomplete;
- the right to request that we erase your personal data in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal data, but we are legally entitled or required to retain it;
- the right to object to, and the right to request that we restrict, our processing of your personal data in certain circumstances. Again, there may be circumstances where you object to, or ask us to restrict, our processing of your personal data but we are legally entitled to continue processing your personal data and / or to refuse that request; and
- the right to lodge a complaint with the data protection regulator (details of which are provided below) if you think that any of your rights have been infringed by us.
You can exercise your rights by contacting us using the details set out in the “Questions and Concerns” section below.
We cannot agree to obligations of confidentiality or nondisclosure with regard to any unsolicited information you submit to us, regardless of the method or medium chosen. By submitting unsolicited information or materials to Genesis, you or anyone acting on your behalf, agree that any such information or materials will not be considered confidential or proprietary.
Transmission of information via regular email is inherently insecure – so please DO NOT do so. Contact us if you need to submit sensitive personal information and we can arrange for a method of secure transmission. The definition of sensitive personal information varies from jurisdiction to jurisdiction. For your own protection, assume all of your information to be sensitive and act accordingly.
THIRD PARTY COOKIES AND TECHNOLOGY PARTNERS
Some of the cookies described above are provided on our behalf by third party service providers to aid in the reporting of user behavior on our website. This behavior is analyzed to provide an improved user experience.
By using the Genesis platform, you acknowledge and agree that we may collect and/or transmit any data collected to our third party service providers, such as analytics providers, which may also make use of such technologies described above.
HOW TO CONTROL COOKIES
If you want to block cookies, remove existing cookies or change your cookie settings, you can do so via your browser settings. However, please note that if you block or delete cookies you will not be able to use some or all of the functionality of the Genesis website. If you do not consent to the placing of cookies on your device, please do not visit, access, or use the Genesis platform.
13. Information For Individuals Residing In California
California law permits residents of California (i) to request certain details about how their personal information is shared with third parties or affiliated companies for direct marketing purposes, (ii) to delete or correct inaccurate personal information, and (iii) to limit or opt-out of the selling or sharing of their personal information. On November 3, 2020, Californians voted to approve Proposition 24, a ballot measure that created the California Privacy Rights Act (CPRA). The CPRA went into effect on January 1, 2023, and amends and supersedes the California Consumer Privacy Act (CCPA). California consumers have the following rights under the CPRA with respect to their personal information.
You have the right to know what personal information is being collected, shared or sold. You may submit a request, that Genesis disclose:
- the categories of personal information about you that we collected;
- any categories of personal information about you that we sold or shared;
- the business or commercial purpose for collecting, selling or sharing your personal information;
- the categories of third parties to whom we disclose your personal information; and
- the business or commercial purpose for selling your personal information.
Under the CPRA, you, as a California resident, may submit a request that Genesis:
- deletes your personal information or corrects inaccurate personal information and notify third parties to whom Genesis shared such personal information to delete or correct the personal information, provided that the information is not required to complete a transaction for you, to help ensure security and integrity, to exercise our rights, or to comply with a legal obligation; and
- honors your request to limit or opt-out of the selling or sharing of your personal information.
Genesis does not sell your personal information.
You can submit a request to (i) access, correct or delete your personal information or (ii) limit or opt-out of the selling or sharing of your personal information by emailing Genesis at [email protected] or calling 646-493-2248. Genesis will be legally obligated to verify the identity of the consumer who submitted the request. Therefore, Genesis may request additional information from you to verify your identity. We will respond to your request within 45 days of receipt of your request, after proper verification, unless we need additional time, in which case we will let you know. You have the right to exercise the privacy rights conferred by the CPRA without discriminatory treatment.
You may designate an authorized agent to make a request under the CPRA on your behalf. We may deny a request from a purported authorized agent who does not provide proof of authorization to act on your behalf pursuant to Probate Code sections 4000 to 4465.
We reserve the right to change this Privacy Notice from time to time to meet our changing needs. Any changes we make to our Privacy Notice in the future will be posted on our website and, where appropriate, notified to you. Your use of our website or our services following any change to this Privacy Notice will constitute your acceptance of the updated Privacy Notice.
15. Questions And Concerns
If you have any questions or concerns about our handling of your information, or about this Privacy Notice, please contact us using the following contact information: [email protected].
We are usually able to resolve privacy questions or concerns promptly and effectively. If you are not satisfied with the response you receive, you may escalate concerns to the applicable privacy regulator in your jurisdiction. Upon request, we will provide you with the contact information for that regulator.
16. Information For Individuals In Singapore
This section of our Privacy Notice only applies where you use the Genesis platform in Singapore.
GOVERNMENT ISSUED IDENTIFICATION NUMBERS
We have a need to collect and use your government-issued identification numbers where you are our individual customer or where you are a representative of our institutional customer: (i) for the purposes of combating money laundering and the financing of terrorism; and (ii) to accurately establish or verify your identity to a high degree of fidelity, so as to prevent fraudulent transactions.
TRANSFERS OF YOUR PERSONAL DATA OUTSIDE SINGAPORE
We will ensure that any transfers of your personal data to a territory outside of Singapore will be in accordance with Singapore’s Personal Data Protection Act (“PDPA”) so as to ensure a standard of protection to personal data so transferred that is comparable to the protection under the PDPA.
DATA PROTECTION OFFICER
You may contact our Data Protection Officer if you have any enquiries about our privacy notice, or if you would like to make any request, as follows: