U.S. Privacy Notice
Last Updated: August 30, 2024
1. INTRODUCTION
Thank you for visiting okx.com or the OKX app (the “Site”). Your use of the Site is being facilitated by one of the following parties (“The Exchange”, “We”, “Us” or “Our”):
OKCoin USA Inc., a U.S. Delaware corporation, if you are a resident of one of our approved operating locations within the U.S.;
More details can be found on our Licenses Page.
The Exchange, as a/the data controller, provides this Privacy Notice (the “Privacy Notice”) to describe our practices regarding the collection, storage, use, disclosure, and other processing of Personal Data (defined below). By visiting, accessing, or using the Site and associated application program interfaces or mobile applications, you (a) acknowledge that you have the right, capacity, and authority to accept this Privacy Notice; (b) acknowledge that you have read and understand this Privacy Notice; and (c) consent to the policies and practices outlined in this Privacy Notice. So please read them carefully to understand what we do.
This Privacy Notice explains what data we collect, why we collect it, how such data is used and stored, how such data may be shared by us, rights you may have, and how you can contact us about our privacy practices. If you do not wish for your Personal Data (as defined below) to be used in the ways described in this Privacy Notice, you should not use the Site or any services, software, API (application program interface), technologies, products and/or functionalities offered by this Site (collectively, the “Service(s)”).
The Exchange group of companies may share your Personal Data with each other, and in the event that they do, they will handle it in accordance with this Privacy Notice.
2. DEFINITIONS
Digital Asset
“Digital Asset” means a digital asset (also called a “virtual financial asset”, “convertible virtual currency”, “cryptocurrency”, “virtual currency”, “digital currency”, “digital commodity”, or “digital payment token”), which is based on the cryptographic protocol of a computer network that may be (i) centralized or decentralized; (ii) closed or open-source; and (iii) used as a medium of exchange and/or store of value.
Personal Data
“Personal Data” typically means any information which, either alone or in combination with other data, enables you to be directly or indirectly identified, such as your name, email address, username, contact details, identification number, location data, an online identifier such as a complete IP address, device ID, or one or more factors specific to the physical, economic, cultural, or social identity of you. Only the personal data from applicable national law of your legal residence will apply to you and be deemed your Personal Data.
Sensitive Information
“Sensitive Information” is Personal Data that includes information relating to a person's racial or ethnic origin, political opinions, religion, trade union or other professional or trade association membership, sexual preferences, criminal record, and/or biometric or health information.
3. WHAT PERSONAL DATA WE COLLECT AND HOLD, AND HOW WE COLLECT IT
The Exchange collects, processes, and stores Personal Data via your use of the Service or where you have given your consent. This Personal Data may include contact details, copies of identification documentation provided by you or derived from publicly accessible databases, your government identification number, as well as information relating to your device or internet service (such as an IP address and a MAC number).
To understand how The Exchange protects the data it collects from its users, please see the details below.
We collect information you provide during Our onboarding process, which may be a completed, incomplete, or abandoned process. We also collect Personal Data when you communicate with us through customer support chats or emails, subscribe to marketing communications, correspond with us by phone, or other communication channels, or when you conduct a transaction on or otherwise use the Site. We may actively or automatically collect, use, store, or transfer your Personal Data, which may include, without limitation, the following:
Personal identification information such as name, email, phone number, nationality, date of birth, address, image, and government identification information;
Photographs or images, which then we provide to third parties that process that information and generate and store biometric information solely for identity verification purposes (please see the section below entitled “Identity Verification and Biometric Data Privacy Notice” for more information);
Institutional details such as corporate legal name, corporate registration information, government identification number, proof of identity and legal existence, address, business description, and beneficial owner information;
Commercial information such as data related to transactions conducted on the Site;
Financial information such as bank account information;
Correspondence information such as communications with our Customer Support team and responses to user surveys;
Information required by regulatory agencies such as state and federal licensing authorities and consumer protection agencies; and
Other identifiers such as device fingerprint data, IP address, and geolocation information.
We may also collect Personal Data about you from a third party, such as electronic verification services, referrers, marketing agencies, or liquidity providers. If so, we will take reasonable steps to ensure that they are made aware of applicable privacy laws. We may also use third parties to analyze traffic at the Site, which may involve the use of Cookies (please see the section below entitled “Cookie Usage” for more information). Information collected through such analysis is not anonymous.
We will not collect Sensitive Information about you without your consent, unless an exemption or exception applies. These exemptions or exceptions include if the collection is required or authorized by law, or necessary to take appropriate action in relation to suspected unlawful activity or serious misconduct.
If the Personal Data we request is not provided by you, we may not be able to provide you with the benefit of our Services or meet your needs appropriately. Accordingly, we do not give you the option of dealing with us anonymously or under a pseudonym.
4. UNSOLICITED PERSONAL DATA
We may receive unsolicited Personal Data about you. We destroy or de-identify all unsolicited Personal Data we receive, unless it is relevant to the purposes stated in this Privacy Notice for collecting Personal Data or otherwise required by applicable law. We may retain additional information we receive about you if it is combined with other information we are required or entitled to collect. If we do this, we will retain the information in the same way we hold your other Personal Data.
5. WHO WE COLLECT PERSONAL DATA ABOUT
The Personal Data we may collect and hold includes (but is not limited to) Personal Data about users, potential users, service providers or suppliers of the Site or our Services, and other third parties with whom we come into contact.
6. HOW WE USE YOUR PERSONAL DATA
The Exchange uses Personal Data to administer, deliver, improve, and personalize the Service for you and to comply with our legal and regulatory obligations. We also may use such data to communicate with you in relation to other products or services offered by The Exchange and/or its partners to consider any concerns or complaints you may have.
We may use and disclose your Personal Data for any of these purposes. We may also use and disclose Personal Data for secondary purposes which are related to the primary purposes set out in this section or in other circumstances authorized by the law.
Sensitive Information will be used and disclosed for the purpose for which it was provided (or a directly related secondary purpose), unless you explicitly consent otherwise, or an exemption under law applies.
Below are specific ways in which we may process your Personal Data:
Verifying your eligibility for our Services. We use your Personal Data to assess your eligibility for our Services pursuant to our legal obligations. For example, we utilize your name, address, nationality, Social Security number (for U.S. users), government identification number, date of birth, and biometric information generated by our third-party service provider to verify your identity to provide you access to our Services.
Providing you with our Services. We use your Personal Data to provide you with our Services pursuant to our contractual agreement. For example, we need to know certain financial information to conduct fiat currency transfers into and out of your account.
Detecting and preventing fraud. Your Personal Data is used to detect and prevent fraud.
Protecting the security of our Services. We process your Personal Data, such as information about your device and activity, to maintain the security of your account and our Services.
User/customer support. We process your Personal Data when you contact our Customer Service team to help us address your requests.
Enhancing our Services. We process your Personal Data to understand how our products and Services are being used to improve our Services and develop new products.
Product marketing. We process your Personal Data to identify our products and Services that we believe may be of interest to you. We may contact you about them. You may opt out of marketing communications with us at any time. If you do not want to receive these communications, please send an email to us.support@okx.com.
Consent. We may use your Personal Data for additional purposes with your consent.
Other business purposes. We may use your Personal Data for other reasonably expected business purposes as permitted by law or required to comply with our legal obligations.
To Whom We Might Disclose Personal Data
The Exchange may disclose Personal Data to:
Members of our corporate group, which includes our subsidiaries, holding companies, and companies under common control including their respective contractors, affiliates, employees, or representatives;
Our service providers and other third parties who assist us in providing Services to you and/or as required or permitted by law or professional standards including, for example, payment processing, customer support, data analytics, information technology, data processing, network infrastructure, storage, identity verification, and tax reporting;
Entities in connection with corporate transactions involving The Exchange, including any financing, acquisition, or dissolution proceedings which involve disclosing a certain portion or all of our business or assets;
Government entities or other parties to legal process, including law enforcement agencies and authorities, officers, regulators, or other third parties to comply with any law, court order, subpoena, or government request;
Professional advisors, including legal, accounting, or other consulting services for purposes of audits or to comply with our legal obligations;
Consent. We may share or disclose your information with your consent; and
Other business purposes as permitted by law or required to comply with our legal obligations.
Other than as disclosed in this Privacy Notice, The Exchange does not share your Personal Data with any other third parties unless required to do so by law or legal obligation. This Site may contain links to other third-party websites where their own privacy policies may apply, and The Exchange is not responsible for the privacy policies of such third-party websites.
If we disclose your Personal Data to service providers that perform business activities for us, they may only use your Personal Data for the specific purpose for which we supply it. We will take reasonable steps to ensure that all contractual arrangements with third parties adequately address compliance with applicable privacy laws.
Additionally, we have implemented standards to prevent money laundering, terrorist financing, and circumvention of applicable trade and economic sanctions, which require us to undertake due diligence on our users. This may include the use of third-party data and service providers to cross-reference your Personal Data for identity verification, fraud detection and prevention, transaction monitoring, credit verification, and security threat detection.
7. HOW WE STORE YOUR PERSONAL DATA
We recognise the importance of securing the Personal Data of our users. We take steps to ensure your Personal Data is protected from misuse, interference or loss, and unauthorized access, modification or disclosure.
Your Personal Data is generally stored in our or our affiliates’ computer databases and/or with third party storage providers. In relation to information that is held on our computer database, we apply data security guidelines to ensure that your Personal Data is managed securely. For more information, refer to the section below entitled "Information Security".
The data that we collect from you may be transferred to, and stored at, a destination outside of the United States. It may also be processed by staff operating outside of the United States who work for us or for one of our suppliers. By submitting your personal data, you agree to this transfer, storing or processing.
We retain your Personal Data for as long as is reasonably necessary to provide services to you, for our legitimate business purposes, and to comply with our legal and regulatory obligations. If you close your account with us, we will continue to retain your Personal Data as necessary to comply with our legal and regulatory obligations.
8. SENDING INFORMATION TO OTHER COUNTRIES
The Exchange is a global business and Personal Data may be stored and processed in any country where we have operations or where we engage service providers. We may disclose information to third party storage providers or affiliates that are located outside your country of residence or disclose to third-party storage providers or affiliates that are located outside your country of residence.
We may transfer Personal Data that we maintain about you to recipients in countries other than the country in which the Personal Data was originally collected. Those other countries may have data protection or privacy rules that are different from those of your country. However, we will take measures to ensure that any such transfers comply with applicable data protection laws and that your Personal Data remains protected to the standards described in this Privacy Notice. In certain circumstances, courts, law enforcement agencies, regulatory agencies, or security authorities in those other countries may be entitled to access your Personal Data. By communicating electronically with The Exchange, you acknowledge and agree to your Personal Data being processed in this way.
Click the link to read our Terms of Service.
9. YOUR RIGHTS
We offer the following rights to all users regardless of their location or applicable privacy regulations.
We will take action within 45 days of your request, or within 90 days with notice. If we refuse to provide the information, we will provide reasons for the refusal, as well as provide an explanation of any rights you have to appeal the decision.
For Personal Data we have about you, you can:
Access to Personal data or request a copy
You have the right to obtain information about the Personal Data we process about you or to obtain a copy of your Personal Data. If you have provided your information to us, you may contact us to obtain an outline of the information we hold about you or a copy of the information.
Change or correct your Personal Data
You have the right to update or correct your Personal Data or ask us to do so on your behalf.
Delete or erase your Personal Data
You have the right to request the deletion of your Personal Data at any time. We will communicate back to you within stated timelines the result of your request. Although we might not be able to remove your personal information, we will notify you of the reason(s) and any other options you have.
Object to the processing of your Personal Data
You have the right to object to our processing of your Personal Data for direct marketing purposes. This means that we will stop using your information for these purposes.
Ask us to restrict processing of your Personal Data
You have the right to ask us to limit the way that we use your Personal Data.
Export your Personal Data
You have the right to request that we export to you in a machine-readable format all of the Personal Data held about you.
Automated Decision-making and Profiling
In the event that a decision we have made about you is solely the result of an automated process (for instance, automatic profiling) and it impacts your ability to use our products and services or has another significant impact on you, you can request that this decision not be applied to you, unless we can demonstrate to you that this decision is required for the purpose of entering into or carrying out a contract with you. You may contest this decision and ask for human intervention. If we grant such a request, we may still not be able to offer our products or services to you.
If you would like to exercise any of the rights described above, please contact us at privacy@okx.com.
10. CHILDRENS’ PERSONAL DATA
The Exchange does not knowingly offer services to or collect the Personal Data of anyone under the age of 18. If we learn that we have collected Personal Data of anyone under the age of 18, we will promptly delete it from our systems. If you are aware of anyone under the age of 18 using our Services, please notify us so we can take prompt action to prevent access to our Services.
11. IDENTITY VERIFICATION AND BIOMETRIC DATA PRIVACY NOTICE
To comply with applicable laws, regulations, and other legal obligations in the United States and in other countries, including “know your customer” obligations, we require all users to verify their identity before using our Services.
In order to verify a user’s identity for the use of certain Services, the user is asked to capture an image of their government ID (e.g., a passport or driver’s license) and take a real-time selfie image of their face. We provide those images to our identity verification service providers, who then use a combination of machine learning tools and statistical algorithms to confirm the authenticity of the government ID and selfie image, and to perform biometric facial comparisons to determine whether the face contained in the government ID and selfie image belong to the same person. Through this process, the verification service providers will typically generate a confidence score representing the confidence level that the images of the individuals match, which we or the relevant service providers may use in determining the level of confidence that the individual submitting the selfie image is the same person as the individual on the government ID.
We do not receive, store, or collect any facial biometric information generated by our third-party identity verification service providers from the images, and our identity verification service providers retain biometric information only as long as necessary for us to provide our Service to you and to help us comply with our legal obligations. We do not use, disclose, or retain facial biometric information for any other commercial purpose. However, we do retain the information and images you provide in connection with the identity verification process, along with the results of the identity check, as long as necessary to provide our service to you and to comply with our legal obligations.
We use identity verification services provided by third-parties, including Jumio, Sumsub, and Au10tix. Each provider may collect, process, and share your personal information, which may include biometric data, as set out in the Jumio Privacy Notice, Sumsub Privacy Notice, and Au10tix Privacy Notice.
12. MARKETING
We may only use Personal Data we collect from you for the purposes of direct marketing without your consent if the Personal Data does not include Sensitive Information, you would reasonably expect us to use or disclose the information for the purpose of direct marketing, we provide a simple way of opting out of direct marketing, and you have not requested to opt out of receiving direct marketing from us.
If we collect Personal Data about you from a third party, we will only use that information for the purposes of direct marketing if you have consented (or it is impracticable to obtain your consent), and we will provide a simple means by which you can easily request not to receive direct marketing communications from us. We will draw your attention to the fact that you may make such a request in our direct marketing communications.
We may communicate company news, promotions, and information relating to our products and services provided by The Exchange. We may share Personal Data with third parties to help us with our marketing and promotional projects or sending marketing communications. Users can opt out from these marketing communications at any time. If you do not want to receive these communications, please send an email to us.support@okx.com.
For product related communications, such as notice/policy/terms updates and operational notifications, you will not be able to opt out of receiving such information.
13. COOKIE USAGE
While you access our Site, we may use the industry practice of placing a small amount of data that will be saved by your browser (“Cookies”). This information can be placed on your computer or other devices used to visit our Site. We use Cookies to enhance your experience of using our Site. The information is used to identify users, remember user preferences, and allow users to complete tasks without having to re-enter information when browsing from one webpage to another or when re-visiting the Site at a later date. We also use Cookies to collect and analyze Site usage data related to user use and patterns. This data is used to improve our Site and enhance users’ experience. We may also use the information collected to ensure compliance with our Bank Secrecy Act of 1970 (“BSA”) and Anti-Money Laundering (“AML”) program (“BSA/AML Program”) and to ensure that your account security has not been compromised by detecting irregular, suspicious, or potentially fraudulent account activities.
You may choose which information we collect automatically from your device by controlling cooking settings on your browser. Remember, this may affect the functionality of our Services or your user experience.
14. INFORMATION SECURITY
We endeavor to protect our Site and you from unauthorized access, alteration, disclosure, or destruction (or other similar risks) of Personal Data we collect and store. We take various measures to ensure information security, including: encryption of our Site communications; required two-factor authentication for all sessions; periodic review of our Personal Data collection, storage, and processing practices; and restricted access to your Personal Data on a need-to-know basis for our employees and service providers who are subject to strict contractual confidentiality obligations.
If you have any questions about information security or report any security issues, please contact us by sending an email to the following address security@okx.com with the subject “INFORMATION SECURITY REQUEST”.
15. CONTACTING US ABOUT PRIVACY QUESTIONS OR CONCERNS
If you have any questions about this Privacy Notice or the use of your Personal Data, please contact us by sending an email to the following address privacy@okx.com with the subject “PRIVACY INQUIRY”.
16. CHANGES TO OUR PRIVACY NOTICE
We may update this Privacy Notice at any time by posting the amended version on this Site including the effective date of the amended version, so please check frequently to see if there are any updates or changes. Your continued access to or use of this Site and/or the Services constitutes your acknowledgment and acceptance of such changes to this Privacy Notice.
17. VERMONT CONSUMER PRIVACY STATEMENT
This Vermont Consumer Privacy Statement applies solely to Vermont consumers. Since The Exchange is a licensed money transmitter under Chapter 79 of Title 8 V.S.A it will comply with provisions set form within Regulation B-2018-01. For the purposes of complying with Vermont law, The Exchange will limit the sharing of Vermont consumer information.
Information The Exchange can share: | Will The Exchange Share Vermont consumer information without consent: |
Information about your creditworthiness | NO |
Personal information, financial information, or credit report for non-affiliated third parties to market to you | NO |
Vermont specifically requires consumers to be provided the opportunity to “opt-in” to sharing or to the disclosure of any nonpublic personal financial information pertaining to a consumer to a nonaffiliated third-party for purposes that are not otherwise permitted by Vermont law. The consumer may “opt-in” in writing or electronically.
For Vermont Members/Customers
We will not disclose information about your creditworthiness to our affiliates and will not disclose your personal information, financial information, or credit report to nonaffiliated third parties to market to you, other than as permitted by Vermont law, unless you authorize us to make those disclosures.
Additional questions concerning our privacy policies can be answered by contacting The Exchange at privacy@okx.com.
18. CALIFORNIA AND OTHER STATE PRIVACY RIGHTS
This section is applicable to consumers whose Personal Data is collected, stored, used or disclosed by the Exchange under the California Privacy Rights Act (‘CPRA’) – which amended and expanded on CCPA, Connecticut Data Privacy Act (‘CTDPA’),
Virginia Commonwealth Data Protection Act (‘CDPA’), Utah Consumer Privacy Act (‘UCPA’), and the Colorado Privacy Act (‘CPA’). In relation to the Personal Data we have collected, stored, used or disclosed about them in the preceding 12 months (upon verification of your identity), consumers may exercise their rights (subject to certain limitations at law) by submitting their requests to privacy@okx.com.
We endeavor to respond to your verified consumer request within the required timeframes. We do not charge a fee to process or respond to a request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we'll let you know why and provide you with an estimate of the associated costs prior to completing your request.
Right to Appeal – California and Colorado
If we do not respond to your request within the stipulated 45 days, or 90 days if there is an extension, we will inform you in writing of our reasons for not acting and an explanation of your right to appeal the decision.
Right to Appeal – Virginia and Connecticut
You have the right to appeal a refusal to take action on a request within a reasonable period of time after receiving our decision. Within 60 days of receipt of an appeal, we will inform you in writing of any action additionally taken in response to the appeal. If the appeal is denied, you will be provided with a method through which you may contact the Attorney General of Virginia if you are a Virginia resident or the Attorney General of Connecticut if you are a Connecticut resident to submit a complaint.
California and Delaware "Do Not Track"
The laws of the States of California and Delaware, require us to indicate whether we honor your browser’s “Do Not Track” settings concerning targeted advertising. We adhere to the standards set out in this Privacy Notice and do not monitor or respond to Do Not Track browser requests.