This Policy establishes the rules that govern the collection, use and disclosure of personal information collected by NDAX in the course of business and in compliance with federal and provincial privacy laws. These include the Canada Personal Information Protection and Electronic Documents Act (PIPEDA), Alberta’s Personal Information Protection Act, British Columbia’s Personal Information Protection Act and Quebec’s Act Respecting the Protection of Personal Information in the Private Sector.
This Policy applies to all individuals whose personal information NDAX collects, uses or discloses in the course of doing business. This includes individuals who are clients and all individuals who are contract workers, contractors, and consultants to NDAX. It is our policy to only disclose your personal information as required or authorized by law or as otherwise set out in this Policy.
We reserve the right to change this policy from time to time as industry practice, the law, and our procedures in this area may change from time to time. We will post the current version of this policy at: https://ndax.io/privacy-policy .
WHAT IS PERSONAL INFORMATION?
For the purposes of this Policy, “personal information” means information about an identifiable individual, but does not include a person’s name, title, business address or telephone number, as an employee of an organization. Where this Policy states that a list of items is “including”, the lists so described are meant to be examples and not exhaustive or exclusive.
This Policy applies to all personal information that is collected, used or disclosed by NDAX. NDAX has designated a Chief Privacy Officer to be accountable for the operation of this Policy. NDAX is also required by law, under circumstances to report privacy breaches to relevant provincial and federal authorities and keep a register of breaches. Individuals may question or report any privacy concerns, breaches, violations or compliance issues to NDAX’s Chief Privacy Officer at the address indicated at the bottom of this Policy.
If the policies and procedures outlined in this document do not address a specific situation, individuals are advised to contact NDAX’s Chief Privacy Officer for guidance or clarification.
WHAT PERSONAL INFORMATION DO WE COLLECT?
NDAX collects and uses only the personal information that we need for providing services and operating our business. The “Know Your Client” information forms we ask clients to complete elicit only the information we need for contractual, regulatory and income tax requirements. Generally, NDAX collects the following personal information from individuals:
- email address (work or home);
- payment history;
- financial information; and
- any other information that relates to an identifiable individual.
NDAX collects, uses and discloses personal information for the following purposes:
- to manage and execute upon NDAX’s cryptocurrency trading platform business and operations;
- managing customer relationships and matters;
- to meet legal and regulatory requirements;
- inform individuals about NDAX’s products and services that we believe may be of interest to them.
- better understand an individual’s interests in our products and services;
- deliver, develop, enhance or improve products and services;
- provide warranties for products and services;
- provide information on future opportunities;
- verify access rights to our website;
- meet regulatory requirements;
- conduct market research;
- to enforce our legal relationship with you; and
- as is necessary in contemplation of a business transaction.
For further clarity, beyond our main cryptocurrency trading platform service, some of the services for which we collect personal information include:
Referral Programs: We operate various referral programs. When you participate in these programs, we collect the information of the referral that has been shared with us by you. We use this shared information for the purpose of following up on the referral and for no other purpose.
Communications and Marketing: In addition to the communications we make to you regarding your account and transactions, we may send you email, SMS text messages, and other communications about opportunities that may be of interest to you. You can unsubscribe from these communications by contacting us through https://ndax.io.
Customer Service: If you contact us with a comment, question or complaint by any means, we may ask you for personal identification information. We may retain this information to assist you in the future and improve our internal and external processes.
We normally collect information directly from our clients. We may collect your information from other persons with your consent or as authorized by law. Before or at the time of collecting personal information, we identify the purposes for which we are collecting the information. We do not provide this notification when personal information is volunteered for an obvious purpose. If we wish to use or disclose your information for a new purpose not included in this policy, we will notify you and seek your consent.
NON-PERSONAL INFORMATION AUTOMATICALLY COLLECTED FROM WEBSITE
We receive and send data from our servers and from your browser when you visit our website, including your IP address, the time and information about the page you requested and the website through which you were linked to our site, if any. We may use tracking technologies in a variety of ways, including the following: keeping count of return visits to our site; accumulating and reporting anonymous, aggregate (data collected in mass), statistical information on website usage; and determining which features users like best.
Your Internet browser has a feature called "cookies," which stores small amounts of data on your computer about your visit to our site. Cookies tell us nothing about who you are, however, unless you specifically give us personal information. You do not need to have cookies turned on to visit http://ndax.io. You may also elect not to allow cookies to be collected by selecting certain options on your browser.
Ordinarily we ask for consent to collect, use or disclose personal information, except in specific circumstances where collection, use or disclosure without consent is authorized or required by law. We may assume your consent in cases where you volunteer information for an obvious purpose.
You may withdraw consent to the use and disclosure of personal information at any time, unless the personal information is necessary for us to fulfil our reasonable business or legal obligations. We will respect your decision, but we may not be able to provide you with certain products and services if we do not have the necessary personal information.
COLLECTION OF PERSONAL INFORMATION
The purpose for collecting personal information is set out in this policy. Any necessary consents shall be obtained before personal information is collected, used or disclosed.
We ask for your express consent for some purposes and may not be able to provide certain services if you are unwilling to provide consent to the collection, use or disclosure of certain personal information. Where express consent is needed, we will normally ask clients to provide their consent orally (in person, by telephone), in writing (by signing a consent form), or electronically (by clicking a button).
In cases that do not involve sensitive personal information, we may rely on “opt-out” consent.
The amount and type of personal information collected by NDAX is defined by law and shall be limited to what is necessary to fulfill the identified purpose. Personal information shall only be used or disclosed for the purposes for which it is collected. Exceptions may be made with the consent of the individual or if authorized or required by law.
Personal information collected by NDAX or on behalf of NDAX will be sent to NDAX’s head office in Calgary, Alberta and will be subject to the laws of Canada.
We will not disclose, trade, rent, sell or otherwise transfer your personal information, without your consent, except as otherwise set out in this Policy.
Personal information collected by NDAX may be shared with affiliated companies or third parties retained by NDAX, which assist NDAX in carrying out various services. These third parties include:
Service Providers: Our affiliates, in providing services to NDAX in its cryptocurrency trading platform service, may require your personal information. They may require this information for purposes such as identity verification, administration, data analysis, regulatory compliance, and similar. We provide our affiliate service providers with the information they need to perform the services for which they are contracted, and no more. If our service provider affiliates are located in jurisdictions outside of our own, your personal information will be subject to the laws of that jurisdiction.
Without limiting the forgoing, by using the services NDAX provides, you authorize us to disclose, as deemed necessary in our sole discretion, your personal information to the affiliate service providers.
NDAX carefully scrutinizes and examines third parties to confirm that similar standards are utilized by such third party companies with regards to collection and use of personal information. We do not disclose any non-public personal information to any third party except as required by law or as outlined in this Policy.
Corporate Transactions: Your personal information may be transferred to another corporate entity where NDAX is participating in a corporate transaction and your personal information is considered as an asset subject to that transaction. These corporate transactions could include, but are not limited to: mergers, sales, corporate reorganizations, stocks sales, and any other changes in control.
Legal: NDAX and its third party affiliate service providers are subject to legally valid inquiries of our respective governing jurisdictions. Where so directed in a legally valid inquiry or order, NDAX and its affiliates may be required to disclose personal information as a necessary procedure for the establishment, exercise or defence of legal claims.
HOW DO I OBTAIN ACCESS TO MY PERSONAL INFORMATION?
Upon request received by NDAX in writing, individuals shall be informed of the existence, use, and disclosure of their personal information records and shall be given access to that information. Requests to access personal information held by NDAX should be directed to NDAX’s Chief Privacy Officer.
Requests must be made in writing or by e-mail. Individuals may be required to verify their identity in order to access their personal information. Any such documentation provided shall be used for verification purposes only.
NDAX responds to requests for access to personal information within thirty (30) days of receipt of the request, or as may be permitted in accordance with applicable privacy legislation.
A fee for reasonable costs incurred may be charged when responding to more complex requests. The individual will be informed of the applicable fee.
Requested information will be provided in a form that is generally understandable.
NDAX will be as specific as possible when describing third parties to whom it has disclosed personal information about an individual. When it is not possible to provide a list of the organizations to which it has actually disclosed information, NDAX will provide a list of organizations to which it is likely to have disclosed information.
Individuals are permitted either to view the original record, or to request a copy, subject to limitations as permitted or required by law. To preserve the integrity of the record and ensure that documents are not removed from NDAX, individuals wishing to view an original record will do so at NDAX’s head office and under the supervision of designated NDAX personnel.
LIMITATIONS ON ACCESS
NDAX will only refuse access to information about you in those circumstances permitted or required by applicable privacy legislation.
In the event that NDAX refuses to provide access to information, it will provide you with the reasons for its refusal upon request. Exceptions may include information that contains references to or opinions of other individuals, information that cannot be disclosed for legal, security or commercial proprietary reasons, or information that is subject to solicitor-client or litigation privilege. NDAX will respond to your requests for access in accordance with applicable privacy legislation.
HOW WILL MY PERSONAL INFORMATION BE MAINTAINED?
Personal information shall be kept as accurate, complete, and up-to-date as necessary for the purposes for which it is to be used.
Individuals have the right to challenge the accuracy and completeness of the personal information that is maintained by NDAX and have it amended as appropriate.
Individuals seeking a correction or amendment to their personal information should direct their requests in writing to NDAX’s Chief Privacy Officer.
All formal requests to amend personal information must be accompanied by appropriate supporting documentation. NDAX’s Chief Privacy Officer will manage any exceptions. The amended information will be transmitted to third parties, as appropriate.
If the individual is not satisfied with the results of the request, NDAX shall internally document the issue, and provide a response. The existence of the unresolved challenge will be transmitted to third parties, as appropriate.
HOW IS MY PERSONAL INFORMATION STORED AND SECURED?
Personal information will be retained only as long as necessary, or required by law, and will be disposed of in a manner that is appropriate to the sensitivity of the information. Your personal information may be stored or accessed in Calgary, Alberta, Canada. We render client personal information non-identifying, or destroy records containing personal information once the information is no longer needed. We use appropriate security measures when destroying client personal information, including shredding paper records and permanently deleting electronic records.
We record clients’ personal information electronically on computer servers to which only authorized persons have access. We authorize employees and service providers to have access to clients’ personal information only on a “need to know” basis in order to fulfill their job requirements.
NDAX maintains reasonable safeguards in an effort to protect personal information in our custody and control against unauthorized access. Your online access to your personal information is protected with a password you select. We strongly recommend that you do not disclose your password to anyone. We will never ask you for your password in any unsolicited communication (such as letters, phone calls or email messages).
We will notify all required authorities including, but not limited to, the Office of the Information and Privacy Commissioner of Alberta, and other required federal and extra-provincial regulatory authorities, without delay, of a security breach affecting personal information if it creates a real risk of significant harm to individuals.
If you are not satisfied with the response from our Chief Privacy Officer after making a complaint, you may have recourse to additional remedies under applicable privacy legislation. For further information, please contact the Federal Privacy Commissioner or your provincial Privacy Commissioner, as applicable.
QUESTIONS AND COMPLAINTS
If you have a question or concern about any collection, use or disclosure of personal information by NDAX, or would like to request access to your own personal information, we welcome you to contact:
National Digital Asset Exchange Inc.
1820, 250-2nd Street SW
Calgary, AB T2P 0C1
Attention: Chief Compliance Officer