To be compliant with the European data protection rules and principles to protect you and your personal data we inform you hereby about all information related to the data processing of Bitcoin.se, concerning the collection, use, storage, disclosure and erasure of data. Please read this Privacy Policy carefully before you disclose any of your personal data to us.
1. Preamble
1.1. Rational Money AB as data controller (’Bitcoin.se’, ‘we’, ‘our’ or ‘us’), is the operator of http://bitcoin.se/ (‘Website’) and our forum at https://forum.bitcoin.se/ (‘Forum’) (Website and Forum together: ‘Services’). At Bitcoin.se (’Bitcoin.se’, ‘we’, ‘our’ or ‘us’), we are sharing information, news and provide a platform for discussion about Bitcoin, cryptocurrencies, blockchain technology and economics. Furthermore you can also find a relevant Bitcoin seller through our website. If you as our User use the Forum or are interested in it (’User’ or ’Data subject’), you may disclose certain personal data to us. In certain cases we may also collect certain data from Visitors or other Data subjects, the details of which are described in this Policy.
1.1. Capitalized words and terms used in this Privacy Policy have the same meaning as described in our Terms of Use.
1.2. This Privacy Policy requires your expressed consent, which you may withdraw at any time. You give your consent by placing a tick in the box during the Registration process. Your consent shall be voluntary, expressed and based on the related, detailed information we provide to you. In case you withdraw your consent, your Account will be terminated.
1.3. Bitcoin.se is responsible for the conclusion, enforcement, updating and amending of this Privacy Policy. Bitcoin.se may amend this Privacy Policy unilaterally, at any time as the business processes and the relevant legal requirements develop. If you don’t agree with the modifications, you can delete your Account anytime. Please, keep in mind that deleting your Account does not mean that we delete your personal data too. This Policy gives you detailed information on how long we keep your personal data even after you delete your Account.
1.4. This Policy comes into effect upon its publication. The prevailing (current) version of this Policy is available on the Website: forum.bitcoin.se/privacy.
1.5. We handle your personal data confidentially and are committed to take all the safety, technical and organizational measures that guarantee the security of your data.
1.6. Bitcoin.se is also committed to process your personal data lawfully, fairly and in a transparent manner; we only collect and process data that are suitable and relevant for the purposes of data processing, and are necessary to achieve such purposes.
1.7. Bitcoin.se attempts to ensure the accuracy and up-to-date nature of the personal data; therefore, we take all necessary measures for the immediate erasure or rectification of inaccurate data.
1.8. Your personal data is only yours, therefore, you can request the restriction of data processing, rectification or erasure of your data and you can object to our data processing at any time, free of charge via email: dataprotection@bitcoin.se. We respond to you without undue delay, but the latest within one month from the receipt of the request. If we have to reject to perform your request, we will provide a proper justification of rejection. In justified cases, depending on the complexity and number of requests, we may extend the deadline by two further months. We will inform you about such an extension within one month of the receipt of your request, together with the reasons for the delay.
2. Our data
| Company Name of Bitcoin.se | Rational Money AB |
|---|---|
| Our Registered seat | Mäster Samuelsgatan 36, 111 57 Stockholm, Stockholms län |
| The contact details of Bitcoin.se, its electronic mailing address used for regular communication with Users in relation to data protection | dataprotection@bitcoin.se |
| Company org. number | 559229-7831 |
| The company’s tax number | SE 559229783101 |
| The name of the registering authority | Swedish Companies Registration Office (Sw. Bolagsverket) |
| Website | https://bitcoin.se/ |
3. Applicable laws
Bitcoin.se hereby declares to process your personal data in compliance with the prevailing laws and regulations, with special regard to the following:
- The related EU regulation: the General Data Protection Regulation of the European Union (Regulation 2016/679 (EU), the ‘GDPR’)
- Swedish Law (2018: 218) with supplementary provisions to the EU Data Protection Regulation [Lag (2018:218) med kompletterande bestämmelser till EU:s dataskyddsförordning]
4. Legal Ground for Data Processing
4.1. The legal ground for personal data processing is one or more of the followings:
a) your voluntary consent (Article 6 (1) (a) of GDPR)
b) contract concluded by and between the Parties for contractual performance (Article 6(1) (b) of GDPR)
c). the processing of the personal data is necessary for the performance of our legal obligations (Article 6(1) (c) of GDPR)
d) for the enforcement of the legitimate interest of Bitcoin.se or a third party (Article 6(1) (f) of GDPR).
4.2. You can grant and withdraw your consent to the use of your personal data for advertisement purposes. To do so you can choose such an option after logging in to your Account.
5. The Data processed by us
5.1. In order to be able to use the Forum, you shall disclose certain personal information to Bitcoin.se through our Website. If you refuse to comply with such request, Bitcoin.se is entitled to lawfully reject the access to the Forum, so you may be unable to use them.
5.2. Within the scope of data processing, we can in particular pursue the following activities: to collect, record, register, systemize, store and use the personal data for the purposes of data processing, to query, block, erase and destruct your data and to prevent the further use thereof. In lack of a related legal obligation, we never publish, align or coordinate your personal data with each other.
5.3. Mandatory data provision by Users
5.3.1. Bitcoin.se may process the following data by the User. The disclosure of these data is necessary for the full access to the Forum, with special regard to the Registration:
| Data Subject | Legal grounds | Data category | Purpose of Data Processing |
|---|---|---|---|
| User registering on https://forum.bitcoin.se | 4.1. a) | Email address | - Identification of the User; - Communication with the User; - Conclusion, amendment and performance of the legal relationship |
| Password | - Identification of the User; - Conclusion, amendment and performance of the legal relationship |
5.4. Optional data provision by Users
5.4.1. Bitcoin.se may process the following data provided by the User voluntarily and manually. We collect it during the Registration but it is up to your discretion to provide this data.
| Data Subject | Legal grounds | Data category | Purpose of Data Processing |
|---|---|---|---|
| User registering on https://forum.bitcoin.se | 4.1. a) | Name | - Identification of the User; - Conclusion, amendment and performance of the legal relationship - Enforcement of claims and rights - Establishment and maintenance of a reliable and safe environment |
| Data provided after the Registration of the User in case of a data change | Name (first name and last names) | - Conclusion, amendment and performance of the legal relationship - Identification of the user and ensuring the communication |
5.5. We may also collect data from other persons who are not our Users. The collection of these data is carried out manually and based on voluntary provision, they are not collected automatically:
| Data Subject | Legal grounds | Data Category | Purpose of Data Processing |
|---|---|---|---|
| Job applicant | 4.1 a) | Name (first name and last name) | - Conducting the professional selection process - Identification of the applicant and ensuring the communication - Establishment of the legal relationship |
| E-mail address | - Conducting the professional selection process - Identification of the applicant and ensuring the communication - Establishment of the legal relationship |
||
| Telephone number | - Conducting the professional selection process - Identification of the applicant and ensuring the communication |
||
| Other data provided voluntarily in the CV, such as educational background, employment history, language skills, certificates and obtained licenses. | - Conducting the professional selection process |
| Data Subject | Legal grounds | Data Category | Purpose of Data Processing |
|---|---|---|---|
| Employee, Subcontractor | 4.1. b),c) | Name (first name and last name) | - Conclusion, amendment and performance of the legal relationship; - Identification of the applicant - Ensuring the communication - Compliance with legal obligations relating to employment (e.g. informing the competent authorities) |
| Bank Account Number | - Conclusion, amendment and performance of the legal relationship | ||
| Address | - Conclusion, amendment and performance of the legal relationship - Compliance with legal obligations relating to employment (e.g. informing the competent authorities) |
||
| Other relevant data | - Conclusion, amendment and performance of the legal relationship |
| Data Subject | Legal grounds | Data Category | Purpose of Data Processing |
|---|---|---|---|
| Complainant, claimant, inquirer | 4.1. a),c) | Data provided by the complaint/ claimant/ inquirer when contacting Safello | - Conducting the complaint management process, carrying out a request or claim submitted to Bitcoin.se - Identification and verification of the user and ensuring the communication |
5.6. Automatic collection of data in the course of the Services
| Data Subject | Legal grounds | Data category | Purpose of Data Processing |
|---|---|---|---|
| User using the Forum | 4.1. a) | Timestamp of the registration | Maintenance and development of the Service |
| Login history | Maintenance and development of the Service | ||
| Log data and device information | Maintenance and development of the Service | ||
| Data collected by Google Analytics | Maintenance and development of the Service |
5.7. Data collected from third parties
We do not collect personal data from third parties, only if you have given your explicit consent to the data transfer directly to/from those third parties, which is your responsibility to arrange. We do not supervise that your consent is properly given, we trust both you and those third parties who shall also be compliant with the data protection rules. Therefore, we are not liable for the collection and processing of such data by third parties.
6. Cookies applied by Bitcoin.se
6.1. What is a cookie? Cookies are small data files of information that our website transfers to your hard drive or mobile device to store and sometimes track information about you. Although cookies do identify User’s device, cookies do not personally identify User.
6.2. Why we use cookies: Our website uses cookies to distinguish you from other Users. This helps us to improve our website and to provide you with a good experience when you browse.
6.3. Types of cookies we use:
-
Strictly necessary cookies: these are cookies that are required for the operation of a website, such as to enable you to log into secure areas.
-
Performance cookies: these types of cookies recognise and count the number of visitors to a website and are used to see how users move around. This information is used to improve the way the website works.
-
Functionality cookies: these cookies recognise when you return to a website, enable personalised content and recognise and remember your preferences.
-
Targeting cookies: these cookies record your visit to a website, including the individual pages visited and the links followed.
Generally, the strictly necessary cookies and some performance and functionality cookies only last for the duration of your visit to a website or expire when you close the website: these are known as ‘session cookies’. The functionality cookies and some targeting and performance cookies will last for a longer period of time: these are known as ‘persistent cookies’.
- Third party cookies: Some of the persistent and session cookies used by our website may be set by us, and some are set by third parties who are delivering services on our behalf. For example, we use Google Analytics to track what users do on the website so we can improve the design and functionality.
6.4. Blocking cookies: Most browsers, mobile devices and apps automatically accept cookies but, if you prefer, you can change your browser, device or app settings to prevent that or to notify you each time a cookie is set. You can also learn more about cookies by visiting www.allaboutcookies.org which includes additional useful information on cookies and how to block cookies using different types of browser or device. To block the IDFA on your iOS mobile device, you should follow this path: Settings > General > About > Advertising and then turn on ‘Limit Ad Tracking’. To block Android ID on your Android device, you should follow this path: Google Settings > Ads and then turn on ‘Opt out of interest-based ads’.
7. The method and term of the use of the data collected
7.1. We only process your personal data if it is necessary, suitable for and limited to the extent and duration required to the achievement of the purposes set for processing.
| Purpose of Data Processing | Justification of purpose | Duration of data processing |
|---|---|---|
| Conclusion, amendment and performance of the contract | Bitcoin.se shall use the data collected by it for the following purposes, to create, modify and fulfil the contract. | Bitcoin.se shall process the personal data during the term of the contractual relationship or in case a contractual relationship has not been established, until the purpose of processing has ceased, or erases them in case further processing of such data is no longer necessary for the purpose of processing. User may request for the erasure of his/her data in a letter sent to the dataprotection@bitcoin.se email address. For the purposes of evidencing in the case of a dispute, the data of the concerned Data Subject shall be processed during the term of the general limitation period. |
| Maintenance and development of the Website | Bitcoin.se shall use the data collected by it for the following purposes of maintenance and development of the Service. We shall use the personal data of the User to enable the continuous development and improvement of the Services. | |
| Identification of the User, user or applicant and ensuring the communication | Bitcoin.se may use the User’s personal data to ensure the identification of the User, and for the purposes of effective communication with the User, in the course of which we contact and identify User through their contact data provided. | |
| Establishment and maintenance of a reliable and safe environment, enforcement of claims and rights | Bitcoin.se may use the personal data of the User to secure the legitimate interests of User in the course of the use of Services. In the scope of the above, we shall be entitled to the following activities: the prevention and termination of fraud, spam, misuses and other harmful activities. | |
| Advertisement, marketing activities | Bitcoin.se may use the personal data of User solely for the following advertisement and marketing activities: to send promotion messages, advertisements, newsletters, other information popularizing the Services via email, to display the sponsored news, games, surveys, promotion activities and events of Bitcoin.se and its cooperating partners. | The User may unsubscribe from advertisement-related communication at any time after logging in to https://forum.bitcoin.se. In the absence of such an act, we process data for at least 5 years. |
| Conducting the complaint management | Documentation and verification of the conduct of the procedure, the actual examination. | Bitcoin.se shall process the personal data concerned until the purpose of processing has ceased, or erases them in case further processing of such data is no longer necessary for the purpose of processing. The data shall be stored for 5 years according to consumer protection rules. |
| Compliance with legal obligations relating to employment (e.g. informing the competent authorities) | Compliance with relevant information, reporting obligations and obligations connected to anti-money laundering, counter-terrorism financing, taxation, contributions, etc. | Bitcoin.se processes the data for ten (10) years starting from the last day of the calendar year in which employment ends, with the prohibition to discard labor, wage and social security records. Otherwise the limitation period in labor law is seven (7) years. |
8. The persons having access to the data processed, data transfers
8.1. To provide you with undisturbed Services, for quality assurance and to enable the investigation of possible complaints, we might have to transfer your data to third parties. By accepting our Privacy Policy, you expressly give consent to these data transfers.
8.2. Data transfer may take place in the following cases:
| Recipient of data transfer | Scope of data that may be transferred |
|---|---|
| Transfer of data to employees | The personal data processed by us shall also be made available to our employees, but only if their access to and processing of personal data is required for the purposes of data processing related to the given data category and only in relation to their employment tasks. |
| Transfer of data to our subcontractors | Some of the members of our team are not employees and are in a contractual relationship with us. The personal data shall also be made available to these subcontractors, but only if their access to and processing of personal data is required for the purposes of data processing related to the given data category and only in relation to their relevant tasks. |
| Law firm | All data necessary for the performance of the activity of the Law firm shall be forwarded to our legal advisory partner. |
We do not transfer any data to a third country.
8.3. To be able to provide you with undisturbed Services, third-party service providers contribute to our operation:
| Hosting service provider, or a company providing system operation services to Bitcoin.se upon contractual relationship (Data Processor) | Name: Webflow, Inc. The address of the hosting service provider: 398 11th Street, 2nd Floor, San Francisco, CA 94103 Email address of the hosting service provider: contact@webflow.com The website of the hosting service provider: https://webflow.com |
| Hosting service provider, or a company providing system operation services to the Bitcoin.se Forum upon contractual relationship (Data Processor) | Name: Communiteq BV The address of the hosting service provider: Aalbespad 42995TA Heerjansdam, Netherlands Contact page of the hosting service provider: Contact Us - Communiteq The website of the hosting service provider: https://www.communiteq.com |
8.4. The Data Processor assists us in the operation of the IT infrastructure that facilitates the storage of personal data provided to us, Data Processor has no direct access to personal data. We expressly declare that we have no direct or indirect liability with respect to the data processing activity of the Data Processor and the security of personal data in the course thereof; in this regard, the privacy policies and regulations of the Data Processor shall apply.
8.5. If we need to involve further Data Processors, we will notify you about that by the modification of our Privacy Policy.
9. Rights and obligations of the Parties
9.1. Processing of User data, rights of information, access to data
You can access your personal data which have been collected by us. Please, notify us of any change in your data, at dataprotection@bitcoin.se. You are responsible for ensuring the up-to-date status of the personal data. In order to protect you, in case of any requests coming concerning your data, we need to verify the person requesting the data. We do not retain personal data for the sole purpose of being able to react to potential requests.
Bitcoin.se shall take appropriate measures to provide you with all information concerning the processing of personal data, in a concise, transparent, comprehensible and easily accessible form, in a clear and comprehensible way. The information is mainly provided electronically on request at the e-mail address dataprotection@bitcoin.se.
Bitcoin.se shall, without undue delay, but in any case within one month from the receipt of the request, inform you of the action taken following his / her request. If necessary, taking into account the complexity of the application and the number of applications, this time limit may be extended by a further two months. Bitcoin.se shall inform you of the extension of the deadline, indicating the reasons for the delay, within one month from the receipt of the request.
If Bitcoin.se does not take action at your request, it shall inform you without delay, but no later than within one month from the receipt of the request, of the reasons for non-action and that you may lodge a complaint with one of its supervisory authorities and may exercise its right of judicial review.
The first request is free of charge. The second and all additional requests repeatedly filed can be subject to a fee, if the request is related to the same subject or subject matter in the ongoing year, the request is not for information purposes and Bitcoin.se legally disregards the rectification, erasure or restriction of the personal data handled on the basis of the repeated application. The current fees can always be found here. If a repeated request is justified because the act giving rise to the request has been caused by omission or activity attributable to us, Bitcoin.se may waive the charges set out.
If we process a large quantity of information concerning you, we may need you to specify the information or processing activities to which the request relates before the information is delivered.
9.2. Rectification and erasure: You can ask us to rectify your personal data if necessary or to delete them where the retention of such data infringes the provisions of the related laws and regulations or if they are no longer necessary in relation to the purposes for which they are originally processed. In practice, this means that we may deny erasure of your data in cases where we have legal grounds other than your consent for the processing of those data.
9.3. Withdrawal of consent and restriction of processing: In case you withdraw your consent to our processing of your personal data, we reserve the right to refuse such request if processing is necessary for the protection of exercising the right of freedom of expression and information, for compliance with a legal obligation etc. The processing of personal data is essential until the proper, contractual completion of the contract concluded by and between the Parties.
9.4. Right to object: You still have the right to object against the processing of your personal data considering your individual circumstances even if it is lawfully processed by Bitcoin.se, for example on grounds of the legitimate interests of the controller or a third party.
9.5. Right to data portability: If you need it, we can provide you with a structured, commonly used and machine-readable format of all of your personal data processed by us and you can transmit those data to another controller.
9.6. The Obligation of the User: You are the only one who is responsible for the lawfulness, reality and accuracy (i.e. the quality) of your data under criminal liability.
10. Further important information
10.1. Data Protection Officer (‘DPO’): In our standpoint, Bitcoin.se is not obliged to appoint a DPO, as the main activities do not involve data processing operations that would allow a regular, systematic and high-scale follow-up monitoring of the users; furthermore, Bitcoin.se does not process any special categories of personal data or crime-related data which have relevance from criminal law aspect.
However, in order to ensure a high level of personal data protection, Bitcoin.se has appointed a DPO with expert knowledge of data protection law and practices. The DPO is responsible for dealing with day-to-day data protection matters, providing training, and for developing and encouraging good information handling practice. Bitcoin.se’s DPO can be contacted at: dataprotection@bitcoin.se
10.2. Supervisory organs and other authorities: The territorial scope of this Privacy Policy may also cover foreign authorities, if the User has a registered seat or business site out of Sweden, in a foreign country. Our supervisory authority who you can turn to regarding our data processing is:
| Swedish Data Protection Authority, with regards to the owner of Bitcoin.se | Name: Swedish Authority for Privacy Protection (Imy) Address: Drottninggatan 29, plan 5, 10420 Stockholm Post address: Integritetsskyddsmyndigheten Box 8114, 10420 Stockholm Phone: 08-657 61 00 Email: imy@imy.se |
Foreign data protection authorities may also be involved if you have your location or place of business outside Sweden. You can search the relevant authority here.
10.3. Processing of sensitive data:
We do not process personal data of our User which are, by their nature, particularly sensitive in relation to fundamental rights and freedoms, merit specific protection as the context of their processing could create significant risks to the fundamental rights and freedoms. If we decide to process such sensitive data, this activity shall be pursued with special care and diligence, having your expressed consent thereto, and only to the extent it is required.
We do not process personal data of our User revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and we do not carry out processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
10.4. Processing children’s data:
We do not knowingly collect personal information online from children under the age of 18.
11. Personal data breach
11.1. In case of personal data breach, where the incident is likely to pose a high risk to the rights and freedoms of those concerned, we submit the report towards the data protection supervisory authority stated in sec. 10.2 and as required by the laws and regulations, without undue delay, but in any case, within 72 hours from getting aware of the incident. We have developed internal procedures in case of personal data breach, and personal data breaches are also recorded into a registry. If you are affected by such personal data breach you will also be notified, if the prevailing laws and regulations require so.
11.2. If you detect a threat of personal data breach, we ask to report it immediately via email at dataprotection@bitcoin.se. Furthermore, in case of personal data breach, you may initiate a court case against us.
12. Changes of the Privacy Policy
12.1. We reserve the right to amend this Privacy Policy at any time. Amendments will be published immediately on the website
12.2. In case of amendment, you will be notified thereof thirty (30) days prior to the date of effectiveness of amendment, via e-mail or through the website.
12.3. In case you object to such amendment, you may notify us thereof and disclose your respective comments and notices via email, furthermore, you may request the erasure of your personal data.