PRIVACY
POLICY

(Last updated September 25, 2025)

Overview

This policy and applicable supporting procedures are designed to provide Bitropin with a documented and formalized process for protecting individuals’ privacy. Respect for the privacy of personal and other information is fundamental to us.
This Privacy Policy describes our collection of personally identifiable information from users of our website (“Website” or “Site”), our platform, and all related applications, widgets, software, tools, and other services provided by us on which a link to this Privacy Policy is displayed (collectively, together with the Website, our “Service”). It also describes our use and disclosure of such information.
Consumer personal information that Bitropin receives from corporate customers is processed in our capacity as a service provider pursuant to the contractual terms with our corporate customers.
In accordance with mandated organizational security requirements set forth and approved by management, Bitropin has established a formal privacy policy. The Security Officer owns this Policy and is responsible for reviewing it annually, or after any major changes to Bitropin’s sensitive data environment, to ensure it continues to meet organizational goals.

Roles and Responsibilities

  • Security Officer: Provides overall direction, guidance, leadership, and support on methods and tools for the implementation of privacy and security programs.
  • Risk Committee: Responsible for approving and monitoring adherence to this policy, analyzing the organization’s environment, and interpreting legal requirements. Duties include:
    • Executing privacy operations and monitoring systems used to solicit, evaluate, and respond to privacy-related complaints and inquiries.
    • Evaluating implemented privacy controls.
    • Reviewing policies and procedures that address privacy areas.
    • Coordinating with departments to ensure compliance with this policy.
    • Recommending, developing, and monitoring internal systems and processes to carry out privacy objectives.
    • Reporting to the Security Officer and Bitropin Management on the effectiveness of the privacy program in meeting regulatory and contractual obligations.
Bitropin must document and make privacy policies readily available to data subjects, employees, and third parties that require access. Management will review and approve the privacy policy at least annually.

Authority to Process Information

Bitropin will determine and document the authority under which personally identifiable information (PII) may be processed. Processing of PII not authorized by law, contract, or consent is prohibited.

Personally Identifiable Information Processing Purposes

Bitropin restricts processing of PII to identified and documented purposes. If information already collected is to be used for a new purpose not previously identified, Bitropin will document the new purpose and seek implicit or explicit consent prior to use. Mechanisms will be in place to ensure changes in processing comply with organizational and regulatory requirements.

Collection

Bitropin will limit the collection of PII to what is necessary to fulfill organizational objectives, service delivery, regulatory compliance, or contractual requirements. Methods of collection will be reviewed by management prior to use, ensuring that PII is obtained fairly, lawfully, and transparently.

Use and Retention

  • Bitropin uses PII only as permitted by consent, contractual obligation, or law.
  • PII will only be used at the minimum level necessary to achieve stated objectives.
  • Bitropin retains PII only for as long as required to fulfill business needs or comply with contractual, legal, or regulatory requirements. Data retention schedules will be followed accordingly.

Disclosure

Bitropin will disclose PII to third parties only:
  • For the purposes for which it was collected;
  • When implicit or explicit consent has been obtained from the data subject; or
  • When otherwise required by law or regulation.
Third-party service providers that receive PII must adhere to similar protective standards.

Choice and Consent

Bitropin informs individuals of their choices regarding the collection, use, and disclosure of their PII. The organization will:
  • Obtain implicit or explicit consent to collect, use, or disclose PII at or before the point of collection (or shortly afterward).
  • Implement tools that allow individuals to provide informed consent and tailor privacy choices for specific categories of data.
  • Allow individuals to revoke consent at any time.
  • Obtain consent prior to transferring personal data to or from an individual’s device.
Consent requests will be clearly presented in plain, understandable language and aligned with applicable laws.

Privacy Notice

Bitropin will make the latest version of this Privacy Policy publicly available on its website. Privacy notices concerning PII processing will follow these principles:
  • Provided to individuals at the time of first interaction or upon significant changes to the policy.
  • Written clearly and in plain language.
  • Identifies the authority that authorizes PII processing.
  • Identifies the purposes of processing.
  • Includes relevant information regarding legal, regulatory, or contractual obligations.
Where applicable, Bitropin will refresh or present privacy notices annually or upon changes in its practices.

Contact Us

For questions, contact us at [email protected]