As part of our daily business operations, we collect personal information from our clients and prospective clients in order to provide them with our products and services, and ensure that we can meet their needs when providing these products and services, as well as when providing them with any respective information.
Your privacy is of utmost importance to us, and it is our policy to safeguard and respect the confidentiality of information and the privacy of individuals. This Privacy Notice sets out how Kraken API products and services provided in Europe by Payward Ltd; in Japan by Payward Asia; in the United States by Payward Ventures, Inc. and in all other regions by Payward Pte.Ltd; its affiliates and subsidiaries (collectively, the Payward Entities dba “Kraken”, “the Company”, “We”, “Us”, and the trading and direct sales services provided by Kraken (collectively the “Kraken Exchange” or “Exchange”), collects, uses and manages the personal information we receive from you, or a third party, in connection with our provision of services to you or which we collect from your use of our services and/or our website. The Privacy Notice also informs you of your rights with respect to the processing of your personal information.
Our Privacy Notice is reviewed regularly to ensure that any new obligations and technologies, as well as any changes to our business operations and practices are taken into consideration, as well as that it remains abreast of the changing regulatory environment. Any personal information we hold will be governed by our most recent Privacy Notice.
Please note that if you are an employee of the Company, a contractor to the Company or a third-party provider, your personal information will be used in connection with your employment contract or your contractual relationship, whichever applies.
This Privacy Notice applies to the processing activities performed by Kraken to the personal information of its clients and its potential clients and website visitors.
We may amend this Privacy Notice at any time by posting the amended version on this site including the effective date of the amended version. We will announce any material changes to this Privacy Notice on our website.
2.1 As used herein, the following terms are defined as follows:
2.1.1 “Digital Asset” is a digital representation of value (also referred to as “cryptocurrency,” “virtual currency,” “digital currency,” “crypto token,” “crypto asset,” or “digital commodity”), such as bitcoin, XRP or ether, which is based on the cryptographic protocol of a computer network that may be (i) centralized or decentralized, (ii) closed or open-source, and (iii) used as a medium of exchange and/or store of value.
2.1.2 “Kraken Account” means a user-accessible account offered via the Kraken Exchange Services where Digital Assets are stored by Payward.
2.1.3 “Kraken Exchange Services” means Kraken-branded websites, applications, services, or tools operated by Payward group companies.
2.1.4 “We,” and “Us” refers to Kraken.
2.1.5 “Personal Information” or “Personal Data” or “your data” refers to any information relating to you, as an identified or identifiable natural person, including your name, an identification number, location data, or an online identifier or to one or more factors specific to the physical, economic, cultural or social identity of you as a natural person.
Your Data Controller
Our products and services are provided through local operating entities that are subsidiaries of Payward Inc.
You are contracting with one Payward group company, as follows:
If you reside in Australia, you are contracting with Bit Trade Pty Limited, Unit 610, 478 George Street, Sydney, NSW 2000, Australia.
If you reside in Canada, you are contracting with Payward Canada Inc., 1100-1959 Upper Water Street, Halifax, NS B3J 3N2, Canada.
If you reside in a country within Europe, you are contracting with Payward Ltd., 6th Floor, One London Wall, London, EC2Y 5EB.
If you reside in Japan, you are contracting with Payward Asia, Nibancho 9-3, Chiyoda-ku, Tokyo 102-0084, Japan
If you reside in the United States, you are contracting with Payward Ventures Inc., 237 Kearny Street #102, San Francisco, CA 94108.
If you reside in the rest of the world, you are contracting with Payward Trading Ltd., c/o SHRM Trustees (BVI) Limited, Trinity Chambers, Ora et Labora Building, Road Town, Tortola, VG1110, British Virgin Islands.
If you are a client of Kraken Futures, you are contracting with either Payward Brokers Pte. Ltd., or Payward Global Trading Pte. Ltd., 8 Tomasello Boulevard, #15-04, Suntec Tower Three, Singapore 038988.
The Company you are contracting with is your Data Controller, and is responsible for the collection, use, disclosure, retention and protection of your personal information in accordance with our global privacy standards, this Privacy Notice, as well as any applicable national laws. The Company uses encryption to protect your information and store decryption keys in separate systems. We process and retain your personal information on our servers in multiple data center locations, including the European Union, Japan, the United Kingdom, the United States of America and elsewhere in the world.
How do we protect personal information?
The Company respects the privacy of any users who access its website, and it is therefore committed to taking all reasonable steps to safeguard any existing or prospective clients, applicants and website visitors.
The Company keeps any personal data of its clients and its potential clients in accordance with the applicable privacy and data protection laws and regulations.
We have the necessary and appropriate technical and organisational measures and procedures in place to ensure that your information remains secure at all times. We regularly train and raise awareness for all our employees to the importance of maintaining, safeguarding and respecting your personal information and privacy. We regard breaches of individuals’ privacy very seriously and will impose appropriate disciplinary measures, including dismissal from employment. We have also appointed a Group Data Protection Officer, to ensure that our Company manages and processes your personal information in compliance with the applicable privacy and data protection laws and regulations, and in accordance with this Privacy Notice.
The personal information that you provide us with when applying to open an account, applying for a role within the Company, or when using our website, is classified as registered information, which is protected in several ways. You can access your registered information after logging in to your account by entering your username and the password that you have selected. It is your responsibility to make sure that your password is only known to you and not disclosed to anyone else. Registered information is securely stored in a safe location, and only authorised personnel have access to it via a username and password. All personal information is transferred to the Company over a secure connection, and thus all reasonable measures are taken to prevent unauthorised parties from viewing any such information. Personal information provided to the Company that does not classify as registered information is also kept in a safe environment and accessible by authorised personnel only through username and password.
Information we may collect about you
In order to open an account with us, you must first complete and submit a “create account” form to us by completing the required information. By completing this form, you are requested to disclose personal information in order to enable the Company to assess your application and comply with the relevant laws (including their regulations).
The information that we collect from you is as follows:
Full name, residential address and contact details (e.g. email address, telephone number, fax etc.);
Date of birth, place of birth, gender, citizenship;
Bank account information, credit card details, including details about your source of funds, assets and liabilities, and OFAC information;
Trading account balances, trading activity, your inquiries and our responses;
Information on whether you hold a prominent public function (PEP);
Verification information, which includes information necessary to verify your identity such as a passport, driver’s licence or Government-issued identity card);
Other Personal Information or commercial and/or identification information – Whatever information we, in our sole discretion, deem necessary to comply with our legal obligations under various anti-money laundering (AML) obligations, such as under the European Union’s 4th AML Directive and the U.S. Bank Secrecy Act (BSA).
Information we collect about you automatically.
Location Information – Information that is automatically collected via analytics systems providers to determine your location, including your IP address and/or domain name and any external page that referred you to us, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system, and platform;
Log Information – Information that is generated by your use of Kraken Exchange Services that is automatically collected and stored in our server logs. This may include, but is not limited to, device-specific information, location information, system activity and any internal and external information related to pages that you visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our Website or App (including date and time; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page;
Information we receive about you from other sources.
We obtain information about you in a number of ways through your use of our services, including through any of our websites, the account opening process, webinar sign-up forms, event subscribing, news and updates subscribing, and from information provided in the course of on-going support service communications. We also receive information about you from third parties such as your payment providers and through publicly available sources. For example:
The banks you use to transfer money to us will provide us with your basic personal information, such as your name and address, as well as your financial information such as your bank account details;
Your business partners may provide us with your name and address, as well as financial information;
Advertising networks, analytics providers and search information providers may provide us with anonymized or de-identified information about you, such as confirming how you found our website;
Credit reference agencies do not provide us with any personal information about you, but may be used to corroborate the information you have provided to us.
Personal Information you provide during the account creation process will be retained for one year, even if your registration is incomplete or abandoned.
Lawful basis for processing your personal information
We will process your personal information on the following bases and for the following purposes:
Performance of a contract
We process personal data in order to provide our services and products, as well as information regarding our products and services based on the contractual relationship with our clients (i.e. so as to perform our contractual obligations). In addition, the processing of personal data takes place to enable the completion of our client on-boarding process.
In view of the above, we must verify your identity in order to accept you as our client and we will use your personal data in order to effectively manage your trading account with us. This may include third parties carrying out credit or identity checks on our behalf. The use of your personal information is necessary for us to know who you are, as we have a legal obligation to comply with “Know Your Customer” and customer due diligence regulatory obligations.
Compliance with a legal obligation
There are a number of legal obligations imposed by relevant laws to which we are subject, as well as specific statutory requirements e.g. anti-money laundering laws, financial services laws, corporation laws, privacy laws and tax laws. There are also various supervisory authorities whose laws and regulations apply to us. Such obligations and requirements imposed on us necessary personal data processing activities for identity verification, payment processing, compliance with court orders, tax laws or other reporting obligations and anti-money laundering controls.
These obligations apply at various times, including client on-boarding, payments and systemic checks for risk management.
For the purpose of safeguarding legitimate interests
We process personal data so as to safeguard the legitimate interests pursued by us or by a third party. A legitimate interest is when we have a business or commercial reason to use your information. Example of such processing activities include the following:
Initiating legal claims and preparing our defense in litigation procedures;
Means and processes we undertake to provide for the Company’s IT and system security, preventing potential crime, asset security and access controls;
Measures for managing the business and for further developing products and services;
Sharing your data within the Payward Inc. group of companies for the purpose of updating and/or verifying your personal data in accordance with the relevant anti-money laundering compliance frameworks, and
To provide you with products and services, or information about our products and services, and to review your ongoing needs.
Once you successfully open an account with us, or subscribe to information, we must use your personal information to perform our services and comply with our obligations to you. It is also in our legitimate interests to try to ensure that we are providing the best products and services so we may periodically review your needs based on our assessment of your personal information to ensure that you are getting the benefit of the best possible products and services from us.
To help us improve our products and services, including support services, and develop and market new products and services.
We may, from time-to-time, use personal information provided by you through your use of the services and/or through client surveys to help us improve our products and services. It is in our legitimate interests to use your personal information in this way to try to ensure the highest standards when providing you with our products and services and to continue to be a market leader within the cryptocurrency financial service industry.
To investigate or settle enquiries or disputes
We may need to use personal information collected from you to investigate issues or to settle disputes with you because it is our legitimate interest to ensure that issues and disputes get investigated and resolved in a timely and efficient manner.
To comply with applicable laws, subpoenas, court orders, other judicial process, or the requirements of any applicable regulatory authorities
We may need to use your personal information to comply with any applicable laws and regulations, subpoenas, court orders or other judicial processes, or requirements of any applicable regulatory authority. We do this not only to comply with our legal obligations but because it may also be in our legitimate interest to do so.
To send you surveys
From time to time, we may send you surveys as part of our client feedback process. It is in our legitimate interest to ask for such feedback to try to ensure that we provide our products and services at the highest standard. However, we may from time to time also ask you to participate in other surveys and if you agree to participate in such surveys we rely on your consent to use the personal information we collect as part of such surveys. All responses to any survey we send out whether for client feedback or otherwise will be aggregated and depersonalised before the results are published and shared.
Our website pages and emails may contain web beacons or pixel tags or any other similar types of data analysis tools that allow us to track receipt of correspondence and count the number of users that have visited our webpage or opened our correspondence. We may aggregate your personal information with the personal information of our other clients on an anonymous basis (that is, with your personal identifiers removed), so that more rigorous statistical analysis of general patterns may lead us to providing better products and services.
If your personal information is completely anonymised, we do not require a legal basis as the information will no longer constitute personal information. If your personal information is not in an anonymised form, it is in our legitimate interest to continually evaluate that personal information to ensure that the products and services we provide are relevant to the market.
We may use your personal information to send you marketing communications by email or other agreed forms (including social media campaigns), to ensure you are always kept up-to-date with our latest products and services. If we send you marketing communications we will do so based on your consent and registered marketing preferences.
Internal business purposes and record keeping
We may need to process your personal information for internal business and research purposes as well as for record keeping purposes. Such processing is in our own legitimate interests and is required in order to comply with our legal obligations. This may include any communications that we have with you in relation to the products and services we provide to you and our relationship with you. We will also keep records to ensure that you comply with your contractual obligations pursuant to the agreement (‘Terms of Service”) governing our relationship with you.
Often the law requires us to advise you of certain changes to products or services or laws. We may need to inform you of changes to the terms or the features of our products or services. We need to process your personal information to send you these legal notifications. You will continue to receive this information from us even if you choose not to receive direct marketing information from us.
Disclosure of your personal information
The Company will not disclose any of its clients’ confidential information to a third party, except: (a) to the extent that it is required to do so pursuant to any applicable laws, rules or regulations; (b) if there is a duty to disclose; (c) if our legitimate business interests require disclosure; (d) in line with our Terms of Service; (e) at your request or with your consent or to those described in this Privacy Notice. The Company will endeavour to make such disclosures on a “need-to-know” basis, unless otherwise instructed by a regulatory authority. Under such circumstances, the Company will notify the third party regarding the confidential nature of any such information.
As part of using your personal information for the purposes set out above, the Company may disclose your personal information to the following:
Any members of the Company, which means that any of our affiliates and subsidiaries may receive such information;
Any of our service providers and business partners, for business purposes, such as specialist advisors who have been contracted to provide us with administrative, financial, legal, tax, compliance, insurance, IT, debt-recovery, analytics, research or other services;
If the Company discloses your personal information to service providers and business partners, in order to perform the services requested by clients, such providers and partners may store your personal information within their own systems in order to comply with their legal and other obligations.
We require that service providers and business partners who process personal information to acknowledge the confidentiality of this information, undertake to respect any client’s right to privacy and comply with all relevant privacy and data protection laws and this Privacy Notice.
Where we store your personal data
Our operations are supported by a network of computers, servers, and other infrastructure and information technology, including, but not limited to, third-party service providers. We and our third-party service providers and business partners store and process your personal data in the European Union, Japan, the United Kingdom, the United States of America and elsewhere in the world.
Payward Ventures. Inc. has self-certified to the U.S. Department of Commerce our adherence to the EU-US Privacy Shield Framework for all personal information received, collected, used, retained and transferred from countries in the European Union and the United Kingdom (UK) to the United States (US) in reliance on the Privacy Shield.Payward Ventures. Inc. has certified to the Department of Commerce that it adheres to the Privacy Shield Principles with respect to such information. If there is any conflict between the terms of this Privacy Notice and the Privacy Shield Principles, the Privacy Principles shall govern.
To learn more about Privacy Shield, visit the U.S. Department of Commerce Privacy Shield Website at https://www.privacyshield.gov
Under Privacy Shield, we are responsible for the processing of personal information we receive, collect, use, retain and subsequently transfer to a third party service provider or business partner acting for or on our behalf. We are liable for ensuring that the third parties we engage support our Privacy Shield commitments. The U.S. Federal Trade Commission has regulatory enforcement authority over our processing of personal information received or transferred pursuant to Privacy Shield. Payward Ventures. Inc. commits to cooperate and comply with the advice of the regulatory authorities to whom you may raise a concern about our processing of your personal information pursuant to Privacy Shield, including to the panel established by the EU authorities. This is provided at no cost to you. For more information, see the following Privacy Shield Complaints section below.
Privacy Shield Complaints
In compliance with the Privacy Shield Principles, Payward Ventures. Inc. commits to resolve complaints about our collection, use, retention and transfer of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield Policy should first contact the Company at the address below:
Group Data Protection Officer
237 Kearny Street #102
San Francisco, CA
Payward Ventures. Inc. has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the US. If you do not receive timely acknowledgement of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com for more information or to file a complaint. The services of JAMS are provided at no cost to you.
Additionally, if personal information about you is transferred by Payward Inc. from the EEA to the US pursuant to Privacy Shield, and you have an unresolved concern regarding personal information processing about you that we have not addressed to your satisfaction, please contact the EU authorities at https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
Under certain conditions, described more fully on the Privacy Shield Website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
Disclosures for National Security or Law Enforcement
Under certain circumstances, we may be required to disclose your personal information in response to valid requests by public authorities, including to meet national security or law enforcement requirements.
Transfers of personal information outside of the European Economic Area (EEA) and the United Kingdom (UK)
We may transfer your personal information outside the EEA and UK to other Company subsidiaries, service providers and business partners (i.e Data Processors) who are engaged on our behalf. To the extent that we transfer your personal information outside of the EEA and UK, we will ensure that the transfer is lawful and that Data Processors in third countries are obliged to comply with the European Union (EU) General Data Protection Act 2016 and the UK Data Protection Act 2018. If transfers of personal information are processed in the US, we may in some cases rely on applicable standard contractual clauses, binding corporate rules, and EU-US Privacy Shield.
Transfers of Personal Information outside of your country
By using our products and services, you consent to your Personal Data being transferred to other countries, including countries that have differing levels of privacy and data protection laws than your country. In all such transfers, we will protect your personal information as described in this Privacy Notice, and ensure that appropriate information sharing contractual agreements are in place. Transfers of personal information from APAC countries will be in line with the APEC Framework.
Privacy when using digital assets and blockchains
Your funding of bitcoin, XRP, ether, and other Digital Assets, may be recorded on a public blockchain. Public blockchains are distributed ledgers, intended to immutably record transactions across wide networks of computer systems. Many blockchains are open to forensic analysis which can lead to deanonymization and the unintentional revelation of private financial information, especially when blockchain data is combined with other data.
Because blockchains are decentralized or third-party networks which are not controlled or operated by Payward or its affiliates, we are not able to erase, modify, or alter personal data from such networks.
Safeguarding the privacy of your personal information is of utmost importance to us, whether you interact with us personally, by phone, by email, over the internet or any other electronic medium. We will hold personal information, for as long as we have a business relationship with you, in secure computer storage facilities, and we take the necessary measures to protect the personal information we hold from misuse, loss, unauthorised access, modification or disclosure.
When we consider that personal information is no longer necessary for the purpose for which it was collected, we will remove any details that will identify you or we will securely destroy the records. However, we may need to maintain records for a significant period of time (after you cease being our client). For example, we are subject to certain anti-money laundering laws which require us to retain the following, for a period of 5 years after our business relationship with you has ended.
A copy of the records we used in order to comply with our client due diligence obligations;
Supporting evidence and records of transactions with you and your relationship with us.
Also, the personal information we hold in the form of a recorded information, by telephone, electronically or otherwise, will be held in line with local regulatory requirements (i.e. 5 years after our business relationship with you has ended or longer if you have legitimate interests (such as handling a dispute with you)). If you have opted out of receiving marketing communications we will hold your details on our suppression list so that we know you do not want to receive these communications.
We may keep your data for longer than 5 years if we cannot delete if for legal, regulatory or technical reasons.
Your rights regarding your personal information
The rights that are available to you in relation to the personal information we hold about you are outlined below.
If you ask us, we will confirm whether we are processing your personal information and, if so, what information we process and, if requested, provide you with a copy of that information within 30 days from the date of your request.
It is important to us that your personal information is up to date. We will take all reasonable steps to make sure that your personal information remains accurate, complete and up-to-date. If the personal information we hold about you is inaccurate or incomplete, you are entitled to have it rectified. If we have disclosed your personal information to others, we will let them know about the rectification where possible. If you ask us, if possible and lawful to do so, we will also inform you with whom we have shared your personal information so that you can contact them directly.
You may inform us at any time that your personal details have changed by emailing us at email@example.com The Company will change your personal information in accordance with your instructions. To proceed with such requests, in some cases we may need supporting documents from you as proof i.e. personal information that we are required to keep for regulatory or other legal purposes.
You can ask us to delete or remove your personal information in certain circumstances such as if we no longer need it, provided that we have no legal obligation to retain that data. Such requests will be subject to the contract that you have with us, and to any retention limits we are required to comply with in accordance with applicable laws and regulations. If we have disclosed your personal information to others, we will let them know about the erasure request where possible. If you ask us, if possible and lawful to do so, we will also inform you with whom we have shared your personal information so that you can contact them direct.
You can ask us to block or suppress the processing of your personal information in certain circumstances such as if you contest the accuracy of that personal information or object to us processing it. It will not stop us from storing your personal information. We will inform you before we decide not to agree with any requested restriction. If we have disclosed your personal information to others, we will let them know about the restriction of processing if possible. If you ask us, if possible and lawful to do so, we will also inform with whom we have shared your personal information so that you can contact them direct.
In certain circumstances you might have the right, to obtain personal information you have provided us with (in a structured, commonly used and machine readable format) and to re-use it elsewhere or ask us to transfer this to a third party of your choice.
You can ask us to stop processing your personal information, and we will do so, if we are:
Relying on our own or someone else’s legitimate interests to process your personal information except if we can demonstrate compelling legal grounds for the processing;
Processing your personal information for direct marketing; or
Processing your personal information for research unless we reasonably believe such processing is necessary or prudent for the performance of a task carried out in the public interest (such as by a regulatory or enforcement agency).
Automated decision-making and profiling
If we have made a decision about you based solely on an automated process (e.g. through automatic profiling) that affects your ability to access our products and services or has another significant effect on you, you can request not to be subject to such a decision unless we can demonstrate to you that such decision is necessary for entering into, or the performance of, a contract between you and us. Even if a decision is necessary for entering into or performing a contract, you may contest the decision and require human intervention. We may not be able to offer our products or services to you, if we agree to such a request (i.e. end our relationship with you).
Changes to this Privacy Notice
Our Privacy Notice is reviewed regularly to ensure that any new obligations and technologies, as well as any changes to our business operations and practices are taken into consideration, as well as that it remains abreast of the changing regulatory environment. Any personal information we hold will be governed by our most recent Privacy Notice.
If we decide to change our Privacy Notice, we will post those changes to this Privacy Notice and other places we deem appropriate so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it.
Our products and services are not available to children
Our products and services are not directed to persons under the age of 18, hereinafter “Children”, “Child” and we do not knowingly collect personal information from Children. If we learn that we have inadvertently gathered personal information from a Child, we will take legally permissible measures to remove that information from our records. The Company will require the user to close his or her account and will not allow the use of our products and services. If you are a parent or guardian of a Child, and you become aware that a Child has provided personal information to us, please contact us at firstname.lastname@example.org and you may request to exercise your applicable access, rectification, cancellation, and/or objection rights.
If you have a complaint
Any questions, complaints, comments and requests regarding this Privacy Notice are welcome and should be addressed to email@example.com.
If you are not satisfied with our response to your complaint, you have the right to submit a complaint with our regulator. You can contact the appropriate regulator direct from the details below:
For residents of Australia:
Office of the Australian Privacy Commissioner
GPO Box 5218,
Sydney, NSW 2001, Australia
For residents of Canada:
Office of the Privacy Commissioner of Canada
30, Victoria Street
Gatineau, QC K1A 1H3, Canada
For residents of Europe (United Kingdom):
The Information Commissioner’s Office
Wycliffe House, Water Ln
Wilmslow SK9 5AF, UK
For residents of Japan:
Personal Information Protection Commission
Kasumigaseki Common Gate West Tower 32nd Floor,
3-2-1, Kasumigaseki, Chiyoda-ku,
Tokyo, 100-0013, Japan
For residents of the United States:
The Federal Trade Commission
600 Pennsylvania Avenue, NW
Washington, DC 20580
For residents of the rest of the world (British Virgin Islands):
There is currently no formal legislation regulating data protection in the British Virgin Islands and no authority to which you can report data or security breaches. However, BVI courts are guided by the English common law principles of confidentiality and privacy. It is recommended that you seek independent legal advice in relation to any complaints you may have pertaining to a data breach in this jurisdiction.
For clients of Kraken Futures (Singapore):
Personal Data Protection Commission
10 Pasir Panjang Road,
#03-01 Mapletree Business City Singapore 117438