Phemex Privacy Policy

This Phemex Privacy Policy (the “Privacy Policy”) is subjected to restrictions in line with the Phemex Terms of Use. 

For more details, please refer to Phemex Terms of Use. Please note that with respect to the use of Personal Data, in the event of a conflict between the Phemex Terms of Use and this Phemex Privacy Policy, this Phemex Privacy Policy shall prevail.

1. Important information and who we are

This Privacy Policy, as amended or otherwise changed from time to time (the “Privacy Policy”), explains the manner in which Phemex collects, uses, maintains and discloses User information obtained through the Phemex.com website (the “Website”) or via the official Phemex mobile application (the “App”) and through the provision of the Services. Phemex Limited is the data controller of your Personal Data. When this Privacy Policy mentions “Phemex,” “we,” “us,” or “our,” it refers to the relevant Phemex group entity which is providing the Services directly and specifically.

By registering for and using the Phemex Exchange, you agree that your Personal Data (as defined below) will be handled as described in this Policy and the Phemex Terms of Use. Capitalized terms not defined herein shall have the meanings ascribed to them in the Phemex Terms of Use. 

Where we need to collect Personal Data by law, or under the terms of a contract (including, but not limited to, the Agreement) we have with you and you fail to provide that data when requested, we may not be able to provide the Services. In this case, we may have to close your Account but we will notify you if this is the case at the time.

Please note: This Privacy Policy does not cover any information that we may receive about you through channels external to Phemex.

2. What information do we collect?

We collect Personal Data and Anonymous Data, as described below.

“Personal Data” means data that allows someone to identify or contact you, including, for example, your name, biometric template (such as face and/or fingerprints scan), address, telephone number, e-mail address, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

“Anonymous Data” is a data processing technique that removes or modifies personal information so that it cannot be associated with a specific individual. Except for this definition clause, none of the other clauses or provisions of this Privacy Policy applies to Anonymous Data (i.e. information about our User that we combine together so that it no longer identifies or references an individual User).

Specifically the abovementioned information may be collected through following approaches:

1. Information we require from you

1. Basic User Information: such as your name, resident address, date of birth, nationality, country of residence, gender, phone number, email address, etc.;

2. Supplemental Identification Information: such as utility bills (for your billing address), photographs and/or videos, government-issued identity document, e.g. passport, driver’s license, or state identification card, social security number, employment information (e.g. company name), proof of residency, visa information, etc.;

3. Electronic Identification (“EIDV”) Information: such as biometric information generated based on photos or videos you provide in order for us to verify your identity;

4. Institutional Information (if you are an institutional User): such as employer identification number (or comparable number issued by a government), personal identification information for all material beneficial owners of your business, etc.;

5. Financial Information: such as bank account number, payment card primary account number ("PAN"), trading and investment experience, tax identification number, income/net assets/wealth verification statements, etc.;

6. Wallet Information: When you conduct onchain deposit or onchain withdraw by using our APP/Website, and connect it to your account, we would require your wallet address and information related to integrations that you select;

7. Transaction Information: such as Information about the Transactions made on our Services, such as the name of the sender, the name of the recipient, the amount, currency preferences, payment method, date, and/or timestamp, etc.;

8. Supplemental Information: such as survey responses, information (including call recordings) provided to our User support team or User research team, including communications with interfaces such as our chatbots, your contacts’ phone or email addresses if you choose to invite friends to Phemex Exchange, etc.;

2. Information Collected Automatically

1. Device Information: such as information about the app, device, operating system, and browser you’re using, other device characteristics or identifiers (e.g. plugins, the network you connect to), your IP address, domain name, and/or a date/time stamp for your visit, etc.;

2. Product Usage Information: such as information about what you view or click on while visiting our Websites and Apps and how you use our Services (“Activity Information”), and information about how our Services are performing when you use them, including timestamps, crash data, website performance logs, and error messages or reports (“Diagnostic and Troubleshooting Information”);

3. Cookies: “Cookies” mean small pieces of information that a website sends to your computer’s hard drive while you are viewing the website. For more detailed provisions on how we use Cookies, please see section 10.

3. Information we obtain from Affiliates and third parties

1. Phemex Affiliates: We may obtain information about you, such as Basic User Information, Transaction Information and Product Usage Information, from our Affiliates as a normal part of conducting business. 

2. Public Database Information: We obtain information about you from public databases, such as the United Nations Sanctions List, including your name, address, email address, phone number, gender, national ID number and nationality/country of residence, date of birth, job role, public employment profile, listing on any sanctions lists maintained by public authorities, and other data as necessary；

3. Blockchain Data: We may analyze public blockchain data, including timestamps of Transactions or events, Transaction IDs, digital signatures, Transaction amounts, and wallet addresses;

4. Information from our Marketing and Advertising Partners: We receive information such as your name and contact information from our marketing partners, including in some instances what marketing content you viewed or the actions you take on our Websites;

5. Information from Analytics Providers: We receive information about your website usage, interactions, age group, and survey responses (including prior to Account creation, in some cases);

6. Information from Third Party Service Provider: some of Service are provided through third party service providers, who may provide us with data about you, such as your name and contact details, and your Transaction with that service provider;

7. Research and In-App Survey Information: We use third party service providers to conduct in-app surveys to better understand our User experience and improve our Services. The information we receive from our research partners is pseudonymous.

3. How do we use the information we collect?

We use your personal information to deliver, personalize, operate, improve, create, and develop our Services, to provide you with a secure, smooth, efficient and customized experience as you use them, and for legal compliance, loss prevention, and anti-fraud purposes:

1. To Provide Services to You

1. 1. to allow you to set up an Account and profile;

   2. to provide you with personalized services to invest (such as buy or sell), save, earn, spend, stake, and borrow within your Account, including hosting and maintaining your digital wallets;

   3.  to provide investing, payment, asset listings, and Account management services;

   4. to provide you with our Phemex cloud services, which offers tools, APIs and infrastructure for Web3 development and, staking services;

   5. to address your request for support in the Apps, via the Website or by email and to respond to customer care and other inquiries, including providing telephone-based premium User support to Users (who provide their telephone numbers), chat message support (including chatbots), and social support;

   6. to send you administrative or Account-related communications about Services, which can include security updates or Transaction-related information, through email, telephone, or in-product/push notifications. You may not opt-out of receiving critical service communications, such as emails or mobile notifications sent for legal or security purposes;

   7. to verify accounts and related activity, find and address violations of terms of the Agreement, this Privacy Policy, and other policies of Phemex, to investigate suspicious activity, detect, prevent and combat harmful or unlawful behavior, detect fraudulent behavior and to maintain the integrity of our Services.

   8. We may also collect information that you allow us to receive through the device-based settings you enable (such as access to your GPS location, camera or photos) which we use to provide the features or services described when you enable the setting.

2.  To Comply with Our Legal Obligations

1. to properly identify or verify your identity and comply with other specific anti-money laundering (“AML”), know-your-client (“KYC”), or other laws/regulations (e.g. funds transfer rules).  Our verification processes also involve electronic identification through the comparison of your ‘selfie’ against your provided verification information.  All such information is securely maintained by Phemex and our service providers, and is only disclosed where permitted by Applicable Laws;

2. to carry out additional checks to ensure your suitability (e.g. under the European Market Infrastructure Regulation) when you use certain locally regulated products or engage in certain advanced trading activities;

3. to comply with law, legal obligations, regulations, law enforcement, Government Agencies, and other legal requests, court orders, or for disclosure to tax authorities. 

3. For our Legitimate Interests

1. to perform core metrics, customize your experience with our Services and to generally improve our Services (for example, when and how often pages on our Website is visited, and our Services are used)；

2. to send you targeted marketing communications through email, mobile, in-app and push notifications or by SMS (you may also see ads for our Services when you visit other apps and websites);

3. to provide promotions, including sweepstakes offers or other incentives and rewards for using our Services.

4. Where not otherwise required by law, and depending on the circumstances, we may preserve and share your information:

1. in response to requests from third parties, such as civil litigants, law enforcement, and other Government Agencies, for example to assist authorities in the investigation of fraud;

2. to promote the safety, security, and integrity of the Service, network, other Users, our employees, our property and the public;

3. when we seek to protect ourselves in the context of litigation or other disputes, such as violations of terms of the Agreement, this Privacy Policy, and other policies of Phemex; and/or

4. to respond to User requests or communications, reviewing Accounts and Transactions for litigation disputes, and recording Account details for litigation and settlement purposes.

5. to protect the integrity of our Services in addition to our contractual obligation with you. For example:

1. to log User reports and patterns of suspicious behavior to understand techniques being used by bad actors who may wish to interfere with the Services; and

2. to identify and investigate patterns of suspicious behavior or violations of terms of the Agreement, this Privacy Policy, and other policies of Phemex;

6. to conduct and support research and innovation on topics related to our Services.

7. to provide communications and customer support, including communications with interfaces such as our chatbots.

4. To Protect the Interests of You and Third Party

1. We may preserve, review, and share information with Government Agencies and others in circumstances where someone’s vital interests require protection, such as in the case of emergencies. For example, where there is a risk to the well-being or life of a User.

YOU WOULD BE DEEMED AS HAVE CONSENTED (OR EXPLICIT CONSENT WHERE WE PROCESS FACIAL RECOGNITION AND BIOMETRIC DATA) TO OUR COLLECTION AND USE OF YOUR PERSONAL DATA BY REGISTERING THE ACCOUNT. PLEASE NOTE THAT WE MAY PROCESS YOUR PERSONAL DATA WITHOUT YOUR KNOWLEDGE OR CONSENT WHERE THIS IS REQUIRED OR PERMITTED BY APPLICABLE LAW.

Legal Bases for Processing Your Information

Below is a list of the purposes described in our policy with the corresponding legal bases for processing.

*To the extent legitimate interest or performance of a contract is not a recognized legal justification in your jurisdiction, we rely on consent (express or implied, as appropriate) where consent is required.

4. How do we share your Personal Data?

We disclose your Personal Data as described below and as described elsewhere in this Privacy Policy.

1. It may be necessary to disclose your information to law enforcement agencies, regulators, other Government Agencies or relevant third parties to comply with any law, subpoenas, court orders, or government request, defend against claims, investigate or bring legal action against illegal or suspected illegal activities, enforce the Terms of Use, or to protect the rights, safety, and security of us, our Users, or the public.

2. We may share Personal Data within the Phemex group entities or with our Affiliates, and the trustees, shareholders, partners, investors, directors, supervisors, senior managers and employees of such entities. 

3. We may share your Personal Data with third-party service providers to provide you with the Services that we offer you through our Website/App; to conduct quality assurance testing; to facilitate creation of accounts; to provide technical support; to verify your identity; and/or to provide other services to us or our Users. These third-party service providers are required not to use your Personal Data other than to provide the services requested by us.

4. We may provide Personal Data to business partners with whom we jointly offer products or Services as allowed by Applicable Laws. In such cases, our business partner’s name will appear with ours.

5. With prior inquiry and your express consent, we may share some or all of your Personal Data with third parties (e.g. the investor, purchaser or new owner) in connection with or during negotiation of any merger, financing, acquisition or dissolution transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets. In the event of an insolvency, bankruptcy, or receivership, Personal Data may also be transferred as a business asset. If another company acquires our company, business, or assets, that company will possess the Personal Data collected by us and will assume the rights and obligations regarding your Personal Data as described in this Privacy Policy.

6. We may share some or all of your Personal Data with credit bureaus, any debt collection agencies or dispute resolution centers in the event that any party hereto is under violation of or dispute in respect of terms of the Agreement, this Privacy Policy, and other policies of Phemex.

7. We may share some or all of your Personal Data with other third parties who provide us with certain services in relation to our operation, business and/or assets, including without limitation the insurance companies, insurance investigators, credit providers, banks, credit card companies, auditors and lawyers.

8. We may share some or all of your Personal Data with third parties with your consent as determined by you or the applicable contract.

9. The Website/APP may contain links to other third-party websites which are regulated by their own privacy policies. We are not responsible for the privacy policies of these third-party websites even if they were accessed using the links from our Website/APP. Other than as stated in this Privacy Policy, we do not disclose any of your Personal Data to third parties unless required to do so by Government Agencies, court order, or in compliance with legal reporting obligations.

5. Legal Basis and Special Rules for European Users

1. For individuals who are located in the European Economic Area (“EEA”), United Kingdom or Switzerland (collectively “EEA Residents”) at the time their Personal Data is collected, we rely on legal bases for processing your information under Article 6 of the EU General Data Protection Regulation (“GDPR”). We generally only process your data where we are legally required to, where processing is necessary to perform any contract we entered with you (or to take steps at your request prior to entering into a contract with you), to operate our business, to protect Phemex’s or your, property, rights, or safety, or where we have obtained your consent to do so.  If you reside outside the or EEA, the legal bases on which we rely in your country may differ from those listed above.

2. If you are based in Europe, you have the right to make a complaint at any time to the European Data Protection Supervisor (EDPS) (the EU’s supervisory authority for data protection issues (https://edps.europa.eu/)) or the supervisory authority of the country in which you are based. We would, however, appreciate the chance to deal with your concerns before you approach a supervisory authority, so please contact us in the first instance. 

3. We share your Personal Data within our affiliated group of entities, which are based in various locations globally. This will involve transferring your data outside the European Economic Area. In addition, many of our external third parties are also based outside of the EEA so their processing of your Personal Data will involve a transfer of data outside the EEA. Whenever we transfer your Personal Data out of the EEA, we ensure a similar degree of protection is afforded to it by putting in place appropriate safeguards, as required by Applicable Laws.

4. Please contact us if you want further information on the specific mechanism used by us when transferring your Personal Data out of the EEA.

6. How can you access and change your information?

1. Under Applicable Laws, you may have the right to request for access to your Personal Data, to obtain a copy of the Personal Data, to correct any Personal Data that is inaccurate and to delete or cease the collection, processing or use of any Personal Data. You may request Phemex to inform you of the type of Personal Data held by Phemex.

2. Request for access and correction of Personal Data or for information regarding policies and practices and kinds of data held by us should be addressed in writing and sent to Phemex by post or by email following the details set out in the "Contacting Us" section below.

3. In accordance with the terms of Applicable Laws, Phemex has the right to charge a reasonable fee for the processing of any data access request.

7. How do we retain your information?

We will retain your information for as long as your Account has not been closed or as needed to provide you access to your Account. We will also retain and use your information as necessary to comply with our legal obligations, including AML/KYC compliance or other financial regulatory obligations in different jurisdictions, resolve disputes, and enforce the terms of the Agreement, this Privacy Policy, and other policies of Phemex. This period will vary depending on the nature of the information and your interactions with our Website/APP and our Services. If you unsubscribe from our marketing communications, we will keep a record of your email address to ensure we do not send you marketing emails in the future.

8. What security precautions do we take?

We take the protection of your Personal Data seriously. We use industry-standard data encryption technology and have implemented restrictions related to the storage of and the ability to access your Personal Data. 

We prioritize the protection of our clients' personal data through comprehensive security measures:

1. Encryption Protocols: All data transmissions are encrypted in an industry-standard. Confidential and sensitive data are encrypted both in transit and at rest, utilizing a zero-trust architecture to maximize security.

2. Data Storage: All data is securely stored in isolated hardware environments with restricted access limited to authorized internal systems administrator.

3. Access Management: We enforce strict access control measures, including role-based permissions, to ensure that sensitive data is accessible solely by authorized personnel.

4. Data Anonymization: Data anonymization practices, including but not limited to data masking, are implemented to safeguard user identities during analysis, research, and troubleshooting activities.

5. Monitoring and Audit Trails: Comprehensive audit logs of all data access are maintained, and regular transaction data reconciliation processes are performed to uphold data integrity and detect anomalies.

6. Security Assessments: Security audits and vulnerability assessments are conducted on a routine basis to identify, assess, and mitigate potential risks and system vulnerabilities.

7. Employee Training: Employees are regularly educated on data protection protocols, including but not limited to identifying phishing attempts, implementing robust password practices, and adhering to secure coding standards, including OWASP guidelines.

Please note that no transmission over the Internet or method of electronic storage can be guaranteed to be 100% secure. Please recognize that you play a vital role in protecting your own personal information. Therefore, all Users of Phemex must comply with the security requirements under the Terms of Use and take reasonable steps to help ensure the security of their Personal Data and access to their Accounts.

Furthermore, we cannot ensure or warrant the security or confidentiality of information you transmit to us or receive from us by Internet or wireless connection, including email, phone, since we have no way of protecting that information once it leaves and until it reaches us. If you have reason to believe that your data is no longer secure, please contact us using the contact information provided in this Privacy Policy.

9. Your legal rights

Under certain circumstances, you have rights under data protection laws in relation to your Personal Data which are set out in more detail below:

If you wish to exercise any of the rights set out above, please contact us through Online Chat.

No fee usually required

You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in the abovementioned circumstances.

Time limit to respond

We try to respond to all legitimate requests within a reasonable period. Occasionally it may take us longer time if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

10. Cookie Policy

1. Consent to Our Cookie Policy

By visiting and continuing to browse our Website, downloading and using our App and using, your Account, including, where appropriate, with your browser settings adjusted to accept Cookies, you are consenting to our use of Cookies, web beacons and related technologies to provide our Services. 

2. Types of Cookies We Use:

1. 1. Session Cookies exist only during an online session. They disappear from your computer when you close your browser or turn off your computer. We use session Cookies to allow our systems to uniquely identify you during a session or while you are logged into the Phemex Exhange. This allows us to process your online Transactions and requests and verify your identity after you have logged in, as you move through our Phemex Exchange.

   2. Persistent Cookies remain on your computer after you have closed your browser or turned off your computer. We use persistent Cookies to track aggregate and statistical information about User activity.

3. How we Use Cookies

1. We collect web browser information in order to enhance your experience on our Website/App and track how the Services are being used. In addition to using Cookies to provide you with better User experience, we use Cookies to identify and prevent fraudulent activity.  Cookies are not permanent and will expire after a short period of inactivity.

2. Our Services may include public blockchain technology, publicly accessible blogs, forums, social media pages. As such information will be public, the Personal Data provided by you may be viewed and used by third parties for any number of purposes. In addition, social media buttons such as Telegram (that might include widgets such as the “share this” button or other interactive mini-programs) may be on our Website/App. These features may collect your IP address, which page you are visiting on our Website/App and may set a Cookie to enable the feature to function properly. These social media features are either hosted by a third party or hosted directly on our Website/App. Your interactions with these features apart from your visit to our Website/App are governed by the privacy policy of the company providing it.

3. We may use third-party APIs and software development kits (“SDKs”) as part of the functionality of our Services. APIs and SDKs may allow third parties including analytics and advertising partners to collect your Cookies for various purposes including to provide analytics services and content that is more relevant to you. For more information about our use of APIs and SDKs, please check here.

4. Do Not Track (“DNT”) is an optional browser setting that allows you to express your preferences regarding tracking by advertisers and other third parties. At present, we do not respond to DNT signals.

4. Your Rights to Change Cookie Settings

1. 1. You can manage your Cookies (including the enabling or disabling of Cookies) by using your browser. For example, you may block Cookies by activating the setting on your browser that allows you to refuse the setting of all or some Cookies. Each browser is different and as such we suggest that you check the ‘Help’ menu on your particular browser (or your mobile phone’s handset manual) to learn how to change your Cookie preference. You may also find more information on how to manage your Cookies from third-party websites.

   2. You may opt to deactivate your Cookies, but it is important to note that you may not be able to access or use some features of our Website/App. We would not be able to provide you with all of our Services, including certain personalized features, without the use of Cookies and related technology and as such, your computer, mobile phone, tablet or other enabled mobile devices (which we refer to collectively in this Privacy Policy as a “device”) will need to be set up to enable such technologies. Please note that we are not responsible or can be held liable for any loss resulting from your decision or inability to use such features.

   3. The online advertising industry also provides websites from which you may opt out of receiving targeted ads from data partners and other advertising partners that participate in self-regulatory programs. Please note you must separately opt out in each browser and on each device.

5. Third Party Cookie Policy

1. 1. For Cookies collected by third parties, the relevant third-party service providers are responsible for the Cookies they set on the Website. If you would like to opt-out of all other types of technologies we employ on this site, you may do so by changing your browser settings to block, delete or disable these technologies as their browser or device permits. 

   2. Phemex may also use social media buttons and/or plugins on this site that allow Users to connect with their social network in various ways. For these to work the following social media sites have been limited in the following two ways:

      1. On the Website side, we currently set explicit restrictions on each external link to ensure security, privacy protection, and Search Engine Optimization control;

      2. On the APP side, Users may currently click to share profit screenshots to the corresponding social media only in the form of images, without any other information permitted to be shared.

11. Children’s privacy

Unfortunately, if you’re under 18 or have no full legal capacity under the laws in your Country of Residence, you can’t use our Services. We will not knowingly solicit or collect information from anyone under 18 or has no full legal capacity under the laws in his/her Country of Residence. If we become aware that such person has provided us with personal information, we’ll delete it immediately.

12. Changes to this Privacy Policy

Phemex reserves the right from time to time to revise this Privacy Policy in accordance with changes in Applicable Laws, our Personal Data collection and use practices, the features on the Website/APP, or advances in technology. If material changes are made to this Privacy Policy, the changes will be prominently posted on the Website/APP. You are advised to check the Privacy Policy periodically and pay attention to its revision. After the publication of the new version of this Privacy Policy, your continued use of the Website/APP, or your continued relationship with Phemex shall be deemed to be acceptance of and consent to this updated Privacy Policy, as amended from time to time.

13. Contacting Us

If you have any questions about our Privacy Policy as outlined above, please contact us through support@phemex.zendesk.com or Online Chat.