Privacy Policy - Chain Tide 13

Introduction

Thank you for visiting OKX. The applicable OKX entity, as the data controller, provides this Privacy Policy to explain our practices regarding the collection, storage, use, disclosure, and processing of personal data. By accessing or using OKX.com, its associated application programming interfaces (APIs), mobile applications, or any related platforms (collectively, the “OKX Platform”), you:

Acknowledge that you have the legal right, capacity, and authority to accept this Privacy Policy;
Confirm that you have read and understood its contents; and
Agree to the policies and practices outlined herein.

Please review this document carefully to understand how we handle your information.

This Privacy Policy explains what personal data we collect, why we collect it, how it is used and stored, with whom we may share it, the rights you may have over your data, and how to contact us regarding privacy concerns. If you do not wish for your personal data to be used as described in this policy, please refrain from using the OKX Platform, technologies, products, or services offered (collectively, the “Services”).

👉 Learn how OKX protects your data with advanced security measures.

Data Controller and Contact Information

The OKX group comprises multiple legal entities responsible for data processing depending on user location and registration date. The relevant entity acts as the primary data controller for your personal information. This policy does not apply when we act solely as a data processor or service provider for other controllers.

Entity	Applicable Users	Data Protection Officer Email
OKX Bahamas FinTech Company Limited	Users resident in Mexico who registered between November 16, 2022, and August 28, 2023, and institutional users registering from August 29, 2023	[email protected]
OKX Hong Kong FinTech Company Limited	Users resident in Brazil who registered on or after May 15, 2023	[email protected]
OKX Serviços Digitais Ltda.	Users resident in Brazil who registered on or after June 15, 2023	[email protected]
OKX SG Pte. Ltd.	Users resident in Singapore who registered on or after October 13, 2023	[email protected]
Aux Cayes FinTech Co. Ltd.	All other users not covered above	[email protected]

For privacy-related inquiries, please contact the Data Protection Officer at the relevant email address listed.

Definitions

Personal Data: Any information relating to an identifiable individual, directly or indirectly, such as name, identification number, online identifier, location data, or physical, economic, cultural, or social identity indicators. This includes sensitive information but excludes anonymized data.
Sensitive Information: Data revealing racial or ethnic origin, political opinions, religious beliefs, biometric data, health status, or criminal records.

What Personal Data We Collect and How We Collect It

OKX collects personal data when you use our services or provide consent during registration, customer support interactions, marketing subscriptions, transactions, or communications via phone or email.

Data collected may include:

Personal identification: name, email, phone number, nationality, date of birth, address, official ID details.
Institutional details: corporate legal name, registration info, official ID number, proof of existence, beneficiary ownership.
Transaction data: records of activities on the OKX Platform.
Financial information: credit/debit card numbers, bank account details.
Correspondence: customer service chats, survey responses.
Regulatory information: data required by licensing authorities or consumer protection agencies.
Device identifiers: IP address, MAC address, geolocation, device fingerprinting, session logs.
App and device configuration: installed apps or settings that may indicate security risks.
Optional data: avatar, nickname, username.

We may also obtain personal data from third parties such as identity verification providers (e.g., Au10tix, Jumio, Sumsub), marketing partners, or liquidity providers. We ensure these parties comply with applicable privacy laws. Third-party analytics tools may use cookies to monitor traffic—details are covered in the "Use of Cookies" section.

We do not collect sensitive information without consent unless required by law or necessary to prevent illegal activity.

Failure to provide requested data may limit access to our Services. Anonymous or pseudonymous use is not supported.

Unsolicited Personal Data

If we receive unsolicited personal data about you, we will destroy or anonymize it unless it supports purposes outlined in this policy. If combined with other collected data, it will be retained under the same standards.

Who We Collect Data About

We collect personal data from users, potential users, service providers, platform partners, job applicants, employees, contractors, and other third parties with whom we interact.

How We Use Your Personal Data

OKX uses personal data to deliver, improve, and secure our Services and meet legal obligations. Specific purposes include:

Service Provision: To fulfill transactions and comply with terms of service (e.g., processing local currency transfers).
Fraud Detection: To identify and prevent fraudulent activity.
Security Protection: To monitor device and account activity for threats.
Customer Support: To respond to inquiries and resolve issues.
Service Improvement: To analyze usage patterns and enhance user experience.
Marketing: To inform you of relevant products or services (opt-out available).
Consent-Based Uses: For additional purposes with your explicit permission.
Social Interactions: To enable contact-based features like messaging or payments within the app.
Other Business Purposes: As reasonably expected under applicable law.

Legal Bases for Processing Without Consent

We may process your data without consent under the following conditions:

Public Interest: To protect broader societal interests.
Legal Proceedings: To initiate or defend legal claims.
Vital Interests: To safeguard your well-being.
Contract Execution: To fulfill contractual obligations or take pre-contractual steps.
Legal Compliance: To meet regulatory requirements.

Who We Share Your Data With

We may disclose personal data to:

Group companies (subsidiaries, affiliates) and their staff.
Service providers (payment processors, IT support, customer service).
Entities involved in corporate transactions (acquisitions, financing).
Government agencies or law enforcement for legal compliance.
Professional advisors (legal, accounting) for audits or compliance.

Third-party processors are contractually bound to use your data only for specified purposes. We implement anti-money laundering (AML), counter-terrorism financing (CTF), and sanctions compliance protocols that involve identity verification and transaction monitoring using third-party tools.

How We Store Your Personal Data

We store personal data securely in internal systems or through trusted third-party storage providers. Measures include encryption, access controls based on necessity, and confidentiality agreements for staff and vendors.

Data may be transferred outside your country of residence for processing or storage. By submitting your information, you consent to such international transfers—except where restricted by local laws (see regional sections below).

We retain your data only as long as necessary to provide services, pursue legitimate business interests, or meet legal obligations (e.g., AML recordkeeping requirements post-account closure).

👉 Discover how OKX ensures secure global data handling across jurisdictions.

International Data Transfers

OKX operates globally. Your personal data may be processed in countries where we have offices or service providers—including Malaysia, Vietnam, and Argentina—regardless of your location.

These countries may have different privacy laws. However, we ensure all transfers comply with applicable regulations and maintain protection standards equivalent to those described in this policy. In some cases, foreign authorities may have legal access rights to your data.

By communicating electronically with OKX, you acknowledge and accept these international processing practices.

Accessing, Correcting, and Deleting Your Data

Subject to legal exceptions:

You can request access to your personal data within 30 days.
You may correct inaccurate information; we’ll update it within 30 days upon verification.
You can request deletion of your data unless retention is legally required.

To exercise these rights:

Contact the relevant DPO email from Section 2 with subject line “DATA INQUIRY REQUEST.”
Or submit a request via OKX Support.

Identity verification is required before processing any request.

Children's Personal Data

OKX does not knowingly offer services to individuals under 18. If we discover such data has been collected, it will be promptly deleted. Please report underage users so we can take appropriate action.

Communications

We only use personal data for direct marketing with your consent. You can opt out at any time by:

Clicking the unsubscribe link in marketing emails.
Contacting Customer Service via the Help Center.

Opt-out does not apply to service-related messages (e.g., policy updates, operational notifications).

We may share personal data with third parties solely for marketing support purposes.

Use of Cookies

When accessing www.okx.com, we may place small data files ("Cookies") in your browser to enhance user experience.

Cookies help us:

Identify users and remember preferences.
Enable seamless navigation across pages.
Analyze website usage patterns.
Support AML compliance and detect suspicious activities.

Types of cookies:

Session Cookies: Deleted when you close your browser.
Persistent Cookies: Remain until expiration date.

You can configure your browser to block cookies—but this may affect functionality.

Information Security

We implement robust safeguards against unauthorized access, alteration, disclosure, or destruction of personal data. These include:

Encrypted web communications.
Mandatory two-factor authentication (2FA).
Regular audits of data practices.
Restricted internal access based on job necessity.
Contractual confidentiality obligations for employees and vendors.

For security concerns or incident reporting:
Email: [[email protected]]
Subject: “INFORMATION SECURITY REQUEST”

👉 See how OKX uses cutting-edge security to protect your digital assets.

Contact Us About Privacy

For questions about this Privacy Policy or your personal data:
Email the relevant DPO from Section 2 with subject: “PRIVACY INQUIRY REQUEST.”

Policy Updates

We may update this Privacy Policy at any time by posting a revised version on the OKX Platform with an updated effective date. Continued use of our services constitutes acceptance of changes. We recommend periodic review.

Language

This Privacy Policy may be available in multiple languages. In case of discrepancies, the English version prevails.

Regional Addenda

EU Data Protection Laws (GDPR)

For users in the European Economic Area (EEA) ("European Residents"):

Legal Bases for Processing

We rely on:

Legal compliance (AML/KYC requirements).
Contract performance.
Consent (withdrawable at any time).
Legitimate interests (fraud prevention, marketing).

GDPR Rights

European Residents have the right to:

Access and rectify personal data.
Withdraw consent.
Request deletion (“right to be forgotten”).
Restrict or object to processing.
Data portability.
Lodge a complaint with a supervisory authority.

Automated Decision-Making

Used for fraud detection; safeguards include human intervention and right to appeal.

Cross-Border Transfers

We use EU-approved Standard Contractual Clauses (SCCs) for EEA-to-third-country transfers when necessary for service delivery or with user consent.

Singapore PDPA Compliance

For users in Singapore:

Cross-Border Transfers

Before transferring data outside Singapore, OKX ensures:

Your consent after disclosure of protection levels.
Recipient is legally bound to comparable standards.
Recipient holds APEC CBPR/PRP certification.

Exceptions apply if transfer is vital to your interests or necessary for contract fulfillment.

Data Breach Notification

If a notifiable breach occurs under PDPA, we will report it promptly to the Personal Data Protection Commission (PDPC) and affected individuals.

Service providers must process data strictly per our instructions or PDPA requirements.

Australia Privacy Law Addendum

Applies to Australian customers of OKX Australia Pty Ltd (ABN 22 636 269 040).

Legal Basis

Processing is primarily based on legal obligations under Australia’s Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth).

No Right to Deletion

Australian users cannot request full deletion due to statutory retention requirements.

Overseas Disclosure

Data may be sent internationally for:

Offshore storage.
Cross-border transactions.
Partner services.
Government reporting.

While we implement privacy agreements with recipients, we cannot guarantee foreign compliance with Australian standards.

Handling Complaints

Submit complaints via contact details provided. We’ll acknowledge within 2 business days and aim to resolve within 30 days. Unresolved issues may be escalated to the Office of the Australian Information Commissioner (OAIC).

U.S. State Privacy Laws

Applies to users covered under CPRA (California), CTDPA (Connecticut), CDPA (Virginia), UCPA (Utah), CPA (Colorado).

Consumer Rights

You may have the right to:

Access or obtain a copy of your personal data.
Correct inaccuracies.
Delete personal information (subject to exceptions).
Opt out of targeted advertising or profiling.
Export your data in machine-readable format.

Verification & Agents

We verify identity before fulfilling requests. Authorized agents can act on your behalf with proper documentation.

Appeal Rights

If we deny a request:

California & Colorado: You’ll receive written explanation and right to appeal within 45 days (extendable to 90).
Virginia & Connecticut: Appeal must be reviewed within 60 days; if denied, you’ll be directed to contact the respective Attorney General.

Do Not Track

We do not respond to browser “Do Not Track” signals as defined by California and Delaware laws.

Biometric Data & Identity Verification (U.S.)

To comply with KYC obligations:

Users must submit government ID and real-time selfie.
Third-party providers perform facial comparison using machine learning.
A match confidence score is generated; no facial biometric templates are stored by OKX.
Providers retain biometric data only as long as necessary for verification and legal compliance.

We do not use biometric data for commercial purposes beyond identity confirmation.

Vermont Consumer Privacy Notice

Applies exclusively to Vermont consumers:

The Exchange limits sharing of nonpublic financial information:

Information Shared	Without Consent?
Solvency information	No
Personal/financial info for third-party offers	No

Vermont law requires an “opt-in” mechanism for sharing financial data with non-affiliated third parties. Consumers may opt in electronically or in writing.

For Vermont members:

We will not disclose solvency details to affiliates or financial info to non-affiliated third parties without authorization.
Contact us for additional privacy questions.

Frequently Asked Questions

Q: Can I use OKX anonymously?
A: No. Due to regulatory requirements like KYC and AML checks, anonymous usage is not permitted.

Q: How long does OKX keep my data after I close my account?
A: We retain certain information as required by law—typically several years—for compliance with anti-money laundering regulations.

Q: Are my biometric details stored by OKX?
A: No. While facial recognition is used during verification via third-party tools like Jumio or Sumsub, OKX does not store biometric templates.

Q: Can I stop receiving marketing emails?
A: Yes. Use the unsubscribe link in any marketing message or contact Customer Support.

Q: What should I do if I suspect a privacy breach?
A: Immediately report it by emailing [email protected] with “INFORMATION SECURITY REQUEST” in the subject line.

Q: How does OKX handle international data transfers?
A: Transfers are conducted under strict contractual safeguards ensuring equivalent protection levels—even when moving data outside regions like the EEA or Singapore.