Privacy Policy

Home > English > FAQ > Privacy Policy

I Purpose

1. This Privacy Policy sets out how BigONE Private Company ("BigONE") collects, uses, discloses, and protects personal data in accordance with the AIFC Data Protection Regulations No.10 of 2017 dated 20 December 2017 and AIFC Data Protection Rules No.1 of 2018 dated 22 January 2018.

2. The purpose of this policy is to ensure that personal data is collected, used, and disclosed in a manner that respects the privacy and rights of individuals.

II Scope

1. This Privacy Policy applies to all personal data collected by BigONE, including personal data collected through its digital assets trading facility and custody services.

2. It applies to all individuals whose personal data is collected, used, and disclosed by BigONE.

III Definitions

1. "Personal data" means any information that relates to an identified or identifiable natural person.

2. "Processing" means any operation or set of operations which is performed on personal data.

3. "Data subject" means the individual to whom the personal data relates.

4. "Data controller" means the entity that determines the purposes and means of processing personal data.

5. "Data processor" means the entity that processes personal data on behalf of the data controller.

6. "Third party" means any person or entity other than the data subject, data controller, or data processor.

IV Principles of Privacy Policy and Data processing

1. Lawfulness, fairness and transparency – means that the data controller should ensure that personal data is processed lawfully. In practice, the most important element of this requirement is securing the data subject’s consent to use his or her personal data. A data controller may only process data where the data subject has given effective consent for the controller to do so.

2. Purpose Limitations – means that the data controller may only process personal data for disclosed, legitimate purposes. The controller may not collect data for one purpose and later use it for another without securing the data subject’s consent.

3. Data minimization – means that the data controller shall collect only as much personal data as is necessary for the purpose disclosed to the data subject (and to which the data subject consented).

4. Accuracy and limited duration – mean that the data controller must ensure that any data it collects is accurate and current and the data controller may not retain personal data identity. Rather, the controller can hold personal data only for as long as is necessary for the lawful purpose for which the data was collected.

5. Secure processing – means that the data controller must ensure that the personal data it processes is kept secure. The controller must employ data security tools, including appropriate technical or organizational measures, to protect against unauthorized or unlawful processing, accidental loss, destruction, or damage.

6. Purpose Disclosure – means that the data controller must disclose to the data subject the purpose of the data processing and the identity of any other parties that will receive the data.

V Data collecting standards.

1. All data received from the data subject directly provided to Bigone Investment Ltd. (hereinafter – “BigONE”) with most of the data we collect.

2. BigONE shall collect the next class of information related to data subject: Personal data including Sensitive data.

3. BigONE shall collect data and process data when data subject:

  • register online or place an order for any of our products or services;
  • corresponding with us by email, other electronic means of communications or otherwise;
  • Using the Support Centre on the Site; or
  • Use or view our website via browser’s cookies.

4. The Personal Information most often collected and maintained in a customer file includes customer identification, transaction history including records of payments made.

5. Each time the data subject uses the Services, we may automatically collect the following information, which may be considered to be Personal Information when combined with other information about the data subject.

6. Whenever a Data Subject uses the Services, we may automatically collect certain information that, when combined with other data, may be considered Personal Information. This includes:

  • technical information, such as the Internet Protocol (IP)
  • address used to connect the Data Subject's device to the internet,
  • browser type and version, time zone setting,
  • browser plug-in types and versions, operating system, and platform. BigONE may also collect information about the Data Subject's visit, such as the dates and times of use, the length of visits to specific pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any email addresses, phone numbers, or other contact information provided by the Data Subject on company’s website or through Customer Support chat/hotline.

7. Similar to other websites, BigONE Sites use browser cookies, web beacons, and other similar tracking technologies (collectively referred to as "Cookies") to collect and store certain information when the Data Subject uses, accesses, or interacts with our Services.

8. BigONE may receive information about the Data Subject from other sources, including third parties that assist us in updating, expanding, and analyzing our records, preventing or detecting fraud, processing payments, or analyzing the Data Subject's use of our Services. The Services offered by the Company may also feature integrated content or links to content provided by third parties, such as live chat, social media content, plug-ins, and applications. Additional third parties may include our affiliated entities.

VI Processing and Storage of personal data

1. In order to transact and use the Site or Services, BigONE will collect information about the Data Subject for the purposes outlined below. The information provided by the Data Subject may be used to:

  • Establish and maintain a responsible commercial relationship with the Data Subject.
  • Process orders and manage the Data Subject's account.
  • Understand the Data Subject's needs and eligibility for products and services.
  • Provide information to the Data Subject about developments and new products, including changes and enhancements to the Site.
  • Develop, enhance, and market products and services, and provide them to the Data Subject.
  • Provide the Data Subject with news and other matters of general interest related to their status as a BigONE customer.
  • Comply with our legal or regulatory obligations and respond to legal, regulatory, arbitration, or government processes or requests for information issued by government authorities or other third parties, or to protect the Data Subject's, our, or others' rights.
  • Fulfill the requirements stipulated under the Anti-Money Laundering and Counter-Terrorist Financing legislation.

2. In the process of processing the Data Subject's order, BigONE may send their data to and also use the resulting information from credit reference agencies, and/or other financial institutions in order to prevent fraudulent transactions.

3. BigONE utilizes IP addresses for trend analysis, Site administration, tracking customer movements, and gathering broad demographic information for aggregate use. Additionally, for the purposes of systems administration, detecting usage patterns, and troubleshooting, BigONE's web servers may automatically log standard access information, including browser type, access times/open mail, URL requested, and referral URL. This information is kept strictly confidential and is not shared with third parties. It is only used within BigONE on a need-to-know basis.

4. BigONE retains the right to restrict access for any customer who accesses the Site through a proxy service with the intent to conceal their originating identity. This includes access through the Tor anonymity network.

5. BigONE also reserves the right to aggregate personal and other data collected by us, rendering it incapable of identifying an individual. This aggregated data may encompass usage patterns and other trends, and BigONE may use this information to enhance and improve the company’s Services, generate insights, market to current and potential partners and users, and for other business purposes.

6. Provided that such aggregated data does not directly or indirectly identify you as an individual, this data is not considered personal information for this Privacy Policy.

VII Disclosures

1. Data Subject agrees (and shall sign the written consent during the onboarding process) that BigONE has the right to share Personal Information related to the Data Subject with the following parties:

  • Any member of BigONE's group, including our subsidiaries, ultimate holding company, and their respective contractors, affiliates, employees, or representatives.
  • BigONE’s service providers, to the extent necessary to provide the Services to you and/or to comply with due diligence measures stipulated under the applicable laws of Astana International Financial Centre (AIFC) and Kazakhstan.
  • Selected third parties, including analytics and search engine providers that assist us in improving and optimizing the Services.
  • Authorities and law enforcement agencies worldwide, either when ordered to do so or on a voluntary basis if deemed reasonable and necessary by BigONE.  

2. BigONE may also share your Personal Information with third parties in the following circumstances:

  • If BigONE or a significant portion of its assets are acquired by a third party, your Personal Information held by us about our customers may be transferred as one of the assets.
  • If BigONE is obligated to disclose or share your Personal Information to comply with any legal obligation or enforce or apply the User Agreement and other agreements, or to protect the rights, property, or safety of BigONE, our customers, or others.
  • BigONE reserves the right to disclose current and historical bids, asks, and market prices, opening and closing range prices, high-low prices, trade prices, estimated and actual trade volumes, settlement prices, and other aggregate data and information.

VIII Security and confidentiality.

1. To ensure the protection of personal data of our users, BigONE gives high importance to its data protection measures. We store personal data of our subject, on servers provided by the Google Cloud Platform. These servers are located specifically in Germany and the United Kingdom, which provide an adequate level of protection for Personal Data in accordance with Schedule 2 of AIFC Data Protection Rules No.1 dated 22 January 2018.

2. Following the termination of business relationships with the Company, we will retain the personal data of the Subject for a period of 6 (six) years before deleting it from our backend system.

3. BigONE takes measures to protect your privacy, and only employees who have a legitimate business need to access Personal Information or whose job duties require access are granted permission. These employees are subject to confidentiality obligations and will only process your Personal Information as instructed.

4. BigONE’s systems and data are regularly reviewed to ensure that the company provides high-quality service and has leading security features in place. The Company has established procedures to address actual or suspected data breaches and will inform you and any relevant regulator of a breach if legally required to do so.

5. While BigONE makes every effort to ensure the security of Data Subject information, it is important to note that no information system can be completely secure. BigONE are also not responsible for the security of information you transmit to us over networks that we do not control, including the internet and wireless networks.

VIII Marketing and promotion broadcast

1. BigONE would like to inform clients about new products and services developed by the company’s team and approved by AFSA, as well as those of our partner companies, which we believe may be of interest to clients. We respect the client’s privacy and will only send marketing communications if the customer has given us written consent.

2. If a customer has previously agreed to receive marketing communications from the company, but has since changed their mind, they can opt-out at any time.

3. The client has the right to request that BigONE stop contacting him/her/them for marketing purposes or sharing him/her/their data with other members of our organization.

4. If a client no longer wishes to receive marketing communications from BigONE, they need to submit an inquiry on the company’s website and or send a written email to cs@big.one.

5. The company shall set up the blacklist and will promptly remove the client who sent the request from the marketing list and ensure that he/she/they will not receive any further marketing communications from the company.

IX Rights of Data Subjects

1. The right to access – Data Subjects have the right to request access to the personal data related to you and held by BigONE, including information about the identity of the Data Controller. Data subjects may also request information about the purposes of any processing, the categories of personal data being processed, and the recipients to whom personal data is disclosed. Data subjects have the right to request this information in writing and to receive it without excessive expense.

2. The right to rectification – Data Subjects have the right to request that BigONE correct any personal data that Data Subjects believe is inaccurate or incomplete.

3. The right to erasure – Data Subjects have the right to request that BigONE erase personal data related to Data Subject if the processing of the data contravenes the norms stipulated by AIFC Data Protection Regulations. This request will be executed only if such data may be deleted and AML legislation of AIFC and/or Kazakhstan will not be prohibited.

4. The right to restrict processing – Data Subjects have the right to request that BigONE restrict the processing of their personal data if the processing of the data contravenes the norms stipulated by AIFC Data Protection Regulations.

5. The right to object to processing – Data Subjects have the right to object to BigONE’s processing of their personal data under certain conditions.

6. The right to data portability – Data Subjects have the right to request that BigONE transfer the personal data that Company has collected to another organization, or directly to Data Subject, under certain conditions.

X Other provisions

1. BigONE regularly reviews and updates the company’s Privacy Policy, and any changes will be posted on the company’s website.

2. This policy shall be re-considered by the BigONE at least once a year.

3. The last update to this Privacy Policy was made on the 23rd of March 2023.

4. Once BigONE starts the processing of sensitive information Chief Compliance Officer (or other employees responsible for personal data protection issue) of the Company shall within 14 (fourteen) business days send a written notification to the AIFC Data Commissioner under chapter 4.2 AIFC Data Protection Rules No.1 of 2018 dated 22 January 2018. 

X Contact to the Data Protection Officer and AFSA

1. If Data Subjects have any inquiries regarding BigONE's privacy policy or the data we hold on to you, or if you wish to exercise any of your data protection rights, please do not hesitate to contact the Data Protection Officer of BigONE. • Email: cs@big.one Tel: Address: 55/22Mangilik Yel Avenue Office No.131, Astana, Kazakhstan

2. Customers and individuals who have grievances regarding the services or products offered by Bigone Investment Ltd. or our staff may file a complaint with the Astana Financial Services Authority ("AFSA"), the financial regulator of the Astana International Financial Centre.

3. If you wish to escalate your complaint, it is advised to submit your complaint to the AFSA. You must provide the AFSA with details of your complaint and the relevant supporting documents and evidence. You may submit your complaint through one of the following methods:

  • By telephone: +7(7172) 64 72 60
  • By email: fintechlab@afsa.kz
  • In person/post: AFSA Office,55/17, Mangilik El Avenue, pavilion C3.2.
Updated:

Other Articles