Global travelers visiting APEC economies and APEC-based merchants
At iBnk Vault LLC (registered in Ohio, USA, hereinafter "iBnk"), we highly value your privacy and are committed to handling your personal information in a secure and responsible manner. This Privacy Policy explains how we collect, use, store, and share your personal information when you use the services provided by iBnk.
This policy is designed in accordance with applicable laws and regulations, including the General Data Protection Regulation (GDPR), U.S. federal and state data protection laws, the Australian Privacy Act 1988, and other relevant data protection regulations, ensuring your data rights are respected and protected.
Definitions
Personal Data: Any information relating to an identified or identifiable natural person, such as name, address, email address, ID numbers, and IP address.
Data Subject: The individual to whom the personal data relates.
Data Controller: The entity that determines the purposes and means of processing personal data; in this case, iBnk Vault LLC.
Data Processor: The entity that processes personal data on behalf of the data controller, including Intellifusion Pty Ltd and our vendors and partners.
Information We Collect
Information You Provide
When you create an account, we may request your contact information, including full name, residential address, email address, and phone number. To comply with legal requirements for identity verification, we may collect the following personal data:
Identity Data: Full name, date of birth, gender, nationality, passport number, social security number, driver's license number, national ID details.
Financial Data: Bank account, credit card information, income details, tax identification number, transaction history.
Location Data: GPS coordinates, location history, Wi-Fi access point data, IP address.
Employment Data: Employment details, job title and description, work location.
Transaction Data: Purchase and sale history, transaction amounts, payment methods used, billing address, order amounts.
Usage Data: Website or app usage patterns, session duration, pages visited, clickstream data, error logs, and crash reports.
Marketing Data: Marketing preferences, subscriptions and newsletter preferences, responses to marketing campaigns.
User Account Data: Username and account identifiers, profile pictures and avatars, user-generated content, preferences and settings.
Social Media Data: Social media profiles, user-generated content (posts, comments), friends and contacts, social network activity.
Communications
If you contact us directly, we may request additional information such as your name, email address, residential address, phone number, and other relevant personal data.
Payment Information
Our services allow users to choose their preferred stablecoin and network for payments. We also use third-party financial institutions for fiat payments.
Information from Third Parties
We may obtain personal data from third-party partners and vendors to provide seamless and comprehensive services. These third parties may include:
Payment Service Providers: Financial institutions processing your transactions.
Identity Verification Partners: Vendors verifying your identity as required by law.
Advertisers and Marketing Partners: To better understand your interaction with our services and provide personalized recommendations.
How We Use Your Data
Legal Basis and Legitimate Interests
We collect, use, and share data based on various legal grounds depending on the circumstances, including:
Consent: When you have explicitly consented to the processing of your data.
Performance of Contract: When processing is necessary to fulfill a contract with you.
Legal Obligation: When we are required to use your data to comply with legal obligations.
Legitimate Interests: When we have legitimate interests that do not override your fundamental rights.
Purposes of Data Use
We use your data for various purposes, including:
Providing and maintaining services and applications
Payment processing and order fulfillment
Fraud prevention and detection
Legal compliance, including anti-money laundering (AML) and counter-terrorism financing
User communication and support
Service improvement and research and development
Security and protection of services and data integrity
Personalization and user account management
How We Share Your Data
We may share your information with various third parties to support and enhance our business operations, including:
Vendors and Service Providers: Assisting us in maintaining and optimizing business operations.
Credit and Financial Institutions: Processing transactions and completing orders.
Identity Verification Services: Ensuring compliance with legal requirements.
Partners: Authorized third parties accessing the iBnk API.
Law Enforcement: Supporting investigations and maintaining compliance.
Transfers, Mergers, and Acquisitions: In insolvency, bankruptcy, acquisition, ownership transfer, or asset sale.
Data Security
We implement measures to protect your personal information against unauthorized access, disclosure, alteration, and destruction, including:
Access Control: Limiting authorized personnel access for legitimate business purposes.
Employee Training: Training teams on data security best practices.
Data Backup: Regularly backing up data to prevent loss.
Incident Response: Maintaining procedures to timely address and mitigate security incidents.
Security Roadmap: Implementing comprehensive encryption for data in transit and at rest.
Note: No system is completely secure. We continually assess and improve our security measures to protect your data.
Data Retention
We retain personal information only for as long as necessary to achieve the purposes for which it was collected. Retention periods may vary depending on data type and purpose.
Your Rights as a Data Subject
As a user of iBnk services, you have rights regarding your personal data, including:
Access: Request access to your personal data held by us.
Correction: Request correction of inaccurate or incomplete data.
Deletion (Right to be Forgotten): Request deletion of personal data in certain circumstances.
Restriction: Request restriction of processing in certain circumstances.
Data Portability: Receive data in a structured, commonly used, and machine-readable format.
Objection: Object to data processing, including for direct marketing.
Automated Decisions: Request human intervention and review of automated decisions.
Legal Retention Requirements
As a financial services provider, regulatory obligations may limit our ability to delete certain data:
AML Compliance: Legal requirements to retain transaction and identity data.
Financial Recordkeeping: Retention of certain financial records, typically 7 years.
Fraud Prevention: Some data may be retained for detecting and preventing fraud.
California Privacy Rights
If you are a California resident, under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), you have rights including:
Right to Know: Access information collected over the past 12 months.
Right to Delete: Request deletion, subject to regulatory exceptions.
Right to Opt-Out: Choose not to sell or share personal data.
Right to Correct: Correct inaccurate personal information.
Right to Limit Sensitive Data Use: Restrict use of certain sensitive personal information.
Non-Discrimination: Exercising rights will not result in discrimination.
To exercise California privacy rights, contact us via the Contact section. Identity verification may be required.
International Data Transfers
As a company registered in Ohio, USA, with an Australian technology entity, we process and transfer data across multiple jurisdictions:
1. U.S. Operations
iBnk Vault LLC is registered in Ohio and operates as a regulated Money Services Business (MSB). Processing of U.S. user data complies with applicable federal and state laws, including BSA, GLBA, AML, and KYC requirements.
2. Australian Operations
Data processed by Intellifusion Pty Ltd complies with the Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs). Cross-border transfers comply with OAIC standards.
3. APAC Data
Data from the Asia-Pacific region is processed in accordance with applicable laws, including PDPA (Singapore), PDPO (Hong Kong), APPI (Japan), PIPA (South Korea), DPDPA (India), and other regional regulations.
Transfers to the U.S. or other jurisdictions rely on adequacy decisions, Standard Contractual Clauses (SCCs), or equivalent mechanisms to protect data subject rights.
4. Global Data Protection Framework
Implement data protection measures meeting the highest standards required in the jurisdictions where we operate.
Apply supplementary safeguards for cross-border transfers, including encryption, access controls, and regular security audits.
Regularly review and update our data protection policies to ensure ongoing compliance with international regulations.
Data Localization Requirements
Where local laws require storing data within specific territories, we maintain the necessary infrastructure to comply with these data localization obligations, while still providing seamless global services. Regardless of where your data is processed or stored, we are committed to maintaining the highest standards of data protection. For any inquiries regarding country- or region-specific processing, please contact our Data Protection Team.
Age Restrictions
Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If we discover that we have inadvertently collected information from an individual under 18, we will take reasonable steps to delete such information from our records. If you believe we may hold information about or from a minor under 18, please contact us immediately at privacy@ibnk.xyz.
Policy Updates
We may periodically update this Privacy Policy to reflect changes in our data processing practices, legal requirements, or to improve clarity and transparency. Significant changes will be communicated through direct updates on our website. Users are encouraged to review the policy regularly to stay informed about how we handle data.
Important Notice: For questions, requests, or concerns regarding this Privacy Policy or our data processing practices, please contact us at the addresses above. We are committed to protecting your privacy and responding to your inquiries promptly.