Privacy Policy - Australian Blockchain Association

Thank you for choosing

AusBlock. Australian Blockchain Association Pty Ltd (“AusBlock”, “ABA”, “we”, “us” or “our”) operating under registration ACN 663 532 241, is committed to protecting your privacy and the security of your personal data. We operate a registered Australian digital exchange service that allows customers to buy, sell, and trade cryptocurrencies and related assets. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access or use our website and associated services (“Services”). By using our Services, you agree to the terms outlined below.

A. Overview and Applicability

AusBlock respects the privacy of all individuals who engage with our websites, applications, and other platforms (collectively, “services”). We comply with The Privacy Act 1988 (Cth), the Australian Privacy Principles, and additional obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), also known as the “AML/CTF Act”. This Privacy Policy applies to all personal data processed by us in Australia or elsewhere in connection with the provision of our services.

Key Points of This Policy

AusBlock collects certain data to meet legal obligations, particularly around AML/CTF.
We may, on occasion, share your personal data with third parties such as service providers, law enforcement, and regulators (including AUSTRAC).
You have certain rights, including the right to access or correct your personal information and to lodge a complaint if you are dissatisfied with how we handle your information.

We aim to maintain transparent and accountable data practices. If you have any concerns or queries, you can contact our Data Privacy Officer using the details provided in Part ‘N’ of this Policy.

B. Introduction

At AusBlock, we understand the importance of privacy and data security. This Privacy Policy describes:

The types of personal data we collect.
Why do we collect your personal data?
How we use and protect your personal data.
The rights and choices you have regarding your personal data.

We follow strict internal guidelines, legal requirements, and industry best practices to ensure that your data is kept secure and processed in accordance with applicable laws.

C. Our Commitment to Protecting Your Data

We have designed our privacy practices around respect for your personal data:

Security: We use robust data security measures, including encryption and identity verification, to protect your personal information.
Transparency: We regularly update this Privacy Policy so that you remain informed about how we collect, use, and share your data.
Accountability: We continually assess and update our compliance measures to align with local and international data protection laws.

D. AusBlock’s Privacy Principles

Transparency at All Times
We are committed to keeping you informed about how your data is used and shared. Any updates to our privacy practices or this Policy will be communicated to you promptly, empowering you to make informed decisions about your personal data.
Data Minimisation & Purpose Limitation
We collect and use only the personal data necessary for specific, legitimate business purposes. Our Privacy Policy and notices clearly outline the reasons for data collection and how such data helps us deliver and improve our Services.
Accountability and Compliance
We adhere to data protection regulations in all jurisdictions where we operate. Our privacy practices are regularly audited, and we have implemented strong governance controls to ensure compliance. Where required, we maintain security and privacy certifications that align with global standards.
User Rights and Access
We recognise your rights regarding your personal data. This Policy explains your privacy rights and details how you can exercise them. For ease of use, we provide tools and mechanisms (including webforms and in-app features) that facilitate your requests.
Data Security
We use industry-leading security measures to prevent unauthorised access, misuse, or loss of your data. Access to your data is strictly controlled internally, and we continuously refine our protocols to maintain the confidentiality and integrity of your information.
Privacy by Design
Our development processes ensure that privacy and data protection standards are integrated into all AusBlock products and services from the ground up.

E. How AusBlock Uses Your Data

Definition of Personal Data

“Personal data” refers to information that identifies you or relates to an identifiable individual. This may include:

Information provided by you directly, such as your name, address, email, or government-issued identification details.
Information collected automatically, such as IP addresses or location data.
Information obtained from third parties (where legally permissible).

Types of Personal Data We Collect and Hold

We gather information from you either directly (e.g. during onboarding) or indirectly (e.g. through cookies, blockchain checks, or third-party verifications). The extent of data collected and held may depend on your usage, location, and applicable laws.

Examples of personal data we may collect and hold include, but are not limited to:

Identity Information
Full Name, date of birth, nationality, and proof of ID (eg, government-issued identification such as a passport, driver’s licence or other forms of identification).
Contact Details
Email address, phone number/s, and residential or mailing address.
Financial and Transaction Data
Beneficiary bank account details, payment card information, cryptocurrency wallet addresses, transaction histories, and deposit/withdrawal records.
KYC/AML Documentation
Proof of address, occupation, source of funds/wealth, corporate registration documents (for non-individual customers) and Sanctions and PEP (Politically Exposed Person) checks.
Online/Usage Data
IP address, device identifiers, browser type, login timestamps, cookie data, and clickstream.
Communication Records
Messages with customer support, survey responses, and recordings, if required for verification or security purposes.

We may also collect sensitive or biometric data, such as a ‘self-portrait’, ‘selfie’ or “liveness check,” for identity verification. We only do so with your consent or where permitted by law, and we implement appropriate safeguards to ensure confidentiality.

At Ausblock, we use the Document Verification Service (DVS) to verify a customer’s identity by confirming that the details on their identity document match the government’s records. The DVS can also confirm that the details are still valid and have not expired or been cancelled. We do not give you the option of dealing with us anonymously or under a pseudonym. This is because it is impractical, and, in some circumstances, illegal for Ausblock to deal with individuals who are not identified.

F. Exercising Your Privacy Rights

Our global privacy framework takes inspiration from the European Union’s General Data Protection Regulation (GDPR) and other applicable data protection laws. While specific rights may vary depending on your jurisdiction, you may generally be entitled to:

Right to Access
You can request a copy of the personal data we hold about you and ask us to correct any inaccuracies. We typically respond within a reasonable timeframe, often within 30 days.
Right to Rectify
Request correction or completion of inaccurate or incomplete data.
Right to Delete
You can ask us to erase or de-identify your personal data if there is no legal basis for us to retain it. AML/CTF obligations, however, may require us to keep certain records for mandatory periods.
Right to Object
Object to the processing of your personal data for reasons relating to your particular situation, such as direct marketing.
Right to Restrict Processing
In specific cases, request temporary restriction of the processing of your data.
Right to Contest Automated Decisions
Request a reconsideration or manual review of decisions made solely by automated means.
Right to Data Portability
In some cases, request a transferable copy of certain data in a commonly used and machine-readable format.
Right to Withdraw Consent
Revoke consent where the lawful basis for processing is consent.
Right to Lodge a Complaint
If you believe we have not respected your privacy rights, you can complain (see Part ‘N’) through the designated channels. We encourage you to contact us first to resolve concerns promptly.

Please note that AML and sanctions regulations can override certain privacy rights, as we must retain or share data if mandated by law. If an automated decision significantly impacts you, you may request a review involving human intervention.

How to Exercise Your Rights

In-App Privacy Centre: Access or correct data, delete your account, and manage your preferences under the “Settings” tab.
Webforms or Dedicated Email: For requests related to account data, restrictions on processing, or automated decision appeals, contact our Data Protection Officer (DPO) Team. We may request documentation to verify your identity before processing.

AusBlock will generally respond to your requests within one month or within the timeframe required by local law.

Data Retention and Deletion

Certain information must be retained to comply with legal and regulatory requirements (e.g., financial transaction data or identity verification details). Where data retention is not mandated, we will honour your request to delete or remove personal data not strictly required for compliance purposes.

To provide more clarity, we generally apply the following guidelines:

Identity and KYC Documents: Retained for (7) years following account closure or last interaction, in compliance with AML regulations.
Transaction Records and Financial Data: Maintained for at least (7) years to satisfy accounting, tax, and AML/CTF obligations.
Support Tickets and Communication Logs: Retained for reference and potential dispute resolution, usually for (7) years unless required to be kept longer for investigations.
Online/Usage Data (e.g., IP logs): Generally stored for security monitoring and auditing for up to (7) years or as otherwise mandated.

G. Automated Decision-Making

We use automated tools to expedite processes like identity verification (KYC). While these tools enhance speed and accuracy, occasional errors may occur (for example, if family members closely resemble each other). If you believe you have been negatively impacted by an automated decision, please use our in-app or webform appeal feature or contact our DPO for assistance with a human review.

H. Data Portability

Where applicable, you may request a copy of your personal data in a commonly used, machine-readable format. You can do this through our Privacy Centre or by contacting our DPO.

I. Withdrawal of Consent

If you have previously consented to our use of your personal data for specific purposes (e.g. cookies for analytics, marketing communications), you may withdraw consent at any time. You can:

Update your cookie preferences in your account settings or on our webpage.
Unsubscribe from marketing emails via the “unsubscribe” link within those emails.

Withdrawing consent does not affect the legality of any processing carried out before your withdrawal.

J. Law Enforcement and Legal Requests

We may disclose user data in response to legitimate government, regulatory, or legal requests. Law enforcement authorities, courts, or other government officials may submit their requests directly through our dedicated channels. If you are not a registered user, you can still reach out to us via our website and proceed as a visitor. Relevant information may be shared when necessary and permissible by applicable laws.

K. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our privacy practices or legal requirements. When we make material changes, we will notify you via email or through prominent notices on our Services and update the “Effective Date” at the top of this Privacy Policy.

L. International Transfers

Although AusBlock primarily processes data within Australia, we may use service providers or store backups in other jurisdictions. When transferring personal data outside of Australia, we ensure that recipients implement safeguards akin to Australian Privacy Principles, often via contractual obligations or recognised data transfer mechanisms. We continue to monitor compliance to maintain the confidentiality, integrity, and security of your data, regardless of its physical location.

If local privacy laws in a recipient jurisdiction offer fewer protections, we limit transfers to what is strictly necessary and use additional measures—such as encryption at rest or strong access controls—to protect your data.

M. Children’s Privacy

Our services are not intended for users under the age of 18. We do not knowingly collect, use, or store personal information from minors. If you suspect a minor has provided us with personal data, kindly notify us so that we can delete such information and terminate the account, except where retention is required by law. Our services may be available to minors through parent/guardian supervision through the use of a Trust.

N. Contact Us or Lodge a Complaint

If you wish to exercise your rights, ask questions, or file a privacy complaint, you may reach out to the AusBlock Data Privacy Officer at:

Email: [email protected]

We will acknowledge your communication within a reasonable timeframe and strive to address your concerns promptly—usually within (30) days. If you remain dissatisfied, you can contact the Office of the Australian Information Commissioner (OAIC) or another relevant regulatory body in your jurisdiction. We encourage you, however, to allow us the opportunity to resolve any concerns first.

AusBlock strives to handle personal information responsibly while delivering secure, user-friendly digital exchange services. We are committed to meeting both Australian and international data protection standards and to upholding best practices for privacy, security, and compliance. If you have any questions about this Policy or wish to explore how AusBlock manages your personal information, please contact us at the details noted above.