PRIVACY POLICY

AusBlock (“AusBlock,” “we,” “us,” or “our”) is committed to protecting your privacy and the security of your personal data. We operate a registered Australian digital exchange service that allows customers to buy, sell, and trade cryptocurrencies and related assets. This Privacy Policy explains how and why we collect, use, disclose, store, and protect the personal information of those who interact with our services. By using our services, you agree to the practices outlined in this document. If you do not agree with our policy, please discontinue use of our services immediately. 

A. Overview & Applicability

AusBlock respects the privacy of all individuals who engage with our websites, applications, and other platforms (collectively, “services”). We comply with The Privacy Act 1988 (Cth), the Australian Privacy Principles, and additional obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), also known as (“AML/CTF Act”). This Privacy Policy applies to all personal data processed by us in Australia or elsewhere in connection with the provision of our services. 

Key Points of This Policy 

  • AusBlock collects certain data to meet legal obligations, particularly around AML/CTF. 
  • We may, on occasion, share your personal data with third parties such as service providers, law enforcement, and regulators (including AUSTRAC). 
  • You have certain rights, including the right to access or correct your personal information and to lodge a complaint if you are dissatisfied with how we handle your information. 

Our aim is to maintain transparent and accountable data practices. If you have any concerns or queries, you can contact our Privacy Officer using the details provided in Section12 of this Policy. 

B. Types of Personal Data We Collect

We gather information from you either directly (e.g. during onboarding) or indirectly (e.g. through cookies, blockchain checks, or third-party verifications). The extent of data collected may depend on your usage, location, and applicable laws. 

Examples of personal data we may collect include, but are not limited to: 

  • Identity Information: Name, date of birth, nationality, and government-issued identification (e.g. passport, driver’s licence or other forms of identification). 
  • Contact Details: Email address, phone number, and residential or mailing address. 
  • Financial and Transaction Data: Bank account details, payment card information, cryptocurrency wallet addresses, transaction histories, and deposit/withdrawal records. 
  • KYC/AML Documentation: Proof of address, source of funds/wealth, corporate registration documents (for non-individual customers) and Sanctions and PEP (Politically Exposed Person) checks. 
  • Online/Usage Data: IP address, device identifiers, browser type, login timestamps, cookie data, and clickstream. 
  • Communication Records: Messages with customer support, survey responses, and recordings if required for verification or security purposes.

We may also collect sensitive or biometric data, such as a self portrait’,selfie or “liveness check,” for identity verification. We only do so with your consent or where permitted by law, and we implement appropriate safeguards to ensure confidentiality. 

C. Reasons for Collecting Personal Data

We collect your personal data to operate a secure and trustworthy exchange, comply with regulatory obligations, and improve our services. In particular: 

  • Account Creation and Verification: We need to verify your identity, check identification details across PEPs or Sanctions lists, and determine whether you meet AusBlock’s customer eligibility criteria. 
  • Compliance with AML/CTF Rules: We are required to gather and verify information about you to detect, prevent, and report suspicious or illicit activities. We may share your information with relevant authorities such as AUSTRAC if we have reasonable grounds to believe there may be suspicious behaviour or activity. 
  • Transaction Processing: We may use your financial details and on-chain wallet addresses to facilitate deposits, withdrawals, and trading requests. 
  • Service Delivery and Communication: We rely on your contact details to provide updates regarding your account, resolve support queries, and send transaction confirmations. 
  • Risk Management and Fraud Prevention: We may monitor user activities, IP addresses, and device logs to prevent unauthorised access, account compromises or fraudulent transactions. Automated checks may suspend or flag high-risk accounts for an account conduct review. If significant action is taken purely based on automated decision-making, you may contact us to request a human review. 
  • Website and Platform Improvements: We may use data such as click patterns, page views, and login times to optimise our services’ performance, user experience, and security architecture. 

D. Use of Cookies & Similar Technologies

AusBlock uses cookies, web beacons, and similar tools to store session information and understand user interactions. While these technologies help us remember your preferences and detect suspicious activities, you may control or disable certain cookies through your browser settings. Please note, however, that blocking or deleting cookies may affect functionalities such as persistent login or account customisation and may limit your ability to use certain platform features in full. 

E. Disclosure & Sharing Data

Although AusBlock treats personal data as confidential, certain circumstances require us to share your information with third parties. Typically, we disclose your data only where necessary for: 

  • Service Provision: We may provide relevant personal data to trusted partners or vendors, including KYC/AML verification providers, PEP and Sanctions screening providers, payment processors, blockchain analytics platforms, and cloud-hosting services. We conduct due diligence on these partners and sign data protection agreements or equivalent contractual clauses to ensure they follow acceptable privacy and security standards. 
  • Regulatory and Legal Requests: We may share data with law enforcement agencies, governmental or regulatory bodies, or as mandated by court orders. This can include fulfilling obligations under the ‘Travel Rule’, which mandates sharing specific information about the originator and beneficiary of certain cryptocurrency transactions. 
  • Group Entities and Affiliates: If we operate multiple brands or partner with companies in our corporate group, we may exchange your data internally, always subject to confidentiality constraints and a legitimate reason to access it. 
  • Business Transactions: In events such as mergers, acquisitions, or reorganisations, personal data may be transferred to the acquiring entity, provided they agree to respect privacy protections equivalent to those covered in this Policy. 
  • Fraud Prevention and Security: If we believe a user’s activities threaten the security or stability of our exchange, we may share relevant data with external security experts or credit risk agencies to protect user assets and our systems. 

AusBlock does not sell or rent your personal data to unrelated third parties for marketing or advertising purposes. Where we aggregate or de-identify data for business insights, it cannot reasonably be used to identify any individual or non-individual entity.

F. International Transfers

Although AusBlock primarily processes data within Australia, we may use service providers or store backups in other jurisdictions. When transferring personal data outside of Australia, we ensure that recipients implement safeguards akin to Australian Privacy Principles, often via contractual obligations or recognised data transfer mechanisms. We continue to monitor compliance to maintain the confidentiality, integrity, and security of your data, regardless of its physical location.

If local privacy laws in a recipient jurisdiction offer fewer protections, we limit transfers to what is strictly necessary and use additional measures—such as encryption at rest or strong access controls—to protect your data.

G. Data Retention & Accuracy

AusBlock retains personal information only as long as needed for the purposes described in this Policy or to meet legal obligations such as AML/CTF record-keeping requirements. In many cases, we keep data for at least (7) years from the end of your relationship with us, or longer if required by authorities or due to ongoing disputes. 

To provide more clarity, we generally apply the following guidelines: 

  • Identity and KYC Documents: Retained for (7) years following account closure or last interaction, in compliance with AML regulations. 
  • Transaction Records and Financial Data: Maintained for at least (7) years to satisfy accounting, tax, and AML/CTF obligations. 
  • Support Tickets and Communication Logs: Retained for reference and potential dispute resolution, usually for (7) years unless required to be kept longer for investigations. 
  • Online/Usage Data (e.g., IP logs): Generally stored for security monitoring and auditing for up to (7) years or as otherwise mandated. 

We encourage you to update your account profile if your personal details change. Keeping information accurate and up to date helps us verify transactions swiftly and comply with regulatory standards. Periodically, we may request that you review and confirm your personal data for accuracy and completeness.

H. Security Measures

We implement a comprehensive suite of technical and organisational measures to protect your data. These measures include encryption protocols (e.g. TLS) for data in transit, firewalls, secure server environments, and continuous monitoring for anomalies. We restrict employee access to sensitive information, utilise multi-factor authentication for administrative accounts, and log key activities to identify suspicious behaviour. 

If a data breach occurs that poses a risk of serious harm, we will promptly notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with Australia’s Notifiable Data Breaches scheme. We also maintain an incident response plan that includes investigation, containment, and remediation procedures. 

I. Your Rights & Choices

Depending on Australian law and, if applicable, the laws of other jurisdictions, you may have the following rights regarding your personal data: 

  • Access and Correction: You can request a copy of the personal data we hold about you and ask us to correct any inaccuracies. We typically respond within a reasonable timeframe, often within 30 days. 
  • Opt-Out of Certain Communications: You can unsubscribe from non-essential marketing or promotional emails. Operational or account-related messages are not subject to opt-out because they are essential to our services. 
  • Deletion or De-Identification: You can ask us to erase or de-identify your personal data if there is no legal basis for us to retain it. AML/CTF obligations, however, may require us to keep certain records for mandatory periods. 
  • Withdrawal of Consent: Where we rely on your consent for particular processing activities (e.g. biometric checks), you may withdraw it at any time, provided no overriding legal requirements exist. We record such withdrawals to ensure your preferences are respected. 
  • Complaint: If you believe we have not respected your privacy rights, you can lodge a complaint (see Section12) through the designated channels. We encourage you to contact us first to resolve concerns promptly. 

Please note that AML and sanctions regulations can override certain privacy rights, as we must retain or share data if mandated by law. If an automated decision significantly impacts you, you may request a review involving human intervention.

J. Children’s Privacy

Our services are not intended for users under the age of 18. We do not knowingly collect, use, or store personal information from minors. If you suspect a minor has provided us with personal data, kindly notify us so that we can delete such information and terminate the account, except where retention is required by law. Our services may be available to minors through parent/guardian supervision through the use of a Trust structure. 

K. Changes to This Privacy Policy

From time to time, we may revise this Privacy Policy to address evolving legal, regulatory, or operational needs. We may post updates on our website and revise the “Last Updated” date accordingly. Significant changes that could materially affect your rights will be highlighted or communicated more prominently. By continuing to use our services after these changes become effective, you have acknowledged the revised Policy. 

Contact Us or Lodge a Complaint

If you wish to exercise your rights, ask questions, or file a privacy complaint, you may reach out to the AusBlock Privacy Officer at: 

Email: [email protected]

We will acknowledge your communication within a reasonable timeframe and strive to address your concerns promptly—usually within (30) days. If you remain dissatisfied, you can contact the Office of the Australian Information Commissioner (OAIC) or another relevant regulatory body in your jurisdiction. We encourage you, however, to allow us the opportunity to resolve any concerns first. 

AusBlock strives to handle personal information responsibly while delivering secure, user-friendly digital exchange services. We are committed to meeting both Australian and international data protection standards and to upholding best practices for privacy, security, and compliance. If you have any questions about this Policy or wish to explore how AusBlock manages your personal information, please contact us at the details noted above. 

Last Updated: 27 February 2025