This Privacy Policy describes how LLC "Bitcom" (hereinafter — "Company", "we") collects, uses, stores, and protects personal data of users of the Bitcom platform (hereinafter — "Platform").
LLC "Bitcom" is a digital asset service provider — a resident of the Technology Park for Software Products and Information Technologies (IT Park Dushanbe). Personal data processing is carried out in accordance with:
- Law of the Republic of Tajikistan "On Personal Data"
- Government Resolution of the RT dated July 31, 2024 No. 440 — Regulation on the Technology Park for Software Products and Information Technologies
- Requirements of legislation on combating money laundering and terrorist financing (AML/CFT)
Protecting your privacy is our priority. We collect only the data necessary to provide services and comply with legislation.
1. What Data We Collect
1.1. Data You Provide
- Registration data: Full name, email address, phone number
- Verification data (KYC): copy of identity document (passport), photograph (selfie), residential address
- Financial data: bank card details, cryptocurrency wallet addresses
- Contact data: information you provide when contacting customer support
1.2. Automatically Collected Data
- Technical data: IP address, browser type, operating system, unique device identifiers
- Usage data: time and date of visit, pages viewed, actions on the Platform
- Transaction data: transaction history, amounts, statuses
2. Purposes of Data Processing
We use your personal data for:
| Purpose | Legal Basis |
|---|---|
| Registration and account management | Contract performance |
| Conducting exchange transactions | Contract performance |
| Identity verification (KYC) | Legal requirements |
| Anti-money laundering (AML) | Legal requirements |
| Security assurance | Legitimate interest |
| Service improvement | Legitimate interest |
| Marketing communications | User consent |
3. Data Retention Period
In accordance with paragraph 64 of the Technology Park Regulation (Resolution No. 440) and AML/CFT legislation requirements, we store your personal data for the following periods:
- Account data: for the duration of the account and 5 years after its closure
- KYC data (customer identification): 5 years after the end of business relations — in accordance with AML/KYC requirements
- Transaction data: 5 years from the date of the transaction — to comply with anti-money laundering requirements
- Transaction supporting documents: 5 years — according to paragraph 64 of the Regulation
- Technical logs: 1 year — for security purposes
Important: The minimum data retention period for KYC and transactions — 5 years — is established by law and cannot be shortened at your request.
4. Data Protection
We apply the following measures to protect your data:
- Data encryption during transmission (SSL/TLS)
- Encryption of confidential data during storage
- Restriction of employee access to personal data
- Regular backup
- Security monitoring and protection against unauthorized access
- Regular security audits
5. Data Transfer to Third Parties
In accordance with paragraph 63 of the Technology Park Regulation, the Company has a designated officer responsible for AML/CFT compliance.
We may transfer your data to:
- Government authorities: upon request of authorized bodies in accordance with the legislation of the Republic of Tajikistan, including the National Bank and financial monitoring authorities
- Agency for Innovation and Digital Technologies: as part of regulatory oversight of IT Park entities
- Payment processing partners: for conducting financial transactions
- KYC/AML service providers: for identity verification, sanctions list checking, and regulatory compliance
- Technical providers: to ensure Platform operation (hosting, analytics)
We do not sell or transfer your personal data to third parties for marketing purposes without your explicit consent.
6. Your Rights
In accordance with personal data protection legislation, you have the right to:
- Access: obtain information about what data we store about you
- Correction: request correction of inaccurate data
- Deletion: request deletion of data (subject to legal restrictions)
- Restriction of processing: request restriction of data processing
- Portability: receive a copy of your data in machine-readable format
- Objection: object to data processing for certain purposes
- Consent withdrawal: withdraw previously given consent for data processing
To exercise your rights, contact: info@bitcom.tj
7. Cookies
We use cookies for:
- Ensuring Platform operation (necessary cookies)
- Saving your settings and preferences
- Analyzing Platform usage
- Improving security
You can manage cookies through your browser settings. Disabling some cookies may affect Platform functionality.
8. Children
The Platform is not intended for persons under 18 years of age. We do not knowingly collect data from minors. If you become aware that a minor has provided us with their data, please contact us to have it deleted.
9. Policy Changes
We may periodically update this Policy. We will notify you of significant changes by email or through a notice on the Platform. The date of the last update is indicated at the beginning of the document.
10. Contacts
For questions related to personal data processing:
- Email: info@bitcom.tj
- Address: Republic of Tajikistan, Dushanbe, Mirzo Tursunzoda Street, 27