privacy policy

Welcome to Bitboxy Privacy Policy

  1. Hi there, we’re Bitboxy Pty Ltd Markaz I-10, Islamabad, Islamabad Capital Territory Pakistan and welcome to our privacy policy. This policy sets out how we handle your personal information if you’re an Bitboxy user or visitor to our Sites. It applies across all our sites, including Bitboxy Elements, Bitboxy Market, Bitboxy Studio, Bitboxy Sites, Bitboxy Tuts+ and Placeit (the “Sites”) and our products, features, services, software applications, programs, add-ons, extensions, plug-ins, and other technologies we may develop or use from time to time (the “Products”). This policy applies to us and our affiliates, including Bitboxy Elements Pty Ltd, Bitboxy Sites Pty Ltd, Bitboxy Placeit Pty Ltd and Sonley Bell Mexico S.A. de C.V. (“Bitboxy”).
  2. All Bitboxy employees, agents and contractors are responsible for protecting personal information collected and processed by Bitboxy. It is the responsibility of all Bitboxy employees, agents and contractors to assist in the protection of personal information by acting in accordance with this policy.
  3. When we say ‘we’, ‘us’ or ‘Bitboxy’ it’s because that’s who we are and we own and run the Sites and/or Products.
  4. If you are in a country whose privacy laws use the concept of data controller and processor, for example in the European Economic Area (“EEA”), United Kingdom (“UK”), or Mexico, then:
    1. we are the ‘data controller’ of personal information related to your account, and to the delivery of our services and subscriptions to you;
  5. If we say ‘policy’ we’re talking about this privacy policy. If we say ‘user terms’ we’re talking about the rules for using each of the Sites and/or Products. The rules vary by product and each product makes them separately available and seeks consent to them separately from this policy.

The type of personal information we collect

  1. We collect certain personal information about visitors and users of our Sites and/or Products.
  2. The most common types of information we collect include things like: user-names, member names, email addresses, IP addresses, other contact details, survey responses, blogs, photos, payment information such as payment agent details, transactional details, tax information, support queries, forum comments (if applicable), content you direct us to make available on our Sites and/or Products (such as item descriptions and other information you choose to make available on your profile) and, your actions on our Sites and/or Products (including any selections or inputs into items, or text or image prompts) and web and email analytics data. We will also collect personal information from job applications (such as your CV, the application form itself, cover letter and interview notes) and from correspondence between you and us when you contact us.
  3. We also collect information about your device and your interactions with our Sites using cookies, web beacons and similar technologies. For more information on the types of information we collect automatically, please read the section on cookies below and our Cookie Policy.

How we collect personal information

  1. We collect personal information:
    1. directly when you provide it to us. For example, when you complete forms such as free trials, membership, email list, subscription or competition registrations, when you submit feedback or send us any other type of communication, or when you make transactions such as buying or providing services on our Sites or Products;
    2. automatically as you navigate through the Sites and/or Products;
    3. indirectly through other businesses that provide services associated with the Sites and/or Products, when you use those services, explained in further detail at paragraph 11.
  2. As the operator of digital content marketplaces and subscription services, we have a legitimate interest in verifying the identity of our authors. We believe that knowing who our authors are will strengthen the integrity of our marketplaces and subscription services by reducing fraud, making authors more accountable for their content and giving Bitboxy and customers the ability to enforce contracts for authors who break the rules. Bitboxy also has certain legal obligations that require us to know who our authors are in certain circumstances. In light of this, if you are an author we will verify your identity, in particular, your name, full address and date of birth by asking you to show us a Photo ID document. The verification procedure is called Bitboxy Verify. Bitboxy Verify will be carried out by our service provider Jumio Corporation Markaz I-10, Islamabad, Islamabad Capital Territory Pakistan. As part of Bitboxy Verify, you will be asked to take a selfie which will then be compared against your Photo ID document using facial recognition technology. We will use your Photo ID document and your selfie solely to carry out Bitboxy Verify and delete it after the completion of this process. If you are located in Australia, the EEA or the UK or Mexico, we will only process your biometric information or other sensitive personal information with your explicit consent.

Personal information we collect about you from others

  1. Although we generally collect personal information directly from you, on occasion, we also collect certain categories of personal information about you from other sources. In particular, this may include:
    1. financial and/or transaction details from payment providers located in USA, UK, and Australia in order to process a transaction;
    2. third party service providers (like Google and Facebook) who are located in various countries, including USA, UK, Mexico, Uruguay or Vietnam which may provide information about you when you link, connect, or login to your account with the third party provider and they send us information such as your registration and profile from that service. The information varies and is controlled by that service provider or as authorized by you via your privacy settings at that service provider; and
    3. other third party sources/and or partners from various countries, including Australia, USA, Mexico, Uruguay or Vietnam whereby we receive additional information about you (to the extent permitted by applicable law), such as demographic data or fraud detection information, and combine it with information we have about you. For example, fraud warnings from service providers like our identity verification service. We also receive information about you and your activities, experiences and interactions on and off the Sites and/or Products through partnerships with our partner ad networks. We also receive information about you as a rights holder from our third party authors. For example, information in the form of a model release when your image is used in an item made available on our Sites and/or Products; and
    4. the Subscriber of the account, if you’re a member of a team, agency or other organisation that uses our Sites and/or Products.

How we use personal information

  1. We will use your personal information:
    1. to perform our contractual obligations towards you as you browse and use the Sites and/or Products in particular, by facilitating and processing transactions that take place on the Sites and/or Products, such as when you purchase an item from our marketplace or subscription service;
    2. when it is necessary for purposes which are in our, or third parties’, legitimate interests. These interests include:
      1. operating the Sites and/or Products;
      2. providing the services described on the Sites and/or Products;
      3. verifying your identity when you sign in to any of our Sites and/or Products;
      4. responding to support tickets, and helping facilitate the resolution of any disputes;
      5. updating you with operational news and information about our Sites and/or Products e.g. to notify you about changes to our Sites and/or Products, outages;
      6. carrying out technical analysis to determine how to improve the Sites and/or Products we provide and to create new Sites and/or Products;
      7. monitoring activity on the Sites and/or Products, e.g. to identify potential fraudulent activity and to ensure compliance with the user terms that apply to the Sites and/or Products;
      8. managing our relationship with you, e.g. by responding to your comments or queries submitted to us on the Sites and/or Products or asking for your feedback or whether you want to participate in a survey;
      9. managing our legal and operational affairs (including, managing risks relating to content and fraud matters);
      10. training Bitboxy staff about how to best serve our user community;
      11. improving existing and creating new products and services;
      12. providing general administrative and performance functions and activities;
      13. verifying your identity including by comparing a selfie taken by you against your Photo ID document using facial recognition technology (subject to your explicit consent if required by applicable law);
      14. processing your job application to Bitboxy; and
      15. using data analytics to measure the effectiveness of advertising and marketing of the Sites, and improve the optimization of our Sites and/or Products (including by way of data analytics tools);
    3. subject to your consent (where required), and unless you have opted out of receiving marketing communications, providing you with marketing information about products and services which we feel may interest you. You can opt out of such communications by following the unsubscribe mechanism on any communication, or by otherwise contacting us as set out at the end of this policy;
    4. subject to your consent (where required), customising our services and websites, like advertising that appears on the Sites in order to provide a more personalised experience;
    5. for purposes which are required by law, or, where we have a legitimate interest, to respond to and/or defend ourselves against complaints, disputes or legal claims;
    6. for the purpose of responding to requests by government, a court of law, or law enforcement authorities; or
    7. where we require your personal information to comply with legal or contractual obligations.
  2. If we can’t collect and use data for these purposes, then we may not be able to manage our contractual relationship with you, provide you with the Sites and/or Products, or meet legal obligations placed on us. In all other cases, provision of requested personal information is optional.

When we disclose your personal information

  1. We will disclose personal information to the following recipients:
    1. companies that are in the Bitboxy group, including but not limited to those which are located in Australia, Mexico, USA, New Zealand, Pakistan and Uruguay;
    2. if applicable, authors of any items or services made available to you, so they can facilitate support and license validation, who may be located in any of the countries our products are available in;
    3. the Subscriber of the account, if you’re a member of a team, agency or other organisation that uses our Sites and/or Products;
    4. If applicable, anyone who uses assets that you have made available through our Sites and/or Products;
    5. subcontractors and service providers who assist us in connection with the ways we use personal information (as set out above), in particular: website hosting providers which are located in Australia, USA and Ireland; technical and customer support services which are located in Australia, Canada, Germany, Italy, Latvia, Philippines, Poland, Mexico, Romania, Spain, Sweden, Switzerland, UK, United Arab Emirates, USA, Uruguay, and Vietnam; recruitment agencies which are located in Australia, USA and Mexico; marketing and analytics services which are located in USA, Singapore andPakistan; security and fraud prevention services which are located in USA; subscription management services which are located in USA; payment processing services which are located in USA, UK and Australia; identification verification services located in the UK; and operational tooling services which are located in USA. Noting that our subcontractors and services providers may also transfer and access such information from other countries in which they have operations;
    6. our professional advisers (lawyers, accountants, financial advisers etc.) which are located in various countries, including in Australia, Ireland, Mexico, UK, USA, Uruguay andPakistan;
    7. regulators and government authorities in connection with our compliance procedures and obligations;
    8. a purchaser or prospective purchaser of all or part of our assets or our business, and their professional advisers, in connection with the purchase;
    9. a third party to respond to requests relating to a criminal investigation or alleged or suspected illegal activity;
    10. a third party, in order to enforce or defend our rights, or to address financial or reputational risks;
    11. a rights holder in relation to an allegation of intellectual property infringement or any other infringement; and
    12. other recipients where we are authorised or required by law, or requests by government, a court of law, or law enforcement authorities, to do so.

Where we transfer and/or store your personal information

  1. We are based in Australia, New Zealand, Mexico and USA so when your data is transferred to us it will be processed in those countries. Some of the recipients we have described in the section 14 above, and to whom we disclose your personal information, are based around the world including in places like Australia, Canada, Ireland, Mexico, Philippines, Poland, Romania, UK, USA, India, Uruguay, Vietnam, New Zealand, Singapore, Germany, Italy, Latvia, Philippines, Spain, Sweden, Switzerland, United Arab Emirates andPakistan. These countries may not provide the same protections as the data protection laws where you are based. When we transfer data to these recipients, we do this on the basis of this policy and we will ensure that relevant safeguards are in place to afford adequate protection for your personal information and we will comply with applicable data protection laws. For example, if you are in the EEA or the UK we may rely on a UK government adequacy regulation or adequacy decision by the European Commission, on contractual protections for the transfer of your personal information or a derogation if available. We also take care to work with subcontractors and service providers who we believe maintain an acceptable standard of data security compliance.
  2. Where you are located in New Zealand, by providing us with your personal information, you authorise us to disclose that personal information to the recipients described in the section above (including those recipients that may not be required to protect your personal information in a way that provides comparable safeguards to those under the data protection laws where you are based).

How we keep your personal information secure

  1. We store personal information on secure servers that are managed by us and our service providers, and occasionally hard copy files that are kept in a secure location in Australia, Ireland, Mexico, USA and New Zealand. We use reasonable organizational, technical and administrative measures designed to protect against unauthorized access, misuse, loss, disclosure, alteration and destruction of the personal information we process, including username and password authentication, two-factor authentication, and data encryption where appropriate. Unfortunately, data transmission over the internet cannot be guaranteed as completely secure. Therefore, while we strive to protect your personal information, we cannot guarantee its security.

Your rights relating to your personal information

  1. Depending on the jurisdiction you are located in, you may have the following rights, as provided under applicable law and subject to any limitations in such law:
    1. To access the personal information we hold about you;
    2. To request we correct any inaccurate personal information we hold about you;
    3. To request we delete any personal information we hold about you;
    4. To restrict the processing of personal information we hold about you;
    5. To object to the processing of personal information we hold about you; and/or;
    6. To receive any personal information we hold about you in a structured and commonly used machine readable format or have such personal information transmitted to another company.
  1. Please note that, prior to any response to the exercise of such rights, we may require you to verify your identity or confirm the specific right that you’re seeking to exercise, by providing any or all of the following information, in accordance with the provisions of the applicable law in each country: (i) name and address or other means to communicate the response to your request; (ii) documents proving your identity or, of your legal representative, if applicable; (iii) a clear and precise description of the personal information in respect of which the applicable right applies; (iv) the express manifestation to revoke your consent to the processing of your personal information and, therefore, not to use it; and (v) any other element that facilitates the location of the personal information.
  2. If you seek to exercise any of the rights described in section 18, we may need to pass on costs that are strictly necessary for the reproduction, modification or sending of personal information to you. Otherwise, your exercise of these rights will be free of charge.
  3. These rights are limited in some situations – for example, if we can demonstrate that we have a legal requirement to process your personal information. In some instances, this means that we may retain some data even if you withdraw your consent. Note that a request to limit the collection, use, disclosure and storage of your personal information and/or the deletion of personal information during your relationship with Bitboxy will be taken into consideration in accordance with the internal procedures, legal needs and legal obligations that Bitboxy may be subject to under applicable legislation in each country.
  4. You can access or correct some of the personal information that we collect about you by logging in to your account. You can also close the account you have with us for any of our Sites at any time. To make a request to exercise any other rights you have, contact us using the contact details at the end of this policy.

Marketing choices regarding your personal information

  1. We may send you marketing communications by email about products and services that we feel may be of interest to you and will obtain your consent, where it is required by law. You can ‘opt-out’ of such communications if you would prefer not to receive them in the future by using the “unsubscribe” facility provided in the communication itself.
  2. You also have choices about cookies, as described below. By modifying your browser preferences, you have the choice to accept all cookies, to be notified when a cookie is set, or to reject all cookies. If you choose to reject cookies some parts of our Sites may not work properly in your case.

Cookies and web analytics

  1. For more information about how we use cookies, web beacons and similar technologies see our cookie policy here and for more general information on cookies,
  2. When you visit our Sites, we automatically collect certain information including:
    1. your IP address or proxy server IP address;
    2. the domain name you requested;
    3. the name of your internet service provider is sometimes captured depending on the configuration of your ISP connection;
    4. the date and time of your visit to the website;
    5. the length of your session;
    6. the pages which you have accessed;
    7. the number of times you access our sites within any month;
    8. the file URL you look at and information relating to it;
    9. the website which referred you to our Sites;
    10. the operating system which your computer uses; and
    11. the technical capabilities of your web browser.
  3. We may use cookies to understand your behavior as a user of our Sites and give you a better experience when browsing our Sites, in case you would like to disable them or configure their use, you may consult the “Settings” section of your browser.
  4. Occasionally, we will use third party advertising companies to serve ads based on prior visits to our Sites. For example, if you visit our Sites, you may later see an ad for our products and services when you visit a different Site. Read more about your options in our cookie policy. However, please note that Bitboxy is only responsible for data collected directly on our Sites. We cannot in any way be responsible for the collection and/or processing of your personal information on any third party website, therefore we recommend that you consult the third party’s privacy notice and policies before providing any personal information.

Information about children

  1. Our Sites and/or Products are not suitable for children under the age of 16 years, so if you are under 16 we ask that you do not use our Sites and/or Products or give us your personal information (if you are a young tech wiz, please direct your nearest responsible adult to use the Sites and/or Products for you!). If you are aged between 16 to 18 years, you can browse the Sites and/or Products but you’ll need the supervision of a parent or guardian to become a registered user. It’s the responsibility of parents or guardians to monitor their children’s use of our Sites and/or Products.

Information you make public or give to others

  1. If you make your personal information available to other people, we can’t control or accept responsibility for the way they will use or manage that data. There are lots of ways that you can find yourself providing information to other people, like when you post a public message on a forum thread, share information via social media, or make contact with another user (such as a third party Author) whether via our Sites and/or Products or directly via email. Before making your information publicly available or giving your information to anyone else, think carefully. If giving information to another user via our Sites and/or Products, ask them how they will handle your information. If you’re sharing information via another website, check the privacy policy for that site to understand its information management practices as this policy will not apply.

How long we keep your personal information and how you can manage or delete your personal information

  1. We retain your personal information for as long as is necessary for the purposes outlined in this policy. To determine the appropriate retention period for your personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we use your personal information and whether we can achieve those purposes through other means, and other applicable legal requirements.
  2. If you no longer want us to provide you with the Bitboxy services, or if you would like to exercise any of the rights set out in paragraph 18, please:
    1. contact our Data Protection Officer in writing at PO Box 16122 Collins Street West, Victoria 8007 Australia or privacy.champion@Bitboxy.com; or
    2. submit a request form through our help centre for the relevant Bitboxy service located at https://www.Bitboxy.com/contact/.
  3. If you’re looking to report a security vulnerability in an Bitboxy product or item for sale please head over to our Helpful Hacker Program page.
  4. Please note that if you request the erasure of your personal information we may retain information from deleted accounts as necessary for our legitimate business interests, to comply with the law, prevent fraud, collect fees, resolve disputes, troubleshoot problems, assist with investigations or requests by government, a court of law, or law enforcement authorities, enforce the terms of service and take other actions permitted by law. Any information we retain will be handled in accordance with this policy.

When we need to update this policy

  1. We will need to change this policy from time to time in order to make sure it stays up to date with the latest legal requirements and any changes to our privacy management practices.
  2. When we do change the policy, we take steps to notify you about such changes, where required by applicable law. A copy of the latest version of this policy will be available on this page or other websites.

How you can contact our Data Protection Officer

  1. If you wish to exercise any of your rights under this policy, or have any inquiries or complaints about our privacy practices or the way in which we have been managing your personal information, in the first instance please contact our Data Protection Officer in writing at PO Box 16122 Collins Street West, Victoria 8007 Australia or  to our nominated data protection representative. We ask that when you provide any information to us, (a) you provide sufficient information that allows us to reasonably verify you or are an authorised representative of that person; and (b) provide sufficient detail such that we understand and can evaluate your request. We will deal with the matter within a reasonable time, and within any timeframe prescribed by applicable law, and keep you informed of the progress of our investigation.

How you can contact our EU and UK Representative

  1. VeraSafe has been appointed as Bitboxy representative in relation to the General Data Protection Regulation of the European Union and the United Kingdom. If you are in the EEA or the UK, you may also contact us at VeraSafe in addition to our Data Protection Officer (see above) only on matters related to the processing of personal information. To make such an inquiry, please contact VeraSafe using this contact form:
  2. Alternatively, VeraSafe can be contacted at:
    Markaz I-10, Islamabad, Islamabad Capital Territory

Complaints

  1. If you contact us with a complaint about our handling of your information, we will acknowledge receipt of the complaint, attend to all complaints promptly and seek to resolve any complaint as soon as reasonably practicable.
  2. If you have unresolved concerns after contacting us, you may also have the right to complain to data protection authorities. The relevant data protection authority will be the data protection authority of the country: (i) of your habitual residence; (ii) of your place of work; or (iii) in which you consider the alleged infringement has occurred. In Australia, this includes the Office of the Australian Information Commission (OAIC). Contact details are available at www.oaic.gov.au. In Mexico, the competent authority to handle personal information protection matters is the National Institute for Transparency, Access to Information and Protection of Personal Data (INAI)

Californian Users

  1. If you’re a user or visitor from the state of California in the USA, this section applies to you.
  2. Application
    We have adopted and included in this policy the below to comply with the Californian Consumer Privacy Act 2018 (CCPA). Any terms in this section are defined in the CCPA and have the same meaning given therein.
    1. Categories of Information we collect

      CATEGORY COLLECTED? DISCLOSED?

      Identifiers
      This includes names, addresses (both physical and email) personal identifiers (including online, internet protocol addresses, or other similar identifiers. Yes Yes Personal Information categories under the California Customer Records statue (Cal. Civ. Code §1798.80e)
      This includes names, signatures, physical characteristics, address, telephone numbers, state identification numbers, education, employment, bank account numbers, credit card number, debit card number. Yes Yes Protected Classification characteristics under Californian or federal law.
      This includes age, race, colour, ancestry, national origin, citizenship, religion or creed, marital status, medical conditions, physical or mental disability, sex, sexual orientation, veteran or military status, genetic information. Yes No Biometric Information
      Genetics, physiological behavioural or biological characteristics. Yes Yes Internet or similar network activity
      History or search history. Yes No Geolocation date
      Physical location or movements. Yes No Employment
      Current or past employment history. Yes No Education
      Information that is not publicly available as defined in the California Family Education Rights and Privacy Act (20 U.S.C section 1232g, 34 C.F.R, Part 99). No No Inferences Yes No

    2. Do not sell or share my personal information
      We don’t sell your personal information, but the way that we advertise our products to you on different platforms is considered in some states in the USA, including in California, to amount to sharing or disclosure. If you don’t want us to do that you can opt out by emailing us at support@bitboxy.com. Just write Do not sell my data in the subject line and let us know your name, the email address linked with your account and the Bitboxy service that you use, and we’ll do the rest. A representative can also make this request on your behalf, and they’ll need to be able to verify their role in relation to your request.
    3. Your rights and choices
      The CCPA provides those residing in California or whose Personal Information has been collected in California with specific rights, including to request information about the collection of your Personal Information by us, to access your Personal Information in a portable format, to correct your Personal Information, to object to the processing of your Personal Information, and to delete Personal Information on legitimate grounds.
    4. Response times
      All our communications will be via email and any disclosures we provide will only cover a 12-month period preceding your request. If applicable, any response from us may also provide a reason why we cannot comply with a request.
    5. Access to Information and Data Portability Rights
      1. You have the right to request that we disclose information to you about your Personal Information over the last twelve (12) months that we have collected or otherwise used.
      2. We must disclose to you, once we confirm your verifiable information access request, (a) the categories and sources of Personal Information we collected about you, (b) our purpose for collecting the Personal Information.
      3. We may not be able to respond to you if you do not provide sufficient detail or information.
    6. Right to request a deletion of Personal Information
      1. Where you provide us with a request to delete your Personal Information (subject to certain limited exceptions) we will delete your Personal Information from our records.
      2. If you fall within one of the limited exceptions, we will notify you as soon as reasonable.
    7. Right to non-discrimination for the exercise of a consumer’s privacy rights
      We will not discriminate against you if you exercise your privacy rights.
    8. Both personal information and personal data have the same meaning in the context of this policy.

We’re really glad you made it to the end of the policy, because knowing this stuff is the best way to understand how your personal information is used and how to best manage it!

Up to Top