Last Updated: Dec 12, 2023
This “Privacy Notice” describes the privacy practices of Cube Exchange Australia Pty Ltd for itself and its affiliated companies (collectively, “Cube”, “our”, “us” or “we”). (“Cube,” “we,” “our,” or “us”) in connection with the https://www.cube.exchange website (the “Site”) and any other website that we own or control and which posts or links to this Privacy Notice, our mobile application (“App”) and our related products and services (collectively, the “Services”). This Privacy Notice also explains the rights and choices available to individuals with respect to their information. We refer to all of the websites and our APP as the “Platform.”
Please read this Privacy Notice carefully to understand our policies and practices regarding your information. If you do not agree with our policies and practices, your choice is not to use the Site and Services. By accessing or using the Site and Services, you acknowledge this Privacy Notice.
Updates to This Notice
We may update this Privacy Notice based upon evolving laws, regulations and industry standards, or as we may make changes to our Platform. We will post changes to our Privacy Notice on this page and encourage you to review our Privacy Notice when you use our Site to stay informed. If we make changes that materially alter your privacy rights, we will take appropriate measures to inform you, consistent with the significance of the changes we make. If you disagree with the changes to this Privacy Notice, you should discontinue your use of the Site and Services.
Our Site and Services are not directed to, and we do not knowingly collect Personal Data from, anyone under the age of 18. If a parent or guardian becomes aware that his or her child has provided us with information, they should contact us. We will delete such information from our files as soon as reasonably practicable. But entering into our Wait List or requesting any Services from us, you agree and acknowledge that you are not under the age of 18.
Personal Data Controller
The term “Personal Data” as used in this policy, describes information that can be associated with a specific person and can identify that person. Personal Data does not include information that has been aggregated or anonymized so that a specific person can no longer be identified. Any reference to 'Personal Data' in this Privacy Notice includes without limitation 'Personal Information' as defined by the Australian Privacy Act 1988 (Cth).
A Personal Data controller is a person or organization who controls the collection, holding, processing or use of Personal Data, including a person or organization who instructs another person or organization to collect, hold, process, use, transfer or disclose Personal Data on his or her behalf.
Types of Personal Data Collected
The types of Personal Data that we may collect from you or through third parties will depend on our interactions with you and may include:
- Identification information such as your name, address, date of birth, place of birth, citizenship, nationality, country of residence, gender, phone number, email address and in the case of entities, control data;
- Employment information and employer identification number;
- Verification information such as photographs, passports, driver’s licenses, government-issued identification cards, selfie photos and videos, login credentials and proof of residency;
- Biometric information that may be generated from your photos;
- Financial information such as your bank account number, payment card account number, wallet addresses, tax identification number, and wealth verification statements;
- Transaction information such as the names of senders and recipients of funds, timestamp of the transactions, trading account balances, trading activities, your inquiries and our responses;
- Information on whether you (or someone close to you) holds a prominent public function;
- Usage Data which can include your IP address, Uniform Resource Identifier (URI) addresses, your country of origin, the features of the browser or operating system utilized by you, how you use our websites, mobile applications and products/services, among other identifiers;
- Marketing Data which can include your preferences in receiving marketing from us, third parties and your communication preferences.
- Other personal data or commercial and/identification information that we, in our sole discretion, may deem necessary to comply with various applicable anti-money laundering laws and regulations.
We may also collect Personal Data about you from third parties and other sources such as publicly available sources of information, or related entities, companies and businesses of Cube.
We collect this information from you when you freely provide it on the Site or when you use our Services. We may also collect your Personal Data from third parties or publicly available sources as noted above.
Unless specified otherwise, all Personal Data requested by our Services is mandatory and failure to provide this Personal Data may make it impossible for you to use our Services. In cases where our Site and Services specifically state that some Personal Data is not mandatory, users are free not to communicate this Personal Data without consequences to the availability or the functioning of the Site and Services. Users who are uncertain about which Personal Data is mandatory may contact us for clarification.
Information We Automatically Collect
When you visit the Site or our App, we may automatically collect certain information about your device, including information about your web browser, IP address and/or domain name, IMEI or other device information, your login information, browser type and version, timezone setting, browser plug-in types and versions, operating systems and platforms, location information, and some of the cookies that are installed on your device using cookies and similar technologies. Additionally, as you browse the Site, we may collect information about the individual web pages or services that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site.
Cookies & Similar Technologies
Types of Cookies
We use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your device until you delete them). To make it easier for you to understand why we need them, the Cookies we use on our Site can be grouped into the following categories:
- Strictly Necessary: These Cookies are necessary for the Site to work properly. They include any essential authentication and authorization Cookies for our Site.
- Functionality: These Cookies enable technical performance and allow us to remember the choices you make while browsing our Site, including any preferences you set. They also include sign-in and authentication Cookies and IDs that enable you to return without additional sign-in.
- Performance/Analytical: These Cookies allow us to collect certain information about how you navigate the Site and services running on your device. They help us understand which areas you use and what we can do to improve them.
- Targeting: These Cookies are used to deliver relevant information related to our Site to an identified machine or other device (not a named or otherwise identifiable person) which has previously been used to visit our Site. Some of these types of Cookies on our Site are operated by third parties with our permission and are used to identify advertising sources that are effectively driving customers to our Site.
Cookies Set by Third Party Websites
To enhance our content and to deliver a better online experience for our users, we sometimes embed images and videos from other websites on the Site. We currently use, and may in the future use, content from websites such as YouTube, Facebook, LinkedIn, and Twitter. You may be presented with Cookies from these third-party websites. Please note that we do not control these Cookies. The privacy practices of these third parties will be governed by the parties’ own privacy statements or policies. We are not responsible for the security or privacy of any information collected by these third parties, using Cookies or other means. You should consult and review the relevant third-party privacy statement or policy for information on how these Cookies are used and how you can control them.
We also embed social sharing icons throughout our Site. These sharing options are designed to enable users to easily share content from our Site with others using a variety of different social networks. The Site may collect information such as the web pages you visited and IP addresses, and may set Cookies to enable features to function properly. We are not responsible for the security or privacy of any information collected by these third parties. You should review the privacy statements or policies applicable to the third-party services you connect to, use, or access.
How to Control and Delete Cookies
Cookies can be controlled, blocked or restricted through your web browser settings. Information on how to do this can be found within the Help section of your browser. All Cookies are browser specific. Therefore, if you use multiple browsers or devices to access websites, you will need to manage your Cookie preferences across these environments.
Find out how to manage Cookies on popular browsers:
If you are using a mobile device to access the Site, you will need to refer to your instruction manual or other help/settings resource to find out how you can control Cookies on your device. For more information about cookies, and how to disable cookies, visit https://www.allaboutcookies.org.
Please note that if you restrict, disable or block any or all Cookies from your web browser or mobile or other device, the Site may not operate properly, and you may not have access to our services available through the Site. We are not be responsible for your inability to use our Site or any degraded function you may experience that may be caused by your settings and choices regarding Cookies.
We may use Google Analytics to help analyze how you use our Site. Google Analytics generates statistical and other information about website use by means of cookies, which are stored on users' computers. The information generated is used to create reports about the use of our Site. Google will store this information.
If you do not want your Site visit data reported by Google Analytics, you can install the Google Analytics opt-out browser add-on. For more details on installing and uninstalling the add-on, please visit the Google Analytics opt-out page at https://tools.google.com/dlpage/gaoptout .
Method and Basis of Processing Data
Methods of processing
We take appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.
The Personal Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. Data may be accessible to you and in some cases, to certain types of persons in charge, involved with the operation of our Services (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by us. You may request a list of these parties at any time.
Legal basis of processing
We may process Personal Data relating to you if one of the following applies:
- You have given your consent for one or more specific purposes. Note: Under some legislations we may be allowed to process Personal Data until you object to such processing (“opt-out”), without having to rely on consent or any other of the following legal bases;
- Provision of Personal Data is necessary for the performance of an agreement with you and/or for any pre-contractual obligations thereof;
- Processing is necessary for compliance with a legal obligation to which we are subject;
- Processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in us;
- Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party.
How We Use Personal Data
Data we collect about you is collected to:
- Facilitate our Wait List and contact you when our platform is available for you to access for on boarding due diligence;
- Provide the Site and Services and customer support you request;
- Process transactions and send notices about your transactions on the Services;
- Customize and personalize your experience on the Services;
- Create an account for you that links to a third-party account or platform;
- Detect any malicious or fraudulent activity;
- Enable us to monitor and analyze your behaviour (“Analytics”);
- Beta test certain features or the entire Services;
- Contact you;
- Display content from external platforms;
- Handle productivity related activities;
- Provide social features;
- Provide location-based services;
- Manage contacts and send messages;
- Optimize traffic and performance of the Services;
- Send push notifications to your device;
- Allow us to register you as a user of the services and authenticate your credentials;
- Comply with legal obligations and respond to enforcement requests;
- Protect Cube’s rights and interests (or those of our users and third parties);
- Handling productivity related activity;
- Infrastructure monitoring;
- Interaction with external social networks and platforms;
- Location-based interactions;
- Tag management (tags are pieces of code that allow us to better analyze and track activities on the Services);
- Administer Cube’s Loyalty Points Program, which tracks activities and awards you Cube Points for those activities to redeem for rewards provided by us;
- Promote and market our services, including sending direct marketing communications to you as permitted by applicable law; and
- Engage in traffic optimization and distribution.
How We Share Personal Data
We may share your Personal Data with our service providers and vendors to assist us in providing you with our Site and Services. We do not share your Personal Data with third parties without your consent, except as described in this Privacy Notice or as otherwise required or permitted by applicable law. We may share your Personal Data with our corporate parent, subsidiaries, and affiliates, for purposes consistent with this Privacy Notice.
We may share your Personal Data with third party companies and individuals that provide services on our behalf or help us operate the Site or our business (such as affiliates, professional advisors, customer support, hosting, analytics, email delivery, marketing, and database management services). These third parties may use your Personal Data only as directed or authorized by us and in a manner consistent with this Privacy Notice, and are prohibited from using or disclosing your information for any other purpose. We may also share your Personal Data for compliance purposes.
We may sell, transfer or otherwise share some or all of our business or assets, including your Personal Data, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution.
Subject to applicable law, by providing your Personal Data to us you consent to us using your Personal Data for sending you information, including promotional material, about us or our products and services, as well as the products and services of our related entities and third parties, now and in the future. You also consent to us sending you such information by means of direct mail, email, SMS and MMS messages.
If you do not want to receive marketing information from us, you can unsubscribe in any of the following ways:
- Clicking on the 'Unsubscribe' or subscription preferences link in a direct marketing email that you have received from us;
- Logging into your account on the Website and editing your communication preferences; or
- Contacting us at email@example.com.
Retention of Personal Data
We will retain your Personal Data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements. We determine data retention based on the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from an unauthorized user, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and applicable legal requirements.
Personal Data collected for purposes related to the performance of a contract between you and us will be retained until such contract has been fully performed. Personal Data collected for our legitimate interests will be retained as long as needed to fulfil such purposes.
We may be allowed to retain Personal Data for a longer period whenever you have given consent to such processing, as long as such consent is not withdrawn. Furthermore, we may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.
Once the retention period expires, Personal Data will be deleted (or, where permitted under applicable law, may be de-identified instead). Therefore, the right of access, the right to erasure, the right to rectification and the right to data portability (where relevant under applicable law) cannot be enforced after expiration of the retention period.
However not all your Personal Data may be able to be deleted or de-identified; see the section of this Privacy Notice on "Blockchain transactions", below.
Privacy Technology Practices
Links to Third-Party Sites
The Site may contain links to other websites, mobile applications, and other online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or in mobile applications or online services that are not associated with us. We do not control third party websites, mobile applications or online services, and we are not responsible for their actions. Other websites, mobile applications and services follow different rules regarding the collection, use and sharing of your Personal Data. We encourage you to read the privacy policies of the other websites, mobile applications and online services you use.
The security of your Personal Data is important to us. We employ a number of administrative, technical, and physical safeguards designed to protect the Personal Data we collect. The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Service, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas of the Site.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted to our Site. Any transmission of Personal Data is at your own risk.
Your use of digital assets may be recorded on a public blockchain, in particular the settlement of your trades in digital assets. Public blockchains are distributed ledgers, intended to immutably record transactions across wide networks of computer systems. Many blockchains are open to forensic analysis which can lead to re-identification of transacting individuals and the revelation of personal data, especially when blockchain data is combined with other data.
As blockchains are decentralized or third-party networks which are not controlled or operated by us, we are not able to erase, modify, or alter personal data on such networks.
Overseas Disclosure and Your Privacy Rights
For purposes of relevant data protection legislation, Cube is the Personal Data controller. Cube is a global company, with operations throughout the world. As a result, Personal Data may be transferred outside the country in which you reside for the purposes identified. Any such transfer of Personal Data shall take place under applicable law and will be protected through international data transfer agreements where necessary that have been recognized by relevant data protection authorities as providing an adequate level of protection to the Personal Data we process. By using our Site and Services you understand that your Personal Data may be processed in Australia, the United States and in places outside of Australia and outside of the EEA and the UK.
Residents of the EEA and the UK are granted certain rights over their Personal Data, which include:
- The right to obtain confirmation of the Personal Data we process.
- The right to rectify inaccurate Personal Data that we process.
- The right to request erasure of your Personal Data, subject to exceptions provided under the law.
- The right to restrict certain processing of your Personal Data, so long as the processing is not necessary for the performance of or in relation to a contract or service to which you are a party.
- The right to receive your Personal Data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance.
- The right to object to the processing of your Personal Data, including the right to object to automated decision-making and profiling.
- The right to withdraw your consent where you have previously given it for the processing of your Personal Data
Residents of Australia are also granted certain rights over their Personal Data, which include:
- Access and correction: You are generally entitled to access Personal Data that we hold about you. If you request access to your Personal Data, in ordinary circumstances we will give you full access to your Personal Data. Depending on the nature of the request, we may charge for providing access to this information, however such charge will not be excessive. However, there may be some legal or administrative reasons to deny access. If we refuse your request to access your Personal Data, we will provide you with reasons for the refusal where we are required by law to give those reasons.
- Complaints: If you feel that we have not respected your privacy or that we have conducted ourselves inconsistently with this Privacy Notice, please contact us at firstname.lastname@example.org and advise us as soon as possible. We will investigate your queries and privacy complaints within a reasonable period of time depending on the complexity of the complaint. We will notify you of the outcome of our investigation.
If you would like to exercise any of the rights listed above, or if you would like to contact us about any questions you may have regarding your Personal Data, please contact us at email@example.com and provide (a) enough information to identify you and (b) a description of what right you want to exercise and the information to which your request relates. Any Personal Data we collect from you to verify your identity in connection with your request will be used solely for the purposes of verification.
If you are concerned that we have not complied with your legal rights or applicable privacy laws, you may contact us or your local data protection authority.
The latest Privacy Notice changes were made on Dec 12, 2023