Effective Date: March 3, 2023
Bakkt Marketplace Privacy Notice
In this Privacy Notice (“Notice”), Bakkt Marketplace, LLC (also referred to as “Bakkt,” “we,” “us,” or “our”) describes the types of Personal Information we may collect from you in connection with your interaction with us, including when you visit our websites or mobile application, or use our online products, services or content (the “Services”).
1. PERSONAL INFORMATION WE COLLECT
- Personal Information We Collect Directly from You
We collect Personal Information from you when you use our Services and interact with us (such as speaking with Bakkt representatives). The information we collect may include your name, state or country of residence, date of birth, address, phone number, social security number, account number, job title, company, email address, marketing and communications preferences, and other information you choose to provide us, including information provided when you register with us. In some circumstances, we may collect information such as a government-issued ID, proof of address, or photograph(s) (if you elect to provide them to us). We may also collect information relating to:
- Records and copies of your correspondence (including email addresses), if you contact us.
- Your responses to surveys, such as those that we might ask you to complete for research purposes.
- Details of transactions you carry out using our Services. You may be required to provide financial information before using our Services.
- Personal Information We Collect Automatically
- Personal Information We Collect From Third Parties
We also collect information about you from third parties, such as money laundering and fraud prevention information providers, marketing agencies, identity and creditworthiness verification services, and analytics and information providers. We may combine information we collect about you with information from third parties.
2. HOW WE USE YOUR INFORMATION
We use the information we gather to provide services to you and to respond to your inquiries. This includes:
- Providing Services, including to:
- Register, create, and maintain your account;
- Authenticate your identity and/or your access to an account;
- Initiate, facilitate, process, and/or execute transactions;
- Communicate with you regarding your account or any Services you use;
- Perform creditworthiness, fraud prevention or other similar reviews;
- Evaluate applications; or
- Compare information for accuracy and verification purposes.
- Managing our business and protecting ourselves, you, other persons, and the Services.
- Providing a personalized experience and implementing your preferences.
- Better understanding our customers and how they use and interact with the Services.
- Personalizing our Services and providing offers and promotions for our Services via our websites and third-party websites.
- Providing you with location-specific options, functionalities, and offers.
- Complying with our policies and obligations, including but not limited to, disclosures made in response to any requests from law enforcement authorities and/or regulators in accordance with any applicable law, rule, regulation, judicial or governmental order, regulatory authority of competent jurisdiction, discovery request, advice of counsel or similar legal process.
- Resolving disputes, collecting fees, or troubleshooting problems.
- Providing customer service to you or otherwise communicating with you.
We may also process your Personal Information to fulfill the purposes for which you provide it, or with your consent.
3. HOW WE SHARE INFORMATION
We may disclose the information we gather to our affiliates and to third parties. For example, we may share information with:
- Service providers and/or data processors: We may share Personal Information with third party service providers that perform services and functions at our direction and on our behalf. These third party service providers may, for example, provide you with services, verify your identity, assist us to comply with law or combat fraud, assist in processing transactions, or provide customer support.
- Other parties to transactions: We may share information with the other parties to your transactions, including retailers with whom we have partnered to provide the Services.
- Financial Institutions and Credit Bureaus: We may share information with financial institutions and credit bureaus involved in supporting transactions in which you engage or assessing creditworthiness. For example, we may share information with your bank when you link your bank account to our Services.
- Other third parties: We may share information with other third parties for our business purposes or as permitted or required by law, including:
- To comply with any legal, regulatory or contractual obligation, or with any legal or regulatory process (such as a valid court order or subpoena) or with the advice of counsel;
- To market our or their products or services to you;
- To establish, exercise, or defend legal claims or our policies;
- If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of ourselves, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud prevention and credit risk reduction; or
- In connection with the purchase, sale, merger, consolidation or transfer of all or part of Bakkt’s business.
We may also disclose data to fulfill the purposes for which you provide it, or with your consent.
4. CHANGES TO THIS PRIVACY NOTICE
We will notify you of changes to this Notice by revising this Notice and updating the Effective Date above. If you have an account with us, we may notify you of material changes to this notice by e-mail.
5. YOUR CHOICES
If you wish to stop receiving marketing communications, you can opt out by emailing us at email@example.com or firstname.lastname@example.org. We may continue to send you non-marketing messages, such as messages relating to your transactions with us.
As of the Effective Date listed above, We participate in a service called Global Privacy Control (GPC) that lets you set a “Do Not Sell or Share” preference at the browser level.
First, you’ll need a GPC-enabled browser or browser extension. Next, you’ll activate or turn on the GPC setting in the browser. When you visit a website, your browser will automatically send the site a “Do Not Sell or Share” signal and participating websites, like ours, will honor your preference.
Note: Not all browsers and extensions offer a GPC setting. To download a GPC-enabled browser, go to the Global Privacy Control website.
If you are a registered user of the Services, you may access your personal account information online and make changes by logging into your account.
Bakkt has implemented administrative, physical and technical safeguards designed to protect your Personal Information. Still, Bakkt cannot guarantee the security or confidentiality of information you transmit to us or receive from us.
For Vermont Customers.
- We will not disclose information about your creditworthiness to our affiliates and will not disclose your personal information, financial information, credit report, or health information to nonaffiliated third parties to market to you, other than as permitted by Vermont law, unless you authorize us to make those disclosures.
- Additional information concerning our privacy policies can be found at https://www.bakkt.com/privacy-policy.
7. CALIFORNIA PRIVACY PRACTICES AND YOUR CALIFORNIA RIGHTS
If you are a California resident, see the Bakkt California Privacy Rights Addendum below for more information about our privacy practices and your rights under California law.
8. CONTACT US
We take your privacy concerns seriously. If you have any questions about this Notice or if you believe that we have not complied with this Notice with respect to your Personal Information, you may write to email@example.com.
Bakkt California Privacy Rights Addendum
The following provisions apply to individuals who are residents of California and whose personal information we collect (such as website visitors). For such residents, the provisions of this California Privacy Rights Addendum (“Addendum”) prevail over any conflicting provisions of this Notice. If you use one of our financial products or services for personal or household use, our collection of your personal information in connection with such product or service is subject to a separate privacy notice that we are required by federal law to provide, and is not subject to this Notice or this Addendum.
Personal Information We Collect
Within the last 12 months, we may have collected the following categories of Personal Information about you:
- A. Identifiers.
Real name, alias, postal address, unique personal identifier, online identifier, IP address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.
- B. Information under the California Customer Records statute.
Personal Information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to their name, signature, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, bank account number, credit card number, debit card number, or any other financial information.
- C. Characteristics of protected classifications under California or federal law.
Characteristics of protected classifications under California or federal law (such as race, gender, age, disability status).
- D. Commercial information.
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
- E. Biometric information
Images, including facial data. We may also require you to provide fingerprint data (e.g., through your device to verify your identity).
- F. Internet or other similar network activity.
Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with a website, application or advertisement.
- G. Geolocation information.
- H. Sensory data.
Audio, electronic, visual, or similar information.
- I. Inferences drawn from other Personal Information.
Inferences drawn from any of the Personal Information we collect to create a profile about you reflecting your preferences, characteristics, behavior, and attitudes.
- J. Sensitive Personal Information
We collect Sensitive Information (which includes social security, driver’s license, state identification card, or passport number, precise geolocation, racial or ethnic origin), to the extent noted above.
We obtain Personal Information from a variety of sources. These sources include: yourself with respect to both online and offline interactions you may have with us or our service providers; other entities with whom you transact business; others with whom you maintain relationships who may deal with us on your behalf; the devices you use to access our websites, mobile applications, and online services; credit bureaus; identity verification and fraud prevention services; marketing and analytics providers; public databases; social media platforms; and others consistent with this Notice and Addendum. For more information, please see the PERSONAL INFORMATION WE COLLECT section of this Privacy Notice.
Disclosures of Personal Information for Monetary or Other Valuable Consideration, for Behavioral Advertising, or for Business Purposes
Bakkt does not sell or disclose personal information for money or other valuable consideration. However, as is common practice among businesses that operate Internet websites and mobile apps, within the last 12 months, we may have disclosed through cookies or similar technologies certain identifiers such as email addresses, pseudonymized identifiers and internet activity, information about the use of our websites and apps, and inferences drawn about you to our social media, analytics, and advertising partners for targeted marketing purposes.
Within the last 12 months, we have disclosed Personal Information identified in the above categories (A)-(J) and/or PERSONAL INFORMATION WE COLLECT for our business purposes. To learn more about the categories of third parties with whom we share such information, please see HOW WE SHARE DATA section of this Notice.
Sales or Sharing of Minors’ Personal Information
We do not sell personal information of individuals we know to be under the age of 16, or share such personal information with third parties for cross-context behavioral advertising.
Use of Personal Information
For each of the above categories, we use the Personal Information we collect for the business purposes disclosed in HOW WE USE YOUR INFORMATION section of this Notice. Please note that the business purposes for which we use your information may include:
- Audits and reporting relating to particular transactions and interactions, including online interactions, you may have with us or others on our behalf;
- Detecting and protecting against security incidents and malicious, deceptive, fraudulent or illegal activity, and prosecuting the same;
- Debugging to identify and repair errors in our systems;
- Short-term, transient use including contextual customization of ads;
- Providing services on our behalf or on behalf of another, including maintaining or servicing accounts, providing customer service, fulfilling transactions, verifying identity information, processing payments, and other services;
- Conducting internal research to develop and demonstrate technology; and
- Conducting activity to verify, enhance, and maintain the quality or safety of services or devices which we may own, control, or provide.
We may also use the information we collect for our own or our service providers’ other operational purposes, purposes for which we provide you additional notice, or for purposes compatible with the context in which the Personal Information was collected.
How Long We Keep Personal Information
The amount of time we retain a particular category of personal information will vary depending on the purpose for which it was collected, our business need for it, and our legal obligations to retain it. We retain your personal information for the time needed to fulfill the purpose for which that information was collected and as required pursuant to our data retention policies, which reflect applicable statute of limitation periods and legal requirements. In determining the retention period for personal information, we consider the nature and sensitivity of your personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we collect, use and maintain your personal information and our legal requirements to retain such information.
Your California Rights
If you are a California resident, you have certain rights related to your Personal Information, including:
- Right to Access and Right to Know. You have the right to request that we disclose the following to you:
- Specific pieces of Personal Information we have collected;
- Categories of Personal Information we have collected about you;
- Categories of sources from which the Personal Information is collected;
- Our business or commercial purpose for collecting ,selling, or sharing Personal Information; and
- Categories of third parties with whom we share Personal Information;
- Right to Deletion. You have the right to request that we delete Personal Information about you that we have collected from you.
- Right to Correction. You have the right to request that we correct inaccurate Personal Information we may have about you.
- The Right to Opt-Out of Sales or Sharing. The CCPA gives you the right to opt-out of the disclosure of Personal Information about you for monetary or other valuable consideration (“sale”) and/or the disclosure of personal information for purposes of behavioral advertising (“sharing”). Our use of tracking technologies may be considered a “sale” or “sharing” under California law. To opt-out, select the Bakkt Privacy Request form, then complete the form by selecting the option Do Not Sell or Share My Personal Information, or by broadcasting an Opt-Out Preference Signal, such as the Global Privacy Control (GPC) (on the browsers and/or browser extensions that support such a signal).
We collect certain sensitive personal information (as discussed above in the “Personal Information We Collect” section). However, we do not use or disclose sensitive information in a manner that requires us to offer a right to limit such use under the CCPA.
You may exercise these rights by:
- Logging in to your account (if you have an account) and submitting a request;
- Emailing us at firstname.lastname@example.org;
- Calling our toll-free number 1-800-322-1719; or
- Completing our Privacy requests form .
As required under applicable law, please note that we may take steps to verify your identity before granting you access to information or acting on your request to exercise your rights. We may require you to provide additional Personal Information including name, physical address, email address, contact information, account login credentials, and other information about your previous transactions with us to verify your identity in response to exercising requests of the above type. We may limit our response to your exercise of rights as permitted under applicable law.
Subject to applicable law, we may not discriminate against you because of your exercise of any of the above rights, or any other rights under the California Consumer Privacy Act, including by:
- Denying you goods or services;
- Charging different prices or rates for goods or services, including through the use of discounts or other benefits or by imposing penalties;
- Providing you a different level or quality of goods or services; or
- Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.
We may, however, charge different prices or rates, or provide a different level or quality of goods or services, if that difference is reasonably related to the value of the Personal Information provided to us and to the extent permitted by law.
Under California law, you may designate an authorized agent to make a request on your behalf. You may make such a designation by providing the agent with written permission, signed by you, to act on your behalf. Your agent may contact us via the information provided in the “How to Contact Us” section below to make a request on your behalf. As permitted by law, we may require verification of the agent’s authorization to act on your behalf, require you to confirm you have authorized the agent to act on your behalf, or require you to verify your own identity. We may deny a request by an agent if they fail to submit proof that they act on your behalf.
How to Contact Us
You may contact us with questions and concerns about our privacy policies or practices by contacting us at email@example.com or at 1-800-322-1719.