Effective Date: October 28, 2020
Bakkt Marketplace Privacy Notice
In this Privacy Notice (“Notice”), Bakkt Marketplace, LLC (also referred to as “Bakkt,” “we,” “us,” or “our”) describes the types of Personal Information we may collect from you in connection with your interaction with us, including when you visit our websites or mobile application, or use our online products, services or content (the “Services”).
1. PERSONAL INFORMATION WE COLLECT
a. Personal Information We Collect Directly from You
We collect Personal Information from you when you use our Services and interact with us (such as speaking with Bakkt representatives). The information we collect may include your name, state or country of residence, date of birth, address, phone number, social security number, account number, job title, company, email address, marketing and communications preferences, and other information you choose to provide us, including information provided when you register with us. In some circumstances, we may collect information such as a government-issued ID, proof of address, or photograph(s) (if you elect to provide them to us). We may also collect information relating to:
- Records and copies of your correspondence (including email addresses), if you contact us.
- Your responses to surveys, such as those that we might ask you to complete for research purposes.
- Details of transactions you carry out using our Services. You may be required to provide financial information before using our Services.
b. Personal Information We Collect Automatically
c. Personal Information We Collect From Third Parties
We also collect information about you from third parties, such as money laundering and fraud prevention information providers, marketing agencies, identity and creditworthiness verification services, and analytics and information providers. We may combine information we collect about you with information from third parties.
2. HOW WE USE YOUR INFORMATION
We use the information we gather to provide services to you and to respond to your inquiries. This includes:
Providing Services, including to:
- Register, create, and maintain your account;
- Authenticate your identity and/or your access to an account;
- Initiate, facilitate, process, and/or execute transactions;
- Communicate with you regarding your account or any Services you use;
- Perform creditworthiness, fraud prevention or other similar reviews;
- Evaluate applications; or
- Compare information for accuracy and verification purposes.
- Managing our business and protecting ourselves, you, other persons, and the Services.
- Providing a personalized experience and implementing your preferences.
- Better understanding our customers and how they use and interact with the Services.
- Personalizing our Services and providing offers and promotions for our Services via our websites and third-party websites.
- Providing you with location-specific options, functionalities, and offers.
- Complying with our policies and obligations, including but not limited to, disclosures made in response to any requests from law enforcement authorities and/or regulators in accordance with any applicable law, rule, regulation, judicial or governmental order, regulatory authority of competent jurisdiction, discovery request, advice of counsel or similar legal process.
- Resolving disputes, collecting fees, or troubleshooting problems.
- Providing customer service to you or otherwise communicating with you.
We may also process your Personal Information to fulfill the purposes for which you provide it, or with your consent.
3. HOW WE SHARE INFORMATION
We may disclose the information we gather to our affiliates and to third parties. For example, we may share information with:
- Service providers and/or data processors: We may share Personal Information with third party service providers that perform services and functions at our direction and on our behalf. These third party service providers may, for example, provide you with services, verify your identity, assist us to comply with law or combat fraud, assist in processing transactions, or provide customer support.
- Other parties to transactions: We may share information with the other parties to your transactions, including retailers with whom we have partnered to provide the Services.
- Financial Institutions and Credit Bureaus: We may share information with financial institutions and credit bureaus involved in supporting transactions in which you engage or assessing creditworthiness. For example, we may share information with your bank when you link your bank account to our Services.
Other third parties: We may share information with other third parties for our business purposes or as permitted or required by law, including:
- To comply with any legal, regulatory or contractual obligation, or with any legal or regulatory process (such as a valid court order or subpoena) or with the advice of counsel;
- To market our or their products or services to you;
- To establish, exercise, or defend legal claims or our policies;
- If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of ourselves, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud prevention and credit risk reduction; or
- In connection with the purchase, sale, merger, consolidation or transfer of all or part of Bakkt’s business.
We may also disclose data to fulfill the purposes for which you provide it, or with your consent.
4. CHANGES TO THIS PRIVACY NOTICE
We will notify you of changes to this Notice by revising this Notice and updating the Effective Date above. If you have an account with us, we may notify you of material changes to this notice by e-mail.
5. YOUR CHOICES
If you wish to stop receiving marketing communications, you can opt out by emailing us at firstname.lastname@example.org or through our marketing opt-out page. We may continue to send you non-marketing messages, such as messages relating to your transactions with us.
As of the Effective Date listed above, there is no commonly accepted response for Do Not Track signals initiated by browsers. Therefore, we do not respond to such signals or to other mechanisms that provide the ability to exercise choice regarding the collection of personally identifiable information regarding your online activities over time and across third-party websites or online services.
If you are a registered user of the Services, you may access your personal account information online and make changes by logging into your account.
Bakkt has implemented administrative, physical and technical safeguards designed to protect your Personal Information. Still, Bakkt cannot guarantee the security or confidentiality of information you transmit to us or receive from us.
For Vermont Customers.
- We will not disclose information about your creditworthiness to our affiliates and will not disclose your personal information, financial information, credit report, or health information to nonaffiliated third parties to market to you, other than as permitted by Vermont law, unless you authorize us to make those disclosures.
- Additional information concerning our privacy policies can be found at https://www.bakkt.com/privacy-policy or call 1-800-322-1719.
7. CALIFORNIA PRIVACY PRACTICES AND YOUR CALIFORNIA RIGHTS
If you are a California resident, see the Bakkt California Privacy Rights Addendum below for more information about our privacy practices and your rights under California law.
8. CONTACT US
We take your privacy concerns seriously. If you have any questions about this Notice or if you believe that we have not complied with this Notice with respect to your Personal Information, you may write to email@example.com.
Bakkt California Privacy Rights Addendum
If you are a California resident, the following provisions apply to our processing of information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“Personal Information”). For such residents, the provisions of this California Privacy Rights Addendum (“Addendum”) prevail over any conflicting provisions of this Notice.
Personal Information We Collect
Within the last 12 months, we may have collected the following categories of Personal Information about you:
Real name, alias, postal address, unique personal identifier, online identifier, IP address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.
B. Information under the California Customer Records statute.
Personal Information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to their name, signature, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, bank account number, credit card number, debit card number, or any other financial information.
C. Characteristics of protected classifications under California or federal law.
Characteristics of protected classifications under California or federal law (such as race, gender, age, disability status.)
D. Commercial information.
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
E. Biometric information
Images, including facial data. We may also require you to provide fingerprint data (e.g., through your device to verify your identity).
F. Internet or other similar network activity.
Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with a website, application or advertisement.
G. Geolocation information.
H. Sensory data.
Audio, electronic, visual, or similar information.
I. Inferences drawn from other Personal Information.
Inferences drawn from any of the Personal Information we collect to create a profile about you reflecting your preferences, characteristics, behavior, and attitudes.
We obtain Personal Information from a variety of sources. These sources include: yourself with respect to both online and offline interactions you may have with us or our service providers; other entities with whom you transact business; others with whom you maintain relationships who may deal with us on your behalf; the devices you use to access our websites, mobile applications, and online services; credit bureaus; identity verification and fraud prevention services; marketing and analytics providers; public databases; social media platforms; and others consistent with this Notice and Addendum. For more information, please see the PERSONAL INFORMATION WE COLLECT section of this Privacy Notice.
Disclosures of Personal Information for Monetary or Other Valuable Consideration or for Business Purposes
Within the last 12 months we have also disclosed through cookies or similar technologies certain identifiers and internet activity, information about the use of our websites and apps, and inferences drawn about you to our analytics and advertising partners.
Within the last 12 months, we have disclosed Personal Information identified in the above categories (A)-(I) for our business purposes. To learn more about the categories of third parties with whom we share such information, please see HOW WE SHARE DATA section of this Notice.
We do not disclose Personal Information of individuals we know to be under the age of 16 to business or third parties for monetary or other valuable consideration as a “sale” under California law, without affirmative authorization.
Use of Personal Information
For each of the above categories, we use the Personal Information we collect for the business purposes disclosed in HOW WE USE YOUR INFORMATION section of this Notice. Please note that the business purposes for which we use your information may include:
- Audits and reporting relating to particular transactions and interactions, including online interactions, you may have with us or others on our behalf;
- Detecting and protecting against security incidents and malicious, deceptive, fraudulent or illegal activity, and prosecuting the same;
- Debugging to identify and repair errors in our systems;
- Short-term, transient use including contextual customization of ads;
- Providing services on our behalf or on behalf of another, including maintaining or servicing accounts, providing customer service, fulfilling transactions, verifying identity information, processing payments, and other services;
- Conducting internal research to develop and demonstrate technology; and
- Conducting activity to verify, enhance, and maintain the quality or safety of services or devices which we may own, control, or provide.
We may also use the information we collect for our own or our service providers’ other operational purposes, purposes for which we provide you additional notice, or for purposes compatible with the context in which the Personal Information was collected.
Your California Rights
If you are a California resident, you have certain rights related to your Personal Information, including:
Right to Access and Right to Know. You have the right to request that we disclose the following to you:
- Specific pieces of Personal Information we have collected;
- Categories of Personal Information we have collected about you;
- Categories of sources from which the Personal Information is collected;
- Our business or commercial purpose for collecting or selling Personal Information; and
- Categories of third parties with whom we share Personal Information;
- Right to Deletion. You have the right to request that we delete Personal Information about you that we have collected from you.
- The Right to Opt-Out. You have the right to opt out of the disclosure of Personal Information about you for monetary or other valuable consideration. To opt-out, click Do Not Sell My Personal Information
You may exercise these rights by:
- Logging in to your account (if you have an account) and submitting a request;
- Emailing us at firstname.lastname@example.org;
- Calling our toll free number 1-800-322-1719;
- Completing our rights request form available here
As required under applicable law, please note that we may take steps to verify your identity before granting you access to information or acting on your request to exercise your rights. We may require you to provide additional Personal Information including name, physical address, email address, contact information, account login credentials, and other information about your previous transactions with us to verify your identity in response to exercising requests of the above type. We may limit our response to your exercise of rights as permitted under applicable law.
Subject to applicable law, we may not discriminate against you because of your exercise of any of the above rights, or any other rights under the California Consumer Privacy Act, including by:
- Denying you goods or services;
- Charging different prices or rates for goods or services, including through the use of discounts or other benefits or by imposing penalties;
- Providing you a different level or quality of goods or services; or
- Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.
We may, however, charge different prices or rates, or provide a different level or quality of goods or services, if that difference is reasonably related to the value of the Personal Information provided to us and to the extent permitted by law.
Under California law, you may designate an authorized agent to make a request on your behalf. You may make such a designation by providing the agent with written permission, signed by you, to act on your behalf. Your agent may contact us via the information provided in the “How to Contact Us” section below to make a request on your behalf. As permitted by law, we may require verification of the agent’s authorization to act on your behalf, require you to confirm you have authorized the agent to act on your behalf, or require you to verify your own identity. We may deny a request by an agent if they fail to submit proof that they act on your behalf.
How to Contact Us
You may contact us with questions and concerns about our privacy policies or practices by contacting us at email@example.com or at 1-800-322-1719.
This Addendum was last updated: October 15, 2021.