BIGTOKEN PRIVACY POLICY

This Privacy Policy ("Privacy Policy") outlines how BIGtoken, Inc. ("Company," "BIGtoken," "we," "our," or "us") collects, uses, discloses, retains, and protects your information when you interact with our website app.BIGtoken.com ("Site"), our associated mobile application and other applications made available by us (collectively, "App" and together with the Site, "Content").

By using our Content, you consent to the practices described herein. Should you find our policies incompatible with your preferences, we kindly advise refraining from utilizing our services.

We are committed to compliance with international privacy standards, including the General Data Protection Regulation (GDPR). The following sections address our policies and practices, incorporating specific measures to ensure GDPR compliance for events and operations in Portugal and throughout the European Economic Area (EEA).

Table of Contents

  1. WHAT INFORMATION DO WE COLLECT
  2. PURPOSE AND LEGAL BASES FOR DATA COLLECTION
  3. PRIVACY NOTICE FOR EVENTS (GDPR COMPLIANCE)
  4. CONSENT MECHANISMS
  5. SECURITY MEASURES
  6. YOUR RIGHTS UNDER GDPR
  7. DATA SUBJECT REQUESTS PROCEDURE
  8. DATA SHARING AND THIRD-PARTY PROCESSORS
  9. INTERNATIONAL DATA TRANSFERS
  10. DATA RETENTION AND POST-EVENT MANAGEMENT
  11. DATA PROTECTION IMPACT ASSESSMENTS (DPIAs)
  12. ACCOUNTABILITY AND STAFF TRAINING
  13. CHILDREN
  14. COOKIES AND TRACKING TECHNOLOGIES
  15. GOVERNING LAW AND DISPUTE RESOLUTION
  16. CONTACT US

1. WHAT INFORMATION DO WE COLLECT?

1.1. Definitions

Personal Data: refers to any information that can directly or indirectly identify an individual, such as name, address, mobile number, email address, date of birth, gender, demographic information, payment information, IP address, usage data, and device identifiers.
Anonymized Data: refers to data that does not contain any personal identifiers and cannot reasonably be used to identify an individual.

1.2. Voluntarily Provided Information

We collect Personal Data you provide to us when registering, creating an account, or interacting with our services, including:

  • Name
  • Email address
  • Phone number
  • Username and password
  • Date or year of birth
  • Address
  • Demographic information
  • Payment data (when applicable)

1.3. Automatically Collected Information

We collect certain types of data automatically through cookies and similar technologies:

  • Usage Data: browser type, IP address, pages visited, time and date of visit, device identifiers, and other technical information.
  • Third-Party Data: information from marketing partners, public databases, and social media.

1.4. Special Category Data

While we do not intentionally collect sensitive data (such as biometric or health-related data), should such data be required for specific event purposes, additional safeguards will be applied, and explicit consent will be obtained.

2. PURPOSE AND LEGAL BASES FOR DATA COLLECTION

We collect and process your information for purposes including:

  • Account management and identity verification
  • Customer support and responding to inquiries
  • Improving services and functionality
  • Personalizing user experiences
  • Marketing and promotional communications (with consent)
  • Legal compliance

We process data under these legal bases:

  • Consent: Marketing, non-essential cookies, surveys (withdrawable)
  • Contractual Necessity: Service provision, account management
  • Legal Obligations: Regulatory compliance
  • Legitimate Interests: Fraud prevention, security, service improvement

Activities and bases include:

  • Account management (Contractual)
  • Support (Contractual)
  • Marketing (Consent)
  • Analytics (Legitimate Interest)
  • Security (Legitimate Interest/Legal Obligation)

3. PRIVACY NOTICE FOR EVENTS (GDPR COMPLIANCE)

For event-based data collection (e.g., conferences or promotions in Portugal or the EEA):

  • A dedicated event-specific privacy notice will be created.
  • This notice will be accessible during registration and throughout the event.
  • It will be made available in English and Portuguese.
  • The notice will include contact details of BIGtoken and, if applicable, our Data Protection Officer (DPO).

4. CONSENT MECHANISMS

When processing relies on consent:

  • We will obtain freely given, specific, informed, and unambiguous consent.
  • Consent options will be granular, allowing separate choices for different purposes.
  • No pre-ticked boxes or default consent will be used.
  • Users can withdraw consent as easily as it was given.
  • Consent records will be maintained.

For minors, appropriate age verification and parental consent measures will be applied.

5. SECURITY MEASURES

We employ reasonable organizational and technical safeguards to protect your data, including:

  • Data encryption (in transit and at rest)
  • Secure authentication protocols
  • Controlled access to data by authorized personnel
  • Staff training in data handling
  • Physical security for on-site data collection (e.g., at events)
  • Regular system security testing

We also maintain an incident response plan in accordance with the 72-hour GDPR breach notification requirement.

6. YOUR RIGHTS UNDER GDPR

If you are located in the EEA, you have the right to:

  • Access your personal data
  • Request rectification or deletion by sending an email at hello@bigtoken.com
  • Restrict or object to data processing
  • Withdraw consent at any time
  • Data portability
  • Lodge a complaint with your local Data Protection Authority

To exercise any of these rights, please contact us using the information provided below.

7. DATA SUBJECT REQUESTS PROCEDURE

We have established procedures to handle requests from individuals regarding their personal data:

  • Requests can be made via our support contact or email
  • We will verify the identity of the requestor
  • We respond within one month of receiving a valid request
  • A designated team handles all such requests

8. DATA SHARING AND THIRD-PARTY PROCESSORS

We may share your data with:

  • Service providers (e.g., IT support, hosting, analytics)
  • Business partners (with anonymized data)
  • Affiliates and subsidiaries
  • Legal authorities when required by law

Where we engage third-party processors, we ensure they:

  • Enter into GDPR-compliant data processing agreements
  • Follow data minimization principles
  • Do not process data beyond instructed scope

9. INTERNATIONAL DATA TRANSFERS

Data collected may be transferred to countries outside the EEA, including the United States using GDPR-compliant safeguards such as European Commission SCCs, supplementary measures per Schrems II, EU-US Data Privacy Framework certification, and explicit consent where required. Request safeguard copies at hello@bigtoken.com

10. DATA RETENTION AND POST-EVENT MANAGEMENT

We retain data only as long as necessary for the purposes described in this policy or as required by law. After events or campaigns:

  • We delete or anonymize data no longer needed
  • Data retained for analytics is anonymized
  • Records of deletion/anonymization activities are maintained

11. DATA PROTECTION IMPACT ASSESSMENTS (DPIAs)

If a project or event involves high-risk processing (e.g., tracking sensitive data or profiling users), a DPIA will be conducted to assess and mitigate risks.

12. ACCOUNTABILITY AND STAFF TRAINING

BIGtoken maintains a record of processing activities and internal policies for GDPR compliance. We:

  • Train event personnel and staff on data protection responsibilities
  • Appoint an event-specific data protection coordinator, when necessary
  • Conduct pre-event compliance checks and post-event reviews

13. CHILDREN

Our services are not intended for children under 13. We do not knowingly collect data from children without verified parental consent. Please notify us if you believe a child has submitted personal data.

14. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar technologies for analytics, functionality, and marketing. You can manage your preferences through browser settings or within our App.

15. GOVERNING LAW AND DISPUTE RESOLUTION

This Privacy Policy is governed by your local laws—GDPR for EEA users, California law for US users. EEA users may file complaints with local Data Protection Authorities and retain the right to bring proceedings in their country of residence or work. EEA users' rights under GDPR cannot be waived. Outside the EEA, disputes require informal resolution, then mediation, followed by binding arbitration in Los Angeles under AAA rules where legally permitted.

16. CONTACT US

We're here to help. Reach out to us if you have any questions or need assistance regarding your privacy or our practices concerning your Information:

BIGtoken, Inc.
Email: hello@bigtoken.com

We encourage you to review this policy periodically for updates. Your continued use of our services constitutes acceptance of any revised terms.