Privacy Policy

Purpose and Scope

This Privacy Policy describes how and why BAKKT, LLC ("BAKKT"), which provides services through:

  • www.bakkt.com;
  • any other websites where this Privacy Policy is posted;
  • or any software application made available by BAKKT for use on a computer, tablet, mobile phone or other mobile device
    (together, the "Digital Services")

collects and processes personal information about you, how this information is protected, and your rights in relation to it.

The Digital Services are owned and operated by BAKKT. Unless this Privacy Policy states otherwise, in this Privacy Policy, the terms "us", "we" or "our" refer to BAKKT.

This Privacy Policy applies only to the information collected on the Digital Services.

Your use of the Digital Services is subject to BAKKT’s Terms of Use, including any applicable limitations on damages and the resolution of disputes.

1. Changes to Privacy Statement

This Privacy Policy is current as of the effective date set forth above. We reserve the right to change this Privacy Policy from time to time. Changes and modifications to this Privacy Policy will be effective immediately upon posting of the changes and modifications on the Digital Services, except where prohibited by law. You should therefore periodically visit this page to review the current Privacy Policy. If we change this Privacy Policy, we will notify you of the changes by updating the effective date at the top of this Privacy Policy and, if required by applicable laws, provide by other means, such as email or notice within the Digital Services. Where the changes will have a fundamental impact on the nature of the processing or otherwise have a substantial impact on you, we will, as required by applicable laws, provide you with notice in advance. If at any time you choose not to accept the terms of this Privacy Policy, you should not use the Digital Services.

2. Collection of Information

Personal information We Collect Directly from You

We collect personal information from you when you use the Digital Services. The type of information that we collect from you depends on your particular interaction with the Digital Services. We require you to register with the Digital Services to access certain features. When we do, we may collect the following information from you during the registration process: your (i) name, (ii) country of residence, (iii) address, (iv) phone number, (v) job title, (vi) company, (vii) investor type, (viii) email address, (ix) your marketing and communications preferences and (x) password that you select.

If you choose to purchase a product or service through the Digital Services, we may collect your credit card information. If we process credit transactions, we may use a third party service provider to process credit card transactions on our behalf. The third party will collect from you your contact information (such as your name, address, and e-mail) and financial information (such as credit card number and expiration date).

Personal information We Collect Automatically

We and our third party service providers, use cookies, web beacons, and other tracking technologies to collect information about you automatically as you use our Digital Services. Examples of this type of information include, but are not limited to, the dates and times of your use of the Digital Services and the route by which you choose to access them, including your IP (Internet Protocol) address, your browser type, your operating system, or domain name, and your use of any hyperlinks or downloadable content available on the Digital Services. We may combine this information with other information that we collect about you. For additional information about our use of these technologies, please see "Cookies and Other Tracking Technologies" below and our Cookie Policy.

Personal Information We Collect From Third Parties

We also collect information about you from third party sources such as: suppliers that help us prevent money laundering and fraud; marketing agencies; identity verification services; and analytics providers.

The categories of information that we collect about you from other sources are:

  • where permissible under applicable law, personal details (e.g., name, date of birth);
  • contact details (e.g., phone number, email address, postal address or mobile number); and
  • employer name.

Please note that we may be required by law to collect and use certain personal information about you. And we may need to collect and use personal information to enter into or fulfill a contract with you. Failure to provide this information may prevent or delay the fulfillment of our obligations in these circumstances.

3. Use of Your Information

We primarily use your personal information to provide our services to you and to respond to your inquiries. We also may use your personal information as follows:

  • To communicate with you, including to respond to your comments or requests for information, to request feedback on our products and services, and to notify you about changes to your subscriptions or to the services and products you use.
  • To help us understand our customers, to tailor and enhance our product and service offerings, anticipate and resolve problems with any products or services supplied to you, create products or services that may meet your needs.
  • To provide access to restricted pages or contents of the Digital Services.
  • To comply with legal and/or regulatory requirements and cooperate with regulators and law enforcement bodies.
  • To facilitate your activity and to identify you when you log into your account on our Digital Services.
  • To send you marketing communications and advertising in line with your communications preferences and where permitted by applicable law about products and services that we believe would be of interest to you, including products and services offered by third parties.
  • To evaluate the success of our advertising campaigns, to improve our products and services, to assess patterns of use, and to plan and evaluate our marketing and business development programs.
  • To protect our rights, your rights, and the rights of others, and to meet our own high standards of business practice.

Information For EU Users

Some of the processing we conduct will involve making decisions about you based on automated processing of your personal information. For example, we may conduct profiling activities to select personalized offers or recommendations for you based on your use of the Digital Services. If you are in the EU, where these decisions are based solely on our automated processing of your personal data (e.g., not subject to human review), these types of decisions will not have legal or similar effects on you, but you can still contact us for further information and to object to this use of your personal information.

Under EU privacy law, we must have a legal basis to process personal information. In most cases the legal bases for our processing, under EU law, will be one of the following:

  • to fulfill our contractual obligations to you, for example to provide the Digital Services or to ensure that invoices are paid correctly;
  • to comply with our legal and/or regulatory obligations, for example obtaining proof of your identity to enable us to meet our anti-money laundering obligations; and/or
  • to meet our legitimate interests, for example to: understand how you use the Digital Services and to enable us to use this knowledge to improve our products and services and to develop new ones; to communicate with you about the products and services that you use or we offer; maintain our accounts and records; to assess patterns of use; and to plan and evaluate our marketing and business development programs. When we process personal information to meet our legitimate interests, we put in place, when needed, safeguards designed to protect your privacy interests, freedoms, and rights under applicable laws.

We may obtain your consent to collect and use certain types of personal information when we are required to do so by law (for example, in relation to some direct marketing activities or our use of cookies and tracking technologies or when we process sensitive personal information). If we ask for your consent to process your personal information, you may withdraw your consent at any time by contacting us using the details at the end of this Privacy Policy.

We may anonymize your personal information and use it for other purposes. For example, we may prepare aggregated reports about how users interact with the Digital Services for research.

4. Cookies and Other Tracking Technologies

We use cookies and other technologies to automatically collect information when you access the Digital Services. For more information, please see our Cookie Policy.

Our systems do not recognize browser do-not-track signals. However, you may control how your browser accepts cookies; please see our Cookie Policy for more information.

5. Disclosures and Onward Transfers

We share your personal information with the following persons/entities and in the following circumstances:

Third Party Service Providers: To enable us to more efficiently provide the products and services you have requested from us, we may share your personal information with selected third parties that act on our behalf as our agents, suppliers, or providers, or these third parties may collect your personal information on our behalf. These third parties may provide services such as marketing support, technical assistance, data hosting, payment processing and customer service support. We also engage third-party analytics providers to help us understand how users engage with the Digital Services. These third parties may use cookies and similar technologies to collect information about your use of the Digital Services as well as information about your use of other websites over time.

Legal Compliance and the Protection of Our Rights: We will share information with regulators, government authorities, and third parties where we believe it is necessary to comply with a court order, subpoena, or regulatory request. We may disclose information when we believe in good faith that such disclosures will: help protect our rights or enforce our Terms of Use; support our detection of, prevention of, or response to fraud or intellectual property infringement; help protect your safety or security; or protect the safety and security of the Digital Services, our services, or any individual.

Transfer of Business Assets: As we continue to develop our business, we might acquire or buy other businesses or assets. In such transactions, customer information generally is one of the transferred business assets. Also, we may transfer any information we have about you as an asset to third parties in connection with the consideration, negotiation, or completion of a merger or sale (including transfers made as part of insolvency or bankruptcy proceedings) involving all or part of BAKKT, or as part of a corporate reorganization or stock sale or other change in corporate control, for the purposes of such third parties carrying on our business in relation to the continued provision of our services to you as described in this Privacy Policy.

Additional Sharing: From time to time we share your information with our attorneys, banks, auditors, securities brokers and other professional service providers and advisors in connection with the purposes described above.

Because we operate as a global business, the recipients referred to above may be located outside the jurisdiction in which you are located (or in which we provide the Digital Services). See the section on "International Transfers of Personal Information" below for more information.

6. Your Choices

If you wish to stop receiving marketing information concerning our services or products, or if you wish to withdraw any consents that you have provided, please contact us by email at info@bakkt.com to notify us of your wishes.

7. International Transfers of Personal Information

We may transfer, process, and store your personal information outside of your home country, including in the United States and Canada, which may not have the same level of data protection as your home country. For the avoidance of doubt, if you are resident in the European Economic Area ("EEA") this may include the transfer of your personal information from within the EEA to a country outside of the EEA.

8. Your Rights in relation to Your Personal Information

Subject to local law, you may have certain rights regarding your personal information. These may include, depending on the circumstances, the following rights to: access your personal information; rectify the personal information we hold about you; erase your personal information; restrict our use of your personal information; object to our use of your personal information; receive your personal information in a usable electronic format and transmit it to a third party (also known as the right of data portability); lodge a complaint with your local data protection authority; and withdraw any consent you have given to uses of your personal information. If you would like to discuss or exercise the rights you may have, feel free to contact us via email at info@bakkt.com.

If you are a registered user of the Digital Services, you may access your personal account information online and make changes by logging into your account.

9. Security and Data Integrity

We have put in place certain safeguards to help prevent unauthorized access and maintain data security with respect to your personal information. Despite these protections, however, we cannot guarantee that your data will be 100% secure. You should take measures to protect your personal information.

We retain your personal information for as long as we have a relationship with you and for a period after the relationship has ended. When determining how long to keep your personal information after our relationship with you has ended, we take into account how long we need to retain the information to fulfil the purposes described above and to comply with our legal obligations, including regulatory obligations. We may also retain personal information to investigate or defend against potential legal claims in accordance with the limitation periods of countries where legal action may be brought.

10. Your Security Obligations

Your online access to certain of your personal information may be protected with a password you select. We will never ask you for your password in any unsolicited communication (such as letters, phone calls or email messages). You have an obligation to keep your user ID, password and personal information secure. As part of maintaining this obligation we recommend that you do the following:

  • Keep your user ID and password confidential;
  • Utilize a unique password and change it frequently;
  • Make sure others are not watching you enter your user ID and/or password on your keyboard when using protected elements of the Digital Services; and
  • Do not leave your computer unattended while logged onto protected elements of the Digital Services. After you finished accessing your information, exit the protected area.

11. Children

The Digital Services are not intended for use by minors (persons under the age of 18 and, in those Canadian provinces where the age of majority is 19, persons under the age of 19). If you are a minor, do not use the Digital Services. If parents believe their minor children have accessed the Digital Services and provided their personal information, please contact us using the information provided in the "Your Rights in relation to Your Personal Information" section of this Privacy Policy so that we may delete the information.

12. Other Sites

Our Digital Services may contain links to other sites or products that we do not own or operate. Also, links to the Digital Services may be featured on third party websites on which we advertise. Except as provided herein, we will not provide any of your personal information to these third parties without your consent. We provide links to third party websites as a convenience to the user. These links are not intended as an endorsement of or referral to the linked websites. We recommend you read carefully the privacy statements, notices and terms of use of any linked websites. We do not have any control over such websites, and therefore we have no responsibility or liability for the manner in which the organizations that operate such linked websites may collect, use or disclose, secure and otherwise treat your personal information.

13. Complaints/Comments

We take your privacy concerns seriously. If you have any questions about this Privacy Policy or if you believe that we have not complied with this Privacy Policy with respect to your personal information, you may write to info@bakkt.com. You may also complain to the relevant European supervisory authority.

14. Your California Privacy Rights

Under California's "Shine the Light" law, California residents who provide personal information in obtaining products or services for personal, family or household use are entitled to request and obtain from us once a calendar year information about the customer information we shared, if any, with other businesses for their own direct marketing uses. If applicable, this information would include the categories of customer information and the names and addresses of those businesses with which we shared customer information for the immediately prior calendar year (e.g., requests made in 2008 will receive information regarding 2007 sharing activities).

To obtain this information, please send an email message to info@bakkt.com with "Request for California Privacy Information" on the subject line and in the body of your message. We will provide the requested information to you at your e-mail address in response.

Please be aware that not all information sharing is covered by the "Shine the Light" requirements and only information on covered sharing will be included in our response.