Privacy Notice - Binance

Privacy Notice Last updated: 22 Jan 2024
*English version is a referential translation of the original Japanese version of this Privacy Notice. In the case of discrepancy between the English version and the original Japanese version of the Privacy Notice, the original Japanese version shall prevail.
Binance Japan (“Binance Japan”, “we”, or “us”) is committed to protecting the privacy of our customers and recognizes the need for and importance of ensuring appropriate management of personal information.
We will comply with the "Act on the Protection of Personal Information" (the "Act") and other related laws and regulations, applicable guidelines, guidelines of accredited personal information protection organizations and this Privacy Notice (collectively, the "Laws and Regulations"). 
This Privacy Notice (the “Privacy Notice”) describes how we obtain and process your personal information through our websites and applications that are referenced in this Privacy Notice. “Our websites” refers to an ecosystem comprising of Binance Japan websites (whose domain names include but are not limited to Binance.com/ja), mobile applications, clients, applets and other applications that are developed to offer our services, and includes independently-operated platforms, websites and clients within the ecosystem (e.g., our Open Platform and Binance Labs).
This Privacy Notice applies to all personal information processing activities undertaken throughout Binance Japan, including its platforms, websites and joint users.
To the extent that you are a customer or user of our services, this Privacy Notice applies together with any terms of use and other contractual documents, including but not limited to any agreements we may have with you.
To the extent that you are not a relevant stakeholder, customer, or user of our services, but are using our website, this Privacy Notice also applies to you together with our Cookie Notice.
This Privacy Notice should, therefore, be read together with our Cookie Notice, which provides further details regarding our use of cookies on the website. Our Cookie Notice can be accessed here. 
The Company may also send you e-mails or display banner advertisements to notify you of or advertise the Company's or a third party's products or services, and you hereby agree to receive such communications.
1. Customer relations
Your personal information is processed by Binance Japan Inc. a company registered in Japan with its address at 2-10-3 Kojimachi, Chiyoda-ku, Tokyo, Japan. We will use the personal information obtained from you only to the extent necessary to achieve the purposes of use described in Section 3 below.
2. What personal information do we obtain and process? 
Personal information is information that identifies a specific living individual or relates to a specific living identifiable individual. This includes information you provide to us, information which is obtained about you automatically and information about you we obtain from third parties. 
Information you provide to us
To access our services and in order to open an account with us, we will ask you to provide us with some information about yourself. Your information is either required by law (e.g., for us to verify your identity and comply with confirmation obligations at the time of the transactions) or necessary for the provision of the services being requested (e.g., you will have to provide us with your email address in order to open an account) or relevant to the purposes of use described in Section 3 below. In some cases, if we provide additional or further services or features, you may be asked to provide us with additional information. Failure to provide the information required may result in us being unable to offer our services to you. 
We may obtain the following information from you:
Category of personal information 
Type of personal information
Personal identification information
Full name, gender, date of birth, nationality, email address, home address, proof of address, phone number, signature and utility bill information
Government identifiers 
Number and details on government-issued identity documents, such as passports, national identification (My Number) cards (face side only), driver licences, driving record certificates and residence cards
Special care-required or biometric personal information
Your portrait photographs and video recordings (for identity verification purposes, e.g. by comparing  with government-issued identity documents) and whether identified as politically-exposed persons
Institutional information
Proof of legal formation and personal identification information for all material beneficial owners, board of directors and senior persons responsible for the operations of the institution
Financial information 
Bank account information, payment card information, annual income, amount of financial assets, source of investment, source of properties, bank statements and conflicts of interest
Transactional information
Information about the transaction you execute by using our services, such as the name and payment details of the recipient
Employment information
Occupation, Job title, salary and employer
Contact information 
Email address, phone number, country and region
Communications
Survey responses, information contained in surveys and event participation forms and communications with us, including call recordings and chat messages with our customer services team
Information we obtain about you automatically
To the extent permitted under the applicable laws, we may obtain certain types of information about you automatically (e.g., when you interact with us or use our services). This information helps us address customer support issues, improve the performance of our websites, applications and services, maintain and improve your user experience, and protect your account from illegal use by detecting unauthorised access. 
We may obtain the following types of information about you automatically:
Category of personal information
Type of personal information
Browsing information
IP address, Device ID, advertising ID and browser information such as name and version
Usage data
Authentication data, security questions, click-stream data, public social networking posts, other data obtained via cookies or similar technologies, and information about how our services are performing when you use them (e.g., error messages you receive and performance of the site information)
Marketing, profiles and research information 
Identifiers (e.g., name, address, email address if used for direct marketing, IP address and other online identifiers), demographic data (e.g., income, family status, age bracket, gender and interests), browser web history data and preferences expressed through selection/viewing purchase of goods, services and content, information about your mobile device, including (where available) type of device, device identification number and mobile operating system, analytics and profiles based on the data obtained, interests or inferred interests and marketing preferences
Information about you we obtain from third parties
From time to time, we may obtain information about you from our affiliates or third-party sources as required or permitted by applicable laws. 
Category of personal information
Type of personal information 
Information from our affiliates
Personal identification information, transactional information, institutional information and usage information
Blockchain data
Public blockchain data, e.g., transaction identifiers, transaction amounts, wallet addresses, timestamps and events
Information from our marketing and advertising partners 
Data analytics and conversion rates
3. Why do we process your personal information?  What is the legal basis we are relying on for obtaining and processing your personal information?
We obtain your personal information primarily to provide you with our services in a secure, efficient and smooth manner. We also generally use your personal information to deliver, provide and operate our services, for content and advertising, and for loss prevention and anti-fraud purposes. 
The purposes for which we use your personal information are as follows:
Purposes for which your personal information is used
To manage our contractual relationship with you, e.g., to create and maintain your account and provide services to you
This includes using your personal information in order to take and handle orders or process payments. 
Type of personal information processed: personal identification information, institutional information, contact information, transactional information and financial information. 
If this processing activity is restricted, we may not be able to open an account for you, provide our services to you or may have to close your account (where one is already opened).
To maintain legal and regulatory compliance
Most of our core services, such as crypto assets-related services, are subject to strict and specific laws and regulations that require us to obtain, use, process and store certain personal information. For example, under applicable anti-money laundering laws and regulations, we have to comply with our confirmation obligations at the time of the transaction. 
Type of personal information processed: personal identification information, government identifiers, special care-required and/or biometric personal information, institutional information, contact information and financial information.
If you do not provide us with the personal information required by law, we may not be able to open an account for you, provide our services to you, or may have to close your account (where one is already opened).
To communicate with you on service- and transaction-related matters
We use your personal information to communicate with you in relation to our services on administrative or account-related matters. We will also communicate with you to provide you with updates about our services, e.g., to inform you of relevant security issues and updates or provide you with other transaction-related information. 
Type of personal information processed: contact information, transactional information, communications, browsing information and usage data.
Without such communications, you may not be aware of important changes relating to your account, which may affect your ability to use our services. You may not opt out of receiving critical service communications, e.g., emails or mobile notifications sent for legal or security purposes.
To provide customer services to you
We process your personal information when you contact us in order to provide support with respect to questions, disputes, complaints, troubleshoot problems, etc. 
Type of personal information processed: personal identification information, institutional information, transactional information, financial information, contact information, communications, browsing information and usage data.
We cannot respond to your requests without processing your personal information for this purpose,.
To promote the safety and security of our platform 
We process your personal information in order to enhance security, monitor and verify identity or service access, combat malware or security risk and comply with applicable security laws and regulations. 
Type of personal information processed: personal identification information, institutional information, transactional information, financial information, contact information, browsing information and usage data.
We may not be able to ensure the security of our services without processing your personal information for this purpose.
To promote integrity of our platform and manage credit risk
We process your personal information to verify accounts and related activities, find and address violations of our Terms of Use, investigate suspicious activity, detect, prevent and combat unlawful behaviour or abuse of our services, detect, prevent and mitigate fraud, maintain the integrity of our services and protect you and others against account compromise or fund loss. We may use scoring methods to assess and manage credit risk.
Type of personal information processed: personal identification information, institutional information, transactional information, financial information, contact information, browsing information and usage data.
We may not be able to ensure the integrity of our services without processing your personal information for this purpose.
To improve our services
We use your personal information to provide functionality, analyse performance, fix errors, and improve the usability and effectiveness of our services, so that you can have a better user experience.
Type of personal information processed: personal identification information, institutional information, transactional information, browsing information and usage data.
We may not be able to ensure the quality of our services without processing your personal information for this purpose.
To conduct research and innovate
We carry out surveys to learn more about your experience when using our services. In that way, we can support research and development and drive innovations of our services and products.
Type of personal information processed: personal identification information, browsing information, usage data and marketing, profiles and research information.
We will not be able to continually develop our services and products without processing your personal information for this purpose.
To provide you with promotions
We use your personal information to provide you with promotions, including offers, rewards and other incentives for using our services.
Type of personal information processed: personal identification information, institutional information, transactional information, browsing information and usage data.
We will not be able to provide you with reward opportunities without processing your personal information for this purpose.
To provide you with recommendations and personalisation
We use your personal information to recommend features and services that may be of interest to you, identify your preferences and personalise your experience with us.
Type of personal information processed: personal identification information, browsing information, usage data and marketing, profiles and research information.
We will not be able to provide a personalised experience without processing your personal information for this purpose.
To provide you with marketing communications
We use your personal information (based on your consent) to send you targeted marketing communications through email, in-app mail, and push notifications. We also use your personal information to carry out profiling for marketing purposes.
Type of personal information processed: personal identification information, institutional information, transactional information, communications, browsing information, usage data and marketing, profiles and research Information.
We will not be able to provide you with marketing materials without processing your personal information for this purpose.
To host and organise events
We host many live, in-person events, including the Blockchain Week, throughout the year. 
If you register for one of our events and you are a user, we will access the information in your account to provide you with information and services associated with the event. You may be asked to provide more information when signing up for an event.
If you are not a user and you sign up for one of our events, we will collect information about you including name, email, company, title, industry, address, phone number, meal preferences etc..
If you are a presenter at one of our events, we will collect information about you including name, employer, contact information and photograph. We may also collect information provided by the event attendees who evaluated your performance as a presenter. We may make and store a voice or video recording of yours in certain instances.
Type of personal information processed: personal identification information, institutional information and communications.
Without processing your personal information for this purpose, we will not be able to let you attend our events.
To comply with legal or regulatory requirements
We may process, preserve or disclose your personal information when we believe it is reasonably necessary to comply with applicable laws and regulations, our legal obligations, law enforcement, government and other legal requests, self-regulation rules established by the Japan Virtual and Crypto assets Exchange Association, court orders or disclosures to the tax authorities. 
Type of personal information processed: personal identification information, institutional information, financial information, transactional information, contact information, browsing information, usage data and blockchain data
To provide information to third parties in the manner described in this Privacy Notice
We may provide your personal information to third parties when we have a valid legal basis under Laws and Regulations and deem it necessary to do so in the manner described in this Privacy Notice. Please see Section 6 below for more information.
Type of personal information to be processed: Personal information specified in Section 2
4. Can minors use our services?
We do not allow anyone under the age of 18 to use our services and do not knowingly obtain personal information from minors under 18.
5. What about cookies and other identifiers?
We use cookies and similar tools to enhance your user experience, provide our services, enhance our marketing efforts and understand how users use our services so that we can make improvements. For more information on how we use cookies, please refer to our Cookie Notice here.
We rely on your consent to place cookies and similar technologies. The cookie banner on your browser will tell you how to accept or refuse cookies. If you choose to do so, you may withdraw your consent at any time and we will stop processing your personal information with cookies. However, the withdrawal of your consent does not affect the lawfulness of the processing based upon your consent prior to it being withdrawn.
6. Do we share your personal information with third parties?
We will never provide your personal information to any third party other than under the following circumstances:
(1)	When it is required by law and regulations;
(2)	When it is necessary for the protection of the life, body or property of an individual and it is difficult to obtain your consent;
(3)		When it is especially necessary to improve public health or promote the sound growth of children and it is difficult to obtain your consent;
(4)	When it is necessary to cooperate with a national agency, local government or an individual or entity entrusted by either a national agency or local government to execute affairs prescribed by the law and regulations, and obtaining your consent is likely to impede the execution of such matters;
(5)	When the third party to which the personal information is provided is an academic research institution, etc., and it needs to process the personal information for academic research purposes (including cases whereby part of the purpose of processing the personal information is for academic research, but excluding cases which pose a risk of unjustified infringement on your rights and interests);
(6)	When such personal information is provided in connection with our outsourcing of all or part of the processing of personal information to the extent necessary for the achievement of the purposes of use;
(7)	When personal information is provided as a result of the succession of business due to merger or otherwise;
(8)	When personal information jointly used with a specific person is provided to such specific person, and if this fact, the items of personal information jointly used, the scope of joint users, the purpose of use of the person using the information, the name and address of the person responsible for the management of such personal information, or in the case of a corporation, the name of its representative person are notified in advance to the person in question, or are made readily available to the person in question; or
(9)	When there is your prior consent.
We will never provide personal information to any third party in a foreign country other than under the following circumstances:
(1)	When any of (1) through (5) above applies;
(2)	When the third party in question is located in a country stipulated in the Enforcement Regulations for the Act on the Protection of Personal Information (the "Regulations" in this paragraph) as a country having a personal information protection system recognized as being of a similar level to that of Japan; 
(3)	When the third party in question has established a system that conforms to the standards set forth in the Regulations as a system necessary to continuously take measures equivalent to those to be taken by us (“Equivalent Measures”) (A person who has established a system that conforms to the standards set forth in this item is hereinafter referred to as a "Standard Conforming System Implementer); or
(4) 	When there is your prior consent.
To the extent necessary to achieve the purposes of use, we may provide your personal information to third parties who support the provision of the services or our business operations (if the third party is located outside of Japan, it is limited to the case that they are the Standard Compliance System Implementer).  
When we provide your personal information to the Standard Compliance System Implementer, we take necessary measures to ensure the continuous implementation of the Equivalent Measures. For more information on the Standard Compliance System, Equivalent Measures, and foreign regulations, please contact in accordance with "11 Contact Information”.
The foreign countries in which the third parties are located are as follows (as of the end of  Jan 22, 2024).
Name of foreign country
United Arab Emirates, Cayman Islands, Republic of Singapore, Republic of Seychelles, Republic of Malta
7. How secure is your personal information?
We design our systems with your security and privacy in mind. We have appropriate security measures in place to prevent your information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We work to protect the security of your personal information during transmission and while stored by using encryption protocols and software. We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of your personal information. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who need to know it for business purposes.
Other specific measures we take for security management are as follows:
Formulation of Basic Policy
In order to ensure the proper processing of personal information, we have established a basic policy regarding "compliance with related laws, regulations and, guidelines, etc." and "contact point for questions and complaints".
Development of Rules concerning Processing of Personal Information
We established rules for the processing of personal information, including processing methods, allocating responsible persons and persons in charge and setting out their respective duties for each stage of obtaining, usage, storage, provision, deletion and disposal of such personal information.
Organizational Security Control Measures
In addition to appointing a person responsible for the processing of personal information, we established a system to identify officers and employees who process personal information and the scope thereof, and report to the person responsible any case of violation of law and regulations or handling rules or any indication of such violation.
Human Safety Control Measures
We conduct periodic training for executives and employees on issues to be vigilant about with respect to the processing of personal information.
Physical Security Control Measures
We control the access of officers and employees to the areas where personal information is processed, limit the equipment they may bring into the office and implement measures to prevent unauthorized persons from having access to personal information.
Technical Security Control Measures
We implement access control to limit the scope of persons in charge and the personal information databases, etc. being processed.
Understanding External Environment
When we process personal information in foreign countries, we implement safety control measures based on our understanding of the systems for the protection of personal information in those countries. In addition, when we provide personal information to a Standard Compliance System Implementer, we conclude a contract, etc. with that person regarding safety management and supervise the implementation of Equivalent Measures.
Our security procedures mean that we may ask you to verify your identity to protect you against unauthorised access to your account. We recommend using a unique password for your account that is not utilised for other online accounts and to sign off when you finish using a shared computer.
8. What about advertising?
In order for us to provide you with the best user experience, we may share your personal information with our marketing partners for targeting, modelling or analytics as well as marketing and advertising. 
We rely on your consent to process your personal information for marketing purposes. You may, at any time, opt out of marketing communications via your device or notification settings, user preferences or the unsubscribe facility in our marketing messages.
9. What rights do you have in relation to your personal information?
You have a number of rights in relation to the privacy and the protection of personal information. You have the right to request disclosure, correction, additional information, deletion, suspension of use, erasure, and suspension of provision to third parties of your personal information in accordance with the Laws and Regulations. You may also object to our processing of your personal information or ask that we restrict the processing of your personal information in certain instances. In addition, when you consent to our processing of your personal information for a specified purpose, you may withdraw your consent at any time.
If you want to exercise any of your rights or have any questions in relation to how we process your personal information, please contact us at dpo@binance.com. Please note that a processing fee (1,000 yen (including tax) per request) may be charged for requests for disclosure etc.
●	Right to request disclosure: You have the right to obtain confirmation on whether your personal information is processed by us and a copy of your personal information as well as certain information related to its processing.
●	Right to request correction: You can request to correct your personal information if the content thereof is untrue. You can also change your personal information in your account at any time.
●	Right to request additional information: You may add missing information to your personal information if the content of your personal information is untrue.
●	Right to request deletion: You can have your personal information deleted if the content of your personal information is untrue.
●	Right to request suspension of use: You may request that we stop using your personal information if your personal information is used in an inappropriate manner, such as being used beyond the scope of the purposes of use, or if your personal information is obtained through improper means.
●	Right to request erasure: You may have your personal information deleted or anonymized so that you cannot be identified.
●	Right to request suspension of provision to third parties: You may request that we stop providing your personal information to new third parties.
●	Right to object: You can object, for reasons relating to your particular situation, to the processing of your personal information. 
●	Right to restrict processing: You have the right, in certain cases, to temporarily restrict the processing of your personal information by us, provided there are valid grounds for doing so. We may continue to process your personal information if it is necessary for the defence of legal claims, or for any other exceptions permitted by applicable law.
●	Right to withdraw your consent: For processing requiring your consent, you have the right to withdraw your consent at any time. However, exercising this right does not affect the lawfulness of the processing based on your consent given prior to it being withdrawn.
●	Right to lodge a complaint with the relevant data protection authorities or regulators: We hope that we can answer any queries you may have about the way in which we process your personal information. However, if you have unresolved concerns, you have the right to lodge a complaint with the Personal Information Protection Commission in Japan. 
10. For how long do we keep your personal information?
We keep your personal information to enable your continued use of our services for as long as it is required to fulfil the relevant purposes described in this Privacy Notice, as may be required by applicable law, such as for tax and accounting purposes and compliance with anti-money laundering legislation, to resolve disputes or legal claims or as otherwise communicated to you.
Our typical retention periods for different types of personal information are described below:
●	Personal identifiable information obtained to comply with our legal obligations under financial or anti-money laundering legislation may be retained after the closure of the account for as long as it is required under such applicable laws.
●	Contact information, such as your name, e-mail address and telephone number for marketing purposes is retained on an ongoing basis and until you unsubscribe or we delete your account. Thereafter, we will add your details to an unsubscribed list to ensure we do not inadvertently market to you.
●	Content that you post on our website or applications, such as support desk comments, photographs, videos, blog posts and other content may be kept after you close your account for audit and crime prevention purposes.
●	Recording of voice calls with you may be kept for a period of up to ten years for audit and compliance purposes and to resolve disputes or legal claims. 
●	Information obtained via cookies, web page counters and other analytics tools is kept for a period of up to one year from the date we obtained it by the relevant cookie.
11. Contact information
If you have any questions about our privacy practices, please contact us at dpo@binance.com. We will endeavour to address any questions or issues that you may have with respect to obtaining and processing of your personal information.
12. Notices and revisions
If our business changes, this Privacy Notice may also change. You should check our websites and applications frequently to stay informed of any changes. Unless stated otherwise, our current Privacy Notice applies to all information that we have about you and your account. Your continued use of our services after any changes to this Privacy Notice will constitute your acceptance of the changed Privacy Notice.