Privacy Policy

What is SBI Crypto?

SBI Crypto Co., Ltd. (“SBI Crypto”) is a corporation registered at 1-6-1 Roppongi, Minato, Tokyo, Japan, and conducts business related to cryptocurrency mining. SBI Crypto is a wholly owned subsidiary of SBI Holdings Inc. (8473.T) and is a part of the SBI Group, a financial conglomerate of companies operating under SBI Holdings Inc. SBI Crypto operates a cryptocurrency mining pool, called sbicrypto pool, which purchases computational hashes (also called shares) as a service to its clients around the world. SBI Crypto also owns its own cryptocurrency mining ASICs; these mining ASICs are located around the world and help to provide stabilization and revenue to sbicrypto pool’s business.

What is this document and why should I read it?

SBI Crypto adheres to Japan’s Act on the Protection of Personal Information (Act No. 57 of 2003 and amended in 2015) and to the EU General Data Protection Regulation (GPDR). The GPDR is among the most restrictive in the world and provides better protections on your personal data.

You should know what personal information we collect about you, how we collect it, what we use it for, how we store and secure it, if we share your information with third parties or not, and what controls you have.

When is this policy effective? Do you provide update notifications?

These terms are effective from 1 December 2020. We reserve the right to amend this Privacy Policy, as well as our other terms, at any time. We will make an attempt to notify you in advance of changes to our policies to your email address associated with your user account. In some cases (such as email delivery issues), notification may not be delivered as you expect.

Who collects my personal data?

SBI Crypto Co., Ltd. (SBI Crypto株式会社), registered in the country of Japan at 1-6-1 Roppongi, Minato, Tokyo, under registration number: collects, stores, secures, and conducts operations with your personal data.

Why and what personal data do you collect and process?

We collect the following information to develop and test our sbicrypto pool platform, to secure your account against unauthorized access or modifications, to improve our services to you, to market our services, to advise you of suggested services of SBI Group affiliates, to provide notifications when we update our Privacy Policy or other terms, to contact you, to pay you for your computing power, and to keep records for our audits:

  • email address;
  • password in hashed and salted form;
  • website cookies and session IDs
  • primary country and time zone;
  • first and last names;
  • information about your devices such as a unique device ID;
  • IP address, including IP address to access the platform and IP address of your mining servers sending mining shares;
  • wallet addresses;
  • information and statics about the computing power you provide to sbicrypto pool, and the amount of cryptocurrency SBI Crypto pays you for your computing power; and
  • other data voluntarily provided by the user via the user account or other correspondence.

Do you use Cookies?

We use cookies to analyze traffic and personalize content. We use session IDs and keys to secure access to your account. We collect, store, and process personal information via such cookies and session IDs. This information includes your IP address and information about your activity on our website. We use cookies to analyze traffic, improve our services and reliability, and to secure our website and platform against attacks. You may delete your cookies or change your cookie settings at any time.

We collect, process, and store this personal data pursuant to Article 6 (1) of GDPR.

Who will have access to my personal data:

We take care to ensure our employees and contractors who handle any personal information understand their privacy protection obligations and to provide security to prevent abuse, unauthorized access, or unauthorized transmission. The primary personnel who may have access to your personal data are:

  • Limited personnel with administrative access to our production databases;
  • Technology contractors operators that we use to provide, operate and develop our services;
  • Persons providing accounting, legal, administrative, audit services;
  • Our employees and staff.

While we may directly advise you on the services of SBI Group companies and their affiliates, we will not share your personal data with them for marketing purposes without your consent.

As a Japanese corporation, a single one-time transaction to a single cryptocurrency address with a value over 30,000,000 JPY (approximately 235 000 EUR, 290,000 USD) is required to be reported to the Bank of Japan. In this case, we will provide your information as requested by the Bank of Japan. We will notify if this reporting requirement occurs in relation to you. The personal information provided to the Bank of Japan will be limited to the minimum amount possible.

How is my personal data stored and protected?

Your data is stored in electrical or physical mediums in Japan. We protect your data against unauthorized access, destruction, unauthorized transmission, unauthorized processing, or other abuses. Some of the procedures and methodologies we use include, but are not limited to:

  • Education of relevant staff about our Privacy Policy obligations and training on best-practices regarding personal data protection and general security practices;
  • Administrative rules to restrict access to personal data on a ‘need to know’ basis;
  • Technological rules and security measures such as firewalls, network security policies, symmetric key authentication, RSA encryption, anti-virus software;
  • Security reviews and pen-testing of our systems against whitebox, greybox, and blackbox attacks.

If you share your account login information, email login information or other communication accounts, to a third party, that party will have access to your personal information.

For how long will you store my personal data?

We process and store your data only for the time necessary to meet the purposes specified above, for a time period consented directly by you, or for time that is necessary to comply with Japanese law or other local laws. We will destroy your personal data when the purpose for processing no longer occurs and when no longer required to be archived by law.

Do you transfer the personal data outside of Japan?

No, we do not currently transfer your personal data from outside of Japan to another country.

How may I contact you about this privacy policy?

  • Mailing Address: Izumi Garden Tower 15F, 1-6-1 Roppongi, Minato, Tokyo, Japan 106-6019
  • Email address: gdpr@sbicrypto.com

Document Version: 831717377-210312