Privacy Policy

BONDI TECHNOLOGY INC.

Effective Date: January 17, 2025

Introduction

Bondi Technology Inc. ("Bondi," "we," "our," or "us") is committed to protecting your privacy and ensuring transparency in our data practices. This Privacy Policy explains how we collect, use, store, and share your personal data when you interact with our websites, applications, and services (collectively, the "Services").

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Policy. If you do not agree with any part of this Policy, please discontinue use of our Services immediately.

Scope & Applicability

Intended Audience

Non-Panamanian and Non-U.S. Users Only: Our Services are strictly not intended for persons residing in or citizens of the Republic of Panama or the United States of America.
Restricted Jurisdictions: In addition to Panama and the U.S., our Services are not available to individuals in or from certain other jurisdictions as set forth in our Terms of Service.

Applicability

This Policy applies to all personal data collected through our Services, including our primary domains:

...and any current or future subdomains or related websites operated by Bondi.

Personal Data We Collect

We collect only the personal data necessary to ensure the secure operation of our platform, comply with our legal obligations, and deliver our Services effectively. The categories include:

Identification & Verification Data

Full Legal Name
Date of Birth
Government-Issued Photo Identification: (e.g., passport, driver's license)
Proof of Address: (e.g., utility bill)
Liveness Verification: (via selfie or video-based checks conducted by our KYC provider)

Contact & Wallet Information

Email Address: Used for account communications, support, newsletters, and service notifications.
Public Blockchain Wallet Address: Associated with your Bond Token activities.

Technical & Usage Data

Collected automatically when you interact with our Services:

IP Address
Device & Browser Information
Operating System and Browser Type
Usage Logs: Including timestamps and access details

KYC/AML Documentation

Supporting Documents: Collected via our third-party KYC provider to verify identity, assess eligibility, and fulfill anti-money-laundering obligations.

Optional Marketing Data

Opt-In Contact Details: Such as additional email addresses provided for receiving newsletters or promotional materials.

Purposes & Legal Bases

We process your personal data only for specific, limited purposes and on legally sound bases. Our primary purposes include:

Platform Operation and Contractual Necessity

Provision of Services: Processing data to enable wallet connectivity, issuance/redemption of Bond Tokens, and the distribution of coupon payments.
Legal Basis: Processing is necessary for the performance of the contract you enter into when using our Services.

Compliance with Legal and Regulatory Obligations

KYC/AML and Fraud Prevention: Data is processed to verify your identity, comply with anti-money-laundering laws, and prevent fraud.
Legal Basis: Legal obligation (including record-keeping requirements) and legitimate interests in maintaining a secure platform.

Safety, Security, and Internal Operations

Security Monitoring: To protect our Services, investigate suspicious activity, and maintain system integrity.
Legal Basis: Legitimate interests, supplemented by contractual necessity where applicable.

Marketing and Communications

Optional Communications: If you opt in, we may send you newsletters, updates, or promotional information.
Legal Basis: Your explicit consent (which you may withdraw at any time).

International Best Practices

For our non-Panamanian users, in addition to complying with Panama's Law No. 81, we adhere to internationally recognized privacy principles (such as those embodied in the GDPR) to the extent applicable. This commitment reinforces our transparency, fairness, and security standards globally.

Exclusion for Minors

Our Services are strictly intended for individuals aged 18 years or older.

Legal Basis: We do not knowingly collect data from minors. In the event that personal data of a minor is inadvertently received, we will promptly delete such data and take measures to prevent further collection.

Data Storage & Retention

Single Jurisdiction Storage

We store all personal data in a single jurisdiction to ensure robust data protection and regulatory compliance.
Routine cross-border transfers are not performed, except as necessary to fulfill specific legal obligations.

Retention Periods

KYC/AML Documentation: Retained for up to 5 years following user inactivity or account closure to comply with legal obligations.
Identification and Verification Data: Maintained as long as necessary to support account management and fraud prevention, and thereafter in anonymized form where feasible.
Technical and Usage Data: Retained for a period of up to 12 months solely for security monitoring, troubleshooting, and system performance purposes.
Marketing Data: Retained until you opt out or request deletion, subject to any legal or regulatory retention requirements.

Deletion or Anonymization

When your personal data is no longer required for the purposes for which it was collected, or once the legal retention period expires, we will securely delete or irreversibly anonymize your data. Notwithstanding this, data required for compliance with applicable laws (e.g., AML requirements) will be retained until no longer legally mandated.

We share your personal data only as necessary for the operation of our Services and in compliance with applicable law. Our sharing practices are organized into the following categories:

Third-Party Service Providers

KYC/AML Providers: We engage reputable third-party providers to conduct identity verification and fraud prevention. These providers process your personal data solely to perform these services on our behalf, under strict confidentiality and security obligations.
Infrastructure and Hosting: Our platform is supported by service providers that offer hosting, maintenance, and security services. These providers may process limited personal data necessary for system operations.

Legal and Regulatory Authorities

Law Enforcement and Regulators: In response to valid legal requests, subpoenas, or court orders, we may disclose your data to government agencies, regulators, or other authorities as required by law.
Compliance Purposes: We may share data when necessary to prevent or investigate suspected fraud, unlawful activity, or breaches of our Terms or this Privacy Policy.

Corporate Transactions

Business Transfers: In the event of a merger, acquisition, corporate restructuring, or sale of all or part of our assets, your personal data may be transferred to a successor entity. Such transfers will only occur if the successor agrees to abide by privacy practices substantially similar to those described in this Policy.

Aggregated or De-Identified Data

Statistical and Analytical Purposes: We may share aggregated or de-identified data with third parties for research, analysis, and internal improvements. Such data does not identify you and is used solely for enhancing the performance and security of our Services.

Cookies & Tracking

Essential Cookies

We use cookies that are strictly necessary for the operation and security of our Services. These cookies ensure proper functioning, enhance user experience, and facilitate secure authentication.

Management of Cookies

Browser Settings: You may configure your browser to refuse cookies or alert you when cookies are being sent. Please note that disabling cookies may limit certain functionalities of our Services.
Opt-Out Information: For more detailed guidance on managing cookies and tracking technologies, please refer to our online cookie management guide available on our website.

User Rights & Choices

We respect your rights regarding your personal data. Depending on your jurisdiction and the applicable law, you may have the following rights:

A. Right to Access You have the right to request confirmation of whether we process your personal data and, if so, to obtain a copy of that data. This may include information on the categories of data collected and the purposes of processing.

B. Right to Rectification If you believe that any personal data we hold is inaccurate or incomplete, you may request that we update or correct such data. Please provide sufficient detail to allow us to identify and amend the data in question.

C. Right to Deletion Subject to any legal obligations (such as retaining AML data for 5 years), you have the right to request deletion of your personal data. We will assess your request and, where applicable, delete the data or provide an explanation if deletion is not possible.

D. Right to Withdraw Consent If you have provided your consent for the processing of your personal data (for example, for marketing communications), you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing carried out prior to your withdrawal.

E. How to Exercise Your Rights To exercise any of these rights, please contact us at info@bondifinance.io with a clear description of your request. We may ask you to provide additional information to verify your identity before processing your request. We aim to respond to all valid requests within 30 days.

Security Measures

Technical Safeguards

Encryption: We use SSL/TLS encryption to protect data transmitted between your device and our servers.
Access Controls: Strict authentication protocols are in place to limit access to personal data to authorized personnel only.

Organizational Measures

Employee Training: Regular training is provided to our staff on data protection principles and secure data handling.
Vendor Agreements: All third-party processors and service providers are required to adhere to stringent security standards and confidentiality obligations.

Incident Response & Breach Notification

Monitoring and Detection

We continuously monitor our systems for unusual activity or potential breaches through a combination of automated tools and manual oversight.

Response and Containment

In the event of a confirmed data breach, we will immediately initiate our incident response protocol to contain the breach, assess its impact, and mitigate further risks.

Notification Procedures

If a breach poses a significant risk to your rights or freedoms, we will notify you and the relevant supervisory authorities (for instance, Panama's National Authority for Transparency and Access to Information, ANTAI) promptly in accordance with applicable law.

Complaints & Dispute Resolution

Internal Review Process

If you have any questions or concerns about our data practices or this Policy, please contact us at info@bondifinance.io. We are committed to addressing your concerns and will respond within 30 days.

Regulatory Complaints

If you believe that your rights under Panama's Law No. 81 have been violated, you may file a complaint with the National Authority for Transparency and Access to Information (ANTAI) via https://www.antai.gob.pa/. Non-Panamanian users may also seek remedies through their local supervisory authorities where applicable.

Changes to This Policy

We reserve the right to modify this Privacy Policy at any time to reflect changes in our practices or legal requirements.

Notification: Material changes will be communicated to you via email (if possible) or by posting a notice on our Services at least 7 days prior to the effective date of the changes.
Continued Use: Your continued use of our Services following any updates constitutes acceptance of the revised Policy.

Contact Information

For any questions, requests, or concerns regarding this Privacy Policy or our data practices, please contact us at:

Email: info@bondifinance.io

Registered Address:
Bondi Technology Inc.
Province of Panama, District of Panama, Betania,
Vía Ricardo J. Alfaro, PH The Century Tower, Office 317

Final Remarks

Bondi Technology Inc. is committed to processing your personal data in a lawful, fair, and transparent manner. By adhering to Panama's Law No. 81 and internationally recognized privacy principles, we strive to protect your data while providing a secure and reliable service. We encourage you to review this Privacy Policy regularly and to contact us with any questions or concerns.

Privacy Policy

Introduction​

Scope & Applicability​

Intended Audience​

Applicability​

Personal Data We Collect​

Identification & Verification Data​

Contact & Wallet Information​

Technical & Usage Data​

KYC/AML Documentation​

Optional Marketing Data​

Purposes & Legal Bases​

Platform Operation and Contractual Necessity​

Compliance with Legal and Regulatory Obligations​

Safety, Security, and Internal Operations​

Marketing and Communications​

International Best Practices​

Exclusion for Minors​

Data Storage & Retention​

Single Jurisdiction Storage​

Retention Periods​

Deletion or Anonymization​

How We Share Your Data​

Third-Party Service Providers​

Legal and Regulatory Authorities​

Corporate Transactions​

Aggregated or De-Identified Data​

Cookies & Tracking​

Essential Cookies​

Management of Cookies​

User Rights & Choices​

Security Measures​

Technical Safeguards​

Organizational Measures​

Incident Response & Breach Notification​

Monitoring and Detection​

Response and Containment​

Notification Procedures​

Complaints & Dispute Resolution​

Internal Review Process​

Regulatory Complaints​

Changes to This Policy​

Contact Information​

Final Remarks​