Privacy Notice

Updated March 24, 2026 09:36

Last updated: 13 January 2026

1. Introduction

Deribit (“we”, “us” or “our”) is an online platform that facilitates the trading of cryptocurrency-related products. We respect and protect the privacy of those who explore our Services (“Users”) and Users who sign up for and access to our Services (“Customers”) (together referred throughout this “PrivacyNotice” as “you” and “your”). Deribit will always process your personal data in accordance with this Privacy Notice, as regularly updated under the conditions set out below.

This Privacy Notice outlines the general provisions applicable to all personal data processing activities carried out by us when you sign up for or access any of our “Services”, which include the services offered on our websites, including but not limited to deribit.com, insights.deribit.com, test.deribit.com, support.deribit.com, docs.deribit.com (each “Site” and collectively the “Sites”) or when you use the Deribit Exchange (the “Platform”), the Deribit mobile app (the “App”) and related services. To the extent that you are a Customer or User of our Services, a website visitor, or if you otherwise interact with us, this Privacy Notice applies together with the Deribit Terms of Service and any other agreements we may have with you.

This Privacy Notice does not apply to the information practices of other companies and organisations that refer to our services.

This Privacy Notice does not apply to job applicants and candidates who apply for employment with us or to our employees whose personal data is subject to different privacy notices which are provided to such individuals in the context of their employment or working relationship with us.

If you reside outside of the UK and the European Economic Area (the “EEA”), accessing and using our Services means that you accept this Privacy Notice and its terms.

It is important that you understand how we use your information. You should read this page in full, but below are the key highlights and some helpful links:

Our goal is to simplify your crypto experience. If you do not wish for your personal information to be collected, used, or disclosed as described in this Privacy Notice, or you are under 18 years of age, you should stop accessing our Services.
We collect and use your information in order to provide and improve our Services and your experience, protect the security and integrity of our platform, and meet our legal obligations. See Sections 3 and 4 below.
Deribit is part of Coinbase. We share your information with other Deribit and Coinbase companies, as well as trusted third parties and service providers, in order to offer our Services and fulfill legal requirements. See Section 8 below.
We offer privacy tools to request access to or deletion of information we hold about you. We describe this in detail on Section 6 below.

If you have any questions, please contact us via Support Center or at dpo@deribit.com.

2. Our relationship with you

The Deribit operating entity you contract with determines the means and purposes of the processing of your personal data in relation to the services provided to you (typically referred to as a “data controller”).

For Customers contracting with Deribit FZE, your data controller is Deribit FZE (“DRB FZE”), a company existing and operating in the Dubai World Trade Centre in the Emirate of Dubai, United Arab Emirates registered with license number 2800 having its registered address at The Offices 2 - One Central, Floor Number 02, Premises No. TO2-FLR02-02.05, Dubai World Trade Center.

For Customers contracting with DRB Panama Inc., your data controller is is DRB Panama Inc, a private company with limited liability incorporated and existing in the Republic of Panama and registered with the Mercantile Registry under No. 155684990 having its registered address at Via Espana, Delta Bank Building, 6th Floor, Suite 604D, Panama City, Republic of Panama.

For all other Users, your data controller is Sentillia B.V., a private company existing and operating in The Netherlands and registered with KvK No.69402132 having its registered address at Zuidplein 136, 1077 XV, Amsterdam.

3. What personal data does Deribit collect and process?

Personal data is any information relating to an identified or identifiable individual. This includes information you provide to us, information which is collected about you automatically, and information we obtain from third parties.

Information you provide to us

To open an account and access our services, we'll ask you to provide us with some information about yourself. This information is either required by law (e.g., for KYC - ‘Know your Customer’, AML ‘Anti-Money Laundering’ and CDD ‘Customer Due Diligence’ obligations), necessary to provide the requested services, or is relevant for certain specified purposes, described below. In some cases, if we add services and features you may be asked to provide us with additional information. Failure in providing the data required implies that Deribit will not be able to offer you our Services.

Also, if you communicate with us through our Support Center, our Telegram channels, join any of our events, or otherwise interact with us, you may also share your personal data with us.

We may collect the following types of information from you:

Category of Personal Data	Types of Personal Data
Biographical and Contact Information	Full name, e-mail address, residential address, telephone number, date of birth, place of birth, nationality, country of residence, gender
Supplemental Identification Information	Proof of residence, utility bills, photographs and/or videos, spouse name
Sensitive and Biometric Information	As part of your onboarding, we may collect biometric information to verify your identity by, for example, comparing the facial scan data extracted from your selfie or video with the photo in your government issued identity document
Government identifiers	Government issued identity documents such as passport, national identification number, national identity card details, drivers licence, state identification card, social security number, visa information
Financial Information	Income details and source of income, net worth and source of wealth, bank account information, credit card details, experience in trading and trading derivatives, understanding of cryptocurrency trading and its inherent risk, tax identification number, jurisdictions of tax residence
Trading Information	Information about the transactions made on our Services such as transaction history, account balances, order details, wallet data, travel rule data, expected trades, expected deposits, names of the sender and recipient of each trade, amount, currency preferences, payment method, date and/or timestamp
Online identifiers	Social media domains / profiles (e.g., Telegram, Slack, X)
Institutional Information (if you are an institutional Customer)	Employer Identification number (or comparable number issued by a government), personal identification information for all material beneficial owners of the Institution, including registered Directors, Members, Shareholders and Ultimate Beneficial Owners (UBOs). Natural persons connected to Institutional Customers must be identified and verified so that we know who we are engaging with. This identification process applies to UBOs, directors, authorised signatories and legal representatives of the corporate Customer, and we will collect the following: full name, date of birth, residential address, country of residence, nationality, country of birth, ID, proof of residence.
Employment Information	Employer, employer identification number, job title, salary wage, CV
Communication Information	Correspondence with customer support, chat logs, support tickets, responses to surveys. Communications with us including call recordings with our customer services team, or any other team, including communications with interfaces such as chatbots.
Referral Information	Your contact’s phone or email address if you choose to invite friends to Deribit
Information from Cookies	See our Cookie Notice at the bottom of the website for further information. This will only apply if you give us consent.
Account, Security and Authentication Information	Usernames, UserID, passwords, API Keys, two-factor authentication details, preferred UX settings
Marketing preferences	Opt-in or opt-out preferences for marketing communications
CCTV footage and photo	If you visit our offices or data centres you may be captured by CCTV cameras placed facing the access doors. If you participate in any of our events, there might be recordings or photos of these.

Information we collect about you automatically

To the extent permitted under the applicable law, we may collect certain types of information automatically, for example whenever you interact with us or use the Services. This information helps us address customer support issues, improve the performance of our sites and Services, maintain and or improve your user experience, and protect your account from fraud by detecting unauthorised access.

Category of Personal Data	Types of Personal Data
App, Device and Browser Information	Collected automatically via analytics systems providers from your browser, such as IP address, referral site, login information, browser type and version, time zone setting, operating system and platform
Usage Information, Diagnostic and Troubleshooting Information	Generated by your use of our Services and Sites , and collected normally via Cookies, web beacons, pixels or similar technologies. This includes device information such as device identifier, device operating system and model, device storage, location information, network address, system activity and information regarding the pages you visit, length of the visit, page response time, page interaction such as scrolling, clicks, and mouse overs, among others. We also collect information about how our Services are performing when you use them, i.e. service-related diagnostics and performance information, including timestamps, crash data, website performance logs, and error messages or reports.
Marketing Information	Website activity and preferences expressed through selection, viewing, purchase of products and offered through our website and platform; Mobile device information such as type of device, device identification number, mobile operating system. This also includes information collected via Cookies.

Category of Personal Data

Types of Personal Data

App, Device and Browser Information

Collected automatically via analytics systems providers from your browser, such as IP address, referral site, login information, browser type and version, time zone setting, operating system and platform

Usage Information, Diagnostic and Troubleshooting Information

Generated by your use of our Services and Sites , and collected normally via Cookies, web beacons, pixels or similar technologies. This includes device information such as device identifier, device operating system and model, device storage, location information, network address, system activity and information regarding the pages you visit, length of the visit, page response time, page interaction such as scrolling, clicks, and mouse overs, among others.

We also collect information about how our Services are performing when you use them, i.e. service-related diagnostics and performance information, including timestamps, crash data, website performance logs, and error messages or reports.

Marketing Information

Website activity and preferences expressed through selection, viewing, purchase of products and offered through our website and platform;

Mobile device information such as type of device, device identification number, mobile operating system.

This also includes information collected via Cookies.

Information we receive about you from Affiliates and third parties

We may obtain information about you from our Affiliates or third party sources such as our service providers assisting with AML, fraud, and security compliance, custody solutions, and through publicly available sources.

When conducting a transaction with a third party vendor, partner or customer in the ordinary course of business, this party may provide us with personal data about you such as name and contact information.

Category of Personal Data	Types of Personal Data
Deribit entities and Coinbase Group of Companies (“Affiliates”)	We may obtain information about you, such as Biographical Information, Trading Information and Usage Information, from our Affiliates as a normal part of conducting business.
Public Database Information	We obtain information about you from public databases, such as available sanction lists (e.g., United Nations Sanctions List), or Google searches, including your name, address, email address, phone number, gender, national ID number and nationality/country of residence, date of birth, job role, public employment profile, listing on any sanctions lists maintained by public authorities, and other public data as necessary
Blockchain Data	We may analyze public blockchain data, including timestamps of transactions or events, transaction IDs, digital signatures, transaction amounts, and wallet addresses
Information from our Marketing and Advertising Partners	We receive information such as your name and contact information from our marketing partners, including in some instances what marketing content you viewed or the actions you take on and off our Sites and Apps, to better understand your preferences and customize the ads that you see
Information from Analytics Providers	We receive information about your Site and App usage, interactions, age group, and survey responses (including prior to account creation, in some cases)
Research and In-App Survey Information	We use third party service providers to conduct in-app surveys to better understand our Customers’ experience and improve our Services. The information we receive from our research partners is pseudonymous
Background and Identity Check Partners	We use third parties to conduct background and identity checks regarding our Customers and potential Customers. These Partners may provide us with your name, address, email address, phone number, gender, national ID number and nationality/country of residence, date of birth, job role, public employment profile, listing on any sanctions lists maintained by public authorities, and other data as necessary
Custody Firms and Onboarding Partners	Onboarding Platforms and Custody Firms may share with us certain data about you when you opt for using one of our Custody or Onboarding Partners
Travel Rule Partners	We may receive personal data about you from a Travel Rule Partner if you are the beneficiary of a transfer

Additionally, when Deribit is conducting a transaction with a third-party vendor or customer, this party may provide us with personal data about you such as name, contact information, and transaction information.

4. Why and on which legal grounds does Deribit process my personal data?

Our main purpose in collecting your personal data is to provide our Services in a secure, compliant and efficient way. We generally use your personal data to deliver, provide, operate our Services, to market our Services, and for loss prevention and anti-fraud purposes. In the table below we set out the various reasons for us to process your personal data, together with the categories of personal data processed (as described in the section above) and our legal basis for doing so.

In some cases, we will need to terminate your account if we cannot process your personal information for the purposes below.

Processing purposes	Legal basis
To create and maintain your Deribit account and provide you with the Service This covers onboarding you as a customer, creating and administering your account, processing your trades and trading history, your orders, withdrawals, and deposits, to set up your customer account, profile and preferred UX settings. Categories of personal data: Biographical and Contact Information, Supplemental Identification Information, Financial Information, Trading Information, Suitability Information, Institutional Information, Usage Information, Referral Information, Account, security and authentication information, communication information	Processing is necessary for the performance of a contract to which you are a party.
To verify your identity and ensure accuracy of your personal data Specific anti-money laundering laws (“AML”)or other sanctions laws/regulations (e.g., funds transfer rules, also known as “Travel Rule”) require us to process certain personal data about you to properly identify or verify your identity. Our verification process involves electronic identification through the comparison of your “selfie” against your provided verification information. Categories of personal data: Biographical and Contact Information, Sensitive and Biometric Information, Government identifiers, Financial Information, Employment Information, Institutional Information, Public Database Information, and information provided by Background and Identity Check Partners.	Processing is necessary to comply with Anti-Money Laundering and customer due diligence regulatory obligations. When this involves the processing of special categories of personal data in the European Economic Area (“EEA”), our processing also relies on reasons of substantial public interest, based on EU or EU Member State law. Where no specific AML legislation applies, we process these categories of personal data relying on our legitimate interest. We firmly believe in the responsible and proactive implementation of such measures. By voluntarily engaging in thorough “Know your Customer” (“KYC”) procedures, we contribute to the prevention of financial crimes, the protection of our clientele, and our trading venue.
To determine your legal eligibility for certain regulated products When you use certain locally regulated products or engage in certain advanced trading activities, we may be required to carry out additional checks to ensure your suitability. Categories of personal data: Biographical and Contact Information, Sensitive and Biometric Information, Government identifiers, Financial Information, Employment Information, Institutional Information, Public Database Information, and information provided by Background and Identity Check Partners.	Processing is necessary to comply with Anti-Money Laundering and customer due diligence regulatory obligations.
To communicate with you on service-related matters and provide customer support It involves communicating with you about the service (e.g., keep you informed about relevant security issues or updates). You may not opt-out of receiving critical service communications, such as emails or mobile notifications sent for legal or security purposes. It also covers customer support and trouble-shooting activities such as answering your questions, complaints and disputes. Categories of personal data: Biographical and Contact Information, Trading Information, Communication Information, Account, security and authentication Information, App, Device and Browser Information, Usage Information	Processing is necessary for the performance of a contract of which you are a party.
To provide marketing communications to you and to use social media and advertising platforms To send you targeted marketing communications. We use the services of social media platforms or advertising platforms for purposes including marketing. You may also see ads for our Services when you visit other apps and websites Categories of personal data: Biographical and Contact Information, Online Identifiers, Marketing Information, Information from Cookies, Information from our Marketing and Advertising Partners, Usage Information, App, Device and Browser Information	We rely on your consent for the processing of your data for these purposes. You can withdraw your consent at any time.
To promote the security, safety and integrity of our Services This includes accounts and related activity, combating malware and security risks, transaction monitoring, detecting suspicious trades, credit risks, preventing fraud and abuse, and security risks such as compromised accounts and funds loss. It also includes investigating and addressing violations of our Customer Agreements. We may also use scoring methods to assess and manage credit risks. Please note that we may engage in automated decision-making for purposes of risk and fraud detection. This includes verifying accounts and their activities, detecting and preventing suspicious behaviors such as unlawful or fraudulent actions, and preventing account takeovers. When we do, we have implemented suitable measures to safeguards your rights, including in most cases, the revision of the case by one of our officers (human-in-the-loop). If you visit our offices or data centres, this can also include CCTV footage. Categories of personal data: Trading information, Institutional Information, Communication Information, Account, Security and Authentication Information, App, Device, and Browser Information, Usage Information, Blockchain Data, CCTV footage, information received by third parties.	Processing is necessary for the performance of a contract of which you are a party. Processing is also necessary for compliance with Anti-Money Laundering regulations.
For internal business purposes and record keeping. To do research, auditing, reporting, budgeting and other business operations. Categories of personal data: Biographical and Contact Information, Trading Information	Processing is necessary for the purpose of the legitimate interest pursued by us to keep records to ensure that you comply with your contractual obligations pursuant to the agreement governing our relationship with you, for internal business and research purposes as well as for record keeping purposes. Processing is also necessary to comply with our legal obligations to keep certain records.
To do research, improve, innovate, and customize your experience with our Services . We process personal data to improve our services and for you to have a better user experience. In many cases, we aggregate your personal data so that more rigorous statistical analysis of general patterns may lead us to providing better products and services. Some of this information may be used for marketing purposes as described below. Categories of personal data: Trading Information, Communication Information, Account, Security and Authentication Information, App, Device and Browser Information, Usage Information	It is our legitimate interest to understand how you interact with our Services by processing information obtained through your use of our Services, your interaction with customer support, your responses to our surveys, and in general, your communications with us.
To run some minor marketing activities This includes sending out newsletters, targeted communications, launching specific campaigns for active users, organizing give-aways, promotions, prizes, conducting surveys. You may also see ads for our Services when you visit other apps and websites. Categories of personal data: Biographical and Contact Information, Trading information, Communication information, Account, security and authentication information, Browser information, Usage information, Online identifiers, Marketing preferences, Marketing information.	We rely on your consent when you have indicated so. For instance, when you register for the newsletter, or to participate in a specific campaign, or you agree with us sharing a photo or short story about you. For other activities, we rely on our legitimate interest to promote our Services that you may be interested in.
To administer and run Events This includes rolling out invitations, hosting the events (online and offline events), and sending communications to keep you updated about any changes regarding the event. The events may include the recording of audiovisual (AV) material, such as voice and image. Categories of personal data: Biographical and Contact Information, CCTV footage, Marketing Information, Financial Information	Processing is necessary for the purpose of our legitimate interest to produce, promote, organise and host events. We also need to process some personal data to ensure the safety of our events. To the extent that your participation or engagement with the event creates a contractual relationship with us, the processing is also necessary for the performance of a contract. For some specific processing, we rely on your consent (e.g., if you voluntarily wish to appear in a photo or recording).
To gather information via Cookies This includes analysing usage of the website and the platform, drawing statistics and some minor marketing activities. Categories of personal data: Information from Cookies	Where required by applicable law, we rely on your consent to place cookies and similar technologies. You may withdraw your consent at any time.
To enforce and defend our rights This includes initiating legal claims, preparing our defence in litigation procedures, addressing legal or administrative proceedings whether before a court or a statutory body and to investigate or settle issues, enquiries and/or disputes. It also includes promoting the safety, security and integrity of our Services, network, Customers, Users, employees, property and the public. Categories of personal data: Biographical and Contact Information, Government identifiers, Financial Information, Trading Information, Institutional Information, Employment Information, Communication Information, Account, Security and Authentication Information, App, Device and Browser Information, Usage Information, Marketing Information, CCTV footage, Blockchain Data.	It is in our legitimate interest to enforce and defend our rights and to ensure that issues, enquiries and/or disputes are investigated and resolved in a timely and efficient manner. It is also our legitimate interest to secure our platform and network, verify accounts and activity, detect, prevent and address fraud, abuse, spam, and other bad experiences.
To comply with other legal and regulatory obligations We may access, read, preserve, and disclose information when we believe it is reasonably necessary to comply with law, legal obligations, regulations, law enforcement, governmental, and other legal requests, court orders, or for disclosure to tax authorities. Categories of personal data: Biographical and Contact Information, Government identifiers, Financial Information, Trading Information, Institutional Information, Employment Information, Communication Information, Account, Security and Authentication Information, App, Browser and Device Information, Usage Information, Marketing Information, CCTV footage, Blockchain Data.	It is our legal obligation to disclose personal data where we receive a legally binding request to disclose personal data from law enforcement or other bodies or where we have a legitimate interest in assisting law enforcement or other agencies in respect of an investigation. In the absence of a legally enforceable act (e.g., an international treaty) we may share your information for the performance of a task carried out in the public interest

Processing purposes

Legal basis

To create and maintain your Deribit account and provide you with the Service

This covers onboarding you as a customer, creating and administering your account, processing your trades and trading history, your orders, withdrawals, and deposits, to set up your customer account, profile and preferred UX settings.

Categories of personal data: Biographical and Contact Information, Supplemental Identification Information, Financial Information, Trading Information, Suitability Information, Institutional Information, Usage Information, Referral Information, Account, security and authentication information, communication information

Processing is necessary for the performance of a contract to which you are a party.

To verify your identity and ensure accuracy of your personal data

Specific anti-money laundering laws (“AML”)or other sanctions laws/regulations (e.g., funds transfer rules, also known as “Travel Rule”) require us to process certain personal data about you to properly identify or verify your identity. Our verification process involves electronic identification through the comparison of your “selfie” against your provided verification information.

Categories of personal data: Biographical and Contact Information, Sensitive and Biometric Information, Government identifiers, Financial Information, Employment Information, Institutional Information, Public Database Information, and information provided by Background and Identity Check Partners.

Processing is necessary to comply with Anti-Money Laundering and customer due diligence regulatory obligations.

When this involves the processing of special categories of personal data in the European Economic Area (“EEA”), our processing also relies on reasons of substantial public interest, based on EU or EU Member State law.

Where no specific AML legislation applies, we process these categories of personal data relying on our legitimate interest. We firmly believe in the responsible and proactive implementation of such measures. By voluntarily engaging in thorough “Know your Customer” (“KYC”) procedures, we contribute to the prevention of financial crimes, the protection of our clientele, and our trading venue.

To determine your legal eligibility for certain regulated products

When you use certain locally regulated products or engage in certain advanced trading activities, we may be required to carry out additional checks to ensure your suitability.

Processing is necessary to comply with Anti-Money Laundering and customer due diligence regulatory obligations.

To communicate with you on service-related matters and provide customer support

It involves communicating with you about the service (e.g., keep you informed about relevant security issues or updates). You may not opt-out of receiving critical service communications, such as emails or mobile notifications sent for legal or security purposes.

It also covers customer support and trouble-shooting activities such as answering your questions, complaints and disputes.

Categories of personal data: Biographical and Contact Information, Trading Information, Communication Information, Account, security and authentication Information, App, Device and Browser Information, Usage Information

Processing is necessary for the performance of a contract of which you are a party.

To provide marketing communications to you and to use social media and advertising platforms

To send you targeted marketing communications. We use the services of social media platforms or advertising platforms for purposes including marketing. You may also see ads for our Services when you visit other apps and websites

Categories of personal data: Biographical and Contact Information, Online Identifiers, Marketing Information, Information from Cookies, Information from our Marketing and Advertising Partners, Usage Information, App, Device and Browser Information

We rely on your consent for the processing of your data for these purposes. You can withdraw your consent at any time.

To promote the security, safety and integrity of our Services

This includes accounts and related activity, combating malware and security risks, transaction monitoring, detecting suspicious trades, credit risks, preventing fraud and abuse, and security risks such as compromised accounts and funds loss. It also includes investigating and addressing violations of our Customer Agreements.

We may also use scoring methods to assess and manage credit risks. Please note that we may engage in automated decision-making for purposes of risk and fraud detection. This includes verifying accounts and their activities, detecting and preventing suspicious behaviors such as unlawful or fraudulent actions, and preventing account takeovers. When we do, we have implemented suitable measures to safeguards your rights, including in most cases, the revision of the case by one of our officers (human-in-the-loop).

If you visit our offices or data centres, this can also include CCTV footage.

Categories of personal data: Trading information, Institutional Information, Communication Information, Account, Security and Authentication Information, App, Device, and Browser Information, Usage Information, Blockchain Data, CCTV footage, information received by third parties.

Processing is necessary for the performance of a contract of which you are a party.

Processing is also necessary for compliance with Anti-Money Laundering regulations.

For internal business purposes and record keeping. To do research, auditing, reporting, budgeting and other business operations.

Categories of personal data: Biographical and Contact Information, Trading Information

Processing is necessary for the purpose of the legitimate interest pursued by us to keep records to ensure that you comply with your contractual obligations pursuant to the agreement governing our relationship with you, for internal business and research purposes as well as for record keeping purposes.

Processing is also necessary to comply with our legal obligations to keep certain records.

To do research, improve, innovate, and customize your experience with our Services .

We process personal data to improve our services and for you to have a better user experience. In many cases, we aggregate your personal data so that more rigorous statistical analysis of general patterns may lead us to providing better products and services.

Some of this information may be used for marketing purposes as described below.

Categories of personal data: Trading Information, Communication Information, Account, Security and Authentication Information, App, Device and Browser Information, Usage Information

It is our legitimate interest to understand how you interact with our Services by processing information obtained through your use of our Services, your interaction with customer support, your responses to our surveys, and in general, your communications with us.

To run some minor marketing activities

This includes sending out newsletters, targeted communications, launching specific campaigns for active users, organizing give-aways, promotions, prizes, conducting surveys.

You may also see ads for our Services when you visit other apps and websites.

Categories of personal data: Biographical and Contact Information, Trading information, Communication information, Account, security and authentication information, Browser information, Usage information, Online identifiers, Marketing preferences, Marketing information.

We rely on your consent when you have indicated so. For instance, when you register for the newsletter, or to participate in a specific campaign, or you agree with us sharing a photo or short story about you.

For other activities, we rely on our legitimate interest to promote our Services that you may be interested in.

To administer and run Events

This includes rolling out invitations, hosting the events (online and offline events), and sending communications to keep you updated about any changes regarding the event.

The events may include the recording of audiovisual (AV) material, such as voice and image.

Categories of personal data: Biographical and Contact Information, CCTV footage, Marketing Information, Financial Information

Processing is necessary for the purpose of our legitimate interest to produce, promote, organise and host events. We also need to process some personal data to ensure the safety of our events.

To the extent that your participation or engagement with the event creates a contractual relationship with us, the processing is also necessary for the performance of a contract.

For some specific processing, we rely on your consent (e.g., if you voluntarily wish to appear in a photo or recording).

To gather information via Cookies

This includes analysing usage of the website and the platform, drawing statistics and some minor marketing activities.

Categories of personal data: Information from Cookies

Where required by applicable law, we rely on your consent to place cookies and similar technologies. You may withdraw your consent at any time.

To enforce and defend our rights

This includes initiating legal claims, preparing our defence in litigation procedures, addressing legal or administrative proceedings whether before a court or a statutory body and to investigate or settle issues, enquiries and/or disputes. It also includes promoting the safety, security and integrity of our Services, network, Customers, Users, employees, property and the public.

Categories of personal data: Biographical and Contact Information, Government identifiers, Financial Information, Trading Information, Institutional Information, Employment Information, Communication Information, Account, Security and Authentication Information, App, Device and Browser Information, Usage Information, Marketing Information, CCTV footage, Blockchain Data.

It is in our legitimate interest to enforce and defend our rights and to ensure that issues, enquiries and/or disputes are investigated and resolved in a timely and efficient manner. It is also our legitimate interest to secure our platform and network, verify accounts and activity, detect, prevent and address fraud, abuse, spam, and other bad experiences.

To comply with other legal and regulatory obligations

We may access, read, preserve, and disclose information when we believe it is reasonably necessary to comply with law, legal obligations, regulations, law enforcement, governmental, and other legal requests, court orders, or for disclosure to tax authorities.

Categories of personal data: Biographical and Contact Information, Government identifiers, Financial Information, Trading Information, Institutional Information, Employment Information, Communication Information, Account, Security and Authentication Information, App, Browser and Device Information, Usage Information, Marketing Information, CCTV footage, Blockchain Data.

It is our legal obligation to disclose personal data where we receive a legally binding request to disclose personal data from law enforcement or other bodies or where we have a legitimate interest in assisting law enforcement or other agencies in respect of an investigation.

In the absence of a legally enforceable act (e.g., an international treaty) we may share your information for the performance of a task carried out in the public interest

5. Can children use Deribit services?

Deribit does not allow anyone under the age of 18 to use the Services and we do not knowingly request or collect any information about persons under the age of 18. If you are under the age of 18, please do not provide any personal information to us.

If a Customer or User submitting personal information is suspected of being younger than 18 years of age, Deribit will require the relevant Customer or User to close his or her account, and will take steps to delete the individual’s information as soon as possible.

In compliance with applicable privacy laws and regulatory requirements, we will retain Date of Birth (“DOB”) information when an individual who is under the legal age attempts to complete the Know Your Customer (“KYC”) identity verification process. This retention is necessary to prevent repeated attempts to re-register while an individual is under the legal age and to protect the integrity and security of our services by prohibiting underage access to our platform.

6. What Rights Do I Have?

Subject to applicable law and depending on where you live you may be able to exercise a number of rights in relation to your privacy and the protection of your personal data. For any of your privacy rights and choices referenced below, requests relating to your personal information can be made by logging into your account and submitting a request via our Support Center or at dpo@deribit.com. Further information regarding each right is given below.

Your rights may be limited in some situations, for example, where we can demonstrate we have a legal requirement to process your personal data, or some rights are limited to our reliance on a specific legal ground as indicated above. If we are unable to fulfil a request in relation to your rights, we will write to you and explain the reason for refusal.

Right to access and portability: you have the right to obtain confirmation that your personal data are processed and to obtain a copy of your personal information held by us by submitting a request via our Support Center. You can also find and download all trades and transactions (including deposits, withdrawals and transfers) per asset and per subaccount, and your monthly statements by navigating through your Dashboard.

Right to rectify: you can request the rectification of your personal data which are inaccurate, and also add to it. You can also change your personal data in the Profile section of your account at any time.

Right to delete: you can, in some cases, have your personal data deleted. Your right, however, is subject to applicable law. If you close your Deribit Account, we will retain or delete information associated with your account as described in Section 7 of this Privacy Notice. You can close your account by navigating in your Dashboard to the “Close Account” functionality.

Right to object or restrict processing: you can, in certain cases, object or restrict us from processing your personal data. For instance, you have the right to object processing where we rely on legitimate interest or where we process your data for direct marketing purposes. You can opt-out of receiving marketing communications from Deribit by submitting a request via Support Center, via email to dpo@deribit.com, by clicking on the unsubscribe button at the bottom of our emails, or by navigating to the Privacy Settings section at the bottom of our website and administering the collection of Cookies.

Right to withdraw your consent: for processing requiring your consent, you have the right to withdraw your consent at any time. Exercising this right does not affect the lawfulness of the processing based on the consent given before the withdrawal of the latter;

Right to contest to a decision based solely on automated processing: you have the right to require that decisions be reconsidered if they are made solely by automated means, without human involvement;

Right to lodge a complaint with the relevant data protection authority: we hope that we can satisfy any queries you may have about the way in which we process your personal data. However, if you have unresolved concerns, you also have the right to complain to the data protection authority in the location in which you live, work or believe a data protection breach has occurred.

Under certain laws, you may also designate an authorized agent to make these requests on your behalf.

If you have any questions or objections as to how we collect and process your personal data, or if you want to exercise any of your rights please contact us via email at dpo@deribit.com.

7. How long do you retain my personal data?

We keep your personal data to enable your continued use of our Services, for as long as it is required in order to fulfil the relevant purposes described in this Privacy Notice, and as may be required by law such as for tax and accounting purposes, compliance with Anti-Money Laundering laws, or to resolve disputes and/or legal claims or as otherwise communicated to you.

While retention requirements vary by jurisdiction, information about our typical retention periods for different aspects of your personal data are described below.

Personal information collected to comply with our legal obligations under financial or anti-money laundering laws may be retained after account closure for as long as is required under such laws.

Trading activity data may be retained after account closure for as long as required by law, or for as long as is needed for us to maintain the integrity of our platform, as well as to maintain sufficient records for resolving disputes and legal claims.

Contact Information such as your email address and telephone number used for marketing purposes is retained on an ongoing basis and until you (a) unsubscribe, or (b) delete your account.

Communication Information such as your interactions with the support desk, photographs, videos, blog posts, and other content may be kept after you close your account to comply with our legal obligations and for audit and crime prevention purposes.

Information collected via cookies are retained for the period indicated for each one in our Cookie banner accessible at the bottom of this website.

Where personal data is no longer needed for the purposes outlined in this Privacy Notice, we may de-identify the information in order to use it for statistical purposes or perform business analytics or service development. Anonymized data may be retained indefinitely.

8. Who has access to your personal data?

We may share your personal data with third parties (including other Deribit and Coinbase entities) if we believe that sharing your personal data is in accordance with, or required by, any contractual relationship with you (including our Terms & Conditions) or us, applicable law, regulation or legal process. We may also share your personal data with a limited and defined number of recipients in other Deribit or Coinbase entities, or under control of Coinbase as part of regular day-to-day business and if we do so, we will use our best endeavours to ensure that such entities are either subject to this Privacy Notice or follow practices at least as proactive as those described in this Privacy Notice.

We also work with service providers, partners and other third parties to help us provide our Services, and as a result we need to share part of your personal information with these third parties. These are:

Third-party electronic ID verification service vendors (to process biometric information and the veracity of your identity);
Blockchain, IP address and transaction monitoring, background and identity check, credit risk, Travel Rule, and security vendors (for the purpose of complying with CTF/AML regulations and for the safety and security of our Services);
Analytics providers (to understand how you use our Services);
Marketing and advertising vendors (to promote our Services);
Essential infrastructure providers such as cloud service, emailing, telecommunication, and data hosting providers;
Custody firms engaged by us or by you;
Onboarding solutions where you are the customer to them (to convert FIAT into cryptocurrency and be able to use our Services);
Customer support vendors;
Chatbots;
Document repository service providers;
Professional advisors such as law, accountants, audit, advisory and tax firms;

All third parties engaged by us undergo thorough due diligence procedures and we make sure they follow practices as protective with your data as we have. These third parties will only access personal data which is essential to provide the service to us and not more. When you use third-party services or websites that are linked through our services, the providers of those services or products may receive information about you that Deribit, you, or others share with them. Please note that when you use third-party services which are not governed by this Privacy Notice, their own terms and privacy policies will govern your use of those services and products.

We may provide your personal data to competent authorities (courts, law enforcement authorities, regulators, attorneys) upon their request to the extent legally required, or to the extent necessary to defend our rights in legal proceedings or investigations, or when we believe in good faith that the disclosure of personal information is necessary to protect the rights, property or safety of our customers, Deribit, or others, including to prevent imminent physical harm or material financial loss. We may also share personal data to investigate violations of our Terms of Use or other applicable policies, and to detect, investigate, prevent or address fraud or credit risk, or other illegal activity, and report it to competent authorities.

Lastly, we may choose to buy or sell assets, and may share and/or transfer customer information, including personal data, in connection with the evaluation of and entry into such transactions and based on our legitimate interests. Also, if we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, personal data could be one of the assets transferred to or acquired by a third party.

9. Will your personal data be transferred internationally?

To facilitate our global operations, Deribit, its Affiliates, third-party partners and service providers may transfer, store and process your personal information outside of your country of residence, or the country of residence of your contracting Deribit entity. For such transfers, we put in place suitable technical, organisational and contractual safeguards to ensure that such transfer is carried out in compliance with applicable data protection rules. We rely primarily on:

Contractual arrangements;
European Commission’s Standard Contractual Clauses;
Adequacy Decisions by the European Commission, or equivalent authorities;
The EU-US, UK-US, and Swiss-US Data Privacy Frameworks;
In limited cases, we may rely on certain exemptions provided for under data protection law, such as Article 49(1)(b) and (f) of the EU General Data Protection Regulation.

We maintain servers around the world and your information may be processed on servers located outside of the country where you live. Data protection laws vary among countries, with some providing more protection than others. Regardless of where your information is processed, we apply the same protections described in this Privacy Notice.

10. Is your personal data secure?

We process your personal data with the greatest possible care and scrutiny. This means we will adopt appropriate technical and organisational measures to ensure that all the information is correct, current and complete and to prevent it from being accidentally lost, used or accessed by unauthorised persons inside and outside our organisation. We use ‘best practices’ to secure your personal data during transmission and while stored by using encryption, protocols and softwares. We maintain physical, electronic and procedural safeguards in connection with the collection, storage, and disclosure of your personal data. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. You can also visit the Security page at the bottom of our Website and our Trust Center for further information.

If you detect or suspect that your device or account has been compromised, we may request additional information to help secure your account and to protect the Deribit platform. This may be screenshots you voluntarily share with us, malware-related data, or suspicious links, to help us investigate.

Our security procedures mean that we may enforce 2FA or other types of authentication. We recommend using a unique password for your account that is not used for other online accounts and to sign off when you finish your session.

11. Use of Cookies

We use cookies when you visit our website and use our platform. A cookie is a small file that is saved on your computer, tablet or mobile phone when viewing a website. With the help of cookies user preferences may be saved for later use, or browsing habits can be tracked for statistical purposes. A lot of improvements in a website’s user experience and performance are possible thanks to the implementation of cookies.

We use the following cookies:

Necessary cookies
Statistics cookies
Marketing cookies

Go to our Privacy Settings or to the Cookie Notice at the bottom of the website to find additional information on our use of cookies.

12. Contact Information

Our data protection officer can be contacted via email at dpo@deribit.com and we will work to address any questions or issues that you have with respect to the collection and processing of your personal data. You can also contact us via our Support Center.

If you have any concerns about privacy at Deribit, please contact us, and we will try to resolve it. You also have the right to contact your local Data Protection Authority.

13. Notices and Revisions

As our business evolves regularly, our Privacy Notice may undergo modifications as well. It is advisable to routinely review our websites for the latest updates. The "Last Updated" date at the beginning of this Privacy Notice will be adjusted accordingly. Any substantial alterations to this Privacy Notice will be communicated through our platform or via email to the address you have supplied in your account. Your ongoing use of Deribit following adjustments to this Privacy Notice indicates your comprehension and acceptance of these changes.

Unless stated otherwise, our most recent Privacy Notice applies to all information that we have about you and your account.

14. Languages

This Privacy Notice may be published in different languages. In case of any discrepancy, this English version shall prevail.