Privacy Policy

BITBUY – AUSTRALIA

At Bitbuy we take privacy seriously. This Privacy Policy is intended to help you understand how we, being WonderFi Australia Pty Ltd ACN 640 678 726, trading as Bitbuy. and its affiliates (“Bitbuy”, “we”, “us” or “our”), collect, use, and disclose your personal information (as defined below) when you access https://bitbuy.com.au/ or any of our associated websites and mobile applications (collectively, the “Site”), and use the services that we provide via the Site (the “Services”). Our Privacy Policy is our commitment to you that we will handle your personal information with care and in accordance with applicable privacy legislation.  

We will treat personal information in a manner consistent with the Privacy Policy under which it was collected and our privacy practices, unless we have your consent to treat it differently. This Privacy Policy applies to any information we collect or receive about you, from any source.  

This Privacy Policy is a legally binding agreement between you (“user”, “you” or “your”) and Bitbuy. If you are entering into this Privacy Policy on behalf of a business or other legal entity, you represent that you have the authority to bind such entity to this Privacy Policy, in which case the terms “user”, “you” or “your” shall refer to such entity. If you do not have such authority, or if you do not agree with the terms of this Privacy Policy, you must not accept this Privacy Policy and may not access and use the Site and Services. By accessing and using the Site and Services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy. If you do not agree to abide by the terms of this Privacy Policy, you are not authorised to access or use the Site and Services. This Privacy Policy does not apply to the practices of companies that we do not own or control or to individuals that we do not employ or manage.

WonderFi Australia Pty Ltd. (DBA Bitbuy AU) is subject to the Privacy Act 1988 (Cth) (APP).

The types of personal information we collect

The term “personal information means any information that is identifiable with you as an individual. We limit the collection of personal information to that which is necessary for the purposes identified by Bitbuy in this Privacy Policy (see “How we use your personal information”). We collect the following types of personal information:

  • Identity & contact information: Name, date of birth, address (such as residential address and postal address), phone number, email and gender.
  • Financial & transaction information: Employment information, payment information, online payments and money transfers, payment methods, AUD value of transactions, quantity of crypto assets or fiat per order, time stamps associated with orders and payments, payment authorisation information, and order activity history, and where required, bank account information. For institutions, we also collect tax IDs, proof of legal formation, corporate addresses, personal identification information, and addresses for all materially beneficial owners and authorised users.
  • Account information: Account agreements entered into, your government-issued photo identification or other identity document, data about your assets, the origin of assets, generic job title, whether you are a politically exposed person or the family member or close associate of a politically exposed persons, whether you or a family member work for another investment dealer, whether you can materially influence the price or supply of any crypto asset that is available through Bitbuy’s platform, date on which the account is opened, date on which the account moves through various states (KYC submissions, KYC approval, 2FA enabled, password reset etc.)
  • Communication information: Communications with you regarding the Services, including by phone, chat, email, and other means of communication.
  • Usage information: Data about the way you use the Services, including the date and time, data about your device, operating system and hardware settings, browser type and characteristics, length of visits, pages viewed, geographic location, language preferences, referring URLs, time spent on pages, scrolling, mouse movements, and links clicked, and information derived from SIM card, network operator, IP address, or/and GPS geolocation data.
  • Legal compliance information: Data obtained in order for us to comply with legal requirements, including data requested by government and tax authorities.
  • Sensitive Information: This is a class of Personally Identifiable Information and involves any data that directly or indirectly reveals information about a person’s ethnic or racial origin, political or philosophical opinions, religious beliefs, criminal records, sexual orientation, or any data related to the person's health records, such as physical, psychological, mental, or genetic conditions. We will not collect Sensitive Information about you without your consent unless an exemption or exception applies. These exemptions or exceptions include if the collection is required or authorised by law, or if it's necessary to take appropriate action in relation to suspected unlawful activity or serious misconduct.

How we collect your personal information

Except where otherwise permitted or required by law, we will obtain your informed consent prior to collecting and, in any case, prior to using or disclosing your personal information for any purpose. The form of consent that we seek, including whether it is express or implied, will largely depend on the sensitivity of the personal information, the reasonable expectations you might have in the circumstances, and the purposes for which we are collecting the personal information. Express consent may be obtained verbally, electronically or in writing. Implied consent may be obtained through your use of the Services, or when you approach us to obtain information, inquire about or apply to use our Services.  

Most of the personal information we collect from you is provided by you (for example, when you register with us, fill out a form, change settings, enter an order or request a transfer). We may also collect personal information about you from public or third-party sources, such as public databases, ID verification partners, payment providers, companies providing services for money laundering and terrorist financing checks, credit risk reduction and other fraud and crime prevention purposes and companies providing similar services.  

How we use your personal information

Our primary purpose in collecting personal information is to provide you with a secure, efficient, and customised experience. We generally use your personal information for the following purposes, and we only collect and use the personal information necessary to achieve these purposes:

  • to properly identify you and fulfill our anti-money laundering obligations with AUSTRAC;
  • to open, manage, and administer your account with Bitbuy;
  • to determine your eligibility for our Services and the products and services of companies with which we are affiliated, and determine their price;
  • to enforce the terms of our Terms & Conditions and other agreements;
  • to process your activity using the Services, including payment transfers, orders, and withdrawals;
  • to respond to questions, comments or concerns regarding Bitbuy;
  • to allow for more meaningful and useful marketing initiatives (although you can withdraw consent at any time by using the unsubscribe mechanism set out in our messages or by contacting our Chief Privacy Officer at privacy@bitbuy.au;
  • to collect your personal information in aggregate form to develop consumer profiles, perform sales analysis and identify marketing opportunities and strategies;
  • to enhance your experience;
  • to collect opinions and comments in regard to Bitbuy’s operations;
  • to recruit for positions at Bitbuy;
  • to maintain legal and regulatory compliance;
  • to understand, maintain, develop and improve the Services, we use analytics to understand our Site activity and customer needs and to improve our Services. We may also generate aggregated information to monitor performance and use to improve our Services;
  • to investigate legal claims and regulatory inquiries;
  • to protect against fraud and/or funds or asset loss;
  • to administer our Site and Services;
  • to ensure network and information security;
  • to use or disclose government-related identifiers in compliance with the requirements of APP 9.2, including:
    • Use or disclosure of the identifier required or authorized by Australian law or court/tribunal order,
    • Use or disclosure reasonably necessary for us to fulfill obligations to an agency or State/Territory authority,
    • Use or disclosure reasonably necessary for identity verification purposes related to our functions or activities,
  • such purposes for which Bitbuy may obtain consent for other uses from time to time; and
  • such other uses as may be permitted or required by applicable law.

How we store your personal information

We have personal information retention processes designed to retain personal information for no longer than necessary for the purposes stated above or to otherwise meet legal requirements. We may retain personal information, including financial information relating to transactions, for accounting and auditing purposes and otherwise in accordance with our obligations under applicable law.

How we safeguard your personal information

We have implemented reasonable administrative, technical and physical measures in an effort to safeguard your personal information against theft, loss and unauthorised access, use, modification and disclosure. We restrict access to your personal information on a need-to-know basis to employees and authorised service providers who require access to fulfill their job requirements.

While we strive to protect your personal information, you acknowledge that (i) there are security and privacy limitations of the Internet which are beyond our control; (ii) the security, integrity, and privacy of any and all information and data exchanged between you and the Site, and Services cannot be guaranteed; and (iii) any such information and data may be viewed or tampered with in transit by a third party, despite best efforts.  

How we disclose your personal information to third parties

Except as set forth in this Privacy Policy or as required or permitted by law, we do not sell or share your personal information with third parties. Even when we do disclose your personal information, we will not disclose more personal information than necessary for the purpose of disclosure and in compliance with data protection legislation. Here are the circumstances where we disclose your personal information:

  • Service Providers: We may transfer or otherwise make your personal information available to third-party service providers who provide services to us in accordance with our instructions and on our behalf. Our service providers are only given the personal information they need to perform their agreed-upon services and are not authorised to use or disclose personal information for their own marketing or other purposes. Our service providers include ID verification partners; website hosting providers and other parties who assist us in operating the Site; payment services providers; companies providing services for money laundering and terrorist financing checks, credit risk reduction and other fraud and crime prevention purposes, including financial institutions and credit reference agencies; partners who provide us with accounting services in order to prepare invoices; our financial and legal consultants and auditors; and debt collectors in order to collect a debt. In the event that personal information is transferred to a service provider based in the US or other foreign jurisdiction, it will be subject to the laws of that jurisdiction and may be disclosed to or accessed by the courts, law enforcement and governmental authorities in accordance with those laws. You are welcome to contact our Chief Privacy Officer to obtain further information about our policies regarding service providers outside of Australia by email at privacy@bitbuy.au.
  • Affiliates: We share personal information with affiliated entities of Bitbuy who provide support and ancillary services, including our parent company WonderFi Australia Pty Ltd. (with consent where required by applicable law). Our affiliates are not permitted to use your information for any unauthorised purpose.
  • Legal & Compliance: We may also provide your personal information in response to a search warrant, production order or other legally valid inquiry or order, including to public authorities and state institutions such as law enforcement agencies, bailiffs, notaries, tax authorities, supervisory authorities, regulatory authorities, financial intelligence agencies such as the Australian Financial Transaction Reports and Analysis Centre (AUSTRAC), or as otherwise required or permitted by Australian, Canadian, US, European, or other law or legal process. Your personal information may also be disclosed where necessary for the establishment, exercise, or defence of legal claims, or when we believe disclosure is appropriate to comply with the law or protect ours or others’ rights, property, or safety, including to investigate or prevent actual or suspected loss or harm to persons or property.
  • Business Sale: Your data may be provided to third parties in connection with a merger or sale (including transfers made as part of insolvency or bankruptcy proceedings) involving all or part of Bitbuy, or as part of a corporate reorganisation, stock sale, or other change in corporate control, including for the purpose of determining whether to proceed or continue with such transaction or business relationship.
  • Other Third Party: Any person acting on your behalf, including your solicitor, accountant, executor, administrator, trustee or guardian. Any other third party with your consent or where authorised or required by law.

Location of your personal information

Your personal information collected from you, as detailed in this Policy, may be transferred to and stored at servers that may be located in countries outside of Australia and in countries according to our third-party providers' standard contractual obligations. It may also be processed by us and our suppliers, service providers or partners' staff operating outside Australia. We are committed to protecting your personal information and will take reasonable steps to ensure that your personal information is processed and stored securely and in accordance with the Australian Privacy Principles, as detailed in this Policy. Such steps include putting in place data transfer agreements or ensuring our third-party service providers comply with our data transfer protection measures. By submitting your personal information through the Site, you acknowledge and agree, in a jurisdiction where such consent is required, to such transfer, storing and/or processing of personal information.

Data retention

We will retain personal information for as long as we believe it is accurate and can be relied upon. Personal information that is no longer required for the purpose for which it was initially collected will be deleted unless we have a valid justification to retain it that is permitted under applicable law, such as to resolve disputes or comply with our legal obligations.

Data breach notification

We comply with Notifiable Data Breaches (NDB) in data breach notifications. If your personal information is breached in an actionable way, we will notify you as soon as practicable.  

Contacting us about your personal information or this Privacy Policy

All comments, questions, concerns or complaints regarding your personal information or our privacy practices should be forwarded to our Chief Privacy Officer as follows:  

In writing:  

WonderFi Australia Pty. Ltd.

Attn: Chief Privacy Officer  

Level 15, 333 George Street

Sydney NSW 2000 Australia

By e­mail: privacy@bitbuy.au

If your concern remains unresolved by us, you may contact the Australian Information Commissioner at:

Office of the Australian Information Commissioner

GPO Box 5288

Sydney NSW 2001 Australia

Phone: 1300 363 992  

Fax: +61 2 6123 5145

Website: https://www.oaic.gov.au/

Accessing your personal information

If you make a written request to our Chief Privacy Officer to review any personal information about you that we have collected, utilised or disclosed, we will provide you with any such personal information to the extent required by law. We will make such personal information available to you in a form that is generally understandable and will explain any abbreviations or codes.  

In addition, you can review and edit information saved in your account settings and verification profile at any time by logging in to your account. We will ensure that your personal information is kept as accurate, complete and up­ to­ date as possible. We will not routinely update your personal information, unless such a process is necessary. We expect you, from time to time, to supply us with written updates to your personal information, when required.  

At any time, you can challenge the accuracy or completeness of your personal information in our records. If you successfully demonstrate that your personal information in our records is inaccurate or incomplete, we will amend the personal information as required. Where appropriate, we will transmit the amended information to third parties having access to your personal information. We will attempt to respond to each of your written requests not later than thirty (30) days after receipt of such requests. We will advise you in writing if we cannot meet your requests within this time limit.

We will not charge any costs for you to access your personal information in our records or to access our privacy practices without first providing you with an estimate of the approximate costs, if any. We may request that you provide sufficient identification to permit access to the existence, use or disclosure of your personal information. Any such identifying information shall be used only for this purpose.  

How we use cookies

Our Site may pass a “cookie” (a string of information that is sent by a website to be resident on your system's hard drive, and/or temporarily in your computer's memory blocks) in order to collect certain information about your equipment, browsing actions and patterns. We may use this information to improve the Site, store information about your preferences and recognise you upon your return to the Site. You may set your browser to decline cookies. If you do so, however, you may not be able to fully experience some features of our Site.

We may provide links to third party websites

Our Site may contain links to other websites that we do not own or operate. Also, links to our Site may be featured on third party websites on which we advertise. Except as provided herein, we will not provide any of your personal information to these third parties without your consent. We provide links to third party websites as a convenience to you. These links are not intended as an endorsement of or referral to the linked websites. The linked websites have separate and independent privacy policies, notices and terms of use, which we encourage you to read carefully. We do not have any control over such websites, and therefore we have no responsibility, accountability or liability for the manner in which the organisations that operate such linked websites may collect, use or disclose, secure and otherwise treat your personal information.

Changes to this Privacy Policy


The Privacy Policy is current as of the “Last Updated” date, which appears at the top of this page. From time to time, we may update this Privacy Policy to reflect changes to our privacy practices. We encourage you to periodically review this page for the latest information on our privacy practices. If we materially change our Privacy Policy, we will take steps to notify you in advance of the change.  

An updated version of this Privacy Policy will be effective immediately upon the posting of the revised Privacy Policy unless otherwise specified. Your continued use of the Site and Services after the effective date of the revised Privacy Policy will constitute your consent to those changes.  

Age Of Consent


By using the Site, you represent that you are at least the age of majority in your state or territory of residence or that you are the age of majority in your state or territory of residence, and you have given us your consent to allow any of your minor dependents to use this site.

We do not knowingly collect any personal information from children under the age of 18. If you are under the age of 18, please do not submit any personal information through the Site and Services. If you have reason to believe that a child under the age of 18 has provided personal information to us through the Site and Services, please contact us to request that we delete that child’s personal information from our Services.

WonderFi Australia Pty Ltd. (DBA Bitbuy AU) is a registered Digital Currency Exchange (DCE) and Remittance Service Provider with AUSTRAC. The registration numbers are:

Remittance Services: IND100689512-001

Digital Currency Exchange (DCE) No: DCE100689512-001

Last updated: September 16th, 2024

Privacy Policy
Terms and Conditions
Copyright © 2024 WonderFi Australia Pty Ltd. (DBA Bitbuy AU)

A WonderFi Company
TSX: WNDR

Registered Digital Currency Exchange with AUSTRAC to provide crypto trading services in Australia.