2 March 2026
Website: www.bcxpro.ky
Controller: JMSC Trading Limited
Introduction
Welcome to the Privacy Policy of JMSC Trading Limited (CO-420470). Every individual’s right to data privacy is protected through a framework of principles and rules governing the lifecycle of Personal Data, from collection to deletion. The primary legislation regulating data protection applicable to the Company is the Cayman Islands Data Protection Act (2021 Revision) (the “Cayman DPA”). In the case of EU citizens, the GDPR 2016/679 shall apply.
JMSC Trading Limited is a company incorporated and registered in the Cayman Islands with company number CO-420470, having its registered office at: CO Services Cayman Limited, PO Box 10008, Willow House, Cricket Square, Grand Cayman, KY1-1001, Cayman Islands (“JMSC”, “Company”, “we”, “us”, or “our”).
JMSC is licensed as a Virtual Asset Service Provider under the Virtual Asset (Service Providers) Act (as revised) and provides: Exchange between virtual assets and fiat currencies, Exchange between virtual assets, Virtual asset custody services, and Transfer of virtual assets. This Privacy Policy explains how we collect, use, disclose, store, and protect your Personal Data, and how you can exercise your rights.
Applicability
This Privacy Policy explains that no personal data is collected through the website. Personal data will only be collected directly from the customer once contact has been established and shall be processed as highlighted in this policy.
In summary of this Privacy Policy, we consider the following key points most relevant for you:
- Purpose of Processing: We process your personal data to provide our services, to comply with legal obligations (such as anti-money laundering and counter-financing of terrorism obligations), comply with our contractual obligations, detect and prevent fraud or abuse, and to grow our business responsibly, including through limited direct marketing.
- Your Rights: You have several rights under data protection law, including the right to object to processing based on our legitimate interests, such as direct marketing or certain profiling activities. Where we rely on your consent, you can withdraw it at any time. You also have the right to access your data, request correction, or request its deletion when no longer necessary.
- Implications of Processing: The processing of your data enables us to provide you with access to our services. Refusal to provide certain data may prevent us from onboarding you or fulfilling our obligations. You may also receive marketing or service-related communication, and your data may be used in risk categorisation or eligibility assessments for certain features or promotions.
- Decision Making: Whilst some of the processing is automated for all decision making there is human intervention.
Our Details (Cayman Entity)
Controller: JMSC Trading Limited (CO-420470)
Registered Office: CO Services Cayman Limited, PO Box 10008, Willow House, Cricket Square, Grand Cayman, KY1-1001, Cayman Islands
Website: www.bcxpro.ky
For any privacy, data protection, or rights requests, please contact: Email: info@bcxpro.ky
Scope
This Policy applies to potential clients and registered customers personal data collected, and any related mobile applications, APIs, forms, communication channels, and the services we offer.
Information we collect about you and source
While using our services, we may collect, store, and process different kinds of Personal Data. Our Services are not directed to anyone under the age of 18. We do not knowingly collect or solicit information from anyone under the age of 18 or allow anyone under the age of 18 to sign up for the Service. If we learn that we have gathered personal information from anyone under the age of 18, we will delete the information as soon as possible.
How information is collected
We collect Personal Data in the following ways:
- Information you provide directly when contacting us or using our services;
- Information you provide to our affiliates/group companies (where relevant for internal administration and service delivery);
- Information we receive from third parties, such as service providers (e.g., identity verification and screening);
- Information obtained during our relationship and dealings with you;
- Information collected through your use of our platforms, and applications;
- Information gathered from publicly available sources (where relevant and lawful);
- Forms you submit;
- Account registration and communications; and
- Automated tracking technologies (cookies, beacons, pixels) subject to applicable cookie requirements.
We may collect information about communications and any additional information you choose to provide. We use this to improve our services to you, to review, investigate and respond to queries, and for dispute handling and compliance.
Categories of Personal Data
We may collect and process the following categories of Personal Data:
- Identity data (e.g., name, ID/passport details, date of birth);
- Contact data (e.g., email, phone number, address);
- Account data (e.g., account identifiers, onboarding status, support history);
- Verification / due diligence data (e.g., KYC/AML information, UBO status, source of funds, source of wealth, proof of address, screening results);
- Financial / transaction data (e.g., transaction records, wallet addresses, funding/withdrawal details);
- Technical data (e.g., IP address, browser/device type, operating system);
- Usage data (e.g., page visits, session activity, platform interaction);
- Marketing and communications data (e.g., preferences, subscription status).
How we use information
Under the Cayman DPA, processing must be fair and lawful and satisfy a lawful condition for processing. We will use Personal Data for the purposes for which it was collected unless we reasonably consider we need to use it for another compatible purpose. Where we rely on consent (e.g., certain marketing and non-essential cookies), we will obtain consent through a clear affirmative action and you may withdraw it at any time.
Where GDPR applies (EU/EEA users), we rely on GDPR lawful bases such as Article 6(1)(b) (contract), Article 6(1)(c) (legal obligation), Article 6(1)(f) (legitimate interests), and Article 6(1)(a) (consent).
| Purpose | Categories of Personal Data | Legal Basis | Relevant Law / Interest |
|---|---|---|---|
| Register you as a customer and provide platform access | Contact, Account, Identity/Verification | Contract; Legal obligation | Contractual necessity; VASP regulatory obligations |
| Conduct AML/CFT onboarding and ongoing due diligence | Identity, KYC/Verification, UBO, Due diligence, Account | Legal obligation | Anti-Money Laundering Regulations (2025 Revision); CIMA AML Guidance Notes |
| Deliver services and process transactions | Contact, Account, Transaction, Financial | Contract | Customer onboarding & service delivery |
| Fraud prevention, security monitoring, misuse prevention | Identity, Account, Transaction, Technical, Due diligence | Legal obligation and/or Legitimate interests | AML/CFT compliance; platform integrity and security |
| Customer support, operational notices, service communications | Contact, Communications, Usage | Contract; Legitimate interests | Service administration |
| Direct marketing | Contact, Marketing preferences, Usage (where applicable) | Consent and/or Legitimate interests | Marketing choices; right to object/opt-out |
| Exercise/defend legal claims | Contact, Transaction, KYC/Verification | Legitimate interests | Establishment/exercise/defence of claims |
Data Sharing
We may share your Personal Data with trusted third parties where necessary, including:
- Group Companies: JMSC Trading Limited may share Personal Data with group companies for internal administration, compliance, IT/security, and consistent service delivery.
- Regulatory Authorities: We may disclose Personal Data to courts, law enforcement, or regulators if required by law or to support AML/CFT compliance.
International Data Transfers
Because we operate internationally, your Personal Data may be transferred to, stored in, or accessed from outside the Cayman Islands. We implement safeguards consistent with the Cayman DPA’s international transfer principle. Where GDPR applies, transfers are handled in line with GDPR Articles 45, 46, or 49.
Retention Periods
No personal data is collected or stored through the website. Personal data provided directly by the customer will be retained only for as long as necessary. In accordance with Anti-Money Laundering Regulations, we retain customer identification and transaction records for a minimum of five (5) years from the end of the business relationship or the date of the last transaction.
Anti-Money Laundering and Counter-Terrorist Financing (AML / CTF)
As a licensed Virtual Asset Service Provider, JMSC Trading Limited is subject to the Cayman Islands Anti-Money Laundering Regulations. We are required to collect, verify, and process Personal Data relating to our customers, beneficial owners, and authorised representatives to comply with these obligations.
Data Security Measures
We process, store, and transmit Personal Data securely and maintain appropriate technical and organisational security measures designed to protect against unauthorised access.
Secure Hosting Environment
Our platform and associated data are hosted on Amazon Web Services (AWS) in the United Kingdom region. AWS maintains robust security protocols and is certified under internationally recognised standards.
Encryption
All sensitive data transmitted between your device and our servers is encrypted using industry-standard encryption technologies.
Access Controls
Personal data is protected by firewalls, anti-virus, intrusion detection systems, and enforced multi-factor authentication (MFA). The concepts of “need to know” and “least privilege” are applied.
Marketing
We may use your contact details to send platform updates and promotional communications where permitted. We will obtain your consent before sending marketing communications if you are not an existing customer. You have the right to object to processing for direct marketing at any time. You may unsubscribe via the link in our communications or contact us at info@bcxpro.ky.
Your Rights
Under the Cayman Islands Data Protection Act, you have the following rights:
- Right to be informed: How and why your Personal Data is processed.
- Right of access: Request a copy of your Personal Data.
- Right to rectification: Request correction of inaccurate data.
- Right to stop direct marketing: Object to marketing processing.
- Rights related to automated decision-making: Rights regarding decisions based solely on automated processing.
- Right to withdraw consent: If processing is based on consent, you may withdraw it at any time.
- Right to complain: Lodge a complaint with the Office of the Ombudsman.
To exercise your rights, contact us at info@bcxpro.ky.
Automated Decision Making
We do not use automatic decision-making or profiling when processing personal data. If this changes, we will confirm this with you and provide meaningful information about the logic involved.
Incomplete and Inaccurate Information
If you do not provide requested information, we may not be able to verify your identity or open a trading account. We recommend you update your profile regularly to ensure records are up to date.
Data Breaches
JMSC Trading Limited maintains procedures to detect, investigate, and respond to actual or suspected Personal Data breaches. Where required by law, we will notify affected individuals and the Office of the Ombudsman (Cayman Islands) without undue delay.
About Cookies
We only use essential cookies to operate our website, improve performance, and enhance your experience.
Changes to our Privacy Policy
We may update this Privacy Policy from time to time. Where changes are material, we will provide appropriate notice. Your continued use of our services after any updates constitutes acknowledgment of the revised policy.
How to Contact the Appropriate Authority
If dissatisfied, please contact us first at info@bcxpro.ky. If unresolved, you may lodge a complaint with the Office of the Ombudsman (Cayman Islands). If GDPR applies, you may also complain to your local EU/EEA supervisory authority.