Effective Date: 2 March 2026
Website: www.bcxpro.ky
Controller: JMSC Trading Limited
Introduction
Welcome to the Privacy Policy of JMSC Trading Limited (CO-420470). Every individual’s right to data privacy is protected through a framework of principles and rules governing the lifecycle of Personal Data, from collection to deletion. The primary legislation regulating data protection applicable to the Company is the Cayman Islands Data Protection Act (2021 Revision) (the “Cayman DPA”). In the case of EU citizens, the GDPR 2016/679 shall apply. JMSC Trading Limited is a company incorporated and registered in the Cayman Islands with company number CO-420470, having its registered office at:
CO Services Cayman Limited
PO Box 10008, Willow House, Cricket Square
Grand Cayman, KY1-1001, Cayman Islands
(“JMSC”, “Company”, “we”, “us”, or “our”).
JMSC is licensed as a Virtual Asset Service Provider under the Virtual Asset (Service Providers) Act (as revised) and provides: Exchange between virtual assets and fiat currencies. Exchange between virtual assets, Virtual asset custody services, Transfer of virtual assets. This Privacy Policy explains how we collect, use, disclose, store, and protect your Personal Data, and how you can exercise your rights.
Applicability
This Privacy Policy explains that no personal data is collected through the website.
Personal data will only be collected directly from the customer once contact has been established and shall be processed as highlighted in this policy.
In summary of this Privacy Policy, we consider the following key points most relevant for you:
- Purpose of Processing: We process your personal data to provide our services, to comply with legal obligations (such as anti-money laundering and counter-financing of terrorism obligations), comply with our contractual obligations, detect and prevent fraud or abuse, and to grow our business responsibly, including through limited direct marketing.
- Your Rights: You have several rights under data protection law, including the right to object to processing based on our legitimate interests, such as direct marketing or certain profiling activities. Where we rely on your consent, you can withdraw it at any time. You also have the right to access your data, request correction, or request its deletion when no longer necessary.
- Implications of Processing: The processing of your data enables us to provide you with access to our services. Refusal to provide certain data may prevent us from onboarding you or fulfilling our obligations. You may also receive marketing or service-related communication, and your data may be used in risk categorisation or eligibility assessments for certain features or promotions. Whilst some of the processing is automated for all decision making there is human intervention.
Our Details
(Cayman Entity)
Controller: JMSC Trading Limited (CO-420470)
Registered Office: CO Services Cayman Limited, PO Box 10008, Willow House, Cricket Square, Grand Cayman, KY1-1001, Cayman Islands
Website: www.bcxpro.ky
For any privacy, data protection, or rights requests, please contact: info@bcxpro.ky
Scope
This Policy applies to potential clients and registered customers personal data collected, and any related mobile applications, APIs, forms, communication channels, and the services we offer.
Information we collect about you and source
While using our services, we may collect, store, and process different kinds of Personal Data, including the categories listed below. Our Services are not directed to anyone under the age of 18. We do not knowingly collect or solicit information from anyone under the age of 18 or allow anyone under the age of 18 to sign up for the Service.
If we learn that we have gathered personal information from anyone under the age of 18, we will delete the information as soon as possible. If you believe we have collected such information, please contact info@bcxpro.ky.
How information is collected
We collect Personal Data in the following ways:
A. Information you provide directly when contacting us or using our services
B. Information you provide to our affiliates/group companies (where relevant for internal administration and service delivery);
C. Information we receive from third parties, such as service providers (e.g., identity verification and screening);
D. Information obtained during our relationship and dealings with you;
E. Information collected through your use of our platforms, and applications;
F. Information gathered from publicly available sources (where relevant and lawful);
G. Forms you submit;
H. Account registration and communications; and
I. Automated tracking technologies (cookies, beacons, pixels) subject to applicable cookie requirements.
We may collect information about communications and any additional information you choose to provide. We use this to improve our services to you, to review, investigate and respond to queries, and for dispute handling and compliance.
Categories of Personal Data
We may collect and process the following categories of Personal Data:
- Identity data (e.g., name, ID/passport details, date of birth),
- Contact data (e.g., email, phone number, address)
- Account data (e.g., account identifiers, onboarding status, support history)
- Verification / due diligence data (e.g., KYC/AML information, UBO status, source of funds, source of wealth, proof of address, screening results)
- Financial / transaction data (e.g., transaction records, wallet addresses, funding/withdrawal details)
- Technical data (e.g., IP address, browser/device type, operating system)
- Usage data (e.g., page visits, session activity, platform interaction)
- Marketing and communications data (e.g., preferences, subscription status)
How we use information
Cayman DPA
Under the Cayman DPA, processing must be fair and lawful and satisfy a lawful condition for processing. We will use Personal Data for the purposes for which it was collected unless we reasonably consider we need to use it for another compatible purpose. Where we rely on consent (e.g., certain marketing and non-essential cookies), we will obtain consent through a clear affirmative action and you may withdraw it at any time.
In the case of EU citizens
GDPR (limited applicability)
Where GDPR applies (EU/EEA users under Article 3 GDPR), we rely on GDPR lawful bases such as Article 6(1)(b) (contract), Article 6(1)(c) (legal obligation), Article 6(1)(f) (legitimate interests), and Article 6(1)(a) (consent), depending on the processing activity.
| Purpose | Categories of Personal Data | Legal Basis | Relevant Law / Interest |
|---|---|---|---|
| Register you as a customer and provide platform access | Contact, Account, Identity/Verification | Contract; Legal obligation | Contractual necessity; VASP regulatory obligations |
| Conduct AML/CFT onboarding and ongoing due diligence | Identity, KYC/Verification, UBO, Due diligence, Account | Legal obligation | Anti-Money Laundering Regulations (2025 Revision); CIMA AML Guidance Notes |
| Deliver services and process transactions | Contact, Account, Transaction, Financial | Contract | Customer onboarding & service delivery |
| Fraud prevention, security monitoring, misuse prevention | Identity, Account, Transaction, Technical, Due diligence | Legal obligation and/or Legitimate interests | AML/CFT compliance; platform integrity and security |
| Customer support, operational notices, service communications | Contact, Communications, Usage | Contract; Legitimate interests | Service administration |
| Direct marketing | Contact, Marketing preferences, Usage (where applicable) | Consent and/or Legitimate interests (where permitted) | Marketing choices; right to object/opt-out (see Marketing section) |
| Exercise/defend legal claims | Contact, Transaction, KYC/Verification | Legitimate interests | Establishment/exercise/defence of claims |
We will use Personal Data for the purposes for which it was collected unless we reasonably consider we need to use it for another compatible purpose. Where we rely on consent (e.g., certain marketing and non-essential cookies), we will obtain consent through a clear affirmative action and you may withdraw it at any time.
Data Sharing
We may share your Personal Data with trusted third parties where necessary for the purposes described in this Policy, in accordance with applicable law and for performance of contract, including:
Group Companies
JMSC Trading Limited may share Personal Data with group companies for internal administration, compliance, IT/security, and consistent service delivery, subject to appropriate safeguards.
Regulatory Authorities and Compliance with Law
We may disclose Personal Data to courts, law enforcement, regulators, or other authorities if required or permitted by law, or where reasonably necessary to: comply with legal obligations and binding requests, comply with legal process and respond to claims, and/or support AML/CFT and VASP regulatory compliance.
International Data Transfers
Because we operate internationally (including using service providers, banks/EMIs, and liquidity providers that may be located in various jurisdictions), your Personal Data may be transferred to, stored in, or accessed from outside the Cayman Islands. We implement safeguards consistent with the Cayman DPA’s international transfer principle. Where GDPR applies, transfers are handled in line with GDPR Article 45 (adequacy decisions), or Article 46 (appropriate safeguards such as SCCs) Article 49, where applicable.
Retention Periods
No personal data is collected or stored through the website. Where contact is established and personal data is later provided directly by the customer (for example during onboarding or to meet legal and regulatory obligations), such data will be retained only for as long as necessary in accordance with applicable laws and regulatory requirements.
VASP Regulatory Retention
In accordance with the Cayman Islands Anti-Money Laundering Regulations (as revised), the Company is required to retain customer identification, due diligence, and transaction records for a minimum period of five (5) years from the end of the business relationship or the date of the last transaction, whichever is later. Such records may be retained for longer where required by law, regulatory authorities, legal proceedings, or fraud prevention obligations. Personal Data is not retained longer than necessary in accordance with the Cayman Islands Data Protection Act (2021 Revision).
Anti-Money Laundering and Counter-Terrorist Financing (AML / CTF)
As a licensed Virtual Asset Service Provider, JMSC Trading Limited is subject to the Cayman Islands Anti-Money Laundering Regulations (as revised) and applicable regulatory requirements. In order to comply with these legal obligations, we are required to collect, verify, process, and retain certain Personal Data relating to our customers and, where applicable, their beneficial owners, authorised representatives, and connected parties.
Data Security Measures
We process, store, and transmit Personal Data securely and maintain appropriate technical and organisational security measures designed to protect against unauthorised access, disclosure, alteration, or destruction. We will always process, store and transmit your information securely in accordance with best practices.
A. Safeguarding: We are committed to safeguarding your personal data and have implemented a range of organisational technical, and physical security measures designed to protect it from unauthorised access, disclosure, alteration, or destruction.
B. Secure Hosting Environment: Our platform and associated data are hosted on Amazon Web Services (AWS) in the United Kingdom region. AWS maintains robust security protocols and is certified under internationally recognised standards, including: ISO/IEC 27001:2013, 27017:2015, 27018:2019, 27701:2019, 22301:2019, 9001:2015, and CSA STAR CCM v3.0.1. and others. For a full list of certifications, please refer to: https://aws.amazon.com/compliance/iso-certified/.
C. Encryption: All sensitive data transmitted between your device and our servers is encrypted using industry-standard encryption technologies, supported by certificates issued by trusted certificate authorities.
D. Access Controls: Personal data is protected by advanced access control and network security measures including firewalls, anti-virus, access lists, intrusion detection and prevention systems. Multi-factor authentication (MFA) is enforced for access to critical systems, and activity logging is implemented to monitor and audit access events. The need to know and least privilege concepts are also applied to ensure only authorised persons access the data they need to perform their roles.
Security Disclaimer
While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no method can ensure complete security, and there is no guarantee that your information will not be accessed, disclosed, altered, or destroyed. By using our Service, you acknowledge that you understand and agree to assume these risks.
Marketing
We may use your contact details to send you information about our services, platform updates, operational notices, and promotional communications where permitted by applicable law. Where required, we will obtain your consent before sending marketing communications, particularly where you are not an existing customer. In certain circumstances, we may rely on our legitimate interests to communicate with existing customers about similar services, provided such communications are lawful, proportionate, and do not override your rights and freedoms.
You have the right to object to the processing of your Personal Data for direct marketing purposes at any time in accordance with the Cayman Islands Data Protection Act (2021 Revision). Where GDPR applies (for individuals located in the EU/EEA in limited circumstances), you also have the right to object under Article 21 GDPR.
If you no longer wish to receive marketing communications, you may unsubscribe using the link provided in our communications or contact us at info@bcxpro.ky. Upon receiving your request, we will stop processing your Personal Data for direct marketing purposes without undue delay. Where we rely on consent, you may withdraw your consent at any time. Withdrawal of consent will not affect the lawfulness of processing carried out before withdrawal.
Your Rights
Under the Cayman Islands Data Protection Act (2021 Revision), you have certain rights in relation to your Personal Data, subject to applicable legal and regulatory limitations. These rights include:
- Right to be informed – You have the right to be informed about how and why your Personal Data is processed. This Privacy Policy is intended to provide that information.
- Right of access – You may request confirmation as to whether we process your Personal Data and request a copy of such data, together with information about how it is used.
- Right to rectification – You have the right to request correction of inaccurate or incomplete Personal Data.
- Right to stop direct marketing – You have the right to object to the processing of your Personal Data for direct marketing purposes at any time. We will cease such processing upon request.
- Rights related to automated decision-making – You have rights in relation to decisions based solely on automated processing that significantly affect you, subject to applicable legal requirements.
- Right to complain – If you believe your Personal Data has been processed unlawfully, you have the right to lodge a complaint with the Office of the Ombudsman.
To exercise your rights, please contact us at: info@bcxpro.ky. Please note that certain rights may be restricted where processing is necessary for compliance with legal and regulatory obligations, including anti-money laundering and financial crime prevention requirements applicable to Virtual Asset Service Providers.
Automated Decision Making
Although certain third parties may use automated decision-making tools or software, we do not use automatic decision-making or profiling when processing personal data. If this changes, we will confirm this with you and provide meaningful information about the logic involved, as well as the significance and the envisaged consequences for you.
Incomplete and Inaccurate Information
If you do not provide us with some or all of the information that we ask for, we may not be able to verify your identity and as such you may not be able to open a trading account with the Company. We recommend that you update your profile in your account regularly, to ensure that the functions offered to you are appropriate for your current circumstances and that your records are up date. You may have to update such information upon our request, if we consider the information provided as untrue, incorrect, incomplete and/or inconsistent with other information provided by you at any time. You acknowledge that we may rely upon such information and that you are responsible for any damages or losses which may result from any inaccuracies, including without limitation, the inappropriateness of our services to you.
Data Breaches
JMSC Trading Limited maintains procedures designed to detect, investigate, and respond to actual or suspected Personal Data breaches in accordance with the Cayman Islands Data Protection Act (2021 Revision) and applicable regulatory obligations. A personal data breach means any unauthorised or accidental access, disclosure, alteration, loss, destruction, or compromise of Personal Data. Where a breach is likely to result in a risk to the rights and freedoms of individuals, we will take appropriate steps to contain, investigate, and remediate the incident, including implementing corrective and security measures where necessary. Where required by law, we will notify affected individuals and the Office of the Ombudsman (Cayman Islands) without undue delay and, where applicable, typically within five (5) days after becoming aware of the breach or when we reasonably should have become aware of it, in accordance with Cayman data protection guidance. As a licensed Virtual Asset Service Provider, certain information relating to security incidents, fraud, financial crime, or suspicious activity may also be reported to relevant regulatory or law enforcement authorities where required under applicable laws and regulations, including anti-money laundering and financial crime prevention obligations.
About Cookies
We only use essential cookies to operate our website. These are normally mainly used to, improve performance, and enhance your experience.
Changes to our Privacy Policy
We may update or revise this Privacy Policy from time to time to reflect changes in applicable laws and regulations, including the Cayman Islands Data Protection Act (2021 Revision), updates to our services, security practices, operational requirements, or changes in how we process Personal Data. Where changes are material and significantly affect your rights or the way your Personal Data is processed, we will provide an appropriate notice, such as a prominent notification on our website or, where appropriate, by direct communication. We encourage you to review this Privacy Policy periodically to remain informed about how we collect, use, and protect your Personal Data. The Effective Date at the top of this Privacy Policy indicates when it was last updated. Your continued use of our services after any updates constitutes your acknowledgment of the revised Privacy Policy, to the extent permitted by applicable law. Where the GDPR applies to you updates to this Privacy Policy will also reflect applicable GDPR transparency requirements.
How to Contact the Appropriate Authority
If you are dissatisfied with how we have handled your Personal Data, please contact us first at info@bcxpro.ky so we can address your concern. If unresolved, you may lodge a complaint with the Cayman Islands supervisory authority: Office of the Ombudsman (Cayman Islands). If GDPR applies to you, you may also have the right to complain to your local EU/EEA supervisory authority.