Privacy Policy

At BIP21 protecting your personal data is our priority.

When you use the website (hereinafter the “Website“), we may collect personal data about you.

BIP21 is concerned about the privacy of its customers, so we will only collect information that is strictly necessary to fulfill your order. We will only keep this information for as long as is strictly necessary to fulfill the purposes described below, except for data stored on the Bitcoin Blockchain. BIP21 does not make any commercial use of your personal data and makes its best efforts to protect it from malicious access.

The purpose of this policy is to inform you about how we process your personal data in compliance with Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the “GDPR“).

Who is the Data Controller

The data controller is BIP21, simplified joint stock company, registered with the Registry of Trade and Companies of Paris under the number 897 978 888 and whose head office is located at 229 rue Saint-Honoré, 75001 Paris (hereinafter “Us” or “We”).

What Personal Data do we Collect?

Personal data is a data that identifies an individual directly or indirectly, in particular by reference to an identifier such as a name.

We collect data that falls into the following categories:

  • Identification data (in particular your name, first name, email and postal address, telephone number);
  • Data relating to your professional life (in particular the name of your company, the VAT number);
  • Data relating to your orders;
  • Connection data (e.g. IP address, logs, passwords);
  • Financial data (e.g. credit card data, transaction number and all related transaction information, bitcoin address, transaction amount).

We inform you, when collecting your personal data, whether some of these data are mandatory or optional. Mandatory data are indicated “Mandatory”.

On What Legal Basis, For What Purposes and For How Long do we Keep Your Personal Data?

Purposes Legal basis Data retention period
To perform operations related to contracts, orders, deliveries, invoices, and customer relationship management Performance of a contract to which you are party Personal data are retained for the duration of our business relationship. In addition, the data relating to your transactions (except for your banking data) are archived for probationary purposes for a period of 5 years. The data related to your credit card are retained by our payment service provider until complete payment. The CVV2 (Card Verification Value), listed on your credit card details, will not be stored.
To answer to your information request and other inquiries Our legitime interest in responding to your inquiries Personal data are retained during the processing of your request and is deleted once the request has been processed.
To comply with our legal and regulatory obligations Legal and regulatory obligations Invoices are archived for a period of 10 years. In addition, the data relating to your transactions (with the exception of your banking data) are archived for probationary purposes for a period of 5 years.
To process data subjects’ requests to exercise their rights under the GDPR (described in section 6 of this policy) Our legitimate interest in responding to your requests and keeping records of them If we ask you to provide proof of your identity before granting your request to exercise your rights, we will retain this data only for the time necessary to verify your identity. Once verification is complete, the credential is deleted. If you exercise your right to object to direct marketing: we keep this information for 3 years.

Who Are The Recipients of Your Personal Data?

Will have access to your personal data:

  • If applicable, the staff of our company, who will then be subject to an obligation of confidentiality;
  • The companies in charge of the delivery of your orders;
  • Where applicable: public and private bodies, exclusively to meet our legal obligations.
  • Our payment service provider.

Are Your Personal Data Likely To Be Transferred Outside of the European Union?

Your personal data is hosted for the duration of the processing on the servers of the company BIP21, located in the European Union.

What Rights to You Have Regarding Your Personal Data?

You have the following rights with regard to your personal data:

  • Right to be informed: this is precisely why we have drafted this privacy policy as defined by articles 13 and 14 of the GDPR.
  • Right of access: you have the right to access all your personal data at any time as defined by article 15 of the GDPR.
  • Right to rectification: you have the right to rectify your inaccurate, incomplete or obsolete personal data at any time as defined by article 16 of the GDPR.
  • Right to restriction of processing: you have the right to restrict the processing of your personal data in certain cases defined in article 18 of the GDPR.
  • Right to erasure (“right to be forgotten”): you have the right to request that your personal data be deleted and to prohibit any future collection as defined by article 17 of the GDPR.
  • Right to file a complaint to a competent supervisory authority (in France, the CNIL), under GDPR article 77, if you consider that the processing of your personal data constitutes a breach of applicable regulations.
  • Right to define instructions related to the retention, deletion and communication of your personal data after your death.
  • Right to withdraw your consent at any time: for purposes based on consent, Article 7 of the GDPR provides that you may withdraw your consent at any time. Such withdrawal will not affect the lawfulness of the processing carried out before the withdrawal.
  • Right to data portability: under specific conditions defined in article 20 of the GDPR, you have the right to receive the personal data you have provided us in a standard machine-readable format and to require their transfer to the recipient of your choice.
  • Right to object: You have the right to object to the processing of your personal data as defined by article 21 of the GDPR. Please note that we may continue to process your personal data despite this opposition for legitimate reasons or for the defense of legal claims.

You can exercise these rights by writing us using the contact details below. For this matter we may ask you to provide us with additional information or documents to prove your identity.

Contact Information for Data Privacy Matters

Contact email:

Contact address: BIP21 SAS, 229 rue Saint Honoré, 75001 Paris


We may modify this privacy policy at any time, in particular in order to comply with any regulatory, jurisprudential, editorial or technical change. These modifications will apply on the date of entry into force of the modified version. Please regularly consult the latest version of this privacy policy. You will be kept posted of any significant change of the privacy policy.

Entry into force: June 15, 2022

To find the privacy policy in use at the date of your purchase, please look at the archives at the bottom of this page.