Preview exchangeLog in
Sign up
Markets
Products
AMM
July 19, 2025
Bullish files registration statement for proposed initial public offering
Digital Assets
Indices
Custody
About Us
Trust & Transparency
News & Insights
Careers
Bullish Capital
Press
Germany
Right chevron arrow
Jurisdiction
Left chevron arrow
Rest of World
Hong Kong
Germany
United States
MarketsPRODUCTSAMM
jurisdiction selector icon
Preview exchangeLog in
SIGN UP

Legal

Privacy Notice EU
Down chevron arrow
Complaints Handling Information
Risk Warnings EU
Exchange Rules
Privacy Notice EU
Terms of Service EU
Fee Schedule EU
Last updated:
July 29, 2025

Privacy Notice EU

1. Who we are

This privacy notice (“Privacy Notice”) applies to all Personal Data processing activities carried out by Bullish Europe GmbH ( “Bullish”, “we”, “us” or “our”) within the scope described under section 3 of this Privacy Notice.

In this Privacy Notice, “Personal Data” has the meaning described to it in Article 4 No. 1 GDPR.

Bullish acts as the data controller for your Personal Data unless a different affiliate is named in a separate privacy notice, or we have identified a different data controller for a particular processing operation.

We respect an individual’s rights to privacy and are committed to protecting your privacy when processing your Personal Data.

2. Purpose of this Privacy Notice

The purpose of this Privacy Notice is to explain how we collect and use Personal Data in connection with our business.

This Privacy Notice explains how we demonstrate this commitment in compliance with the requirements under Article 12 to 14 of the General Data Protection Regulation (“GDPR”), including by informing about:

(a) the types of Personal Data we collect in connection with the scope described section 3 of this Privacy Notice;

(b) the manner and purposes in which we process the Personal Data, as well as the legal basis;

(c) the recipients of your Personal Data as well as details and circumstances in which your Personal Data may be transferred to another country;

(d) the rights you may have under relevant privacy or data protection laws;

(e) the period for which the Personal Data will be stored or the criteria used to determine that period;

(f) Information about whether the provision of Personal Data is necessary or not and whether we use automated decision-making, including profiling,;

(g) cookies that we use or used by our service providers; and

(h) how you can contact us regarding our processing activities or this Privacy Notice.

3. Scope

This Privacy Notice applies to your use of, access to, or participation in any of the following sources (collectively, our “Data Sources”):

(i) any Bullish website (URL: www.bullish.com/home-bde or subdomains regardless of the medium in which the websites are accessed by a user (e.g., via a web or mobile browser) and any apps owned by Bullish (the “Websites”);

(ii) our products, services, applications or software offered through the Bullish Websites or mobile application, including any communications with you about our Services (our “Services”), unless a separate privacy notice is expressed to apply in respect of such Service;

(iii) any events hosted by us, whether such events are open to the public or by invitation (collectively the “Events”); and

(iv) subsections of social media platforms (e.g. LinkedIn) controlled by us.

4. Personal Data We Process

We process the Personal Data we collect about you when you use, gain access to, or participate in our Data Sources.

Typically, this is done by referencing an identifier such as a name, identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of a natural person.

Personal data also includes separate pieces of information that, when combined, can lead to the identification of a particular individual. It excludes anonymized information.

We collect Personal Data through:

  • Your use of, access to, or participation in our Data Sources. For example, we may collect Personal Data from you when we onboard you as a client, when you access our Websites, or if you use our Services or attend on our Events.
  • Direct or unsolicited interactions, such as when you voluntarily provide your information to us by contacting us, submitting requests and comments, subscribing to our newsletters, submitting job applications, or otherwise engaging with us through our Data Sources. For example, we may collect Personal Data from you when you sign up for a marketing newsletter.
  • Indirectly, such as through public or media websites or government websites when conducting user identity verifications and reviews.

We may collect and process various types of Personal Data about you depending on whether and how you use our Services or Data Sources, which we have categorized as follows:

Categories of Personal Data Examples
Personal Identification Data such as full name, title, date and place of birth, gender, signature, nationality, photograph, live portrait selfie, email address, residential address, mailing address, telephone number, marital status.
Social Identification Data such as your group or company data, job title and work experience, office location, close connections, and behavioral data.
Transaction Data such as account and authentication information; your username, user identification number; billing contact details or cryptocurrency wallet address (including public key), transaction and account status information, and payment information, such as your credit or debit card number and other card information.
Institutional Data such as Personal Data of any agent or attorney acting on your behalf, employer identification number (or comparable number issued by a government agency) and proof of legal formation. If relevant to the products and services we provide to you, we may also collect information about your additional account holders, business partners (including other shareholders or beneficial owners), dependents or family members, representatives, and agents. Before providing Bullish with this information of third-party individuals, you must provide a copy of this Privacy Notice to those individuals.
Government issued Identification Data such as passport copy, tax identification number, visa information and any other information we may request in order to comply with our legal obligation under financial, tax and anti-money laundering laws.
Financial Data such as bank account information, payment card primary account number, transaction history, trading history, trading data and tax identification, including source of wealth and source of funds.
Contact and Correspondence Data such as residence details, billing address, delivery address, home address, work address, email address and telephone numbers, proof of address documentation. It also includes the contents of the communications and correspondence between us, whether by email, social media, or otherwise through one of our Services, through your submission of an online form and survey responses, or when you otherwise provide information to our support team or user research team, as well as your communications preferences, such as for marketing purposes. Further it includes details of our interactions with you and the products and services you use with a view to establish relevant facts (including without limitation, any records of the phone calls between you and Bullish), emails, meeting notes, and letters.
Investment Data such as your knowledge of and experience in investment matters, investment objectives and prior investments.
Marketing Data such as your preferences in receiving marketing from us or third parties and your communication preferences.
Profile Data such as your username and password, your identification number as our user, requests by you for products or services, your interests, preferences and feedback, other information generated by you when you communicate with us, for example when you address a request to our customer support.
Usage Data such as information about how you use the Website, the Services, mobile applications and other offerings made available by us, including: – device download time, install time, interaction type and time, event time, name and source.
Online Identifying Information such as your IP address, browser name, operating system, GUID, coarse location and fine location. When you visit our Websites or access our apps, our web server automatically records details about your visit (for example, your IP address, the type of browser software used, the Bullish Website pages that you actually visit including the date and the duration of your visit). Please read our Cookie Notice for more information.
Blockchain Data such as public blockchain data in order to assess if customers using Services are not engaged in illegal or prohibited activity and/or in breach of our Terms of Use, and to analyze transaction trends for research and development purposes.
Information provided by identity verification and KYC partners, credit reference agencies, and public databases such as Personal Data processed with our purpose to comply with our legal obligation related to anti-money laundering laws, to prevent and detect crime and for anti-fraud purposes.

We may also collect, use, and share aggregated data (“Aggregated Data”) such as statistical or demographic data for any purpose. Aggregated data may be derived from your Personal Data but it is not considered Personal Data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific Website feature. However, if we combine or connect aggregated data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be processed in accordance with this Privacy Notice.

5. How We Use Your Personal Data – Processing Purposes and Legal Basis

The following table outlines how and why we use your Personal Data:

Activity Categories of Personal Data Legal Basis
To register you as a new customer, enable you to use our Services and enforce our Service terms and conditions, including account creation Personal Identification Data; Social Identification Data; Contact and Correspondence Data; Financial Data Performance of a contract
Provision of our Services to you, including to execute, manage, and process any instructions or orders you make Personal Identification Data; Contact and Correspondence Data; Financial Data; Transaction Data; Online Identifying information; Marketing Data Performance of a contract
To provide support for our Services, answer your queries, resolve matters with accounts, disputes, collecting fees, to troubleshoot problems and otherwise provide general support related to our Services,
Identity authentication		 Personal Identification Data;
Transaction Data;
Government Issued Identification Data; Correspondence Data; Online Identifying Information		 Performance of a contract; Legitimate interest (to provide the activities described in the left column)
To manage our relationship with you which will include asking you to leave a review, take a survey, keeping you informed of our company's business and product development, keeping you updated about our Services, inform you of relevant security issues or updates, or provide other transaction-related information. Personal Identification Data; Contact and Correspondence Data; Profile Data; Transaction Data; Marketing Data Performance of a contract;
Consent (if required)
Compliance of Bullish, its affiliates and regulated third parties who receive Aggregated Data with laws and regulations, including AML, fraud, market integrity, sanctions, terrorist financing regulations, tax evasion.
Verify accounts and activity, including processing Personal Data for identity verification purposes where required, detect abuse, fraud, money laundering, breach of confidence, theft of proprietary materials and any other illegal activities on our platforms.		 Personal Identification Data; Contact and Correspondence Data; Transaction Data; Investment Data; Blockchain Data; Information provided by identity verification and KYC partners, credit reference agencies, and public databases; Online Identifying Information Legal obligation; Performance of a contract; Legitimate interest (to ensure that Bullish is not involved in dealing with the proceeds of criminal, unlawful or fraudulent activities, as well as to develop, manage and improve our internal systems and controls for dealing with financial crime and to ensure effective management of complaints); Consent
Protection of company and affiliate our and their customer interests, including the prevention of abuse of our Services and promotions.
Protection of the Services we provide, protection of our business interests, and protection of data		 Personal Identification Data; Government Issued Identification Data; Financial Data; Transaction Data; Social Identification Data; Contact and Correspondence Data; Online Identifying Information; Profile Data; Blockchain Data; Information provided by identity verification and KYC partners, credit reference agencies, and public databases Legitimate interest (to provide the activities described in the left column)
Obtain independent audits or similar services, obtain professional advice or services from consulting, tax, legal, audit, accounting, or other professional firms for the proper protection or functioning of our business, and proper treatment of transactions Personal Identification Data; Government Issued Identification Data; Transaction Data Social Identification Data; Contact and Correspondence Data; Online Identifying Information; Profile Data; Information provided by identity verification and KYC partners, credit reference agencies, and Financial Information to a certain extent Performance of a contract; Legitimate interest (to provide the activities described in the left column and to ensure appropriate review and related risks are considered and assessed for any outsourced service, and ensure the businesses are legitimate, competent and can provide good quality service)
Manage business risk. Mitigate risks related to the daily operations of Bullish. Personal Identification Data; Government Issued Identification Data; Financial Data; Transaction Data; Social Identification Data; Contact and Correspondence Data; Online Identifying Information; Profile Data Legitimate interest (to provide the activities described in the left column)
Network, information security and investigations to administer and protect our Websites and Services, including to improve and monitor security, combat spam, troubleshooting, testing, system, maintenance, support, reporting, hosting of data, and other malware or security concerns. Transaction Data; Online Identifying Information Legitimate interest (to provide the activities described in the left column)
Sharing with law enforcement/legal requests to comply with valid legal requests from authorities, and our legal and regulatory obligations in the jurisdictions where we are subject to them. Personal Identification Data; Government Issued Identification Data; Financial Data; Transaction Data; Social Identification Data; Contact and Correspondence Data; Online Identifying Information; Blockchain Data; Information provided by identity verification and KYC partners, credit reference agencies, and public databases Legal obligation
Facilitate corporate merger and acquisitions. To enable us to initiate or conclude corporate acquisitions, mergers, or other corporate transactions. Personal Identification Data; Government Issued Identification Data; Social Identification Data; Contact and Correspondence Data Legitimate interest (to provide the activities described in the left column)
To properly manage, process, collect and transfer payments, fees and charges, and to collect and recover payments owed to us. Personal Identification Data; Financial Data; Transaction Data; Contact and Correspondence Data; Social Identification Data Performance of a contract; Legitimate interest (to provide the activities described in the left column)
To use the services of other financial institutions, crime and fraud detection and prevention companies, risk measuring and management companies, which will use the Personal Data they receive for their own purposes while acting as independent data controllers. Personal Identification Data; Government Issued Identification Data; Transaction Data; Social Identification Data; Contact and Correspondence Data; Online Identifying Information; Profile Data; Information provided by identity verification and KYC partners, credit reference agencies and public databases; Financial Data Performance of a contract; Legitimate interest (to provide the activities described in the left column)
Ensure quality control and staff training to make sure we continue to provide you with accurate information and high-quality Services. Personal Identification Data; Transaction Data; Contact and Correspondence Data Legitimate interest (to provide the activities described in the left column)
Events and webinars. Facilitate Event registration, plan and execute Events, and share pre- and post-event information with registrants and interested individuals. Personal Identification Data; Transaction Data; Social Identification Data; Contact and Correspondence Data Legitimate interest (to provide the activities described in the left column)
Prizes, contests and surveys. To allow you to enter a prize drawing, contest, or complete a survey Personal Identification Data; Contact and Correspondence Data; Profile Data; Usage Data; Marketing Data Performance of a contract;
Consent (if required)
For research and development. We process your Personal Data to better understand the way you use and interact with our Services.
Leveraging data analytics to improve our Website, Services, marketing, user experiences and their relationship with Bullish.		 Personal Identification Data;
Social Identification Data;
Contact and Correspondence Data; Investment Data; Marketing Data; Profile Data; Usage Data;
Online Identifying Information		 Legitimate interest (to provide the activities described in the left column)
Product/ UX user research and testing. Identify the behavior patterns, thoughts, and needs of customers by gathering user feedback from observation, task analysis, and other methods. It also includes gathering market data for studying customers' behavior including their preference, interest and how they use our products/Services. Personal Identification Data;
Social Identification Data;
Contact and Correspondence Data; Investment Data; Marketing Data; Profile Data; Usage Data
Online Identifying Information		 Consent
Marketing activities. Provide you with relevant information and news about our Services, events, promotions, prizes, giveaways and other opportunities. Send information that may be of interest to you based on your preferences. Personal Identification Data; Contact and Correspondence Data; Online Identifying Information; Marketing Data; Profile Data Consent (if required); Legitimate interest (to provide the activities described in the left column)
Website traffic and usage analysis and analytics to understand how users interact with our Websites, to improve our Websites and our offerings Personal Identification Data; Transaction Data; Online Identifying Information; Usage Data Legitimate interest (to provide the activities described in the left column); Consent (if required)
Engaging with you on social media. Engaging with you on social media, including on subsections of social media platforms controlled by us. Understanding how you engage with us on social media, engaging users through social media platforms, and improving our social media activities and users' social media experience Personal Identification Data; Contact and Correspondence Data; Online Identifying Information; Social Identification Data; Profile Data Legitimate interest; Consent (to provide the activities described in the left column)
To utilize the services of social media or advertising platforms, some of which may use Personal Data they receive for their own purposes, including marketing purposes, determining our marketing campaigns and growing our business Personal Identification Data; Contact and Correspondence Data, Online Identifying Information; Social Identification Data; Profile Data Consent

In the above table, “consent” refers to Article 6(1)(a), “performance of a contract” to Article 6(1)(b), “legal obligation” to Article 6(1)(c) GDPR and “legitimate interest” to Article 6(1)(f) of the GDPR, or the equivalent provisions in your jurisdiction.

When the lawful basis for processing your Personal Data is legitimate interest, the respective legitimate interest is described in more detail in the left column of the respective row in the table. We always ensure that we consider and balance any potential impact on you and your rights under data protection laws.

We will only use your Personal Data for the purposes for which it was collected, unless we need to use it for another reasonable purpose that is compatible with the original purpose. In such cases, we will inform you about the that other purpose and any other relevant information according to Article 13 and 14 GDPR, or the equivalent provision in your jurisdiction, prior to that further processing.

6. How We Share Your Personal Data

We may share your Personal Data with the following categories of recipients:

  • Third-party service providers who need access to Personal Data to assist us in delivering Services or the operation of our business. For example, such third parties include payment processors; information technology service providers; providers of identity verification services; Website hosting providers; insurance, marketing, accounting, shipping, and delivery vendors; other business process outsourcing providers; and partners who assist us with administering programs we offer to you, such as our bug bounty program.
  • Information provided by identity verification and KYC partners, credit reference agencies, and public databases, which means Personal Data processed with our purpose to comply with our legal obligation related to anti-money laundering laws, to prevent and detect crime and for anti-fraud purposes. Our ID verification partners use a mix of government records, publicly available information, information provided to us by you and the use of technology to help Bullish on your identity verification. Such information may include criminal convictions and offences, credit history, status on any sanctions lists maintained by public authorities, and other relevant data.
  • Third-party service providers who need access to Personal Data to provide advertising and analytics services. For example, we use a third party service for the collection and management of your Personal Data that enables us to deliver marketing communications about our Services and events to you.
  • Public law enforcement agencies or public or judicial bodies insofar and only to the extent as we are obliged to do so by law, by court order or on the basis of an enforceable official order, to comply with our legal obligations. Bullish requires that a request from a law enforcement agency or public or judicial body having jurisdiction over us be accompanied by sufficient legal process. This varies by location. For instance, production orders, search warrants, freezing orders, seizure orders, and subpoenas, as well as requests for voluntary data disclosure, all constitute a legal process. Bullish thoroughly evaluates each order and request for voluntary disclosure to verify the existence of a legitimate legal basis and that any response is carefully limited to ensure that the requesting public law enforcement agencies or public or judicial bodies receives just the data and/or remedy to which they are entitled. Additionally, Bullish requires that requests for asset freezing and/or seizure adhere to the relevant local jurisdiction’s legal process and include all appropriate instructions, including, if applicable, the period of the freeze.
  • Professional advisors who provide banking, legal, compliance, insurance, accounting, or other consulting services in order to complete third party financial, technical, compliance and legal audits of our operations or otherwise comply with our legal obligations.
  • Other credit and financial service institutions or comparable institutions to which we transfer your Personal Data in order to process payments you have authorized and/or to carry out a business relationship with you (depending on the contract, e.g., correspondent banks, custodian banks, brokers, stock exchanges, information offices).
  • Other recipients for which you have given us your consent to transfer your Personal Data.
  • Our corporate affiliates in the Bullish Group, when necessary to complete the processing activities described in section 4 of this Privacy Notice.
  • Other recipients, as reasonably necessary:
    • In relation to a merger, sale, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy, or other change of ownership or control (whether in whole or in part); or
    • to: (i) to detect and prevent financial crime, money laundering, terrorism, and tax evasion where required by law, to comply with applicable laws, a request from a law enforcement agency, regulatory authority, public or judicial body with jurisdiction over us, or other legal process; (ii) protect our legitimate rights, privacy, property, vital interests, health and safety, as well as those of our customers, business partners, personnel, or the general public; (iii) seek professional advice, manage risk (including obtaining and managing insurance), pursue available remedies or limit damages; (iv) enforce our rights and Terms of Use; (v) respond to an emergency; (vi) other banks to help trace money in cases of fraud or other crimes.

If we transfer Personal Data to recipients acting as processors on behalf of Bullish, it is contractually ensured that the processor will process such Personal Data exclusively on our behalf and has implemented appropriate technical and organizational measures to protect the Personal Data.

We always endeavor to only share the minimum amount of Personal Data that these recipients need to perform their tasks.

7. International Data Transfers

We may transfer your Personal Data to recipients in countries outside of your jurisdiction for processing in accordance with this Privacy Notice and as permitted by the applicable laws. These locations include the European Economic Area, (EEA), United States, and Asia-Pacific region.

A transfer of Personal Data to countries outside the EEA will only take place where one of the conditions below apply:

  • The European Commission has decided by way of an adequacy decision according to Article 45 GDPR that the country or the organization we are sharing your Personal Data with will protect your information adequately; or
  • We have entered into the standard contractual clauses of the European Commission for the transfer of personal da-ta to third countries pursuant to Regulation (EU) 2016/679).with the recipient with which we are sharing your Personal Data to ensure your information is adequately protected.
  • Other so-called suitable safeguards, according to Article 44 et seq. GDPR are in place.

If service providers contracted by us and located in a country outside the EEA need to access Personal Data (for example, in connection with IT, cloud, or hosting services), we ensure an appropriate level of data protection through careful selection of the service provider and through contractual, technical, and organizational measures.

If you would like to see the specific contractual safeguards for the transfer of Personal Data to countries outside the EEA, simply send an e-mail request to privacy@bullish.com.

8. Third Party Applications and Websites

Our Data Sources may contain links to third-party applications or websites not affiliated with us. Your use of an external application or an external website, including any informational content found on external applications and external websites is exclusively subject to and governed by the privacy practices, privacy policies/notices, terms, and conditions of that application or website.

We do not endorse or make any representations or warranties concerning any informational content, products, services, software, or other materials available on external applications are framed within our Data Sources.

9. Cookies

We use Cookies, web beacons, and other data collecting technologies, such as when you navigate the Websites or click on links in the emails we send you. A cookie is a small data file that is transferred to a web browser, allowing our Sites to remember and customize your subsequent visits. A web beacon (also called a “pixel tag” or “clear GIF”) is a piece of computer code that enables us to monitor user activity and Website traffic. To learn more about how we use cookies then please visit our Cookie Notice. For more information on cookies and web beacons more generally, please visit http://www.allaboutcookies.org. Some web browsers offer settings that allow you to reject cookies or alert you when a cookie is placed on your computer or device. Please note that if you reject cookies, the functionality of some areas of the Websites may be limited.

When you first land on the Websites, you will be asked for your consent to the placement of Cookies. Other than strictly necessary cookies, no cookies are placed on your browser until you give your consent. You also have the option to manage your consent on an ongoing basis by opting out of any cookies category except strictly necessary cookies by changing your cookies settings. Please note that if you reject cookies, the functionality of some areas of the Websites may be limited.

10. Advertising and Analytics Services Provided by Third Parties

We may allow others to serve advertisements on our behalf across the Internet and to provide analytics services. These entities may use cookies, web beacons and other technologies to collect information about your use of our Data Sources and other websites, including your IP address, web browser, pages viewed, blocks created, transactions undertaken, information provided to Bullish, time spent on pages, links you clicked, and conversion information. This information may be used by us and others to, among other things, analyze and track data, determine the popularity of certain content, deliver advertising and content targeted to your interests on the Websites, and better understand your online preferences. For more information about interest-based ads, please visit the Digital Advertising Alliance at www.aboutads.info/choices.

We will get your opt-in consent before we process or share your Personal Data with any third party for advertising and analytics services.

The third party service providers we use for advertising and analytics include:

  • Plausible Analytics, a web analysis service that captures web analytics entirely anonymously, uses no cookies, and collects no Personal Data. All data is used in the aggregate only, and there is no tracking across devices, or Websites. To learn more, please review the Plausible Analytics Privacy Policy and the Plausible Analytics Data Policy.
  • Piwik PRO Analytics Suite as our website/app analytics software and consent management tool. We collect data about website visitors based on cookies. The data collected may include a visitor’s IP address, operating system, browser ID, browsing activity and other information. For more information, see What data does Piwik PRO collect? | Piwik PRO help center. https://help.piwik.pro/support/privacy/what-data-does-piwik-pro-collect for more information . We calculate metrics like bounce rate, page views, sessions and the like to understand how our website/app is used. We may also create visitors’ profiles based on browsing history to analyze visitor behavior, show personalized content and run online campaigns. The data is hosted on Microsoft Azure in the Netherlands and the data is stored for 14/25 months. The purpose of data processing is the analytics and conversion tracking based on consent. The legal basis is consent. Piwik PRO does not send the data about you to any other sub-processors or third parties and does not use it for its own purposes. For more, read Piwik PRO’s privacy policy.
  • Google Tag Manager: In order to monitor and provide diagnostics about system stability, performance, and installation quality, Google Tag Manager may collect some aggregated data about tag firing. This data does not include user IP addresses, or any measurement identifiers associated with a particular individual. Other than data in standard HTTP request logs, all of which is deleted within 14 days of being received, and diagnostics data noted above, Google Tag Manager does not collect, retain, or share any information about visitors to our customers’ properties, including page URLs visited.
  • Google Ads & DoubleClick: Google stores a record of the ads it serves in its logs. These server logs typically include your web request, IP address, browser type, browser language, the date and time of your request, and one or more cookies that may uniquely identify your browser. Google stores this data for a number of reasons, the most important of which are to improve its services and to maintain the security of its systems. Google anonymizes this log data by removing part of the IP address (after 9 months) and cookie information (after 18 months). To help Google’s partners manage their advertising and websites, Google offers many products, including Google Ads, and a range of DoubleClick-branded services. When you visit a page or see an ad that uses one of these products, either on Google services or on other sites and apps, various cookies may be sent to your browser. These may be set from a few different domains, including google.com, doubleclick.net, googlesyndication.com, or googleadservices.com, or the domain of Google partners’ sites. Some of Google’s advertising products enable its partners to use other services in conjunction with Google’s (like an ad measurement and reporting service), and these services may send their own cookies to your browser. These cookies will be set from their domains. See more detail about the types of cookies used by Google and Google’s partners and how they use them.
  • Twitter: Conversion tracking enables Bullish to measure its return on ad spend by tracking the actions people take after viewing or engaging with Bullish’s ads on Twitter. On Twitter, Bullish can use its Twitter Pixel or the Conversions API to set up conversion tracking. These solutions pass data back to Twitter and help enable user attribution. It does this by matching conversion data to a Twitter user, using available identifiers like cookie IDs, Click ID or email. The Twitter Pixel allows Bullish to put a piece of code on the Websites to send conversion data to Twitter. The Conversion API allows advertisers to send conversion data directly from a server to Twitter. Learn more about the Twitter Pixel, Conversions API, and other conversion tracking tools here. Attributed data can be used for a variety of purposes, such as building Website Activity Audiences for campaign retargeting, to improve optimization models to help you drive action with your campaigns, and for reporting of campaign results, to understand the impact of a campaign. Use of any of Twitter’s conversion tracking products or services is subject to the Twitter Conversion Tracking Program T&C’s, which can be found here.
  • LinkedIn: The LinkedIn Insight Tag enables the collection of data regarding members’ visits to Bullish’s website, including the URL, referrer, IP address, device and browser characteristics (User Agent), and timestamp. The IP addresses are truncated or hashed (when used for reaching members across devices), and members’ direct identifiers are removed within seven days in order to make the data pseudonymous. This remaining pseudonymized data is then deleted within 180 days. LinkedIn doesn’t share the Personal Data of members with Bullish; LinkedIn only provides reports and alerts (which do not identify members) about Bullish’s Website audience and ad performance. LinkedIn also provides retargeting for website visitors, enabling Bullish to show personalized ads off Bullish’s Website by using this data, but without identifying the member. LinkedIn also uses data that doesn’t identify members to improve ad relevance and reach members across devices. LinkedIn members can control the use of their Personal Data for advertising purposes through their account settings.
  • The Trade Desk offers what is known in the industry as a Demand Side Platform (“DSP” or “Platform”). The Trade Desk provides technology that helps advertisers and their advertising agencies manage digital advertising campaigns across many channels, such as websites, apps, audio, smart TVs, and other video. The Trade Desk technology uses data to target and serve or to help Bullish to target and serve relevant advertising to consumers and to perform attribution analysis or other analytics regarding advertising audiences, as well as to compile, match and link audiences on behalf of Bullish. For instance, The Trade Desk may, or help Bullish to, use this data to: – Determine what ad to show a consumer, and customize ads to particular types of audiences; – Customise ads to the type of web page users are viewing; – Limit the number of times a consumer sees an ad or a type of ad; – Perform analysis of how effective the ads are; – Help Bullish learn more about their own consumers; – Troubleshooting; and – Fraud detection. For more, read Trade Desk’s Privacy Policy.

11. Automated Decision-Making and Profiling

Automated decision-making is a process by which your Personal Data is used to make a decision about you that creates legal or other significant effects in an automated fashion using an algorithm alone, without any human intervention in the process. Profiling is where Personal Data is evaluated in an effort to predict things like interests or preferences about what types of information an individual might want to receive. Although profiling is a type of automated processing, it does not produce legal (or other significant) effects and in that way is different from automated decision-making.

As explained above in the section on “Advertising and Analytics Services Provided by Third Parties”, we may, upon having obtained prior consent from you, use profiling as part of our analytics to deliver the most relevant content and best experience to you.

Bullish relies on automated tools to help determine whether a transaction or a customer account presents a fraud or legal risk. Under the GDPR, you have the right not to be subject to a decision based solely on automated processing of your Personal Data, including profiling, which produces legal or similarly significant effects on you, save for the exceptions provided for in Article 22 GDPR (e.g. if the automated processing including profiling is based on the data subject’s explicit consent).

Customers won’t be subject to decisions that will have a significant impact on them based solely on automated decision-making. In cases where a customer does not pass our KYC verification, they will be immediately provided with an option to contact customer support and initiate a manual process to review the automated decision-making. Transaction monitoring will also be automated, with alerts and escalations being manually investigated by our Compliance team.

12. Your Rights

According to the GDPR you are entitled to the following rights with respect to your Personal Data:

  • To access the Personal Data we maintain about you (Article 15 GDPR). You have the right to obtain information from us about your Personal Data that is processed by us. For example, you may request information about the purposes of the processing, the category of the Personal Data, the recipients or categories of recipients to whom the Personal Data has been or will be disclosed, the envisaged storage period or the criteria to determine that period, as well as the existence of a right to rectification, erasure, restriction of the processing or to object. We will provide you with one copy of your Personal Data free of charge, but we may charge you a reasonable fee to cover our administrative costs if you request further copies of the same information.
  • To correct your Personal Data (Article 16 GDPR). You have the right to ask us to rectify Personal Data you think is inaccurate or incomplete. In some cases, you will need to make these changes yourself by using the tools we provide in the Data Sources.
  • To have your Personal Data erased (Article 17 GDPR). You have the right to ask us to delete your Personal Data. In some cases, you will need to do the deletion yourself using the tools we provide in the Data Sources. If we have shared your Personal Data with a third party in the manner described above, we will require the third party to delete the Personal Data that we have shared with them (consistent with their legal obligations to do so). We will decline your request for deletion if processing your Personal Data is necessary: (i) to comply with our legal obligations such as fraud detection and monitoring, (ii) for reasons of public interest in the area of public health ,; (iii) for the establishment, exercise or defense of legal claims; (iv) for exercising the right of freedom of expression and information; and (v) for archiving purposes in the public interest, scientific research historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing.
  • To restrict how we process your Personal Data (Article 18 GDPR). At your request, we will limit the processing of your Personal Data if:
    • you dispute the accuracy of your Personal Data;
    • your Personal Data was processed unlawfully, and you request a limitation on processing, rather than the deletion of your Personal Data;
    • we no longer need to process your Personal Data, but you require your Personal Data in connection with a legal claim; or
    • you object to the processing and no overriding legitimate interest for the processing exists.
  • To data portability (Article 20 GDPR). You have the right to receive your Personal Data in a structured, commonly used and machine-readable format, and to have us transfer your Personal Data to another controller.
  • To object to how we process your Personal Data (Article 21 GDPR). Where we process your Personal Data based on our legitimate interest (or that of a third party), you have the right to object to this processing on grounds relating to your particular situation if you feel it impacts on your fundamental rights and freedoms. We will decline your request where we have compelling legitimate grounds for the processing which override your rights and freedoms, or where the processing is in connection with the establishment, exercise or defence of legal claims.
  • Not to be subjected to automated decision making. In some jurisdictions, you have the right not to be subject to a decision based solely on automated processing of your Personal Data, including profiling, which produces legal or similarly significant effects on you, save for the exceptions applicable under relevant data protection laws.
  • To withdraw any consent that you gave us to process your Personal Data (Article 7(3) GDPR). You have the right to withdraw any consent you may have previously given us at any time. Your consent withdrawal will not affect the lawfulness of the processing done before the withdrawal.
  • To stop your Personal Data from being used for direct marketing purposes. At your request, we will stop using your Personal Data for the purpose of direct marketing. Our marketing communications include an unsubscribe facility, which we encourage you to use. If you want to stop us from contacting you in connection with marketing communications, please email us at privacy@bullish.com.
  • To complain to a supervisory authority (Article 77 GDPR). If you are not satisfied with our response, you have the right to complain to or seek advice from a supervisory authority and/or bring a claim against us in any court of competent jurisdiction. As a rule, you can turn to the supervisory authority at your habitual residence or place of work or our registered office. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority, so please contact us in the first instance.

To exercise the above rights, please complete a Data Subject Rights Request Form or contact us at privacy@bullish.com. We will consider and process your request within the required period of time. Please be aware that under certain circumstances, or in relation to certain types of data, the applicable legislation may limit your exercise of these rights.

Please note that in some cases, if you do not agree with the way we process your information, it may not be possible for us to continue to operate your account and/or provide certain products and services to you.

It is our policy to respect the rights of individuals. However, please be aware that your exercise of these rights may be subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime); where an overriding legitimate interest for the processing exists (e.g. the maintenance of legal privilege) an; some of these rights may be limited (for example, the right to withdraw consent) where we are required or permitted by law to continue processing your Personal Data to establish, exercise, and defend our legal rights or meet our legal and regulatory obligations; and for the protection of the rights of another natural or legal person.

13. How long we keep your Personal Data

We retain Personal Data for the period of time necessary to fulfil the purposes outlined in this Privacy Notice unless a longer retention period is required by applicable law. To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, or other requirements.

Retention periods may be changed from time to time based on business or legal and regulatory requirements.

We may on exception retain your Personal Data for longer periods, particularly where we need to withhold destruction or disposal based on an order from the courts or an investigation by law enforcement agencies or our regulators. This is intended to make sure that we will be able to produce records as evidence, if needed.

While retention requirements vary by jurisdiction, information about our typical retention periods for different aspects of your Personal Data are described below:

  • Personal Data collected to comply with our legal obligations under financial or anti-money laundering laws may be retained after account closure for five years.
  • Contact Information such as your name, email address and telephone number for marketing purposes to those who subscribe to our newsletter is retained for six months or until you unsubscribe. Thereafter we will add your details to our suppression list to ensure we do not inadvertently market to you.
  • Personal Data relating to customer complaints, including contact information, complaint information, information needed to resolve a complaint, and linkages to account information as necessary to resolve complaints may be retained for four years after closure of the compliant.
  • Personal Data relating to trades or other financial transactions made on the Bullish exchange, including personal identifiers needed to link transactions with individuals may be retained after the account closure for seven years.
  • Personal Data provided by an you when opening an account on Bullish, but prior to proceeding through the KYC process, is retained for three years. This information can include email address, location of residence, and other basic identifying information.
  • Personal Data collected via technical means such as cookies, web page counters and other analytics tools is kept for a period of up to one year from expiry of the cookie.

Longer retention period than those stated above may apply if required by applicable law.

If you would like more information about how long we keep your Personal Data, please contact us at privacy@bullish.com.

14. Data Security

We have a significant investment in cyber security controls, including, but not limited to in-house and external expertise, state-of-the art technologies, and processes. We follow a security by design approach, strengthened by continuous vulnerability and threat management, regular penetration testing, a bug bounty program, and ongoing security monitoring and risk management practices.

You can find more information about our security practices on https://bullish.com/bullish-on-security/.

Procedures have been put in place to deal with any suspected breach of Personal Data. We will notify you and any competent supervisory authority of a data breach when we are legally required to do so.

15. Marketing

You can opt-out of receiving marketing communications from us at any time by clicking the unsubscribe link at the bottom of a marketing email. In addition, you can notify us directly via email at privacy@bullish.com if you prefer not to receive any marketing messages. If you opt out from receiving marketing communications, the opt-out will not apply to service and transactional messages such as emails related to maintenance and changes to the terms and conditions.

16. Children’s Privacy

Bullish’s Services are directed at adults aged 18 years and over, and not intended for children. We do not market to and do not knowingly collect Personal Data from individuals under the age of 18. Our verification process prevents Bullish collecting data of minors. Please contact us at privacy@bullish.com if you believe any individual under the age of 18 is using our Services so we can take immediate action to prevent his or her access to our Services and delete the information as soon as possible.

17. Do Not Track

Certain web browsers and other devices may permit you to submit your preference for not being “tracked” online, also known as “Do Not Track” or “DNT” signals. Since uniform standards for DNT signals have not been adopted, we do not currently process or respond to “DNT” signals. We will make efforts to monitor developments around “do not track” browser technology and the implementation of a standard.

18. Obligation to Provide Personal Data

In principle, you are not obliged to provide us with your Personal Data. However, if you do not do so, we may not be able to make our Websites or Services available to you without restriction or answer your inquiries to us. Personal Data that we do not necessarily require for the processing purposes stated in this Privacy Notice are marked accordingly as voluntary information.

19. Updates to the Privacy Notice

To keep up with changing legislation, best practices and changes in how we process your Personal Data, we reserve the right to revise this Privacy Notice at any time by posting an updated version on our Websites. To stay up to date on any changes, we would therefore encourage you to review this Privacy Notice regularly to stay informed of the purposes for which we process your Personal Data and your rights to control how we process it.

If you have any questions, comments or complaints, or would like to exercise your rights concerning your Personal Data and privacy preferences, you may use self-service options if they are available to you or contact in the following ways

Markets
Products
AMM
Features
Digital Assets
Indices
Custody
Institutions
Bullish Group
About Us
Careers
Trust & Transparency
News & Insights
Bullish Capital
Press
Support
Help Center
Status
Contact Us
Sign up
Log in
Jurisdiction
Germany
Down chevron arrow
Bug Bounty Program
Site Terms of Use
Cookie Notice
Legal
Privacy Notice
Fee Schedule
Copyright © 2025 Bullish Global. All rights reserved.

Not investment advice. Digital assets and related products are high risk. Consult your professional advisor and trade responsibly. Visit legal for important information and risk warnings. Bullish Europe GmbH is regulated by the German Federal Financial Supervisory Authority (BaFIN ID 10162355). Bullish Europe GmbH, Fora Office, Oper 46, Bockenheimer Anlage 46, 60322 Frankfurt, Germany. Local Court of Frankfurt am Main, HRB 128487; Managing Directors: Marco Bodewein, Marcus Rietsch Imprint