ISX - First Icelandic Licensed Cryptocurrency Exchange

The General Terms and Conditions of ISX (hereafter the Terms/these Terms) apply to transactions between Bálkar Miðlun ehf. (hereafter Bálkar Miðlun or ISX) and a customer. In addition to these Terms, contract provisions, terms and rules may apply to specific products or services provided by ISX. Such provisions shall take precedence over these Terms, in the case of any discrepancies. ISX’s terms are published on its website and are available in ISX branches.

ISX may at any time alter these Terms unilaterally and without notice. Changes to the Terms are communicated to customers through messages sent via ISX or with a general notice on ISX’s website or in another manner chosen by ISX.

Notices of amendments to such provisions of the Terms call attention to the fact that customers may notify ISX of the termination of the master contract before the changes enter into effect. The customer is considered to have approved changes unless he/she notifies ISX otherwise before the date of entry into force. If a customer terminates a master agreement before the two months’ notice is up yet continues to use the payment account in question or a payment instrument linked to the account after the two months’ notice has lapsed, the customer is considered to have approved the changes.

Bálkar Miðlun provides individuals, corporations and investors with cryptocurrency services, on its website ISX, based on long term business relationships. ISX is licensed to operate as a virtual assets service provider and is subject to supervision by the Financial Supervisory Authority of the Central Bank of Iceland, Kalkofnsvegur 1, 101 Reykjavík (see the Financial Supervisory Authority's website, www.fme.is).

Bálkar Miðlun hf., Reg. No. 550819-1200, Dalsbyggð 23, 210 Garðabær, Iceland

Tel. +354 620 3700. E-mail address: [email protected], Website: www.ISX.is.

Bálkar Miðlun processes its customers’ personal data based on these Terms and, as the case may be, agreements, terms and conditions and rules applying to individual products or services ISX may provide to the customer. ISX processes and stores all information derived from or submitted in relation to any contracts between the customer and ISX. ISX may also process personal data based on the customer’s consent, law, administrative provisions or based on legitimate interest, as detailed in ISX Privacy Policy, published on ISX’s website. The processing of personal data is necessary for ISX to provide customers with financial services and for customers to undertake transactions with ISX, as well as to conclude or execute related contracts. See further details in ISX privacy policy.

A customer establishes a business relationship with ISX through its website, its app or in a ISX branch. The customer must undergo due diligence upon the establishment of a business relationship. Upon establishing a business relationship, a customer selects products and/or services and gets access to ISX. ISX performs due diligence on new customers by requesting verification of identity and information about them, cf. details in the chapter on Measures against money laundering and terrorist financing. A new business relationship must meet the conditions of these Terms and, as the case may be, agreements, terms and conditions or rules that apply to individual products and/or services. The customer attests, as the case may be, the application, agreement and/or terms in question in accordance with ISX’s requirements at each time. ISX may, without providing specific grounds, reject an application to establish a business relationship and/or for a product or service, if information is insufficient, the application does not meet ISX’s requirements or for other reasons, as determined by ISX.

ISX operates in accordance with the Act on Measures Against Money Laundering and Terrorist Financing, as subsequently amended. ISX is required to perform due diligence on customers, upon the establishment of a business relationship, as part of regular control and/or for individual transactions. To perform due diligence, ISX calls for, among other details, personal information about a customer, including name, Id. No., legal domicile, job title/position, telephone number, email address, place of birth and nationality, in addition to financial information. Legal entities shall provide information about name, Reg. No., legal address, legal form, board of directors, executive board and person authorised to sign, as well as information about the beneficial owners of the legal entity and persons authorised to oblige the entity. ISX also gathers information about the origin of the funds customers intend to use in transactions with ISX, whether transactions are undertaken on behalf of a third party and information about the nature and purpose of the intended business relationship and/or transaction.

As part of due diligence, the customer shall provide proof of identity by showing valid identification issued or attested by a competent authority, e.g. a passport, driver's licence, Icelandic identity card or valid electronic ID. For underage customers, who do not have own personal identification, legal guardians can show their ID. If a business relationship is established on behalf of a legal entity, trust fund or comparable party, all board members, managing directors, authorised signatories and beneficial owners must verify their identity by showing valid identification. The same applies to all owners in a residents' association when property holdings in multi-family dwellings number six or less. Legal entities prove their identity by providing a certificate from the Enterprise Register of the Directorate of Internal Revenue (Fyrirtækjaskrá ríkisskattstjóra) or equivalent registry as proof of their registration. An assessment shall be made on a case-by-case basis whether to request a copy of a company's Articles of Association and/or audited annual financial statements.

ISX uses risk-based monitoring of contractual relationships with customers and gathers updates to information as and when necessary, at any time during a business relationship. Under certain circumstances and in addition to the above, ISX is required to apply enhanced due diligence in certain sensitive cases. In such cases, ISX reserves the right to request additional information, including personal data, about the customer to carry out enhanced due diligence. If ISX suspects that the funds the customer intends to funnel into ISX’s systems are earnings from illegal activity and/or linked to terrorist financing, ISX reserves every right to halt requested transactions without any notice. If ISX has legitimate grounds or reason to suspect certain transactions of being suspicious with regard to money laundering and/or terrorist financing, ISX is obliged to report the transaction to the relevant law enforcement authorities and provide all necessary information in connection with the case. Customers are obligated to inform ISX of any changes to the details submitted to ISX in relation due diligence.

ISX sends messages to customer, information and notifications about ISX through ISX website or an app or via other communication channels determined by ISX at each time. ISX may also use physical post/email in exceptional cases. ISX sends push notifications to the customer via ISX or a app. If the customer wishes to change his/her contact details, i.e. phone number or email address, he/she shall update this information on ISX, the app, with ISX’s Customer Service Centre or at a local branch.

To log in to ISX, the customer shall always do so through ISX’s website or open the app through means provided by ISX and identify/authenticate in a secure manner, in accordance with ISX’s requirements. The customer shall show enhanced precaution as regards false messages, such as text messages or emails that include links to purported log-in pages for ISX/the app, which the customer may receive from a third party, for such purposes as gaining access to personalised security credentials and/or defraud the customer. ISX does not send customers messages with links to log in to ISX. ISX may send to customers messages that include links following customers’ requests to access certain of ISX’s services. The message from ISX will refer to the requested service. If the customer receives a message that includes a link, without having previously requested a specific service from ISX, the message is fraudulent and the customer shall not click on the link, reply to the message or authenticate him-/herself as the message requests.

Bálkar Miðlun shall bear no responsibility for possible mistakes or negligence resulting from its customer’s choice of foreign business partners and their reliability. The same applies to mistakes or negligence on behalf of foreign financial undertakings. The customer is advised to familiarise him-/herself with the terms and conditions of the foreign financial undertaking, as well as current legislation and business conventions of the state in question. ISX’s exchange rates apply to all foreign currency transactions, unless expressly agreed otherwise. The nature of the transaction determines the rate used, be it spot rate, closing rate or a special rate determined by ISX. Any risk of resulting trading gains/losses shall be borne by the customer, unless otherwise expressly agreed.

In these Terms, the section on payment accounts contains special provisions for payment accounts and foreign currency payments.

The customer pays charges for ISX's products and services and other expenses linked to services rendered in accordance with ISX's tariff at each time. Should other terms or ISX's agreements with the customer provide for charging fees, those terms shall take precedence over ISX's tariff. ISX is authorised to debit fees and costs from the customer’s payment account with ISX and such direct debit shall appear on account statements. ISX may change its tariff without notice. ISX’s tariff is available on ISX’s website.

ISX is an Internet site customers log in to using verification/authentication approved by ISX in order to exchange, give payment orders or view account information, among other things. ISX is accessible from ISX’s website, through mobile and the app. In order to take advantage of ISX services, the customer must have equipment that is linked to the Internet. ISX reserves the right to unilaterally determine what services and communication channels are offered via ISX, and to alter those services/communication channels. ISX services may vary according to whether the customer logs in through ISX’s website, mobile or the app. Bálkar Miðlun owns the software used on ISX. The customer is authorised to access and use it. The customer is completely prohibited from making alterations or having alterations made to software connected with ISX.

Personalised security credentials are personalised components, such as PIN, passwords, security codes, unique identifier numbers/codes sent to the customer to confirm transactions, approved by ISX at each time for customer verification/authentication. Verification/authentication is a method that allows ISX to verify the customer’s identity or confirm authority to use a specific payment instrument, including the use of personalised security credentials. Strong verification is verification based on two or more components classified as knowledge, possession and inherence. ISX reserves the right to amend its verification/authentication requirements without notice. Once the customer has logged in to ISX, the customer is responsible for and obliged by all actions carried out on ISX. The same applies if a third party gains access to information about access to ISX or is able to access it in another manner. The customer is responsible for adequately ensuring the safety of personalised security credentials he/she uses for verification/authentication. The customer is prohibited from granting third parties access to his/her personalised security credentials and shall at all times ensure that no-one can get their hands on, see or copy the customer’s personalised security credentials. The customer shall keep secret his/her personalised security credentials and all information relating to his/her verification/authentication for ISX and information linked to payment instruments (such as payment card numbers) and is responsible for ensuring that such information is neither divulged nor accessible to unauthorised parties. The customer shall show enhanced precaution as regards false messages, such as text messages or emails that include links to purported log-in pages for ISX/the app, which the customer may receive from a third party, for such purposes as gaining access such information, including to personalised security credentials and/or defraud the customer. Should the customer fail to safeguard personalised security credentials and other aforementioned information securely or in accordance with the above, such as fail to show precaution with respect to false messages from a third party, this shall constitute gross negligence by the customer. Should the customer become aware that an unauthorised party has attempted to gain or acquired knowledge of the customer’s personalised security credentials and other aforementioned information, the customer shall notify ISX without delay and, as the case may be, alter his/her personalised security credentials. The same applies if a customer becomes aware of loss, theft or misuse of a payment instrument or unauthorised use thereof. To ensure safety, the customer shall activate locking mechanisms on the equipment he/she uses to log in to ISX. ISX shall not be responsible for the customer’s use of ISX through the app, ISX’s website or mobile. ISX shall not be responsibility for damages caused by use of ISX or the use of connections to ISX. Nor shall ISX bear responsibility for loss the customer suffers as a result of a third party gaining access to personalised security credentials, access to accounts on ISX/the app, e.g. through the aid of false messages, or access to information about a payment instrument (such as payment card numbers). ISX shall not be liable for any direct or indirect damage which may be caused by the suspension of ISX, links or additions to ISX without prior notice, for instance, due to necessary maintenance actions, malfunction of software or hardware, system modifications, or other circumstances beyond its control. If the customer lends, sells or authorises a third party to access a device on which the app has been installed, he/she is obliged to log out of the app first. If the device has been tampered with in a manner that compromises its security in any way, for instance, with the installation of insecure applications, use of the app on that device is no longer secure and thus prohibited. The customer shall show caution in the use of ISX. If the customer receives a unique identifier number/code from ISX for the purpose of confirming an electronic transaction, the customer shall not confirm the number/code without first verifying the validity of the payment (valid transaction). Failure by the customer to uphold precautionary obligations in accordance with the above is considered gross negligence on behalf of the customer.

The customer shall notify ISX without delay if he/she becomes aware of misuse or unauthorised use of ISX. The customer shall not suffer the damages caused by use of ISX if ISX fails to take appropriate steps as provided for in the Act on Payment Services, due to notification obligations linked to payment instruments that have been lost, stolen or misused. ISX may, without prior warning or notice, terminate the customer’s access to ISX or limit the customer’s access to ISX in part or in whole, temporarily or permanently, in the following instances: (a) if there is a suspicion of unauthorised or fraudulent use of ISX or services on ISX, (b) if there is a suspicion of breaches of ISX’s rules or terms and conditions, (c) if there is a suspicion that a third party may have gained access to the customer’s access information, with or without the customer’s consent, (d) due to file and system updates and changes or other technical or security reasons, or (e) if the customer enters into bankruptcy proceedings or the customer seeks composition, payment moratorium, or if other similar conditions exist. The customer is notified as soon as practicable. If the reasons for termination are removed, ISX shall grant access again. ISX is authorised to terminate the customer’s access to ISX if the customer’s account has been inactive over a 6-month continuous period or longer. Information about transactions, including the status of transaction orders, may be temporarily inaccessible in ISX due to a heavy load on the relevant computer and trading systems. Certain services or actions in ISX might determine device location based on GPS coordinates, network systems or phone company distribution systems, including information about service points. Access to such services can be controlled through each devices’ settings. ISX does not retrieve location information from the device without clear authorisation. ISX shall not be responsible for invoices that appear on the list of unpaid invoices and where ISX is not the invoicer. Any objections the customer may have to such invoices shall be directed at the registered invoicer.

The customer creates an account using ISX website or in a ISX branch. ISX is authorised to reject new accounts, for instance if information about the customer is insufficient, and will notify of such rejection as promptly as possible. Accounts may not be established on behalf of another financially competent party unless the customer has granted power of attorney to the effect, unless otherwise provided for by law. Upon establishing an account, the customer is obliged to provide proof of identity by showing valid identification, such as a passport, Icelandic identity card, driver’s licence, valid electronic ID, through verification/authentication upon logging in to ISX or other means of identification that meat with ISX’s requirements at each time. ISX reserves the right to amend its security requirements without notice.

Accounts are in Icelandic króna, unless otherwise expressly agreed. These Terms apply to accounts both in foreign currency, in ISK or virtual currencies.

Accounts can be indexed to a portfolio of currencies or virtual assets or traded accounts that Bálkar Miðlun manages. All assets that customers deposit into their ISX account become assets of Bálkar Miðlun. Bálkar Miðlun owns all assets on its bank accounts and virtual wallets. Customers have no direct claim to any bank deposits on Bálkar Miðlun bank accounts or virtual wallets or with other service providers that Bálkar Miðlun utilizes.

The customer holder chooses a password accompanied with an e-mail to use for authentication and confirmation of payments in communication with ISX. The customer agrees not to divulge the password to unauthorised parties. Unauthorised parties here refers to parties who are not authorised to issue payment orders for the customer's account in accordance with these Terms. Should the customer have reason to believe that an unauthorised party may have become aware of the password, the customer agrees to change the password immediately and notify Bálkar Miðlun without delay. The customer is responsible for all payments and actions carried out using his/her password or other personalised security credentials.

When the customer gives trading or payment order, he/she shall verify his/her identity or provide other adequate means of authentication, such as the account's password, by showing personal identification or other means that satisfy ISX’s requirements. The above applies whether or not the action is carried out by way of a payment instrument or not.

ISX will process trading or withdrawal requests on its website, given that it is not in maintenance mode or trading has been halted for other reasons. Deposits in Icelandic króna or other currencies will be processed on opening hours of Icelandic banks on bank days. Withdrawals of Icelandic króna and other currencies will be processed twice a day on banking days, after 8 o’clock am and after 8 o’clock pm, GMT. Deposits and withdrawals of virtual assets will be processed as soon as relevant blockchains show that payments are fully confirmed or ISX wallets or wallet providers are operational and relevant blockchains are operating normally.

ISX may delay, halt and/or refuse to execute payment orders, initiated by either payor or recipient, if the conditions of law, these Terms, other terms and conditions or ISX’s rules have not been met, e.g. of the balance on the account is insufficient, if withdrawals have been suspended for other reasons, for security reasons, if there is considered to be a risk of misuse or fraud, due to significantly heightened risk of the payor being able to make payment, if there is doubt concerning the payor’s authority to utilise the account or for regular monitoring of payments that involves gathering information about the connection between payor and recipient, origin of funds, purpose of a transaction, etc. ISX uses foreign intermediaries to send and receive international payments on behalf of customers. For that reason, ISX may request details about payments and share that information with foreign intermediaries.

The customer will be notified of Bálkar Miðlun's decision to reject payment orders, unless otherwise indicated by law. If the customer is the cause of ISX's decision to reject payment orders, a fee may be charged for written notification. If payment orders are rejected by ISX, this is equivalent to such orders not having been received at all. Notwithstanding the above, ISX may postpone carrying out payment orders until sufficient funds are available on the customer's account, including funds to cover fees and other expenses. ISX may attempt to debit the payment from the customer's account to satisfy payment following reception of payment orders and until the orders have been carried out. If Bálkar Miðlun receives multiple payment orders the same day,

ISX is not responsible for the order in which the instructions are carried out or which payments are not carried out due to insufficient account balance.

A priori received payment orders will be carried out despite latterly occurring events that would have prevented their issuance, such as the revocation of power of attorney or death of the customer. The customer may only recall or halt payment orders if the relevant provisions of the Act on Payment Services have been met and provided the customer is a consumer. ISX may demand a fee for recalled payment orders. A priori received payment orders will not be carried out after the termination of an account. ISX is responsible for the payment being carried out in accordance with law until the recipient ISX has received the payment. After that time, the recipient ISX is responsible for the handling of the payment. The customer is responsible for ensuring the accuracy of payment instructions. ISX is not responsible for the customer's mistakes, inter alia, the customer entering erroneous identification for the recipient. Such mistakes cannot be corrected one-sidedly by ISX without the approval of the recipient of the payment. If a customer can provide evidence to show that the amount of a payment, authorised by the customer and initiated by the recipient, was not specified in the issued authorisation and that the customer's account was debited for a higher amount than he/she could reasonably expect based on his/her spending patterns, these Terms and other circumstances of the case, the customer shall notify ISX and request refund within eight weeks of funds being debited from his/her account. These conditions being met, ISX shall refund the customer such payments within 10 bankdays of receiving notice to the effect from the customer. Otherwise ISX will refuse repayment. The above does not apply when a customer, who is not a consumer as defined by the Act on Payment Services as subsequently amended, orally consents to a third party withdrawing funds from his/her account. In such cases, the customer is not entitled to a refund once he/she has directly authorised ISX to carry out payment and, if appropriate, ISX or the recipient provided a priori information about payments or transmitted such information to the payor at least four weeks prior to the date of payment. If payment orders have been revoked, Bálkar Miðlun is neither responsible for paying interest nor other fees levied on overdue payments.

Payment services may be subject to limitations provided for in the Act on Foreign Exchange at each time and rules based on the Act. If regular payments have been agreed upon, the notice of termination shall factor in collection of payments following termination of a contract. ISX is authorised to charge a fee on transfers from the payment account. ISX may also charge a fee for assistance granted in recovering mistakenly paid funds, e.g. due to erroneous information about the recipient of payment issued along with instructions for payment. Fees are in accordance with ISX’s tariff of charges at each time.

Messages, information and notices about accounts, such as about changes to terms and conditions and costs, are communicated to customers via ISX’s website or the app or another manner chosen by ISX. ISX may also use mail in exceptional cases.

A customer wishing to close an account may submit a written request to ISX, request it verbally over the phone or, as the case may be, close the account independently in self-service. Should the customer terminate these Terms, ISX reserves the right to terminate accounts and other services, including ISX, in part or in full, at its own initiative and without first informing the customer. The same applies if a customer is demonstrated to have committed an offence against law, ISX's rules, its terms and conditions or other rules applying to the customer’s business with ISX, if the customer or a third party is demonstrated to have misused an account, the customer fails to comply with ISX’s request to update or submit information during regular monitoring of money laundering and terrorist financing, if transactions are considered by ISX to constitute a risk of fraud, money laundering and terrorist financing or if the business relationship might damage ISX’s reputation or does not confirm to ISX’s risk policy, in its estimation.

In such cases, ISX may deposit the balance of accounts to an account held by ISX. ISX further reserves the right to close an account that has been inactive for a period of 2 years or longer, following a notice to the effect to the customer, and deposit the balance to another account held by the customer or, if the customer does not own a second account, to an account held by ISX. Any fees or costs owed ISX by the customer for services rendered when an account is closed in accordance with the above, may be debited from the customer's account prior to its closing. In the case of any negative balance on the customer’s account upon closing, e.g. charged fees, ISX reserves the right to enforce the claim through collection. The customer will be notified of the closing of the account as promptly as possible.

Unless otherwise specified by statute, contractual provisions, these Terms, other terms and conditions, ISX’s rules or according to the nature of the matter, ISX and the customers may end their mutual business relationship at any time without notice. ISX may terminate a framework agreement with two months’ notice, in accordance with these Terms. The customer shall notify ISX in writing of his/her decision to end the business relationship with ISX or revocation of authority to process personal data. ISX reserves the right to end a business relationship, in full or in part, of its own initiative with a unilateral notice to the customer if the customer is demonstrated to have committed an offence against law, ISX's rules, its terms and conditions or other rules applying to his/her business with ISX, if the customer or a third party is demonstrated to have misused the business relationship, if transactions are considered by ISX to constitute a risk of money laundering or terrorist financing, if the business relationship might damage ISX’s reputation, or does not confirm to ISX’s risk policy, in its estimation.

If communications leading up to and the establishment of this Terms are solely telecommunications, the Terms shall be considered a distance contract as provided for in Act No. 33/2005, on Distance Sales of Financial Services. If the customer is a consumer he/she has the right, having regard for the limitations set out in the Act on Distance Selling of Financial Services, to abandon the Terms if they constitute a distance contract as defined in the aforementioned Act without specifying a reason, provided he/she verifiably notifies ISX thereof within 14 days of approving the Terms.

Any dispute which may arise as a result of these Terms and Conditions may be brought before the Reykjavík District Court. All disputes concerning business with ISX shall be resolved in accordance with Icelandic law, unless otherwise agreed.

ISX shall not be responsible for any direct or indirect loss which a customer may incur in connection with these Terms or transactions concluded on their basis if such loss can be attributed to events resulting from force majeure, such as natural catastrophes, wars, terrorist activity, epidemics, strikes, border closures, electricity disruption or failure, disruption of a settlement system, disruption of blockchains, telephone system or other communication routes, or other similar events. Nor shall Bálkar Miðlun be responsible for any inconvenience, expense, missed investment opportunities or other direct or indirect financial loss resulting from the closure, failure, interruption or other disruption of ISX’s activities.

These Terms are originally published in Icelandic. The Icelandic language version shall be the sole valid version of these Terms and Conditions, regardless of whether ISX chooses to publish the Terms in another language. Icelandic law shall apply to these Terms.