Dear User!
Every day we make sure that the use of our exchange is comfortable and safe for you. For this reason, we provide you with important information about how the data collected during your registration and use of the exchange is processed.
We know how important privacy and safety are to you, that’s why in the Privacy Policy we explain what rights you have, which of your data we collect and why, and how we use it, so you can be sure that it is safe with us.
Please note that we collect your data primarily as part of the registration of your user account and as you are using our Website. That is why, we have created this Privacy Policy in order to familiarize you with the rules of using our exchange operating at the following address www.coindeal.com, which in the further part of the Privacy Policy is simply referred to as “Website”. The Privacy Policy contains the following chapters:
Table of contents
I. General information regarding Privacy Policy.
II. Who is the administrator and the data protection officer of your personal data?
III. How and why we collect your data?
IV. On what basis we process your data?
V. What are the consequences of not providing us with your personal data?
VI. Which of your data and how we share with other entities?
VII. How long do we keep your data?
VIII. Your rights.
IX. Profiling.
X. Cookies.
XI. How we protect your data.
XII. The procedure to change the Privacy Policy.
XIII. Current and previous versions of the Privacy Policy
I. General information regarding Privacy Policy
-
- The purpose of the Privacy Policy of our Website is primarily to explain to you why we need all the information we require from you. In this Privacy Policy we will specify what data we collect, where does it come from and what rights do you have in relation to it.
- This Privacy Policy was made on the basis of:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (“GDPR“),
- National regulations of Saint Vincent and the Grenadines.
- In order to ensure the security of your personal data, we have ensured that all our employees are properly trained in the processing of personal data. In addition, we guarantee that our Company has adequate technical security and organizational measures to properly secure your data.
- Personal data we collect is processed in accordance with the law, only for specified, legally permitted purposes.
- In addition, we put our effort to make sure that the data collected by us is substantively correct and adequate in relation to the purposes for which it is processed and stored in a form that allows identification of persons to whom it relates, no longer than it is necessary to achieve the purpose of processing. We also maintain the security and confidentiality of the personal data collected.
- The data collected by us is processed, stored and may be transferred to any country within European Union – where all our servers and IT infrastructure is located.
- If you feel that the processing of your personal data by us violates the law, you can file a complaint to the supervisory body that deals with the protection of personal data. As we established dedicated representative for GDPR issues in Cyprus you may contact:
Office of the Commissioner for Personal Data Protection
Office address: Iasonos 1, 1082 Nicosia, Cyprus
Postal address: P.O.Box 23378, 1682 Nicosia, Cyprus
Tel: +357 22818456; Fax: +357 22304565
e-mail: commissionerdataprotection.gov.cy
II. Who is the administrator and the data protection officer of your personal data
- The Administrator of your personal data is CDSV LLC [further also referred to as the Administrator] – a company established in St. Vincent and the Grenadines, bearing registration number 753 LLC 2020 with registered seat at Suite 305, Griffith Corporate Centre, Beachmont, Kingstown, St. Vincent and the Grenadines.
- If you have any questions, requests or complaints regarding the processing of your personal data by us, you can also contact us in writing at the address: Suite 305, Griffith Corporate Centre, Beachmont, Kingstown, St. Vincent and the Grenadines. You can contact the Administrator via mail sending a letter to the address, via e-mail at support@coindeal.com or sending a message in the tab “Contact” available on the Website.
- Questions, applications and complaints referred to in the preceding paragraphs should, in particular, include:
- data relating to the person or persons concerned by the inquiry or request,
- the event which is the reason for sending a message to us,
- requests and legal grounds for demanding request,
- the expected manner of handling the matter.
III. How and why we collect your data?
- Visiting and using our Website is associated with the need to collect and process your personal data.
- Please note, we process your personal data, in particular, the data you provide us with directly when setting up and verifying your account on our Website (this is the data you enter on the forms provided by us and the data contained in the documents you send to us) and the data you generate using services offered by our Website (e.g. making purchase/sale transactions, placing sales offers, etc.).
- We need to collect such a wide range of information not only to be able to provide our services “technically”, but also to fulfil the binding legal provisions regarding the obligation to identify the client, to monitor, combat and assess the risks of fraud, money laundering, financing of terrorism. Therefore, if you do not provide the data requested during the registration and verification, or if the data proves to be false, or if you object to its processing, we will not be able to continue to provide you with our services.
- Due to the above-described obligations, in order to verify the accuracy of the data provided by you and to assess the risk of fraud, we also monitor your transaction history by analyzing the course, volume, currency and type of transactions.
- If you express a wish to use additional services offered by us, we will process your data which we collected in order to provide our services, in compliance with their description contained in the Terms and Conditions or provided to you separately. These services may include among others: newsletter, contests, etc.
- We keep all of your information strictly confidential and use it only for the purposes for which we informed you when we collected it or in this Privacy Policy. The legal grounds for processing your data are described in detail in section IV of the Privacy Policy.
- As part of the operation of our Website, you may be asked to provide us with the following personal data:
- name – after you have created your user account, you will be asked to provide your name to identify yourself. Your name will also be essential if you wish to use our affiliate program. We will be pleased to know who is contacting us with the inquiry, so your name will be used when you use the contact form in the “Contact” tab on our Website.
- date of birth – users of our Website must be of legal age, once a user account is created, we ask you to provide us with your date of birth (or we take it from documents you provided), otherwise you will not be able to take full advantage of our Website.
- address and country of residence – in order to fully verify user’s identity and determine if user’s region is not excluded from our services due to our risk analysis or legal limitations, our users must provide their address and country of permanent residence,
- nationality – in order to gain full access to your user account, you will be asked to provide your nationality so we can determine if you are not a citizen of a country for which we cannot render our services,
- phone number – in order to gain full access to your user account, you will be asked to provide your phone number and its direct verification, after providing your phone number we will send you an activation code, if you have become a subscriber of our newsletter distributed by phone, we will also send you commercial information once, twice a month, this is, of course, a voluntary option and at any time you can resign from it.
- information concerning the identity document(passport, identity card or driving licence) – in order to verify your identity properly, we will ask you to provide us with a convenient identity document number with an indication of the date of issue and its expiry date, providing us with this information is necessary to carry out a proper process of confirming your identity, what is more, it will enable us to confirm your age to render our services in accordance with the law and our Terms and Conditions,
- photo – in order to properly identify your image, and exclude the risk of fraud or identity theft, we will ask you to send us your photo or video material,
- e-mail address – in order to create a user account on our Website, we will ask you to provide your e-mail address, what is more, your e-mail address will be used when you contact us with an inquiry via a contact form or chat window located on our Website, in addition, if you become a subscriber to our newsletter, we will send you information related to our Website once/twice a week – this is a voluntary option and you resign at any time, your e-mail address will also be used when you decide to participate in our affiliate program.
- IP address (Internet Protocol) of your device – it is an unique number, assigned to devices on a computer network, such data may be used for technical, demographic (region from which the connection is made) statistical purposes, and to verify that you use our services in accordance with the Terms and Conditions (i.e. that the connection does not come from a country in which we do not provide our services),
- other data such as – request URL, domain name, device ID, browser type, browser language, number of clicks, amount of time spent on individual pages, date and time of using the Website, type and version of the operating system, screen resolution, data collected in the server logs, and other similar information to develop statistical data for the optimization of services rendered, including displaying content that complies with your preferences.
- Providing your personal data indicated in the preceding point is necessary in the following cases:
- to create a user account on our Website, which is voluntary, and to use the full functionality of it;
- all data provided to us for the purpose of setting up a user account may be used for the purposes of the affiliate program, the contests, provided that you have given us your consent and wish to participate,
- in order to respond to inquiries addressed to us via the contact form available in the “Contact” tab on our Website and the chat form in the event of consent to participate in contests organized by the Administrator;
- in order to provide the newsletter service, if you want to be informed on an ongoing basis what is up to date with us and what news we have prepared for you, you can become a subscriber to our newsletter, subscription is voluntary and you can unsubscribe from it at any time.
- Personal data are processed by our Company primarily in order to provide you with our services you order and any additional issues features within our Website. However, we would like to emphasize that as an Administrator we take care to observe the principle of minimizing and process only those categories of personal data that are necessary for us to achieve these goals.
- Each person using our Website has a choice whether, and if so, to what extent they want to use our services and what data about themselves they want to share with us within the scope of this Privacy Policy.
- When you contact us in order to perform various activities or to obtain information (e.g. to submit a complaint) using the Website, telephone or e-mail, we will again require you to provide us with your personal data to confirm your identity and the possibility of return contact. This applies to the same personal information you previously provided. However, it may happen that due to the nature of your request, we will have to collect other data from you. Provision of the above data is not mandatory, but it is necessary to perform activities or obtain information that interests you. We will process the above-mentioned data in order to perform the actions requested by you or to provide you with the information that you requested – depending on which situation takes place.
IV. On what basis we process your data?
- Your personal data is always processed on one of the following legal basis:
- your consent – in the scope resulting from this consent e.g. newsletter subscription, consent is voluntary and the consent to the processing of personal data can be withdrawn at any time, we enforce this basis if other grounds for the processing of your personal data do not apply, e.g. concluded contract or legal obligation;
- an agreement concluded between us (regarding keeping an account on our Website, performing a purchase / sale transaction, settlements, sending a Newsletter, mailing) – in the scope necessary for its implementation;
- taking action on request, before concluding a contract – if you asked us a question before creating a user account, we do not need additional consent to contact you back and answer your questions;
- legal obligation, i.e. an obligation arising from legal acts – in the scope necessary to comply with the binding provisions;
- our legally legitimate interest.
- If we process your personal data on the basis of the consent referred to in point 1 a) above, the data you provide is used only for the purposes covered by your consent. On this basis, we will primarily carry out information and marketing campaigns. Remember that at any time you can change your mind and withdraw your consent – just send us an e-mail. Please note, however, that this does not always involve the deletion of your personal data. We may still process your personal data if it is necessary, e.g. if we have another legal basis for processing your personal data (concluded contract) or if we have a legitimate legal obligation to do so.
- We will also process your data to execute the agreement we entered into with you (primarily as a result of registration on and acceptance of the Terms and Conditions for an account on our Website) to be able to properly provide you with the services you want.
- Whether you have given us your consent for the processing of your personal data or we are bound with you by a contract, we will also have to process your data due to the need to comply with our legal obligations. These will be situations in which, for example, we must store data resulting from transactions made for tax and accounting reasons; as well as situations where we are obliged to verify and analyse your data (including your actions taken on the Website) in accordance with applicable anti-money laundering and terrorist financing regulations.
- Please, remember that although you did not give us your express consent, we are obliged to make your personal data available to state authorities, i.e. tax authorities, law enforcement authorities and other entities properly authorized to do so in accordance with applicable law.
- Based on our legitimate interest, we will process your data for the purpose of claiming our rights and defending ourselves against claims, for evidentiary and archival purposes. On the same basis, we will also process your personal data collected automatically on the Website in order to ensure the security of the session, quality of the session and provide you with all the functions of the Website. On this basis, we will also process your personal data for analytical purposes, which will involve the examination and analysis of traffic on our Website.
V. What are the consequences of not providing us with your data?
- In the case of registration and verification of an account, we process only the data without which the agreement concluded with you cannot be executed for “technical” reasons or for legal reasons. Not providing us with the required data will result in the fact that we will not be able to set up or keep your account, let alone carry out transactions within it.
- Giving us your consent to the processing of your personal data is voluntary. If you do not give us your consent (or withdraw it), then we will not take any actions that a given consent applies to.
VI. Which of your data and how we share with other entities?
-
- You should be aware that as long as we do not share your personal data without your express consent, your personal data may be entrusted to other entities for processing. This is because without such entrustment of your personal data, our company would not be able to conduct its business and provide services to you through our Website.
- Processing entities means companies we cooperate within running our business activity.
- First of all, we entrust your personal data for processing to such entities as:
- entities involved in the sending messages and SMS messages – to send messages for which you have given your consent by phone or e-mail;
- entities providing hosting services for the Website – so that you can use our Website, create a user account, contact us in case of any questions;
- entities providing IT services for the website where our Website is located – if necessary, thanks to which our Website, and first of all your user account, can function efficiently, in this way we also remove all types of failures, defects, technical interruptions in the functioning of our Website;
- postal, courier and freight service providers – for the delivery of parcels – if you choose to participate in our contest or affiliate program, it is necessary for you to receive the prize;
- entities providing accounting services – in order to keep the accounting books of our company;
- entities verifying the authenticity of the documents that you provided to us – in order to carry out a procedure of proper identification of your identity;
- entities assessing the risk of fraud – in order to assess that risk;
- entities that provide other services to us that are necessary for the day-to-day operation of the Website.
- Sharing your personal data we make sure that the entities we cooperate with ensure the implementation of technical and organizational measures and process them in accordance with applicable regulations, including the provisions of the GDPR.
- The fact that we entrust the processing of some of your personal data to third entities does not mean that we lose control over it. In relation to the data through us, you can still exercise your rights set out in this Privacy Policy (section IX). We make sure that they are used in accordance with the law and only to the extent to which we entrusted their processing to these entities.
- Your personal data will not be transferred to third countries or international organizations in the meaning of GDPR regulations. In that case, you will be informed in advance and the Administrator undertakes to apply appropriate security measures in accordance with the GDPR.
- Entities providing services to us have servers located in the countries within the European Union and they ensure proper protection of your data in accordance with EU regulations.
VII. How long do we keep your data?
- We store and process your data only as long as it is necessary for the purpose for which it was obtained.
- You should be aware that your personal data may be processed by us for a longer period than indicated above. This is due to the obligations imposed on us and specific legal provisions.
- If the basis for processing your data is:
- your consent – this period lasts until you withdraw your consent or until the expiry of your consent (e.g. when the consent concerned a service that we no longer provide), if further processing of your personal data does not impose any obligation on us or does not result from specific legal regulations;
- the need to execute an agreement – Please remember that not always the period of processing your data lasts as long as the parties are bound by the concluded contract, due to the obligations imposed on us by specific legal provisions, e.g. the obligation to keep accounting books and records may be extended accordingly.
- legal obligation – Your personal data will be processed for as long as we are under a legal obligation to do so in accordance with specific legal provisions;
- the pursuit of legitimate interest – until the interest persists.
- Please, note that the basis for processing your personal data for a certain period of time is primarily due to special regulations. Therefore, even though you withdraw your consent, the contract that linked us will be terminated or simply expire, in some cases we are still required to process your personal data.
- For example:
- data provided for account registration on the Website will be stored for as long as your account will be kept – that is, until you do not cancel it or request it to be closed unless further processing of your personal data is necessary to comply with a legal obligation;
- data provided for the Newsletter or other mailing to be sent will be kept until your consent for their delivery is valid
- if you gave consent to our other information activities about our offer – your data necessary for performing such activities will be kept until you withdraw your consent.
- Due to the fact that our services, among others, are subject to regulations of the Directive, we are obliged to keep for at least five years from the end of our economic relations with you (i.e. from the final closing and settlement of the account), including:
- copies of documents and information obtained in connection with the verification of your identity
- copies of documents and information being the basis for assessing the risk of fraud in relation to your transactions;
- evidence confirming transaction and transaction records necessary to identify transactions.
- The retention period of your data required by law may be subject to change as the applicable law changes.
- After the indicated time periods expire, your personal data will be deleted or anonymized in a way that prevents the data from being attributed to you.
VIII. Your rights
- In connection with the processing of your data by us, you have a number of rights, which we inform you about in this section. You can exercise them, as well as obtain more information in this regard, by contacting us at the e-mail or correspondence address indicated on the Website and the Privacy Policy (section II). Contacting us, remember to give us:
- data of the person or persons concerned by the request or question
- the event which is the reason for sending a message to us,
- your requests and the legal basis for its requests,
- the expected manner of handling the matter.
- Due to the processing of your data by us, you have
- The right to be informed about the processing of personal data – the Administrator is obliged to inform you about the fact that your personal data is being processed, for what purpose, indicate the appropriate legal basis for the processing, the period of processing and other information, including whether your personal data is being transferred or made available to third parties, in addition, the Administrator is obliged to indicate its contact data and data of the Data protection officer (if appointed), such obligation must be fulfilled at the time of collecting personal data, that is why we have created this Privacy Policy.
- the right to request access to your personal data – both the data you shared with us and which we are processing, as well as the data generated in the course of our cooperation (e.g. history of transactions);
- the right to request immediate correction or upgrading of your personal data by us, if it is incorrect;
- the right to complete incomplete personal data, including through the presentation of an additional statement (considering the purposes of processing);
- the right to immediately delete your data (“the right to be forgotten”); – in such a case we will delete your data immediately (however, we will keep the data we must keep in compliance with the law);
- the right to request processing restrictions;
- the right to receive data you provided to us in a structured commonly used format suitable for machine reading and to send it to another administrator;
- the right to the right to transfer your personal data – you may demand that we transfer your data to another administrator of your choice, we may satisfy your request if you have given us your consent to the processing of your personal data,
- the right to object to the processing of your personal data for the needs of direct marketing which causes that we will cease to process your data for the purposes of direct marketing;
- the right to object due to causes related to your particular situation, if your personal data is processed based on a legally justified interest. However, we will keep processing your personal data in the necessary scope if there is a particular justified reason for that for us – we will inform you about this in such a case;
- if the basis for the processing of your personal data is your consent, you will have the right to withdraw such consent at any time. Withdrawal of your consent does not affect compliance with the law of processing of your personal data by us carried our based on the consent before its withdrawal.
- Filing a complaint to the supervisory body – If you feel that the processing of your personal data by us violates the law, you can file a complaint to the supervisory body that deals with the protection of personal data.
- You can submit a statement regarding the exercise of any of your rights mentioned above, write to us: Suite 305, Griffith Corporate Centre, Beachmont, Kingstown, St. Vincent and the Grenadines, e-mail address: support@coindeal.com or via „contact” tab on our Website.
- Withdrawing your consent or objecting to the processing of data, if you do not formulate any other objections, will affect all our services and Websites and the entities entrusted with the processing of your data.
- Withdrawal of consent in relation to the terms of the Terms and Conditions and Privacy Policy will involve deleting your account on the Website and deleting personal data provided by you.
IX. Profiling
- Profiling involves automated processing of personal data allowing the assessment of personal factors of a natural person, and in particular analysing or forecasting aspects related to the economic situation, personal preferences or interests, credibility or behaviour of the data subject.
- On our Website we process your personal data, including your activities on the Website, to assess the possibility of offering you our services. Our profiling boils down to two aspects:
- determining your preferences and needs in order to better adapt the Website to your needs;
- verifying the accuracy of the information provided by you and estimating the risk of money laundering or terrorist financing in order to fulfil our legal obligations.
- Based on our profiling, in accordance with our internal procedures for estimating the risk of money laundering or terrorist financing, we evaluate which transactions you have commissioned we can carry out, and what information we are forced to obtain from you to fulfil our obligations of due diligence in the prevention of fraud in accordance with the law.
- Each time the results of profiling are analysed by our employees or external entities from the AML/CTF sector before deciding whether we can provide you with a given service and it is up to them to make the final decision on this matter.
X. Cookies
-
- Our Website uses Cookies technology in order to adapt its operation to your individual needs. According to this, you may consent to the storage of the data and information entered by you, so that it can be used for future visits to our Website without the need to re-enter it. The owners of other websites will not have access to this data and information. However, if you do not agree to personalize the Website, we suggest disabling the use of cookies in the options of your Internet browser.
- Cookies are small text information in the form of text files, sent by the server and saved on a device of the person visiting the Website (e.g. on the hard drive of the computer, laptop or on the smartphone’s memory card – depending on which device you use). Detailed information about cookies as well as the history of their creation can be found among others here.
-
- The Administrator may process data contained in Cookies when users use the Website for the following purposes:
- identification of users as logged in to the Website and showing that they are logged in;
- remembering data from completed forms, surveys or login data to the Website;
- adjusting the content of the Website to individual preferences of users (e.g. regarding colours, font size, page layout) and optimization of the use of the Website;
- keeping anonymous statistics presenting how the Website is used
- displaying individualized advertisements for the Website user, according to preferences;
- better optimization of the functioning of the Website
- The Administrator may process data contained in Cookies when users use the Website for the following purposes:
-
- By saving cookies, the device records the activity of the Website user and it is thanks to this that the Website, displayed by the user is individualized, according to his preferences.
-
- As a standard, most web browsers available on the market accept cookies by default. Everyone has the possibility to define the terms of using cookies through their own browser’s settings. This means that you can, for example, partially restrict (e.g. temporarily) or completely disable the option of saving cookies – in the latter case, however, it may affect some of the Website’s functionalities (for example, it may not be possible to pass the sales offer path due the failure to remember data during the subsequent stapes of submitting offers).
-
- Detailed information on changing cookies settings and their removal in the most popular web browsers is available in the help section of the web browser and on the following pages (just click on the link):
-
- The Administrator also processes anonymized operational data related to the use of the Website (so-called logs, domain) to generate statistics helpful in administering the Website. For this purpose, we use services of third parties. Data processed by these entities is aggregate and anonymous, i.e. it does not contain features identifying visitors of the Website.
XI. How we secure your data?
- We ensure an optimal range of organizational measures in a manner that ensures its proper protection, in particular:
- secure the possibility of collecting, copying and disclosing personal data to unauthorized persons
- protect personal data, databases and devices on which personal data are processed from loss, damage or destruction.
- We store, use and transmit your data in a manner that ensures its proper protection, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, by means of appropriate technical and organizational measures
- We have implemented a number of security measures to ensure that your information will not be lost, used or changed. Our data security measures include, among others: PCI scanning, encryption, pseudonymization, data backup, regular testing, measuring and assessing the effectiveness of security measures used, restrictions on access to internal data and strict physical controls of access to buildings and files.
- Access to data processed by us is carried out through an internal network, secured by our certificates and keys, thus excluding third party access “from outside” as well as “our” unauthorized persons.
- In order to secure your data, we have developed and are constantly improving our own original script that encrypts data.
- When we store your data on internal servers, we do it through entities that guarantee the security of the infrastructure offered (PCI-DSS certification, ISO / IEC 27001 certification, SOC 1 TYPE II and SOC 2 TYPE II certificates, etc.), who have a good opinion, and their services are used by other entities processing personal data of special importance. For this reason, the servers used by us are located in several places in Europe.
- Regardless of the above, please remember that it is impossible to guarantee 100% secure data transmission over the Internet or electronic data storage methods. Therefore, we ask that you also take reasonable precautions to protect your personal data. If you suspect that your personal information has been compromised, in particular, the account or password information has been disclosed, contact us immediately.
- Detailed IT solutions protecting your data are confidential, making it difficult to break them.
XII. Procedure to change the Privacy Policy
Our services will change with time and they will be adjusted to the identified demand and changes in our operational capacity. Technologies, standards and legal requirements related to the provision of services offered by us will also change. This means that in the future we will be able and sometimes we will be forced to introduce modifications in the Privacy Policy. With each change, a new version of the Privacy Policy will be available on the Website with a relevant message and it will apply in its new wording from the day of the notification about its change. Significant changes in the Privacy Policy will be sent directly to your e-mail address.