Version 1.1 Date 20.6.2019
HashFort OÜ (Company Registry 14648319)
Peterburi tee 47, Lasnamäe linnaosa,
Tallinn, Harju maakond,
11415 Estonia -
As used herein, “Digital Asset” means a digital asset, such as bitcoin or ether, which is based on the cryptographic protocol of a computer network that may be (i) centralized or decentralized, (ii) closed or open-source, and (iii) used as a medium of exchange and/or store of value.
As used herein, “Personal Data” means any information relating to an identified or identifiable natural person, such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, economic, cultural or social identity of you as a natural person.
When you access or use the Coinbuy Platform or any part thereof, or communicate with Coinbuy or any of its officers, employees, or agents, whether through written, published or electronic means, the telephone or otherwise, Coinbuy may collect or receive personal or non-personal information or data about, in connection with, or from you, including, without limitation, through cookies, pixel tags, website and data analytics, and other technologies, in accordance with the Personal Data Protection Act 2012 (“PDPA”).
Personal information or data may include, without limitation, your name, contact information, user profile, national identity information, and information about your financial status. Non-personal information or data may include, without limitation, your browser information, internet protocol address, how you use the Coinbuy Platform or any part thereof, and aggregated information. Coinbuy will, as far as possible, inform you at each collection point as to what information is required and what information is optional.
III. WHAT PERSONAL DATA WE COLLECT
Coinbuy collects, processes, and stores Personal Data collected from you via your use of the Service or where you have given your consent. This Personal Data may include contact details, copies of identification documentation provided by you or derived from publicly accessible databases, your government identification number as well as information relating to your device or internet service (such as an IP address and a MAC number).
We collect information you provide during the Coinbuy onboarding process, which may be a completed, incomplete, or abandoned process. We collect, use, store, and transfer your Personal Data, which may include the following:
Operating within the European Economic Area (“EEA”), we collect, store, and process your personal information in accordance with the provisions of the General Data Protection Regulation (GDPR) and Data Protection Act. To understand more about how we protect the data collected from individuals and entities located within the EEA, please see the details below.
Mobile phone number
Full legal name (including former name, and names in local language)
Passport number, or any government issued ID number
Date of birth (“DOB”)
Proof of identity (e.g. passport, driver’s license, or government-issued ID)
Proof of residency
Additional Personal Data or documentation at the discretion of our Compliance Team
Corporate legal name (including the legal name in local language)
Full legal name of all beneficial owners, directors, and legal representatives
Address (principal place of business and/or other physical locations)
Proof of legal existence
Description of the business
Percentage of ownership for Individual/corporate owners
Contact information of owners, principals, and executive management (as applicable)
Proof of identity (e.g., passport, driver’s license, or government-issued ID) for significant individual beneficial owner of the institutional customer entity
Personal Data for each entity’s significant beneficial owner of the institutional customer entity (see the “Individual Customer” section above for details on what Personal Data we collect for individuals)
Source of wealth
Amount of bitcoin or other digital assets projected to be injected
IV. COLLECTION AND TRANSFER OF DATA OUTSIDE OF THE EEA
As outlined above, we may collect Personal Data from customers located in the EEA. To facilitate the services we provide to customers located in the EEA, we request explicit consent for the transfer of Personal Data from the EEA to outside of the area. If you are an individual located in the EEA and you decline to consent to such transfer, you will no longer be able to use Coinbuy and our services. You will have the ability to withdraw your digital assets; however, all other functionalities will be disabled.
V. HOW WE USE YOUR PERSONAL DATA
Coinbuy uses Personal Data to communicate with you and to administer, deliver, improve, and personalize the Service. Coinbuy might also generate generic data out of any Personal Data we collect and use it for our own purposes. We may also use such data to communicate with you in relation to other products or services offered by Coinbuy and/or its partners. We do not share your Personal Data with third parties (other than partners in connection with their services to Coinbuy) except where you have given your consent and further detailed below.
We may share your Personal Data with third parties:
(a) if we think that sharing it is necessary to enforce the Terms of Service；
(b) to comply with government agencies, including regulators, law enforcement and/or justice departments；
(c) to third parties who provide services to Coinbuy (such as administration or technical services)；
(d) in connection with the sale or transfer of our business or any part thereof.
Additionally, we have implemented international standards to prevent money laundering, terrorist financing and circumventing trade and economic sanctions and will implement final Virtual Financial Asset rules and regulations when effective, which will likely require us to undertake due diligence on our customers. This may include the use of third-party data and service providers which we will cross-reference with your personal information.
VI. HOW WE STORE YOUR PERSONAL DATA
The data that we collect from you may be transferred to, and stored at, a destination outside of your country. It may also be processed by staff operating outside of Europe who work for us or for one of our suppliers. By submitting your personal data, you agree to this transfer, storing or processing, except customers located in the EEA, as detailed above. All information you provide to us is stored on our and/or third party cloud servers.
VII. ACCESS, CORRECTION, AND DELETION OF YOUR PERSONAL DATA
You have the right to obtain a copy of your Personal Data upon request and ascertain whether the information we hold about you is accurate and up-to-date. If any of your Personal Data is inaccurate, you may request to update your information. You may also request to delete your Personal Data, with exception that we may refuse your deletion request in certain circumstances, such as compliance with law or legal purposes. For data access, correction, or deletion requests, please contact support@email@example.com with the subject “DATA INQUIRY”.
In response to data access, correction, or deletion request, we will verify the requesting party’s identity to ensure that he or she is legally entitled to make such request. While we aim to respond to these requests free of charge, we reserve the right to charge you a reasonable fee should your request be repetitive or onerous.
Customers can opt out from these marketing communications at any moment. If you do not want to receive these communications, please send an email to support@firstname.lastname@example.org
For product related communications, such as policy/terms updates and operational notifications, you will not be able to opt out of receiving such information.
IX. COOKIE USAGE
While you access GC, we may use the industry practice of placing a small amount of data that will be saved by your browser (Cookies). This information can be placed on your computer or other devices used to visit Coinbuy. This information help us recognize you as a customer, collect information about your use of Coinbuy to better customize our services and better your experience. We may also use the information collected to ensure compliance with our compliance program, and to ensure your account security has not been compromised by detecting irregular or suspicious account activities.
Most browsers are setup to accept cookies automatically. Some Cookies expire when you finalize the session and other Cookies remain on your computer or other devices until deleted or expired. You have the option to decline the use of our Cookies, but this may affect the functionality of Coinbuy services or your user experience.
Some cookies are needed to run the website. For example, when you log in, cookies help to recognise you and keep you logged in as you browse the website. We call these strictly necessary cookies.
We also use the following types of cookies:
- Analytical and performance cookies.
These allow us to recognise and count the number of visitors to our website, and see how visitors browse around our website, so we can improve it where necessary.
- Targeting cookies.
These allow us to see what pages and links you have visited so we can provide more relevant ads. We may share this information with other organisations for the same purpose.
- Google Analytics cookies.
These identify and analyse website trends, but do not identify you individually.
These cookies are all 'session cookies', which means that they will end when you close your website browser.
X. INFORMATION SECURITY
We endeavor to protect Coinbuy and you from unauthorized access, alteration, disclosure, or destruction of Personal Data we collect and store. We take various measures to ensure information security, including encryption of the Coinbuy communications with SSL; required two-factor authentication for all sessions; periodic review of our Personal Data collection, storage, and processing practices; and restricted access to your Personal Data on a need-to-know bases for our employees and vendors who are subject to strict contractual confidentiality obligations.
XI. CONTACTING OKEX ABOUT PRIVACY QUESTIONS OR CONCERNS
1. Privacy at a glance
The use of our public website is possible without providing personal data.
The internet pages partly use so-called cookies. Cookies do not harm your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and stored by your browser. This cookie contains no personal data, only the session ID and the path, which we need to display the homepage correctly. The cookie becomes invalid after one hour of non-use of the website.
Who is responsible for the data collection on this website? The data processing on this website is carried out by the website operator. Its contact details can be found in the imprint of this website.
Data collection on our website contact form
When creating the contact request, personal data is requested. These are stored in a database. The data of the e-mail is automatically deleted in the system after 60 days. The e-mail will be additionally directed to us and processed there according to the task of the request.
These query fields Salutation, company, first name, name, street + no., Zip code, city, country, e-mail, telephone no. , Your request and the IP with date and time are saved. We need the query fields to answer your request correctly and to send you an offer if necessary. We need the IP to handle any attacks on the system through the contact form.
Data collection on our website registration form
When completing the registration form, personal data will be requested. These are stored in a database. If the neutral mail is not confirmed by the registration of the notifier, the data will be automatically deleted within 20 days.
These query fields Salutation, company, first name, name, street + no., Zip code, city, country, e-mail, telephone no. , Subdomain and IP with date and time are stored. We need the inquiry fields to carry out a proper business with the person registering. We need the IP to handle any attacks on the system through the registration form.
Data collection on our website in the shopping cart
When completing the registration form, personal data will be requested.
These query fields Salutation, company, first name, name, street + no., Zip code, city, country, e-mail, telephone no. , Your request and the IP with date and time are saved. We need the inquiry fields to carry out a proper business with the person registering. We need the IP to handle any attacks on the system through the registration form.
How do we collect your data?
Your data will be collected on the one hand, that you tell us. This may be e.g. to trade data that you enter in a contact form.
Other data is collected automatically when visiting the website through our IT systems. These are above all technical data (for example IP, Internet browser, operating system, date and time of the page call). The collection of this data is automatic as soon as you enter our website. The IP, date and time are stored in the database when entering technical data.
At technical data
What do we use your data for?
Part of the data is collected to ensure a flawless provision of the website. Other data can be used to analyze your user behavior.
What rights do you have regarding your data?
At any time you have the right to obtain free information about the origin, recipient and purpose of your stored personal data. You also have a right to request the correction, blocking or deletion of this data. For this purpose and for further questions about data protection, you can contact us at any time at the address given in the imprint. Furthermore, you have a right of appeal to the competent supervisory authority.
Analysis tools and third-party tools
2. General information and mandatory information
Please note that data transmission over the Internet (for example, when communicating via e-mail) may have security vulnerabilities. A complete protection of the data from access by third parties is not possible.
Note to the responsible body
The responsible data processing unit on this website is:
HashFort OÜ (Company Registry 14648319)
Peterburi tee 47, Lasnamäe linnaosa,
Tallinn, Harju maakond,
11415 Estonia -
Responsible entity is the natural or legal person who, alone or in concert with others, decides on the purposes and means of processing personal data (such as names, e-mail addresses, etc.).
Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke an existing consent at any time. An informal message by e-mail to us is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Right to data portability
You have the right to have data that we process on the basis of your consent or in fulfillment of a contract, in itself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another person in charge, this will only be done to the extent technically feasible.
SSL or TLS encryption
This site uses, for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as a site operator, an SSL or. TLS encryption. You can recognize an encrypted connection by changing the address line of the browser from "http: //" to "https: //" and the lock symbol in your browser line.
If SSL or TLS encryption is enabled, the data you submit to us can not be read by third parties.
Information, blocking, deletion
You have the right to free information on your stored personal data, their origin and recipient and the purpose of the data processing and, if necessary, a right to rectification, blocking or deletion of this data. For further information on personal data you can contact us at any time at the address given in the imprint.
If an operation according to commercial law we have generated an order or an invoice, then there is a retention period of ten years for the address. In the case when deleting the address placed in a deleted container and edited only on request by the appropriate authorities.
Contradiction against advertising mails
The use of published in the context of the imprint obligation contact information for sending unsolicited advertising and information materials is hereby rejected. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, for example through spam e-mails.
3. Data Protection Officer
A legally required data protection officer does not have to be named.
The cookies we use are so-called "session cookies". They are automatically deleted after your visit. Other cookies remain stored on your device until you delete them. These cookies allow us to recognize your browser on the next visit within an hour.
You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, the acceptance of cookies for certain cases or generally exclude and enable the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.
Cookies that are required to carry out the electronic communication process or to provide certain functions that you wish to use (eg shopping cart function) are processed on the basis of Art. 6 para. 1 lit. f DSGVO saved. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services. These cookies also become invalid after one hour.
Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
Browser type and browser version
used operating system
Host name of the accessing computer
Time of the server request
A merge of this data with other data sources will not be done.
The basis for data processing is Art. 6 para. 1 lit. b DSGVO, which allows the processing of data to fulfill a contract or pre-contractual measures.
If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there, will be stored in order to process the request and in case of follow-up questions. We will not share this information without your consent.
The processing of the data entered into the contact form is therefore exclusively based on your consent (Art. 6 (1) lit. DSGVO). You can revoke this consent at any time. An informal message by e-mail to us is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
The information you provide in the contact form will remain with us until you ask us to delete it, revoke your consent to storage or delete the purpose for data storage (for example, after your request has been processed). Mandatory statutory provisions - especially retention periods - remain unaffected. In the database of the application, the contact requests are automatically deleted after 60 days.
5. Analysis tools
We use a simple analysis tool about the visitors of the website. This tool is part of the software. The tool does not track any personally identifiable information and we can not identify your personal information. The tool evaluates the purchases and clicks neutral.
Google Analytics or is not set up and activated.
6. Plugins and Tools
Google Web Fonts
This site uses so-called web fonts, provided by Google, for the uniform representation of fonts. When you call up a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.
To do this, the browser you use must connect to Google's servers. As a result, Google learns that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a consistent and attractive presentation of our online services. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. If your browser does not support web fonts, a default font will be used by your computer.