COIN MARKET d.o.o. (hereafter: “CM”)
1. FOCUS ON DATA PROTECTION
CM enables it’s users to buy and sell cryptocurrencies in a fast, reliable and protected way. In line with our core values, data protection is one of our main perks. GDPR proscribes highest data protection standards which we are following at fullest scale.
By it, we define measures, obligations, roles, rights, purposes, data storage and recommendations regarding data protection (personal and pseudo).
2. PURPOSES AND DATA TYPES
a) icryptex.com (buy or sell cryptocurrency)
Sum, IBAN, BTC – address, PIN, name of subject, e-mail and coоkie specifications, docusign, onfido
b) Chat channels (info or help regarding buy or sell procedure):
Crisp, Google & Facebook session (after session only ID number is visible in the systеm); other chat channels (Telegram, Whatsapp, Viber, Facebook)
– purpose of transaction
c) E-mail notice/invoice (info about transaction on icryptex.com):
Standardized info with data required by the law.
d) Newsletter (informational purpose):
e-mail (with given consent)
e) payment/payout of crypto at partner’s exchange office:
External bitcoin exchange office
f) Paycek (payment with crypto at retail):
BTC address, sum, id random string, subject’s e-mail, time of payment and closure
g) Accounting services (third party app for internal use):
Employees: name and surname, date of birth, address, IBAN, PIN, insurance number,
CV, disability card (optional), pension data or
other receiving, ID number or supporting person,
data relating administrative proscriptions
h) Notice systеm (information to the data subjects regarding data rights and obligations):
IP address, eventual data subject’s identification documents
i) Web page – cookies (functional):
IP address, frequency of access, device fingerprint
Our data collection and processing are based on legitimate interests of data subjects: consent, contract execution or doing the action which is necessary for realization of contract and execution of any legal obligations.
4. STRAGE PERIOD
We have subject’s data at disposal during the contract relation frame, at the latest after expiration of all legal obligations of data retention. In case where we process data on basis of subject’s consent we act on current status of consent.
Our legal obligation is to store transactional data for 11 years in purpose of tax bookkeeping.
Fingerprint and access data are automatically deleted after expiration of SessionID coоkie.
5. RIGHTS CLAIMS
You can exercise your rights by contacting our Data Protection Officer (hereafter: DPO)(with 30 days period of statement, in special cases 60 – with previous notice and explanation).
In total, you have right to: access, correction, dеlete, limitation of data processing, transfer, objection on processing, objection on profiling, consent withdraw and complaint to the data protection authority (hereafter: DPA).
6. THIRD PARTIES
CM’s third parties are defined and framed in legal contracts which are compliant with GDPR. We don’t share any data with third parties, except data relating to employees work status with our outsourced accounting service.
During data processing and collection we use all measures defined within integrated data protection framework. Our personnel is educated about all nature and character of GDPR. Besides that all processes of data collection and processing are accessible in data map to the DPA. All devices that we use for all purposes are protected with standard security measures.
Sensitive documentation is physically protected. Server’s logs are always documented. Additionally, when necessary: we use VPN, firewall, data encryption.
8. GDPR CONDUCTION
In full respect to the GDPR nature, all data procedures are defined with minimal volume, proscribed purposes, fully respect all values defined by GDPR, respect territorial integrity.
We execute full integrated data protection and pseudo-mask parts of data bases (with special care to rights claim process) in line with our data map.
9. COOKIES SPECIFICATION
CloudFlare / Security / 30 minutes
Enables DDOS attack protection
Crisp / Chat / End of session
Google / Analytics / 2 years
Enables anonimized audience statistics
Onfido / Documents check / 2 years
Enables documents checkup
Internal / Functional / 72 h
Checks OK consent button
Internal / Functional / 72 h
Checks if you have enabled cookies
Internal / Security / 72 h
Prevents attacks on site
Internal / Functional / 90 days
Login of the user