Menu

Mon – Fri 10 a.m. till 11 p.m.
Sat – Sun free time.

Data Controller:

COIN MARKET d.o.o. (hereafter: “CM”)

OIB: 73547085293

1. FOCUS ON DATA PROTECTION

CM enables it’s users to buy and sell cryptocurrencies in a fast, reliable and protected way. In line with our core values, data protection is one of our main perks. GDPR proscribes highest data protection standards which we are following at fullest scale.

By it, we define measures, obligations, roles, rights, purposes, data storage and recommendations regarding data protection (personal and pseudo).

2. PURPOSES AND DATA TYPES

a) icryptex.com (buy or sell cryptocurrency)

Sum, IBAN, BTC – address, PIN, name of subject, e-mail and coоkie specifications, docusign, onfido

b) Chat channels (info or help regarding buy or sell procedure):

Crisp, Google & Facebook session (after session only ID number is visible in the systеm); other chat channels (Telegram, Whatsapp, Viber, Facebook)

– purpose of transaction

c) E-mail notice/invoice (info about transaction on icryptex.com):

Standardized info with data required by the law.

d) Newsletter (informational purpose):

e-mail (with given consent)

PRIVACY POLICY

e) payment/payout of crypto at partner’s exchange office:

Standard volume, same as icryptex.com in line with privacy policy of localbitcoins.com

Localbitcoins

External bitcoin exchange office

Standard volume, same as icryptex.com, in line with article 2. a) of this privacy policy

f) Paycek (payment with crypto at retail):

BTC address, sum, id random string, subject’s e-mail, time of payment and closure

g) Accounting services (third party app for internal use):

Employees: name and surname, date of birth, address, IBAN, PIN, insurance number,

CV, disability card (optional), pension data or

other receiving, ID number or supporting person,

data relating administrative proscriptions

h) Notice systеm (information to the data subjects regarding data rights and obligations):

IP address, eventual data subject’s identification documents

i) Web page – cookies (functional):

IP address, frequency of access, device fingerprint

3. LEGAL

Our data collection and processing are based on legitimate interests of data subjects: consent, contract execution or doing the action which is necessary for realization of contract and execution of any legal obligations.

4. STRAGE PERIOD

We have subject’s data at disposal during the contract relation frame, at the latest after expiration of all legal obligations of data retention. In case where we process data on basis of subject’s consent we act on current status of consent.

Our legal obligation is to store transactional data for 11 years in purpose of tax bookkeeping.

Fingerprint and access data are automatically deleted after expiration of SessionID coоkie.

5. RIGHTS CLAIMS

You can exercise your rights by contacting our Data Protection Officer (hereafter: DPO)(with 30 days period of statement, in special cases 60 – with previous notice and explanation).

In total, you have right to: access, correction, dеlete, limitation of data processing, transfer, objection on processing, objection on profiling, consent withdraw and complaint to the data protection authority (hereafter: DPA).

6. THIRD PARTIES

CM’s third parties are defined and framed in legal contracts which are compliant with GDPR. We don’t share any data with third parties, except data relating to employees work status with our outsourced accounting service.

7. SECURITY

During data processing and collection we use all measures defined within integrated data protection framework. Our personnel is educated about all nature and character of GDPR. Besides that all processes of data collection and processing are accessible in data map to the DPA. All devices that we use for all purposes are protected with standard security measures.

Sensitive documentation is physically protected. Server’s logs are always documented. Additionally, when necessary: we use VPN, firewall, data encryption.

8. GDPR CONDUCTION

In full respect to the GDPR nature, all data procedures are defined with minimal volume, proscribed purposes, fully respect all values defined by GDPR, respect territorial integrity.

We execute full integrated data protection and pseudo-mask parts of data bases (with special care to rights claim process) in line with our data map.

By contacting our DPO you can claim all your rights, get monthly reports statuses, summary of our most recent Data Protection Impact Assessment or get any answer to any question regarding our data protection practices or this privacy policy.

9. COOKIES SPECIFICATION

CloudFlare / Security / 30 minutes

_cfduid

Enables DDOS attack protection

crisp-session

Crisp / Chat / End of session

Enables HelpDesk

_ga, _gid

Google / Analytics / 2 years

Enables anonimized audience statistics

onfido-js-sdk-woopra

Onfido / Documents check / 2 years

Enables documents checkup

cookieconsent_status

Internal / Functional / 72 h

Checks OK consent button

cookietest

Internal / Functional / 72 h

Checks if you have enabled cookies

csrftoken

Internal / Security / 72 h

Prevents attacks on site

sessionid

Internal / Functional / 90 days

Login of the user