- Personal Information We Collect
- How we use personal information
- How we share personal information
- Privacy of Digital Assets
- Information Security
- Retention of personal information
- Rights regarding your Personal Information
- Direct Marketing
- Data Transfer
- Third Party Websites and Services
- Children's Privacy
- Contact Us
3. Personal Information We Collect
The personal information we collect about you may include the following. In each case, we identify the grounds that we rely on to process your personal information under the Estonian Personal Data Protection Act (“Act”) and the EU General Data Protection Regulation (the “ GDPR”):
- · Account Profile – when you open an account, we may collect your name, email address, phone number, home address, date of birth, social insurance number or any comparable identification number issued by a governmental authority and any other information or documentation we require for identity verification (e.g. driver’s license, passport or other government-issued ID) or other legal compliance purposes (for more information, please read our AML & KYC Policy).Applicable legal grounds: contract performance, consent, legitimate interests (to enable us to perform our obligations and provide our services);
- · Device Information – information that is automatically collected about your device, such as hardware, operating system, browser, etc. Applicable legal grounds: legitimate interests (to allow us to provide content and services on the website), consent, contract performance;
- · Location Information – information that is automatically collected via analytics systems providers to determine your location, including your IP address and/or domain name and any external page that referred you to us. Applicable legal grounds: legitimate interests (to allow us to provide content and services on the website), consent, contract performance;
- · Log Information – information that is generated by your use of the CoinField Services that is automatically collected and stored in our server logs. This may include, but is not limited to, device-specific information, location information, system activity and any internal and external information related to CoinField pages that you visit. Applicable legal grounds: legitimate interests (to allow us to provide content and services on the website), consent, contract performance;
- · Account Activity – information that is generated by your account activity including, but not limited to, trading activity, order activity, deposits, withdrawals, and account balances. Applicable legal grounds: legitimate interests (to enable us to perform our obligations and provide our services), legal claims, consent, contract performance;
- · Financial Account Transfer Information – information that you provide to us to facilitate the transfer of fiat currency or Digital Assets (as defined below) into and out of your CoinField account, such as your bank account information and public cryptocurrency wallet address (we do not collect private keys): Applicable legal grounds: legitimate interests (to allow us to provide content and services on the website), consent, contract performance; and
- · Correspondence – information that you provide to us in correspondence, such as when you submit questions or inquiries and with respect to ongoing customer support. Applicable legal grounds: legitimate interests (to enable us to perform our obligations and provide our services), consent, contract performance.
CoinField may also make use of the standard practice of placing tiny data files called cookies, flash cookies, pixel tags, or other tracking tools (“Cookies”) on your computer or other devices used to access the CoinField Services. Cookies are small bits of information that are automatically stored on the web browser of your device that can be retrieved by us. The type of information we collect includes, but is not limited to, uniquely identifying visitor information and information related to your usage preferences. We use these technologies to help us recognize you as a user, collect information about your use of the CoinField Services to better customize our services and content for you, and collect information about your computer or other access devices to (i) ensure compliance with our BSA/AML Program (for more information, please read our AML & KYC Policy) and (ii) ensure that your account security has not been compromised by detecting irregular or suspicious account activities. By using the CoinField Services, you acknowledge and agree that we may collect and/or transmit any data collected to our third-party service providers, such as analytics providers, which may also make use of such technologies described above. Please note that if you block or delete cookies you will not be able to use some or all of the CoinField Services.
4. How we use personal information
- We take steps designed to ensure that only those employees who need access to your personal information to fulfil their employment duties will have access to it. We may use the personal information we collect to: provide you with the CoinField Services, including customer support;
- optimize and enhance the CoinField Services, including to develop new products, services, features, and functionality;
- respond to inquiries and other requests;
- conduct anti-fraud and identity verification checks, including by engaging third party services providers to assist with such checks (for more information, please read our AML & KYC Policy);
- provide you with information that we think may interest you, including in regards to our products and services;
- monitor the usage of the CoinField Services, including by conducting automated and manual security checks;
- understand and analyze the usage trends and preferences of our users;
- create aggregated and anonymized reporting data about the CoinField Services;
- investigate legal claims;
- carry out such purposes for which we may obtain consent from time to time; and
- carry out such other purposes as may be permitted or required by applicable law.
6. Privacy of Digital Assets
As used herein, “Digital Asset” means a digital asset (also called a “cryptocurrency,” “virtual currency,” “digital currency,” or “digital commodity”), such as Bitcoin or Ether, which is based on the cryptographic protocol of a computer network that may be (i) centralized or decentralized, (ii) closed or open-source, and (iii) used as a medium of exchange and/or store of value.
Please be aware that Bitcoin, Ether, and other Digital Assets are not necessarily truly anonymous. Generally, anyone can see the balance and transaction history of any public Digital Asset address. We, and any others who can match your public Digital Asset address to other information about you, may be able to identify you from a blockchain transaction. This is because, in some circumstances, information published on a block chain (such as your Digital Asset and IP address) can be correlated with information that we and others may have. This may be the case even if we, or they, were not involved in the blockchain transaction. Furthermore, by using data analysis techniques on a given blockchain, it may be possible to identify other information about you. As part of our security, anti-fraud and/or identity verification and authentication checks, we may conduct such analysis to process such information about you. You acknowledge and agree to allow us to perform such practices.
7. Information Security
We take your privacy very seriously and have implemented physical, organizational and technological security measures with a view to protecting your personal information from loss or theft, unauthorized access, disclosure, copying, use or modification. In particular, we encrypt the CoinField website with SSL; we require two-factor authentication for all user sessions; we periodically review information collection, storage, and processing practices; and we restrict access to your information on a need-to-know basis for our employees, contractors, and agents who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
Despite the measures outlined above, no method of information transmission or information storage is 100% secure or error-free, so we unfortunately cannot guarantee absolute security. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any information that you provided to us has been compromised), please contact us immediately using the contact information in the “Contact Us” section below.
8. Retention of personal information
We will use, disclose or retain your personal information only for as long as necessary to fulfill the purposes for which that personal information was collected and as permitted or required by law.
9. Right regarding your Personal Information
Under certain circumstances and in accordance with the Act and the GDPR or other applicable data protection laws, you have the following rights:
- Access – ask if we are processing information and, if we are, request access to your personal information. This enables you to receive a copy of the personal information we hold and certain other information about you;
- Corrections – request that any incomplete or inaccurate personal information about you that we hold be corrected;
- Erasure – ask us to delete or remove your personal information in certain circumstances. There are certain exceptions where we may refuse a request for erasure, for example, where the personal information is required for compliance with law or in connection with legal claims;
- Restriction – ask us to suspend the processing of your personal information, for example, to establish its accuracy or the reason for processing it;
- Transfer – request the transfer of certain personal information to another party;
- Objection – challenge our processing of personal information based on a legitimate interest (or those of a third party) or for direct marketing purposes. However, we may be entitled to continue processing information in certain circumstances;
- Automated decisions – contest any automated decision made where it has a legal or similar significant effect and ask for it to be reconsidered; and
- Consent – where we are processing personal information with consent, withdraw your consent.
To exercise any of these rights, please contact us as set forth in the “Contact Us” section.
10. Direct Marketing
Subject to applicable laws and regulations, we may from time to time send direct marketing materials promoting services, products, facilities, or activities to you using information collected from you. If you no longer want to receive marketing-related communications from us, you may opt-out of such communications by clicking the “unsubscribe” link at the bottom of emails you receive from us. You may also opt-out by contacting us directly using the contact information in the “Contact Us” section below. We will endeavour to respond to your opt-out request promptly, but we ask that you please allow us reasonable time to process your request. We will not provide your information to third parties for direct marketing or other unrelated purposes without your written consent.
Please note that if you opt-out from receiving marketing-related communications, we may still need to send you communications about your use of our products or services, or other matters, subject to applicable laws and regulations.
11. Data Transfer
12. Third Party Websites and Services
13. Children's Privacy
The CoinField Services are not directed to children under the age of 16, and we do not knowingly collect personal information from children under the age of 16 without obtaining parental consent. If you are under 16 years of age, then please do not use or access the CoinField Services at any time or in any manner. If we learn that personal information has been collected on the CoinField Services from persons under 16 years of age and without verifiable parental consent, then we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your child under 16 years of age has provided personal information, then you may alert us as set forth in the “Contact Us” section and request that we delete that child’s personal information from our systems.
14. Contact Us