This Coinmetro Privacy Policy
This Coinmetro Privacy Policy was updated on 01.02.2023
1. Introduction
1.1 Coinmetro OÜ is a private limited company incorporated in the Republic of Estonia with company number 14448371 and registered address at Tartu mnt 84a-402, Tallinn 10112, Republic of Estonia.
1.2. Your privacy is important to us. We are committed to protecting the privacy, confidentiality, and security of the personal data we hold by complying with applicable requirements under the current laws and regulations. We are also committed to ensuring that all our employees, service providers, and agents comply with these obligations. This policy explains how we handle personal data within our organization, including how we process the personal data of users of our website and on the Coinmetro Platform https://coinmetro.com (the “Coinmetro Services”).
1.3. Before providing you with our products and services or collecting your personal data, we always refer to this Privacy Policy. Therefore, by using the Coinmetro Services, providing personal data, and/or using any of our products or services, you agree that:
1.4. you understand and accept our personal data processing practices as described in this Privacy Policy, as updated from time to time; and if you have provided personal data to us regarding any other person, you:
1.4.1. have the right to provide those data,
1.4.2. have provided a copy of this privacy policy, as updated from time to time, to the person whose personal data you share with us and that person has accepted the terms of this privacy policy,
1.4.3. can provide written and signed proof that you have the right to provide the personal data of a third party and that that person (if necessary) has agreed to share their data with us and that such third party accepts our privacy policy, as updated from time to time, terms.
2. How we collect personal data
2.1. We collect personal data about you in the following ways:
2.2. you provide your personal data to us yourself (for example, by registering for a Coinmetro Account or our newsletter on the website; submitting a query, a request, or a (job) application to us; responding to our surveys; using our products and services).
2.3. your personal data is provided to us by third parties who are authorized to disclose that information to us.
2.4. we collect your data from public sources (for example, by examining public blockchains; from public records; from your public profile on social networks).
2.5. we collect your personal data by automatic means (for example, tracking your use of our websites and mobile applications). Also, see below in our Cookie Policy how we use cookies and other similar technologies on our website.
2.6. When we collect personal data from you, we usually do so ourselves. However, in some cases we may collect personal data from a third party, such as through your representatives, contractors who provide services to us, or third parties who refer you to us because they believe you may be interested in our products or services.
3. Type of personal data we collect
3.1. For the legal basis and purposes described in section 4, we will collect and process the following types of your personal data:
3.1.1. Personal identification information, for example:
3.1.1.1. full name [first name, any middle names, and first and second surname],
3.1.1.2. date of birth,
3.1.1.3. gender,
3.1.1.4. identification documentation, passport numbers, unsigned ID,
3.1.1.5. utility bills,
3.1.1.6. nationality,
3.1.1.7. signature,
3.1.1.8. photographs,
3.1.1.9. employer information and job title, and
3.1.1.10. tax identification number;.
3.1.2. contact information, e.g.:
3.1.2.1. email address,
3.1.2.2. phone number,
3.1.2.3. home and work address;.
3.1.3. financial information, e.g.:
3.1.3.1. credit and debit card numbers,
3.1.3.2. PANs, IBANs,
3.1.3.3. bank account numbers and details,
3.1.3.4. pay slips,
3.1.3.5. sorting codes and other payment details,
3.1.4. communication data including:
3.1.4.1. records of our communications with you, including the messages you send us;.
3.1.5. blockchain-related information, blockchain identifiers, such as:
3.1.5.1. blockchain addresses and
3.1.5.2. public keys.
3.1.6. transaction information, transactions you make on our platform, including:
3.1.6.1. the recipient's name,
3.1.6.2. the transaction amount and,
3.1.6.3. the timestamp.
3.1.7. login and account usage data, including:
3.1.7.1. emails and passwords you create when signing up for a Coinmetro Account,
3.1.7.2. details of any product or service we provide you,
3.1.7.3. survey responses,
3.1.7.4. information provided to our support team,
3.1.7.5. public posts on social media,
3.1.7.6. authentication data,
3.1.7.7. security questions,
3.1.7.8. user ID,
3.1.7.9. click data and other data collected through cookies and similar technologies;.
3.1.8. online identifiers, including:
3.1.8.1. geolocation,
3.1.8.2. IP address,
3.1.8.3. browser fingerprint,
3.1.8.4. browser and operating system name and version.
3.1.9. Other information that may be present in the documentation we may ask you to provide for the purpose of verifying your identity.
4. Purposes and legal basis for processing personal data
4.1. We process your personal data based on your consent, in accordance with applicable legal requirements, and based on our legitimate interests.
4.2. In some cases, primarily but not limited to anti-money laundering laws and regulations and in order to combat fraud, the law may require us to collect certain types of personal data about you.
4.3. We will collect your personal data on the following legal bases and for the following purposes as explained in detail below:
4.3.1. Processing based on law: taking measures before entering into an agreement with you, e.g., identifying you, your source of wealth, and proof of address to ensure that your identity has not been misused by third parties and that you are eligible to use Coinmetro's services and products as prescribed by law and Coinmetro's Terms of Use and any other relevant agreements or terms set by Coinmetro from time to time.
4.4. Processing based on your consent: processing your personal data to comply with the agreement(s) signed between you and us. We mainly process your personal data to provide you with our products and services according to the agreement we have concluded with you. This also includes providing customer support and communicating with you in other ways regarding the Website or our products and services. Without this information, we may not be able to offer you our products or services or all the functions and features offered by our products or services or respond to inquiries or requests that you send us. We may also process your personal data based on your consent for other purposes such as processing for direct marketing purposes, including sending you our newsletter.
4.5. Processing based on our legitimate interest. We process the data received from your use of Coinmetro's services, for example, information about how you navigate and use our website to improve the user experience while using the website and products and services. Improving our website, products, and services includes conducting market analysis and research, education and training programs for our staff, and business activity planning and forecasting and other internal business processes. The legal basis for this is our legitimate business interest in improving Coinmetro's services and the user experience and our business as a result. Considering the nature of the data and that we use it in an aggregated manner, your interests or fundamental rights and freedoms do not override our legitimate interest.
4.6. We may also process your personal data to safeguard our rights, for example, to establish, exercise and defend legal claims, debt collection. The legal basis for this is our legitimate interest in protecting our legal rights and ensuring compliance with the agreement concluded between us. In such a case, your interests or fundamental rights and freedoms do not override our legitimate interests.
4.7. When processing is based on consent, you may withdraw your consent at any time by clicking the ‘unsubscribe’ link at the end of each email. Please note that withdrawing consent does not affect the legality of processing based on consent before it was withdrawn. For specifications on how we use your personal data for direct marketing purposes, see the “Direct Marketing” section below.
4.8. To the extent required by the applicable data protection regulation, you have the right to object to the processing of your personal data, which is based on legitimate interest. See also the section “Your Rights” below.
4.9. Withdrawing consent does not affect the legality of the processing of your personal data according to the applicable legal requirements, mainly the applicable AML laws and regulations. Coinmetro is obligated to store and process your personal data under the applicable anti-money laundering laws and regulations regardless of your consent.
5. Direct marketing and profiling for marketing purposes
5.1. If you have given us your consent to provide you with materials about our products or services and those of our partners, we may use your personal data for direct marketing purposes from time to time. We may send you materials and offers that we believe would be of interest to you.
5.2. You can opt out of receiving marketing communications from us at any time by clicking the ‘unsubscribe’ link at the end of each email or by contacting us at hello@coinmetro.com.
5.3. To find out which offers would interest you; we create your profile based on the following information:
5.3.1. Identification information, such as your name and date of birth.
5.3.2. Contact information, such as your postal address and email address.
5.3.3. Product and service portfolio information and demographic data that we maintain from time to time.
5.4. We may use your personal data to market the following products and/or services to you:
5.4.1. Creation, purchase, and/or marketing of digital assets.;
5.4.2. Software and hardware wallets to hold digital assets; and.
5.4.3. Other digital asset-related products or services.
6. Persons to whom we disclose personal data
6.1. We only share your personal data when we have a valid reason to do so, namely, to provide our services and products to you and when we are legally permitted to do so.
6.2. Data processors. We use carefully selected service providers (processors) to process your personal data. We only use service providers who offer sufficient guarantees to implement appropriate technical and organizational security measures to protect your personal data. We have concluded adequate data processing agreements with service providers and will remain responsible for their actions with respect to the processing of your personal data.
6.3. The data processors we use include the following: email service providers, website analytics service providers, liquidity providers, and data hosting service providers. If you need more detailed information about the data processors we use (for example, their names and location), please contact us using the contact details below.
6.4. Third parties. In some circumstances, we also share your personal data with third parties who act as independent data controllers with respect to your personal data. We only share your personal data with third parties if stipulated here, if required by applicable law (for example, when we are obligated to share personal data with authorities), or with your consent.
6.5. We may also need to share your personal data with third parties in connection with our need to protect our legal rights (for example, lawyers and debt collection agencies). The legal basis for this is our legitimate interest in protecting our legal rights and ensuring compliance with the agreement. In such cases, your interests or fundamental rights and freedoms do not override our legitimate interests.
6.6. We may disclose your personal data to an acquirer, successor, or assignee as part of any merger, acquisition, debt financing, asset sale, or similar transaction, as well as in the event of insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets. The legal basis for this is our legitimate interest in exercising our right to do business. In such cases, we ensure that your rights and conditions as a data subject are not diminished, in which case your interests or fundamental rights and freedoms do not override our legitimate interests.
6.7. Furthermore, we may share your personal data with other third parties to meet our legal obligations (for example, auditors, national regulators, or other authorities). The legal basis for such sharing is compliance with our legal obligations and legal requirements.
6.8. In addition, we will share your data with your representatives, advisors, and other third parties with whom you have contacted in connection with our services and products or whom you have authorized to interact with us on your behalf. Please note that we consider such authorization as your consent and, therefore, your request for such activity must be submitted to us in writing.
6.9. We will not sell your personal data to any third party.
7. Security
7.1. We take appropriate technical and organizational security measures to protect your personal data, taking into consideration (i) the state of the art, (ii) costs of implementation, (iii) nature, scope, context and purposes of processing, and (iv) risks presented to you.
7.2. We retain your personal data for as long as necessary for the purposes for which they were collected, if necessary to safeguard our rights, or if required by applicable law. We may retain your personal data for several years after the end of our relationship if necessary to safeguard our rights or required by applicable law. If your personal data are processed for several different purposes, the longest retention period will apply.
7.3. In general, we store your personal data as follows:
7.3.1. information about legal transactions between us is retained as long as the agreement between us is valid and for a period of 10 years from when a claim expires, unless otherwise provided by law, occasionally asking you to update your personal data.
7.3.2. billing information is retained for 7 years from the end of the financial year in which the information was provided to us.
7.3.3. cookie information is retained in accordance with our Cookie Policy below.
7.3.4. all other data are retained for 5 years.
8. Access, correction and your other rights
8.1. To the extent required by applicable data protection regulations, you have all the rights of a data subject regarding your personal data. These rights include the following:
8.1.1. request access to your personal data.
8.1.2. obtain a copy of your personal data.
8.1.3. rectify inaccurate or incomplete personal data.
8.1.4. erase personal data.
8.1.5. restrict the processing of personal data.
8.1.6. portability of personal data.
8.1.7. object to the processing of personal data that is based on legitimate interest and personal data processed for direct marketing purposes.
8.2. Please note that your rights as a data subject are not absolute and are subject to considerations permissible under applicable law.
8.3. To exercise your rights, please contact us at the contact information below. Please note that you may already exercise some rights (e.g., review and update your personal data) by logging into your account.
8.4. To protect the integrity and security of the information we hold, we may ask you to follow a defined access procedure, which may include steps to verify your identity.
8.5. In certain cases, wherever permitted by applicable law, we may charge you an administrative fee for providing access to the information you have requested, but we will inform you of this before proceeding.
8.6. There may be cases where we cannot provide you with the information you request, such as when it would interfere with the privacy of others or result in a breach of confidentiality. In such cases, we will inform you why we are unable to comply with your request.
9. Complaints
9.1. We strive to meet the highest standards for protecting your privacy. However, if you are concerned about the way we are handling your personal data and believe we have breached any applicable privacy law or other relevant obligation, please contact our Data Protection Officer (DPO) using the contact information below. We will log your question or complaint and refer it to our DPO for further investigation. We will address the matter as soon as we can and keep you informed about the progress of our investigation.
9.2. In addition to the above, you also have the right to file a complaint with the Estonian Data Protection Authority (Estonian Data Protection Inspectorate) or with the court.
10. Changes to this policy
We may make changes to this policy from time to time to consider changes in our standard practices and procedures or when necessary to comply with new applicable laws, regulations, case law, and guidance issued by competent authorities. If the changes are significant to you, we will notify you via email and through a pop-up notice on the website. The latest version of this policy will always be available on our website.
11. Governing Law
If you are a data subject in the European Union, or the processing of your personal data occurs in the context of an agreement that you have concluded with Coinmetro OÜ in Estonia, the processing of your personal data will be governed by the laws of the Republic of Estonia and the EU, specifically the EU General Data Protection Regulation (GDPR).
12. Contact Information
If you would like more information from us on privacy matters or wish to exercise your rights as a data subject, please contact us at legal@coinmetro.com.
II Coinmetro's Cookie Policy
This Cookie Policy explains what cookies and similar technologies Coinmetro uses on the website https://coinmetro.com
13. Cookies
Cookies are small text files installed on your device from the websites you visit. Cookies allow recognizing and distinguishing your device when visiting websites.
Websites use cookies for a variety of purposes, including providing a unique browsing experience for you, for example, so that a website can remember your login information and language preferences. Cookies are also used to learn how you interact with website content and improve your experience when visiting the website. Cookies also allow us to offer you specific content, such as videos and sharing content on social media. Cookies are also used to deliver ads, make them more relevant and meaningful, and to track the efficiency of advertising campaigns.
13.1 Types of cookies
The following types of cookies can generally be used:
• Strictly necessary / technical cookies that are essential to enable you to move around the website and use the website features you have selected.
• Functionality cookies that allow the website to remember your settings and preferences (such as language) to provide more personalized ways of using the website.
• Performance / analytics cookies that collect information about how you use the website, for example, which pages you access most often and which error messages you receive from web pages. These cookies are used to improve the functioning of the website. In our case, these cookies are limited to aggregated statistical purposes.
• Targeting / advertising / behavioral advertising cookies that allow displaying personalized ads and conducting market research and analysis using data about your behavior and interests received from the website. These cookies can remember that your device has visited a site or service and can also track your device's browsing activity on other sites or services. The data received may be shared with advertising networks and service providers.
• Multimedia cookies that store the technical information necessary to play video or audio material.
• Social plug-in modules for sharing content. Many social networks offer social plug-in modules that allow social network users to share content. These plug-ins store cookies on the user's terminal and have access to it so that the social network can identify its members who interact with these plug-ins.
13.2 First and third-party cookies
First-party cookies are cookies that belong to the website owner. Third-party cookies are cookies placed on your device by another party through the website. Third-party cookies may be placed on your device by someone providing a service to the website owner, for example, to help them understand how their website is being used. Third-party cookies may also be placed on your device by other third parties to be used for advertising products and services elsewhere on the internet.
13.3 Persistent and session cookies
The length of time a cookie will remain on your device depends on whether it is a persistent or session cookie. Session cookies will only remain on your device until you stop browsing. Persistent cookies remain on your device until they expire or are deleted.
13.4 Consent
If the cookie is strictly necessary for the service you have requested, your consent is not required for the use of such a cookie.
We also use cookies to personalize content and provide you with an enhanced user experience. By using Coinmetro's Services, you consent to the use of cookies. You can control and manage cookies using your browser (see below). Please note that deleting or blocking cookies may affect your user experience and some features may not be available. If the cookie is strictly necessary for the service you have requested, your consent is not required for the use of such a cookie.
13.5 Google Analytics
Our website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies to help the website analyze how users use our website.
The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators, and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google.
You may refuse the use of cookies by selecting the appropriate settings in your browser; however, please note that if you do this, you may not be able to use the full functionality of our website. By using our website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
13.6 Changing your cookie settings
You can change your cookie settings and delete them through your web browser settings (Internet Explorer, Firefox, Chrome, etc.):
• Internet Explorer : https://support.microsoft.com/kb/278835
• Chrome : https://support.google.com/chrome/answer/95647?hl=en
• Firefox : https://support.mozilla.org/en/kb/Clear%20Recent%20History
• Opera : https://help.opera.com/en/latest/security-and-privacy/
• Safari : https://support.apple.com/en/kb/PH5042
[1] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)