1.1 Coinmetro OÜ is a company incorporated with limited liability in the Republic of Estonia with company number 14448371 and registered address at Tartu mnt 84a-402, Tallinn 10112, Republic of Estonia.
1.2. Your privacy is important to us. We are committed to protecting the privacy, confidentiality, and security of the personal data we hold by complying with the requirements under applicable laws and regulations. We are equally committed to ensuring that all our employees, service providers and agents uphold these obligations. This policy explains how we manage personal data within our organization, including how we process the personal data of the users of our website and on the Coinmetro Platform https://coinmetro.com (the “Coinmetro Services”).
1.4.1. have a right to provide that data,
2. How we collect personal data
2.1. We collect personal data about you in the following ways:
2.2. you provide us your personal data yourself (e.g. by registering for a Coinmetro Account or our newsletter on the website; by submitting a query, a request or an (job) application to us; by responding to our surveys; by using our products and services).
2.3. your personal data is provided to us by third parties who are entitled to disclose that information to us.
2.4. we collect your data from public sources (e.g. by examination of public blockchains; from public registries; from your public social media profile).
2.6. Where we collect personal data from you, we will generally do so ourselves. However, in some cases we may collect personal data from a third party, such as through your representatives, contractors who provide services to us, or third parties who refer you to us because they think you may be interested in our products or services.
3. Kind of personal data we collect
3.1. For the legal basis and purposes described in section 4 we will collect and process the following types of your personal data:
3.1.1. Personal identification information, e.g.:
18.104.22.168. full name [first, any middle and second first and second last and last],
22.214.171.124. date of birth,
126.96.36.199. ID documentation, passport numbers, Non-Signature IDs,
188.8.131.52. utility bills,
184.108.40.206. employer information and job title and.
220.127.116.11. tax ID number;.
3.1.2. contact details, e.g.:
18.104.22.168. e-mail address,
22.214.171.124. phone number,
126.96.36.199. home and work address;.
3.1.3. financial information, e.g.:
188.8.131.52. credit and debit card numbers,
184.108.40.206. PANs, IBANs,
220.127.116.11. bank account numbers and details,
18.104.22.168. sort codes and other payment details,
3.1.4. communication data including:
22.214.171.124. records of our communications with you, including any messages you send us;.
3.1.5. blockchain-related information, blockchain identifiers, such as:
126.96.36.199. blockchain addresses and.
188.8.131.52. public keys.
3.1.6. transaction information, transactions you make on our platform, including:
184.108.40.206. the name of the recipient,
220.127.116.11. the amount of the transaction and.
18.104.22.168. the time stamp.
3.1.7. account log-in and usage data, including:
22.214.171.124. emails and passwords that you create when registering for a Coinmetro Account,
126.96.36.199. details of any products or services that we provide to you,
188.8.131.52. survey responses,
184.108.40.206. information provided to our support team,
220.127.116.11. public social networking posts,
18.104.22.168. authentication data,
22.214.171.124. security questions,
126.96.36.199. user IDs,
188.8.131.52. click-stream data and other data collected via cookies and similar technologies;.
3.1.8. online identifiers, including:
184.108.40.206. IP address,
220.127.116.11. browser fingerprint,
18.104.22.168. browser name and version and OS.
3.1.9. Other information that may be present on documentation that we may ask you to provide for the purposes of proving your identity.
4. Purposes and legal basis for the processing of personal data
4.1. We process your personal data based on your consent, based on the applicable statutory requirements, and based on our legitimate interests.
4.2. In some cases, mainly but not limited to due to anti money laundering laws and regulations and for the purposes of fighting fraud, we may be required by law to collect certain types of personal data about you.
4.3. We will collect your personal data on the following legal bases and for the following purposes as explained in detail below:
4.4. Processing based on your consent: processing your personal data to fulfill the agreement(s) signed between you and us. We mainly process your personal data to provide our products and services to you based on the agreement we have concluded with you. This also includes providing customer support and contacting you otherwise as regards the Website or our products and services. Without this information, we may not be able to provide you with our products or services or all the features and functionality offered by our products or services or to respond to queries or requests that you submit to us. We may also process your personal data based on your consent for other purposes such as processing based on your consent for direct marketing purposes, including sending you our newsletter.
4.5. Processing based on our legitimate interest. We process the data received from your use of the Coinmetro Services, e.g. information about how you move around on and use our website to improve the user experience in using the website and the products and services. Improving our website, products and services includes carrying out market analysis and research, education and training programs for our staff and planning and forecasting business activities and other internal business processes. The legal basis for this is our legitimate business interest to improve the Coinmetro Services and the user experience and our business as a result thereof. Considering the nature of the data and that we use the data in an aggregated manner, your interests or fundamental rights and freedoms do not override our legitimate interest.
4.6. We may also process your personal data to safeguard our rights, e.g. establishing, exercising and defending legal claims, debt collection. The legal basis for this is our legitimate interest to protect our legal rights and ensure the performance of the agreement concluded between us. In such a case, your interests or fundamental rights and freedoms do not override our legitimate interests.
4.7. When processing is based on consent, you can withdraw your consent at any time by clicking on the ‘unsubscribe’ link at the end of each email. Please note that withdrawing consent does not affect the lawfulness of processing based on consent before the consent was withdrawn. For specifications about how we use your personal data for direct marketing purposes, please see section “Direct marketing” below.
4.8. To the extent required by applicable data protection regulation, you have the right to object to the processing of your personal data which is based on legitimate interest. See also section “Your rights” below.
4.9. Withdrawing consent does not affect the lawfulness of processing your personal data based on applicable statutory requirements, mainly the applicable AML laws and regulations. Coinmetro is obliged to store and process your personal data under the applicable anti money laundering laws and regulations regardless of your consent.
5. Direct marketing and profiling for marketing purposes
5.1. If you have given us your consent to provide you with materials about our and our partner's products or services, from time to time we may use your personal data for direct marketing purposes. We may send you materials and offerings that, in our opinion, would be of interest of you.
5.2. You can opt-out of receiving marketing communications from us at any time by clicking on the ‘unsubscribe’ link at the bottom of each email or contacting us at email@example.com.
5.3. To find out which offerings would interest you; we draw up your profile based on the following information:
5.3.1. identifying information, such as your name and date of birth.
5.3.2. contact information, such as your postal address and email address.
5.3.3. products and services portfolio information and demographic data held by us from time to time.
5.4. We may use your personal data to market the following products and/or services to you:
5.4.1. creating, purchasing and/or trading digital assets;.
5.4.2. software and hardware wallets for holding digital assets; and.
5.4.3. other products or services related to digital assets.
6. People to whom we disclose personal data
6.1. We only share your personal data when we have a valid reason for it, namely, to provide our services and products to you and when we are legally permitted to do so.
6.2. Data processors. We use carefully selected service providers (data processors) in processing your personal data. We only use service providers that provide sufficient guarantees to implement appropriate technical and organizational security measures to protect your personal data. We have concluded appropriate data processing agreements with the service providers and shall remain responsible for their actions in respect of the processing of your personal data.
6.3. The data processors we use include the following: email service providers, website analytics service providers, liquidity providers and data hosting service providers. Should you require more detailed information as regards the data processors we use (e.g., their names and location) please contact us via the contact details below.
6.4. Third parties. In some circumstances, we also share your personal data with third parties who act as independent data controllers as regards your personal data. We only share your personal data with third parties if stipulated herein, if required under the applicable law (e.g., when we are obliged to share personal data with the authorities), or with your consent.
6.5. We also may need to share your personal data with third persons in relation to our need to protect our legal rights (e.g., attorneys and debt collection agencies). The legal basis for this is our legitimate interest to protect our legal rights and ensure the performance of the agreement. In such a case, your interests or fundamental rights and freedoms do not override our legitimate interests.
6.6. We may disclose your personal data to an acquirer, successor, or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets. The legal basis for this is our legitimate interest to exercise our right to business. In such case, we make sure that your rights and conditions as a data subject shall not be decreased, in which case your interests or fundamental rights and freedoms do not override our legitimate interests.
6.7. Additionally, we may share your personal data with other third persons in order to fulfil our legal obligations (e.g. auditors, national regulators or other authorities). The legal basis for such sharing is compliance with our legal obligations and statutory requirements.
6.8. Furthermore, we will share your data with your representatives, advisers, and other third parties you have contacted regarding our services and products or which you have authorized to interact with us on your behalf. Please note that we consider such authorization as your consent and therefore your request for such an activity must be present to us in a written form.
6.9. We will not sell your personal data to any third party.
7.1. We take the appropriate technical and organizational security measures in protecting your personal data, considering (i) the state of the art, (ii) costs of implementation, (iii) nature, scope context and purposes of the processing, and (iv) risks posed to you.
7.2. We retain your personal data for as long as is necessary for the purposes they were collected for, if necessary to safeguard our rights, or if required by the applicable law. We may retain your personal data for several years after the end of our relationship if it is necessary to safeguard our rights or required under the applicable law. If your personal data is being processed for several different purposes, the longest retention period shall apply.
7.3. In general, we store your personal data as follows:
7.3.1. information on legal transactions between us is retained for as long the agreement between us is valid and for a period of 10 years as of when a claim falls due unless otherwise provided by law, asking you occasionally to update your personal data;.
7.3.2. billing information is retained for 7 years as of the end of the financial year in which the information was provided to us;.
7.3.4. all other data is retained for 5 years.
8. Access, correction, and your other rights
8.1. To the extent required by applicable data protection regulations, you have all the rights of a data subject as regards your personal data. Such rights include the following:
8.1.1. request access to your personal data;.
8.1.2. obtain a copy of your personal data;.
8.1.3. rectify inaccurate or incomplete personal data;.
8.1.4. erase personal data;.
8.1.5. restrict the processing of personal data;.
8.1.6. portability of personal data;.
8.1.7. object to processing of personal data which is based on legitimate interest and personal data which is processed for direct marketing purposes.
8.2. Please note that your rights as a data subject are not absolute and are subject to such considerations as allowed under the applicable law.
8.3. To exercise your rights, please contact us on the contact details below. Please note that you can exercise some rights (e.g., review and update your personal data) already by logging into your account.
8.4. To protect the integrity and security of the information we hold, we may ask that you follow a defined access procedure, which may include steps to verify your identity.
8.5. In certain cases, provided it is allowed under the applicable law, we may charge you an administration fee for providing you with access to the information you have asked for, but we will inform you of this before proceeding.
8.6. There may be cases where we are unable to provide the information you request, such as where it would interfere with the privacy of others or result in a breach of confidentiality. In these cases, we will let you know why we cannot comply with your request.
9.1. We try to meet the highest standards to protect your privacy. However, if you are concerned about the way in which we are managing your personal data and think we may have breached any applicable privacy laws, or any other relevant obligation, please contact our data protection officer (DPO) using the contact details set out below. We will make a record of your question or complaint and refer it to our DPO for further investigation. We will deal with the matter as soon as we can, and keep you informed of the progress of our investigation.
9.2. In addition to the foregoing, you also have the right to lodge a complaint with the Estonian data protection authority (Estonian Data Protection Inspectorate) or the court.
10. Changes to this policy
We may make changes to this policy from time to time to consider changes to our standard practices and procedures or where necessary to comply with applicable new laws, regulations, case-law and guidelines issued by competent authorities. Should the changes be material to you, we will notify you by e-mail and pop-up on the website. The latest version of this policy will always be available on our website.
11. Governing law
If you are a data subject in the European Union or the processing of your personal data takes place in the context of an agreement you have concluded with Coinmetro OÜ in Estonia, the processing of your personal data shall be governed by the laws of the Republic of Estonia and of the EU, namely by the EU General Data Protection Regulation (GDPR).
12. Contact details
If you want any further information from us on privacy matters or you would like to exercise your rights as a data subject, please contact us at firstname.lastname@example.org.
Cookies are small text files that are installed on your device from websites that you visit. Cookies enable you to recognize and distinguish your device when visiting websites.
13.1 Types of cookies
The following types of cookies can generally be used:
• Strictly necessary / technical cookies which are essential in order to enable you to move around the website and use the features of the website you have chosen.
• Functionality cookies which allow the website to remember your settings and preferences (such as language) to provide more personal ways to use the website.
• Performance / analytics cookies which collect information about how you use the website, for instance which pages you go to most often and which error messages from web pages you receive. These cookies are used to improve how the website works. In our case, these cookies are limited to aggregated statistical purposes.
• Targeting / advertising / behaviorally targeted advertising cookies which enable to show you personalized advertisements and conduct market research and analysis by using the data about your behavior and interests received from the website. These cookies can remember that your device has visited a site or service and may also be able to track your device’s browsing activity on other sites or services. The data received may be shared with advertising networks and advertising service providers.
• Multimedia cookies which store the technical information necessary for performing video or audio material.
• Social plug-ins to share content. Many social networks offer social plug-in modules which allow users of social networks to share content. Such plug-ins store cookies in the user's terminal and have access to it for the social network to be able to identify its members who interact with these plug-ins.
13.2 First party and third-party cookies
First-party cookies are cookies that belong to the owner of the website. Third-party cookies are cookies that another party places on your device through the website. Third-party cookies may be placed on your device by someone providing a service for the owner of the website, for example to help them understand how their website is being used. Third-party cookies may also be placed on your device by other third parties so that they can use them to advertise products and services to you elsewhere on the Internet.
13.3 Persistent and session cookies
The length of time a cookie will stay on your device depends on whether it is a persistent or session cookie. Session cookies will only stay on your device until you stop browsing. Persistent cookies stay on your device until they expire or are deleted.
If the cookie is strictly necessary for the service requested by you, your consent for the use of such cookie is not required.
13.5 Google Analytics
The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.
13.6 Changing your cookies’ settings
You can change your cookies’ settings and delete cookies through the settings of your web browser (Internet Explorer, Firefox, Chrome, etc):
• Internet Explorer : https://support.microsoft.com/kb/278835
• Chrome : https://support.google.com/chrome/answer/95647?hl=en
• Firefox : https://support.mozilla.org/en-US/kb/Clear%20Recent%20History
• Opera : https://help.opera.com/en/latest/security-and-privacy/
• Safari : https://support.apple.com/kb/PH5042
 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)