Privacy Policy

Download PDF

Version applicable as of February 7th 2022

1. Why should I read this Privacy Policy?
This Privacy Policy (‘policy’) describes how CoinGate (CoinGate is owned and operated by UAB “Decentralized”) (hereinafter referred to as the “Company”, “we”, “us”, “our”) collects, uses, discloses, and stores your personal information and what statutory rights do you have. We protect your personal information under the applicable data protection laws. We may amend this policy unilaterally from time to time. Any such amendments will be effective immediately upon publication, therefore please visit
our website regularly for the latest version of this policy.

2. Who is responsible for protecting my information?
We are: CoinGate (owned and operated by UAB “Decentralized”) Our company number is: 303423510
Our address: A. Goštauto g. 8-331, LT-01108 Vilnius
Our e-mail address: info@coingate.com

3. Why and how do you use my information?

3.1 To provide you with virtual currency purchasing, payment processing collection and related services


When is this relevant for me?

When you are our client, manager, or representative of a legal entity or shopper.

What information do you collect about me?

E-mail address, password, country, IP address, name and surname,
gender, place of birth, address, telephone number, cryptocurrency address, bank account number, account number of money withdrawal platform, PayPal address, transaction amount, transaction currency, transaction time, address of the sender of the transaction, address of the payee of the transaction, power of attorney, data provided in the business registration certificate, data provided in the document of business address proof, requests for overpayments, Facebook ID information, Google ID information, other information provided by you.

What is your legal basis to collect my information?

Contract (Art. 6 (1) (b) of GDPR).

Where do you collect the information from?

From yourself.

Am I obliged to provide this information?

It is a contractual requirement. If you do not provide this information, we will not be able to provide our services.

How long do you store information about me?

10 years after termination of your account.

3.2 To provide you with virtual currency swap services


When is this relevant for me?

When you use our virtual currency swap services without undergoing a verification (identification) process.

What information do you collect about me?

Email address, country, IP address, types of swapped virtual currencies, cryptocurrency address, transaction amount, device fingerprint, telephone number.

What is your legal basis to collect my information?

Contract (Art. 6 (1) (b) of GDPR).

Where do you collect the information from?

From yourself.

Am I obliged to provide this information?

It is a contractual requirement. If you do not provide this information, we will not be able to provide our services.

How long do you store information about me?

10 years after the use of our currency swap services.

3.3 To enable you to exchange your virtual currencies into various gift cards


When is this relevant for me?

When you exchange your virtual currencies into gift cards of various vendors and platforms.

What information do you collect about me?

First name, last name, email address, country, IP address, cryptocurrency address, transaction amount, type and amount of gift card, email of the person to whom you send the gift card.

What is your legal basis to collect my information?

Contract (Art. 6 (1) (b) of GDPR).

Where do you collect the information from?

From yourself.

Am I obliged to provide this information?

It is a contractual requirement. If you do not provide this information, we will not be able to provide our services.

How long do you store information about me?

10 years after the exchange of your virtual currency to a gift card.

3.4 To verify you when necessary


When is this relevant for me?

When you use our virtual currency purchasing, payment processing
collection services, or when you use our virtual currency swap services and make a transaction larger than 1 000 EUR or a transaction that raises suspicion.

What information do you collect about me?

Country of residence, name and surname, gender, place of birth, date of birth, nationality, address, telephone number, ID number, personal code, ID expiry date, ID copy, photo of you.

What is your legal basis to collect my information?

Contract (Art. 6 (1) (b) of GDPR).

Where do you collect the information from?

From yourself.

Am I obliged to provide this information?

It is a contractual requirement. If you do not provide this information, we will not be able to provide our services.

How long do you store information about me?

10 years after termination of your account.

3.5 To implement measures of anti-money laundering (AML) and counter-terrorist financing (CTF)



When is this relevant for me?

When establishing a business relationship with us (when you are a customer (natural person), company’s manager or a representative).

What information do you collect about me?

Name and surname, ID information (such as number, date of issuance, period of validity), date of birth, sex, no personal number (true/false), personal number, personal number type, document number, date of expiry, document type, issuing country, citizenship or citizenship s, nationalities, place of birth, address, city, postal code, country of residence, annual income, are transaction s over 15 000 EUR expected? (yes/no). source of funds, source of wealth, expected yearly turnover using our services, used services, countries from which funds will be incoming, account opening purposes, geolocation data, information on the company’s director and representative (name, surname, ID, date of birth, sex, no personal number (true/false), personal number, personal number type, document number, date of expiry, document type, the country that has issued an identity document, citizenship, nationalities, place of birth, address, city, postal code, country of residence, sanctions, current position, email), information on the ultimate beneficial owner (name, surname, sex, personal number, date of birth, place of birth, address, citizenship, nationality, country, website (reputable third-party source), amount of shares, stake in the main company.

Information on participation in politics – whether you (trader) are a politically exposed person (PEP), whether the beneficial owner of the company, their immediate family member, or a close associate is a PEP, and information on the beneficial owner’s prominent public functions.

What is your legal basis to collect my information?

Legal obligation (Art. 6 (1) (c) of GDPR) Art. 9,11, 12, 16 of the Law on AML.


Reasons of substanti al public interest (Art. 9 (2) (g) of GDPR) Art. 14 of the Law on AML.

Where do you collect the information from?

From yourself, AML/CT F service providers.

Am I obliged to provide this information?

It is a statutory requirement. If you do not provide this information, we will not be able to provide our services.

How long do you store information about me?

For the duration of and 8 years after the terminati on of the business relations hip.

3.6 To ensure security of and improve our website


When is this relevant for me?

When you use our website.

What information do you collect about me?

Internet protocol address (IP), user agent, referrer url, date and time of website visiting.

What is your legal basis to collect my information?

Legitimate interest (security and improvement of our website) (Art. 6 (1) (f) of GDPR).

Where do you collect the information from?

From yourself.

Am I obliged to provide this information?

No.

How long do you store information about me?

10 years after your last visit of our website.

3.7 To provide you with customer support


When is this relevant for me?

When you submit an inquiry to our customer support.

What information do you collect about me?

E-mail address, subject of your inquiry, date of your inquiry, content of your inquiry, attachments to your inquiry, your name and (or) surname provided in your inquiry, reply to your inquiry, information provided by you.

What is your legal basis to collect my information?

Consent (Art. 6 (1) (a) of GDPR).

Where do you collect the information from?

From yourself.

Am I obliged to provide this information?

No.

How long do you store information about me?

10 years after the receipt of the last inquiry.

3.8 To inform you about our services that may be relevant to you.


When is this relevant for me?

When we want to inform you or ask your opinion about our services.

What information do you collect about me?

Name and surname, e-mail.

What is your legal basis to collect my information?

Consent (Art. 6 (1) (a) of GDPR) (Art. 69 (1) of Lithuanian Law on Electronic Communications) Customer relationship (Art. 69 (2) of Lithuanian Law on Electronic Communications) Legitimate interest (to send direct marketing communications) (Art. 6 (1) (f) of GDPR).

Where do you collect the information from?

From yourself Social media service providers Marketing service providers.

Am I obliged to provide this information?

No.

How long do you store information about me?

10 years after the last use of our services or after you give your consent unless you withdraw your consent earlier.

3.9 To manage our social media profiles


When is this relevant for me?

If you interact with our social media profiles (e.g., send a message, follow our profiles, share a post, react to a post).

What information do you collect about me?

Name and surname indicated in your profile, e-mail address, gender, country, picture, message,
time, and date the message was received, content of the message, message attachments, response to the message, time of response to the message, information about our rating, comments on a post, post shares, information about post reactions.

What is your legal basis to collect my data?

Consen t (Art. 6 (1) (a) of GDPR).

Where do you collect the information from?

From yourself and social media platforms.

Am I obliged to provide this information?

You are not statutorily or contractually obliged to provide this personal data, but we will collect this data if you interact with our social media profiles.

How long do you store information about me?

10 years from the moment you interact with our social media profiles.

3.10 To carry out the selection of potential employees



When is this relevant for me?

When we receive your applicatio n for a job position, when you give us your consent for storing your CV, or we contact you based on the information you publicly disclose on professional social media platforms.

What information do you collect about me?

Full name, e- mail, phone number, CV, work experience, other information you provide us with.

What is your legal basis to collect my information?

Consent (Art. 6 (1) (f) of GDPR) Contract (Art. 6 (1) (b) of GFPR) Legitimate interest (to contact you when you publicly disclose your information on professional social media platforms) (Art. 6 (1) (f) of GDPR).

Where do you collect the information from?

From yourself Professio nal social media service providers HR agencies.

Am I obliged to provide this information?

It is a requirement necessary to enter into a contract only where we intend to enter into an employment contract with you. If you do not provide this information, we will not be able to enter into an employment contract with you.

How long do you store information about me?

3 years after the end of the relevant recruitment process 5 years after you
give us your consent or publicly disclose your information on professional social media platforms.

3.11 To fulfill statutory accounting requirements


When is this relevant for me?

When you use our services.

What information do you collect about me?

Full name, e-mail address, telephone number, bank account number, address, signature, invoices, reports, accounting documents, payments, paid amounts, other information we are statutorily required to collect.

What is your legal basis to collect my information?

Legal obligation (Art. 6 (1) (c) of GDPR) aw on Accounting of the Republic of Lithuania.

Where do you collect the information from?

From yourself.

Am I obliged to provide this information?

It is a statutory requiremen t. If you do not provide this information, you will not be able to buy goods or services from us.

How long do you store information about me?

10 years following a transaction.

3.12 To defend our rights and interests


When is this relevant for me?

In case we become a party to legal process which you are subject to or we are statutorily required to collect information about you

What information do you collect about me?

All of the afore-mentioned information, accounting and legal case files, legal documents, other information you provide us with, other information that we are statutorily required to collect and/or provide.

If the case arises – information about criminal offenses and convictions.

What is your legal basis to collect my information?

Legal obligation (Art. 6 (1) (c) of GDPR) Legitimate interest (to protect our rights and interests) (Art. 6 (1) (f) of GDPR).

Establishment, exercise, or defense of legal claims (Art. 9 (2) (f) of GDPR).

Where do you collect the information from?

From afore-mentioned sources, law enforcement authorities, parties that are subject to legal process, courts.

Am I obliged to provide this information?

Yes, where we are statutorily obliged to collect personal information.

How long do you store information about me?

10 years following the end of the contractual relationship with us or, whichever is longer, for the duration of the legal process and 3 years after a final authority decision came into full force.

4. Who do you share my data with?
We share your data with data recipients, both within and outside the European Economic Area (EEA), in cases where necessary for the above-described purposes and allowed in accordance with applicable laws.


No

Category of information recipient

Information recipient

Country of the recipient

What is the legal basis to transfer my data outside the EEA?

4.1.

AML and identification service providers

Onfido Ltd.

UK

Decision on the adequate protection of personal data by the United Kingdom (link).

Elliptic Enterprises Ltd.

UK

Other service providers

Worldwide

EU Standard Contractual Clauses for the transfer of data as approved by the European Commission (link) (further – EU Standard Contractual Clauses).

4.2.

Banking,
payment processing, crypto exchange and other financial service providers.

UAB “IBS Lithuania”

Lithuania (EU)

N/A

UAB “Nexpay”

Lithuania (EU)

N/A

UAB “Binance”

Lithuania (EU)

N/A

Bitstamp Ltd.

UK

Decision on the adequate protection of personal data by the United Kingdom (link)

Other service providers

Worldwide

EU Standard Contractual Clauses (link)

4.3.

Software service providers

Microsoft Corporation

US

Microsoft Standard Contractual Clauses (link)

Other software service providers

Worldwide

EU Standard Contractual Clauses (link)

4.4.

Communication tools service providers

Skype Communications S.a r.l.

Luxembourg (EU)

N/A

Slack Technologies, LLC

US

Slack Technologies Standard Contractual Clauses (link)

Other service providers

Worldwide

EU Standard Contractual Clauses (link)

4.5.

Social media service providers

Facebook Ireland Ltd

Ireland (EU)

N/A

Reddit Ireland Ltd.

Ireland (EU)

N/A

Twitter Inc.

US

EU Standard Contractual Clauses (link)

Other service providers

Worldwide

EU Standard Contractual Clauses (link)

4.6.

Customer support service providers

Zendesk, Inc.

US

Zendesk Standard Contractual Clauses (link)

4.7.

Cloud hosting service providers

Amazon Web Services, Inc.

US

Amazon Standard Contractual Clauses (link)

Google LLC.
US

Google Standard Contractual Clauses (link)

Other service providers

Worldwide

EU Standard Contractual Clauses (link)

4.8.

Marketing service providers

Calendly LLC

US

EU Standard Contractual Clauses which are incorporated by reference to the Calendly Data Processing Addendum (link)

Other service providers

Worldwide

EU Standard Contractual Clauses (link)

4.9.

Compliance and legal service providers

Other service providers

EU countries and UK

Decision on the adequate protection of personal data by the United Kingdom (link)
Decision on the adequate protection of personal data by the United Kingdom (link)

4.10.

State institutions and regulatory authorities

Bank of Lithuania, State Tax Inspectorate, Financial Crime Investigation Service, Center of Registers, State Security Department of Lithuania, law enforcement authorities and courts, other state authorities

Worldwide

The necessity to establish, exercise or defend legal claims (Art. 49(1)(e) of the GDPR).

5. What statutory rights do I have regarding my data?

Subject to conditions, limitations, and exceptions established by statutory data protection provisions, you have the rights listed below:


My right

When is this right applicable to me?

Right of access

When you seek to obtain confirmation as to whether we collect or otherwise process personal data concerning you, and, where that is the case, access to the personal data and the information about the data processing.

Right to rectification

When you seek to obtain from us the rectification of inaccurate personal data concerning you.

Right to
erasure (‘right to be forgotten”)

– When personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
When you withdraw consent on which the processing is based and there is no other legal ground for the processing;
– When you object to the processing and there are no overriding legitimate grounds for the processing, or you object to the
processing for direct marketing purposes;
– Where the personal data have been unlawfully processed; Where the personal data have to be erased for compliance with a
legal obligation;
– Where the personal data have been collected in relation to the offer of information society services directly to a child and subject to a consent.

Right to restriction of processing

– Where the accuracy of the personal data is contested by you; Where the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
– Where we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims;
– Where you have objected to processing.

Right to data portability

Where you seek to receive the data you have provided in a structured, commonly used and machine-readable form or to transmit those data to another controller, the processing is based on consent or on a contract and is carried out by automated means.

Right to object

Where the collection and use is based on a task carried out in the public interest or in the exercise of official authority vested or legitimate interest, including profiling, as explained in Section 3 of this Privacy Policy, or where you object to the collection of your personal data for direct marketing purposes.

Right to withdraw consent

Where the processing is based on consent, as explained in Section 3 of this Privacy Policy, and you seek to withdraw it at any time.

Right to lodge a complaint

Where you want to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or of an alleged infringement of the GDPR.

6. Do you engage in automated individual decision-making, including profiling?

We perform profiling only for AML regulations’ compliance purposes and to protect our platform from money laundering and terrorist financing. Without AML profiling we will not be able to provide you with our services. We create an AML risk profile after you fill in the “Know Your Customer” (KYC) questionnaire and then we continue to monitor the unexpected changes in your transactional behavior within our platform. AML profiling does not affect your use of our platform if there is no suspicious activity in your account.

7. Does your website place cookies on my device?

Yes, our website places the following cookies on your device:


Cookie category
Cookie nameCookie expiry

Necessary

_GRECAPTCHA

179 days

rc::a

Persistent

rc::b

During the browsing session

rc::c

During the browsing session

test_cookie

1 day

_zlcmid

365 days

Preferences

Lang

During the browsing session

trade_options

365 days

trade_values

1 hour

gc_user_s

1 year

last_item

1 year

Statistics

_ga

2 years

_hjAbsoluteSessionInProgress

1 day

_gat

1 day

_gid

1 day

_hjFirstSeen

1 day

_hjIncludedInSessionSample

1 day

AnalyticsSyncHistory

29 days

collect

Session

personalization_id

2 years

px.gif

Session

_fbp

3 months

sc

365 days

sentryid

365 days

TSNGUID

365 days

_hjSession

1 day

device_id_

365 days

_hjSessionUser_

1 year

first_acquisition

1 year

Marketing

/ad/#/pixel

Session

_gcl_au

3 months

ads/ga-audiences

Session

bcookie

2 years

bscookie

2 years

IDE

1 year

lang

Session

lidc

1 day

pagead/1p-user-list/#

During the browsing session

pagead/landing

Session

Tr

Session

uaid

30 years

UserMatchHistory

29 days

nQ_cookieId

1 year

nQ_userVisitId

1 day

Unclassified


simplex-logo.png


Session


8. How can I manage cookies?

You can configure your browser to decline some or all cookies or to ask for your permission before accepting them. Please note that by deleting cookies or disabling future cookies you may be unable to access certain areas or features of our website. You can control the use of functionality cookies, targeting cookies or advertising cookies by adjusting your browser settings. To find out how to manage cookies in your browser, please visit one of the links below:

  • Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable- cookies-website-preferences
  • Google Chrome: https://support.google.com/chrome/answer/95647
  • Opera: https://www.opera.com/help/tutorials/security/privacy
  • Microsoft Edge: https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy
  • Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-information-sfri11471/mac

9. How can I contact your data protection officers?

If you have any questions, comments, or complaints regarding how we collect, use, and store your personal information, our data protection officers are ready to help you. If you need their help, you may contact them at any time via dpo@coingate.com.