Date last updated: June 4, 2020
This policy will answer the most important questions about how we collect, use and store information about you. This is important to you – please read this policy carefully. This policy may be amended from time to time. Please visit Company‘s website https://coingate.com once in a while - you will find the latest version of this policy there.
Who is responsible for protecting my information?
We are: UAB “Decentralized”
Our identification number is: 303423510
Our address is: A. Gostauto str. 8-331, LT-01108, Vilnius, Lithuania
Our e-mail address is: email@example.com
Why and which information do you collect about me?
Why do you collect information about me? Which information do you collect about me? Why are you legally allowed to collect my information? How long do you keep information about me? 3.1 To provide you with virtual currency purchasing and payment processing collection services when you are our client, manager or representative of legal entity or purchaser E-mail address, password, country, IP address, name and surname, sex, place of birth, address, telephone number, cryptocurrency address, bank account number, account number of money withdrawal platform, PayPal address, transaction amount, transaction currency, transaction time, address of the sender of the transaction, address of the payee of the transaction, ID number, ID copy, photo of you, power of attorney, data provided in business registration certificate, data provided in the document of business address proof, requests for overpayments, Facebook ID information, Google ID information, other information provided by you We conclude and execute service agreement with you (Art. 6 (1) (b) of the GDPR) 10 years after termination of your account 3.2 To implement measures of anti-money laundering (AML) and combating the financing of terrorism, including, but not limited to the proper identification of your clients (sources of funds) when you are our client, manager or representative of legal entity Name and surname, personal code, date of birth, nationality, country of residence for tax purposes, country, postal code, address, telephone number, e-mail address, position, workplace city and state, sources of funds (including information about your clients), states from which funds are received and transferred, planned turnover of services, services you use or plan to use, signature, risk level, the basis of representation
Participation in political activities, application of international financial sanctions and other restrictive measures
We have legitimate interest (to prevent money laundering and terrorist financing) (Art. 6 (1) (f) of the GDPR
We must collect information according to the law for reasons of substantial public interest (Art. 9 (2) (g) of GDPR)
10 years after the termination of business relations 3.3 To inform you about our products and services that may be relevant to you Name and surname, e-mail You agree that we will use information about you (Art. 6 (1) (a), Art. 69 (1) of Lithuanian Law on Electronic Communications) or you purchased items or services from us (Art. 69 (2) of Lithuanian Law on Electronic Communications) We have a legitimate interest (to send direct marketing communications) (Art. 6 (1) (f) of GDPR) 10 years after the end of the customer relationship, unless you withdraw your consent 3.4 To handle queries, requests and complaints submitted by you E-mail address, subject of your inquiry, date of your inquiry, content of your inquiry, attachments to your inquiry, your name and (or) surname provided in your inquiry, reply to your inquiry, information provided by you We have a legitimate interest to do that (to handle your queries) (Art. 6 (1) (f) of the GDPR) 10 years after the receipt of the last inquiry 3.5 To comply with legal requirements in the field of accounting when you are our client, partner or provider Name, surname, e-mail address, telephone number, bank account number, address, signature, invoices, reports, accounting documents, payments, paid amounts, company you represent We have a legal obligation (we must collect information in accordance with the law) (Art. 6 (1) (c) of the GDPR) Within the time limits laid down by law 3.6 To ensure security of our website and continuously improve it for you Internet protocol address (IP), user agent, referrer url, date and time of website visiting We have a legitimate interest (to ensure security of our website) (Art. 6 (1) (f) of the GDPR) 10 years after your last visit of our website 3.7 To manage our accounts on social networking sites Name and surname, e-mail address, gender, country, picture, message, time and date the message was received, content of the message, message attachments, response to the message, time of response to the message, information about Company’s rating, comments on a post, post shares, information about post reactions You agreed to that (Art. 6 (1) (a) of the GDPR) 10 years 3.8 To execute recruitment process in the Company and to evaluate your application when you are a job applicant Name and surname, e-mail address, telephone number, address, education history, languages proficiency, trainings, CV, attachments to your CV, letter of motivation, employment history, questionnaire for the job applicant, specific knowledge of virtual currencies and Blockchain technology, accessibility to physically work in the office, conflict resolution skills, telephone operations management skills, planned career prospects, preferred wages, other information submitted by you You agreed to that (Art. 6 (1) (a) of the GDPR) 6 months after the end of the relevant recruitment process 3.9 To engage in legal proceedings related to you All information mentioned above, documents and attachments sent to you, documents and attachments submitted by you, procedural documents, court rulings, resolutions, decisions Information about criminal offenses and convictions We have a legitimate interest (to defend Company's rights in legal proceedings) (Art. 6 (1) (f) of the GDPR) The data processing is necessary for the establishment, exercise or defence of legal claims (Art. 9 (2) (f) of the GDPR) 10 years
Which information do I have to provide you with and why?
Please refer to the Answer to question 3 above - you have to provide us with the information which we need:
- to provide you with the virtual currency purchasing and payment processing collection services for the purpose set forth in section 3.1;
- to prevent money laundering and terrorist financing for the purpose set forth in section 3.2;
- to comply with legal requirements in the field of accounting for the purpose set forth in section 3.5
In case you do not provide us with this information, we will not be able to provide the services to you.
Where do you get my information from?
Most information we collect from you. Some information about you we collect from the following entities:
- Blockchains of Bitcoin and other cryptocurrencies (data are collected for the purposes set forth in sections 3.1, 3.2);
- Facebook Ireland Ltd. (data are collected for the purposes set forth in sections 3.1, 3.7);
- Google Ireland Ltd. (data are collected for the purpose set forth in section 3.1);
- LinkedIn Ireland Unlimited Company (data are collected for the purpose set forth in section 3.7);
- Twitter Inc. (data are collected for the purpose set forth in section 3.7);
- CV-Online LT, UAB (data are collected for the purpose set forth in section 3.8);
- Verslo žinios, UAB (data are collected for the purpose set forth in section 3.8).
How do you protect information about me transferred outside the European Economic Area (EEA)?2
In most cases, personal data are processed and transferred in the territory of the European Union and the European Economic Area, but when necessary for the provision of certain services, the data may be transferred and processed beyond those territories when the personal data protection level is maintained. When this is permitted by law and is required for the reasons given in this policy to the Answer to question 3, we disclose information about you:
- Amazon Web Services, Inc. (USA) (data are protected in accordance withPrivacy shield program)
- Zendesk, Inc. (USA) (data are protected in accordance withPrivacy shield program)
- Mailgun Technologies, Inc. (USA) (data are protected in accordance withPrivacy shield program)
- SolarWinds Worldwide, LLC (USA) (data are protected in accordance withPrivacy shield program)
- Cloudflare, Inc. (USA) (data are protected in accordance withPrivacy shield program)
- Slack Technologies, Inc. (data are protected in accordance withPrivacy shield program)
- Mixmax, Inc. (data are protected in accordance withPrivacy shield program)
- Facebook, Inc. (USA) (data are protected in accordance withPrivacy shield program)
- Reddit, Inc. (USA) (data are protected in accordance withPrivacy shield program)
- LinkedIn Corporation (USA) (data are protected in accordance withPrivacy shield program)
- Google LLC (USA) (data are protected in accordance withPrivacy shield program)
- Twitter, Inc. (USA) (data are protected in accordance withPrivacy shield program)
- SimplexCC Ltd. (Israel, which isconsidered by European Commission as safe in terms of data protection)
You may download a copy of the EU-U.S. Privacy Shield Framework at: https://www.privacyshield.gov/EU-US-Framework
You may download a copy of the Model Contractual Clauses at: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en
What can I do about my information at your company?
GDPR and other laws provide you with certain rights, procedures for implementation of and exceptions to these rights. When allowed by law, you can:
- Submit a request for confirmation that the Company is processing the data related to you. If the Company process the data related to you, request access to the data processed and related information;
- Submit a request to correct inaccurate or incorrect information used or to supplement it when it is not complete;
- Submit a request to delete the information we have about you if we use it illegally;
- Submit a request to restrict the processing of your information – if you dispute the accuracy of the data or object to the processing of the data, if you do not accept that your data would be deleted which was illegally processed, or if you need the data to claim, execute or defend legal claims;
- Object to collection, use and storage of your information at our Company – when we process data based on the Company's legal and / or third party interests;
- Submit a request to transfer (receive) the data that you provided to us under the contract or giving the consent and which we process by automated means, generally using electronic form;
- To withdraw any consents given to us regarding information used about you - when we use the data based on your consent;
- To lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence or place of an alleged infringement of the GDPR and seek a judicial remedy.
How can I get more information?
If you have any questions, comments or complaints regarding how we collect, use and store information about you, CoinGate has Data Protection Officer to help you. If you need his / her help, please send an e-mail to firstname.lastname@example.org.
1. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
2. This is all members of the European Union plus Iceland, Liechtenstein and Norway.