CoinGate Privacy Policy

Date last updated: November 29, 2019

At CoinGate (CoinGate is owned and operated by UAB “Virtualios valiutos”) (hereinafter – the “Company” or “we”) we care about protection of your information. We follow the requirements of the so-called European Union General Data Protection Regulation (GDPR)1 and other laws protecting information about you at our Company. To know more please carefully read this Privacy Policy.

  1. How should I read this Privacy Policy?

    This policy will answer the most important questions about how we collect, use and store information about you. This is important to you – please read this policy carefully. This policy may be amended from time to time. Please visit Company‘s website https://coingate.com once in a while - you will find the latest version of this policy there.

  2. Who is responsible for protecting my information?

    We are: UAB “Virtualios valiutos”
    Our identification number is: 303423510
    Our address is: A. Gostauto str. 8-331, LT-01108, Vilnius, Lithuania
    Our e-mail address is: info@coingate.com

  3. Why and which information do you collect about me?

    Why do you collect information about me? Which information do you collect about me? Why are you legally allowed to collect my information? How long do you keep information about me?
    3.1 To provide you with virtual currency purchasing and payment processing collection services when you are our client, manager or representative of legal entity or shopper E-mail address, password, country, IP address, name and surname, sex, place of birth, address, telephone number, cryptocurrency address, bank account number, account number of money withdrawal platform, PayPal address, transaction amount, transaction currency, transaction time, address of the sender of the transaction, address of the payee of the transaction, ID number, ID copy, photo of you, power of attorney, data provided in business registration certificate, data provided in the document of business address proof, requests for overpayments, Facebook ID information, Google ID information, other information provided by you We conclude and execute service agreement with you (Art. 6 (1) (b) of the GDPR) 10 years after termination of your account
    3.2 To implement measures of anti-money laundering (AML) and combating the financing of terrorism, including, but not limited to the proper identification of your clients (sources of funds) when you are our client, manager or representative of legal entity Name and surname, personal code, date of birth, nationality, country of residence for tax purposes, country, postal code, address, telephone number, e-mail address, position, workplace city and state, sources of funds (including information about your clients), states from which funds are received and transferred, planned turnover of services, services you use or plan to use, signature, risk level, the basis of representation
    Participation in political activities, application of international financial sanctions and other restrictive measures
    We have legitimate interest (to prevent money laundering and terrorist financing) (Art. 6 (1) (f) of the GDPR
    We must collect information according to the law for reasons of substantial public interest (Art. 9 (2) (g) of GDPR)
    10 years after the termination of business relations
    3.3 To inform you about our products and services that may be relevant to you Name and surname, e-mail You agree that we will use information about you (Art. 6 (1) (a), Art. 69 (1) of Lithuanian Law on Electronic Communications) or you purchased items or services from us (Art. 69 (2) of Lithuanian Law on Electronic Communications) We have a legitimate interest (to send direct marketing communications) (Art. 6 (1) (f) of GDPR) 10 years after the end of the customer relationship, unless you withdraw your consent
    3.4 To handle queries, requests and complaints submitted by you E-mail address, subject of your inquiry, date of your inquiry, content of your inquiry, attachments to your inquiry, your name and (or) surname provided in your inquiry, reply to your inquiry, information provided by you We have a legitimate interest to do that (to handle your queries) (Art. 6 (1) (f) of the GDPR) 10 years after the receipt of the last inquiry
    3.5 To comply with legal requirements in the field of accounting when you are our client, partner or provider Name, surname, e-mail address, telephone number, bank account number, address, signature, invoices, reports, accounting documents, payments, paid amounts, company you represent We have a legal obligation (we must collect information in accordance with the law) (Art. 6 (1) (c) of the GDPR) Within the time limits laid down by law
    3.6 To ensure security of our website and continuously improve it for you Internet protocol address (IP), user agent, referrer url, date and time of website visiting We have a legitimate interest (to ensure security of our website) (Art. 6 (1) (f) of the GDPR) 10 years after your last visit of our website
    3.7 To manage our accounts on social networking sites Name and surname, e-mail address, gender, country, picture, message, time and date the message was received, content of the message, message attachments, response to the message, time of response to the message, information about Company’s rating, comments on a post, post shares, information about post reactions You agreed to that (Art. 6 (1) (a) of the GDPR) 10 years
    3.8 To execute recruitment process in the Company and to evaluate your application when you are a job applicant Name and surname, e-mail address, telephone number, address, education history, languages ​​proficiency, trainings, CV, attachments to your CV, letter of motivation, employment history, questionnaire for the job applicant, specific knowledge of virtual currencies and Blockchain technology, accessibility to physically work in the office, conflict resolution skills, telephone operations management skills, planned career prospects, preferred wages, other information submitted by you You agreed to that (Art. 6 (1) (a) of the GDPR) 6 months after the end of the relevant recruitment process
    3.9 To engage in legal proceedings related to you All information mentioned above, documents and attachments sent to you, documents and attachments submitted by you, procedural documents, court rulings, resolutions, decisions Information about criminal offenses and convictions We have a legitimate interest (to defend Company's rights in legal proceedings) (Art. 6 (1) (f) of the GDPR) The data processing is necessary for the establishment, exercise or defence of legal claims (Art. 9 (2) (f) of the GDPR) 10 years
  4. Which information do I have to provide you with and why?

    Please refer to the Answer to question 3 above - you have to provide us with the information which we need:

    • to provide you with the virtual currency purchasing and payment processing collection services for the purpose set forth in section 3.1;
    • to prevent money laundering and terrorist financing for the purpose set forth in section 3.2;
    • to comply with legal requirements in the field of accounting for the purpose set forth in section 3.5

    In case you do not provide us with this information, we will not be able to provide the services to you.

  5. Where do you get my information from?

    Most information we collect from you. Some information about you we collect from the following entities:

    • Blockchains of Bitcoin and other cryptocurrencies (data are collected for the purposes set forth in sections 3.1, 3.2);
    • Facebook Ireland Ltd. (data are collected for the purposes set forth in sections 3.1, 3.7);
    • Google Ireland Ltd. (data are collected for the purpose set forth in section 3.1);
    • LinkedIn Ireland Unlimited Company (data are collected for the purpose set forth in section 3.7);
    • Twitter Inc. (data are collected for the purpose set forth in section 3.7);
    • CV-Online LT, UAB (data are collected for the purpose set forth in section 3.8);
    • Verslo žinios, UAB (data are collected for the purpose set forth in section 3.8).
  6. Do you share information about me?

    We share the information about you with the following entities only where necessary and permitted by applicable laws and for the reasons listed under the Answer 3 above:


    6.1 Cloud and hosting service providers (data may be transmitted for all purposes indicated in the answer to question 3):

    • Amazon Web Services, Inc.
    • Google Ireland Ltd., Google LLC
    • AgileBits, Inc
    • UAB Interneto vizija

    6.2 Banks and other financial institutions (data are transmitted for the purposes set forth in sections 3.1, 3.2):

    • Mistertango, UAB
    • Advanced Cash Limited
    • Sum & Substance Ltd.
    • Bitstamp Europe S.A, Bitstamp Limited
    • CEX.IO Ltd.
    • SatoshiLabs s.r.o.
    • Blockchain Luxembourg S.A.
    • SimplexCC Ltd.
    • Globitex Ltd
    • ConnectPay, UAB
    • DaoPay GmbH
    • Other banks and financial institutions

    6.3 AML service providers (data are transmitted for the purposes set forth in sections 3.1, 3.2):

    • Onfido Limited
    • IVXS UK Ltd.
    • Elliptic Enterprises Limited

    6.4 IT security service providers (data may be transmitted for all purposes indicated in the answer to question 3):

    • DBO Group LLC
    • Zimuth, Inc
    • Semrush CY Ltd.
    • SolarWinds Worldwide, LLC
    • Cloudflare, Inc.
    • Okta, Inc

    6.5 Marketing and communication service providers (data are transmitted for the purposes set forth in sections 3.1, 3.3, 3.4):

    • Zendesk, Inc.
    • Mailjet SAS
    • Slack Technologies, Inc.
    • Mixmax, Inc.
    • PipelineDeals, Inc.
    • Mailgun Technologies, Inc
    • Google Ireland Ltd., Google LLC

    6.6 Social media service providers (data are transmitted for the purpose set forth in section 3.7):

    • Facebook Ireland Ltd., Facebook, Inc.
    • Twitter Inc.
    • Reddit Ireland Limited, Reddit, Inc.
    • LinkedIn Ireland Unlimited Company, LinkedIn Corporation

    6.7 Accounting service providers (data are transmitted for the purpose set forth in section 3.5):

    • UAB “Added Value”

    6.8 State institutions (data may be transmitted for the purpose set forth in section 3.9):

    • Courts
    • Law enforcement institutions
    • Other state institutions

    6.9 Other service providers (data may be transmitted for all purposes indicated in the answer to question 3):

    • attorneys, attorney’s assistants, notaries, bailiffs, auditors, consultants, IT service providers, electronic communications service providers, insurance companies, archiving services and other subjects that provide services to the Company
  7. How do you protect information about me transferred outside the European Economic Area (EEA)?2

    In most cases, personal data are processed and transferred in the territory of the European Union and the European Economic Area, but when necessary for the provision of certain services, the data may be transferred and processed beyond those territories when the personal data protection level is maintained. When this is permitted by law and is required for the reasons given in this policy to the Answer to question 3, we disclose information about you:

    • Amazon Web Services, Inc. (USA) (data are protected in accordance with Privacy shield program)
    • Zendesk, Inc. (USA) (data are protected in accordance with Privacy shield program)
    • Mailgun Technologies, Inc. (USA) (data are protected in accordance with Privacy shield program)
    • SolarWinds Worldwide, LLC (USA) (data are protected in accordance with Privacy shield program)
    • Cloudflare, Inc. (USA) (data are protected in accordance with Privacy shield program)
    • Slack Technologies, Inc. (data are protected in accordance with Privacy shield program)
    • Mixmax, Inc. (data are protected in accordance with Privacy shield program)
    • Okta, Inc. (data are protected in accordance with Model Contractual Clauses)
    • Facebook, Inc. (USA) (data are protected in accordance with Privacy shield program)
    • Reddit, Inc. (USA) (data are protected in accordance with Privacy shield program)
    • LinkedIn Corporation (USA) (data are protected in accordance with Privacy shield program)
    • Google LLC (USA) (data are protected in accordance with Privacy shield program)
    • Twitter, Inc. (USA) (data are protected in accordance with Privacy shield program)
    • SimplexCC Ltd. (Israel, which is considered by European Commission as safe in terms of data protection)

    You may download a copy of the EU-U.S. Privacy Shield Framework at: https://www.privacyshield.gov/EU-US-Framework

    You may download a copy of the Model Contractual Clauses at: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en

  8. What can I do about my information at your company?

    GDPR and other laws provide you with certain rights, procedures for implementation of and exceptions to these rights. When allowed by law, you can:

    • Submit a request for confirmation that the Company is processing the data related to you. If the Company process the data related to you, request access to the data processed and related information;
    • Submit a request to correct inaccurate or incorrect information used or to supplement it when it is not complete;
    • Submit a request to delete the information we have about you if we use it illegally;
    • Submit a request to restrict the processing of your information – if you dispute the accuracy of the data or object to the processing of the data, if you do not accept that your data would be deleted which was illegally processed, or if you need the data to claim, execute or defend legal claims;
    • Object to collection, use and storage of your information at our Company – when we process data based on the Company's legal and / or third party interests;
    • Submit a request to transfer (receive) the data that you provided to us under the contract or giving the consent and which we process by automated means, generally using electronic form;
    • To withdraw any consents given to us regarding information used about you - when we use the data based on your consent;
    • To lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence or place of an alleged infringement of the GDPR and seek a judicial remedy.
  9. Do you use cookies?

    Yes. We use cookies as described in the table below.

    Cookie category Cookie name Cookie purpose Cookie expiry
    authentication cookie remember_user_token Authentication of user. 2 weeks
    third-party cookie __cfduid Cloudflare. The __cfduid cookie is used to identify individual clients behind a shared IP address and apply security settings on a per-client basis.
    https://support.cloudflare.com/hc/en-us/articles/200170156-What-does-the-CloudFlare-cfduid-cookie-do-
    5 years
    third-party cookie _gat Google Analytics. Used to throttle request rate. 1 minute
    third-party cookie _ga Google Analytics. Used to distinguish users. 2 years
    third-party cookie _gid Google Analytics. Used to distinguish users. 24 hours
    Visitor settings cookie privacy_policy To ensure that customer does not see cookie policy disclaimers after accepting cookie policy. 1 year
    authentication cookie remember_otp_device To avoid repetitive two factor authentication. 30 days
    authentication cookie session_token Additional authentication check, remember_user_token extending functionality for security reasons. Encrypted. 2 weeks
    third-party cookie visid_incap_1058150 Incapsula. These Cookies improve performance and security on the website. 1 year
  10. How can I manage cookies?

    Strictly necessary cookies and performance cookies is a condition of using our website. If you reject these types of cookies then we cannot predict how our website will perform when you visit it.

    You can control the use of functionality cookies, targeting cookies or advertising cookies by adjusting your browser settings.

    Please note that by deleting cookies or disabling future cookies you may be unable to access certain areas or features of our website. If you adjust your cookie settings this will also affect the other websites you visit.

    To find out how to manage cookies in your browser, please visit one of the links below:

  11. How can I get more information?

    If you have any questions, comments or complaints regarding how we collect, use and store information about you, CoinGate has Data Protection Officer to help you. If you need his / her help, please send an e-mail to dpo@coingate.com.


1. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

2. This is all members of the European Union plus Iceland, Lichtenstein and Norway.