1. General Information
Coinvertit.com and its direct and indirect subsidiaries offer via its websites www.coinvertit.com and www.cointessa.com (together hereinafter referred to as "website" or "platform") services and products related to buying and selling cryptocurrencies and other digital assets as well as payment and IT services.
Cointessa.com SRL with its business address at 37, V. Lucaciu street, Satu Mare, Romania is the content provider of the Platform as well as responsible for the offer of cryptocurrencies on it.
2. Cookies and Sessions
Coinvertit does store some information in "cookies" and "sessions" on your computer. It does not store any personally identifible information. If you use a section of our website that requires a login, your login information may be stored in a cookie for the duration of your browser session.
-recognize you as a Coinvertit customer
3. What data is being collected?
3.1 Website Visitors
-customize Coinvertit services, content, and advertising
-measure promotional effectiveness
-collect information about your computer or other access device to mitigate risk, help prevent fraud, and promote trust and safety
We may add information collected by way of page view activity. Furthermore, we may collect and process Personal Data that you voluntarily and with your consent give to us in our website's forms, such as when you sign up for information, request to contact our support team and our newsletters. You can unsubscribe from the newsletter by opening one of the e-mails, which you received, and clicking "unsubscribe" at the content of the page.
If you provide us with your social media details, we may retrieve publicly available information about you from social media. We use such information for better user experience, enabling a user to make a login to our website with the users' Facebook profile, Twitter account or Google+ account.
Such Personal Data may comprise your IP address, first and last name, your postal and email address, your phone number, your job title, data for social networks, your areas of interest. The information is collected for the purpose of improved user experience.
We also collectively gather data about visits to our website, including numbers of Visitors and visits, Geo-location data, length of time spent on the site, pages clicked on or where Visitors came from, frequency, clicks, time, places, target groups, data from cookies and similar technologies, consumer's behaviour, interests and preferences, data about market research and target groups surveys, etc.
Purpose of processing personal data:
We use the collected data to communicate with Visitors, to customize content for Visitors, to show ads on other websites to Visitors, and to improve our website by analyzing how Visitors navigate our website. We will process all Data in order to monitor and improve website and services.
We process the personal data that we receive from you within the scope of the business relationship and usage of our Website. Furthermore we might process data we receive from credit agencies, debtor directories, business analysis providers and from publicly available sources (e.g. commercial register, register of associations, sanctions lists, land register, online and offline media, etc.).
When using our services or interacting with us the following personal data might be processed:
Contact data: when creating a new member account or communicating with us we might process for example: name (first last and middle), address, phone number, email, date of birth, etc.
Verification data: when an account is verified, also depending on the level of verification, therefore we might process for example: screenshots or photos of national identity documents, like passport, driving license, ID card, and identification data from these documents, utility bill details for residence verification, etc.
Financial data: in the course of purchase and sale transactions we might process for example: bank details (IBAN, bank account number), payment details, transaction-IDs, crypto currency addresses, blockchain data, etc.
Log data: during activities on the website, we might process for example: IP-address, transaction data, deposit and withdrawal address, computer or mobile device information, frequency, time, operating system, browser type, device type, unique device identification number, identification cookies (e.g. for the Affiliate and Tell-a-Friend program), optionally form data, crash reports, performance data, third party cookies, etc.
Source of funds and proof of funds: if proof of funds is necessary, we might process for example: banking statements or any other details provided by banks or financial institutions, contracts of sales or contracts in general, or any other suitable data to prove or determine the origin of funds.
The source of the member data is a user who opens an account and data we receive from certain third parties presented above. The account opening data will be used and processed for the purposes of performing a detailed Know Your Customer (Hereinafter: KYC) procedure according to necessary Anti-Money Laundering and Anti-Terrorist Regulations.
Members are visitors of our website and therefore their Personal Information is collected as described in the previous section. This Personal Information will be used for operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with Users.
We will use users' e-mail phone number and residential address for communication purposes with users regarding: login, registration, transactions, orders, safety requirements, notifications about safety measures, reminders about the status of orders, transactions, user profile level, and other necessary communication with users. The user will also receive occasional notifications about new features and other promotions.
In the course of our activity, we shall also communicate with the users via the phone using the phone numbers given in the identification process. Communication will serve for the purpose of verifying the credibility of the user account.
We do not record sensitive data on racial or ethnic origin, political opinions, religious confession or philosophical beliefs, or membership of trade unions and genetic data processing, biometric data to identify a single individual, data on health or data on sexual life, or the sexual orientation of a natural person, unless we have the explicit consent of the person concerned and only if this is absolutely necessary. When we record such data, we limit ourselves to specific circumstances.
4. Where do we store the data and how can you withdraw your consent?
All Personal Data, which will be collected and processed within the KYC / AML procedure are stored on servers in European data regions and dedicated servers outside EU data regions.
It has to be noted that Coinvertit is a platform that offers buying, selling, trading and storing virtual currencies. Trading virtual currencies take place on the blockchains which are decentralized platforms for virtual assets. Blockchain is a system in which a record of transactions made in bitcoin or another cryptocurrency are maintained across several computers that are linked in a peer-to-peer network. By design, a blockchain is inherently resistant to modification of the data. Therefore Data cannot be modified or deleted, since there are thousands or tens of thousands of servers involved, data is dispersed among several computers all around the world in an encrypted version.
If you trade virtual currencies you agree that your Personal Data may be collected, stored, processed and that you will not be able to delete it or invoke the right to be forgotten. Your data however is anonymized. Note that also encrypted personal data that is your e.g. crypto wallet address with Coinvertit can still be traced back to a person if enough effort is put into it by experts or someone holds the key to decryption. With trading virtual assets via Coinvertit you expressly agree to give your Personal Data on the (public) blockchain that these Data (even though encrypted) cannot be deleted and that Personal Data may be transferred outside European territory.
You acknowledge and expressly agree that by the nature of the technology it is not possible to delete personal data from the blockchain and invoke the right to be forgotten. You also agree that by the nature of the technology it is not possible to keep personal data within the EU borders.
5. What is the legal basis for processing the data?
We collect and process your data for:
a) legal obligation
b) execution of a contract
c) your consent
6. What security measures we have implemented in order to protect the data?
We use a variety of security measures to ensure the confidentiality, integrity, availability and privacy of your Personal Information and to protect your Personal Information from loss, theft, unauthorized access, misuse, alteration or destruction. These security measures include, among others:
- password protected directories and databases
- Secure Sockets Layered (SSL) technology to ensure that your information is fully encrypted and sent across the Internet securely
- secure coding principles
- encryption of sensitive data during transfer and at rest
- regular backups of sensitive data
- 2FA (2 Factor Authentication)
- logging of activities performed in the platform
- access controls and other measures to mitigate risks identified during the risk assessment process
All financially sensitive and/or credit information is transmitted via SSL technology and encrypted in our database and our servers. Only authorized Coinvertit employees are permitted access to your Personal Information, and employees are required to treat the information as highly confidential.
7. Will the data be shared with any third parties?
In order to provide the best services we communicate certain data outside the Company, but only with government authorities, and only in order to comply with regulatory obligations. It is possible that we disclose data to relevant authorities, for example, to prevent terrorist financing and money laundering. In some cases, we are legally required to communicate the data of the external parties, including:
8. What rights do you have?
Please consult the GDPR Regulation to review your rights.
9. For how long is my personal data processed (stored) and when will it be deleted?
We retain your personal data, as far as necessary, for the duration of the entire business relationship (from initiation through performance to termination of a contract), and in principal 1 year after termination of the business relationship. Beyond this we retain your data only for a longer period, in accordance with statutory retention and documentation obligations, to defend legal claims or with your explicit consent.
10. How can you contact us?
For any question or request regarding your data, please contact us at the following email address: firstname.lastname@example.org.