CD Digital Assets, S.L., is a Spanish private limited liability company, with registered office at a. de Europa 19, 3A, Parque Empresarial La Moraleja, Alcobendas, Madrid, Comunidad de Madrid, 28108, Spain, registered in the Commercial Registry of Barcelona at Volume 40,012, Page 215 and Sheet B-569447 and holder of Spanish Tax ID (N.I.F.) B-16987679 trading as Coindirect (“Coindirect”, “we”, “us” and “our”).
- how we collect, process and share your personal data;
- the important security measures we maintain to secure your personal data;
- what rights you have in respect of the personal data we hold on you; and
- why and how we retain your personal data.
What type of personal data do we collect?
In order to open and operate an account for you, provide you with our products and services, or communicate with you, we may need to collect your personal data.
Personal information in this instance includes:
- Personal Identification: Full name, date of birth, age, nationality, gender, signature, utility bills, photographs, phone number, home address, and/or email.
- Formal Identification: Passport number, driver’s license details, national identity card details, photograph identification cards, and/or visa information.
- Financial: Bank account information you provide us.
- Transactional: Information about the transactions you make on our services, such as the name of the recipient, your name, the amount, and/or timestamp.
How your personal data collected?
Your personal data is collected in various ways, including:
- when you provide it to us, such as when you sign up for a Coindirect account, using our products and services;
- when you communicate with us by email, chat, telephone or any other means, we collect the communication and any personal data provided in it; and
- when you use the Coindirect platform we collect information on your transactions and usage of your Coindirect account.
How we handle your personal data?
The following principles are observed in the handling of that data:
- We will only collect personal data for a purpose consistent with the purpose for which it is required. The specific purposes for which information is collected will be apparent from the context in which it is requested, as they are set out as follows.
- Personal information will only be processed for a purpose compatible with that for which it was collected, unless you have consented to an alternative purpose.
- We do not retain your data indefinitely. We will destroy or delete any personal information that is no longer needed by us for the purpose it was initially collected, or subsequently deleted. Sometimes, we may retain your personal data properly blocked during the period of time which legal or contractual liabilities may arise.
What we do and what we don’t do with your personal data?
We may use your personal information to:
- Provide, maintain, and improve the features and functionality of our site and services, based on our legitimate interest and/or the performance of the contractual relationship between you and us.
- Provide for internal non-marketing or administrative purposes, based on our legitimate interest.
- Provide information to you about updates and new services, based -when relevant- (i) on the performance of the contractual relationship between you and us or, (ii) if relevant, your consent or (iii) if relevant, our legitimate interest.
- Process billing and collection of any fees based on the performance of the contractual or precontractual relationship between you and us.
- Meet our legal and regulatory obligations in terms of the applicable laws.
When will we share/disclose your personal data?
To comply with legal and regulatory obligations in rendering our services, we may be required to disclose information about you and/or your account to the following trusted third parties, namely:
- Any person that works for us or for one of our group companies;
- Any entity that forms part of the Coindirect, including where relevant the Coindirect operating entity in applicable the country or region;
- Our agents, affiliates and/or professional advisors.
- Financial and other institutions we partner with to provide our products and services;
- Law enforcement, regulatory and governmental agencies if or when requested.
- Service providers assisting us in processing or otherwise fulfilling transactions and/or providing required services.
- With third party cryptocurrency (or virtual or digital asset) service providers when you send cryptocurrency over the blockchain. The third-party service provider may also use this information to screen and process the relevant transaction;
We will otherwise treat your personal data as private and confidential and will not share it with other parties except:
- where you have given us permission to do so;
- where we may transfer rights and obligations pursuant to our agreement with you.
Your Data Protection Rights
Our clients’ rights and our privacy standards are in line with all applicable data protection laws, including UK data protection laws, the General Data Protection Regulation (GDPR) (EU) 2016/679, the South Africa’s Protection of Personal Information Act of 2013 (“POPIA”), and any other applicable data protection legislation.
You have the following under the applicable data protection laws and regulations:
- Right of Rectification – If there are any changes to your personal information or if you believe that the information we have about you is inaccurate, incomplete, misleading or not up-to-date, you must inform us accordingly at.
- Right of Erasure (“right to be forgotten”) – You have the right to ask us to delete your data when it is no longer necessary, or no longer subject to a legal obligation to which we are subject to. This may be done by requesting your account to be deleted in a support ticket to our support team at https://help.coindirect.com/hc/en-us/requests/new. By requesting us to delete you, you may forfeit your ability to use our services going forward as we require certain data in order to provide our services.
- Right to Withdraw Consent - You have the right to withdraw consent at any time, if the processing of personal data is based on consent.
- Right of Access - You have the right to access your personal data held by us, by contacting us with a request at email@example.com. For your protection, we will take steps to verify your identity before fulfilling your request.
- Right to Request Information – You have the right to request information, as to whether your personal data is being retained, regarding the purposes of the processing, the categories of personal data concerned, the data recipients, and any applicable retention periods.
- Right to Data Portability – You have the right to obtain and reuse your personal data, and request that your data be transferred to a third party.
Please submit a support ticket by sending an email to firstname.lastname@example.org, if you would like to exercise any of the above rights. These rights are limited in some situations, such as where we are legally required to process your data. We may use our discretion in allowing correction requests and may request further documentary evidence of any new information in order to avoid fraud and inaccuracy.
All personal data collected is done so for a legitimate purpose in providing our products and services to you. If you have any questions or would like to delete your account with us or object to any of our information collection practices, please email us at email@example.com.
You can also file a complaint before the Spanish supervisory authority (the, “AEPD”) at www.aepd.es/es.
How do we protect your data?
We take all appropriate and reasonable technical and organisational measures to prevent the loss of, damage to or unauthorised destruction of personal data and the unlawful access to or processing of such data. We have systems in place to control your data in a way that minimise its exposure.
We will take reasonable steps to identify all reasonably foreseeable internal and external risks posed to your personal data under our possession or control and establish and maintain appropriate safeguards against any risks identified.
We will notify you of any security compromises or suspected security compromises in relation to your personal data. In such an event, we will inform you of the consequences of the breach and notify authorities within 72 hours of the security breach.
We operate globally
The personal information we collect from you may be transferred to, stored and processed outside of the jurisdiction in which you live. The laws of those countries may vary from the laws applicable in your own country. Data gathered in the European Economic Area (EEA) may be transferred to, stored and processed at a destination(s) outside of the EEA. Said international data transfers will be carried out in strict compliance with the General Data Protection Regulation and after having executed the relevant Standard Contractual Clauses with the recipients of the data.
Your account is stored by WD Global on a secure server maintained and operated by third-party service providers. These third-party providers are bound by and adhere to the relevant data processing agreements, in compliance with the General Data Protection Regulation.
When and how many we retain your data?
Incomplete Personal Data
Where indicated (for example in application forms or account opening forms), it is obligatory to provide your personal data to us to enable us to process your application for our products or services. Should you decline to provide such personal data, we may not be able to process your application/request or provide you with our products or services.
What is a cookie?
A cookie is a small amount of data sent to your computer or mobile phone from a website. This means the website can recognise your device if you return to the same website. A cookie often includes a unique identifier, which is a randomly generated number. This is stored on your device's hard drive. Many cookies are automatically deleted after you finish using a website. Cookies are not programs and do not collect information from your computer.
How to manage cookies?
Cookies are sent to your browser by a website, and then stored in the cookies directory on your computer. To check and update your cookies settings, you will need to know what browser you are using and what version of it you have. You can usually find this out by opening the browser (just as you do to use the internet), then clicking on 'Help' and then 'About'. This will give you information about the browser version you are using. To find out how to allow, block, delete and manage cookies, visit www.aboutcookies.org and select the browser you are using. You can also read your browser's built-in or online help for more information. See your manual handset to find out how to manage cookies on your mobile phone.
What will happen if I decline or block cookies?
If you decline cookies then the Coindirect website usage won't be counted so we won't be able to take your actions into account when analysing data and looking at ways to improve our website.
Thanks for reading!