Privacy Policy
This Privacy Policy (hereinafter referred to as the Policy) defines the policy regarding the processing of personal data and contains information about the implemented requirements for the protection of personal data of the Operator.
1. Terms and definitions
1.1. Data subject is an individual who has reached the age of majority, using the Internet Site https://coco-pay.com/ for financial transactions with electronic, digital or fiat currency.
1.2. Cookies are a piece of data as part of an HTTPS request, intended for storage on the Subject’s end device and used by the Operator to identify the Subject.
1.3. Website – a set of programs for electronic computers and other information on the Internet information and telecommunications network, intended for display in a browser and accessed using the Operator’s domain name. In the context of the Operator’s activities, the website https://coco-pay.com/ is used.
1.4. Registration data – a list of information determined by the Operator, specified when registering on the website https://coco-pay.com/, and subsequently if they change during the execution of the contract.
1.5. Processing of personal data – any action (operation) or set of actions (operations) performed using automation tools or without the use of such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), blocking, deletion, destruction of personal data.
2. General provisions
2.1. The Policy regulates the processing of personal data when the Operator carries out business activities, including the provision of services for the purchase/sale for the User and on behalf of the User of electronic and/or digital or fiat currency.
2.2. Requirements for the security of transferred personal data between the Operator and the Subjects are provided for in the agreement concluded between them (User Agreement) in accordance with current legislation.
2.3. In a situation where personal data comes from the Personal Data Subject, the latter is responsible for providing inaccurate personal data.
2.4. This Policy applies to personal data received both before and after the entry into force of this Policy.
2.5. The operator is obliged to adhere to the following principles when processing personal data:
2.5.1. the processing of personal data must be carried out on a legal and fair basis;
2.5.2. The processing of personal data must be limited to the achievement of specific, pre-defined and legitimate purposes. Processing of personal data that is incompatible with the purposes of collecting personal data is not permitted;
2.5.3. It is not allowed to combine databases containing personal data, the processing of which is carried out for purposes that are incompatible with each other;
2.5.4. Only personal data that meets the purposes of their processing are subject to processing;
2.5.5. the content and volume of personal data processed must correspond to the stated purposes of processing. The personal data processed should not be redundant in relation to the stated purposes of their processing;
2.5.6. When processing personal data, the accuracy of personal data, their sufficiency, and, where necessary, relevance in relation to the purposes of processing personal data must be ensured.
2.5.7. storage of personal data must be carried out in a form that makes it possible to identify the subject of personal data, no longer than required by the purposes of processing personal data, unless the period for storing personal data is established by federal law, an agreement to which the subject of personal data is a party, beneficiary or guarantor. The processed personal data is subject to destruction or depersonalization upon achievement of the processing goals or in the event of the loss of the need to achieve these goals, unless otherwise provided by federal law.
2.5. This Policy is published on the Internet at https://coco-pay.com/.
3. Categories of personal data subjects
3.1. The Operator processes personal data of all Data Subjects who are Users of the site https://coco-pay.com/.
4. Purposes and grounds for processing personal data
4.1. Personal data of the Subjects regarding the use of the Site is processed to achieve the following purposes:
4.1.1. familiarization of the User with the services of the Operator;
4.1.2. concluding an agreement between the User and the Operator and for the purpose of its execution;
4.1.3. notifications to Users about changes in the operation of the Operator Service,
4.1.4. providing support and service to Users of the Service;
4.1.5. to monitor the use of the Service
4.2. Personal data of the Subjects is processed in connection with the performance of purchase/sale services for the user and on behalf of the User of electronic and/or digital or fiat currency.
4.3. Personal data may be used for other purposes if this is required by applicable law.
4.4. The processing of personal data is limited to the achievement of specific, pre-defined and legitimate purposes. Processing of personal data that is incompatible with the purposes of collecting personal data is not permitted.
5. Composition of information about personal data subjects
5.1. The Operator has the right to process the following categories of personal data of the Subjects: name, age, passport data, bank card number, electronic payment system account number, cryptocurrency wallet address, e-mail, telephone number, address (house, street, town, country), cookies .
5.2. The storage period for personal data is determined by the contract or the essence of another basis for processing.
5.3. The period for processing personal data of the Subjects is until the end of the provision of services for the purchase/sale for the User and on behalf of the User of electronic and/or digital or fiat currency.
5.4. The period for processing personal data of the Subjects after the provision of services specified in clause 5.3 is within 3 years.
5.5. Storage of tangible media of personal data is carried out separately for each category of personal data subjects.
6. Storage and processing of personal data
6.1. The operator can process personal data in personal data information systems, ensuring their proper protection.
7. Subject Rights
The subject of personal data has the right:
7.1. Request changes to the provided personal data or their deletion.
7.2. Send requests to the Operator regarding the processing of his personal data, within the competence of the Operator.
7.3. Exercise other rights provided for by current legislation.
7.4. Request changes to the provided personal data or their deletion. Send requests to the Operator regarding the processing of his personal data within the competence of the Operator. Exercise other rights provided for by current legislation.
8. Information about the implemented requirements for the protection of personal data
8.1. When processing personal data, the Operator takes the necessary legal, organizational and technical measures and ensures their adoption to protect personal data from unauthorized or accidental access to it, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other unlawful actions in in relation to personal data, which include in particular (but not limited to):
8.2. Appointment of the person responsible for the processing of personal data.
8.3. Limiting the number of employees who have access to personal data.
8.4. Software identification of Subjects, Operator’s employees and recording of their actions.
8.5. Implementation of anti-virus control and other measures against malicious software and mathematical influences.
8.6. Application of backup and recovery tools.
8.7. Software updates when security patches from manufacturers are available.
8.8. Implementation of encryption when transmitting personal data on the Internet.
8.9. Taking measures related to the admission of only appropriate persons to places where technical equipment is installed.
8.10. The use of technical means of protecting premises in which technical means of information systems of personal data are located, and places of storage of material media of personal data.
8.11. The operator ensures the security of personal data, in particular by using it:
8.11.1. taking into account the possible harm to the subject of personal data, the volume and content of personal data being processed, the type of activity during which personal data is processed, the relevance of threats to the security of personal data;
8.11.2. application of technical measures in accordance with threats to the security of personal data during their processing in personal data information systems;
8.11.3. using organizational and technical measures to ensure the security of personal data during their processing in information systems necessary to comply with the requirements of the legislation on the protection of personal data;
8.11.4. using information security means that have passed the compliance assessment procedure in accordance with the established procedure;
8.11.5. with an assessment of the effectiveness of measures taken to ensure the security of personal data before starting work in the personal data information system;
8.11.6. taking into account computer storage media of personal data, if used;
8.11.7. using procedures related to detecting facts of unauthorized access to personal data and taking measures;
8.11.8. with the possibility of restoring personal data modified or destroyed due to unauthorized access to them;
8.11.9. with establishing rules for access to personal data processed in the personal data information system, as well as ensuring registration and accounting of all actions performed with them;
8.11.10. with control over the measures taken to ensure the security of personal data and the level of security of personal data information systems.
9. Working with password protection
9.1. Personal passwords must be generated by special software tools of the administrative service or created directly by Subjects using the site during registration.
9.2. The password must be at least 8 characters long.
9.3. The password must contain upper and lower case letters, numbers and special characters.
9.4. The password must not include:
− easily calculated combinations of symbols;
− keyboard sequences of symbols and signs;
− generally accepted abbreviations;
− abbreviations;
phone numbers, car numbers;
− other combinations of letters and signs associated with the Subject;
− when changing the password, the new combination of characters must differ from the previous one by at least 2 characters.
9.5. It is allowed to use a single password to gain access by the Subject to various information resources.
9.6. A complete unscheduled change of passwords for all Subjects must be carried out in the event of termination of the administrators’ powers.
9.7. A complete unscheduled change of passwords should be carried out in the event that the personal password of one of the administrators is compromised.
9.8. If the Subject’s personal password is compromised, access to information from this account must be immediately limited until the Subject’s new account or password comes into force.
9.9. When working with password protection, Subjects are prohibited from:
− disclose your personal password and other identifying information to anyone;
− provide access to information from your account to third parties;
− write down passwords on paper, files, electronic and other media, including on objects.
9.10. The Subject may store his or her password on paper only in a personal safe, sealed by the owner of the password.
9.11. When entering a password, the Subject is obliged to exclude the possibility of its interception by third parties and technical means.
9.12. By compromise we mean:
− physical loss of the media with information;
− transmission of identification information via open communication channels;
− penetration of an unauthorized person into the premises of physical storage of a carrier of password information or an algorithm or suspicion of it (alarm activation, damage to NSD control devices (seal impressions), damage to locks, etc.);
− visual inspection of the identification information carrier by an unauthorized person;
− password interception when distributing identifiers;
− deliberate transfer of information to a third party.
9.13. Actions to take if a password is compromised:
− a compromised password is immediately removed from action, and a spare or new password is entered in its place;
− all participants in the exchange of information are immediately notified of compromise. The password is included in special lists containing compromised passwords and accounts.
11. Privacy
11.1. The operator and other persons who have access to personal data are obliged not to disclose to third parties or distribute personal data without observing the principle based on the consent of the personal data subject, except as provided for by current legislation.
12. Destruction (depersonalization) of personal data
12.1. Destruction (depersonalization) of the Subject’s personal data is carried out in the following cases:
12.1.1. upon achievement of the purposes of their processing or in case of loss of the need to achieve them within a period not exceeding thirty days from the moment of achieving the purpose of processing personal data, unless otherwise provided by the agreement to which the subject of personal data is a party, or another agreement between the Operator and the subject of personal data (his representative, employer);
12.1.2. in case of detection of unlawful processing of personal data or lawful revocation of personal data within a period not exceeding ten working days from the date of detection of such a case;
12.1.3. in case of expiration of the personal data storage period, determined in accordance with the legislation and organizational and administrative documents of the Operator;
12.1.4. in case of an order from the authorized body for the protection of the rights of personal data subjects, prosecutorial authorities or a court decision.
13. Transfer to third parties
13.1 The operator may transfer personal data to other parties, hosting providers, analytics services, and other parties for the purpose of fulfilling an agreement concluded with third parties.
13.2. The Operator guarantees the conclusion of an adequate order for the processing of personal data in the event of involving third parties in accordance with the contractual powers of the Operator.
13.3. The operator is right do not transfer personal data to bodies of inquiry and investigation, other authorized bodies on the grounds and in cases directly provided for by current legislation.
14. Final provisions
14.1. The period for processing personal data processed by the Operator may be determined by the organizational and administrative documents of the Operator.
14.2. This Policy is subject to change and addition in the event of the emergence of new legislative acts and special regulations on the processing and protection of personal data, as well as by the decision of the Operator.
14.3. Control of compliance with the requirements of this Policy is carried out by the person responsible for organizing the processing of personal data.
14.4. Issues not regulated by this Policy are regulated by current legislation.
14.5. The operator may issue other local acts that clarify certain principles for processing personal data.
Contact Information:
If you have any questions about the Privacy Policy, please contact us at info@coco-pay.com.
