Consent to Personal Data Processing
given to the company Simple Coin s.r.o.
ID no.: 01516558, registered office at Bubenečská 184/1, Dejvice, 160 00 Praha 6,
listed in the business register of the Prague Municipal Court.
section C. insert 207798.
(hereinafter referred to as “Consent”)
- “Consent” is to be understood as referring to this Consent to the processing of personal data, which is a concrete, informed and unambiguous expression of free will by which the data subject (the Client) gives the administrator (the Operator) permission to process his / her personal data.
- “Terms of Service” are to be understood as referring to Terms of Service that govern the rights and obligations of the Operator and the Client within the context of Digital currency trading.
- “Operator” is to be understood as referring to Simple Coin s.r.o., ID no.: 01516558, registered office at Bubenečská 184/1, Dejvice, 160 00 Praha 6.
- For the purposes of this Consent, “Client” is to be understood as referring to a non-legal entity who has reached the age of 18 and is wholly entitled, or to a legal entity that visits, purchases and / or receives any services provided by the Operator through the https://exchange.simplecoin.eu website.
- “Contract” is to be understood as referring to a contract of purchase or sale of Digital Currency according to up-to-date exchange rates of the Operator made by the the Operator and the Client through the https://exchange.simplecoin.eu website, in which one of the Contracting Parties commits to deliver to the other Contracting Party Digital Currency, which constitutes the article being purchased or sold, and the other Contracting Party commits to accept the Digital Currency and compensate the first Contracting Party with the purchase price.
- “Website” is to be understood as referring to the website owned by the Operator located on the https://exchange.simplecoin.eu domain, which features authorial elements and a database with regard to which the Operator exercises the entirety of property rights; content of the Web Pages may not be stored, edited, copied, shared nor may any other property rights be exercised with regard to it without the Operator’s prior and written consent permitting such actions.
- “Trade” is to be understood as referring to purchase and / or sale of Digital Currency performed based on a Contract.
- ” GDPR ” is to be understood as referring to European Parliament and (EU) Council regulation 2016/679 from April 27th 2016 that encompasses protection of persons with regard to the processsing of personal data and the unrestricted transfer of personal data as well as the annulment of the 95/46/ES directive (general regulation of personal data protection) that takes effect on May 25th 2018.
- ” ZOOÚ ” is to be understood as referring to Act no. 101/2000 Coll., as amended, related to personal data protection and amendments to certain laws.
- ” AMLZ ” is to be understood as referring to the Act no. 253/2008 Coll., as amended, which deals with measures against the legalization of proceeds stemming from criminal activities and against terrorism funding.
- “Personal data” is generally understood as referring to any information relating to an identified or identifiable non-legal entity (the Client); an identifiable non-legal entity is a non-legal entity who can be identified, directly or indirectly, in particular by reference to a specific identifier, such as a name, identification number, location information, network ID, or to one or more physical , genetic, physiological, mental, economic, cultural or social identity factors specific to this non-legal entity.
- “Personal data processing” is to be understood as referring to any operation or set of operations performed on personal data or on sets of personal data using automated or non-automated means, such as collection, recording, organisation, structuring, storage, adaptation or modification, viewing, consultation, utilization, transmission, dissemination or other facilitation of access, adjustment or combination, restriction, erasure or destruction.
- “Profiling” is to be understood as referring to any form of automated processing of personal data consisting of using such data to evaluate certain personal aspects relating to the non-legal entity, in particular for the analysis or estimate of the aspects relating to his / her professional performance, economic situation, state of health, personal preferences, interests, reliability, conduct, location, or movement.
II Introductory Statement
- The Operator declares that it processes personal data in accordance with GDPR and ZOOÚ, while respecting the principles of legality, fairness, transparency, purpose limitation, data minimization, accuracy, limitation of storage, integrity, and confidentiality. The operator is properly registered as an administrator at the Office for personal data protection under the registration number 00054530.
- The Client declares that all personal data provided by him / her to the Operator are complete, accurate and true, and commits to inform the Operator, without undue delay, about any changes in such personal data.
III Granting consent
- The Client hereby grants the Operator consent to the processing of personal data within the scope and under the terms and conditions listed below.
IV Extent of personal data processing
- The operator processes the personal data of the Client, which the client has provided in a registration or order form, as well as by the means of other (written or oral) communication with the Operator in connection with (i) the establishment and administration of a user account, as well as the making and conclusion of the Contract, (ii) marketing activities of the Operator as referred to in article XIII of the Terms of Service, or with (iii) the fulfillment of legal obligations of the Operator (particularly as per the AMLZ); in particular, this concerns the following personal data:
a) name and surname,
b) birth certificate no. or date of birth,
(e) number, date of issue and validity of an identity card,
f) ID and VAT number,
g) domicile, residence, correspondence address,
h) other personal information routinely written into the identity card,
I) user account login and password,
(j) bank account details
k) electronic wallets details,
l) e-mail address,
m) phone number,
n) IP address,
o) phone conversation voice recordings.
V Purpose and legal basis for processing
- All personal data provided by the Client on the basis of this Consent are processed exclusively for the purpose of (i) the establishment and administration of a user account, as well as the making and conclusion of the Contract, as well as the execution of Trades (ii) sending commercial communication to the Client through electronic means according to law no. 480/2004 Coll.,on certain services of the information society, as well as the analysis of the Client’s behavior with regard to such commercial communication for the purpose of individualization of services within the meaning of article XIII of the Terms of Service. The legal basis for the processing of personal data is also the fulfillment of the legal obligations of the Operator (in particular the obligation to identify and inspect the Client according to the AMLZ within the meaning of Article IV of the terms of Service, or accounting and tax records).
VI Period of personal data storage
- The Operator stores the personal data for as long as is necessary to fulfill the purpose of their processing, and for a period, for which it was granted consent by the Client, or otherwise for a period stemming from generally binding and applicable legal regulations.
- Personal information provided for the purpose of establishment and management of a user account, as well as the making and conclusion of a Contract, or the execution of Trades, will be stored for as long as the user account exists and for the length of the duration of an associated Contract (i.e., its conclusion or termination) and for a subsequent period of ten (10) years, or otherwise until the Client withdraws consent. Personal information provided in relation to marketing activities of the Operator will be stored for a period of two (2) years from the date of receipt of the relevant commercial communication by the Client, or otherwise until the Client withdraws consent.
- As soon as the periods listed in paragraph 2 elapse, the Operator will, within fourteen (14) days, remove (permanently destroy) any and all relevant personal data of the Client in all devices and carriers, with the exception of cases, when their removal is not possible (e.g. personal data stored in the electronic wallet account) or whenever their further storage is required by the legal regulations of the Czech Republic or the European Union.
VII Obligation to provide and effects failing to provide personal data
- With the exception of cases delineated within specific provisions (e.g.. AMLZ), the Client provides personal data to the Operator voluntarily, and is not in jeopardy of any penalties in case of non-compliance. The Client acknowledges, however, that without providing certain personal data it will not be possible to establish and administer a user account, enter into a Contract, particularly to execute a Trade, or to receive commercial communication that he / she subscribed to.
VIII Persons with access to personal data
- Personal data can be accessed by the Operator (Administrator), its employees or other non-legal entities that process personal data based on a contractual relationship with the Operator. All of these entities are required to maintain the confidentiality of personal information, extending beyond the termination of employment or activities performed based on a contractual relationship as per the preceding sentence.
- The Operator may provide access to personal data to other entities (processors) whose processing complies with all GDPR requirements as well as other generally binding and applicable legal regulations, and which provide appropriate safeguards to protect the rights of Clients and their personal data. However, These entities, such as tax, accounting, legal, IT, or marketing advisers of the Operator, will only be allowed access to personal data no longer than necessary and to the extent necessary for these entities to provide services and fulfillment of legal requirements. Committment to confidentiality within the meaning of the final sentence of paragraph shall analogously apply.
- The Operator did not appoint a Data Protection Officer, nor did he designate a representative to perform the GDPR’s obligations.
- The Operator does not intend to transfer personal information of the Client to a third country, international organisation or other third persons referred to in paragraph 3.
IX Withdrawal of Consent
- The Client is entitled to withdraw given Consent voluntarily and free-of-charge by sending an e-mail to the following address: [email protected] or directly via the option provided in all commercial communication delivered to the Client by e-mail. Withdrawal of Consent shall not affect the legality of personal data processing stemming from the Consent granted prior to its withdrawal. Similarly, withdrawal of Consent does not affect to the personal data processing carried out by the Operator that is based on a different legal basis other than Consent.
X Objecting to personal data processing
- The Client may, at any time and for reasons specific to his / her situation, object to the processing of personal data relevant to him / her. In such cases, the Operator shall cease the processing of personal data, unless it provides evidence of substantial and reasonable grounds for further processing of said data, which outweigh the interests or rights and freedoms of the Client, or in order to determine, perform or defend legal claims.
- If personal data are processed for the purposes of direct marketing, the Client is within his / her rights to object at any time to the processing of personal data relevant to him / her within the context of this marketing. If such an objection is raised, personal data will no longer be processed for these purposes.
- If personal data are processed for statistical purposes under art. 89, paragraph 1 GDPR, the Client is, for reasons specific to his / her situation, within his / her rights to object to the processing of personal data relevant to him / her, except where the processing is necessary to perform a task carried out for reasons of public interest.
XI Right to file a complain with a Supervisory authority
- The Client is entitled to, at any time, file a complaint regarding the processing of his / her personal data or regarding a failure on the part of the Operator, acting in the capacity of Administrator, to fulfill its obligations stemming from GDPR, to the Supervisory Authority, which, in the Czech Republic, means the Office for Personal Data Protection, headquartered in Pplk. Sochora 27, 170 00 Prague 7, www.uoou.cz.
XII Automated individual decision-making
- When processing personal data of the Client, automated decision-making or Profiling will not occur. / When processing personal data of the Client, automated decision-making, including profiling, can take place, namely the decision on ____.
- The Client acknowledges that he / she has a right not to be subject to any decisions based solely on automated processing, including profiling, which has legal effects for him / her or otherwise significantly affects him / her. This does not apply if the decision is (i) necessary for the conclusion or fulfillment of a Contract between the Client and the Operator, (ii) permitted by the law of the Czech Republic or the European Union, that which applies to the Operator and which concurrently stipulates appropriate measures ensuring the protection of the rights and liberties and legitimate interests of the Client, or (iii) based on the express Consent of the client.
XIII Other rights of the Client relevant to personal data protection
- The Client has (in addition to the rights to, at any time, revoke Consent to the processing of personal data, to object to the processing of personal data and to file a complaint with the Supervisory Authority) the right to demand from the Operator access to his / her personal data, their correction or erasure , eventually restriction of processing, the right to limit transferability to a different administrator, the right to be informed about a security breach of personal data, as well as the right to apply, without any restrictions and barriers, additional provision by guaranteed GDPR or other generally binding and applicable legislation.
XIV Operator contact details
- The Client may contact the Operator by e-mail at [email protected] or in writing at his registered office at Bubenečská 184/1, Dejvice, 160 00 Praha 6. The Operator is entitled to require the Client to prove his / her identity in order to prevent unauthorized persons from accessing personal data. In order to increase the quality of service and keep records of compliance with the Operator’s legal obligations, all communications between the Client and the Operator may be monitored.
XV Other obligations of the Operator connected to personal data protection
- In compliance with this Consent, Terms of Service, as well as relevant generally binding and applicable legal regulations, the Operator further undertakes to, in particular:
- ensure that personal data will be processed in accordance with the legislation and the purposes of processing within the meaning of article V.;
- implement technical, organizational, personal and other appropriate measures within the meaning of GDPR to ensure and be able to demonstrate, at any time, that the processing of personal data is conducted in accordance with GDPR and ZOOÚ in such a way that excludes the possibility of unauthorized or accidental access to personal data and data carriers which contain such data, their alteration, destruction or loss, unauthorized transmission, their unauthorized processing as well as other misuse, and to continuously review and update these measures as necessary;
- conduct and continuously review and update records on the personal data processing as specified by GDPR;
- report possible breaches of security of personal data of the Office for Personal Data Protection properly and in a timely manner and to cooperate with that authority to the necessary extent
- maintain confidentiality of personal information and security measures, the disclosure of which would compromise the security of personal data, even after the Contract’s expiration
- comply with other requirements stemming from legal regulations, in particular the general principles of personal data processing, fulfill their information obligations, not to transmit personal data to third parties without necessary authorization, to respect the rights of the Clients as data subjects and to provide them with the necessary co-action in this respect.
XVI Securing personal data
- Personal data are processed in an automated way in electronic form.
- Personal data are protected by double encryption and are secured in a manner similar to that of private keys to the electronic wallet accounts of the Operator.