Privacy Policy

UPDATED: MAY 30, 2018

INTRODUCTION
Thank you for visiting CoinSpark, a digital asset exchange. By visiting, accessing, or using CoinSpark, you consent to the policies and practices of our privacy policy (the “Privacy Policy”) so please read them carefully. If any policies or practices of this Privacy Policy is unacceptable to you, please do not visit, access, or use CoinSpark. Use of the words “we,” “us,” or “our” in this Privacy Policy refers to CoinSpark, and any or all of its affiliates.

GENERAL TERMS

This Privacy Policy explains what Personal Information (as defined below) we collect, why we collect it, and how we treat it.  By visiting, accessing, or using CoinSpark, you have indicated that you are at least eighteen (18) years old, have the legal capacity to consent to this Privacy Policy, and to agree to be bound by the policies and practices of this Privacy Policy in their entirety. Your privacy matters to us so whether you are new to CoinSpark or a long-time customer, please do take the time to get to know and familiarize yourself with our policies and practices. Feel free to print and keep a copy of this Privacy Policy, but please understand that we reserve the right to change any of our policies and practices at any time. You can always find the latest version of this Privacy Policy here on this page. Visiting, accessing, or using CoinSpark following any change to this Privacy Policy is considered to be your acceptance of any such changes. You should, therefore, read this Privacy Policy from time to time. If you do not agree to be bound by this Privacy Policy, you should not visit, access or use CoinSpark.

DEFINITIONS

DIGITAL ASSETS As used herein, “Digital Asset” means a digital asset (also called a “cryptocurrency,” “virtual currency,” “digital currency,” or “digital commodity”), such as bitcoin or ether, which is based on the cryptographic protocol of a computer network that may be (i) centralized or decentralized, (ii) closed or open-source, and (iii) used as a medium of exchange and/or store of value.

PERSONAL INFORMATION As used herein, “Personal Information” means any information relating to an identified or identifiable natural person (a “Data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, or an online identifier or to one or more factors specific to the physical, economic, cultural or social identity of that natural person.

PERSONAL INFORMATION WE COLLECT We obtain, verify, and record Personal Information that identifies each person who opens an account. This requirement applies to all new customers. This Personal Information is used to assist the United States government in the fight against the funding of terrorism and money-laundering activities. What this means for you: when you open an account, we ask you for your name, address, date of birth, and other identifying Personal Information. In addition, we are a global company and thus may conduct business and collect Personal Information from individuals and institutions located within the European Economic Area (“EEA”). We are required to protect Personal Information processed in the EEA in accordance with the General Data Protection Regulation (“GDPR”). To understand more about how we protect the data we collect from individuals and institutions located within the EEA, please see the “Privacy Statement for Data Subjects Whose Personal Information May Be Collected in or from the EEA” section below.

Personal Information we collect may include the following:

Individual Customer — We attempt to collect, verify, and authenticate the following:

• Email address;
• Mobile phone number;
• Full legal name;
• Social Security Number (“SSN”) or any comparable identification number issued by a government;
• Date of birth (“DOB”);
• Proof of identity (e.g. driver’s license, passport or government-issued ID);
• Home address (not a mailing address or P.O. Box);
• Additional Personal Information or documentation at the discretion of our Compliance Team.

Institutional Customer — We attempt to collect, verify, and authenticate the following:

• Institution legal name;
• Employer Identification Number (“EIN”) or any comparable identification number issued by a government;
• Full legal name (of all account signatories and beneficial owners);
• Email address (of all account signatories);
• Mobile phone number (of all account signatories);
• Address (principal place of business and/or other physical location);
• Proof of legal existence (e.g., state certified articles of incorporation or certificate of formation, unexpired government-issued business license, trust instrument, or other comparable legal documents as applicable);
• Contract information of owners, principals, and executive management (as applicable);
• Proof of identity (e.g., driver’s license, passport or government-issued ID) for each individual beneficial owner that owns 10% or more of the institutional customer entity, as well as all account signatories;
• Personal Information for each entity beneficial owner that owns 10% or more of the institutional customer entity (see the “Individual Customer” section above for details on what Personal Information we collect for individuals).

Device Information – Information that is automatically collected about your device (such as, but not limited to, hardware, operating system, browser, etc.).

Location Information – Information that is automatically collected via analytics systems providers to determine your location, including your IP address and/or domain name and any external page that referred you to us.

Log Information – Information that is generated by your use of CoinSpark that is automatically collected and stored in our server logs. This may include, but is not limited to, device-specific information, location information, system activity and any internal and external information related to CoinSpark pages that you visit.

Account Information – Information that is generated by your account activity including, but not limited to, trading activity, order activity, deposits, withdrawals, and account balances.

Correspondence – Information that you provide to us in correspondence, including opening an account, and with respect to ongoing customer support. You will be allowed to access, review, correct, and ensure the accuracy of the Personal Information you have provided from time to time. We will also do our part to ensure the accuracy of your Personal Information. Personal Information you provide during the registration process may be retained, even if your registration is left incomplete or abandoned. If you are located within the EEA, your Personal Information will not be retained without your consent.

COOKIES When you access CoinSpark, we may make use of the standard practice of placing tiny data files called cookies, flash cookies, pixel tags, or other tracking tools (herein, “Cookies”) on your computer or other devices used to visit CoinSpark. We use Cookies to help us recognize you as a customer, collect information about your use of CoinSpark to better customize our services and content for you, and collect information about your computer or other access devices to (i) ensure compliance with our anti-money laundering (“AML”) program (“AML Program”) and (ii) ensure that your account security has not been compromised by detecting irregular or suspicious account activities. When you log on to the CoinSpark website, you will be provided with the option to accept or reject cookies. Please note that if you reject cookies, you will not be able to use some or all of CoinSpark. If you do not consent to the placing of Cookies on your device, please do not visit, access, or use CoinSpark.

HOW WE USE AND SHARE PERSONAL INFORMATION WE COLLECT The Personal Information we collect and the practices described above are done in an effort to provide you with the best experience possible, protect you from risks related to improper use and fraud, and help us maintain and improve CoinSpark. We may share Personal Information with third-party service providers (including those that may be located outside of the United States or your country), who help us operate our platform and systems, and detect fraud and security threats throughout the normal course of our business. Such third-party service providers are subject to strict confidentiality obligations. In addition, we may be compelled to share Personal Information with law enforcement, government officials, and regulators. For example, we may use your Personal Information to:


• Provide you with our services, including customer support for CoinSpark;
• Optimize and enhance our services for all customers or for you specifically;
• Conduct anti-fraud and identity verification and authentication checks (you authorize us to share your Personal Information with our third-party service providers, who may also conduct their own searches of publicly available Personal Information about you);
• Monitor the usage of our services, and conduct automated and manual security checks of our services;
• Create aggregated and anonymized reporting data about our services.

If we decide to modify the purpose for which your Personal Information is collected and used, we will amend this Privacy Policy. If we propose to sell or buy any business or assets, we may disclose your Personal Information in an anonymized form to the prospective buyer or seller of such business or assets. In the event of a merger, acquisition, or asset sale of CoinSpark, we will give you notice if, and before, your Personal Information is transferred in a non-anonymized form or becomes subject to a different privacy policy. We do not sell customer Personal Information to third parties for the purposes of marketing. Be aware that bitcoin, ether, and other Digital Assets are not necessarily truly anonymous. Generally, anyone can see the balance and transaction history of any public Digital Asset address. We, and any others who can match your public Digital Asset address to other Personal Information about you, may be able to identify you from a blockchain transaction. This is because, in some circumstances, Personal Information published on a blockchain (such as your Digital Asset address and IP address) can be correlated with Personal Information that we and others may have. This may be the case even if we, or they, were not involved in the blockchain transaction. Furthermore, by using data analysis techniques on a given blockchain, it may be possible to identify other Personal Information about you. As part of our security, anti-fraud and/or identity verification and authentication checks, we may conduct such analysis to collect and process such Personal Information about you. You agree to allow us to perform such practices and understand that we do so.

INFORMATION SECURITY No security is foolproof and the Internet is an insecure medium. We cannot guarantee absolute security, but we work hard to protect CoinSpark and you from unauthorized access to or unauthorized alteration, disclosure, or destruction of Personal Information we collect and store. Measures we take include encryption of the CoinSpark website communications with SSL; required two-factor authentication for all sessions; periodic review of our Personal Information collection, storage, and processing practices; and restricted access to your Personal Information on a need-to-know bases for our employees, contractors and agents who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.

ACCURACY AND RETENTION OF PERSONAL INFORMATION We take reasonable and practicable steps to ensure that your Personal Information held by us (i) is accurate with regard to the purposes for which it is to be used, and (ii) is not kept longer than is necessary for the fulfillment of the purpose for which it is to be used, which is when your business relationship with us ends, unless the further retention of your Personal Information is otherwise permitted or required by applicable laws and regulations.

ACCESS, CORRECTION, AND DELETION OF PERSONAL INFORMATION You have the right to ascertain whether we hold your accurate and current Personal Information, to obtain a copy of your Personal Information that you submitted as permitted by law, and to correct any of your data that is inaccurate. You may also request that we inform you of the type of Personal Information we hold with regard to you, subject to restrictions on our providing copies of certain data pursuant to our obligations under AML regulations and/or data provided to our legal counsel in defense of a claim against us. You may also request that we delete your Personal Information, subject to the restrictions on data deletion pursuant to relevant data retention and destruction restrictions under applicable laws and regulations, such as those related to the AML. For data access, correction, or deletion requests, please contact support@internal.coinspark.io. When handling a data access, correction, or deletion request, we check the identity of the requesting party to ensure that he or she is the person legally entitled to make such request. While we maintain a policy to respond to these requests free of charge, should your request be repetitive or unduly onerous, we reserve the right to charge you a reasonable fee for compliance with your request.

DIRECT MARKETING Subject to applicable laws and regulations, we may from time to time send direct marketing materials promoting services, products, facilities, or activities to you using information collected from you. We will provide you with an opportunity to opt-in to such communications and will only send them to you if you consent. We will not provide your Personal Information to third parties for direct marketing or other unrelated purposes without your written consent.

QUESTIONS If you have questions or concerns, please feel free to contact us at support@internal.coinspark.io. Please note that whenever you send us a message, you will be providing us with Personal Information about yourself, including your email address, your name, if you choose to do so, and any information you choose to include in the text of your message. In some cases, other Personal Information may be required in order for us to be helpful and address your question or concern. Such provided Personal Information will be deemed Personal Information provided under this Privacy Policy and handled pursuant to the provisions hereof. This Privacy Policy only pertains to our policies and practices with regard to your Personal Information. Websites linked to and/or from our website are not covered by this Privacy Policy.

SUBMISSIONS We cannot agree to obligations of confidentiality or nondisclosure with regard to any unsolicited information you submit to us, regardless of the method or medium chosen. By submitting unsolicited information or materials to us, you or anyone acting on your behalf, agree and understand that any such information or materials will not be considered confidential or proprietary. We do not provide any facility for sending or receiving private or confidential electronic communications. You should not use CoinSpark to transmit any communication for which you intend only you and the intended recipient(s) to read. Notice is hereby given that all messages and other content entered using CoinSpark can and may be read by us, regardless of whether we are the intended recipients of such messages.

CHANGES We reserve the right to change this Privacy Policy from time to time to meet our changing needs. You will always find the latest version here. We also send an annual notice of this Privacy Policy to all registered customers. By visiting, accessing, or using CoinSpark, you are consenting to any and all updates to our Privacy Policy.

PRIVACY STATEMENT FOR DATA SUBJECTS WHOSE PERSONAL INFORMATION MAY BE COLLECTED IN OR FROM THE EEA While customers who are located in the EEA are customers, we recognize and, to the extent applicable to us, adhere to relevant EEA data protection laws.

COLLECTION AND TRANSFER OF DATA OUTSIDE THE EEA As outlined above, we may collect Personal Information from Data Subjects located in the EEA. To facilitate the services we provide to customers located in the EEA, we request explicit consent for the transfer of Personal Information from the EEA. If you are an individual located in the EEA and you decline to consent to such transfer, you will no longer be able to use CoinSpark and our services. You will have the ability to withdraw Digital Assets and fiat currency; however, all other functionality will be disabled.

LAWFUL GROUNDS TO PROCESS AND OBTAIN CONSENT
We process the Personal Information of Data Subjects who are located in the EEA for one or more of several lawful purposes, including:
• With your explicit consent:
o To provide you with CoinSpark and our services, including customer service support;
o To optimize and enhance CoinSpark for all customers or for you specifically;
• To comply with legal obligations:
o To conduct anti-fraud and identity verification and authentication checks (you authorize us to share your Personal Information with our third-party service providers, who may also conduct their own searches of publicly available Personal Information about you);
• For our legitimate business purposes:
o To monitor the usage of CoinSpark, conduct automated and manual security checks of our service, to protect our rights and perform our lawful obligations.

Data Subjects in the EEA may withdraw consent at any time where consent is the lawful basis for processing their Personal Information. Should a Data Subject withdraw consent for processing or otherwise object to processing that impedes our ability to comply with applicable laws and regulations, a Data Subject may be unable to avail him or herself of the services we provide.

AUTOMATED DECISION-MAKING
We do not engage in automated decision-making.

NON-DISCLOSURE OF PERSONAL INFORMATION
Our employees are prohibited, either during or after their employment, from disclosing Personal Information to any person or entity outside of our company, including family members, except under the circumstances described above. An employee is only permitted to disclose the Personal Information of a customer to such other employees who need access to such information in order to deliver our services to that customer.

OUR CONTACT INFORMATION FOR PERSONS LOCATED WITHIN THE EEA
If you are located in the EEA or Switzerland and have questions or concerns regarding the processing of your Personal Information, you may contact us at support@internal.coinspark.io. If, as an EEA Citizen, you believe that we have not adequately resolved any such issues, you have the right contact the EU supervisory authority.