CCOINS PRIVACY POLICY

READ THESE PRIVACY POLICIES CAREFULLY, CONTAINING IMPORTANT INFORMATION ABOUT THE HANDLING OF YOUR INFORMATION, AS WELL AS THE OBLIGATIONS RELATED TO THE USE OF THE CCOINS PLATFORM.

Welcome to CCOINS, a web platform (Further on in this document referred to as CCOINS, COMPANY, PLATFORM or SITE) owned by CCOINS LABS S.A.S. Company domiciled in Colombia and identified with NIT 901090970-2. CCOINS offers the services described in TERMS AND CONDITIONS, which you can learn about and verify on the SITE.

CCOINS is committed to respecting and protecting Users’ data. Therefore, to ensure proper compliance with Law 1581 of 2012, Decree 1377 of 2013, and the General Regulations for the Protection of Personal Data (hereinafter, GDPR).

You, and all persons who use CCOINS, whether registered or not, will be referred to in this document as USER(S) or HOLDER. The User who uses and enjoys CCOINS must know and accept the following Privacy Policies (Privacy Policies).

Principles

CCOINS is committed to the implementation of mechanisms related to the personal information of third parties, to guarantee, harmoniously and comprehensively, the following principles:

• Principle of legality in matters of Data Treatment: 

The Data Treatment referred to in this law is a regulated activity that must be subject to what is established in it and in the other provisions that develop it.

• Principle of purpose: 

The Data Treatment must obey a defined, legitimate, explicit, and informed purpose to the Owner, per the Constitution and the Law and the General Regulations for the Protection of Personal Data.

• Principle of freedom: 

Data Treatment can only be exercised for the prior, express, and informed consent of the Holder. Personal data may not be obtained or disclosed without prior authorization or in the absence of a legal or judicial mandate that relieves consent.

• Principle of veracity or quality: 

The information subject to Data Treatment must be truthful, complete, exact, updated, verifiable, and understandable. Processing partial, incomplete, fragmented, or misleading data is prohibited.

• Principle of transparency: 

In the Data Treatment, the Owner has the right to obtain information about the existence of data that concerns him or her from the Data Treatment Manager at any time and without restrictions.

• Principle of restricted access and circulation: 

Data Treatment is subject to the limits derived from the nature of personal data, the provisions of this law, and the Constitution. In this sense, the Data Treatment can only be done by persons authorized for the Owner, and/or by the persons provided for in this law. Personal data, except public information, may not be available on the Internet or other means of disclosure or mass communication unless access is technically controllable to provide restricted knowledge only to the Holders or authorized third parties under this law.

• Security principle: 

The information subject to Data Treatment by the Treatment Manager referred to in this law; must be handled with the technical, human, and administrative measures necessary to grant security to the records avoiding their adulteration, unauthorized or fraudulent loss, consultation, use, or access.

• Confidentiality principle: 

All persons involved in the processing of personal data that are not public are obliged to guarantee the confidentiality of the information, even after the end of their relationship with any of the tasks that the Processing comprises, and may only Carry out supply or communication of personal data when this corresponds to the development of the activities authorized in this law and the terms thereof.

• The principle of limitation of the term of conservation: 

Only adequate, pertinent, and necessary data can be processed for a purpose; the preservation of these data must be limited in time to the achievement of the purposes that the treatment pursues. Once these purposes have been achieved, the data must be deleted or, at least, devoid of any element that allows the data subjects to be identified.

Scope

These policies apply to all USERS of CCOINS at a national and international level.

Definitions

• Holder:

Each of the natural persons with whom the personal data is related.

• User: 

Is the person who uses the services of the PLATFORM.

• Makers: 

These are those USERS who make an offer to buy or sell cryptocurrencies.

• Takers:

 Are those USERS who accept the offer made by a MAKER.

• Personal Data: 

Set of information related to one or more natural persons.

• Sensitive Data: 

Sensitive data is understood to be that which affects the privacy of the Holder or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership in trade unions, social, human rights organizations or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sexual life, and biometric data.

• Data Processing:

Any operation, or set of operations, on personal data such as the collection, storage, use, circulation, or deletion.

• Responsible for the Treatment: 

Natural or legal person; public or private; that by itself or in association with others; decides on the database and/or the Data Treatment.

• Person in Charge of Treatment: 

Natural or legal person, public or private, that by itself or in association with others, performs the Data Treatment of personal data on behalf of the Person Responsible for Treatment.

• Database: 

Organized set of personal data subject to Data Treatment.

• General Data Protection Regulation (hereinafter GDPR): 

It is the new regulation that controls the protection of citizens’ data living in the European Union.

General Data Protection Regulation

CCOINS implements its data collection and data processing, following current legal regulations, for which CCOINS adapts and owns the following:

• Use for the management of information, tools, and integrations with third parties that comply with the Data Protection Law and with the GDPR with specific fines without the right to be shared, used, or for a purpose other than that initially authorized by the user. Username.

• It complies with the general principles of the GDPR regarding data quality, consent, right to information, and offers. All data owners have the rights of access, rectification, data portability, restriction, deletion, and opposition.
• It complies with the general criteria of legality, fairness, and transparency of data processing. The fines are determined, explicit, and legitimate.
• Applies data minimization, by collecting only the data that is adequate, pertinent, and limited to what is necessary. It guarantees accuracy and updating and keeps them only for the time necessary for the data treatment.
• It adapts the appropriate technical and organizational measures to guarantee an adequate level of security.

Authorization of the Owner for Data Processing

CCOINS requires the free, prior, express, and informed consent of the Holder of the personal data for the treatment of the same. Except in the cases expressly authorized by law. Said authorization will be granted by: the Holder, who must prove his identity sufficiently, according to the form indicated by the PLATFORM or the assignees, guardians, representatives, or attorneys of the holder, who must prove such quality, representation, or empowerment.

The General Data Protection Regulation determines the need to establish adequate security guarantees against unauthorized or illicit treatment, against the loss of personal data, destruction, or accidental damage. This implies the establishment of technical and organizational measures, such as this policy, aimed at ensuring the integrity and confidentiality of personal data and the possibility of demonstrating, as established in article 5, parraph 2 of the Regulation, that these measures have been carried out into practice (proactive responsibility).

CCOINS will obtain authorization through different means, including Email, SMS, platform, or in any other format that allows evidence that the Information Treatment Policy has been disclosed and that the owner authorizes the Treatment of their data.

CCOINS will deliver the information of the Data Holders to the following:

• To the owners of the data, their heirs, or representatives at any time and through any means when they request it from CCOINS.
• To the judicial or administrative entities, in the exercise of functions that eleven any requirement to CCOINS, so that the information is delivered.
• To third parties that are authorized by any law of the Republic of Colombia or the General Data Protection Regulation.
• To third parties to whom the Data Owner expressly authorizes to deliver the information and whose authorization is delivered to CCOINS.

The authorization of the Holder will not be necessary in the following cases:

• Information required by a public or administrative entity in the exercise of its legal functions or by court order.
• Data of a public nature.
• Cases of medical or health emergencies.
• Treatment of information authorized by law for historical, statistical, or scientific purposes.
• The processing is necessary for reasons of public interest in the field of public health, such as protection against serious cross-border threats to health.
• The treatment is necessary for reasons of essential public interest, based on the Law of the Union or of the Member States, which in any case must be proportional to the objective pursued.
• Data related to the Civil Registry of Persons.

The Holders of the personal data may, at any time, revoke the authorization granted to the PLATFORM for the Processing of their data or request their deletion, as long as it is not prevented by a legal or contractual provision. The withdrawal of the authorization will not affect the legality of the data treatment based on the consent before its withdrawal.

What are the Purposes and Uses of Personal Data?

CCOINS collected from the Holders the following information:

• Full names and surnames.
• Username.
• Front and back image of your identity document.
• Selfie or self-portrait of the Holder.
• Email address.
• phone number.
• Nationality.
• country of residence.
• Full address of residence address.
• Proof of residence address.
• USER profile information.
• default language.
• Internal chat messages available on the platform.
• Offers and terms of the offers created by the MAKERS.
• Offers accepted by TAKERS.
• Account notifications.
• IP addresses.
• The cookie ID and/or other device identifiers.
• Information related to your access to the Website.

CCOINS, in the development of its object and its relations with its users, collects data that is limited to personal data that are pertinent and adequate for the following purposes:

• For the creation and verification of the PLATFORM account by the Holder;
• Verify the identity of the Holder at the time of accessing the account;
• Help Cardholders verify their identity with each other.
• Communicate with the PLATFORM regarding the support of the account, or any of the Services that the Holder uses.
• Compare the information with fines of statistics, precision, and verification;
• So that the MAKERS-TAKERS can make and take offers.
• Send notifications and messages via email or text messages.
• Provide a personalized experience and implement your preferences.
• To better understand users and how they use and interact with CCOINS and its Services.
• Create user-related advertisements.
• Provide personalized Services, offers, and promotions on the PLATFORM and third-party websites.
• Provide specific options and offers according to the location and preferences of users;
• To comply with our policies and obligations, including, but not limited to, disclosures and responses to any request from law enforcement authorities or regulatory entities following any applicable law, rule, regulation, court or government order, the regulatory authority of Competent Jurisdiction, request discovery or similar legal process.
• Collect fees for services provided.
• Resolve technical problems reported or that arise on the PLATFORM.

Concerning the above purposes, CCOINS may:

• Carry out publications of scientific works or studies in these cases, the data will be anonymized in such a way that the owner of the data cannot be identified.
• Obtain, store, compile, exchange, update, collect, process, reproduce and/or dispose of data or partial or total information of the holders of personal data.
• Classify, order and segment the information provided by the Data Owner.
• Extend the information you obtain, under the terms of the Law, to the companies with which you contract the services of collection, storage, management, and Treatment of your Databases, before the due authorizations and legal requirements that are necessary in that regard.
• Transfer partial or total data or information to its subsidiaries, businesses, companies, and/or affiliated entities.

What rights do the owners’ data have or can exercise?

• Right of access: 

The Holder will be provided with a copy of his data available; with the purpose for which they have been collected such as the identity of the recipients of the data; the planned conservation periods; or the criteria used to determine the existence of the right to request the rectification or deletion of your data; as well as the limitation or opposition to its data treatment.

• Right to know, update, rectify and consult your Personal Data: 

At any time regarding the data that you consider partial, inaccurate, incomplete, fragmented, those that lead to error, or those whose Data Treatment is expressly prohibited or has not been authorized. The Holder must indicate in the request to which data it refers and the correction that must be made, providing, when necessary, the supporting documentation of the inaccuracy or incompleteness of the data subject to treatment. Any loss or damage caused to the Platform or the person in charge of the Platform or any third party due to communication of erroneous, inaccurate, or incomplete information in the registration forms or your account, will be the exclusive responsibility of the USER.

• Right of Deletion: 

In the right of deletion, the data of the owners will be deleted when they express their refusal to the treatment and there is no legal basis that prevents it, they are not necessary for relation to the purposes for which they were collected, withdraw the consent provided, and there is no other legal basis that legitimizes the treatment, or it is illegal.

• Right of opposition: 

In the right of opposition, when the holder expresses his refusal to process his data before the person in charge, the latter will stop processing them as long as there is no legal obligation that prevents it.

• Right of portability: 

In the right of portability, the interested parties can request to receive a copy of their data in a structured format, of common use and mechanical reading. Likewise, they have the right to request that they be transmitted directly to a new person in charge, whose identity must be communicated, when technically possible.

• Request at any time proof of the authorization granted to APP.

• Submit to the Superintendence of Industry and Commerce or the relevant data protection authority the complaints to assert your right to Habeas Data against CCOINS.

What are the CCOINS duties as a data controller?

CCOINS acknowledges that Personal Data is the property of its Holders and that only they can decide on it. Taking into account the nature, scope, context, and purposes of the treatment, as well as the risks to the rights and freedoms of natural persons, the data controller will apply appropriate technical and organizational measures to ensure that the treatment is following the rules or provisions on data protection.

Under the foregoing, it assumes the following duties in its capacity as Data Controller:

• Have the channel in the application obtain express authorization from the Owner to carry out any data processing.
• Request and keep, under the conditions provided in the Personal Data Protection Law, a copy of the respective authorization granted by the Holder.
• Clearly and expressly inform Data Holders of the Treatment to which they will be subjected and the Purpose of said Treatment by the authorization granted;
• Guarantee the Holder of the information, at all times, the full and effective exercise of the right of habeas data.
• Provide the Person in Charge of the Treatment, as the case may be, only data whose treatment is previously authorized following the provisions of the Personal Data Law.
• Inform the rights that all Holders have for their data.
• Maintain and ensure the security of the Personal Data records stored to prevent their deterioration, loss, alteration, unauthorized or fraudulent use.
• Periodically and timely update and rectify the data, each time the Owners of the same report news or requests.
• Inform the identification, physical, and/or electronic address and telephone number of the person or area that will have the quality of Data Controller.
• In case there are substantial changes in the content of this Information Treatment Policy which may affect the content of the authorization that the Holder has granted to CCOINS, the latter will notify you in a timely and efficient manner of the changes before or at the latest time of implementation of the new policies.

Will CCOINS share the data of the Holders with third parties?

CCOINS may share with third parties the information provided by the Holder at the registering time on the PLATFORM to verify their account. For the external handling of data, when personal data is transferred or transmitted to third parties such as suppliers or affiliated companies (among others), we will ensure that they comply with data protection legislation, with the security measures, and the same guarantees granted by us, following article 28 of the RGPD. Likewise, we recommend that you consult the data protection policy of the corresponding provider. The range of data transmitted will be the minimum necessary.

For the internal management of the data, these may be known by the authorized personnel of CCOINS, who must comprehend the security and data collection procedures. 

What does CCOINS do for data security?

CCOINS foresees, cares for, and adopts the technical, human, and administrative measures necessary to maintain the security of your information and strives to prevent its loss, adulteration, access, or consultation of unauthorized third parties to the Platform through standard technologies of the industry, and internal procedures, including through the use of tokens and encryption mechanisms. However, CCOINS does not guarantee that unauthorized access will never occur. Likewise, we guarantee that:

• CCOINS has security protocols and access to information, storage, and processing systems, including physical security risk control measures. The system is permanently monitored through vulnerability analysis. The CCOINS staff that performs the processing of personal data executes said protocols to guarantee the security of the information.

• CCOINS must notify Users within 72 hours if there is a security breach in their information.

• Access to the different databases is restricted even for employees and collaborators.

• All employees and third parties have signed confidentiality clauses in their contracts committed to the databases following the guidelines on the information treatment established in the Law.

• It is the responsibility of the User to have all the security controls on their computers or private networks for browsing our portals.

• Any Third Party Holder of Personal Data has the right to request directly to CCOINS to delete their personal information and revoke the authorization granted to the User who operates the Platform. 

• The devices and computers used for the storage and processing of personal data must be kept up to date as far as possible.

• In the computers and devices where the automated processing of personal data is carried out, there will be an antivirus system that guarantees, to the extent possible, the theft and destruction of personal information and data. The antivirus system must be updated periodically,

• To avoid improper remote access to personal data, care will be taken to guarantee the existence of an activated and correctly configured firewall on those computers and devices in which personal data is stored and/or processed.

• A backup will be made periodically on a second medium other than the one used for daily work. The copy will be stored in a safe place, different from the one where the computer with the original files is located, to allow the recovery of personal data in case of loss of information.

Cookies use

CCOINS may use technologies such as cookies (or similar technologies), which store certain information on the computer or device that the USER chooses as Local Storage, allowing the automatic activation of certain features and the best use of the service.

Cookies allow our PLATFORM to recognize, store and retrieve information about browsing habits of a USER or their equipment and, depending on the information they contain and how they use their equipment, they can be used to recognize the anonymous USER. Therefore, cookies are generally used to remember the options that the user has chosen (for example, remember the language used) or to recognize users who frequent CCOINS.

CCOINS uses three (3) types of cookies:

Technical cookies: To display our PLATFORM and make it work properly. These technical cookies are necessary for CCOINS to work properly.

Functional cookies: To remember the preferences of USERS and to help use our PLATFORM efficiently and effectively, such as remembering the USER’s favorite currency and language.

Analytical cookies: 

To understand how the USER uses our PLATFORM, detect what works and what does not, optimize and improve our communication portals and ensure that the USER continues to consider our services interesting and relevant. This information is anonymous and is only necessary for statistical purposes.

To delete or deactivate the “Cookies” Local Storage option, the USER, or third parties, must use the configuration option according to the instructions specified by the technology provider. However, if the USER or the third party blocks or deletes the cookies, the experience with CCOINS may be limited.

If the USER authorizes the use of cookies, continues browsing, makes use of our PLATFORM, or clicks on a link as appropriate on the PLATFORM, it will be understood that they have consented to our cookie policy and, therefore, the acceptance for the installation of cookies. same on your computer or device, except to the extent that you have modified your browser settings to reject the use of them.

How can I make a request, complaint, or claim to CCOINS?

Every holder or successor in title of Personal Data has the right, free of charge, to make inquiries and requests to CCOINS to know, update, rectify, delete information and revoke the authorization or to make requests, complaints, and claims regarding the Treatment that CCOINS gives to the information.

Holders can contact the administrative area responsible for handling requests, complaints, and claims via email: support@ccoins.io. 

The query must be addressed to the name of the administrative area, with the full name of the Holder, the description of the query, request, request, complaint, or claim, the contact telephone number, and the email. The owner of the information must present and/or attach the following documents:

• If it is the Holder: Valid identity document.
• If it is the successor in the title: Valid identity document, Civil Registry of Death of the Holder, Document that certifies the quality in which he acts and the number of the identity document of the Holder.
• If it is a legal representative and/or proxy: Valid identity document, Document that proves the capacity of legal representative and/or proxy of the holder and the number of the Holder’s identity document.

If the consultation is incomplete, CCOINS will request the interested party to correct the faults within five (5) days following receipt of the claim. After two (2) months from the date of the request, without the applicant submitting the required information, it will be understood that the claim or request has been withdrawn.

The query will be answered within a maximum term of ten (10) business days counted from the filing date. When it is not possible to attend the query within said term, the reasons for the delay will be informed, and the date on which your query will be attended, which in no case may exceed five (5) business days following the expiration of the first term.

Can I request the revocation of the authorization and/or deletion of the data?

Every holder or successor in the title of Personal Data has the right to request CCOINS, the total or partial elimination of their Personal Data. For this, the procedure established in the previous point of this document will be followed.

The deletion of Data will operate and will be final as long as the same: (a) are not being treated following the provisions of current legislation, or (b) are no longer necessary for the purpose for which they were collected.

CCOINS may deny the deletion when: (a) The Owner has a legal and/or contractual duty to remain in the database; (b) The deletion of the data hinders judicial or administrative actions that are in progress.

Changes to the Privacy Policy

Any information of the User is regulated by the Privacy Policies of the application, for this reason, CCOINS reserves the right to modify them at any time, for which the User is recommended to visit the profile-privacy policies section frequently. In the event of any material change, CCOINS will endeavor to post a notice of such change.

Any changes in the Privacy Policy will take effect from the last update, and the continued use of the service by the User on the date of the latest revision will constitute acceptance of them. 

Validity

These Information Treatment Policies are effective as of YYYY-MM-DD and the Databases that contain the information of the Holders will be valid for 10 years, extendable for equal periods.

What if we have differences?

In the event of any dispute between the User and CCOINS concerning the Privacy Policies, the parties undertake to:

Bring the differences before the Arbitration Court of Colombia and accept that these courts are the competent ones when it comes to resolving the litigation of said demands. The laws of Colombia govern the Terms and Conditions, as well as any claim that may arise between the User and the Platform, regardless of the provisions on conflicts of laws.

What if I have questions or concerns?

If you have any questions (or comments) about the Privacy Policy, the User can contact the following email: support@ccoins.io.

Contact information

CCOINS is located at the following address, and the contact details are as follows, the foregoing to be notified of any judicial action or any kind.

Address: Calle 7 # 39 215 oficina 1009, 050022, Medellín, Antioquia, Colombia.

Mail: support@ccoins.io.

Last Updte: 2024-03-26