1.1. This Privacy and Personal Data Processing Policy (hereinafter referred to as the "Policy") establishes the procedures for the collection, processing, storage and protection of personal data of users of the website coincat.in.
1.2. The personal data controller is the service CoinCat (hereinafter referred to as the "Operator").
1.3. The User provides active consent to this Policy by checking the mandatory checkbox when submitting an Order on the Operator's website.
1.4. The following definitions are used in this Policy:
1.4.1. Personal data — any information relating directly or indirectly to an identified or identifiable natural person (the User).
1.4.2. Processing of personal data — any action (operation) or set of actions performed on personal data, including collection, recording, systematisation, accumulation, storage, clarification (updating, modification), use, transfer (provision, access), blocking and deletion.
1.4.3. Operator — a person who independently or jointly with other persons organises and/or carries out the processing of personal data.
1.4.4. User — a natural person using the Operator's services via the website coincat.in.
2.1. Contact data: email address, Telegram ID, and other contact information voluntarily provided by the User.
2.2. Order data: transaction amounts, payment details (to the extent entered by the User), transaction identifiers (TxID), cryptocurrency wallet addresses, correspondence with the support team.
2.3. Technical data: IP address, user agent, cookies, date and time of actions, anti-fraud metrics; type of action performed on the website (click, cursor hover, etc.); date of last visit and activity; screen resolution; User's device type; User's location; User's language; language of the operating system, device, and browser; device theme information (light or dark mode); CSS class of the HTML element being clicked.
2.4. KYC/SoF data: identity documents of the User; photographic image of the User as biometric personal data; proof of address; User's bank card details; statements, receipts, explanations, and other documents confirming the origin of funds.
3.1. Providing the website's functionality and proper fulfilment of the User's Order.
3.2. Conducting AML/KYC/SoF procedures, preventing fraudulent activities, and ensuring the security of Users and transactions.
3.3. Providing User support, handling complaints, and resolving disputes.
3.4. Fulfilling the Operator's obligations pursuant to requests from authorised governmental bodies where lawful grounds exist.
4.1. The User's consent to the processing of personal data.
4.2. The necessity of performing the user agreement (public offer) and providing services to the User.
4.3. The Operator's legitimate interests in ensuring security, preventing fraud, and complying with AML procedures.
5.1. The Operator may transfer the User's personal data to third parties solely to the extent necessary to achieve the purposes specified in this Policy, including:
- upon a lawful request from competent governmental authorities;
- to data processors under appropriate agreements (hosting providers, email and chat service providers, infrastructure contractors) — strictly to the extent necessary for the operation of the service;
- to AML analysers — to the extent of addresses, transaction identifiers (TxID), and technical parameters required for conducting checks.
5.2. The Operator does not sell access to Users' personal data and does not disclose such data to third parties except in the cases expressly provided for in clause 5.1 of this Policy.
6.1. Order data and activity logs: 36 months.
6.2. KYC/SoF materials: 5 years.
6.3. In the event of an unresolved claim or dispute, the retention period may be extended until the proceedings are fully completed.
6.4. Upon expiry of the established retention periods, personal data shall be destroyed.
7.1. Data transmission is carried out exclusively via secure communication channels (HTTPS/TLS).
7.2. KYC/SoF materials are accepted only through secure channels, forms, and the personal account (where available); access to such materials is restricted.
7.3. The Operator's employees are granted access to personal data on a role-based model and the principle of minimum necessity (need to know) — exclusively to the extent required for the proper performance of their duties.
7.4. Access to KYC/SoF materials and key personal data operations is logged.
7.5. Data storage protection measures are applied (including encryption and backup control where applicable), as well as the principle of data minimisation — only information necessary to achieve the stated processing purposes is collected.
7.6. The User is responsible for independently ensuring the security of their devices and accounts.
8.1. The User has the right to request information from the Operator about the personal data being processed, as well as to request correction, updating, clarification, or deletion thereof (provided there are no lawful grounds for continued retention).
8.2. Withdrawal of consent to the processing of personal data is possible by contacting the support team. However, the use of the service may be restricted where data processing is necessary for AML procedures, security purposes, or Order fulfilment.
9.1. For questions related to the processing of personal data, the User may contact the Operator at the following email address: support@coincat.in.