Customer privacy and data protection are one of the core business principles of Digital Assets d.o.o. (hereinafter: we, our(s), Company).
Digital Assets d.o.o.
Hrvatske mornarice 1/C, 21000 Split, Croatia
VAT: 37096783668, Company reg. number: 060297216
Contact number: +385 21 280 773
E-mail address: firstname.lastname@example.org
COLLECTION OF CUSTOMER INFORMATION
The Company collects Customer data depending on the type of service it provides to the Customer.
Customer data is collected when visiting and using the Platform, performing the Services provided by the Company through the Platform and Branches, establishing and maintaining a business relationship, through the communication channels and video surveillance systems, when participating in awards program, and when performing other tasks for which the Company is authorized.
The data collected include:
- Geographical location and IP address by which the Customer accesses Bitcoin Store Platform
- Identification data
- Contact data
- Socio-demographic data
- Publicly available data
- Transaction data
- Financial data
- Contract data
- Service data
- Data communication
- Other data based on the use of the Services
- Other data that was obtained with the consent of the Customer.
The Company, as data controller, protects the privacy and Customer data in accordance with the General Data Protection Regulation (EU) 2016/679.
PURPOSE OF CUSTOMER DATA COLLECTION AND PROCESSING
The Company collects and processes data for the purposes of performing Company business and when the purpose is required by law. Processing shall be lawful only if at least one of the following applies:
- The customer has given consent to the processing of their personal data
- Processing is necessary for the performance of a Contract or in order to take steps at the request of the Customer prior to entering into a Contract
- Processing is necessary for compliance with legal obligations to which the Company is subject
- Processing is necessary in order to protect the vital interests of the Customer
- Processing is necessary for the performance of a task carried out in the public interest
- Processing is necessary for the purposes of the legitimate interests pursued by the Company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Customer which require protection of personal data
STORAGE OF PERSONAL DATA
Customer personal data will be deleted and will not be further processed if they are no longer needed considering the purpose for which they were collected, at the latest after the expiry of the legal deadlines that oblige the Company to keep the Customer data.
Transaction data needs to be stored in accordance with the legal retention periods, so the right to their deletion is legally limited.
Depending on the purpose of data processing, in certain cases, the Company may keep the Customer data longer or shorter than the previously stated retention periods.
DATA TRANSFER TO THIRD PARTIES
The Company does not share Customer data with third parties, except in a case when the data transfer is required for providing the Services to the Customer.
Before we conclude the agreement with the third party, each service provider and business partner are individually audited. We require those third parties to abide by certain terms to protect all data which is processed by them.
Data are transferred to servers located within the European Union (EU) and the European Economic Area (EEA). However, some of our service providers are located outside the EU and the EEA. In this case, the Company makes sure that the third party has adequate data protection, in accordance with GDPR.
The Customer has anytime the right on:
- INFORMATION AND ACCESS – may request confirmation regarding the collection, processing, retention period and transfer of data to the third parties, as well as request to access personal data
- RECTIFICATION – the right to request the rectification of personal data if data are incorrect, incomplete and up to date, with the submission of appropriate documentation confirming the change
- ERASURE – the right to request the Company to erase your personal data if they no longer meet certain obligations for which they have been collected or otherwise processed
- TRANSMISSION OF DATA – the right to receive and transfer personal data to another data controller if this is technically feasible, and this right must not have a negative impact on the rights and freedoms of others
- COMPLAINT – the right to withdraw the given consent or objection to the processing of personal data
- WITHDRAW CONSENT – the right to withdraw the consent given to the Company, which does not affect the legitimacy of the data process
- RIGHT RELATED TO AUTOMATIC DECISION MAKING AND PROFILING - the right not to be affected by a decision based primarily on automated processing
- LIMITATION OF PROCESSING - the right to challenge the accuracy of the data, for the period necessary for the Company to verify that accuracy
In order to exercise its rights, the Customer may contact the Company by sending a written notice or request:
- to the e-mail address email@example.com or
- by sending a request via letter to the Company address:
Digital Assets d.o.o., Hrvatske mornarice 1 / C, 21000 Split, Croatia
Note: If the request is sent via e-mail, it is mandatory to use the same e-mail address that is registered in the Customer Profile.
The Company shall respond to the request within 30 days from the day of receipt of the request. In the case of complex or multiple requests, the response time may be extended, and the Customer will be notified. There is no processing fee for those requests.
If the request is rejected, the Customer will be informed of the reasons and the right to complain to the competent Croatian or EU body for personal data protection. In the Republic of Croatia, the competent authority is AZOP - Agency for Personal Data Protection , and in the EU, European Data Protection Supervisor.
DATA PROCESSING SECURITY
The Company implements appropriate technical and organizational measures, along with limit access to Customer data, in order to ensure the effective implementation of data protection principles and the rights of the Customer.
Technical and organizational measures ensure that the collected data of the Customer are encrypted, confidential and protected in case of a physical or technical incident. Measures include regular testing, risk assessment, and the effectiveness of measures to ensure data security.
Limit access to data ensure that data processing and availability are not automated, but that data is available to a limited number of employees. The data is protected from intentional and unauthorized deletion of data, and data protection measures include the obligation of confidentiality, which is valid even after termination of employment.
AMENDMENTS TO THE POLICY
The Company reserves the right to change any part of the Policy, anytime.
Amended Policy shall enter into force upon publication on the Platform and considers that the Customer have read, understood, and agreed to the rules set out therein.
This amended Policy enters into force on 25th October 2022. and replaces the Policy applied before the mentioned date.