- INTRODUCTIONDigital Assets d.o.o. (hereinafter: Digital Assets, we, us, ours) would like to thank you for visiting our website, as well as for your interest in our company and services. The protection of your personal data is important to us and we want you to feel comfortable when visiting our website.
In this section, we would like to inform you on which data we collect, process, and how this data is used, while being compliant with the Personal Data Protection Act and other conditions.
If our website contains links that lead you to the websites of other service providers, our rules on the protection of privacy shall not apply.
- DATA CONTROLLER AND DATA PROTECTION OFFICER OF THE BITCOIN STORE USERSData controller: Digital Assets d.o.o. Hrvatske mornarice 1/C, 21000 Split, Croatia PIN: 37096783668, Reg. No.: 060297216 Contact: +385 21 280 773 Email address: email@example.com
Data Protection Officer: Contact: +385 21 280 773 Email address: firstname.lastname@example.org
- COLLECTION AND PROCESSING OF PERSONAL DATA OF USERSDigital Assets collects and processes the personal data of the users of the Platform primarily for the purposes of providing better services within the scope of its business activities.
Further to the General Data Protection Regulation (GDPR)(EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter: “General Regulation”), we have aligned our business in order to provide all users with adequate protection of personal data and to be fully transparent with regards to how such data are being used.
Digital Assets protects the privacy and security of collected data and ensures their confidentiality. The protection of the privacy of your personal data is permanent, and you can exercise your rights at any time, which are listed below and explained in more detail.
- DEFINED PURPOSE AND LEGAL BASISDigital Assets collects personal data for the purposes of its business activities, and when the purpose is legitimate.
The processing of personal data is legitimate only if and to the extent that at least one of the following conditions is met:
- the user has given their explicit consent to the processing of their personal data,
- processing is necessary in order to take action at the request of the user prior to concluding the contract or in order to execute the contract,
- processing is necessary in order to meet the legal obligations of Digital Assets,
- processing is necessary in order to protect the fundamental interests of users,
- processing is necessary in order to perform a task of public interest,
- processing is necessary for the legitimate interests of Digital Assets.
- DISCLOSURE OF PERSONAL DATA TO THIRD PARTIESAll Digital Assets employees have permission to access your personal data and treat such data as highly confidential, and undertake to preserve personal data by signing a confidentiality statement.
Digital Assets will not forward the collected data to third parties without your explicit consent, except in cases in which the data is necessary for the performance of our legal obligations, in cases in which such an action is necessary to perform tasks of public interest, or in cases in which the user has published such data themselves, as well as in other cases prescribed by law.
Which third parties have access to your personal dataAs part of our business activities, we receive services from specific service providers and we provide them with limited and strictly monitored access to some of our data. Before we forward your personal data, each service provider is individually audited. Only if the service provider can prove an adequate level of data protection will it be shortlisted and conclude a Data Processing Agreement with us.
Which countries we transfer your data toWe process your data exclusively within the European Union (EU) and the European Economic Area (EEA). However, some of our service providers are located outside the EU and the EEA.
The General Regulation set strict conditions for the transfer of personal data to third countries. The providers outside the EU/EEA must meet additional requirements.
- STORAGE OF PERSONAL DATADigital Assets processes your personal data for a period of time until the purpose of the data processing is fulfilled.
The data are deleted upon the termination of the purpose for which they were collected, at the latest after the expiration of all legal regulations by which we are required to store personal data.
We are obliged to store transaction data in accordance with the legal retention periods, so please note that the right to their deletion is legally limited.
- YOUR RIGHTSIn order to exercise their rights, the user shall contact the personal data protection officer by sending a written notice or request: by email to the following address:
- by email to the following address: email@example.com, or
- by post to the following address: Digital Assets d.o.o., Hrvatske mornarice 1/C, 21000 Split, Croatia
We shall respond to the request without undue delay and, in any event, within one month from the day of receipt of the request. Response time may be extended for complex or multiple requests, and the user shall be notified of such extension. We do not charge any fees for processing the request.
If the request is rejected, we shall inform the user of the reasons for such a decision, as well as of the right to file a complaint to the competent Croatian or EU body for personal data protection. In the Republic of Croatia the competent authority is AZOP – Croatian Personal Data Protection Agency (https://azop.hr/), and in the EU the competent authority is the European Data Protection Supervisor (https://edps.europa.eu/_en).
Your rights are as follows:
- Right to be informed and right of access – you may, at any time, request and receive confirmation on whether your personal data is processed and, if so, you have the right to access your personal data, as well as information related to the purpose and categories of processing, retention period, or disclosure to third parties,
- Right to rectification – the right to request a modification, correction of inaccurate personal data or supplementation of personal data upon submission of appropriate documentation confirming the modification,
- Right to be forgotten – the right to request the deletion of your personal data if they are no longer necessary in relation to the purposes for which they have been collected or otherwise processed. Data shall be deleted within thirty days. Transaction data remain stored in accordance with legal obligations,
- Right to data portability – the right to receive and transfer personal data to another data controller if this is technically feasible, and this right must not have a negative impact on the rights and freedoms of others,
- Right to object – the right to withdraw the given consent or objection to the processing of personal data,
- Right to withdraw consent – the right of the user to withdraw at any time the consent given to Digital Assets that does not affect the legitimacy of the data processing that has been carried out prior to the withdrawal of consent,
- The right not to be subject to solely automated decisions – the user has the right not to be subject to a decision based primarily on automated processing,
- Right to restriction of processing – the right to challenge the accuracy of your personal data for the period necessary for Digital Assets to verify said accuracy.
- SECURITY MEASURES FOR THE PROTECTION OF PERSONAL DATAYou can read about security measures for the protection of personal data in the General Terms and Conditions of the Bitcoin Store.
Please check for changes whenever you access our Platform.
The amended Policy shall take effect immediately upon its publication on the Platform, and implies that the user confirms that they have read, understood and accepted all items of the amended Policy.