CoinCola Privacy Policy

Version 2.2, last updated: May 10, 2025

Welcome to CoinCola. The Privacy Policy stipulates the types of information of yours that we may collect through your log into this Website, your registration with this Website, and/or use the services we offer, as well as how we shall use and protect the information so collected. This section will assist you in understanding how we collect, use, store, disclose and protect personal information.

To protect your rights, please read the following thoroughly and contact us with any questions regarding our Privacy Policy.

For users registered on locally regulated exchanges within the European Economic Area and Switzerland, your data controller is MATRIXX SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ (a company incorporated under Polish law with registration number RDWW-950, located at Starodworska 1, 80-137 Gdańsk, Polska).

Your consent

Your consent to CoinCola’s processing and protecting your personal information according to the Privacy Policy is implied upon your use of the services of this website.

(a) You agree that CoinCola may process personal information provided by you and hereby consent to the transmittal of your personal data outside the European Economic Area.

(b) You hereby acknowledge and agree that CoinCola shall process personal information provided by you the purpose of performing our obligations under this Privacy Policy and for the purpose of administering the relationship between you and us. We may share your personal information with third parties in order to provide you with our services and improve our product and services in line with the applicable laws and our Privacy Policy. CoinCola will not disclose your personal information to any third party without your prior consent and/or without having a legal basis to do so.

(c) You agree that CoinCola may pass information about you which you have provided to CoinCola to other companies in CoinCola’s group and to external companies to help CoinCola to process and/or analyse it as part of the provision of services to you.

(d) In the event that you consented for the use of personal data by CoinCola for marketing and information management purposes, or to conduct market research for CoinCola then CoinCola may share these data with other companies in its group or with carefully selected external parties that may use the personal data to bring to the attention of the Client products and services that may be of interest to the Client and also to assist in the efficient provision of services.

Your rights

You have a right to:

(a) Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee. You can ask for your personal data by contacting privacy@coincola.com.
(b) Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you completed or corrected, though we may need to verify the accuracy of the new data you provide to us.
(c) Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
(d) Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which overrides your rights and freedoms.
(e) Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (i) if you want us to establish the data’s accuracy; (ii) where our use of the data is unlawful but you do not want us to erase it; (iii) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (iv) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
(f) Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
(g) Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

Data we collect and why we collect it

A. Required data

(a) Personal Identification Data

Such as name, mail address, phone number, country, full address, date of birth and other related biographical data. We collect this information in order to identify you in our systems for a variety of reasons including fraud protection, and certain financial regulations in various jurisdictions.

(b) Sensitive and Biometric Personal Data

CoinCola may also collect sensitive personal data when permitted by local law or with your consent, such as biometric information, for example to verify your identity by comparing the facial scan data extracted from your selfie or video with the photo in your government issued identity document.

(c) Device identifiers

Such as IP addresses, cookies for user device authentication and other similar device identifiers. This information is collected to identify you in our systems for a variety of reasons including fraud protection, and certain financial regulations in various jurisdictions. This information also helps keep your account secure, so we can keep a track of where your account has been accessed from. Logging your IP address also allows CoinCola to offer you the best experience possible by determining your location for offer matching.

(d) CoinCola account details

Such as username, user profile Information in the “Bio” section, profile picture, joined date, default currency, time zone, default language and other related account details, to ensure you have the best experience possible on our platform. This information also allows other users to interact with you in easier ways.

(e) CoinCola account activity

Such as trade chat messages, trade chat attachments, trade activity, transaction history, affiliate name, affiliate ID, affiliate link, affiliate transactions, offers created, offer terms, trade instructions, account notifications, and other related account activities. This information is collected to provide you with improved user experience, as well as feedback for you, your account activity helps other users interact with you on CoinCola easier. We also store this data in order to analyse transactions that may be in a dispute or other inquiry.

B. Other data we may require

(f) KYC documents

Such as ID, proof of address, selfie with ID, video and other related KYC Documents. These documents are uploaded by customers who wish to verify their identity on the CoinCola platform. This identity verification process allows you to have higher trade limits, and to have more access to offers on the platform.

All the aforementioned general categories of data may contain data that by itself does not identify you and is therefore not deemed as personal data.

How We Use Your Personal Data

Our primary purpose in collecting personal data is to provide our services in a secure, efficient, and smooth way. We generally use your personal data to deliver, provide, operate, our services, and for content and advertising, and for loss prevention and anti-fraud purposes. Below you’ll find an explanation on how we use Automated individual decision-making, including profiling.

Why does CoinCola process my Personal Data?	Legal Basis for our use of personal data (EEA and Switzerland EU GDPR)
To provide customer services We process your personal data when you contact us in order to provide support with respect to questions, disputes, complaints, troubleshoot problems, etc.	Processing is necessary for the performance of a contract of which you are a party.
To verify your identity We are generally required to collect various pieces of personal information to properly identify or verify your identity and comply with other specific anti-money laundering ("AML") or sanctions laws/regulations (e.g. funds transfer rules). The types of personal data collected will vary depending on the checks and identity verification needs in your location and the identity services selected by us. Our verification processes also involve electronic identification through the comparison of your 'selfie' against your provided verification information. Also, as part of our KYC obligations, we may share your personal data with third party identity verification service providers. The Category of Personal Data is Personal Identification Data, Institutional Information, Sensitive and Biometric information, Government Identifiers, Where relevant, PEP Information, Contact Information, Financial Information. If you do not provide personal information required by law, you may be unable to open an account, or we may have to close your account where it is already opened.	Processing is necessary for reasons of substantial public interest based on EU or EU Member State law. We are subject to EU Anti-Money Laundering Directives and the relevant EU Member States' law implementing them which require us to process for instance information from your ID documents including a photographic picture of you and a visual image of your face (the so-called "liveness check").
To ensure the accuracy of your personal data and where necessary, PEP information To promote safety, security, and integrity of our Services	Processing is necessary for the purpose of the legitimate interests pursued by us and the interests of our users when, for example, we detect and prevent fraud and abuse in order to protect the security of our users, ourselves, or others.
To provide marketing communications to you We use your information based on your consent to send you targeted marketing communications through email, mobile, in-app, and push notifications.	Where we carry out profiling for marketing purposes, for example to establish what Services or promotions you may be interested in, this processing is based on legitimate interest.

Children are not allowed to use CoinCola services.

CoinCola does not allow anyone under the age of 18 to use CoinCola Services and we do not knowingly request or collect any information about persons under the age of 18. If you are under the age of 18, please do not provide any personal information to CoinCola Services.

If a User or Customer submitting personal information is suspected of being younger than 18 years of age, CoinCola will require the relevant Customer or User to close his or her account, and will take steps to delete the individual’s information as soon as possible.

How We Share Your Facial Data

We share facial data only with the third-party Onfido.

Why We&Onfido Store Facial Data:

Our use of Onfido's services enables us to verify the identities of our users, ensuring a secure and efficient access to our services. Onfido processes facial biometric data for the following reasons:

1. To provide customer services: To confirm your identity by comparing the facial biometric data extracted from your submitted photo/video with that extracted from the photo in your identity document.
2. Authentication: To authenticate your access to our services by comparing facial biometric data from a reference image against that from a new photo/video submission.
3. Fraud Prevention: To analyze biometric data for signs of fraud, coercion, or social engineering, ensuring the integrity of our services.
4. Authenticity Evaluation: To verify the authenticity of images, videos, and identity documents submitted to us, including the detection of tampering or non-genuine submissions.
5. Service Improvement: To enhance and develop the services offered by Onfido, while adhering to applicable legal requirements.

Retention Period:

Our commitment to user privacy and data security guides our practices regarding the retention of facial biometric data. The facial biometric data collected is stored for a maximum period of three hundred and sixty (360) days following the submission of your face photos/videos or identity documents, in alignment with Onfido's privacy practices. This period is established to support necessary identity verification and fraud prevention processes while ensuring data is not retained longer than necessary.

We recognize the importance of not holding onto data indefinitely and, as such, have adopted practices that reflect this principle. Our retention period for facial biometric data is informed by a combination of factors including the specific needs of our identity verification services, the requirements of our clients, and the maximum retention periods defined by applicable laws and regulations.

We rely on our clients to inform us of their needs regarding the storage of the information we collect on their behalf. This allows us to tailor our data retention practices to the specific requirements of each client while adhering to legal and regulatory standards.

Users have the right to request the deletion of their information at any time. If you wish to make such a request, please direct it to us, the client who conducted your related check. We will coordinate with Onfido to ensure the prompt and secure deletion of your data in accordance with your wishes and applicable legal requirements.

Data Protection and Privacy:

Onfido and our company place a high priority on data privacy and security. Efforts to minimize data retention and ensure user privacy include pseudonymization, aggregation, and de-identification of data wherever possible. Our users' rights to privacy are paramount, and requests for data deletion should be directed to us, after which we will coordinate with Onfido to ensure compliance with such requests.

We store facial biometric data only for the durations necessary to fulfill the purposes outlined above, in alignment with our commitment to user privacy and data protection laws. For any concerns or requests related to your data, please refer to the "Your Rights" section of our privacy policy or contact our customer support team directly.

How Long We Hold This Data

CoinCola holds your account data indefinitely. This is because all account data is associated with financial transactions which may need to be referenced by government authorities. CoinCola never sells this data or shares this data. All data is stored in encrypted servers. When you close your account, we stop sharing your data with 3rd parties immediately.

International transfers of Personal Information

To facilitate our global operations, CoinCola may transfer your personal information outside of the European Economic Area ("EEA"), UK and Switzerland. The EEA includes the European Union countries as well as Iceland, Liechtenstein, and Norway. Transfers outside of the EEA are sometimes referred to as "third country transfers".

We may transfer your personal information to our Affiliates, third-party partners, and service providers based throughout the world. In cases where we intend to transfer personal information to third countries or international organisations outside of the EEA, CoinCola puts in place suitable technical, organizational and contractual safeguards (including Standard Contractual Clauses), to ensure that such transfer is carried out in compliance with applicable data protection rules.

We also rely on decisions from the European Commission where they recognise that certain countries and territories outside of the European Economic Area ensure an adequate level of protection for personal information. These decisions are referred to as "adequacy decisions".

Cookies Policy

(a) What are cookies?

Cookies are small pieces of text stored on your computer when you visit a website. They are not programs and cannot be executed as code or deliver viruses – instead cookies act more like a passport, which the site checks and updates whenever you visit.

Almost every site on the internet uses cookies and their functions include:

1. verifying your identity for security purposes
2. determining the type of browser and settings you are using
3. allowing site owners and third-party advertisers to tailor content to your preferences

Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.

(b) Our policy

CoinCola respects your privacy, and we are committed to providing you with the information and tools you need to manage your cookies.

There are two types of cookie on this site:

1. Essential cookies are necessary for the vital functions of our site and trading platform. If these are disabled, you won’t be able to access the platform or other important parts of the site
2. Behavioural/analytical cookies help us understand the way visitors and clients use our website, so we can provide a better service. We use the data from behavioural and analytical cookies to improve our site and provide individually tailored content. These cookies make it easier for you to find the information you need and allow us to adapt our site to suit your preferences. Some of the systems we use to track web traffic and site usage are provided by third-party companies such as Google.

On your desktop, laptop or tablet computer, you can choose how to accept cookies by changing the settings in your browser. For information on how to manage cookies on your mobile phone, you will need to refer to your handset manual.

For more information, you may wish to visit www.aboutcookies.org, which contains instructions on how to amend your cookie settings for a wide variety of browsers. You will also find details on how to delete existing cookies from your computer, as well as more general information about cookies.

If you have any specific questions or concerns about cookies, please contact privacy@coincola.com.

CoinCola is committed to keeping your personal information safe.

(c) Types of cookies on CoinCola Website

Session cookies save website ’session’ credentials for visitors both logged in and not logged in. Once the browser is closed, the cookie is deactivated – and the session closed.

Analytical cookies collect visitor information, such as the number of visits, how our website was found, where the visit came from, if via a marketing campaign etc. This information is extremely important to the business and helps us improve our website and further enhance our visitor experience.

Functional cookies are specifically about visitor experience on the website. For example they ‘remember’ the open/closed status of pop-up messages, what time zone or view state was set for the Economic Calendar, enabling access to information stored when registered with CoinCola and so on. Without these functional cookies, no settings information can be saved.

Third Party cookies are set by other websites who place cookies on the user’s computer. The "3rd party" cookies are placed when you are logged into their service and CoinCola does not control the dissemination of these cookies. These cookies are session, analytical, and functional; they determine if the user is logged into a social network already, control bookmarking or sharing CoinCola content. Other third parties should be contacted directly to view their cookie privacy information.

Cookies Table

Name	Cookie Type	Life Time	Description
coincola_session	1st Party	1 day	Browser Session Tracking
lang	1st Party	1 year	Website Preference
language	1st Party	1 year	Website Preference
sajssdk_2015_cross_new_user	1st Party	< 1 day	Sensors Data Analytics
sensorsdata2015jssdkcross	1st Party	200 years	Sensors Data Analytics
sensorsdata2015session	1st Party	session	Sensors Data Analytics
__cfduid	1st Party	1 year	Cloudflare User Identifier
__zlcid, __zlcmid, __zlcstore	1st Party	1 year	Zendesk Chat Functionality For Customer / Sales
_ga	1st Party	2 years	Google Analytics unique user
_gid	1st Party	1 day	Google Analytics unique user
_gat	1st Party	1 minute	Google Analytics For Request Rate Limitation
access_token	1st Party	49 years	Site User Identifier
login_status	1st Party	49 years	Site User Identifier
username	1st Party	49years	Site User Identifier
ad_history_country_code	1st Party	1 day	Website Preference
ad_history_currency	1st Party	1 day	Website Preference
ad_history_payment_provider	1st Party	1 day	Website Preference

Protection of personal data

(a) We adopt appropriate electronic, management and technical measures so as to protect and safeguard the security of your personal data. We will, to the greatest extent possible, ensure that any personal data collected through our Website shall be free from being subject to nuisance by any third party unrelated to us. The security measures that we may take include but are not limited to:

- Electronic measures: The computer data that contain your personal information will be stored in computer systems and storage medias that are subject to strict login restrictions.

- Management measures: only staff members duly authorized by us can access your personal data, and these staff members shall comply with our internal code concerning personal data confidentiality.

- Technical measures: such encryption techniques as Secure Socket Layer Encryption may be used to convey your personal data.

- Other measures: our network servers are protected by proper 'firewall '.

(b) If you are aware of any security flaws in our Website, please contact us immediately so that we can take appropriate action as soon as possible.
(c) Despite of the above-mentioned technical and security measures, we cannot guarantee that the information transmitted via the Internet is absolutely safe, so we cannot absolutely guarantee that the personal data that you provide to us through our Website will be safe at any time. We will not be held liable for any loss or damage arising from or caused by any event that may occur in connection with unauthorized access to your personal data, and we shall not be held liable for compensation for such loss or damage.

Questions and concerns

If you have any questions about this Privacy Policy or the use of your Personal Data, please contact our Data Privacy Officer by sending an email to privacy@coincola.com with the subject “PRIVACY REQUEST”.

Modifications to the Privacy Policy

Any changes we may make to our Privacy Policy in the future will be posted on this page and when appropriate we will notify you by email.