Privacy Notice

Last Updated: July 2024

  1. Scope and updates of the Privacy Notice

In our Privacy Notice, Coin Stats, Inc. (CoinStats, we, us, our) has compiled all the essential information about our handling of your personal data and your corresponding rights.

Through our website (the " Site") and mobile application (the " App"), we track your cryptocurrency portfolio’s performance and help calculate related capital gains and losses (the " Service").

This Privacy Notice applies to your use of the Site, the App and the Service (collectively, the Services) provided by CoinStats or its affiliates (CoinStats and the companies CoinStats directly or indirectly controls are referred to as "CoinStats Affiliates").

We may change this Privacy Notice at any time by posting the revised Privacy Notice on the Site and indicating the effective date of the revised Privacy Notice. You will be notified of any material changes to this Privacy Notice via email or other support channels.

Before using the Service or submitting any personal information to CoinStats, please review this Privacy Notice carefully and contact us if you have any questions. By using the Services, you agree to the practices described in this Privacy Notice. If you do not agree to this Privacy Notice, please do not access the Site or otherwise use the Services. This Privacy Notice is incorporated into and forms part of our Terms of Use.

  1. Controller and Data Protection Officer

Which CoinStats Affiliate is responsible for the collection and processing of your personal data in connection with the provision of the Services depends on the region in which you reside. Your region of residence is determined based on your location:

We have appointed representatives for data protection in several countries to oversee the protection of your personal data. Furthermore, if you have any questions or complaints regarding this Privacy Notice, our global data protection or our handling of personal data, you can contact the CoinStats Privacy Controller who is responsible for the processing of your personal data at any time. This applies regardless of whether we have appointed a representative officer in your country.

  1. Personal Information we collect and process

We collect your personal data when you use our Services, provide us with information via a web form, add or update information in your CoinStats account or otherwise interact with us. We also collect personal data from other sources (such as other CoinStats Affiliates and data providers).

We collect the following personal data:

3.1 Personal data you provide when using our Services

3.2 Personal Data we collect automatically when you use our Services

3.3 Personal data we collect in connection with the use of cookies and similar activities

3.4 Personal Information from Third Parties:

  1. Purposes and legal basis for data processing and categories of recipients

We process your personal data for various purposes and based on several different legal bases that allow this processing. For example, we process your personal data to provide and improve our Services, to provide you with a personalized user experience on the Site, to contact you about your CoinStats account and our Services, to provide customer service, to detect, prevent, mitigate and investigate fraudulent or illegal activity. We also share your information with third parties, including service providers acting on our behalf, for these purposes. In addition, we may share your personal data among CoinStats Affiliates.

4.1 We process your personal data to fulfill our contract with you and to provide you with our Services. This includes the following purposes:

We do not sell, rent, license, or lease your personal information to third parties. However, where necessary, we transfer your personal data to processors and the following recipients for one or more purposes described above:

4.2 We process your personal data to comply with legal obligations to which we are subject. This includes the following purposes:

We do not sell, rent, license, or lease your personal information to third parties. However, where necessary, we transmit your personal data to processors and the following recipients for one or several of the purposes described above:

4.3 We process your personal data to protect your vital interests or the vital interests of another natural person. This includes the following purpose:

Prevention, detection, mitigation and investigation of unlawful activities that may result in impairment of your vital interests or the vital interests of another natural person, unless there is a statutory obligation to this effect.

We do not sell, rent, license, or lease your personal information to third parties. However, where necessary, we transmit your personal data to processors and the following recipients for one or several of the purposes described above:

4.4 We process your personal data where necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms. On this basis, we process your data for the following purposes:

We do not sell, rent, license, or lease your personal information to third parties. However, where necessary, we transmit your personal data to processors and the following recipients for one or several of the purposes described above:

4.5 With your consent, we process your personal data for the following purposes:

We do not sell, rent, license, or lease your personal information to third parties. However, where necessary, we transmit your personal data to processors and the following recipients for one or several of the purposes described above:

Regarding direct marketing, note that you have the right to object at any time to the processing of your personal data for direct marketing purposes. This right is absolute, which means we will stop processing your personal data for direct marketing as soon as we receive your objection. You can exercise this right by:

Upon receiving your objection, we will promptly cease using your personal data for direct marketing purposes. However, please note that you may still receive transactional or service-related communications from us that are necessary for the operation of your account or fulfillment of our services.

  1. Personal Data retention and Deletion

We and our service providers will store your personal data in compliance with applicable data protection laws. We will retain your data only for as long as necessary to fulfill the purposes outlined in this Privacy Notice. Our retention practices are as follows:

We are committed to protecting your privacy rights and handling your personal data responsibly throughout its lifecycle in our systems.

  1. Your right as data subject

As a CoinStats user, you have several rights under data protection law, subject to any limitations imposed by national legislation:

Regarding the withdrawal of your consent, please note that you have the right to withdraw your consent for the processing of your personal data at any time, where we rely on consent as the legal basis for processing.

Withdrawing your consent is as simple and straightforward as giving it.

You can withdraw your consent by:

Please note that withdrawing your consent:

We will process your request to withdraw consent promptly, and in any case within one month of receiving it. After processing your withdrawal request, we will cease processing the relevant personal data unless we have another lawful basis for doing so.

If you're dissatisfied with how we've handled your data, you have the right to file a complaint with a data protection supervisory authority.

To exercise any of these rights or if you have questions, please contact us using the information provided in our Privacy Notice.

  1. Cross-border data transfer

We may share your personal information with recipients located in countries other than your own. These countries may have different data protection laws than those in your jurisdiction. When we transfer your data internationally, we implement appropriate safeguards to ensure its protection.

More Details on International Data Transfers:

Transfers within CoinStats Affiliates: We transfer data between CoinStats affiliated companies based on our global data protection principles. These are internally binding regulations that commit all CoinStats Affiliates to protect your data and comply with data protection obligations.

In particular, CoinStats complies with the EU-U.S. and Swiss–U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the EU to the U.S.

Other International Transfers: We may transfer your data to recipients worldwide. When transferring data from the European Economic Area (EEA), UK, or Switzerland to countries outside the EEA, we ensure appropriate safeguards are in place or that the transfer is otherwise permitted by law.

Some countries are recognized by the European Commission as providing adequate data protection. These currently include Andorra, Argentina, Canada (for certain organizations), Switzerland (for transfers from the EEA), Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, South Korea, UK, USA (under the Data Privacy Framework), and Uruguay.

For other countries, we implement necessary safeguards, such as using standard contractual clauses (2021/914/EU) adopted by the European Commission, or other legally approved measures.

We continually reassess these measures to ensure compliance with new regulations and legal precedents.

  1. Security Measures

We take the security of your personal information seriously and have implemented a range of technical and organizational safeguards to protect it. Our goal is to minimize risks such as data loss, misuse, unauthorized access, disclosure, and alteration. Here's how we protect your data:

While no system is completely impenetrable, these measures significantly enhance the protection of your personal information. We remain vigilant and committed to safeguarding your data throughout its lifecycle within our systems. You use the Services at your own risk.

  1. Data Breach notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay, and no later than 72 hours after becoming aware of the breach. This notification will include:

We will provide this notification directly to you via email, unless doing so would involve disproportionate effort. In such cases, we will make a public communication or use a similar measure to ensure you are informed in an equally effective manner. If the breach is unlikely to result in a risk to your rights and freedoms, we may not notify you directly, but we will document the breach internally and inform the relevant supervisory authority as required by law. We maintain and regularly update our data breach response plan to ensure swift and effective action in case of any security incidents involving your personal data.

  1. Contact us

If you have any questions about our Privacy Notice or information practices, please feel free to contact us.