SHB AUS Pty Ltd is a company incorporated in Australia, with our joint marketing partner CoinClan OU incorporated in Estonia(together referred to as CoinSonic).
Your privacy is very important to us. We are committed to protecting the privacy, confidentiality and security of the personal data we hold by complying with the requirements under applicable laws and regulations. We are equally committed to ensuring that all our employees, service providers and agents uphold these obligations. This policy explains how we manage personal data within our organisation, including how we process the personal data of the users who use our services or interact with our website - coinclan.io (CoinClan Services)
- if you have provided personal data to us relating to any other person, you:
- have a right to provide that information;
- each such person has agreed to those terms.
How we collect personal data
We collect personal data about you in the following ways:
- you provide us your personal data yourself (e.g. by using CoinClan Services, on the websites we trade on; by submitting a query, a request or an (job) application to us; by responding to our surveys; by using our products and services).
- your personal data is provided to us by third parties who are entitled to disclose that information to us.
- we collect your data from public sources (e.g. by examination of public blockchains; from public registries; from your public social media profile)
- we collect your personal data by automatic means (e.g. tracking your use of our websites and mobile applications).
In some cases, we may be required by law to collect certain types of personal data about you.
Where we collect personal data from you, we will generally do so ourselves. However, in some cases we may collect personal data from a third party, such as through your representatives, contractors who provide services to us, or third parties who refer you to us because they think you may be interested in our products or services.
Kind of personal data we collect and purposes and legal basis for the processing of personal data
We process your personal data on the following legal bases and for the following purposes:
- Processing on the basis of the performance of the contract between us. We mainly process your personal data to provide our products and services to you on the basis of the agreement we have concluded with you. This also includes providing customer support and contacting you otherwise as regards the Website or our products and services and taking steps prior to entering into an agreement with you For the foregoing, we process the personal data including the following:
- Personal identification information (e.g. full name [first, any middle and second first and second last and last], date of birth, gender, ID documentation, passport numbers, Non-Signature IDs, utility bills, nationality, signature, photographs, employer, job title and tax ID number);
- contact details (e.g. e-mail address, phone number, home and work address);
- financial information (e.g. credit and debit card numbers, PANs, IBANs, bank account numbers and details, sort codes and other payment details, payslips);
- communication data (e.g. records of our communications with you, including any messages you send us);
- blockchain-related information when applicable (e.g. blockchain identifiers, such as blockchain addresses and public keys);
- transaction information (e.g. transactions you make on our platform, including the name of the recipient, the amount of the transaction and the time stamp);
- online identifiers (e.g. geolocation, IP address, browser fingerprint, browser name and version and OS); and
- other information that may be present on documentation that we may ask you to provide for the purposes of proving your identity.
- Without this information, we may not be able to provide you with our products or services (or with all the features and functionality offered by our products or services) or to respond to queries or requests that you submit to us.
- Processing on the basis based on our legal obligation. We may also process your personal data to fulfill our obligations arising from the law, our AML and CTF obligations (e.g. properly identifying you, monitoring your use of our website, products and services, and transmitting data to supervisory authorities).
- Processing based on our legitimate interest. We process the data received from your use of the CoinClan Services to improve the user experience in using the website and the products and services. Improving our website, products and services includes carrying out market analysis and research, education and training programs for our staff and planning and forecasting business activities and other internal business processes. The legal basis for this is our legitimate business interest to improve the CoinClan Services and the user experience and our business as a result thereof. Considering the nature of the data and that we use the data in an aggregated manner, your interests or fundamental rights and freedoms do not override our legitimate interest.
- We may also process your personal data to safeguard our rights (e.g. establishing, exercising and defending legal claims, debt collection). The legal basis for this is our legitimate interest to protect our legal rights and ensure the performance of the agreement concluded between us. In such case, your interests or fundamental rights and freedoms do not override our legitimate interests.
- To the extent required by applicable data protection regulation, you have the right to object to the processing of your personal data which is based on legitimate interest (see also section “Your rights” below).
- Processing on the basis of your consent. We may also process your personal data based on your consent (e.g. for direct marketing purposes, including sending you our newsletter). When processing is based on consent, you can withdraw your consent at any time by clicking on the ‘unsubscribe’ link at the end of each e-mail. Please note that withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal. For specifications about how we use your personal data for direct marketing purposes, please see section “Direct marketing” below.
Direct marketing and profiling for marketing purposes
If you have given us your consent to provide you with materials about our and our partner's products or services, from time to time we may use your personal data for direct marketing purposes. We send you materials and offerings that, in our opinion, would be of interest of you. You can opt-out of receiving marketing communications from us any time by clicking on the ‘unsubscribe’ link at the bottom of each e-mail or contacting us at firstname.lastname@example.org.
In order to find out which offerings would interest you, we draw up your profile based on the following information:
- identifying information, such as your name and date of birth
- contact information, such as your postal address and email address
- products and services portfolio information and demographic data held by us from time to time
We may use your personal data to market the following products and/or services to you:
- creating, purchasing and/or trading digital assets;
- software and hardware wallets for holding digital assets; and
- other products or services related to digital assets
People to whom we disclose personal data
We only share your personal data when we have a valid reason for it and when we are legally permitted to do so.
- Data processors. We use carefully selected service providers (data processors) in processing your personal data. We only use service providers that provide sufficient guarantees to implement appropriate technical and organizational security measures to protect your personal data. We have concluded appropriate data processing agreements with the service providers and shall remain responsible for their actions in respect of the processing of your personal data.
- The data processors we use include the following: e-mail service providers, website analytics service providers, liquidity providers and data hosting service providers. Should you require more detailed information as regards the data processors we use (e.g. their names and location) please contact us via the contact details below.
- Third parties. In some circumstances, we also share your personal data with third parties who act as independent data controllers as regards your personal data. We only share your personal data with third parties if stipulated herein, if required under the applicable law (e.g. when we are obliged to share personal data with the authorities), or with your consent.
- We also may need to share your personal data with third persons in relation to our need to protect our legal rights (e.g. attorneys and debt collection agencies). The legal basis for this is our legitimate interest to protect our legal rights and ensure the performance of the agreement. In such case, your interests or fundamental rights and freedoms do not override our legitimate interests.
- We may disclose your personal data to an acquirer, successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets. The legal basis for this is our legitimate interest to exercise our right to business. In such case, we make sure that your rights and conditions as a data subject shall not be decreased, in which case your interests or fundamental rights and freedoms do not override our legitimate interests.
- Additionally, we may share your personal data with other third persons in order to fulfil our legal obligations (e.g. auditors, authorities). The legal basis for such sharing is compliance with our legal obligations.
- Furthermore, we will share your data with your representatives, advisers and others you have authorised to interact with us on your behalf. Please note, that we consider such authorisation as your consent and therefore your request for such an activity must be present to us in a written form.
- We will never sell your personal data to any third party.
We take the appropriate technical and organisational security measures in protecting your personal data, taking into account (i) the state of the art, (ii) costs of implementation, (iii) nature, scope context and purposes of the processing, and (iv) risks posed to you.
Retention of personal data
We retain your personal data for as long as is necessary for the purposes they were collected for, as long as necessary to safeguard our rights, or as long as required by the applicable law. We may retain your personal data for a number of years after the end of our relationship if it is necessary to safeguard our rights or required under the applicable law. If your personal data is being processed for several different purposes, the longest retention period shall apply.
In general, we store your personal data as follows:
- information on legal transactions between us is retained for as long the agreement between us is valid and for a period of 10 years as of when a claim falls due unless otherwise provided by law, asking you occasionally to update your personal data;
- billing information is retained for 7 years as of the end of the financial year in which the information was provided to us;
- all other data is retained for 5 years.
Access, correction and your other rights
To the extent required by applicable data protection regulations, you have all the rights of a data subject as regards your personal data. Such rights include the following:
- request access to your personal data;
- obtain a copy of your personal data;
- rectify inaccurate or incomplete personal data;
- erase personal data;
- restrict the processing of personal data;
- portability of personal data;
- object to processing of personal data which is based on legitimate interest and personal data which is processed for direct marketing purposes.
Please note that your rights as a data subject are not absolute and are subject to such considerations as allowed under the applicable law.
In order to exercise your rights, please contact us on the contact details below. Please note that you can exercise some rights (e.g. review and update your personal data) already by logging into your account. To protect the integrity and security of the information we hold, we may ask that you follow a defined access procedure, which may include steps to verify your identity. In certain cases, provided it is allowed under the applicable law, we may charge you an administration fee for providing you with access to the information you have asked for, but we will inform you of this before proceeding. There may be cases where we are unable to provide the information you request, such as where it would interfere with the privacy of others or result in a breach of confidentiality. In these cases we will let you know why we cannot comply with your request.
We try to meet the highest standards in order to protect your privacy. However, if you are concerned about the way in which we are managing your personal data and think we may have breached any applicable privacy laws, or any other relevant obligation, please contact our privacy compliance team using the contact details set out below. We will make a record of your complaint and refer it to our internal complaint resolution department for further investigation. We will deal with the matter as soon as we can, and keep you informed of the progress of our investigation.
In addition to the foregoing, you also have the right to lodge a complaint with the Estonian data protection authority (Estonian Data Protection Inspectorate) or the court.
Changes to this policy
We may make changes to this policy from time to time to take into account changes to our standard practices and procedures or where necessary to comply with applicable new laws, regulations, case-law and guidelines issued by competent authorities. Should the changes be material to you, we will notify you by e-mail and pop-up on the website. The latest version of this policy will always be available on our website.
If you are a data subject in the European Union or the processing of your personal data takes place in the context of an agreement you have concluded with CoinClan OÜ of Estonia, the processing of your personal data shall be governed by the laws of the Republic of Estonia.
If you want any further information from us on privacy matters or you would like to exercise your rights as a data subject, please contact our privacy compliance team at email@example.com