Privacy policy

Last update: 27th of October 2023

General

CEX.IO (hereinafter, "CEX.IO", "we", "us" or "our") is committed to protecting and respecting the privacy of our Users (hereinafter, "User(s)", "you", "customer").

This Privacy Policy applies to Users served by CEX.IO EU VASP, UAB (Lithuania) and CEX OVRS LLC (St. Kitts and Nevis). For more information about these entities, including which entity provides services to you please see our Terms of Use.

Our Privacy Policy for residents of the United States is available here.

If you are a California resident, you can learn more about how we use your information and your privacy rights by reviewing our California Privacy Notice.

By agreeing to this Privacy Policy and the Terms of Use you are entering into an electronic agreement between you and a specific CEX.IO entity. This Privacy Policy (together with our Terms of Use) describes our policies and procedures on the collection, use, and disclosure of personal information we collect when you use CEX.IO’s website, any and all services, products, and content, and tells you about your privacy rights and how the law protects you.

We adhere to the standards outlined in this Privacy Policy, ensuring we collect and process personal information lawfully, fairly, transparently, and with legitimate, legal reasons for doing so.

The purpose of this Privacy Policy is to inform you of:

1. Interpretation and Definitions
2. Who we are
3. Collecting and Using Your Personal Information
4. Your rights in relation to your Personal Data
5. Exercising of your Data Protection Rights
6. Retention of Personal Information
7. Disposal of Personal Information
8. Tracking technologies and Cookies
9. Disclosure of Personal Information
10. International Data Transfers
11. Third-Party Sites and Resources Disclaimer
12. Marketing Data Processing, Advertising and Social Media Fan Pages
13. Security of Your Personal Data
14. Security measures for processing payment card details
15. Fraud, Phishing and Email Scams Disclaimer
16. Changes to this Privacy Policy
17. Contact us

1. Interpretation and Definitions

1.1. Interpretation The words of which the initial letter is capitalised have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

1.2. Definitions For the purposes of this Privacy Policy:

• Account: means an account registered by the User on the Platform.
• CEX.IO affiliates: subsidiaries, parent companies, and companies under common control.
• Personal Information (Personal Data): any information which identifies you personally or which may help us to identify you (e.g. your name, address, e-mail address, trades etc.).
• Data Subject: an identified or identifiable person (User/you/customer).
• Data Controller: for the purposes of the applicable laws in the EU and UK, controller means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
• Data Processor: a company which processes personal data on behalf and upon instructions of the Data Controller.
• Our Site: websites with the following domains such as CEX.IO - our Platform used for providing our services to you and any other CEX.IO domains that is used for the purposes of informing our Users on our promotional, marketing campaigns and special offers; or any other related websites that may be created by CEX.IO in future.
• Personal Data processing: any operation or set of operations performed on personal data (e.g., collection, storage, use, disclosure erasure).
• Tracking Technologies include cookies, web beacons, tracking pixels, and other tracking technologies used on our Site, including any other media form, media channel, mobile website, or mobile application to help customise the Site and improve your experience; for more detailed information please visit the Tracking Technologies section of our Privacy Policy.
• Device means any device that can access the CEX.IO’s Site such as a computer, a mobile phone or tablet.

1.3. Other capitalised terms, not specified above, have the meanings as defined in the Terms of Use and the applicable data protection legislation.

2. Who We Are

CEX.IO is a leading digital asset ecosystem comprised of entities defined in Terms of Use.

Established in 2013 as the first cloud mining provider, CEX.IO has become a multi-functional cryptocurrency exchange, trusted by over 6 million users.

CEX.IO offers cross-platform trading via website, mobile app, WebSocket and REST API, providing access to high liquidity order book for top currency pairs on the market. Instant cryptocurrency buying and selling is available via a simplified bundle interface.

The exchange has developed a multi-level account system with an individual approach to each customer, from crypto beginners to institutional traders. Worldwide coverage in permissible jurisdictions, multiple payment options, and 24/7 support are accompanied by time-proven platform stability that focuses on the safety of assets and data.

3. Collecting and Using Your Personal Information

3.1. We may collect your Personal Information if you open an account or perform any transactions. This is defined as collection for the purpose of provision of service(s) to you in accordance with our Terms of Use. Please note, if you refuse to share your Personal Information for this purpose, we will not be able to provide our services to you.

3.2. The types of Personal Information which we collect may include:

1. your name
2. your photographic identification
3. details from your identity documents (such as driver licence, passport), number of the document, date of issue/expiration, photographic identification, etc.
4. your address, phone number, cell number, email
5. app, browser and device information - we may collect various types of information about your use of our app or website, including your device's Internet Protocol address (e.g. IP address); browsing behaviour and preferences, such as the pages you visit and time spent on them; login credentials; browser type and version; and other diagnostic data. We may also collect information about your mobile device, such as its type, operating system, and unique identifiers
6. bank details including account numbers, payment cards and statements
7. your date of birth
8. your personal code
9. your employment details
10. your trades
11. information on sources of your funds, and
12. video footage identifying you.

3.3. Use of your Personal Data

3.3.1. We will process your Personal Information only for the purpose(s) of providing the service(s) to you, to satisfy the legal and regulatory obligations that arise from providing you the service(s) and our legitimate interest.

3.3.2. Based on our obligations and legitimate interest, we may request other documents for identity verification and sources of funds.

3.3.3. We may use your Personal Information for the following purposes:

• To provide and maintain our services, including to allow you to open and operate an Account and monitor the usage of services.
• To manage your Account: to manage your registration as a user of the service(s). The Personal Data you provide can give you access to different functionalities of the Service that are available to you as a registered user, i.e., to enable you to complete transactions on the Platform.
• For the performance of a contract: the development, compliance and undertaking of the purchase contract for the products, items, or services you have purchased or of any other contract with us.
• To contact you: we may contact you by email, telephone, SMS, or other equivalent forms of electronic communication, such as push notifications from our mobile app. We may use these methods to provide you with updates, informative communications related to the functionalities of our products or contracted services, including security updates when necessary or reasonable for their implementation, and to reply to your queries.
• To provide you with news, special offers and general information about other goods, services, and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information.
• To manage your requests: to attend and manage your requests to us.
• To ensure security of your Account (for instance, if you make a request to disable 2-factor authentication on your account we can ask you to provide additional Personal Information to confirm your identity).
• To comply with legal obligation purposes such as tax reporting, fraud prevention, our reporting obligations etc.
• To provide you with information about products and promotions that may be of interest to you, from ourselves and third parties, although only if you have specifically agreed to receive such information.
• For market research e.g., surveying Users' needs and opinions on issues, such as performance. Unless consented, your data for this purpose would be anonymised.
• For business transfers: we may use your Personal information to evaluate or conduct a merger, divestiture, restructuring, reorganisation, dissolution, or other sale or transfer of some or all our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by us about our services users is among the assets transferred.
• For other purposes: We may use your Personal Information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our service(s), products, services, marketing, and your experience.

3.4. Children's personal data Minors are not permitted to use CEX.IO. If you are a parent or guardian and believe that CEX.IO has information of a child under the age of 18 please contact us immediately at dpo@cex.io so we remove any such information from our database.

4. Your rights in relation to your personal data

4.1. Right to be informed: you have the right to be informed about the collection and use of your personal data. This Privacy Policy is intended to provide you with clear and concise information about how we process your personal data.

4.2. Right to access: you have the right to access your Personal Information and request details about processing activities that we undertake with your data. You can do this by sending an email to us at dpo@cex.io or where possible, you can do these actions in your account profile page yourself. Upon your written request we will also give you a copy of the Personal Information we have retained. There may be a minimal charge for providing you additional copies of your Personal Information to cover administrative costs.

4.3. Right to Rectification: you may request us to rectify or update any of your personal information held by CEX.IO that is incomplete or inaccurate by sending an email at dpo@cex.io or where possible - do it in your account profile page yourself.

4.4. Right to Erasure: you have the right to request the erasure of both the Account and Personal Information by sending an email to us at: dpo@cex.io. CEX.IO will action your request, unless we have a legal or regulatory obligation or overriding legitimate interest to store your Personal Information (for instance, in cases you have performed transactions).

4.5. Right to object or to restrict processing - you have the right to restrict and object to the processing of your personal data in certain circumstances, such as where the processing is carried out for direct marketing purposes. To do so, please send an email to us at dpo@cex.io or where possible do it yourself, f. e. unsubscribe from our marketing emails by clicking on the “Unsubscribe” link provided in each of our marketing messages.

4.6. Right to data portability - you may also ask us to transfer your Personal Information to another controller of your choice.

4.7. Identity Verification - to ensure the confidentiality, integrity, and availability of your information, we may request you to confirm your identity by providing identification documentation and/or other methods prior to assisting you in exercising any of your rights. If you refuse to prove your identity, we may decline to take actions in respect of your data, save restricting processing, until we can ensure that such actions are the true wish of the data subject.

4.8. Automated Decision-Making and Profiling. In the carrying out of our services we may use automated processing and profiling to reduce the risks of fraud, money laundering and abuse of our services. Through this automated processing, we carry out an analysis of your identification, transactional and behavioural patterns. We may not be able to provide you with some or all our services if you do not wish this automated processing to be carried out. If you feel that this processing might be detrimental to you, please contact us on dpo@cex.io, and our compliance officer will review your application.

4.9. Timeframe for Response: if you make a request, we have one month to respond to you. If we are unable to respond within the month, we will inform you and provide an explanation for the delay.

4.10. Non-discrimination: we will not discriminate against you for exercising any of your rights over your personal information. Unless your personal information is required to provide you with a particular service or offer (for example providing user support), We will not deny you goods or services and/or charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties, or provide you with a different level or quality of goods or services.

4.11. No Fee usually required: you will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

5. Exercising of your Data Protection Rights

5.1. You may exercise your rights of access, rectification, cancellation, and opposition by contacting us. We may ask you to verify your identity before responding to requests.

5.2. You have the right to complain to a data protection authority about our collection and use of your Personal Data. If you reside in the EEA, Switzerland, or the UK, you have the right to discuss any instance where you feel we may not be adhering to the terms within this Privacy Policy or raise a complaint about our practices with the supervisory authority of your country or state.

5.3. You can check the list of the Data Protection Authorities in European Union countries, as well as in Iceland, Norway and Liechtenstein on this website.

5.4. In the UK, the Information Commissioner’s Office www.ico.org.uk.

6. Retention of Personal Information

6.1. Your information is held within our servers located within the European Union. Access to this information is provided to staff of CEX.IO whose office may also be outside of the European Union but who adhere to the same principles of data security and processes as those within the European Union (please see the Section on International data transfers for more details).

6.2. Your payment method information to effect or receive payments from CEX.IO are passed on to third-party payment processor(s) based in the EU and with which CEX.IO has a contractual agreement to safeguard your rights. Unless you create an account with us and conduct transactions, we do not retain your payment method information.

6.3. We will hold your Personal Information only for as long as it is necessary for the purposes described in this Privacy Policy and our legal and regulatory requirements.

6.4. To comply with relevant regulatory bodies and laws requirements, we must adhere to different retention periods for Personal Information. In accordance with CEX.IO’s legal obligations, we will retain Personal Information for a period of five to eight years after our User closes their Account and terminates legal relationships with us, or for five to eight years from the end of the tax period in which the User conducts their last transaction.

6.5. Data stored for regulatory purposes will be protected from unnecessary processing and will be held only for the purpose of being able to provide information or access to relevant authorities.

6.6. As retention periods vary depending on the jurisdiction and may change from time to time, if you wish to obtain information on how long we store your data, please contact us.

7. Disposal of Personal Information

7.1. Once we do not have any obligation to provide you with a service you requested, nor an obligation to hold Personal Information for regulatory or legal purpose, we will anonymise or dispose of your Personal Information in line with acceptable industry and security standards so that this cannot be subsequently retrieved and associated with you.

7.2. Where we cannot directly remove such records, such as in archived backups, we will retain a log of which Personal Information should be removed if ever the backup data is restored.

8. Tracking Technologies and Cookies

We use cookies and similar tracking technologies to track the activity on our site and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyse our site. The technologies we use may include:

8.1. IP Addresses We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users' browsing actions and patterns and will not be used to identify any individual unless that same individual.

8.2. Web Beacons Certain sections of our service(s) and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the CEX.IO, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).

8.3. Cookies

8.3.1. We use a browser feature known as a "cookie", which assigns a unique identification to your computer. Cookies are typically stored on your computer's hard drive. Information collected from cookies is used by us to evaluate the effectiveness of our Sites, analyse trends, and administer the Platform. The information collected from cookies allows us to determine such things as which parts of our Sites are most visited and difficulties our visitors may experience in accessing our Sites. With this knowledge, we can improve the quality of your experience on the Platform by recognising and delivering more of the most desired features and information, as well as by resolving access difficulties.

8.3.2. We also use cookies and/or a technology known as web bugs or clear gifs, which are typically stored in emails to help us confirm your receipt of, and response to, our emails and to provide you with a more personalised experience when using our Sites.

8.3.3. We use third party service provider(s), to assist us in better understanding the use of our Sites. Our service provider(s) will place cookies on the hard drive of your computer and will receive information that we select that will educate us on such things as how visitors navigate around our Sites, what products are browsed, and general transaction information. Our service provider(s) analyses this information and provides us with aggregate reports. The information and analysis provided by our service provider(s) will be used to assist us in better understanding our visitors' interests in our Sites and how to better serve those interests. The information collected by our service provider(s) may be linked to and combined with information that we collect about you while you are using the Platform. Our service provider(s) is/are contractually restricted from using information they receive from our Sites other than to assist us.

8.3.4. You may control the cookies through your browser settings.

8.3.5. We use both session and persistent cookies for the purposes set out below: Necessary / Essential Cookies Type: Session Cookies Administered by us Purpose: these cookies are essential to provide you with services available through the Site and to enable you to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services.

Cookies Policy / Notice Acceptance Cookies Type: Persistent Cookies Administered by us Purpose: these cookies identify if users have accepted the use of cookies on the Site.

Tracking and Performance Cookies Type: Persistent Cookies Administered by third parties Purpose: these cookies are used to track information about traffic to the Site and how users use the Site. The information gathered via these cookies may directly or indirectly identify you as an individual visitor. This is because the information collected is typically linked to a pseudonymous identifier associated with the device you use to access the Site. We may also use these cookies to test new pages, features, or new functionality of the Site to see how our users react to them.

8.4. Analytics. We use Google Analytics, which uses cookies and similar technologies to collect and analyse information about use of the website and report on activities and trends. This service may also collect information regarding the use of other websites, apps, and online resources. Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our site. This data is shared with other Google services. Google may use the collected data to contextualise and personalise the ads of its own advertising network. You can opt-out of having made your activity on the site available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (gtm.js) from sharing information with Google Analytics about visits activity. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: policies.google.com/privacy.

8.5. Do Not Track Some browsers have a “Do Not Track” feature that lets you tell websites that you do not want to have your online activities tracked. Currently, we do not respond to browser “Do Not Track” signals.

9. Disclosure of Personal Information

9.1. We use the Personal Information for purposes indicated at the time you provide such information/for the purposes set out in this Privacy Policy/as permitted by law.

9.2. Business Transactions. We may make available the Personal Information that you provide to us for the limited purpose indicated for and during the provision of the service that you would have requested in particular to:

• our affiliates, agents, and representatives
• payment service providers and financial institutions
• customer communications platforms
• our contractors providing software for identity verification purposes
• our contractors who provide us information on sanctions lists from publicly accessible sources.

9.2.1. We may also share users’ Personal Information with financial institutions, insurance companies or other companies in the case of a merger, divestiture, or other corporate reorganisation and notify you of such sharing of your information to be able to exercise any of your rights where applicable.

9.3. Law Enforcement. We may be required to disclose your Personal Information under certain circumstances, such as we are obligated to do so due to valid requests from public authorities (e. g. law enforcement or regulatory agencies, court, etc.). In certain cases, we may not be able to inform you of such sharing of data due to legal restrictions.

9.4. Any third party which receives or has access to Personal Information shall be required by us to protect such Personal Information and to use it only to carry out the services they are performing for you or for CEX.IO, unless otherwise required or permitted by law. Such a third party, except for regulatory authorities, would be contractually bound to adhere to the same or higher level of security and confidentiality policies as CEX.IO, and assume at least the same level of responsibilities as CEX.IO.

9.5. The legitimate exercise of any of your rights with CEX.IO will also be notified to be applied by any such third parties having been given access to your Personal Information.

9.6. We will ensure that any such third party is aware of our obligations under this Privacy Policy, and we will enter into contracts with such third parties by which they are bound by terms no less protective of any Personal Information disclosed to them than the obligations we undertake to you under this Privacy Policy, or which are imposed on us under applicable data protection laws.

10. International Data Transfers

10.1. Our contractors and affiliates are situated in various countries, including countries located outside the European Union (EU), and we may need to transfer your personal data to third countries to provide our services to you. We strive to ensure an adequate level of protection for your personal data, regardless of where our contractors are located. Please note that we may transfer your Personal Information only in the following cases:

• If the country where we transfer your Personal Information provides the adequate level of personal data protection, as determined by the European Commission. You can view a list of such countries by clicking here.
• If we take appropriate safeguards to ensure that your rights as a data subject are protected.
• If any derogations for specific situations apply, such as if the transfer is necessary for the establishment, exercise, or defence of legal claims or for an important reason of public interest.

11. Third-Party Sites and Resources Disclaimer

11.1. Our Site may contain links to third-party sites and resources. Please note that his Privacy Policy applies only to our Sites. By clicking on any such links and accessing those third-party sites or resources, you will be leaving our Site.

11.2. We want to make it clear that we have no control over these third-party sites, or any content contained therein. Therefore, we cannot accept any responsibility or liability for any of those third-party sites, including but not limited to their content, policies, promotions, products, services, actions and any damages, losses, failures, or problems caused by, related to, or arising from those sites. We strongly advise you to review all policies, rules, terms, and regulations, including the privacy policies, of any site that you visit.

12. Marketing Data Processing, Advertising and Social Media Fan Pages

12.1. We may use your Personal Information for marketing purposes if you provide your consent during registration or post-registration by checking marketing preferences boxes in your account profile page. Additionally, we may notify existing Users about our products or services that are similar to those we have already provided based on our legitimate interest.

12.2. You have the right to withdraw your consent for us to process your Personal Information for marketing purposes. To exercise this right, you can uncheck the marketing preferences boxes in your account profile or contact us at dpo@cex.io.

12.3. We maintain a strong presence on various social media platforms to stay connected with our customers and keep them updated on our latest developments. Our social fan pages include Twitter, LinkedIn, Facebook, Telegram, Instagram, YouTube, Reddit, Pinterest, and TikTok.

12.3.1. Here is the list of our social pages:

• Twitter
• LinkedIn
• Facebook
• Telegram
• Instagram
• YouTube
• Reddit
• Pinterest
• TikTok

12.3.2. Please verify that you are on the correct website, to do it you can use the links provided above to access these pages directly.

12.4. We encourage our customers to follow and engage with us on our social media pages. However, please note that any information shared on these platforms is subject to the respective social media platform's privacy policy and terms of service. We do not have control over the information collected by these platforms and are not responsible for their actions.

12.5. We may use social media advertising to promote our services and reach a wider audience. Such advertising may involve the use of cookies or similar technologies to collect data about your browsing behaviour. If you do not wish to receive targeted advertising from us, you can adjust your social media platform's settings or opt-out of targeted advertising by following the instructions provided by the respective social media platform.

12.6. Please note that any content posted by users on our social media pages is subject to the respective social media platform's terms of service and community guidelines. We reserve the right to moderate or remove any content that violates these guidelines or our company policies.

12.7. We collaborate with third-party entities as specified below to help us display advertisements on external websites and assess the effectiveness of our advertising campaigns. These third parties have the ability to show you relevant ads for products and services that align with your interests, based on your visits to our Sites as well as other websites. Please note that these third parties follow their own privacy policies, which are distinct from ours. However, as a rule such third parties grant data privacy standards no less than we do.

For the marketing and analytics purposes, we may share your Personal Information including Hashed Data, along with other general or non-personally identifiable data, with the following counterparties:

• Appsflyer
• AdRoll (including NextRoll)
• Customer.io
• Gleam.io
• Google and its affiliates (including Firebase)
• Hotjar
• Hubspot
• Intercom
• META and its affiliates
• Mixpanel
• Pinterest
• Prefinery
• Quora
• Reddit
• RudderStack
• Snapchat
• Twitter
• Typeform
• Wheel of Popups
• Zapier

If you wish to opt out of various third-party ad networks, including those operated by the Network Advertising Initiative (NAI) and the European Interactive Digital Advertising Alliance (EDAA), you can find more details on interest-based advertising and how to opt out on their respective websites: www.youronlinechoices.com/uk/your-ad-choices (EDAA) and optout.networkadvertising.org (NAI). By opting out of one or more NAI or EDAA member networks (many of which overlap), you will no longer receive targeted content or ads from those members. However, this does not mean that you will stop receiving all ads on our Sites or other websites. You may still receive advertisements based on the particular website you are currently visiting. Additionally, please note that if your browser settings reject cookies, if you delete your cookies, or if you switch to a different computer or web browser, your NAI or EDAA opt-out may no longer remain effective.

13. Security of Your Personal Data

13.1. We have implemented technical and organisational security measures to ensure the confidentiality, integrity, availability, and accountability of your Personal Information and to protect your Personal Information from loss, misuse, unauthorised alteration or destruction. Such measures include:

• the pseudonymisation and TLS 1.2-1.3 encryption of personal data
• 2-factor authentication
• the access control
• processes to ensure the ongoing confidentiality, integrity, availability of our processing systems and services
• reliable backups to restore access to personal data in a timely manner in the event of a physical or technical incident.

13.2. Only authorised personnel of CEX.IO have access to your Personal Information, and these personnel are required to treat the information as confidential.

13.3. Where you have consented to or we are obliged to pass on Personal Information to third parties to provide you with a requested service or in the carrying out of a regulatory or legal obligation, we will request that the high levels of technical and organisational security measures be applied through contractual arrangements, where possible.

13.4. We conduct testing, assessment, and evaluation of our technical and organisational measures effectiveness on a regular basis. Technical and organisational security measures in place, from time to time, are reviewed in line with legal and technical developments.

13.5. In the event of incidents, personal data leakage or the failure of the security measures to protect such information we will notify you without undue delay.

14. Security measure for processing payment card details

14.1. CEX.IO is fully compliant with PCI DSS (Level 1 Service Provider). PCI DSS (Payment Card Industry Data Security Standard) is an information security standard designated for merchants, financial institutions, and payment service providers to ensure the safety of cardholders' data. You can check our Certificate of compliance here.

14.2. Please note that our trusted payment service providers are PCI DSS compliant as well.

15. Fraud, Phishing and Email Scams Disclaimer

15.1. Please note that CEX.IO is not in any partnership with any individuals or organisations who represent themselves as customer support agents and offer customer support services through phone and/or social media channels for a fee. Please be aware that customer support is provided only through the CEX.IO website and is always free of charge.

15.2. If you believe that you have been a victim of fraud, phishing, or any scam that impersonates CEX.IO, please contact us immediately through the live chat available on our website.

16. Changes to this Privacy Policy

16.1. Our Sites policies, content, information, promotions, disclosures, disclaimers, and features may be revised, modified, updated, and/or supplemented at any time and without prior notice at the sole and absolute discretion of CEX.IO. If we change this Privacy Policy, we will take steps to notify all users by a notice on CEX.IO's Site and will post the amended Privacy Policy on the CEX.IO's Site.

16.2. If we consider that your rights may be affected by any such changes, we will request you to confirm your consideration and acceptance prior to continuing our relationship with you.

17. Contact us

17.1. CEX.IO, due to applicable data protection laws, appointed a Data Protection Officer (DPO). Our DPO is the main contact for data protection supervisory authorities. If you have any questions, comments, or concerns regarding our Privacy Policy and/or how we process your personal data, please contact our DPO at the email address dpo@cex.io.

17.2. You may also wish to check our Help Centre on support.cex.io/en for frequently asked questions where a solution may easily be found ready for you.