Cookie Policy
Last updated: 30 June 2026
This Policy explains how CEX.IO Markets UK LTD uses cookies and other storage and access technologies in connection with the Site, Platform, mobile application and Services.
Your choice
Necessary technologies are always active because they support the operation and security of the Site and requested Services. When you first visit the Site, Consent Preferences allows you to accept all optional technologies, reject them or choose separately whether to allow Functional, Analytics and Advertisement technologies. You can change your choices at any time through the “Consent Preferences” icon on the left-hand side of the Site footer.
Contents
- Scope
- Who we are
- What cookies and similar technologies are
- How we use them
- Consent and legal basis
- Consent Preferences and current technology list
- Third-party technologies
- Mobile application technologies
- Email technologies
- How to manage your choices
- Retention and consent records
- International processing
- Changes
- Contact and complaints
1. Scope
1.1 This Cookie Policy applies to cookies, local storage, session storage, software development kits (SDKs), pixels, tags, scripts, device identifiers, and other technologies that store information on, or access information from, your device in connection with the Site, Platform, mobile application, hosted interfaces, and electronic communications used to provide the Services.
1.2 This Cookie Policy should be read together with the CEX.IO Markets UK LTD Privacy Policy. Where our use of a technology involves processing personal data, the Privacy Policy provides further information about the applicable purposes and lawful bases, categories of recipients, international transfers, retention, and your data protection rights.
1.3 This Policy reflects the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR), the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and those laws as amended, including by the Data (Use and Access) Act 2025. PECR applies to storage and access technologies whether or not the information is personal data.
2. Who we are
For the processing described in this Policy, CEX.IO Markets UK LTD is responsible for the storage and access technologies it selects and controls in connection with the Services. CEX.IO Markets UK LTD is a private limited company incorporated in England and Wales with company number 15140258 and registered office at 78-79 Pall Mall, London, England, SW1Y 5ES. Depending on the relevant activity, an affiliated CEX.IO entity or third-party provider may act as our processor acting on our instructions, as a separate controller for its own purposes and legal obligations, or as a joint controller with us where we jointly determine the purposes and essential means of the processing. Further information is provided in the Privacy Policy and, where relevant, the other controller’s own privacy information.
3. What cookies and similar technologies are
Cookies are small text files placed on a device when a website is visited. Similar technologies include local and session storage, SDKs embedded in mobile applications, pixels or web beacons, tags, scripts, advertising identifiers, device identifiers, and other techniques used to store or retrieve information from a browser, application, or device.
Some technologies last only for a session and are deleted when the browser or application closes. Others are persistent and remain until their stated expiry date, until they are deleted, or until the relevant identifier is reset. First-party technologies are set by the service you are using. Third-party technologies are set or accessed by another organisation whose functionality is integrated into the service.
4. How we use cookies and similar technologies
| Category | What it is used for | Consent position | Default |
|---|---|---|---|
| Necessary | Operate and secure the Site, Platform and requested Services; maintain sessions; authenticate Users; prevent fraud and technical abuse; remember your consent choices; route communications; process forms and Transactions; and provide requested Account, payment, live-chat or other core functionality. | Used without consent only where the technology is necessary to transmit a communication or provide a service or functionality you request, or another applicable PECR exception applies. Where personal data is processed, the applicable UK GDPR lawful basis is described in the Privacy Policy. | Always active. |
| Functional | Provide optional features and personalisation, such as remembering selected settings, collecting feedback, enabling social-media sharing, displaying embedded content and supporting other third-party functionality. | Used only with your consent. Where personal data is processed, the applicable UK GDPR lawful basis is described in the Privacy Policy. | Off until you select this category. |
| Analytics | Understand how visitors use the Site, Platform or application; measure traffic, journeys and interactions; identify errors; monitor performance; assess feature use; and improve reliability, usability and Services. | Used only with your consent. Analytics technologies may process identifiers and technical, device, session, usage and referral information. Where this information is personal data, the applicable UK GDPR lawful basis is described in the Privacy Policy. | Off until you select this category. |
| Advertisement | Measure advertising campaigns; attribute referrals; limit repeated advertisements; create or match audiences; personalise advertising; and display or measure CEX.IO advertising on third-party websites, applications or services. | Used only with your prior consent under PECR. Where related information is personal data, we rely on consent for advertising, audience matching and tracking, as further described in the Privacy Policy. | Off until you select this category. |
A single technology may support more than one purpose. We assess each purpose separately. If any purpose is not covered by a PECR exception, we do not use the technology for that purpose without the required consent.
5. Consent and legal basis
5.1 Unless an exception applies, we provide clear and comprehensive information and obtain prior consent before storing information on or accessing information from your device. Consent is requested separately from the Terms of Use and requires a clear affirmative action. Continuing to use the Site is not consent.
5.2 Consent Preferences allows you to accept all optional technologies, reject them or choose separately whether to allow the Functional, Analytics and Advertisement categories. Technologies that require consent are not activated before you make the relevant choice. We design the interface so that rejecting optional technologies is as easy as accepting them.
5.3 Where a third party relies on consent collected through Consent Preferences, its identity and the relevant purpose are made available before consent. We record the choice made and the information presented so that we can demonstrate consent.
5.4 You may withdraw or change consent at any time through Consent Preferences. Withdrawal does not affect the lawfulness of processing carried out before consent was withdrawn. We stop the relevant storage or access and associated consent-based processing and take any further steps required by law in relation to personal data already collected. You may also need to delete existing cookies or identifiers through browser, application or device controls.
5.5 In the current configuration, Necessary technologies are always active. Functional, Analytics and Advertisement technologies are optional and are used only after you select the relevant category in Consent Preferences. If we materially change the categories, purposes or consent model, we will update this Policy and Consent Preferences and request a new choice where required.
6. Consent Preferences and current technology list
6.1 The current list of cookies and similar technologies is maintained in Consent Preferences. Consent Preferences is displayed when you first visit the Site and remains available at any time through the “Consent Preferences” link or icon on the left-hand side of the Site footer. It forms part of this Cookie Policy.
6.2 Consent Preferences provides, for each current technology where applicable:
- the cookie, identifier or technology name;
- the provider or third party;
- the purpose and category;
- whether it is first-party or third-party;
- the duration or expiry period; and
- the available choice or control.
6.3 The dynamic list is used because the Platform and Services are updated regularly and different technologies may apply by page, feature, device, application version or jurisdiction. Technologies may not be activated for every User. We review the inventory, category allocation and consent configuration periodically and when material changes are introduced.
7. Third-party technologies
Third parties may store or access information when their services are integrated into the Site, Platform or mobile application. These may include providers of analytics, advertising, social media, customer support, consent management, security, fraud prevention, cloud and content delivery, payment functionality, identity verification and embedded media. Consent Preferences identifies the current third parties used for each relevant purpose.
Some third parties process information only on our instructions. Others may act as separate controllers for their own purposes or, in limited cases, as joint controllers where we jointly determine the purposes and essential means of the processing. Their own privacy and cookie information applies to their controller processing. A third party may combine information obtained through our Services with information from other services only where the applicable legal requirements and your choices in Consent Preferences allow it.
8. Mobile application technologies
Mobile applications may use SDKs, local storage, push-notification tokens, crash and performance tools, device identifiers and advertising identifiers such as Apple’s Identifier for Advertisers or the Android Advertising ID. The PECR rules apply to these technologies in the same way as website cookies.
Where required, we obtain consent through the application, an operating-system permission or Consent Preferences before using mobile identifiers for analytics, cross-service tracking or advertising. Apple App Tracking Transparency and Android privacy controls operate in addition to, and do not replace, any consent required through CEX.IO. You can change operating-system permissions or reset advertising identifiers in device settings and use in-app privacy or consent controls where available.
9. Email technologies
Emails may contain pixels, tagged links, or similar technologies used to confirm delivery, protect communications, detect abuse, understand whether a message was opened or a link selected, and measure campaigns. We use marketing tracking only where permitted by PECR and, where required, with your consent. Your choice about receiving marketing messages and your choice about marketing tracking are managed separately, where necessary. Transactional or security messages may still generate necessary delivery and security logs. You can opt out of marketing emails through the unsubscribe link, but service, legal, security, and Account communications may continue.
10. How to manage your choices
10.1 You can change your choices at any time through Consent Preferences. It is available through the “Consent Preferences” icon on the left-hand side of the Site footer. Choices may need to be repeated if you use a different browser or device, clear storage, use private browsing, reset an application or advertising identifier, or if we introduce a materially different purpose.
10.2 Most browsers allow you to block, delete or receive alerts about cookies. Device and application settings may also control SDK permissions, advertising identifiers, tracking and push notifications. Browser or device controls may be less granular than Consent Preferences and may not remove information already stored.
10.3 Blocking Necessary technologies may prevent secure login, session maintenance, consent recording, payment or Transaction flows, fraud prevention, live chat or other requested functionality from working. Rejecting Functional, Analytics, or Advertisement technologies does not prevent access to core Services, although optional features, personalisation, or embedded content may be limited.
10.4 Browser “Do Not Track” or similar signals are not by themselves a substitute for valid consent unless recognised by applicable law and supported by the relevant technology. We apply such signals where legally required and use Consent Preferences as the primary control for technologies used through CEX.IO.
11. Retention and consent records
The duration of each cookie or similar technology is shown in Consent Preferences. We choose a duration that is proportionate to the purpose and review persistent technologies periodically. Session technologies normally expire when the browser or application session ends. The technology used to remember your choice is retained for the period shown in Consent Preferences, unless you change your choice, delete the relevant storage, use another device or browser, or we need to ask again sooner because the technologies, purposes, providers or legal requirements change.
We may retain records of the consent request, the choice made and subsequent changes for as long as reasonably necessary to demonstrate your choices and comply with applicable law, resolve disputes and respect preferences. These records may be retained longer than the individual cookie or technology to which they relate.
12. International processing
Some providers may process identifiers and related information outside the United Kingdom. Where personal data is transferred internationally, the safeguards described in section 10 of the Privacy Policy apply. Information stored on or accessed from a device remains subject to PECR regardless of where the supporting service is hosted.
13. Changes to this Cookie Policy
We may update this Policy to reflect changes in law, guidance, technologies, providers or the Services. We will update the “Last updated” date and, where required, provide additional notice or request fresh consent. Introducing a new purpose that requires consent is not treated as covered by an earlier consent unless that consent was sufficiently specific and remains valid.
14. Contact and complaints
Questions, rights requests or complaints about our use of cookies and similar technologies may be submitted through secure online live chat, dpo@cex.io, support@cex.io or by post using the contact details provided in Section 2 of this Cookie Policy. You do not need to use a particular form, quote a legal provision or use particular wording.
We handle complaints about cookies and similar technologies under the process described in Section 15 of the Privacy Policy, including acknowledging receipt within 30 days, investigating the complaint without undue delay and informing you of the outcome.
You may raise a concern with the Information Commissioner’s Office at any time. You do not have to contact us before approaching the ICO, although we welcome the opportunity to address your concern first.