CCPA/CPRA Privacy Notice
Last update: October 24th, 2023
CEX.IO CORP. and its affiliates (hereinafter, "CEX.IO", “CEX US”, "we", "us" or "our") are committed to protecting and respecting your privacy.
Categories of Personal Information Collected
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular Consumer or Device. The following is a list of categories of personal information which we may collect or may have been collected from California residents within the last twelve (12) months. Please note that the categories and examples provided in the list below are those defined in the California Consumer Privacy Act / California Privacy Rights Act. This does not mean that all examples of that category of personal information were in fact collected by us but reflects our good faith belief to the best of our knowledge that some of that information from the applicable category may be and may have been collected. Please note that only certain categories of personal information would only be collected if you provided such personal information directly to us. Additionally, please be aware that some information is collected automatically.
Identifiers, such as your real name, user ID, postal address, email address, a copy of your identification (such as your driver’s license or passport), your social security number and/or other government identification or registration data, IP address, domain name, and other similar identifiers.
Personal Information listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)):
- Financial information, such as bank account information, routing number
- Transaction Information, such as public blockchain data
- Credit and Fraud Information, such as credit investigation, credit eligibility, identity or account verification, fraud detection, or as may otherwise be required by applicable law
- Correspondence, such as information that you provide to us in correspondence, including account opening and customer support
- Institutional Information, such as for institutional customers, we may collect additional information, including institution’s legal name, Employer Identification Number (“EIN”) or any comparable identification number issued by a government, and proof of legal existence (which may include articles of incorporation, certificate of formation, business license, trust instrument, or other comparable legal document)
- Device Information, such as hardware, operating system, browser, device model, screen width, screen height
- Telephone number
- Usage Data, such as system activity, internal and external information related to CEX.IO pages that you visit, clickstream information
- Additional Information, as permitted by law or required to comply with legal obligations, which may include criminal records or alleged criminal activity, or information about any person or corporation with whom you have had, currently have, or may have a financial relationship. Personal Information you provide during the registration process may be retained, even if your registration is left incomplete or abandoned.
Commercial information, such as information about your transactions and transaction history, account balances.
Internet or other Electronic Network Activity Information, such as information related to browsing history, search history, and information regarding a consumer’s interactions with CEX.IO Sites, or advertisement.
Geolocation data to the extent we need to verify your location for regulatory or anti-fraud purposes depending on the Services provided and your use of them (for example, some laws may require us to identify your location if the use of any Services involves gambling).
Sensory data: audio, electronic, visual, thermal, olfactory, or similar Information, such as images and videos collected for identity verification, audio recordings left on answering machines.
Biometric Information, such as scans of your face geometry extracted from identity documents.
Professional or employment-related information, such as your occupation, source of funds.
Inferences drawn from the above information, which may include inferences about preferences, characteristics, and behavior.
Sensitive Personal Information, such as government-issued verification numbers (i.e. Social Security Number or equivalent, driver’s license number, passport number), and biometric information (i.e. scans of your face geometry extracted from identity documents).
We collect this personal information to underwrite and set up your account, as well as to provide and promote our Services to you.
Sources of Personal Information
We obtain the categories of personal information listed above from the following categories of sources:
Directly from you. For example, from the forms you complete on our Platform, preferences you express or provide through our Service, or from your purchases on our Platform. Indirectly from you. For example, from observing your activity on our Platform. Automatically from you. For example, through cookies we or our Service Providers set on your Device as you navigate through our Site(s). From Service Providers. For example, third-party vendors to monitor and analyze the use of our Service, third-party vendors to provide advertising on our Service, third-party vendors to deliver targeted advertising to you, third-party vendors for payment processing, or other third-party vendors that we use to provide the Service(s) to you.
Use of Personal Information
We may use or disclose personal information we collect for "business purposes" or "commercial purposes" (as defined under the CCPA/CPRA), which may include the following examples:
- To operate our Site(s) and provide you with our Service(s).
- To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our Service(s).
- To fulfill or meet the reason you provided the information. For example, if you share your contact information to ask a question about our Service(s), we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, we will use that information to process your payment and facilitate delivery.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- As described to you when collecting your personal information or as otherwise set forth in the CCPA/CPRA.
- For internal administrative and auditing purposes.
- To detect security incidents and protect against malicious, deceptive, fraudulent, or illegal activity, including, when necessary, to prosecute those responsible for such activities.
- Other one-time uses.
Disclosure of Personal Information
We may use or disclose and may have used or disclosed in the last twelve (12) months all of the categories of personal information provided in the section Categories of Personal Information Collected for business or commercial purposes. Use and disclosure of Sensitive Personal Information. We recognize the importance of protecting your sensitive personal information, as defined by applicable California law. If we collect, use, or share sensitive personal information, we limit its use or disclosure to only those business purposes that are permitted by law. These purposes may include processing transactions, fulfilling orders, providing customer service, and conducting internal audits or analysis. We may also disclose sensitive personal information as required by law, to protect our legal rights, or to comply with a court order or legal process.
Share of Personal Information
We may share, and have shared in the last twelve (12) months, your personal information certain identified in the above categories with the following categories of third parties:
- Service Providers, which include IT and cloud hosting companies, auditors, analytics providers, advertising partners, ad networks for business purposes.
- Affiliates and subsidiaries of CEX.IO and other companies within CEX.IO group of companies.
- Payment providers
- Our business partners
- Third party vendors to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you.
Sale of Personal Information
- Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
- Commercial information
- Internet or other Electronic Network Activity Information
Please note that the categories listed above are those defined in the CCPA/CPRA. This does not mean that all examples of that category of personal information were in fact sold but reflects our good faith belief to the best of our knowledge that some of that information from the applicable category may be and may have been shared for value in return.
Sale of Personal Information of Minors Under 16 Years of Age
Minors are not permitted to use CEX.IO. If you are a parent or guardian and believe that CEX.IO has information of a child under the age of 18 please contact us immediately at email@example.com so we remove any such information from our database.
Your CCPA Privacy Rights
You have rights that you can exercise in relation to your personal information. In particular:
Right to know about the personal information we collect about you and how it is used and shared. You may ask for information about the categories of personal information we have collected about you, the categories of sources from which your personal information has been collected, the business or commercial purpose for collecting or selling your personal information, as well as the categories of third parties with whom we may share or to whom we sell your personal information and the categories of personal information that have been provided to such third parties. You may also ask us for a copy of the specific pieces of personal information we have collected about you in a machine-readable format.
Right to delete. You have the right to request the deletion of your Personal Information. Please note that we may not be able to fully address your request in certain circumstances, such as when we need to complete a transaction for you, detect and protect against fraudulent or illegal activity, exercise our rights, or comply with a legal obligation. If we are unable to fulfill your request, we will inform you of the reason why.
Right to opt-out of the Sale of Personal Information. We do not sell the Personal Information of consumers. However, if we begin to sell personal information in the future, you have the right to direct us to not sell your Personal Information at any time.
Right to correct. You may ask us to correct inaccurate information that we have about you.
Right to limit. You have the right to request us to only use your sensitive personal information (f. e., your social security number, financial account information, your precise geolocation data, or your genetic data) for limited purposes, such as providing you with the Services.
Right to nondiscrimination. We will not discriminate against you for exercising any of your consumer’s rights listed above. This means that we will not deny you Services, charge you different fees, or provide you with a lower level of Services if you exercise your privacy rights.
Exercising Your CCPA/CPRA Data Protection Rights
You may exercise any of your privacy rights by contacting us through one of the communication channels provided in the Contact Us section of this Privacy Notice.
You may authorize a person to act on your behalf in relation to exercising these rights, but we may need to take certain steps to verify the request made is legitimate, i.e., that it is indeed coming from you and that it is made on your behalf. For example, we may require your signed permission demonstrating that you have authorized the agent to submit the request on your behalf.
Your request to us should:
- Provide sufficient information that allows Us to reasonably verify You are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows Us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with the required information if we cannot:
- Verify your identity or authority to make the request.
- And confirm that the personal information relates to you.
We will disclose and deliver the required information free of charge within 45 days of receiving your verifiable request. The period to provide the required information may be extended once by an additional 45 days when reasonably necessary and with prior notice.
Any disclosures we provide will only cover the 12-month period preceding the verifiable request's receipt.
For data portability requests, we will select a format to provide your personal information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.
Please note that where we use and disclose personal information for purposes related to security, fraud detection and other similar purposes, some of your rights may be limited. As such, please consider that there might be cases where your request cannot be fulfilled. For example, as permitted by the CCPA, it is possible that we may not comply with a request to delete your personal information if we need that information for the purpose of detecting security incidents, or protecting against malicious, deceptive, fraudulent, or illegal activities, where such information is necessary to record our contractual dealings or your transactions or where required or otherwise permitted by law.
If you want to know more about your rights, or you want to exercise them, or you have any questions or concerns regarding this Privacy Notice you can reach us by live chat on the Site. Alternatively, you can contact us through email firstname.lastname@example.org or email@example.com. Additional resources may be found through our Help Centre.