Last update: October 24th, 2023
If you are a California resident, you can learn more about how we use your information and your privacy rights by reviewing our California Privacy Notice.
1. Information We Collect and How We Collect It
For purposes of this policy, “Personal Information” refers to any data or information that can be used to identify an individual, either alone or in combination with other data. We require your Personal Information only for the purposes of providing the services requested from CEX.IO, and to satisfy the legal requirements from our regulatory obligations as a licensed financial institution. If you refuse to share your Personal Information, we will not be able to provide our services to you. The types of personal information we collect, and share depend upon the product or service you are using with us. This information can include:
Information You Provide
- Account Information: The information we collect varies depending on several factors, including whether you are an individual or representing a corporate entity, as well as other relevant circumstances and considerations. When you create an account, we may collect information associated with your account such as your username, name, corporate legal name (including d/b/a name), date of birth, contact information, address(es), phone number, biometric identifiers (facial recognition and facial geometry data derived from photographs or videos you submit to us during the onboarding process), photographs, audio recordings, and government-issued identification documents (e.g. drivers license, passport, social security number, employer identification number, and taxpayer identification number), information to corroborate the stated source of your funds and employment details (collectively, “Account Information”) proof of legal existence and beneficial ownership (e.g. state certified articles of incorporation or certificate of formation, unexpired government-issued business license, trust instrument, operating agreement, share registry, capitalization table, schedule K-1, and/or other comparable legal documents as applicable) information concerning all authorized account customers and beneficial owners (including but not limited to, full names, proof of identity, and contact information). Account information includes, any additional personal information at the discretion of our Compliance Department.
- Financial Information: Certain services require financial information such as your credit/debit card information, digital asset wallet addresses, information about your income/source of funds, tax information.
- Communication information: When you contact us, we collect information concerning the contents of your communications, whether by email, chat, social media, telephone or otherwise. These communications may include data in files which are uploaded or emailed or otherwise provided by you.
- Other Information You Voluntarily Choose to Provide: We may collect information, including personal information, that you voluntarily provide to us when you:
- Participate in surveys, sweepstakes, promotions, and contests;
- Register for, attend, or participate in conferences, webinars or other events;
- Apply for a job with CEX.IO.
Information We Collect Automatically
- Location Data: We collect your IP address automatically when you use our Services, from which we or third parties operating on our behalf may be able to determine your approximate location (e.g. country and city). Such information is collected for the limited purposes of: system administration, to report aggregate information for our internal statistics, to ensure that you are in a jurisdiction which we are authorized to operate, and to ensure that your account has not been compromised by detecting irregular or suspicious logins or transactions.
- Device Information: We collect your device information, such as browser type and operating system, to analyze trends, administer the website and gather demographic information.
- Referral URLs and Clickstream Data: We may collect information about the pages you visit on our website, and other actions you take while navigating through our website.
- Tracking Technologies and Cookies: Our websites automatically gather certain information and store it in log files. This information may include your IP address, browser type, referring/exit pages, operating system, date/time stamp and clickstream data. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze our site. The technologies we use may include web beacons and cookies.
- Cookies are small text files that are placed on your device (e.g. computer, phone, tablet) when you visit our website. These files enable us to collect certain information about your browsing behavior and preferences. Information collected from cookies, including clear gifs, is used by us to evaluate the effectiveness of our Sites, analyze trends, and administer the Platform. With this knowledge, we can improve the quality of your experience on the Platform by recognising and delivering more of the most desired features and information, as well as by resolving access difficulties.
- Web beacons, are also known as pixel tags, and are pieces of code embedded in our Services that collect information about engagement on our website or emails.
Publicly Available information
- Information from Third Party Sources: We may collect information that is publicly available or obtained from other sources. This includes information that you have knowingly made available to the public such as information posted on public directories, other publicly accessible websites.The collection of publicly available information is done in accordance with applicable laws and regulations.
- Public Blockchains: Transactions in digital assets are not necessarily anonymous. All public blockchains allow anyone to see the balance and transaction history of any public digital asset address. It may be possible to match your public digital asset wallet address to other Personal Information about you, and therefore may be able to identify you from a blockchain transaction. This is a result of Personal Information published on a blockchain (such as your digital asset wallet address and IP address) which may be correlated with Personal Information that CEX.IO and others may have. Additionally, when using data analysis techniques on a given blockchain, it may be possible to identify other Personal Information about you. As part of our security, anti-fraud, identity verification and authentication checks, we may conduct such analysis to collect and process such Personal Information about you.
Minors are not permitted to use CEX.IO. If you are under the age of 18, please do not provide any personal information through the Sites or Services. If you are a parent or guardian and believe that CEX.IO has information of a child under the age of 18 please contact us immediately at email@example.com, so we remove any such information from our database.
3. How We Use Your Information
We generally use the information we collect online to:
- To provide and maintain our services, including to allow you to open and operate an account and monitor the usage of services;
- To manage your account: To manage your registration as a Сustomer of the service(s). The Personal Data you provide can give you access to different functionalities of the Service that are available to you as a registered customer, i.e., to enable you to complete transactions on the Platform;
For the performance of a contract: The development, compliance and undertaking of the purchase contract for the products, items, or services you have purchased or of any other contract with us;
Contact You: We may contact you by email, telephone, SMS, or other equivalent forms of electronic communication, such as push notifications from our mobile app. We may use these methods to provide you with updates, informative communications related to the functionalities of our products or contracted services, including security updates when necessary or reasonable for their implementation, and to reply to your queries;
- Marketing: To provide you with news, special offers and general information about other goods, services, and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information;
- Requests: To attend to, and manage your requests of us;
- Security: To ensure security of your account (for instance, if you make a request to disable 2-factor authentication on your account we can ask you to provide additional Personal Information to confirm your identity);
- Legal Obligations: To comply with legal obligation purposes such as tax reporting, fraud prevention, our reporting obligations etc.;
- Joint Marketing: To provide you with information about products and promotions that may be of interest to you, from ourselves and third parties, although only if you have specifically agreed to receive such information;
- Market Research: For market research e.g., surveying your needs and opinions on issues, such as performance. Unless consented, your data for this purpose would be anonymised;
- Business Transfers: We may use your Personal information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by us about you is among the assets transferred; and
- Other Purposes: We may use your Personal Information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our service(s), products, services, marketing, and your experience.
Your Privacy Rights
- You have the right to access the Personal Information we collect about you, the right to correct any inaccuracies in your Personal Information, and, in certain circumstances, the right to limit its sharing. Please note that your privacy rights may vary depending on the specific regulations of your state. Please feel free to reach out to our Help Centre or at firstname.lastname@example.org if you have any questions regarding your privacy rights, or want to exercise them.
4. Disclosure of Information
- Affiliates and Subsidiaries: We disclose your information with our affiliates and subsidiaries, including information regarding your experience using our services.
- Advertising and Third-Party Data Sharing: We may collaborate with third-party advertising partners (e.g., ad networks and advertising service providers) to deliver tailored advertisements and promotional content to you when you visit our website and use our Services. These advertising partners may utilize cookies, pixel tags, and similar technologies to collect information about your activities for the purpose of providing personalized advertisements. Additionally, we may share hashed data, including personal data such as email addresses and phone numbers, with third-party entities for data analytics, profiling, and user acquisition purposes. This shared information helps us monitor the effectiveness of our advertising campaigns and display relevant ads for products and services that align with your interests, based on your visits to our website and other websites. It's important to note that these third-party entities maintain their own privacy policies, which may differ from ours. We encourage you to review their respective privacy policies to understand how they handle your information. Rest assured that we ensure these third parties adhere to data privacy standards that are no less stringent than our own. For marketing and analytics purposes, we may share your Personal Information, including hashed data, along with other general or non-personally identifiable data, with the following entities: Appsflyer, AdRoll (including NextRoll), Customer.i, Gleam.io, Google and its affiliates (including Firebase), Hotjar, Hubspot, Intercom, META and its affiliates, Mixpanel, Pinterest, Prefinery, Quora, Reddit, RudderStack, Snapchat, Twitter, Typeform, Wheel of Popups, and Zapier.
- When Required by Law: As a licensed financial institution and Money Services Business in the United States, CEX.IO must comply with Section 326 of the USA PATRIOT ACT; which requires all financial institutions to obtain, verify, and record Personal Information that identifies each person who opens an account. This federal requirement applies to all customers. This Personal Information is used to assist the United States government in the fight against the funding of terrorism and money-laundering activities. We may disclose your Personal information when required by applicable laws, regulations, legal processes, or government authorities. This may include, but is not limited to, complying with court orders, subpoenas, or other legal obligations. We may also disclose your information to protect our legal rights, respond to legal claims, or defend against legal disputes. In some situations where we believe it is necessary to prevent imminent harm, financial loss, or to report suspected illegal activities, we reserve the right to disclose your Personal Information to relevant law enforcement authorities or other government agencies. Please be aware that, while we take measures to protect your privacy, we may be legally obligated to disclose your information without providing prior notice.
- Change in Ownership: We may share your Personal Information with financial institutions, insurance companies or other companies in an anonymized format to an interested buyer or seller of the business or business assets. In the case of a merger, divestiture, corporate reorganization, or asset sale of the business, we will notify you prior to the non-anonymized transfer of your Personal Information. We encourage you to exercise all of your rights regarding the sharing of your Personal Information.
5. Your Choices
When it comes to your privacy, we are able to offer you certain choices concerning the personal information we collect from you.
- Email Marketing: In order to no longer receive email marketing messages from us, please click “unsubscribe” at the very bottom of the email message. Alternatively, you can contact us at email@example.com and request that we remove you from receiving email marketing messages.
- Push Messaging Marketing: In order to block push notification marketing messages in iOS Settings, go to Settings > Notifications > Select the desired CEX.IO app > Toggle the “allow notifications” to turn off the notifications. For android, go to Apps > Choose an app > Notifications > Turn off all notifications or select specific types to turn off.
- SMS Messaging: At this time, CEX.IO does not send marketing messages over SMS Messaging.
- Do Not Track: Some browsers have incorporated “Do Not Track” (DNT) features that can send a signal to the websites you visit indicating you do not wish to be tracked. Currently, our website does not respond to browser DNT signals.
- If you wish to opt out of various third-party ad networks, including those operated by the Network Advertising Initiative (NAI) and the Digital Advertising Alliance (DAA), you can find more details on interest-based advertising and how to opt out on their respective websites: www.aboutads.info/choices (DAA) and https://optout.networkadvertising.org/?c=1 (NAI). By opting out of one or more NAI or DAA member networks (many of which overlap), you will no longer receive targeted content or ads from those members. However, this does not mean that you will stop receiving all ads on our Sites or other websites. You may still receive advertisements based on the particular website you are currently visiting. Additionally, please note that if your browser settings reject cookies, if you delete your cookies, or if you switch to a different computer or web browser, your NAI or DAA opt-out may no longer remain effective.
CEX.IO maintains physical, electronic and procedural security measures to guard against unauthorized access to systems and uses safeguards such as firewalls and data encryption.
No security measure is perfect. However, we have implemented technical and organizational security measures to ensure the confidentiality, integrity and accountability of your Personal Information. Through a constant process of reevaluation and testing we pride ourselves on our abilities to protect your Personal Information from loss, misuse, manipulation or destruction. Examples of measures we take to protect your Personal Information include:
- Pseudonymization and TLS 1.3 encryption of personal data
- Access control
- The ability to ensure the ongoing confidentiality, integrity, availability and resilience of our processing systems and services
- The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
- Only authorized personnel, who are subject to strict confidentiality agreements, have access to your Personal Information.
Technical and organizational security measures will be reviewed on a rolling basis to consider all legal and technical developments. Additionally, we perform ongoing due diligence on third-party vendors which may have access to your Personal Information.
In the event of a data breach or the failure of our security measures, we will notify you immediately. CEX.IO may retain a data protection and breach notification security advisory firm which monitors all applicable reporting requirements for the United States and other jurisdictions which we operate.
7. Retention of Personal Information
CEX.IO will retain your Personal Information for as long as is necessary to complete the purposes for which it was collected, or as may be required by law. However, please note that some data may be retained for a longer period if required or permitted by law, to resolve disputes, enforce our agreements, or for other legitimate business purposes. If you have any questions or concerns regarding our tension practices, please contact us using the information provided in the “Contact Us” section below.
8. External Links
9. Contact Us
Please let us know how we can improve, or if you have any questions, comments, or concerns regarding our privacy policies and practices, feel free to send us an email at firstname.lastname@example.org, or contact us through live chat available on our website.
Additional resources may be found through our Help Centre. At the Help Centre, you can search for a particular question and read our collection of Frequently Asked Questions (“FAQ”).
CEX.IO Corp.’s registered office is 900 E. Diehl Road, Suite 110, Naperville, Illinois 60563.