Privacy policy


Last update: 15 November 2018

General

CEX.IO Ltd. and its affiliates (hereinafter, "CEX.IO", "we", "us" or "our") are committed to protecting and respecting your privacy.

This Privacy Policy (together with our Terms of Use) governs our collection, processing and use of our Users' and visitors of our Sites' Personal Information.

Please find below some basic definitions which may help you to understand this Privacy Policy:

  • СEX.IO affiliates: subsidiaries, parent companies, and companies under common control.
  • Personal Information (personal data): any information which identifies you personally or which may help us to identify you (e.g. your name, address, e-mail address, trades etc.).
  • Data subject: an identified or identifiable person (our User).
  • Data controller: a company which determines purposes and means of personal data processing.
  • Data processor: a company which processes personal data on behalf and upon instructions of the Data controller.
  • Our Sites: websites with the following domains such as cex.io - our Platform used for providing our services to you and cex.trading that is used for the purposes of informing our Users/Site visitors on our promotional, marketing campaigns and special offers.
  • Personal data processing: any operation or set of operations performed on personal data (e.g., collection, storage, use, disclosure erasure).

Other capitalized terms, not defined above, have the meanings as defined in the Terms of Use and the applicable data protection legislation (namely, the General Data Protection Regulation 2016/679 as of April 27, 2016).

The purpose of this Privacy Policy is to inform you of:

  1. who is CEX.IO and how you may contact us;
  2. the kinds of Personal Information which we may collect about you, the reasons for collecting this information, how it may be used and for how long we will keep it;
  3. our use of information regarding IP addresses and our use of cookies;
  4. disclosure of Personal Information to third parties;
  5. information on international data transfer;
  6. your ability to access, correct, update, restrict use, ask us to transfer and/or delete your Personal Information;
  7. the extent of automated decision-making or profiling that we carry out using your Personal Information;
  8. the security measures we have in place to prevent the loss, misuse, or alteration of Personal Information under our control, and
  9. your rights to lodge a complaint.

Who is CEX.IO

CEX.IO is a company registered in the United Kingdom. Our registered office is at 24th floor One Canada Square, Canary Wharf, London, E14 5AB, United Kingdom.

Established in 2013 as the first cloud mining provider, CEX.IO has become a multi-functional cryptocurrency exchange, trusted by over a million users.

CEX.IO offers cross-platform trading via website, mobile app, WebSocket and REST API, providing access to high liquidity orderbook for top currency pairs on the market. Instant cryptocurrency buying and selling is available via simplified bundle interface.

The exchange has developed a multi-level account system with individual approach to each customer, from crypto beginners to institutional traders. Worldwide coverage, multiple payment options, and 24/7 support are accompanied by time-proven platform stability that guarantees safety of assets and data.

Gathering and Use of Personal Information

We may collect your Personal Information if you use CEX.IO and open an Account to use the Platform or perform any Transactions on the Platform. This is defined as collection for the purpose of provision of service(s) to you in accordance with our Terms of Use. Please note that if you refuse to share your Personal Information for this purpose we will not be able to provide our services to you.

The types of Personal Information which we collect may include:

  1. your name;
  2. your photographic identification;
  3. details from your identity documents (such as driver license, passport), number of the document, date of issue and expiration, photographic identification, address etc.;
  4. your address;
  5. your phone number;
  6. your e-mail address;
  7. your IP address, Browser and Operating System information, geolocation details;
  8. your banking details including account numbers and payment card data;
  9. your date of birth;
  10. your employment details;
  11. your trades; and
  12. information on sources of your funds.

We will process your Personal Information only for the purpose(s) of providing to you the service(s) that you ask us to provide you, to satisfy the legal obligations stemming from regulatory obligations that arise from providing you the service(s) and our legitimate interest.

Based on our legal obligations and legitimate interest we may request other documents for your identity verification and the sources of your funds confirmation for the purposes of money laundering and fraud prevention. To know more about it please see our AML/KYC and Anti-Fraud policies.

We may use your Personal Information for the following purposes:

  1. to allow you to open and operate an Account on the Platform;
  2. to enable you to complete Transactions on the Platform;
  3. if you contact us, to reply to your queries;
  4. to analyse use of our Sites;
  5. as required for regulatory purposes such as Tax, prevention of Money Laundering, prevention of Fraud, adherence to Company statistical reporting obligations etc.;
  6. to provide you with information about products and promotions that may be of interest to you, from ourselves and third parties, although only if you have specifically agreed to receive such information;
  7. for market research e.g. surveying our Users' needs and opinions on issues, such as our performance etc. Unless consented, your data for this purpose would be anonymised.

Children's personal data

Please note that our services are exclusively offered to individuals at least 18 years old. We do not process any Personal Information of children under this age.

IP Addresses

We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users' browsing actions and patterns and will not be used to identify any individual unless that same individual.

Cookies

We use a browser feature known as a "cookie", which assigns a unique identification to your computer. Cookies are typically stored on your computer's hard drive. Information collected from cookies is used by us to evaluate the effectiveness of our Sites, analyse trends, and administer the Platform. The information collected from cookies allows us to determine such things as which parts of our Sites are most visited and difficulties our visitors may experience in accessing our Sites. With this knowledge, we can improve the quality of your experience on the Platform by recognising and delivering more of the most desired features and information, as well as by resolving access difficulties. We also use cookies and/or a technology known as web bugs or clear gifs, which are typically stored in emails to help us confirm your receipt of, and response to, our emails and to provide you with a more personalised experience when using our Sites.

We use third party service provider(s), to assist us in better understanding the use of our Sites. Our service provider(s) will place cookies on the hard drive of your computer and will receive information that we select that will educate us on such things as how visitors navigate around our Sites, what products are browsed, and general Transaction information. Our service provider(s) analyses this information and provides us with aggregate reports. The information and analysis provided by our service provider(s) will be used to assist us in better understanding our visitors' interests in our Sites and how to better serve those interests. The information collected by our service provider(s) may be linked to and combined with information that we collect about you while you are using the Platform. Our service provider(s) is/are contractually restricted from using information they receive from our Sites other than to assist us.

By using our Sites you are agreeing that we may use cookies for the purposes set out above.

The company will keep records of all transfers of Personal Information to third parties and this information, where possible, can be provided to you.

Disclosure of Personal Information

We use the Personal Information for the purposes indicated at the time you provide us with such information, and/or otherwise for the purposes set out in this Privacy Policy and/or as otherwise permitted by law.

We may make available the Personal Information that you provide to us for the limited purpose indicated for and during the provision of the service that you would have requested in particular to:

  • our affiliates, agents and representatives;
  • payment service providers and financial institutions;
  • customer communications platforms;
  • our contractors providing software for identity verification purposes;
  • our contractors providing us information on sanctions lists from publicly accessible sources.

We may also share Users’ Personal Information with financial institutions, insurance companies or other companies in the case of a merger, divestiture, or other corporate re-organisation and notify you of such sharing of your information to be able to exercise any of your rights where applicable.

We may also share Users' Personal Information with law enforcement or regulatory agencies, as may be required by law. In certain cases, we may not be able to inform you of such sharing of data due to legal restrictions.

Any third party which receives or has access to Personal Information shall be required by us to protect such Personal Information and to use it only to carry out the services they are performing for you or for CEX.IO, unless otherwise required or permitted by law. Such a third party, except for regulatory authorities, would be contractually bound to adhere to the same security and confidentiality policies as CEX.IO and assume the same responsibilities as CEX.IO.

The legitimate exercise of any of your rights with CEX.IO will also be notified to be applied by any such third parties having been given access to your Personal Information.

We will ensure that any such third party is aware of our obligations under this Privacy Policy and we will enter into contracts with such third parties by which they are bound by terms no less protective of any Personal Information disclosed to them than the obligations we undertake to you under this Privacy Policy or which are imposed on us under applicable data protection laws.

International data transfers

Our contractors and affiliates are situated at different locations (including countries located outside the EU) and we sometimes need to transfer your personal data to third countries to provide our services to you. We strive to ensure adequate level of your personal data protection wherever our contractor is located. Be sure we may transfer your Personal Information only in the following cases:

  • if the country where we transfer your Personal Information to provides the adequate level of personal data protection (based on the relevant decision of European Commission (you may click here to see the list of such countries);
  • if we take appropriate safeguards to ensure that your rights as data subject are protected;
  • if any derogations for specific situations apply (for instance, if is such transfer is necessary for the establishment, exercise or defence of legal claims or for important reason of public interest).

Your rights

You have the right to access your Personal Information and to require the correction, updating and blocking of inaccurate and/or incorrect data by sending an email to us at support@cex.io or where possible, you can do these actions in your account profile page yourself.

Upon your written request at support@cex.io, we will inform you of the Personal Information relating to you that we hold and the use and general disclosure of your Personal Information. We will also give you a copy of the Personal Information we have retained. There may be a minimal charge for providing you additional copies of your Personal Information to cover administrative costs.

You may also request the deletion or destruction of both the Account and Personal Information by sending an email to us at: support@cex.io. CEX.IO will action your request immediately, except, where this is not consistent with its legal and regulatory obligations.

You may also ask us to transfer your Personal Information to another controller of your choice.

To ensure the confidentiality, integrity and availability of your information to yourself, we may request you to confirm your identity by providing identification documentation and/or other methods prior to assisting you in exercising any of your rights.

If you refuse to prove your identity, we may decline to take actions in respect of your data, save restricting processing, until we can ensure that such actions are the true wish of the data subject.

In the carrying out of our services we may use automated processing and profiling to reduce the risks of fraud, money laundering and abuse of our services. Through this automated processing, we carry out an analysis of your identification, transactional and behavioural patterns.

We may not able to provide you with some or all our services if you do not wish this automated processing to be carried out. If you feel that this processing might be detrimental to you, please contact us on support@cex.io, and our compliance officer will review your application.

Security

We have implemented technical and organisational security measures to ensure the confidentiality, integrity and accountability of your Personal Information and to protect your Personal Information from loss, misuse, alteration or destruction. Such measures include:

  • the pseudonymisation and TLS 1.2 encryption of personal data;
  • the access control;
  • the ability to ensure the ongoing confidentiality, integrity, availability and resilience of our processing systems and services;
  • the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.

Only authorised personnel of CEX.IO have access to your Personal Information, and these personnel are required to treat the information as confidential.

Where you have consented to, or we are obliged to pass on Personal Information to third parties to provide you with a requested service or in the carrying out of a regulatory or legal obligation, we will request that the same levels of technical and organisational security measure be applied through contractual arrangements, where possible.

We conduct testing, assessment and evaluation of our technical and organisational measures effectiveness on a regular basis. Technical and organisational security measures in place will, from time to time, be reviewed in line with legal and technical developments.

In the event of a personal data breach or the failure of the measures of protection of such information we will immediately notify you without undue delay.

Security Capabilities and Policy for Transmission of Payment Card Details

CEX.IO Ltd is fully compliant with PCI DSS Level 2. PCI DSS (Payment Card Industry Data Security Standard) is an information security standard designated for merchants, financial institutions and payment service providers in order to ensure the safety of cardholders' data.

You can check our Certificate of compliance here.

Please note that our trusted payment service providers are PCI DSS compliant as well.

There may be links from our Sites to other sites and resources provided by third parties. This Privacy Policy applies only to our Sites. Accessing those third-party sites or sources requires you to leave our Sites.

We do not control those third party sites or any of the content contained therein and you agree that we are in no way responsible or liable for any of those third party sites, including, without limitation, their content, policies, failures, promotions, products, services or actions and/or any damages, losses, failures or problems caused by, related to or arising from those sites. We encourage you to review all policies, rules, terms and regulations, including the privacy policies, of each site that you visit.

Retention of Personal Information

Your information is held within our servers located within the European Union. Access to this information is provided to employees of CEX.IO whose office may also be outside of the European Union but who adhere to the same principles of data security and processes as those within the European Union (please see the Section on International data transfers for more details).

Your payment method information that you may use to effect or receive payments from CEX.IO are passed on to a third-party payment processor(s) which is/are based in the EU and with which CEX.IO has a contractual agreement to safeguard your rights. Unless you create an account with us and conduct transactions, we do not retain your payment method information.

We will hold your Personal Information only for as long as it is necessary for the purposes described in this Privacy Policy and our own legal and regulatory requirements.

In accordance with record keeping activities for Anti-Money Laundering, Tax and Company legal obligations and considering the period during which you may bring legal claims against us under the law of the United Kingdom, we will retain Personal Information for a period of six years after our User closes his or her Account and terminates legal relationships with us for six years from the end of the tax period in which the User conducts his or her last transaction.

Data stored for regulatory purposes only will be protected from unnecessary processing and will be held only for the purpose of being able to provide information or access to relevant authorities.

Disposal of Personal Information

Once we do not have any obligation to providing you with a service you requested, nor an obligation to hold Personal Information for regulatory or legal purpose, we will anonymise or dispose of your Personal Information in line with acceptable industry and security standards so that this cannot be subsequently retrieved and associated to you.

Where we cannot directly remove such records, such as in archived backups, we will retain a log of which Personal Information should be removed if ever the backup data is restored.

Marketing

We will ask you for your consent on registration or post-registration, by providing you the ability to check marketing preferences check boxes located within your account profile page to allow us to contact you or use your Personal Information for marketing purposes. We may also notify our existing Users on our own products or services similar to those we have already provided based on our legitimate interest.

You have the right to retract the consent for us to process your Personal Information for marketing purposes. You can exercise your right to prevent such processing by unchecking marketing preferences check boxes on your account profile or by contacting us at any time on support@cex.io

Our Data Protection Officer

Our Data Protection Officer is the person in charge of ensuring our company adheres to this privacy policy. This person is also the main contact for our Data Protection Supervisory Authority, the Information Commissioner’s Office (www.ico.org.uk). The Data Protection Officer may be contacted on dpo@cex.io

Data Protection Supervisory Authority

Our Data Protection Supervisory Authority in terms of data protection is the UK Information Commissioner’s Office www.ico.org.uk. You may contact the authority at https://ico.org.uk/concerns/ if you wish to discuss with them any instance where you feel we may not be adhering to the terms within this Privacy Policy or to raise a complaint.

Changes

Our Sites policies, content, information, promotions, disclosures, disclaimers and features may be revised, modified, updated, and/or supplemented at any time and without prior notice at the sole and absolute discretion of CEX.IO. If we change this Privacy Policy, will take steps to notify all users by a notice on CEX.IO's Site and will post the amended Privacy Policy on the CEX.IO's Site.

If we consider that your rights may be affected by any such changes, we will request you to confirm your consideration and acceptance prior to continue our relationship with you.

This current version of the Privacy Policy has last been amended on the 15 of November 2018.

Fraud, Phishing and Email scams disclaimer

Please be notified that CEX.IO is not in any partnership with entities who represent themselves as customer support agents, providing customer support services via phone and/or social media and promise to help solve your issues for money. Remember - customer support is provided only via the CEX.IO website and is always provided free of charge.

If you discovered what you believe is a fraud, phishing, or scam which impersonates CEX.IO, please email us at webmaster@cex.io

Contact Us

If you have any questions, comments, or concerns not specifically regarding our Privacy Policy and/or practices as it or they relate to the Platform, please contact us at the email address support@cex.io

You may also wish to check our Help Centre on https://support.cex.io/hc/en-us for frequently asked questions where a solution may easily be found ready for you.