Privacy Policy

Last update: July 4, 2019

This document contains the policies, procedures, controls and guidelines of CEX.IO CORP. (“CEX.IO” or “CEX US”) governance and management of all collection, processing and transmission of all of users and visitors personal identifying information while using Our Sites.

1. Policy Statement

Protecting and securing information and the systems that process and maintain CEX.IO’s data is a critical part of our operations. Customer’s and CEX.IO’s digital assets, customer data, intellectual property, and partner information stored and supported by CEX.IO’s information systems is vital to our success. CEX.IO shall protect the confidentiality, integrity, availability and safety of its customer’s Personal Information and Information Systems, regardless of how the information is created, distributed or stored. Security measures will be tailored accordingly so that cost-effective controls can be applied commensurate with the risk and sensitivity of the information and systems, in accordance with all statutory, regulatory and contractual obligations. This Privacy Policy will always be posted on Our Sites, so you will remain informed. CEX.IO reserves the right to change, amend or revise this Privacy Policy at any point in our sole discretion.

2. General

CEX.IO CORP. and its affiliates (hereinafter, "CEX.IO", “CEX US”, "we", "us" or "our") are committed to protecting and respecting your privacy. This Privacy Policy governs CEX.IO’s collection, processing and use of all Personal Identifying Information and customer data. You acknowledge and understand that by visiting, accessing Our Sites or using the services of CEX.IO, you consent to the policies and practices stated in the Privacy Policy. You also agree that the Privacy Policy is subject to the terms and conditions set forth in the Terms of Service Agreement (add link). By visiting CEX.IO’s websites or using CEX.IO’s services, you are affirming that you are at least 18 years old and have the legal capacity to understand and acknowledge to this Privacy Policy in its entirety.

To best understand this Privacy Policy, please find some basic definitions which will assist in your reading of the Privacy Policy:

• Account: means any account registered by a User on the CEX.IO platform or any of Our Sites which has affirmatively agreed to our Terms of Service Agreement.
• СEX.IO Affiliates: means any subsidiaries, parent companies, sister entities, any and all companies under common control.
• Personal Identifying Information: (“Personal Information” or “PII”): means any information relating to an identified or identifiable natural person (i.e. “Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, or an online identifier, or to one or more factors specific to the physical, economic, cultural or social identity of that natural person (e.g. your name, address, email address, tax identification number, etc.)
• Data Subject: means an identified or identifiable person or entity (our User).
• Data Controller: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Information.
• Data Processor: means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Data Controller.
• Our Sites: means any websites under common ownership or control of CEX.IO in connection with the operation of our Platform used for providing our services to you.
• Third Party: means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
• Personal Data Processing: any operation or set of operations performed on personal data (e.g., collection, storage, use, disclosure erasure).
• IP Address: a unique string of numbers separated by periods that identifies each computer using the Internet Protocol to communicate over a network.
• Pseudonymization: means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific Data Subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the Personal Information are not attributed to an identified or identifiable natural person.
• Other terms incorporated by reference herein may also be defined in our Terms of Service Agreement.

3. Purpose

The purpose of this Privacy Policy is to inform you of your rights as a customer of CEX.IO. Your privacy is important to us, and we believe it is fundamental that you understand what Personal Information we collect, why we collect it, as well as how we use and store it. Specifically, this Privacy Policy is meant to inform you:

1. Who is CEX.IO and how we may work with you;
2. What Personal Information we may collect from you;
3. Why we are collecting this Personal Information from you;
4. How we process and utilized your Personal Information;
5. How we store your Personal Information and how long we retain it;
6. The security procedures we use to protect your Personal Information;
7. How we secure your Personal Information when working with third party vendors;
8. To inform you of computer data that is collected which you may be unaware;
9. Your rights to access, amend, or request records of your Personal Information;
10. How to contact CEX.IO, or our regulators, to register a complaint in regard to the management or security of your Personal Information.

4. Who is CEX.IO

As of July 1, 2019 CEX.IO CORP. launched in the United States to broaden the reach of the CEX.IO related companies and service residents in the United States in a safe and regulated manner. CEX.IO CORP’s registered office is 101 Hudson Street, 21st Floor, Jersey City, NJ 07302.

CEX.IO CORP is the sister entity to the already established CEX.IO, which is a company registered in the United Kingdom, with the registered office located at 24th Floor, One Canada Square, Canary Wharf, London, E14 5AB, United Kingdom.

Established in 2013 as the first cloud mining provider, CEX.IO has become a multi-functional digital asset exchange, trusted by over a million users worldwide.

CEX.IO has created a highly liquid orderbook offering both digital asset and fiat currency pairs, catering to all investors. CEX.IO’s orderbooks and currency pairs can be accessed through a host of platforms, including a website, mobile application, WebSocket and REST API. CEX.IO also offers an instant digital asset buying and selling feature for all major credit and debit cards.

5. Gathering and Use of Personal Information

5.1. Information we collect

As a regulated entity in the United States, CEX.IO is mandated to collect Personal Information for all users seeking to open an Account or use the Platform in any capacity. This Privacy Policy in conjunction with our Terms of Service Agreement (LINK or command K), governs the use of the information we collect.

As a licensed financial institution and Money Services Business in the United States, CEX.IO must comply with Section 326 of the USA PATRIOT ACT; which requires all financial institutions to obtain, verify, and record Personal Information that identifies each person who opens an account. This federal requirement applies to all customers. This Personal Information is used to assist the United States government in the fight against the funding of terrorism and money-laundering activities. Additionally, as a global exchange we must collect Personal Information for individuals and entities in the European Economic Area (“EEA”) or the Channel Islands. We are required to safeguard the Personal Information of our customer’s in the EEA and Channel Islands in accordance with the General Data Protection Regulation (“GDPR”).

Consistent with the obligations from our regulators, when you open an account or visit Our Sites, we will ask you to provide information to verify your identity. Please note if you refuse to provide this Personal Information, we will not be able to provide our services to you. The types of Personal Information for an individual customer which we collect may include:

1. Full legal name;
2. Proof of identity (e.g. driver’s license, passport, or government issued ID);
3. Address;
4. Mobile phone number;
5. Email address;
6. Date of birth;
7. Internet Protocol (“IP”) address, internet browser and operating system information, geolocation details;
8. Banking details, including account number, routing number and payment card data;
9. Employment details;
10. Anticipated trading behavior;
11. Information to corroborate the stated source of your funds;
12. Photographic images, which may include video footage;
13. Additional Personal Information at the discretion of our Compliance Department.

The types of Information for an institutional customer which we collect may include:

1. Institution or corporate legal name and “doing business as” (“DBA”) name;
2. Employer Identification Number (“EIN”), Tax Identification Number (“TIN”) or similar;
3. Full legal name of all authorized account users and beneficial owners;
4. Email addresses of all authorized account users;
5. Mobile phone numbers of all authorized account users;
6. Contact information of all authorized account users and beneficial owners;
7. Proof of identity (e.g. driver’s license, passport, or government issued ID) of all authorized account users and beneficial owners;
8. Personal Information for each authorized account user and beneficial owners;
9. Proof of legal existence (e.g. state certified articles of incorporation or certificate of formation, unexpired government-issued business license, trust instrument, or other comparable legal documents as applicable);
10. Proof of beneficial ownership (e.g. operating agreement, share registry, capitalization table, schedule K-1, or other comparable legal documents as applicable);
11. Additional business records at the discretion of our Compliance Department.

We require your Personal Information only for the purposes of providing to you the services requested from CEX.IO and to satisfy the legal requirements from our regulatory obligations as a licensed financial institution. If you refuse to share your Personal Information, we will not be able to provide our services to you. We may share Personal Information with third-party service providers (including those that may be located outside of the United States or your country), who help us operate our platform and systems, and detect fraud and security threats within the normal course of our business. Such third-party service providers are subject to strict confidentiality obligations. Additionally, we may be compelled to share your Personal Information with law enforcement, government officials, and regulators.

5.2. Purposes of processing

We may use your Personal Information for the following purposes:

1. To allow you to open and operate an Account on the platform;
2. To allow you to complete transactions on the platform;
3. To reply to your queries;
4. To enhance and optimize the services we provide to you;
5. To satisfy our regulatory obligations (e.g. prevention of money laundering, anti-fraud, or financial reporting requirements);
6. To adhere to internal statistical reporting obligations;
7. To provide you with information about our products and promotions that may be of interest to you;
8. To conduct market research (e.g. surveying our Users' needs and opinions on issues, including our performance. However, your data for this purpose would be anonymized).

If we decide to modify the purpose for which your Personal Information is collected and used, we will amend this Privacy Policy.

5.3. IP Addresses

We may collect information about your computer or device used to access Our Sites, including your IP address, operating system and browser type. Such information is collected for the limited purposes of; system administration, to report aggregate information for our internal statistics, to ensure that you are in a jurisdiction which we are authorized to operate, and to ensure that your account has not been compromised by detecting irregular or suspicious logins or transactions.

5.4. Public Blockchains

Transactions in Bitcoin and other digital assets are not necessarily anonymous. All public blockchains allow anyone to see the balance and transaction history of any public digital asset address.

It may be possible to match your public digital asset wallet address to other Personal Information about you, and therefore may be able to identify you from a blockchain transaction. This is a result of Personal Information published on a blockchain (such as your digital asset wallet address and IP address) which may be correlated with Personal Information that CEX.IO and others may have. Additionally, when using data analysis techniques on a given blockchain, it may be possible to identify other Personal Information about you. As part of our security, anti-fraud, identity verification and authentication checks, we may conduct such analysis to collect and process such Personal Information about you.

5.5. Cookies

CEX.IO uses the standard practice of placing embedded data tags called Cookies, Flash Cookies or Pixel Tags (collectively “Cookies”) to help recognize customers and the devices they use to access to Our Sites. Cookies may be used to evaluate the effectiveness of Our Sites, analyze trends, and manage the Platform. The information collected from Cookies allows us to determine such things like which parts of Our Sites are most visited and what difficulties our visitors may experience when accessing Our Sites. With this knowledge, we can improve the quality of your experience on the Platform by recognizing and delivering more of the most desired features and information, as well as by resolving access difficulties. We also use Cookies and/or a technology known as web bugs or clear gifs, which are typically stored in emails to help us confirm your receipt and/or response to our emails. All with the common goal of providing you with a more personalized experience when using Our Sites.

Cookies may also be used to ensure compliance with our Bank Secrecy Act (“BSA”) and anti-money laundering (“AML”) program (“BSA/AML Program”) and to ensure that your account security has not been compromised by detecting suspicious account activities.

You may control your Cookies through the browser settings, found here:

• Google Chrome
• Mozilla Firefox
• Microsoft Internet Explorer
• Opera
• Apple Safari

We use third party service providers, to assist us in better understanding the use of our Sites. Our service providers will place cookies on the hard drive of your computer and will receive information that we select in order to educate us on issues such as; how visitors navigate Our Sites, what products are browsed, and general transaction information. Our service providers analyze this information to provides us with aggregate reports. The information and analysis provided will be used to better educate us in understanding our visitors' interests and how to better serve those interests. The information collected by our service providers may be combined with information that we collect about you while you are using the Our Sites. Our service providers are restricted from using the information collected outside of the limited purpose for which they are contracted.

By using our Sites, you are acknowledging that we may use cookies for the purposes set out above.

6. Disclosure of Personal Information

The Personal Information we collect and the practices of using such information as described herein are done for the purposes of providing you with the best customer experience possible, as well as protecting you from the risk of fraud and improper use. The Personal Information collected is sought to best serve you as the customer and to continue to maintain and improve CEX.IO to meet your needs.

6.1. Third-Party Service Providers, Regulators, Law Enforcement

We may share Personal Information with third-party service providers (including those that may be located outside of the United States or your country), who help us operate our platform and systems, and detect fraud and security threats throughout the normal course of our business.

Any third party which receives or has access to your Personal Information is required to protect such Personal Information and only to use it for the limited purposes necessary to carry out the services they are explicitly contracted to provide. Such third parties, aside from law enforcement or regulatory authorities, are contractually bound by the same security and confidentiality policies and responsibilities as CEX.IO. We do not sell customer Personal Information to third-parties for the purposes of marketing.

We ensure that all third-parties are bound by obligations the Privacy Policy. CEX.IO represents that we will only enter into contracts with future third parties that are bound by terms no less protective than the obligations of this Privacy Policy and are consistent with all applicable data protection laws. CEX.IO will keep records of all transfers of Personal Information to third parties. Records of these transfers may be provided to you, upon request.

6.2. Change in Ownership

We may share your Personal Information with financial institutions, insurance companies or other companies in an anonymized format to an interested buyer or seller of the business or business assets. In the case of a merger, divestiture, corporate re-organization, or asset sale of the business, we will notify you prior to the non-anonymized transfer of your Personal Information. Similarly, we will notify you if through such an event you would become subject to a different privacy policy. We encourage you to exercise all of your rights regarding the sharing of your Personal Information.

6.3. Employee Non-Disclosure of Personal Information

Our employees are subject to strict confidentiality policies that prevent the disclosure of your Personal Information for any purpose outside the scope of their employment. Our employees will not disclose any of your Personal Information to any unauthorized entity or individual, except in circumstances detailed in the Privacy Policy herein.

7. Your Rights

You have the right to access your Personal Information. If you are located in the United States, European Economic Area, or the Channel Islands and have questions regarding the processing, use, or storage of your Personal Information, you may contact us at support@cex.io or write to us at CEX.IO CORP. 101 Hudson Street, 21st Floor, Jersey City, NJ 07302.

7.1. Requesting Your Personal Information

If you choose to submit a written request for your Personal Information to support@cex.io, we will provide you with a copy of all of your all the Personal Information retained by CEX.IO. Additional minimal charges may be incurred by you to offset administrative costs associated with providing you additional copies of your Personal Information.

7.2. Updating or Amending Your Personal Information

At any point you may correct, update, amend or revise your Personal Information by sending an email to support@cex.io. When possible, you may be required to update your Personal Information on your account profile page by logging into Our Sites. To ensure the accuracy and integrity of your Personal Information we may request additional Personal Information and/or identification documentation, at the discretion of the Compliance Department. If you refuse to provide the Personal Information requested, we reserve the right to not provide our services to you.

7.3. Removing Your Personal Information

At any point, you may also request the closure of your account. Upon closure, your Personal Information will only be stored by CEX.IO to satisfy our regulatory obligations. As a regulated financial institution in the United States, we are required to store customer records for a period of five years after the closure of the account.

7.4. Automated Data Processing

In order to efficiently provide CEX.IO’s services to you, we employ a series of automated processing systems to reduce the risks of fraud, money laundering and/or abuse of our services. Through these automated systems, we carry out an analysis of your identification, transactional and behavioral patterns based on the information provided to us. If you do not wish this automated processing to be carried out, please contact us at support@cex.io, and our Compliance Department will review your application manually. Increased wait times may apply for applications that are processed manually.

8. Security

No security measure is perfect. However, we have implemented technical and organizational security measures to ensure the confidentiality, integrity and accountability of your Personal Information. Through a constant process of reevaluation and testing we pride ourselves on our abilities to protect your Personal Information from loss, misuse, manipulation or destruction. Examples of measures we take to protect your Personal Information include:

• Pseudonymization and TLS 1.3 encryption of personal data;
• Access control;
• The ability to ensure the ongoing confidentiality, integrity, availability and resilience of our processing systems and services;
• The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
• Only authorized personnel, who are subject to strict confidentiality agreements, have access to your Personal Information.

We conduct testing and evaluations of our technical and organizational measures effectiveness on a regular basis. Technical and organizational security measures will be reviewed on a rolling basis to consider all legal and technical developments. Additionally, we preform ongoing due diligence, including penetration tests when applicable, on all third-party vendors which may have access to your Personal Information.

In the event of a data breach or the failure of our security measures, we will notify you immediately. CEX.IO may retain a data protection and breach notification security advisory firm which monitors all applicable reporting requirements for the United States and other jurisdictions which we operate.

9. Retention of Personal Information

Your Personal Information is held on servers located in the United States and the European Economic Area at some of the most secure facilities in the world. Access to this information is under strict access controls. Employees of CEX.IO whose offices are outside of the United States or European Economic Area are under strict contractual obligations to adhere the same principles of data security and processes as those employees within the European Economic Area and United States.

We do not store your payment method for the instant buy product, unless you create an account to conduct future transactions. The payment method information that you provide to make instant digital asset purchases are passed through a third-party payment processor which is based in the European Economic Area and bound to the same regulations as CEX.IO. Additionally, CEX.IO has a contractual agreement with the payment processor to further safeguard your rights. As a regulated financial institution in the United States, we are required to store Personal Information associated with a transaction for a period of five years after the transaction is processed.

10. Miscellaneous

10.1. External Links

This Privacy Policy applies only to Our Sites. There may be links on Our Sites that will direct you to websites hosted by third-parties. Accessing those third-party sites, will require you to leave Our Sites. Once you have left Our Sites, this Privacy Policy will no longer apply.

We do not control third-party sites or any of the content contained therein. You acknowledge that by leaving Our Sites, CEX.IO is not responsible or liable for any of those third-party sites, including, without limitation, their content, policies, failures, promotions, products, services or actions and/or any damages, losses, failures or problems caused by, related to or arising from those sites. We encourage you to review all policies, rules, terms and regulations, including the privacy policies, for each site that you visit.

10.2. Fraud, Phishing and Email Scam Disclaimer

Customer support is only provided through the CEX.IO website and is always provided free of charge. CEX.IO will never ask you your password.

If you discovered what you believe is fraud, phishing, or a scam which impersonates CEX.IO, please email us at support@cex.io.

10.3. Unsolicited Submissions

Any unsolicited information, documents or materials submitted to CEX.IO, by you or anyone acting on your behalf, will not be entitled to the protections contained in the Privacy Policy. CEX.IO is unable to consent to the obligations, confidentiality or nondisclosure for any unsolicited information you submit to us. By submitting unsolicited information, regardless of the medium of communication, you acknowledge that such information or materials will not be considered confidential or proprietary.

10.4. Changes

CEX.IO reserves the right to change the Privacy Policy at any point to meet our changing needs and regulatory requirements. As always, our latest version of the Privacy Policy will be posted herein. We will also take all reasonable steps to notify users of any changes to the Privacy Policy, by way of notifications on the website, mobile application, or email to all registered users.

11. Contact Information

11.1.1. Our Data Protection Team in the United States

For customer’s in the United States, our Chief Information Security Officer is the individual responsible for protecting your Personal Information and the warrantees stated in the Privacy Policy. As a regulated United States entity, CEX.IO has many regulators which ensure that your Personal Information is protected. If you would like to contact our regulators directly regarding concerns with this Privacy Policy, you may contact them at:

• Federal Trade Commission: https://www.ftc.gov/
• Consumer Financial Protection Bureau: https://www.consumerfinance.gov/
• Department of Commerce: https://www.commerce.gov/

11.1.2 Our Data Protection Team European Economic Area

For customer’s in the EEA, our Data Protection Officer is the person responsible for the Privacy Policy. If you would like to contact our Data Protection Officer directly, you may email them at dpo@cex.io.

11.2 Feedback and Resources

Tell us how we can improve, or if you have any questions, comments, or concerns regarding our Privacy Policy, please send us an email at support@cex.io.

Additional resources may be found through our Help Centre: https://support.cex.io/hc/en-us. At the Help Centre, you may search a particular question, read our collection of Frequently Asked Questions (“FAQ”), or even use our Live Chat feature to speak directly with a Customer Support team member in real time.