Last update: July 4, 2019
This document contains the policies, procedures, controls and guidelines of CEX.IO CORP. (“CEX.IO” or “CEX US”) governance and management of all collection, processing and transmission of all of users and visitors personal identifying information while using Our Sites.
As of July 1, 2019 CEX.IO CORP. launched in the United States to broaden the reach of the CEX.IO related companies and service residents in the United States in a safe and regulated manner. CEX.IO CORP’s registered office is 101 Hudson Street, 21st Floor, Jersey City, NJ 07302.
CEX.IO CORP is the sister entity to the already established CEX.IO, which is a company registered in the United Kingdom, with the registered office located at 24th Floor, One Canada Square, Canary Wharf, London, E14 5AB, United Kingdom.
Established in 2013 as the first cloud mining provider, CEX.IO has become a multi-functional digital asset exchange, trusted by over a million users worldwide.
CEX.IO has created a highly liquid orderbook offering both digital asset and fiat currency pairs, catering to all investors. CEX.IO’s orderbooks and currency pairs can be accessed through a host of platforms, including a website, mobile application, WebSocket and REST API. CEX.IO also offers an instant digital asset buying and selling feature for all major credit and debit cards.
5.1. Information we collect
As a licensed financial institution and Money Services Business in the United States, CEX.IO must comply with Section 326 of the USA PATRIOT ACT; which requires all financial institutions to obtain, verify, and record Personal Information that identifies each person who opens an account. This federal requirement applies to all customers. This Personal Information is used to assist the United States government in the fight against the funding of terrorism and money-laundering activities. Additionally, as a global exchange we must collect Personal Information for individuals and entities in the European Economic Area (“EEA”) or the Channel Islands. We are required to safeguard the Personal Information of our customer’s in the EEA and Channel Islands in accordance with the General Data Protection Regulation (“GDPR”).
Consistent with the obligations from our regulators, when you open an account or visit Our Sites, we will ask you to provide information to verify your identity. Please note if you refuse to provide this Personal Information, we will not be able to provide our services to you. The types of Personal Information for an individual customer which we collect may include:
The types of Information for an institutional customer which we collect may include:
We require your Personal Information only for the purposes of providing to you the services requested from CEX.IO and to satisfy the legal requirements from our regulatory obligations as a licensed financial institution. If you refuse to share your Personal Information, we will not be able to provide our services to you. We may share Personal Information with third-party service providers (including those that may be located outside of the United States or your country), who help us operate our platform and systems, and detect fraud and security threats within the normal course of our business. Such third-party service providers are subject to strict confidentiality obligations. Additionally, we may be compelled to share your Personal Information with law enforcement, government officials, and regulators.
5.2. Purposes of processing
We may use your Personal Information for the following purposes:
5.3. IP Addresses
We may collect information about your computer or device used to access Our Sites, including your IP address, operating system and browser type. Such information is collected for the limited purposes of; system administration, to report aggregate information for our internal statistics, to ensure that you are in a jurisdiction which we are authorized to operate, and to ensure that your account has not been compromised by detecting irregular or suspicious logins or transactions.
5.4. Public Blockchains
Transactions in Bitcoin and other digital assets are not necessarily anonymous. All public blockchains allow anyone to see the balance and transaction history of any public digital asset address.
It may be possible to match your public digital asset wallet address to other Personal Information about you, and therefore may be able to identify you from a blockchain transaction. This is a result of Personal Information published on a blockchain (such as your digital asset wallet address and IP address) which may be correlated with Personal Information that CEX.IO and others may have. Additionally, when using data analysis techniques on a given blockchain, it may be possible to identify other Personal Information about you. As part of our security, anti-fraud, identity verification and authentication checks, we may conduct such analysis to collect and process such Personal Information about you.
Cookies may also be used to ensure compliance with our Bank Secrecy Act (“BSA”) and anti-money laundering (“AML”) program (“BSA/AML Program”) and to ensure that your account security has not been compromised by detecting suspicious account activities.
You may control your Cookies through the browser settings, found here:
We use third party service providers, to assist us in better understanding the use of our Sites. Our service providers will place cookies on the hard drive of your computer and will receive information that we select in order to educate us on issues such as; how visitors navigate Our Sites, what products are browsed, and general transaction information. Our service providers analyze this information to provides us with aggregate reports. The information and analysis provided will be used to better educate us in understanding our visitors' interests and how to better serve those interests. The information collected by our service providers may be combined with information that we collect about you while you are using the Our Sites. Our service providers are restricted from using the information collected outside of the limited purpose for which they are contracted.
The Personal Information we collect and the practices of using such information as described herein are done for the purposes of providing you with the best customer experience possible, as well as protecting you from the risk of fraud and improper use. The Personal Information collected is sought to best serve you as the customer and to continue to maintain and improve CEX.IO to meet your needs.
6.1. Third-Party Service Providers, Regulators, Law Enforcement
We may share Personal Information with third-party service providers (including those that may be located outside of the United States or your country), who help us operate our platform and systems, and detect fraud and security threats throughout the normal course of our business.
Any third party which receives or has access to your Personal Information is required to protect such Personal Information and only to use it for the limited purposes necessary to carry out the services they are explicitly contracted to provide. Such third parties, aside from law enforcement or regulatory authorities, are contractually bound by the same security and confidentiality policies and responsibilities as CEX.IO. We do not sell customer Personal Information to third-parties for the purposes of marketing.
6.2. Change in Ownership
6.3. Employee Non-Disclosure of Personal Information
You have the right to access your Personal Information. If you are located in the United States, European Economic Area, or the Channel Islands and have questions regarding the processing, use, or storage of your Personal Information, you may contact us at firstname.lastname@example.org or write to us at CEX.IO CORP. 101 Hudson Street, 21st Floor, Jersey City, NJ 07302.
7.1. Requesting Your Personal Information
If you choose to submit a written request for your Personal Information to email@example.com, we will provide you with a copy of all of your all the Personal Information retained by CEX.IO. Additional minimal charges may be incurred by you to offset administrative costs associated with providing you additional copies of your Personal Information.
7.2. Updating or Amending Your Personal Information
At any point you may correct, update, amend or revise your Personal Information by sending an email to firstname.lastname@example.org. When possible, you may be required to update your Personal Information on your account profile page by logging into Our Sites. To ensure the accuracy and integrity of your Personal Information we may request additional Personal Information and/or identification documentation, at the discretion of the Compliance Department. If you refuse to provide the Personal Information requested, we reserve the right to not provide our services to you.
7.3. Removing Your Personal Information
At any point, you may also request the closure of your account. Upon closure, your Personal Information will only be stored by CEX.IO to satisfy our regulatory obligations. As a regulated financial institution in the United States, we are required to store customer records for a period of five years after the closure of the account.
7.4. Automated Data Processing
In order to efficiently provide CEX.IO’s services to you, we employ a series of automated processing systems to reduce the risks of fraud, money laundering and/or abuse of our services. Through these automated systems, we carry out an analysis of your identification, transactional and behavioral patterns based on the information provided to us. If you do not wish this automated processing to be carried out, please contact us at email@example.com, and our Compliance Department will review your application manually. Increased wait times may apply for applications that are processed manually.
No security measure is perfect. However, we have implemented technical and organizational security measures to ensure the confidentiality, integrity and accountability of your Personal Information. Through a constant process of reevaluation and testing we pride ourselves on our abilities to protect your Personal Information from loss, misuse, manipulation or destruction. Examples of measures we take to protect your Personal Information include:
We conduct testing and evaluations of our technical and organizational measures effectiveness on a regular basis. Technical and organizational security measures will be reviewed on a rolling basis to consider all legal and technical developments. Additionally, we preform ongoing due diligence, including penetration tests when applicable, on all third-party vendors which may have access to your Personal Information.
In the event of a data breach or the failure of our security measures, we will notify you immediately. CEX.IO may retain a data protection and breach notification security advisory firm which monitors all applicable reporting requirements for the United States and other jurisdictions which we operate.
Your Personal Information is held on servers located in the United States and the European Economic Area at some of the most secure facilities in the world. Access to this information is under strict access controls. Employees of CEX.IO whose offices are outside of the United States or European Economic Area are under strict contractual obligations to adhere the same principles of data security and processes as those employees within the European Economic Area and United States.
We do not store your payment method for the instant buy product, unless you create an account to conduct future transactions. The payment method information that you provide to make instant digital asset purchases are passed through a third-party payment processor which is based in the European Economic Area and bound to the same regulations as CEX.IO. Additionally, CEX.IO has a contractual agreement with the payment processor to further safeguard your rights. As a regulated financial institution in the United States, we are required to store Personal Information associated with a transaction for a period of five years after the transaction is processed.
10.1. External Links
We do not control third-party sites or any of the content contained therein. You acknowledge that by leaving Our Sites, CEX.IO is not responsible or liable for any of those third-party sites, including, without limitation, their content, policies, failures, promotions, products, services or actions and/or any damages, losses, failures or problems caused by, related to or arising from those sites. We encourage you to review all policies, rules, terms and regulations, including the privacy policies, for each site that you visit.
10.2. Fraud, Phishing and Email Scam Disclaimer
Customer support is only provided through the CEX.IO website and is always provided free of charge. CEX.IO will never ask you your password.
If you discovered what you believe is fraud, phishing, or a scam which impersonates CEX.IO, please email us at firstname.lastname@example.org.
10.3. Unsolicited Submissions
11.1.1. Our Data Protection Team in the United States
11.1.2 Our Data Protection Team European Economic Area
11.2 Feedback and Resources
Additional resources may be found through our Help Centre: https://support.cex.io/hc/en-us. At the Help Centre, you may search a particular question, read our collection of Frequently Asked Questions (“FAQ”), or even use our Live Chat feature to speak directly with a Customer Support team member in real time.