Privacy Policy
Version applicable as of February 7th 2022
1. Why should I read this Privacy Policy?
This Privacy Policy (‘policy’) describes how CoinGate (CoinGate is owned and operated by UAB “Decentralized”) (hereinafter referred to as the “Company”, “we”, “us”, “our”) collects, uses, discloses, and stores your personal information and what statutory rights do you have. We protect your personal information under the applicable data protection laws. We may amend this policy unilaterally from time to time. Any such amendments will be effective immediately upon publication, therefore please visit
our website regularly for the latest version of this policy.
2. Who is responsible for protecting my information?
We are: CoinGate (owned and operated by UAB “Decentralized”) Our company number is: 303423510
Our address: A. Goštauto g. 8-331, LT-01108 Vilnius
Our e-mail address: info@coingate.com
3. Why and how do you use my information?
3.1 To provide you with virtual currency purchasing, payment processing collection and related services
When is this relevant for me? | When you are our client, manager, or representative of a legal entity or shopper. |
What information do you collect about me? | E-mail address, password, country, IP address, name and surname, gender, place of birth, address, telephone number, cryptocurrency address, bank account number, account number of money withdrawal platform, PayPal address, transaction amount, transaction currency, transaction time, address of the sender of the transaction, address of the payee of the transaction, power of attorney, data provided in the business registration certificate, data provided in the document of business address proof, requests for overpayments, Facebook ID information, Google ID information, other information provided by you. |
What is your legal basis to collect my information? | Contract (Art. 6 (1) (b) of GDPR). |
Where do you collect the information from? | From yourself. |
Am I obliged to provide this information? | It is a contractual requirement. If you do not provide this information, we will not be able to provide our services. |
How long do you store information about me? | 10 years after termination of your account. |
3.2 To provide you with virtual currency swap services
When is this relevant for me? | When you use our virtual currency swap services without undergoing a verification (identification) process. |
What information do you collect about me? | Email address, country, IP address, types of swapped virtual currencies, cryptocurrency address, transaction amount, device fingerprint, telephone number. |
What is your legal basis to collect my information? | Contract (Art. 6 (1) (b) of GDPR). |
Where do you collect the information from? | From yourself. |
Am I obliged to provide this information? | It is a contractual requirement. If you do not provide this information, we will not be able to provide our services. |
How long do you store information about me? | 10 years after the use of our currency swap services. |
3.3 To enable you to exchange your virtual currencies into various gift cards
When is this relevant for me? | When you exchange your virtual currencies into gift cards of various vendors and platforms. |
What information do you collect about me? | First name, last name, email address, country, IP address, cryptocurrency address, transaction amount, type and amount of gift card, email of the person to whom you send the gift card. |
What is your legal basis to collect my information? | Contract (Art. 6 (1) (b) of GDPR). |
Where do you collect the information from? | From yourself. |
Am I obliged to provide this information? | It is a contractual requirement. If you do not provide this information, we will not be able to provide our services. |
How long do you store information about me? | 10 years after the exchange of your virtual currency to a gift card. |
3.4 To verify you when necessary
When is this relevant for me? | When you use our virtual currency purchasing, payment processing collection services, or when you use our virtual currency swap services and make a transaction larger than 1 000 EUR or a transaction that raises suspicion. |
What information do you collect about me? | Country of residence, name and surname, gender, place of birth, date of birth, nationality, address, telephone number, ID number, personal code, ID expiry date, ID copy, photo of you. |
What is your legal basis to collect my information? | Contract (Art. 6 (1) (b) of GDPR). |
Where do you collect the information from? | From yourself. |
Am I obliged to provide this information? | It is a contractual requirement. If you do not provide this information, we will not be able to provide our services. |
How long do you store information about me? | 10 years after termination of your account. |
3.5 To implement measures of anti-money laundering (AML) and counter-terrorist financing (CTF)
When is this relevant for me? | When establishing a business relationship with us (when you are a customer (natural person), company’s manager or a representative). | |
What information do you collect about me? | Name and surname, ID information (such as number, date of issuance, period of validity), date of birth, sex, no personal number (true/false), personal number, personal number type, document number, date of expiry, document type, issuing country, citizenship or citizenship s, nationalities, place of birth, address, city, postal code, country of residence, annual income, are transaction s over 15 000 EUR expected? (yes/no). source of funds, source of wealth, expected yearly turnover using our services, used services, countries from which funds will be incoming, account opening purposes, geolocation data, information on the company’s director and representative (name, surname, ID, date of birth, sex, no personal number (true/false), personal number, personal number type, document number, date of expiry, document type, the country that has issued an identity document, citizenship, nationalities, place of birth, address, city, postal code, country of residence, sanctions, current position, email), information on the ultimate beneficial owner (name, surname, sex, personal number, date of birth, place of birth, address, citizenship, nationality, country, website (reputable third-party source), amount of shares, stake in the main company. | Information on participation in politics – whether you (trader) are a politically exposed person (PEP), whether the beneficial owner of the company, their immediate family member, or a close associate is a PEP, and information on the beneficial owner’s prominent public functions. |
What is your legal basis to collect my information? | Legal obligation (Art. 6 (1) (c) of GDPR) Art. 9,11, 12, 16 of the Law on AML. | Reasons of substanti al public interest (Art. 9 (2) (g) of GDPR) Art. 14 of the Law on AML. |
Where do you collect the information from? | From yourself, AML/CT F service providers. | |
Am I obliged to provide this information? | It is a statutory requirement. If you do not provide this information, we will not be able to provide our services. | |
How long do you store information about me? | For the duration of and 8 years after the terminati on of the business relations hip. |
3.6 To ensure security of and improve our website
When is this relevant for me? | When you use our website. |
What information do you collect about me? | Internet protocol address (IP), user agent, referrer url, date and time of website visiting. |
What is your legal basis to collect my information? | Legitimate interest (security and improvement of our website) (Art. 6 (1) (f) of GDPR). |
Where do you collect the information from? | From yourself. |
Am I obliged to provide this information? | No. |
How long do you store information about me? | 10 years after your last visit of our website. |
3.7 To provide you with customer support
When is this relevant for me? | When you submit an inquiry to our customer support. |
What information do you collect about me? | E-mail address, subject of your inquiry, date of your inquiry, content of your inquiry, attachments to your inquiry, your name and (or) surname provided in your inquiry, reply to your inquiry, information provided by you. |
What is your legal basis to collect my information? | Consent (Art. 6 (1) (a) of GDPR). |
Where do you collect the information from? | From yourself. |
Am I obliged to provide this information? | No. |
How long do you store information about me? | 10 years after the receipt of the last inquiry. |
3.8 To inform you about our services that may be relevant to you.
When is this relevant for me? | When we want to inform you or ask your opinion about our services. |
What information do you collect about me? | Name and surname, e-mail. |
What is your legal basis to collect my information? | Consent (Art. 6 (1) (a) of GDPR) (Art. 69 (1) of Lithuanian Law on Electronic Communications) Customer relationship (Art. 69 (2) of Lithuanian Law on Electronic Communications) Legitimate interest (to send direct marketing communications) (Art. 6 (1) (f) of GDPR). |
Where do you collect the information from? | From yourself Social media service providers Marketing service providers. |
Am I obliged to provide this information? | No. |
How long do you store information about me? | 10 years after the last use of our services or after you give your consent unless you withdraw your consent earlier. |
3.9 To manage our social media profiles
When is this relevant for me? | If you interact with our social media profiles (e.g., send a message, follow our profiles, share a post, react to a post). |
What information do you collect about me? | Name and surname indicated in your profile, e-mail address, gender, country, picture, message, time, and date the message was received, content of the message, message attachments, response to the message, time of response to the message, information about our rating, comments on a post, post shares, information about post reactions. |
What is your legal basis to collect my data? | Consen t (Art. 6 (1) (a) of GDPR). |
Where do you collect the information from? | From yourself and social media platforms. |
Am I obliged to provide this information? | You are not statutorily or contractually obliged to provide this personal data, but we will collect this data if you interact with our social media profiles. |
How long do you store information about me? | 10 years from the moment you interact with our social media profiles. |
3.10 To carry out the selection of potential employees
When is this relevant for me? | When we receive your applicatio n for a job position, when you give us your consent for storing your CV, or we contact you based on the information you publicly disclose on professional social media platforms. |
What information do you collect about me? | Full name, e- mail, phone number, CV, work experience, other information you provide us with. |
What is your legal basis to collect my information? | Consent (Art. 6 (1) (f) of GDPR) Contract (Art. 6 (1) (b) of GFPR) Legitimate interest (to contact you when you publicly disclose your information on professional social media platforms) (Art. 6 (1) (f) of GDPR). |
Where do you collect the information from? | From yourself Professio nal social media service providers HR agencies. |
Am I obliged to provide this information? | It is a requirement necessary to enter into a contract only where we intend to enter into an employment contract with you. If you do not provide this information, we will not be able to enter into an employment contract with you. |
How long do you store information about me? | 3 years after the end of the relevant recruitment process 5 years after you give us your consent or publicly disclose your information on professional social media platforms. |
3.11 To fulfill statutory accounting requirements
When is this relevant for me? | When you use our services. |
What information do you collect about me? | Full name, e-mail address, telephone number, bank account number, address, signature, invoices, reports, accounting documents, payments, paid amounts, other information we are statutorily required to collect. |
What is your legal basis to collect my information? | Legal obligation (Art. 6 (1) (c) of GDPR) aw on Accounting of the Republic of Lithuania. |
Where do you collect the information from? | From yourself. |
Am I obliged to provide this information? | It is a statutory requiremen t. If you do not provide this information, you will not be able to buy goods or services from us. |
How long do you store information about me? | 10 years following a transaction. |
3.12 To defend our rights and interests
When is this relevant for me? | In case we become a party to legal process which you are subject to or we are statutorily required to collect information about you | |
What information do you collect about me? | All of the afore-mentioned information, accounting and legal case files, legal documents, other information you provide us with, other information that we are statutorily required to collect and/or provide. | If the case arises – information about criminal offenses and convictions. |
What is your legal basis to collect my information? | Legal obligation (Art. 6 (1) (c) of GDPR) Legitimate interest (to protect our rights and interests) (Art. 6 (1) (f) of GDPR). | Establishment, exercise, or defense of legal claims (Art. 9 (2) (f) of GDPR). |
Where do you collect the information from? | From afore-mentioned sources, law enforcement authorities, parties that are subject to legal process, courts. | |
Am I obliged to provide this information? | Yes, where we are statutorily obliged to collect personal information. | |
How long do you store information about me? | 10 years following the end of the contractual relationship with us or, whichever is longer, for the duration of the legal process and 3 years after a final authority decision came into full force. |
4. Who do you share my data with?
We share your data with data recipients, both within and outside the European Economic Area (EEA), in cases where necessary for the above-described purposes and allowed in accordance with applicable laws.
No | Category of information recipient | Information recipient | Country of the recipient | What is the legal basis to transfer my data outside the EEA? |
4.1. | AML and identification service providers | Onfido Ltd. | UK | Decision on the adequate protection of personal data by the United Kingdom (link). |
Elliptic Enterprises Ltd. | UK | |||
Other service providers | Worldwide | EU Standard Contractual Clauses for the transfer of data as approved by the European Commission (link) (further – EU Standard Contractual Clauses). | ||
4.2. | Banking, payment processing, crypto exchange and other financial service providers. | UAB “IBS Lithuania” | Lithuania (EU) | N/A |
UAB “Nexpay” | Lithuania (EU) | N/A | ||
UAB “Binance” | Lithuania (EU) | N/A | ||
Bitstamp Ltd. | UK | Decision on the adequate protection of personal data by the United Kingdom (link) | ||
Other service providers | Worldwide | EU Standard Contractual Clauses (link) | ||
4.3. | Software service providers | Microsoft Corporation | US | Microsoft Standard Contractual Clauses (link) |
Other software service providers | Worldwide | EU Standard Contractual Clauses (link) | ||
4.4. | Communication tools service providers | Skype Communications S.a r.l. | Luxembourg (EU) | N/A |
Slack Technologies, LLC | US | Slack Technologies Standard Contractual Clauses (link) | ||
Other service providers | Worldwide | EU Standard Contractual Clauses (link) | ||
4.5. | Social media service providers | Facebook Ireland Ltd | Ireland (EU) | N/A |
Reddit Ireland Ltd. | Ireland (EU) | N/A | ||
Twitter Inc. | US | EU Standard Contractual Clauses (link) | ||
Other service providers | Worldwide | EU Standard Contractual Clauses (link) | ||
4.6. | Customer support service providers | Zendesk, Inc. | US | Zendesk Standard Contractual Clauses (link) |
4.7. | Cloud hosting service providers | Amazon Web Services, Inc. | US | Amazon Standard Contractual Clauses (link) |
| Google LLC. | US | Google Standard Contractual Clauses (link) | ||
Other service providers | Worldwide | EU Standard Contractual Clauses (link) | ||
4.8. | Marketing service providers | Calendly LLC | US | EU Standard Contractual Clauses which are incorporated by reference to the Calendly Data Processing Addendum (link) |
Other service providers | Worldwide | EU Standard Contractual Clauses (link) | ||
4.9. | Compliance and legal service providers | Other service providers | EU countries and UK | Decision on the adequate protection of personal data by the United Kingdom (link) Decision on the adequate protection of personal data by the United Kingdom (link) |
4.10. | State institutions and regulatory authorities | Bank of Lithuania, State Tax Inspectorate, Financial Crime Investigation Service, Center of Registers, State Security Department of Lithuania, law enforcement authorities and courts, other state authorities | Worldwide | The necessity to establish, exercise or defend legal claims (Art. 49(1)(e) of the GDPR). |
5. What statutory rights do I have regarding my data?
Subject to conditions, limitations, and exceptions established by statutory data protection provisions, you have the rights listed below:
My right | When is this right applicable to me? |
Right of access | When you seek to obtain confirmation as to whether we collect or otherwise process personal data concerning you, and, where that is the case, access to the personal data and the information about the data processing. |
Right to rectification | When you seek to obtain from us the rectification of inaccurate personal data concerning you. |
Right to erasure (‘right to be forgotten”) | – When personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; When you withdraw consent on which the processing is based and there is no other legal ground for the processing; – When you object to the processing and there are no overriding legitimate grounds for the processing, or you object to the processing for direct marketing purposes; – Where the personal data have been unlawfully processed; Where the personal data have to be erased for compliance with a legal obligation; – Where the personal data have been collected in relation to the offer of information society services directly to a child and subject to a consent. |
Right to restriction of processing | – Where the accuracy of the personal data is contested by you; Where the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; – Where we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims; – Where you have objected to processing. |
Right to data portability | Where you seek to receive the data you have provided in a structured, commonly used and machine-readable form or to transmit those data to another controller, the processing is based on consent or on a contract and is carried out by automated means. |
Right to object | Where the collection and use is based on a task carried out in the public interest or in the exercise of official authority vested or legitimate interest, including profiling, as explained in Section 3 of this Privacy Policy, or where you object to the collection of your personal data for direct marketing purposes. |
Right to withdraw consent | Where the processing is based on consent, as explained in Section 3 of this Privacy Policy, and you seek to withdraw it at any time. |
Right to lodge a complaint | Where you want to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or of an alleged infringement of the GDPR. |
6. Do you engage in automated individual decision-making, including profiling?
We perform profiling only for AML regulations’ compliance purposes and to protect our platform from money laundering and terrorist financing. Without AML profiling we will not be able to provide you with our services. We create an AML risk profile after you fill in the “Know Your Customer” (KYC) questionnaire and then we continue to monitor the unexpected changes in your transactional behavior within our platform. AML profiling does not affect your use of our platform if there is no suspicious activity in your account.
7. Does your website place cookies on my device?
Yes, our website places the following cookies on your device:
Cookie category | Cookie name | Cookie expiry |
Necessary | _GRECAPTCHA | 179 days |
rc::a | Persistent | |
rc::b | During the browsing session | |
rc::c | During the browsing session | |
test_cookie | 1 day | |
_zlcmid | 365 days | |
Preferences | Lang | During the browsing session |
trade_options | 365 days | |
trade_values | 1 hour | |
gc_user_s | 1 year | |
last_item | 1 year | |
Statistics | _ga | 2 years |
_hjAbsoluteSessionInProgress | 1 day | |
_gat | 1 day | |
_gid | 1 day | |
_hjFirstSeen | 1 day | |
_hjIncludedInSessionSample | 1 day | |
AnalyticsSyncHistory | 29 days | |
collect | Session | |
personalization_id | 2 years | |
px.gif | Session | |
_fbp | 3 months | |
sc | 365 days | |
sentryid | 365 days | |
TSNGUID | 365 days | |
_hjSession | 1 day | |
device_id_ | 365 days | |
_hjSessionUser_ | 1 year | |
first_acquisition | 1 year | |
Marketing | /ad/#/pixel | Session |
_gcl_au | 3 months | |
ads/ga-audiences | Session | |
bcookie | 2 years | |
bscookie | 2 years | |
IDE | 1 year | |
lang | Session | |
lidc | 1 day | |
pagead/1p-user-list/# | During the browsing session | |
pagead/landing | Session | |
Tr | Session | |
uaid | 30 years | |
UserMatchHistory | 29 days | |
nQ_cookieId | 1 year | |
nQ_userVisitId | 1 day | |
| Unclassified | simplex-logo.png | Session |
8. How can I manage cookies?
You can configure your browser to decline some or all cookies or to ask for your permission before accepting them. Please note that by deleting cookies or disabling future cookies you may be unable to access certain areas or features of our website. You can control the use of functionality cookies, targeting cookies or advertising cookies by adjusting your browser settings. To find out how to manage cookies in your browser, please visit one of the links below:
- Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable- cookies-website-preferences
- Google Chrome: https://support.google.com/chrome/answer/95647
- Opera: https://www.opera.com/help/tutorials/security/privacy
- Microsoft Edge: https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy
- Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-information-sfri11471/mac
9. How can I contact your data protection officers?
If you have any questions, comments, or complaints regarding how we collect, use, and store your personal information, our data protection officers are ready to help you. If you need their help, you may contact them at any time via dpo@coingate.com.