Cocabit implements and maintains appropriate technical, security and organizational measures to protect Personal Data against unauthorized or unlawful processing and use, and against accidental loss, destruction, damage, theft or disclosure.
This policy applies where we are acting as a Data Controller with respect to the personal data of our website visitors and service users.
If you do not agree with the Terms set out herein, we ask you to not visit this website www.cocabit.io. In cases when required by the applicable law, we will ask for your explicit consent to process Personal Data, which shall be collected on this website or volunteered by you. Kindly note that any consent will be entirely voluntary. However, if you do not grant the requested consent to the processing of your Personal Data, the use of this website may not be possible or may be limited.
Cocabit will process your account data you provide when you open Cocabit account, perform transactions on the Cocabit platform, or use other Cocabit Services.
Collection of Personal data
Cocabit collects and processes Personal Data for the purposes of the necessary KYC/AML procedures to ensure compliance with the relevant AML legislation.
Users of Cocabit Services can at any time access and edit, update or delete their contact details by logging in with their username and password to Cocabit platform.
Cocabit will not retain User data longer than is necessary to fulfill the purposes for which it was collected or as required by the applicable laws and regulations.
During a User’s registration and operation with Cocabit exchange platform, Users provide such personal data:
- contact details and information (name, surname, phone number, e-mail etc.);
- general information – age, gender, etc.;
- date of birth;
- payment details;
- documents confirming your identity, full name and address of residence;
- information about account connection data – geolocation, IP address and device information;
- provided information via mail or other communication channels;
- transaction information;
- biometric information (only to verify your identity);
- additional documents for verification.
For the purposes of KYC/AML procedures and prevention of fraud, we can ask Users to provide additional documents for verification to confirm the legal source of User’s income.
The above mentioned Personal Information will be used for operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with Users.
Collection and processing of e-mails
Cocabit will use users’ e-mail for communication purposes with users regarding: login, registration, transactions, orders, safety requirements, notifications about safety measures, reminders about the status of orders, transactions, user profile level, and other necessary communication with users.
Collection and processing of mobile numbers
For the purposes of KYC/AML procedures and verification of credibility of the User account, Cocabit shall communicate with the Users via the telephone using the mobile numbers given in the User’s accounts.
Protection of data
We use a variety of security measures to ensure the confidentiality, integrity, availability and privacy of your Personal Information and to protect your Personal Information from loss, theft, unauthorized access, misuse, alteration or destruction.
Our company has implemented the following measures to protect your personal data:
- Encryption of sensitive data during transfer and at rest;
- 2-factor authentication;
- Logging of activities performed in the platform;
- Access controls and other measures to mitigate risks identified during the risk assessment process;
- All data processing systems operate in complete confidentiality;
- Password protected directories and databases;
- All data can be restored in case of technical difficulties;
- In case of loss or damage to your personal data, the company will restore it from a backup copy, if this is not possible – the company will definitely inform you about this within 48 hours.
- Only authorized Cocabit personnel are permitted access to your Personal Information, and this personnel is required to treat the information as highly confidential.
- If, in order to provide you with the required service, it becomes necessary to transfer your data to third parties, we will definitely require them to have the same level of organizational and technical security of your data, which is confirmed by contractual obligations.
- Vulnerability Scanning to actively protect our servers from hackers and other vulnerabilities.
The Company saves all documents up to date and under the adopted rules of the General Data Protection Regulation.
The security measures will be reviewed regularly in light of new and relevant legal and technical developments.
Disclosure to third parties
In processing your transactions, we may share some of your Personal Information with third party service providers, banks, systems for payments and transfers.
Due to legislation, we may share your personal data with police and other government agencies.
Also, we may share your personal information to Services to verify and verify your identity that comply with verification norms and standards Courts.
If you use the card as a means of payment, we, as a service providing currency exchange services, will not operate (provide, sell, buy, exchange) your data (as a cardholder) or anyone else with anyone other than the enquirer (Visa / Mastercard / and etc.) or government agencies, if required by law.
Your information may be transferred to third parties solely for processing your transaction and this will be only that part of the information that is necessary for this at the request of the system or law. In any case, the third party who receives your data will protect it and keep it in accordance with the law.
General Data Protection Regulation (GDPR) policy
Cocabit protects and processes personal data in accordance with privacy rights and regulations set forth in, but not limited to:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of the European Union of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, known as the General Data Protection Regulation (GDPR).
- bRegulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and the implementations of the Directive in local legislation.
- Data Protection Act 1998.
- Privacy and Electronic Communication (EC Directive) Regulations 2003 (SI2003/2426).
Due to our GDPR policy, Cocabit shall collect, store and process personal data strictly in accordance with our policies and instructions in accordance with GDPR. All information is stored securely and is accessed by authorized personnel only.
User’s rights over their personal data
We may receive your personal information even if we do not take any action to do so – this is called “unsolicited” personal information. In such situations, we destroy all such information if it does not coincide with the purpose of collecting the necessary information. Also, we can save such data if it matches the requested data. The conditions for storing such information are similar to the information you provide.