Privacy Policy

Effective Date: May 19th 2023
CoinSmart

At Simply Digital we take privacy and data security seriously. We are committed to transparency in the collection, use and disclosure of your personal information. This Privacy Policy describes how we collect and use personal information and the circumstances under which we may share this information.

Depending on the location of the customers we service, different entities within the Simply Digital group provide the service and are responsible for customers’ personal information. If you live in:

Canada, Simply Digital Technologies Inc., is the entity responsible for your data;
The United States of America, Simply Digital Technologies USA Inc. is the entity responsible for your data; or
If you live outside of Canada and the United States of America,

S.D.T OÜ, an Estonian company, is the controller of your personal information.

This Privacy policy applies to the privacy practices of Simply Digital on its trademarked CoinSmart website located at https://www.coinsmart.com/ and to the CoinSmart mobile app (together the “CoinSmart Service”).

We ensure, within our Global framework of data protection legislation, the confidentiality of client data and implement appropriate physical, technical and organizational measures to help safeguard your data from unauthorized access, use, disclosure and accidental loss, modification, destruction or any other unlawful processing.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your personal information will take place to an organization or a country unless we have received your expressed consent and there are adequate controls in place including the security of your data and other personal information.

Collection and Use of Personal Information

What personal information do we collect

In order to provide you with a service, we are required to collect certain data elements from you. Some legal and regulatory obligations require us to collect information for non-clients which is governed by the same principles we use to safeguard information for our clients.

Below is a summary of the types of data we may collect.

Identity Data	Name, personal identification code or date of birth, signature.
Contact Data	Address, phone number, e-mail address.
Financial Data	Bank account information, payment information, liabilities, online payments and money transfers, payment methods, prices paid, quantity of order, time stamps associated with orders and payments, payment authorization information, and order activity history.
Services Data	Transaction information on the purchase or sale of digital currencies or other transaction-based data that you generate or that is connected to your account including (including quantity, product, price of transactions); data about agreements entered into, amended or terminated with us; data about the performance of agreements, including data about suspected or actual violations of the agreement; and communications with you regarding the Services, including notices, service fees, enquiries and complaints, submitted Requests.
Anti-money laundering (AML) and Counter-Terrorist Financing (CTF) Data	Your government-issued photo identification or other identity document, country of residence, source of funds, data about your assets, the origin of assets, place of work, position, nature of your work, whether you are a politically exposed person or the family member or close associate of a politically exposed persons.
Communication Data	Data contained in requests we receive from you, including customer service requests or your other communications with us via any channel, including communication by phone, e-mail, messages and other manners of communication.
Service Usage Information	Data about the date and time you access our Service, data about your device (such as device type, IP address, and device identifiers), operating system and hardware settings, browser type and characteristics, length of visits, pages viewed, geographic location, language preferences, referring URLs, time spent on pages, scrolling, mouse movements, and links clicked, and information derived from SIM card, network operator, IP address, GPS geolocation data.
Legal & Compliance Data	Data obtained while performing our legal obligations, including data relating to enquiries made by investigative bodies, notaries, tax authorities, bailiff courts and other state institutions.

How do we process your data

We process your data in order to perform the services you request and to establish a client relationship with you, to respond to your requests and otherwise communicate with you, and to comply with our legal obligations, including our Know Your Customer and due diligence obligations under applicable laws. We use your data in the following ways:

Account Creation: In order to open and administer your account we process your Identity Data, Contact Data and Communication Data. Where applicable, the legal basis of processing such data is your consent. You can withdraw your consent at any time and we will stop processing your Data given on the basis of your consent.
Account Administration: We process your Identity Data, Contact Data and Communication Data in order to enter into a client agreement and communicate with you. Depending on your jurisdiction, we may be required by statute to collect this data as part of entering into a client agreement with you. Where applicable, the legal basis of processing such data is the performance of a client contract and if you fail to provide such data, we cannot provide services to you.
Enforcing our Agreement: We process Financial Data, Services Data, Communication Data and Legal Compliance Data to perform and execute and enforce our client agreement with you, including but not limited to reviewing, investigating, and preventing any potentially prohibited or illegal activities that may violate the client agreement. Where applicable, the legal basis of processing such data is the performance of a client contract and if you fail to provide such data, we cannot provide services to you. We will use your personal information when it is necessary for Simply Digital’s, its affiliates or other third party’s legitimate interests to preserve or defend its rights and interests in any legal claim or other claims and to protect us from any other damage or loss.
Identity Verification: We process the AML and CTF Data in order to check and verify your identity, to meet legal obligations and to keep your data updated and correct. The processing of this data is necessary for compliance with our obligations arising from applicable laws and regulations and also to comply with rules and regulations related to AML and CTF requirements. If you fail to provide such data, we cannot provide services to you. We will explain to you the content and requirements of such personal information each time we collect information. We reserve the right to change the information that we are required to collect as c global or local regulatory standards change.
Payments: When you engage in cryptocurrency transactions through the CoinSmart Service, we collect transaction information (including payment card details) on the purchase or sale of digital currencies, or other transaction-based information that you generate or that is connected to your account.
Service Usage Information: When you access your account, visit our website and use our Services, we may process Service Usage Information to ensure that our interface is accessible for you, to customize, measure, and improve the quality of our Service and the content of our website, and to develop new Services. We may also use certain of this information to create user replay sessions (as necessary) and to improve our visitors’ experience. Where applicable, the legal basis of processing such data is our legitimate interests.
Marketing Communications: We also process data about your name and e-mail based on your consent in order to send you information about our services and direct marketing messages. The consent will contain information on that specific processing activity. You can withdraw your consent at any time by using the unsubscribe mechanism set out in our messages or by contacting our Privacy Officer at compliance@coinsmart.com. Please note that you may continue to receive transactional and account-related communications from us.
Contacting Us: When you contact us with a comment or question or for customer support, we collect the information you provide such as your name, phone number and email address, along with additional information that we may need to help us promptly respond to your inquiry. We retain this information to assist you in the future and to improve our customer service and service offerings. We also use personal information to establish and manage our relationship with you and provide quality service.
Analytics: To understand, maintain, develop and improve the CoinSmart Service, we use analytics to understand our website and/or app activity and customer needs and to improve our Service. We may also generate aggregated information to monitor performance and use to improve our Services.

How do we collect your data

Most of the data we collect and process is directly provided by you. We collect and process the information about you in the following situations:

When you visit our website, create an account, log in, or use our service;
When we provide services to you or perform ongoing obligations;
When you communicate or provide your feedback to us via email or any other channel;
When you visit or use our website;
Other situations when we may collect your data as mentioned in this Privacy policy.

We also may collect information about you from public or third-party sources, such as public databases, ID verification partners, payment providers, companies providing services for money laundering and terrorist financing checks, credit risk reduction and other fraud and crime prevention purposes and companies providing similar services.

How we share your data with third parties

Except as set forth in this Privacy policy and as required or permitted by law, we do not sell or share your personal information with third parties. We will not disclose more data than necessary for the purpose of disclosure and in compliance with regulatory legislation and data protection legislation.

Service Providers: We may transfer or otherwise make your data available to our third-party service providers who provide services to us in accordance with our instructions and on our behalf. Our service providers are only given the information they need to perform their designated functions, and are not authorized to use or disclose personal information for their own marketing or other purposes. We may transfer your data to third-party service providers as set out below:

To ID verification partners in order to verify your identity and identification documents, in accordance with our AML/CTF legal obligations;
To our website hosting partners and other parties who assist us in operating our website (including creating user session replays) and sending communications;
To our payment services providers, to assist in processing payments;
To companies providing services for money laundering and terrorist financing checks, credit risk reduction and other fraud and crime prevention purposes, including financial institutions and credit reference agencies;
To partners who provide us with accounting services in order to prepare invoices; To our financial and legal consultants and auditors; and
To debt collectors in order to collect a debt.

Affiliates: We share data with entities within our group of Simply Digital companies who provide related services (with consent where required by applicable law) or provide us with support and ancillary services (including information security and customer account maintenance). Your personal information may be maintained and processed by us, our affiliates and other third party service providers in the US or other jurisdictions. In the event that personal information is transferred to the US or other foreign jurisdiction, it will be subject to the laws of that jurisdiction and may be disclosed to or accessed by the courts, law enforcement and governmental authorities in accordance with those laws. See also Data Transfers – EEA Customers for further information.

Legal and Compliance: We may also provide your information in response to a search warrant or other legally valid inquiry or order, including to public authorities and state institutions such as law enforcement agencies, bailiffs, notaries, tax authorities, supervisory authorities, financial intelligence agencies such as , Financial Crimes Enforcement Network and Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), or as otherwise required or permitted by Canadian, US, European, or other law or legal process. Your data may also be disclosed where necessary for the establishment, exercise, or defense of legal claims, or when we believe disclosure is appropriate to comply with the law or protect ours or others’ rights, property, or safety, including to investigate or prevent actual or suspected loss or harm to persons or property.

Sale of Business: Your data may be provided to third parties in connection with a merger or sale (including transfers made as part of insolvency or bankruptcy proceedings) involving all or part of Simply Digital, or as part of a corporate reorganization or stock sale or other change in corporate control, including for the purpose of determining whether to proceed or continue with such transaction or business relationship.

Safeguarding and Retention of Personal Information

We have implemented reasonable administrative, technical and physical measures in an effort to safeguard the personal information in our custody and control against theft, loss and unauthorized access, use, modification and disclosure. We restrict access to your personal information on a need-to-know basis to employees and authorized service providers who require access to fulfill their job requirements.

We have personal information retention processes designed to retain personal information for no longer than necessary for the purposes stated above or to otherwise meet legal requirements. We may retain personal information, including financial information relating to transactions, for accounting and auditing purposes and otherwise in accordance with our obligations under applicable law.

Access to Personal Information

You have the right to access, update and correct inaccuracies in your personal information in our custody and control, subject to certain exceptions prescribed by law. You may request access, updating and corrections of inaccuracies in other personal information we have in our custody or control by emailing compliance@coinsmart.com. We may request certain personal information for the purposes of verifying the identity of the individual seeking access to their personal information records. For security and confidentiality of your account, we will only process requests for information from an authorized account holder or law enforcement that is supported with the appropriate authorization.

Your Additional Rights

You may have certain additional rights in relation to your personal information, depending on your jurisdiction. While some of these rights are general and unrestricted, other rights only apply in certain circumstances. The manner in which these rights apply may vary depending on the jurisdiction in which you are located.

Your rights may include:

access – you are entitled to obtain a copy of the personal information which we hold about you and certain additional details regarding how we process your personal information.
rectification – you can request rectification or updating of your personal information if it is inaccurate or incomplete.
restriction – you can restrict our use of your personal information.
deletion – you are entitled to request that we erase your personal information.
objection – you can object to the processing of your personal information where we are processing that information based on our legitimate interests or those of a third party, or where we are using it for direct marketing purposes.
portability – you can request a copy of personal information you provided to us to be transferred, subject to certain exceptions provided by law.
withdrawing your consent – where we rely on consent to process your personal information you can withdraw this consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

If you wish to exercise any of your rights, please contact us at the details below. If you are located outside of the US and Canada, you also have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon), S.D.T OÜ’s lead supervisory authority. You can also contact your local data protection authority.

Privacy when using digital assets

Your funding of bitcoin or other digital assets, may be recorded on a public blockchain. Many blockchains are open to forensic analysis which can lead to deanonymization and the unintentional disclosure of private financial information, especially when blockchain data is combined with other data. Because blockchains are decentralized or third-party networks that are not controlled by us, we are not able to erase, modify, or alter personal information from such networks.

Cookies

We collect, information from cookies stored on your device. Learn more about how we use cookies in our Cookie Policy.

Data Transfers- EEA Customers

We transfer your personal information to Simply Digital affiliates or third-party service providers located in countries outside of the EEA in connection with the above purposes. Countries that are outside the EEA may not offer the same level of data protection as in your home country, although the collection, storage and use of your personal information will continue to be governed by this Privacy policy.

Standard contractual clauses

We use a legal mechanism known as “standard contractual clauses” to protect personal information transferred outside the EEA where there is no adequacy decision in respect of the country in which the data importer is located; for example, the United States of America. Standard contractual clauses refer to contracts between companies transferring personal information (for example, from Simply Digital Technologies OU to Simply Digital Technologies USA Inc.) that contain standard commitments approved by the EU Commission for protecting the privacy and security of the personal information transferred. To request a copy of the clauses, please email us at compliance@coinsmart.com.

Derogations

In certain limited circumstances, we may use derogations, such as the contractual necessity or public interest derogation, where appropriate to process personal information, when there are no other data transfer mechanisms applicable.

Additional Information

Third Party Websites

The CoinSmart Service may contain links to other websites that are not owned or controlled by us. Please note that this Privacy policy applies only to personal information that we collect through the CoinSmart Service. We have no control over, do not review and are not responsible for the privacy policies of or content displayed on such other websites. When you click on such a link, you will leave our service and go to another site. During this process, another entity may collect personal information from you. We may also collect information about your interactions with our accounts on third party social media platforms.

Updates to the Privacy Privacy

We may update this Privacy Policy to reflect changes to our privacy practices. We encourage you to periodically review this page for the latest information on our privacy practices. If we materially change our Privacy Policy, we will take steps to notify you in advance of the change when and where required by applicable law.

Contact Us

Simply Digital welcomes your comments and questions regarding this Privacy Policy and the use of your personal information. If you have questions or concerns please contact our Privacy Officer: compliance@coinsmart.com