Privacy Policy
CoinFlip Privacy Policy
UPDATED AND EFFECTIVE AS OF: July 15, 2024
This CoinFlip Privacy Policy applies to personal data collected through our website, located at coinflip.tech or olliv.com (the “Sites”), any mobile application ( “App”), or through our cryptocurrency kiosks owned or operated by GPD Holdings LLC DBA CoinFlip, CF Preferred LLC, and their affiliated companies (collectively, “Company”) that post a link to or include this Privacy Policy (collectively, the Site, the App and cryptocurrency kiosks are the “Services”). This Privacy Policy describes our data practices regarding personal data we collect with regard to the Services and offline, which we may combine with online data. This Privacy Policy also describes your data protection rights, including your right to object to some data practices regarding personal data. This Privacy Policy does not apply to any personal data collected by third party websites or apps not operated by Company.
Please note that certain features or services discussed in this Privacy Policy may not be offered at any particular time. By accessing, visiting, using, submitting data to, or otherwise interacting with the Services, you consent to our use of your personal data in accordance with this Privacy Policy. Further, your access to and use of the Services is subject to the Company’s Terms of Service located at https://coinflip.tech/terms/terms-of-service. If you do not agree to the terms of this Privacy Policy and the applicable Terms of Service, please do not use the Services or provide personal data to us.
Table of Contents
1. Personal, Sensitive, and Non-Personal Data We Collect
2. Summary & Chart of Our Key Data Collection and Use Practices
3. Additional Details About Our Data Practices
a. Data Collected Automatically: Device ID/Interaction Information
Click-Through URL
Aggregated Data
Location Data
Cookies and Other Technologies
· Cookies and Local Storage
· Pixel Tags
· Embedded Scripts
· Session Interactions
· Data Collected through Mobile Devices and SDKs
b. Data We Receive or Collect from Third Parties
Data You Provided By Users About Others
Other Sources
c. Data You Provide Directly
Chat
Identity Recognition
Counterparty Onboarding
Feedback, Questionnaires and Surveys
User Submissions
Sweepstakes, Contests, Promotions
d. Disclosure of Data to Third Parties
Third Parties Providing Services on Our Behalf
Social Media Platforms and Similar Third Party Platforms and Features
Other Users of our Services
For Legal and Compliance Reasons
Affiliates
Business Transfers and Transitions
4. Third Party Advertising & Analytics/Privacy Controls
5. Your Choices
6. Third Party Content and Links
7. Data Security
8. Data Retention
9. Jurisdiction and Cross-Border Transfer
10. General Audience
11. Changes to this Privacy Policy
12. Contact Us
13. Jurisdiction Specific Rights
a. U.S. State Specific Rights
b. Canada & Quebec
c. EEA, UK, Switzerland
14. Notice to California Residents
15. Prevailing Language
1. Personal, Sensitive, and Non-Personal Data We Collect
We may collect personal data from you directly, automatically when you visit the Services through cookies and other technologies, and sometimes from third parties.
We use the term “personal data” to mean any data that could be used to identify you, including “personal information” such as your contact data (name, address, email address, phone number), demographic data (birth date), login data (wallet address), financial data (credit or debit card number through a third party payment provider, shipping/billing data, and transaction history), and some data that may be considered “sensitive” under certain laws (such as precise location data and biometric data). We will treat additional data, including IP addresses and cookie identifiers, as “personal information” or “personal data” where required by applicable law, and we will treat certain personal data as “sensitive data” as required by applicable law.
Note that we may de-identify or pseudonymize personal data so that it is non-personal, such as aggregating or converting it to a code, sometimes using a function commonly known as “hash”. We maintain and use de-identified data without attempting to re-identify it, except where permitted by applicable law, such as to determine whether our de-identification processes satisfy legal requirements. We will treat de-identified or pseudonymized data as non-personal to the fullest extent allowed by applicable law. If we combine non-personal data with personal data, then we will treat the combined data as personal data under this Privacy Policy and as required by applicable law.
2. Summary & Chart of Our Key Data Collection and Use Practices
See here (https://20327482.fs1.hubspotusercontent-na1.net/hubfs/20327482/CoinFlip-Privacy-Policy-Information-We-Collect-Chart_v3.pdf) (“Chart”) to review a Chart that sets out in detail the (1) categories of personal data that we collect, (2) purposes for which we collect that data, (3) categories of third parties to whom that data may be disclosed to for a business purpose, and (4) categories of third parties to whom the data may be sold for monetary or other valuable consideration or shared with for purposes for cross-context behavioral advertising/targeted advertising.
We encourage you to read the Chart (URL above) carefully, but we provide a summary of our key data practices below.
We collect information, including personal data, from you, automatically through your use of the Services, and from third parties. The categories of data we collect that may be considered “personal data” under applicable law include: 1. Contact Information, 2. Payment/Financial Information, 3. Device ID/Interaction Information, 4. Precise/Specific Location Data, 5. Biometric Data, 6. Transaction Information, 7. User Account Information, 8. Employment Data, 9. Demographic Information, 10. Data Revealing Nationality, 11. Government Identification, 12. Information About Your Interests and Preferences, 13. Know-Your-Customer/Regulatory Data. We primarily use this information to facilitate your participation in the Services, to personalize your experience, verify your identity, and to send you information from us or on behalf of certain third parties. Please review the “Additional Details About our Data Practices” section for more information. Note that we treat de-identified or pseudonymized data as non-personal to the greatest extent allowable under applicable law.
We may share your information for business purposes with our subsidiaries and affiliates, third party service providers (technology vendors, security vendors, order fulfillment vendors, communication service providers), and unaffiliated third-party business partners for their business and marketing purposes. For more details, please review the Chart (URL above) and the “Disclosures to Third Parties” section.
We work with third party business partners, including online advertising companies, ad agencies, social media platforms, and analytics providers who may set and access their own tracking technologies (like cookies and pixel tags) on your device, and they may otherwise collect or have access to information about you including Device ID/Interaction Information. They may use this information to serve ads online, to serve third party ads on the Services, and to provide us with information regarding the use of the Services and the effectiveness of our ads. For more information, including your opt-out choices, please review the “Third Party Advertising & Analytics/Privacy Controls” section and the information set forth in the Chart (URL above). This practice may be considered sale or sharing under certain privacy laws and residents of those may have additional rights. For more information, please review the “Jurisdiction Specific Rights” section.
3. Additional Details About Our Data Practices
We provide in this section additional details about the information practices listed in the Chart above, where it would be helpful for your understanding of such practices.
a. Data Collected Automatically: Device ID/Interaction Information. We and third party business partners (including service providers and third-party advertising and analytics and similar companies) may use a variety of technologies that automatically or passively collect certain data (“Device ID/Interaction Information”) whenever you with the Sites, or otherwise interact with the Services. Device ID/Interaction Information may include:
· your time zone, and non-precise (approximate) location inferred through data we collect, such as IP address;
· referrer addresses or advertisement;
· the type and version of your web browser;
· device identifiers including mobile advertising identifiers and IP address;
· device information, such as your operating system, hardware model, and browser; and
· how you use and interact with the Sites, including what areas within the Services that you visit, page views (hit counts), and the content you interact with.
Click-Through URL. We may send email messages that use a “click-through URL” linked to content on our Services. When you click one of these URLs, you pass through our web server before arriving at the destination web page. We track this click-through data to help determine interest in particular topics and measure the effectiveness of our customer communications. If you prefer not to be tracked in this way, simply do not click text or graphic links in the email.
Aggregated Data. We use aggregated data to analyze the effectiveness of the Services, to improve our Services, and for other similar purposes. In addition, from time to time, we may undertake or commission statistical and other summary analyses of the general behavior and characteristics of users participating in our Services and the characteristics of visitors at the Services, and may share aggregated data with third parties, including advertisers. We may collect aggregated data through features of the software that supports our Services, through cookies, and through other means described in this Privacy Policy.
Location Data. We may collect your location data from the browser or device you use to access the Services with your consent. If you have given the App permission to access your location at any time, we may collect your device’s location even if you are not using the Service and store your location history. If you want to opt-out of the collection of your location data, please adjust your settings in your mobile device to restrict the app’s access to your location data. Location data may be used to enhance the Services, for example to offer additional functionality and data regarding your location in connection with the location of Company properties and to personalize the content you see on the Services. However, please note that we may still be able to infer your approximate location through other data we collect, such as IP address.
Cookies and Other Technologies. We use the following types of tracking technologies (collectively referred to as “Tracking Technologies”) to automatically collect Device ID/Interaction Information:
Cookies and Local Storage. The Services use a technology called “cookies.” A cookie is a small text file stored locally on your device that helps store user preferences. These technologies are able to store a unique identifier for a device to allow us to recognize the device whenever the device is used to visit the Sites. These technologies may be used for many purposes by us and our service providers, and our third-party business partners, such as automatically collecting Device ID/Interaction Information, enabling features, remembering your preferences, pixeles, and providing you with targeted advertising elsewhere online. We may use cookies and other technologies to help keep your use of the Sites more secure, to study traffic patterns on the Sites, to study the effectiveness of our customer communications, to maintain the integrity of the Sites, to measure crash analytics and other maintenance related information, to manage and measure the performance of advertisements displayed on or delivered by or through the Sites, and to personalize your experience through the Sites, such as to recognize you when you return to the Sites. If you do not want to accept cookies, you can block them by adjusting the settings on your Internet browser, or depending on your location, through the Sites. You can find more information about cookies and how they work at www.allaboutcookies.org.
Pixel Tags. We and our third party providers may also use so-called “pixel tags” – small graphic images (also known as “web tags” or “web beacons” or “clear GIFs” or “tracer tags,” “web beacons,” or “single-pixel images”) – which are small pieces of code used to collect usage analytics, such as to tell us what parts of our Services have been visited or to measure the effectiveness of marketing campaigns on our Site, or for marketing and targeted advertising purposes. Pixel tags also inform us whether emails have been opened. We may tie the data gathered by pixel tags to our users’ personal data, in which case it will be subject to the terms of this Privacy Policy.
Embedded Scripts. An embedded script is programming code that is designed to collect data about your interactions with the Sites, such as the links you click on. The code is temporarily downloaded onto your device from our server or a third-party service provider, is active only while you are connected to a Site, and is deactivated or deleted thereafter.
Session Interactions. We may record through session replay technology your interactions with the Sites, such as what pages you visit on the Sites, how long you visit those pages, and any links you click or information you provide. We use this information for our internal business purposes, such as for website analytics, to improve the Sites and our products and services, and to address functionality issues.
Data Collected through Mobile Devices and SDKs. SDKs are software packages that contain a set of tools that can be used to help build applications and implement new features in existing apps. We use embedded scripts and the tools provided in SDKs to collect data from mobile devices such as the hardware model, operating system and version, identification numbers assigned to your mobile device, such as the ID for Advertising (IDFA) on Apple devices, and the Advertising ID on Android devices, mobile network data, and website usage behavior.
In addition, we may use a variety of other technologies that collect similar data for security, fraud detection, and maintenance purposes.
b. Data We Receive or Collect from Third Parties.
Data Provided By Users About Others. If you give us personal data about other people (such as joint account holders), you represent that you have the authority to do so and to permit us to use the data in accordance with this Privacy Policy. Once you have been onboarded as a counterparty, Company will continue to use this data as necessary to effect transactions with you.
Other Sources. We also obtain data about you from other sources, including identity verification services, fraud prevention agencies, websites, and other publicly accessible data about you. We will also receive data you submit to us through third-party websites.
c. Data You Provide Directly. We may ask you to provide data when you use the Services, for example in the following ways:
Chat. When you participate in our Chat feature, we can record and use your communications and the data you provide in order to assist you during the Chat session, to improve our products and services, and otherwise as necessary to respond to your customer service inquiries. If you do not consent, please do not continue with Chat assistance.
Identity Recognition. When you interact with one of our cryptocurrency kiosks or the Company Order Desk, we may collect additional personal data about you for identity verification, fraud prevention, and other internal business purposes, such as a selfie image which may be collected using facial recognition software (when you opt-in to collection of biometric data), in accordance with any applicable laws, your government ID/driver’s license, Social Security number, source of funds, and a second form of ID. You will be asked to provide additional verifying personal data depending on the size of the transaction. If you apply to host a cryptocurrency kiosk in your business, we ask you to provide personal data such as your name and phone number, W9 data (such as EIN or SSN), banking data (such as routing and account number), as well as data about your store.
Counterparty Onboarding. When you choose to onboard as a counterparty through our Services for cryptocurrency trading services, you are required to provide us with your full name, email address, gender, residential address, birth date, phone number, country of residence and nationality, employment data and status, national and governmental identification data, and financial and banking details, including any joint account holders and people appointed to act on your behalf. Company uses this data to undertake anti-money laundering and fraud prevention activities. If you do not provide personal data that we tell you is mandatory, we may not be able to onboard you or provide you with certain services or features. If you give us personal data about other people (such as joint account holders), you If you disclose any personal data relating to other people, you represent that you have the authority to do so and to permit us to use the data in accordance with this Privacy Policy. Once you have been onboarded as a counterparty, Company will continue to use this data as necessary to effect transactions with you. We also obtain data about you from other sources, including identity verification services, fraud prevention agencies, websites, and other publicly accessible data about you. We will also receive data you submit to us through third-party websites.
Feedback, Questionnaires and Surveys. Our Services allows site visitors and customers to participate in surveys and questionnaires, which from time to time we may post on the Services or include in our communications to you. We also encourage our users to provide feedback to us about our Services. You grant us full rights to use in our discretion any suggestions or other feedback you provide to us. You are free to choose whether you participate in these activities. We may ask that, in addition to providing your responses, you also provide us with your contact data, which we will use for the purposes disclosed when you submit the data. We will also use information we collect through the surveys, questionnaires, and feedback for our internal use, including to better serve you and to improve our marketing and advertising. You agree that our use of the data you submit creates (no other obligation to you and, specifically, we have no obligation to compensate you for this use).
User Submissions. We may offer areas where you can submit data to us, including to post or submit content (“User Submissions”) (which means any and all data and content that you submit or post to the Services, including without limitation, messages, text, files, or other content you provide us). If you submit User Submissions, we may publish that data or content offline and online. It may be viewed, collected, and used by others and the protections of this Privacy Policy will not apply. Think carefully before you post and use caution before disclosing any personal data. Please review the Terms of Service for information on the rights that you grant to us in any content you choose to post in a forum.
Sweepstakes, Contests, Promotions. We may offer sweepstakes, contests or other promotions (any, a “Promotion”), that may require registration. By participating in a Promotion, you are agreeing to the provisions, conditions, or official rules that govern that Promotion, which may contain specific requirements of you (including, without limitation and except where prohibited by law, allowing the sponsor(s) of the Promotion to use your name, voice, likeness or other indicia of persona in advertising or marketing materials). If you choose to enter a Promotion, personal data may be disclosed to third parties or the public in connection with the administration of such Promotion, including, without limitation, in connection with winner selection, prize fulfillment, as required by law or permitted by the Promotion’s terms or official rules (such as on a winners list).
d. Disclosure of Data to Third Parties. We may share non-personal information that we collect, such as Device ID/Interaction Information, aggregate user statistics, and hashed or otherwise de-identified or pseudonymized information (including email addresses), and/or analyses derived from such information, with third parties in our discretion and as permitted by law, including for targeted advertising purposes. We may share personal data as disclosed when you provide it, when we have your consent to do so, as described elsewhere in this Privacy Policy.
Please note that we are not responsible for the privacy practices of any third party. If you decide that you do not want to receive communications from a third party, or have questions about their privacy practices, you will need to contact that third party directly.
Third Parties Providing Services on Our Behalf. To assist us in running our business and to perform certain services and functions on our behalf, your personal data may be collected by or disclosed, stored, and/or transferred (or otherwise made available) by and to third-party providers of services such as identification and background checks, cloud-based data hosting and maintenance, website hosting, record keeping, payment processing, transfer agent, email communication and customer support services, analytics, marketing, and advertising service providers, and to exchanges, trading platforms, and financial institutions. Additionally, we may share various information relating to our users and fraudulent or potentially fraudulent activities with our fraud prevention and similar service providers, and they will use this information to help us and their other clients prevent fraudulent and illegal transactions. Data we collect through our SMS/MMS/RCS text message programs is not shared with unaffiliated third-parties for their own direct marketing purposes without your specific consent.
Social Media and Similar Third Party Platforms and Features. We may offer you the opportunity to interact with and engage with our content on or through third-party social networking websites, plug-ins and applications, for example “liking” or “sharing” content from the Services, posting your social media posts to the Services, or including a hashtag associated with us in your social media post (“Social Media Features”). When you engage with our content on or through third-party social networking websites, plug-ins and applications, you may allow us to have access to certain data associated with your social media account (e.g., name, username, email address, profile picture and gender) to deliver the content or as part of the operation of the Services, plug-in or application. If others give us access to their profile, page, or other content on a third-party platform, we may also receive data about you if it is accessible through that content.
Also, both we and the third party may have access to certain data about you and your use of the Services and the third-party service. These third-party companies may collect data about your visit to our Services through the Social Media Features we have integrated into the Services. Note that through the Social Media Features, these third-party companies may be able to collect certain data about your visits to the Services regardless of whether or not you affirmatively interact with the Social Media Features and whether or not you are logged into (or have) an account with the third-party platform.
The data we collect in connection with Social Media Features is subject to this Privacy Policy; the data the third-party platform collects is subject to the third party’s privacy practices (including whether the third-party shares data with us, the types of data shared, and your choices about what is visible to others on the third-party platform). If you use Social Media Features, your interaction and personal data may be publicly disclosed on the Services and on the third-party platform. Your use of Social Media Features is subject to our Terms of Service.
Other Users of our Services. If you have opted in to our user search feature, we may make certain information about you available to other users of our Services. In such cases, we will share certain information from your profile, including your full name and wallet ID, with our Company user when they search for your email address or phone number through the user search feature. This helps other users know you are the person they are transacting with. You may opt out of user search visibility.
For Legal and Compliance Reasons. We and our third party providers may share your personal data to the extent we reasonably believe we are required to do so by law or to comply with legal or regulatory requirements, such as a warrant, subpoena, or other court order, or to protect against fraud, illegal activity, or as otherwise required or permitted by applicable domestic or international laws or legal processes. Your personal data may also be disclosed where necessary for the establishment, exercise, or defense of legal claims and to investigate or prevent actual or suspected loss or harm to persons or property, or to otherwise protect the rights, property, safety, or security of Company, users of the Services, and others. We may also use Device ID/Interaction Information, such as IP addresses, to identify users in cooperation with copyright owners, Internet service providers, website service providers, and/or law enforcement agencies, in our discretion and in accordance with applicable laws.
Affiliates. We may share certain personal data with our affiliates, meaning an entity that controls, is controlled by, or is under common control with any other entity of Company. For example, the entities that run Company’s cryptocurrency kiosk business, GPD Holdings LLC and CoinFlip Canada Inc., may share personal data with the entity that runs Company’s OTC trading business, CF Preferred LLC. Our affiliates may use the personal data we share in a manner consistent with this Privacy Policy, including for business, operational, and marketing purposes.
Business Transfers and Transitions. Your personal data may be provided to third parties in connection with a business transaction, including a merger or sale (including transfers made as part of insolvency or bankruptcy proceedings) involving all or part of Company or as part of a corporate reorganization, or stock or asset sale, or other change in corporate control, including for the purpose of determining whether to proceed or continue with such transaction or business relationship. Your personal data may also be one of the transferred assets as part of the transaction or bankruptcy. We may also share your personal data in the diligence process or to otherwise facilitate any such transaction, and with individuals assisting in the transaction or in connection with a bankruptcy.
4. Third Party Advertising & Analytics/Privacy Controls
The ads appearing on this Site, if any, may be delivered to users by third-party network advertisers, ad agencies, social media companies, analytics service providers, and other vendors to provide us with data regarding use of and traffic (including without limitation the pages viewed and the actions users take when visiting) and the effectiveness of our advertisements. These third parties may set and access their own tracking technologies on your device (including without limitation cookies and pixel tags) and may otherwise collect or have access to data about you (such as device identifier). Some of these parties may collect personal data over time when you visit the Services or other online websites and services.
Cookies and pixel tags, including without limitation those set by third-party network advertisers, may be used to (among other things): target advertisements, prevent you from seeing the same advertisements too many times, and conduct research regarding the usefulness of certain advertisements to you. We may share certain data such as device identifiers, hashed data, records of transactions you conduct on our Services or offline, and other types of de-identified or pseudonymized data with third-party advertising companies, analytics providers, and other vendors for advertising and analytics purposes. In addition, we and our third-party service providers may use this data to perform matching with third-party cookies in order to provide targeted online marketing. If you would like to opt-out of third party advertising and analytics, there are a variety of tools available to you:
· Our Tools. To disable sharing through cookies set on our site by third parties for advertising and analytics purposes, to opt out of certain cookies, please modify your cookie settings through the “Cookie Preferences” link in our website footer. To opt out of other forms of processing of your personal data for the purposes of targeted advertising, please complete the form at https://privacyportal.onetrust.com/webform/36bdb9d1-f751-4a50-9ca1-e6a57e5f036c/49aaa221-9589-46fd-9101-d20e6c5b5dfd or email [email protected]. Certain jurisdictions provide their residents further rights, please see Region-Specific Rights below regarding additional rights you have.
· Google Analytics. Provided by Google, Inc. (“Google”). Google Analytics uses cookies to help us analyze how users use the Site. The data generated by the cookie about your use of the Services will be transmitted to and stored by Google. Google will use this data for the purpose of evaluating your use of the Services, compiling reports on Services activity for operators and providing other services relating to Services activity and internet usage, including tracking which pages of our Services you visit so we can optimize your experience with our Site. Google may also transfer this data to third parties where required to do so by law, or where such third parties process the data on Google’s behalf. You can opt-out from the collection of this data by Google by downloading and installing a browser plug-in at https://tools.google.com/dlpage/gaoptout. For more information on Google Analytics privacy practices, read here and, for information on Google Analytics cookies expiration, read here.
· NAI/DAA Opt-Out. For more information on advertising cookies, please also consult the Network Advertising Initiative’s online resources at http://www.networkadvertising.org. You may find more information on what cookies and similar technologies have been set and how to manage and delete them at https://youradchoices.com/control. If you do not want Twitter specifically to show you interest-based advertising on and off Twitter, you can visit your Twitter settings under Personalization and data, or visit the Digital Advertising Alliance’s consumer choice tool at optout.aboutads.info. If you do not want Facebook to show you interest-based advertising, you can visit Facebook settings under Your Ad Preferences on Facebook. For mobile apps, you may be able to limit certain advertising practices using the settings on your phone, tablet or other mobile device. You may also download the AppChoices app at youradchoices.com/appchoices to opt out of the delivery of interest-based advertisements in participating mobile apps. Certain states provide additional rights. Please see our sections for residents below for additional rights you may have. To learn more about interest-based advertisements from participating third parties in Canada, please visit the Canadian DAA online choice page at http://youradchoices.ca/choices/.
Please note opting out through these mechanisms does not opt you out of being served advertising. You will continue to receive non-targeted advertisements while online. Your opt-out choices are browser and device specific; if you disable your cookies or upgrade your browser after opting out, or if you use different computers or browsers, you will need to indicate your opt-out choices across those other computers and browsers.
5. Your Choices
Marketing Communications from Us. We may provide you with the option to update your information or to opt out of marketing communications.
· Emails. If you no longer wish to receive marketing emails from us, you can opt out of these communications by clicking on the “unsubscribe” link included in those emails, or by contacting us at [email protected]. Please understand that you will not be allowed to opt-out of transactional notices or other legal and related notices concerning your relationship to the Services or your account, such as relating to your use of the Services, announcements, notices of changes to this Privacy Policy or our other terms, or similar administrative or transactional messages.
· Text Messages. If Company offers and you choose to sign-up to communicate with us via text message, you may unsubscribe by replying "STOP." You can also ask us to stop by writing, electronic messaging or calling us.
Data Privacy Choices. Depending on the functionality associated with the Services feature you are using, you may be able to update or delete certain of your personal data on the Services. We will take reasonable steps to make requested changes in our active databases. Note, however, that we may retain data that you have updated or deleted in backup systems or for internal or administrative purposes and for other reasons to the extent allowed by applicable law, such as to resolve disputes, troubleshoot problems and enforce our Terms of Service. Any deletion requests may be sent to [email protected]. Certain jurisdictions provide additional privacy rights, please see more in the Jurisdiction Specific Rights section, below.
Push Notifications. You can also turn off push notifications in your device settings.
6. Third Party Content and Links
This privacy statement applies only to personal data collected by us. Our Services may contain content and links to third party websites that are not owned or controlled by Company. Company has no control over, does not review and is not responsible for the privacy policies of or content displayed on such other websites. When you click on such a link, you will leave our Services and go to another site. During this process, another entity may collect personal data from you, and that collection is subject to the third party’s privacy policy/notice. Likewise, our content may be included on third parties’ web pages and web sites that are not associated with Company and over which we have no control.
Company is not responsible for the privacy practices of third party sites, and we encourage you to be aware when you leave our site and to read the privacy statements of each and every website that collects personal data.
7. Data Security
We have put in place commercially reasonable administrative, technical, and physical measures in an effort to prevent unauthorized access to or disclosure of personal data, and we take reasonable steps to secure and safeguard this data against loss, theft, and unauthorized use, disclosure, or modification. With that said, there is no such thing as 100% security of the networks, servers, and databases we operate or that are operated on our behalf. For example, email sent to or from the Services may not be secure. Before submitting any personal data via the Services, please be aware of these inherent risks and understand that you do so at your own risk.
8. Data Retention
We keep your personal data for as long as reasonably necessary for the purposes described in this Privacy Policy or in the Company’s records retention policies, while we have a necessary business reason to do so in connection with your account, or as required by law (e.g., for tax, legal, compliance, regulatory, accounting or other purposes), whichever is longer.
9. Jurisdiction and Cross-Border Transfer
The Services are controlled and operated by Company from the United States and are not intended to subject Company to the laws or jurisdiction of any state, country, or territory other than that of the United States. Company makes no representation that this Privacy Policy or the practices described in it comply with the laws of any other jurisdiction. If you are located outside of the United States, any data you provide to us will be transferred to the United States. Visitors who use the Services and reside outside the United States do so on their own initiative and are responsible for compliance with local laws, if and to the extent local laws are applicable.
Your personal data may be stored and processed in any country where we have facilities or in which we engage service providers, and, by using the Services and giving us your data, you consent to the transfer of data to countries outside your country of residence, including, without limitation, the United States, which may have data protection rules that are different from those of your country and may not provide the same level of protections as the laws of your country. Personal data processed or stored in another jurisdiction may be subject to access requests from governments, courts, or law enforcement in accordance with the laws of that jurisdiction.
10. General Audience
This Services are not directed to children younger than the age of 18. We do not knowingly seek to collect or maintain personal data or other data from children younger than the age of 18. We will use commercially reasonable efforts to delete any personal data or other data later determined to be provided by a child younger than the age of 18. If you become aware that a minor has provided personal data through our Services, please email us at [email protected].
11. Changes to This Privacy Policy
To the extent allowed by applicable law, we reserve the right to alter, modify, update, add to, subtract from or otherwise change this Privacy Policy at our discretion at any time. When we make material changes to this Privacy Policy, we will notify you by posting the updated Privacy Policy on our website, and we will update the effective date at the end of this Privacy Policy. We may also provide notice to you in other ways at our discretion, such as through contact data you have provided.
As this Privacy Policy may be modified from time-to-time, we encourage you to periodically review this Privacy Policy to stay informed about how we collect, use, and share personal data. Any changes will be effective immediately upon the posting of the revised Privacy Policy unless otherwise specified, and your continued use of the Service after the effective date of the revised Privacy Policy (or such other act as specified in the revised Privacy Policy) will constitute your consent to those changes to the fullest extent allowed by applicable law. We will not use your personal data in a manner materially different than promised at the time the data was collected without giving you the change to consent (which may be opt-out consent or which may occur through your continue use of the Services) to the new policy, as required.
12. Contact Us
If you have any questions about this Privacy Policy, the practices of the Services, or your dealings with the Services, please contact us at [email protected].
By Mail (US):
CoinFlip
433 W. Van Buren St. Suite 1050N
Chicago, Illinois 60607
13. Jurisdiction Specific Rights
Residents of certain U.S. states and countries may have the ability to exercise additional rights and choices regarding their personal data. We will take reasonable steps to accommodate your request, but may need to verify your identity before doing so. If you are a resident of a U.S. state with specific rights, please see additional information below. Residents of the EEA/UK/Switzerland, please see additional information below.
a. U.S. State Specific Rights
Colorado, Connecticut, Montana, Texas, Utah, and Virginia. We set forth above the categories of personal data we process, the purpose for processing personal data, the categories of personal data shared, and the categories of third parties with whom personal data is shared. Residents of Virginia, Colorado, Connecticut, Montana, Texas and Utah have certain privacy rights with respect to this data, as described below. If you are a Consumer residing in one these states (as defined in each state’s respective law) and would like to exercise your applicable rights, please complete this form (https://privacyportal.onetrust.com/webform/36bdb9d1-f751-4a50-9ca1-e6a57e5f036c/49aaa221-9589-46fd-9101-d20e6c5b5dfd ) or call 1-877-757-2646 to submit a request.
Access Your Personal Data/Data Portability (CO, CT, UT, VA Residents) - To confirm whether we are processing your personal data and request to access such data, please follow the instructions above. Where required by law, this includes to obtain a copy of the personal data we hold about you and, to the extent feasible and permitted by applicable law, in a readily usable format to allow data portability.
Delete Your Personal Data (CO, CT, MT, TX, UT, VA Residents) – Request to delete your personal data.
Correct Your Personal Data (CO, CT, MT, TX, VA Residents) – Correct the personal data we hold about you.
Opt-Out of Targeted Advertising (CO, CT, MT, TX, VA Residents)– Company engages in online advertising practices (and certain analytics or similar activities) that may be considered “targeted advertising” under these states’ laws. To disable sharing through cookies set by third parties that may be considered targeted advertising under such laws, manage cookie preferences here (https://privacyportal.onetrust.com/webform/36bdb9d1-f751-4a50-9ca1-e6a57e5f036c/49aaa221-9589-46fd-9101-d20e6c5b5dfd) or through the link in the footer of the website. Please also review the Third Party Advertising and Analytics section above for information on industry tools and device settings that may be available to you.
Opt-Out of Sales of Your Personal Data – Company may sell your data as defined by CO and CT. To opt-out of the sales of your personal data please follow the instructions above.
Right to Appeal (CO, CT, MT, TX, VA Residents) - If, for any reason, you would like to appeal our decision relating to your request and you are a resident of Colorado, Connecticut, Montana, Texas or Virginia, you have the right to submit an appeal and can do so by submitting this form (https://privacyportal.onetrust.com/webform/36bdb9d1-f751-4a50-9ca1-e6a57e5f036c/49aaa221-9589-46fd-9101-d20e6c5b5dfd) or calling 1-877-757-2646. Please include your full name, the basis for your appeal, and any additional information to consider.
Sensitive Data – If you are a Virginia, Colorado, Connecticut, Montana, or Texas resident, we will obtain your consent to the processing of any Sensitive Data (as defined by the applicable state law) we collect. If you are a resident of Utah, we will notify you at or before the time of collection of Sensitive Data (as defined by Utah law). If you wish to opt out of our processing of your Sensitive Data (as defined by the applicable state law), please complete this form (https://privacyportal.onetrust.com/webform/36bdb9d1-f751-4a50-9ca1-e6a57e5f036c/49aaa221-9589-46fd-9101-d20e6c5b5dfd).
Nevada. Company does not currently sell your covered information as those terms are defined under applicable Nevada law. You may still submit an opt-out request and we will honor that request as required by Nevada law if Company were to engage in such a sale in the future. If you are a Nevada resident and would like to opt-out of the sale of your covered information, please submit your request to [email protected]. Your request must include your full name and zip code. Please contact us from the email address you have used to interact with us, or else provide us with that email address in your Nevada Opt-Out request email. We may contact you via such email address as needed regarding this request. If you previously provided a phone number to us, including it in your Nevada Opt-Out request email will assist us in identifying you and processing your request. You may also be required to take reasonable steps as we determine from time to time in order to verify your identity and/or the authenticity of the request.
Vermont. If you are a Vermont resident, we will not share personal data we collect about you with nonaffiliated third parties, except as permitted by law, including, for example, with your consent or to service your account, or for joint marketing. We will not share personal data about your creditworthiness with our affiliates or for joint marketing other than as permitted by Vermont law, unless you authorize us to make those disclosures.
California. If you are a California resident, please see our NOTICE TO CALIFORNIA RESIDENTS below for additional information about your privacy rights and how to exercise them.
b. Canada
Quebec residents please also see the Notice to Quebec Residents below.
You may withdraw consent at any time (subject to legal or contractual restrictions and reasonable notice). Subject to certain limits set out in the applicable laws, Canadian residents also have the right to request access to the personal information that Company collects and to update or correct personal information if it is inaccurate. We may need to verify your identity before implementing your request.
Subject to applicable law, if you are a Canadian resident and would like to submit a request to access, correct, or update your personal information, or to withdraw consent to the processing of your personal data, you must submit your request to our data protection officer by sending an email to [email protected] or by calling 877-757-2646. You may also use this contact to submit any requests for information on our privacy practices or to submit a complaint regarding our practices. Your request or complaint must include your full name, street address, city, province, postal code, and an email address so that we are able to contact you if needed regarding this request.
We cannot properly process requests or complaints that do not come through the designated request mechanism or do not contain sufficient information to allow us to process your request. You may also be required to take reasonable steps as we determine from time to time in order to verify your identity and/or the authenticity of the request. Once your request is processed, absent exemptions, we will provide you with details regarding what personal information we have, how it is used, and with which third parties it is shared.
Notice to Quebec Residents
All Company personnel handling personal information will be subject to a duty of confidentiality and will ensure that personal information is handled in accordance with standard security measures. By using the Services, you acknowledge and agree that your personal information will be transferred outside of Quebec.
We may use certain technologies that allow you to be identified. These technologies include our third-party service providers that collect and analyze your biometric information to permit you to access and use the Services. We only collect this data with your opt-in consent and you may limit our processing of this data by contacting us. You can learn more about how we handle such data in Section 2 in main privacy policy above, and in our Biometrics Privacy Policy (https://coinflip.tech/terms/biometrics-privacy-policy).
We may also use certain technologies that allow you to be located. Such as when you opt-in to the collection of your location in order to help you locate Services near you. You may turn off the collection of location information through the settings on your device. You can learn more in Section 3 “Location Data” in the main privacy policy above.
We will only use your personal information for the purposes stated at the point of collection or as otherwise noted in this privacy policy. Subject to applicable law, if you are a Quebec resident and would like to submit a request to be informed, access, erasure, rectification, or to withdraw or restrict processing, you must submit your request by sending it to [email protected] or by calling 1-877-757-2646. You may also ask us to clarify the categories of persons that have access to your personal information and the applicable retention period. Your request or complaint must include your full name, street address, city, province, postal code, and an email address so that we are able to contact you if needed regarding this request.
Our data protection officer is in charge of the protection of personal information. You may contact our data protection officer by emailing [email protected] or calling 1-877-757-2646.
You may submit a complaint to the Commmision d’accès à l’information du Québec (CAI) by visiting: https://www.cai.gouv.qc.ca/a-propos/nous-joindre/.
You and we confirm that it is our wish that this Privacy Policy, any terms of use, and all other related policies be drawn up in English. Vous reconnaissez avoir exigé la rédaction en anglais du présent document ainsi que tous les documents qui s'y rattachent.
c. EEA, UK, Switzerland
· Notice to Individuals Located in the European Economic Area (EEA), the United Kingdom (UK), and Switzerland. If you are a resident of the European Union or other EEA countries, or of the UK or Switzerland, the following information applies.
Purposes of processing and legal basis for processing: As explained above, we process personal data in various ways depending upon your use of our Services. We process personal data on the following legal bases: (1) with your consent; (2) as necessary to perform our agreement to provide Services; and (3) as necessary for our legitimate interests in providing the Services where those interests do not override your fundamental rights and freedoms related to data privacy.
Right to lodge a complaint: Users that reside in the EEA, UK, or Switzerland have the right to seek information and assistance or lodge a complaint about our data collection and processing actions with the supervisory authority where they reside. Contact details for data protection authorities are available here. EEA: https://edpb.europa.eu/about-edpb/board/members_en, UK: https://ico.org.uk/, Switzerland: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/links/data-protection---switzerland.html.
Transfers: Personal data we collect may be transferred to, and stored and processed in, the United States or any other country in which we or our affiliates or subcontractors maintain facilities. We ensure that transfers of personal data to a third country or an international organization are subject to appropriate safeguards as described in Article 45-49 of the GDPR.
Withdraw consent: If we have collected personal data with your consent, you have the right to withdraw that consent at any time.
Access: You have the right to request access to personal data we collected about you and information about its sources, purposes, and sharing.
Correction: You have the right to request that we correct the personal data we hold about you if it is inaccurate or incomplete.
Erasure: You have the right to request that we erase data we have collected from you. Please note that we may have a reason to deny your deletion request or delete data in a more limited way than you anticipated, e.g., because of a legal obligation or right to retain it.
Portability: You have the right, in certain circumstances, to request that we provide your personal data to you in a format that can be transferred to another entity.
Restrict Processing: You have the right, in certain circumstances, to request that we limit our processing of your personal data if you are (1) contesting the accuracy of your personal data, (2) asserting that our processing is unlawful; (3) asserting that we no longer need to keep the data for reasons related to the establishment, exercise, or defense of legal claims, or you object to our processing.
Object: You have the right to object to our processing if we are processing your personal data based on legitimate interests, using your personal data for direct marketing (including profiling), or processing your personal data for purposes of scientific or historical research and statistics.
Automated Decision-making: You have the right, in certain circumstances, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on you.
Verification Procedures: We must verify your identity for everyone’s protection, so we may require you to provide us with verification information prior to accessing any records containing personal data about you. We do this by:
· Asking you to provide personal identifiers we can match against information we may have collected from you previously and confirm your request using the email or telephone account stated in the request; or
· Having you submit your request through your account page, which will automatically verify your identity and will result in faster processing of your request.
We will use the data you provide for verification only for the purpose of verification. We may have a reason under the law why we do not have to respond to your request or respond to it in a more limited way than you anticipated. If we do, we will explain that to you in our response.
14. Notice to California Residents
This California Privacy Notice is effective as of June 28, 2024.
This notice supplements our Privacy Policy and applies only to California residents. This California Privacy Notice sets forth the disclosures and rights for California Consumers regarding their Personal Information, as required by the California Consumer Privacy Act of 2018 (“CCPA”), the California Privacy Rights Act of 2020 (“CPRA”), and any implementing regulations adopted thereunder. Terms (including defined capitalized terms) used in this California Privacy Notice have the same meanings given in the CCPA and CPRA and the associated regulations, unless otherwise defined.
EXERCISING YOUR CALIFORNIA RIGHTS
California Consumers have the right to request: (1) that we disclose to you what Personal Information we collect, use, disclose, and sell, including the right to request that we provide to you the categories and specific pieces of Personal Information we have collected about you (“Right to Know”); (2) that we delete the Personal Information we collect about you (“Right to Delete”); (3) that we correct inaccurate Personal Information we hold about you (“Right to Correct”), (4) to opt-out from the sharing of your Personal Information and Sensitive Personal Information to a third party for cross-context behavioral advertising (i.e., targeted advertising) (“Right to Opt-Out of Sharing”), (5) to opt-out from the sale of their Personal Information and Sensitive Personal Information (“Right to Opt-Out of Sale”), and (6) that we limit the use or disclosure of your Sensitive Personal Information to purposes set forth in the statute, including that use which is necessary and anticipated to perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services (“Right to Limit The Use and Disclosure of Sensitive Personal Information”), all subject to the meanings and exceptions set forth in the CCPA and CPRA. More information on each of these rights is below.
In your request, you must provide enough information to allow us to verify you are the person about whom we collected personal information, or their authorized representative. You must also describe your request with enough detail so that we can understand, evaluate and respond to it. We can’t respond to your request if we can’t verify your identity. Making such a request does not require you to create an account with us, and we will only use the information you provide in a request to verify your identity.
Verifying Your Requests
We will take reasonable steps to verify your identity based upon the information you provide and the type of request you are making.
When you exercise your Right to Know, Right to Delete, and/or Right to Correct, we may ask that you provide us with information, beyond your full name, in order to verify your identity and fulfill your request. If we are unable to verify that the individual submitting the request is the same individual about whom we have collected information (or someone authorized by that individual to act on their behalf), we will not be able to process the request.
Agents
If you are an authorized representative submitting a request on a user’s behalf, please complete the applicable request per the instructions below. We will follow up to request a signed, written permission signed by the individual who is the subject of the request authorizing you to make the request on their behalf. The written permission must state your full legal name, the full legal name of the individual who is the subject of the request and needs to be clear about the permission granted. Alternatively, you may submit a copy of a power of attorney under Probate Code sections 4000-4465. In either case, please also indicate in your email the nature of your request. The consumer’s identity, in addition to your own, will need to be independently verified in order for us to be able to fulfill your request. We may also ask the consumer to directly confirm with us that they provided you permission to submit a request. Please keep in mind that if we do not receive adequate proof that you are authorized to act on the consumer’s behalf, we may deny the request.
Right to Know
California Consumers have the right to know what information we have collected about you (the categories and the specific pieces of information).
If you are a California Consumer and would like to exercise your Right to Know, please submit your request by completing this form (https://privacyportal.onetrust.com/webform/36bdb9d1-f751-4a50-9ca1-e6a57e5f036c/49aaa221-9589-46fd-9101-d20e6c5b5dfd) or by calling us toll-free at 1-877-757-2646.
In order to have us provide specific pieces of information, we will require a signed declaration under penalty of perjury that you are the consumer whose Personal Information is the subject of the request.
Right to Delete
California Consumers have the right to request that we delete information we have collected from you. If you are a California Consumer and would like to exercise your Right to Delete, please submit your request by completing this form (https://privacyportal.onetrust.com/webform/36bdb9d1-f751-4a50-9ca1-e6a57e5f036c/49aaa221-9589-46fd-9101-d20e6c5b5dfd) or by calling us at 1-877-757-2646.
Please note that as part of the verification process, once you submit a request to delete, we may follow up and require you to confirm that you want your information deleted.
Right to Correct Inaccurate Information
California Consumers have the right to request that we correct inaccurate information we hold about you. If you are a California Consumer and would like to exercise your Right to Correct, please submit your request by completing this form (https://privacyportal.onetrust.com/webform/36bdb9d1-f751-4a50-9ca1-e6a57e5f036c/49aaa221-9589-46fd-9101-d20e6c5b5dfd) or by calling us at 1-877-757-2646.
Right to Limit The Use and Disclosure of Sensitive Personal Information. As disclosed in the chart below, we may collect certain information which is considered Sensitive Personal Information under California law. This includes: SSN, government ID and passport information, racial or ethnic origin, religious or philosophical beliefs; sexual orientation, precise geolocation data, and biometric information (collected solely for identity verification and fraud prevention purposes). If you are a California Consumer and would like to limit our use or disclosure of such Sensitive Personal Information, please submit your request by completing this form (https://privacyportal.onetrust.com/webform/36bdb9d1-f751-4a50-9ca1-e6a57e5f036c/49aaa221-9589-46fd-9101-d20e6c5b5dfd) or by calling us at 1-877-757-2646.
Do Not Sell or Share for Cross Context Behavioral Advertising
California Consumers have the right to opt-out of the sale of your Personal Information (Company does not sell Personal Information for monetary compensation) and to opt-out of the sharing of your Personal Information or Sensitive Personal Information to a third party for cross-context behavioral advertising (i.e., targeted advertising). If you are a California Consumer and would like exercise your Right to Opt-Out of the Sale and Sharing of your Personal Information, please submit your request by completing this form (https://privacyportal.onetrust.com/webform/36bdb9d1-f751-4a50-9ca1-e6a57e5f036c/49aaa221-9589-46fd-9101-d20e6c5b5dfd) or by calling us at 1-877-757-2646.
Cookie Based Opt-Outs for Do Not Sell or Share
The Company engages in online advertising practices (and certain analytics or similar activities), which may be considered a “sale” or “share” for cross-context behavioral advertising as defined in the CCPA and CPRA. To opt out of certain tracking cookies set by 3rd parties that may be considered "sales" or “sharing” under the CCPA and CPRA, please modify your cookie settings by clicking the “Cookie Preferences” link in our website footer.
In addition, the Digital Advertising Alliance also offers tools for California consumers to send requests under the CCPA and CPRA to opt out of the sale of personal information by some or all of the participating companies: https://www.privacyrights.info/.
Do Not Track & Global Privacy Control
Global Privacy Controls (“GPC”) and Do Not Track (“DNT”) offered by some web browsers are settings that automatically inform websites of your privacy preferences with regard to third party online tracking, including exercising your rights and requesting the web application to disable tracking you. When you choose to turn on the GPC/DNT setting in your browser, your browser sends a special signal to websites, analytics companies, ad networks, plug in providers, and/or other web services you encounter while browsing to ensure your privacy rights and to stop tracking your activity. You can learn more about, and set up, GPC at https://globalprivacycontrol.org/#about and set up DNT at http://www.allaboutdnt.com. We comply with GPC as required under applicable law, but because there is not yet an accepted standard for how to respond to browser DNT signals, we do not currently respond to them.
Data Retention
Company retains all categories of Personal Information in this California Privacy Notice for as long as reasonably necessary for each disclosed purpose outlined in this California Privacy Notice. We store personal information for as long as necessary for the purposes for which it was collected or for which you subsequently authorize it and otherwise to carry out the purposes described in this Privacy Policy.
Company criteria for determining the period of time in which we will retain Personal Information also considers the time period reasonably necessary to: provide the Services to you; exercise the choices and rights you have requested; comply with our contractual obligations; enforce our terms for use of the Services; and comply with legal and regulatory requirements.
Users Younger Than 18
Company does not knowingly Sell or Share Personal Information of users younger than under 18 years of age.
Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights
California consumers have the right to not receive discriminatory treatment for exercising CCPA and CPRA rights. We will not discriminate against you for exercising your CCPA and CPRA rights.
Notice of Financial Incentive Under California regulation, certain aspects of our loyalty and similar programs, which provide benefits to consumers, may be considered a financial incentive program. We collect personal information from you in connection with our loyalty program, e.g. contact information (name, email address, residential address) and commercial information (like purchase history) for a number of reasons, including to administer the program, contact you with regard to your account (if any), to provide the benefits to you, to better serve you, and to fulfill your requests associated with the program. To opt into our loyalty or similar programs, as set forth herein you will need to provide certain information, register for an account and agree to the applicable program terms, or otherwise follow the instructions associated with the loyalty or other similar programs. Participation in our loyalty or other similar programs is voluntary and you can withdraw at any time. To the extent that we provide programs that may be considered a financial incentive because the program is directly or reasonably related to the collection, deletion or retention of consumer personal information, the value is reasonably related to the overall value we receive from the personal information participants provide specific to the program minus the costs and expenses we incur in providing the program.
PERSONAL INFORMATION WE COLLECT
The Personal Information we collect about you will depend upon how you use our Services or otherwise interact with us. Accordingly, we may not collect all of the below information about you.
In addition to the below, we may collect and/or use additional types of information and will do so after providing notice to you and obtaining your consent to the extent such notice and consent is required by the CCPA and CPRA.
View Table of Information We May Collect (https://20327482.fs1.hubspotusercontent-na1.net/hubfs/20327482/CoinFlip%20Privacy%20Policy.pdf)
Other California Privacy Rights/“Shine the Light” Law
California law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their Personal Information (if any) for such third parties’ direct marketing purposes in the prior calendar year, as well as the type of Personal Information disclosed to those parties. However, Company does not share your Personal Information with third parties for their direct marketing purposes.
15. Prevailing Language
In the event this document is available in multiple languages, the English version of these Terms represents the understanding of both Parties. Any other version is provided as a translation. In the event of conflict between the two versions, the English version shall be controlling.