Privacy Policy
Last updated: January 16, 2023
Nexus Finance Ltd. (Coinpanda,” “we,” “us,” or “our”) operates the https://coinpanda.io website (“Website”) and social media sites and public messenger channels (“Social Media Pages”). When you use our Service, we obtain certain Personal Data that can be used to contact or identify you. Personal Data is any information related to an identified or identifiable natural person (“Data Subject”). Such Personal Data may include your e-mail address, name, or other Personal Data you upload to the Website or communicate on the Social Media Pages. This Privacy Policy informs you about the collection, use, and disclosure of information that directly or indirectly identifies you (“Personal Data”) when you use our Service.
This Privacy Policy governs the processing conducted by us in the context of providing our Service to persons in the EU who are governed by the EU General Data Protection Regulation (GDPR). For Swiss or non-EU customers, only the provisions of the Swiss Federal Data Protection Act are applicable.
Use of personal data
We process your Personal Data for the following purposes:
- providing the Website and Service,
- answering and reacting to any communication or requests provided to us,
- addressing and performing the application process,
- complying with our legal obligations,
- enforcing our legal rights
- marketing our Service to potential and existing customers
Legal basis for data processing
The legal basis for data protection is contained in the Swiss Data Protection Act (DPA), or for natural persons based in the EU, the General Data Protection Regulation (GDPR).
We process Personal Data under the following grounds and applicable legal basis.
For the safeguarding of our and third-party legitimate interests
To safeguard our legitimate interests and those of third parties, we also process your Personal Data for the following purposes:
- to manage risks;
- to assert legal claims and enable defense in legal disputes;
- to prevent violations of the law;
- to ensure IT security and IT operations;
- to take measures to ensure the security of our systems;
- to take measures for business management purposes and the development and marketing of services and products, and;
- to provide tailored customer service
For the fulfillment of contractual obligations
Your data will be processed to provide our Services and related ancillary services as part of the execution of our contracts with you. The purposes of data processing are based primarily on the specific service requested.
On the basis of your consent
Provided your consent has been given, by accepting the Terms of Service or this Privacy Policy, we are legally permitted to process your Personal Data for specific purposes. You can withdraw this consent at any time. Please note that the withdrawal of consent has no retroactive effect on the use of your data.
Consent is also often required for sending you newsletters. Such consent is deemed given by accepting the Terms of Service or this Privacy Policy. This consent can be withdrawn anytime by clicking the unsubscribe link at the bottom of any newsletter.
On the basis of statutory requirements or in the public interest
We are subject to various national and international regulatory obligations under which we are required by law to carry out certain processing.
Data processing outside the EU
We process your Personal Data in Switzerland, the EU/EEA (EU), and the USA. To carry out transfers to third countries, we adhere to the requirements set out in Article 46 of GDPR by ensuring appropriate safeguards are implemented.
Data security
We have implemented technical safeguards for processing your Personal Data according to applicable law. For the best possible security of your Personal Data, our Service through the Website is provided via a secured SSL connection between your server and the browser. That means that the data shall be transferred in encrypted form. Further details of these technical and organizational measures are available upon request.
Personal data in job applications
If you are applying online for a job at Coinpanda, you must provide certain information via our online application form. To evaluate your application properly, we need at least your name, e-mail address, or similar information. On a voluntary basis, you may further add a link to your website or social profile, your blog, or your website.
We process your Personal Data for fulfilling our contractual or pre-contractual obligations (based on Art. 13 (2) a. DPA or Art. 6 (1) b. GDPR) or – as applicable – for the employment relationship with you. We are collecting and processing those data for the sole purpose of managing our recruitment-related activities and for organizational planning purposes. Consequently, we may use your Personal Data in relation to the evaluation and selection of applicants, including setting up and conducting interviews and tests, evaluating and assessing the results thereto, and as is otherwise needed in the recruitment processes, including the final recruitment.
In particular, we use your Personal Data to communicate with you and to facilitate your application, including offering an online application system. In some cases, we also need to vet potential staff members. However, if this is the case, we will contact you and seek your permission for the vetting process. Additionally, we will maintain adequate records of the application process for the period in which claims can be brought against us.
In some circumstances, we may receive or collect and handle information related to medical information, ethnic origin, religion, or criminal records. This processing is either carried out based on a legal requirement, such as the administration for tax purposes and social security laws, or based on your express consent.
If you provide us with your consent, we will keep you informed about other opportunities. If we do not hire you, we may – with your explicit consent – store your application data for a maximum period of 12 months to contact you in case of new job opportunities.
Contact form or other means of contact
If you send us any requests via the online contact form or send us an e-mail or otherwise contact us, your details in this online form or request, including the contact data, name, e-mail address, and other data provided respectively, are processed by us to deal with your inquiry or to be able to contact you at a later time for follow up questions. These data are processed only based on initiating a business relationship or performing our contractual obligations (legal basis Art. 13 (2) a. DPA or Art. 6 (1) b. GDPR).
Log Data
Whenever you access our website, usage data is transmitted through your internet browser and saved in log data (server log files). This data includes e.g. name of the page accessed, date and time of access, amount of data transferred, and the requesting provider as well as IP addresses. This data is processed on the legal basis of our legitimate interests and serve exclusively to guarantee the trouble-free operation of our website, and the security of our servers and to improve our offer.
Third-party service providers
We may employ third-party companies and individuals to facilitate our Service, to provide the Service on our behalf, to perform Service-related services, or to assist us in analyzing how our Service is used.
These third parties have access to your Personal Data only to perform these tasks on our behalf. They are contractually obligated in accordance with the processor requirements in Article 28 of GDPR.
These processors include:
- Server providers
- Analytics providers
- Marketing agencies and marketing service providers
- Newsletter providers
- Accounting services providers
- IT service providers
Google Single Sign On
When registering a user account, you also have the option of using a single sign-on account (“SSO”). Our website allows you to use the SSO services offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google’s Privacy Policy and Terms of Use apply to the registration and use of the Google SSO service, see https://policies.google.com/privacy/.
Please note that the registration for and the use of SSO services are subject to the privacy policy and terms of use of Google.
If you decide to register using your SSO, you will be redirected to Google in the first step. Google will ask you to enter your login details or register with the SSO service. This prompt may be skipped if you are already logged in to the SSO. We will not be informed of the login details of your SSO, as they will not be transmitted to us.
In the second step, you will be asked to link your SSO profile with our website. We will use the data provided by Google during the registration process to create a user account on our website for you. During this step, you will also be informed about the data that we will be able to request from Google. Generally, this data includes your name, profile and title picture, your gender, and your username with the respective SSO provider. Furthermore, we will need the e-mail address stored in your SSO profile to register your user account on our website. If you consent to us using your above data for the purposes described above, you will be redirected to our website to complete the registration of your user account.
In the event that you wish to use our website with your SSO, Google will become aware that you wish to register a user account on our website. Google will usually place a cookie in your browser when you click on the button with the relevant SSO provider’s logo. Google may use this cookie to collect further information about you and your browsing behavior. The information generated through the cookie is transferred to the servers of Google. These servers may be located in a third country, such as the United States. Your information will be saved there and possibly merged with other profile data that Google has stored about you. This may result in Google creating user profiles that include information about you that exceeds what you have provided.
Google has signed up for the EU-US Privacy Shield for cases in which personal data is transferred to Google in the United States. According to the regulations of the GDPR, such certification offers a sufficient guarantee for compliance with the European data protection level for processing outside the EEA. More information can be found at https://www.privacyshield.gov/EU-US-Framework.
You can terminate the link between our website and your SSO profile by logging into your SSO profile and adjusting your preferences as necessary. By doing so, you can deny us the right to access and use the information from your SSO profile.
The legal basis for processing the single sign-on function offered on our website is your consent in accordance with Art. 6 (1) a. GDPR.
Newsletter
Coinpanda publishes its product update newsletter to provide up-to-date information about our products and services, as well as a newsletter on crypto tax news to which anyone could opt-in. We send the product newsletter after a user creates an account on the website or registers with an email via the mobile app.
We use the provider Sendinblue.com to send our product and crypto tax newsletters.
The data required to provide you with the newsletter stored during the website registration process will be transmitted to Sendinblue’s servers in the European Union, which will be stored in compliance with GDPR. The data entered during registration will not be transferred to other third parties. Furthermore, Sendinblue offers various ways to analyze how the newsletter is opened and used once it is sent, e.g. how many users an email will be sent to, whether emails failed to deliver and whether users unsubscribed from the list after receiving an email. However, these analyses are performed in bulk and are used for statistical analyses only, and no individual analyses are provided.
For more information about data privacy at Sendinblue, please see https://www.sendinblue.com/gdpr/.
OPT-OUT: You can unsubscribe to the newsletter at any time by using the contact information on the website or clicking the unsubscribe link in the footer of every newsletter.
Data processing on our social media pages
We operate the following Social Media Pages on the following networks (“Social Media”):
- Twitter: twitter.com by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; please also refer to https://twitter.com/en/privacy, Opt-out: https://twitter.com/personalization
- LinkedIn: linkedin.com or LinkedIn mobile app by LinkedIn. LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland; please also refer to https://www.linkedin.com/legal/privacy-policy / Opt-out: https://www.linkedin.com/psettings/privacy
- Reddit: reddit.com by Reddit, Inc., 548 Market St. #16093, San Francisco, CA 94104, USA and Reddit, Inc., c/o First European Data Rep B.V., Schiphol Boulevard 195, 1118 BG Schiphol, The Netherlands, please also refer to eurepresentative@reddit.com / https://www.redditinc.com/policies/privacy-policy
- Facebook: by Facebook Ireland Ltd. 4 Grand Canal Square Grand Canal Harbour Dublin 2 Ireland. Please refer to the Privacy Policy of Facebook: Facebook Privacy Policy
- Instagram: Facebook Ireland Ltd. 4 Grand Canal Square Grand Canal Harbour Dublin 2 Ireland. Please refer to the Privacy Policy of Facebook
- Youtube: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Please refer to the Privacy Policy of Google: https://support.google.com/youtube/answer/2801895?hl=en
When using Twitter, LinkedIn, Reddit, or any other social media site, data may also be processed outside the EU. Please read the privacy policy and the safeguards on data transfer of each provider before signing up for the services.
With our Social Media Pages, we can communicate with you and provide you with interesting information. We may receive further data from you through your comments, shared images, messages, and reactions, which we then process to answer or communicate with you. If you use Social Media on several end devices, a cross-device analysis of the data can occur.
Furthermore, the providers of the Social Media Pages may also use cookies and tracking technologies to analyze and improve their services.
Data processing takes place with your consent or for the purpose of answering your inquiry (Art. 13 (1) DPA or Art. 6 (1) a., b. GDPR) or based on legitimate interests in improving the services and presentation to the outside world (Art. 13 (2) DPA or Art. 6 (1) f. GDPR).
By signing up for any of the above services, you have consented to the processing by the service provider as set out in terms of services.
Your rights under GDPR
In certain circumstances, you have the following rights relating to your Personal Data (Art. 13-22 GDPR):
- To request access to your Personal Data. This is to enable you to receive a copy of the Personal Data we hold about you and to check that we are processing it lawfully.
- Request correction (rectification) of the Personal Data we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- To request the erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data in certain circumstances. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below).
- To object to the processing of your Personal Data where we are relying on the public interest or our legitimate interests (or those of a third party) or processing your data for direct marketing purposes.
- To request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of Personal Data about you: for example, if you want us to establish its accuracy or that we are properly using it. This means that it can only be used for certain limited purposes, such as dealing with legal claims or exercising our legal rights. In this situation, we would not use or share your information in other ways while it is restricted.
- To request the transfer of your Personal Data to another party where we process it based on your consent and the processing is automated.
- To withdraw your consent allowing us to send marketing communications to you or collect or use your Personal Data in any other way.
Please note that exercising some of these rights may mean that we cannot provide our services to you because some of the information is necessary for some services. In other cases, it may mean that we are providing services based on incomplete information, which may result in those services not meeting your needs or expectations.
Furthermore, you have the right to complain to the competent supervisory body (Art. 77 GDPR).
Storing and deleting your personal data
The Personal Data is deleted if you withdraw your consent or such Personal Data are no longer necessary for processing. Specific deletion periods are set out in this Privacy Policy referring to the specific data or are implemented by us according to the following measures: Settings and measures provided by the engaged third-party providers, affected interests by the data subjects, our legitimate interest of deleting data economically, etc. Furthermore, we store your Personal Data if we are obliged to do so in accordance with legal retention periods that apply under commercial and tax law.