PRIVACY POLICY
INTRODUCTION
Customer privacy and data protection are fundamental principles of Digital Assets d.o.o. (hereinafter: we, us, our, the Company).
The Privacy Policy (hereinafter: the Policy) explains what Customer data the Company collects, the purpose of collecting and processing the data, the data storage period, the transfer of data to third parties, and Customer rights.
The Policy is integral to the Company's General Terms and Conditions.
The Bitcoin Store Platform may contain links that lead the Customer to the websites of other service providers. In that case, the Company's Policy does not apply.
DATA CONTROLLER
Digital Assets d.o.o.
Hrvatske mornarice 1/C, 21000 Split, Croatia
VAT: 37096783668, Company reg. number: 060297216
Contact number: +385 21 209 852
E-mail address: zop@bitcoin-store.hr
CUSTOMER DATA COLLECTION
The Company collects Customer data depending on the type of Service provided to the Customer.
Customer data is collected: during visits and use of the Platform, by performing Services that the Company provides through the Platform and Branches, during the establishment and duration of a business relationship, through communication channels and video surveillance systems, by participating in prize games, and while performing other tasks for which the Company is authorized.
The data collected include:
- location and IP address used by the Customer to access the Platform,
- identification data,
- contact information,
- socio-demographic data,
- publicly available information,
- transaction data,
- financial data,
- data on contracted Services,
- data on completed Services,
- data on communication with the Company,
- other data based on the use of Services,
- additional data obtained with the Customer's consent.
The Company, as the data controller, protects the privacy and data of Customers following the General Data Protection Regulation (EU) 2016/679.
PURPOSE OF COLLECTING AND PROCESSING CUSTOMER DATA
The Company collects and processes data for its business operations and when lawful. Data processing is lawful when one of the following legal grounds exists:
- the Customer has given consent for the processing of their data,
- processing is necessary to fulfill a contractual obligation to the Customer or to take action at the Customer's request before entering into a Contract,
- processing is necessary to comply with the Company's legal obligations,
- processing is necessary to protect the vital interests of the Customer,
- processing is necessary for the performance of a task in the public interest,
- processing is necessary for the legitimate interests of the Company or a third party, except when those interests are overridden by the interests or fundamental rights and freedoms of the Customer that require the protection of personal data.
STORAGE OF CUSTOMER PERSONAL DATA
The Company will delete and no longer process Customer personal data if data is no longer needed for the purpose for which it was collected, and at the latest upon the expiration of the legal deadlines that obligate the Company to store Customer data.
Transaction data must be stored per legal storage deadlines, resulting in the right to their deletion is legally limited.
Depending on the purpose of data processing, in some instances, the Company may store Customer data for longer or shorter periods than those previously stated.
TRANSFER OF CUSTOMER DATA TO THIRD PARTIES
The Company does not share Customer data with third parties, except in cases where data transfer is necessary to provide the Customer with the Company's Service.
Before the Company enters into a contract with a third party, each service provider and business partner is individually reviewed. We require these third parties to adhere to certain conditions to protect all data they process.
Data is transferred to servers within the European Union (EU) and the European Economic Area (EEA). However, some of our service providers are located outside the EU and EEA. In this case, the Company requires that appropriate data protection is present with the third party following GDPR.
Customer data may be forwarded to a competent authority or another institution to submit reports or fulfil the Company's legal obligations.
CUSTOMER RIGHTS
At any time, the Customer has the right to:
- INFORMATION AND ACCESS – request confirmation regarding the collection, processing, storage period, and transfer of data to third parties, as well as request access to personal data,
- CORRECTION – request correction of personal data if the data is inaccurate, incomplete, or needs updating, along with providing appropriate documentation confirming the change,
- ERASURE – request data deletion if it is no longer necessary with the purpose for which it was collected or otherwise processed,
- TRANSMISSION OF DATA – receive and transfer data to another data controller if technically feasible, and this right should not negatively impact the rights and freedoms of others,
- COMPLAINT – withdraw consent or object to data processing,
- WITHDRAWAL OF CONSENT – withdraw the consent given to the Company, which does not affect the legitimacy of data processing,
- RIGHTS RELATED TO AUTOMATED DECISION-MAKING AND PROFILING - the right not to be subject to a decision based primarily on automated processing,
- LIMITATION OF PROCESSING - the right to contest the accuracy of data for the period necessary for the Company to verify its accuracy.
To exercise their rights, the Customer may contact the Company by sending a written notice or request:
- by email to zop@bitcoin-store.hr or
- by regular mail to: Digital Assets d.o.o., Hrvatske mornarice 1 / C, 21000 Split, Croatia
Note: If the request is sent via email, using the same email address registered in the Customer profile is mandatory.
The Company will reply to the request within 30 days of receipt. If the request is complex or multiple, the Company may extend the response time and will inform the Customer. No fee is charged for processing the request.
If the request is rejected, the Company will inform the Customer of the reasons and the right to complain to the relevant Croatian or EU data protection body. In the Republic of Croatia, it is AZOP - Agency for Personal Data Protection. In the EU, the competent body is the European Data Protection Supervisor.
DATA PROCESSING SECURITY
The Company implements appropriate technical, organizational, and personnel measures to implement data protection principles and Customer rights effectively.
Technical and organizational measures ensure that the collected Customer data is encrypted, confidential, and protected in the event of a physical or technical incident. Measures include regular testing, risk assessment, and effectiveness of measures to ensure data security.
Personnel measures ensure that data processing and availability are not automated. Still, the data is accessible to a limited number of employees. The data is protected from intentional and unauthorized deletion. Data protection measures include a confidentiality obligation after the employment relationship ends.
CHANGES AND AMENDMENTS TO THE POLICY
The Company reserves the right to change any part of the Policy at any time.
The amended Policy becomes effective upon publication on the Platform. It implies that the Customer confirms that they have read, understood, and accepted all provisions of the Policy.
This amended Policy comes into effect on October 25, 2022, and replaces the Privacy Policy that applied before that date.