Privacy Policy
This Privacy Policy governs the collection, use, maintenance, and disclosure of information that the CoinShares Group collects from its users.
Our Commitment to Data Privacy
Protecting the privacy of individuals who provide us with Personal Data (as defined below) is very important to CoinShares International Limited (“CoinShares”, “we”, “our”, us) and to the way we do business. You have shown your trust in us by interacting with www.coinshares.com and we value that trust.
To this end, we are committed to respecting local data privacy legislations (together “Applicable Laws”), in particular,
the United Kingdom General Data Protection Regulation and Data Protection Act 2018,
the Data Protection (Jersey) Law, 2018 and the Data Protection Authority (Jersey) Law, 2018 (together the “DPL”),
the (EU) 2016/679 General Data Protection Regulation of the European Parliament and of the Council of 27 April 2016 on the protection of persons with regard to the processing of personal data (“the GDPR”).
General Provisions
This Privacy Policy (the "Policy") describes how we collect, use, store, share and protect your Personal Data when you use the Websites. The term "Personal Data" used in this Policy, refer to the term defined in Article 4 of the GDPR.
This Policy applies when you ("you", "Client", "User", “Visitor”) access, visit or use any portion of the Websites. Please read this Policy carefully. For more detailed information on how we use cookies on the Websites, please see our Cookie Policy.
Data Protection Officers
When you are using the Website, we are the Personal Data Controller. This means that we determine the purposes and means by which your data is processed. “Controller”, “Joint controller” or “Processor”, used in this Policy, refer to the terms defined in Article 4 of the GDPR.
Pursuant to Article 37 of the GDPR, we are not required to appoint a Data Protection Officer at the group level, although we understand the importance of ensuring good governance of this system.
We have appointed our Compliance Function with the duty to ensure that our processing operations comply with this Policy and, more generally, with the Applicable Laws. The Compliance Function will endeavour to answer any questions or requests in relation to the processing of your data, your rights, and our Policy. However, the Compliance Function is not the same as a Data Protection Officer.
If you have any questions or requests regarding the processing of your Personal Data, please email us at the following address: [email protected]
What happens if you do not provide your Personal Data?
The provision of your Personal Data may be:
necessary to enter a contract with us (e.g., due diligence documents and financial data), but not mandatory as you could refuse to provide it. In that case, it will however expose yourself to the risk of seeing the benefit of a contract taken away from you;
necessary, for us to be able to answer your question (e.g., when you reach out to our Customer Support and provide identification data), or solve your issue (e.g. while making a complaint). In that case, failure to provide such Personal Data could prevent us from handling these matters effectively;
not mandatory (e.g., non-necessary cookies and tracking technologies), as it is only based on your consent. If you refuse to provide some of these personal data, it could however prevent us from offering the best user experience of our Websites.
Automated decision-making and profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you. Please note that we may use automated decision-making systems, especially in the context of preventing fraud in relation to our regulatory obligations. Our Compliance Function may proceed to risk screening of CoinShares potential investors to ensure we can comply with AML/CFT regulations. However, no decision is exclusively based on such a type of processing, and each decision always requires human intervention at the very end. This means that the benefit of a contract could be taken away from you, but by means of a decision that is not fully systematised.
How we process your Personal Data
We collect and process information relating to you and your use of the Websites and its related services you can access through browsing. How we handle it differs as set out below:
Activities | Personal Data | Purpose(s) | Legal basis | Retention period |
---|---|---|---|---|
Client of our financial services | Identification data (your first and last name, postal address and email address, telephone number, your citizenship(s), type of investor) | - Provide the CoinShares services and customer support - Process transactions and send notices about your transactions - Resolve disputes and collect payments and/or fees - Verify the accuracy of and authenticate your information - Detect, investigate, and prevent potentially prohibited or illegal activities, such as fraud or money laundering - Communicate about accounts or transactions and send information about features and enhancements - Contact you - Communicate changes to our terms and conditions and policies - Send offers or promotions for CoinShares services and products | - Performance of the contract you have entered with us - Consent - Compliance with our legal obligations | Your data is kept in the active database as long as the contract duration and at least five (5) years from the end of the business relationship. After ten (10) years from the record data, your data is deleted. |
Due diligence (Incorporation and controller information, information about your investor status, information about your source of funds or source of wealth, your KYC and CDD documentation) | - Verify the accuracy of and authenticate your information - Detect, investigate, and prevent potentially prohibited or illegal activities, such as fraud or money laundering. | - Compliance with our legal obligations | Your data is kept in the active database as long as the contract duration and at least five (5) years from the end of the business relationship. After ten (10) years from the record data, your data is deleted. | |
Financial data (Bank details, payment service provider information, payment details, transaction data) | - Detect, investigate, and prevent potentially prohibited or illegal activities, such as fraud or money laundering - Process transactions and send notices about your transactions - Resolve disputes and collect payments and/or fees; | - Compliance with our legal obligations - Performance of the contract you have entered with us | Your data is kept in the active database as long as the contract duration and at least five (5) years from the end of the business relationship. After ten (10) years from the record data, your data is deleted. | |
Complaints | Complaints details (All details relating to a complaint, including correspondence, register, escalation reports; all records relating to the analysis of a transaction e.g., findings, action taken, escalation etc; all records of transactions and activity with a person connected with an enhanced risk state) | - Resolve disputes - Provide the CoinShares services and customer support | - Compliance with our legal obligations - Performance of the contract you have entered with us | Your data is kept in the active database as long as the contract duration and at least five (5) years from the end of the business relationship. After ten (10) years from the record data, your data is deleted. |
Browsing our Website | Activity analysis (Your IP address, computer or mobile device information, frequency, time, operating system, browser type, device type, unique device identification number, cookies, possibly form data, crash reports, performance data, third party cookies, performance data) | - Communicate about accounts or transactions and send information about features and enhancements - Provide the CoinShares services and customer support | - Consent (for cookies, except necessary cookies) - Legitimate interests (for necessary cookies only). We have assessed that we have a legitimate interest to analyse your activity while browsing our Website and that our interest outweighs your right to not have your data processed for the described purpose. | our data is kept for a maximum of 13 months. For more information, please refer to our Cookies Policy. |
Statistical and marketing data (IP-address, number of visitors, frequency, clicks, time, locations, target groups, data from cookies and similar technologies, consumer behaviours, interests and preferences, data relating to market research and target group surveys etc) | - Provide advertising, including advertising based on your use of the services provided by CoinShares or third-party websites - Perform statistical, demographic and marketing analyses of users of the services provided by CoinShares and their purchasing patterns - Conduct any other legitimate business activities not otherwise prohibited by law - Personalise content and experiences, including providing recommendations based on your preferences | - Consent (Cookiebot) | Your data is kept for a maximum of 13 months. For more information, please refer to our Cookies Policy. | |
Third Party Analytics We may use automated devices and applications to evaluate usage of our Site. These entities may use cookies and other tracking technologies to perform their services. | - Improve our website, performance and the user experience of our Website | - Consent | Your data is kept for a maximum of 13 months. For more information, please refer to our Cookies Policy. | |
Subscribing to our Content | Data provided to receive newsletters (research & Investor relations), IR and event information (your first and last name, postal address and email address, telephone number, country, name of employer or investor, type of investor) | - Communicate the newsletter or research to you - Provide Investor Relations information to you - Provide information about events (i.e., webinars) to you | - Consent | Your data is kept for a maximum period of three (3) years from your last contact with us, or for the duration of our contractual relationship and may be kept in an intermediate archive if necessary. |
Data provided to reach out to Investor Relations or Sales Department (your first and last name, postal address and email address, telephone number, country, name of employer or investor, type of investor) | - Answer your request | - Consent | Your data is kept for as long as necessary for the purpose of the processing. | |
Information provided to register to Earning broadcast (your first and last name, postal address and email address, telephone number, country, name of employer or investor, type of investor) | - Register to Earnings Broadcasts and manage your account on Wavecast | - Consent - Legitimate interests. We have assessed that we have a legitimate interest to identify the type of person interested in our Earning broadcasts and that our interest outweighs you right to not have your data processed for the described purpose. | Your data is kept for as long as necessary for the purpose of the processing. |
How long do we keep your Personal Data?
We retain the data collected for the time strictly necessary for the purpose of the processing, and within the limits provided for by Applicable Laws if it allows longer retention.
Unless explicitly stated in this Policy, the Personal Data we process is deleted or anonymized as soon as it is no longer necessary for the purpose for which it was collected and if the deletion does not conflict with our legal retention obligations.
How do we protect your Personal Data?
We adopt appropriate data collection, storage, processing practices and security measures to protect against unauthorised access, alteration, disclosure, or destruction of your Personal Data, username, password, transaction information, and data stored on the Website. All Personal Data is dealt with in accordance with the Applicable Laws.
We designed our systems with your security and privacy in mind. We implemented technical and organisational security measures to protect your data from accidental or unlawful destruction, loss, alteration, unauthorised access or disclosure, in particular: Ultra-secure encryption; Secure servers; Backups; Continuous monitoring.
We maintain physical, technical, administrative, and procedural safeguards to protect Personal Data, and access to Personal Data is limited to the employees who require it for their job functions. CoinShares is ISO 27001 certified, demonstrating thereby our engagement to maintain a secure platform for our customers, under strict design, procedures, controls, and continual improvement.
How do we share your Personal Data?
We will only share your Personal Data with third parties as described in this Policy and ensure the data recipients follow practices at least as protective as those described in this Policy.
We may share your Personal Data with:
Group companies: Relevant departments from the Group will receive your Personal Data if they need it to contribute to the purpose of processing. We may transfer data as part of our business operations, to meet our legitimate interests of carrying out our internal administrative activities efficiently and to improve our products and services. Group companies act as individual data Controllers.
Service providers, affiliates, and commercial partners: These recipients act as Processors and help us with our business operations, and only have access to Personal Data necessary for the performance of their functions and may not use it for any other purpose. Processors are also carefully selected and contractually obliged to ensure the confidentiality and security of your Personal Data that they process on our behalf.
Third parties, including governmental authorities and law enforcement: We may transfer your Personal Data to the relevant public authorities to i) defend our legal rights, interests, or property and any of its related entities; ii) protect the safety and security of our customers or members of the public; or iii) protect against fraudulent activities, or comply with Applicable Laws, subpoena, or legal process.
Companies that we plan to merge with or may be acquired by. If CoinShares may be sold or transferred in whole or in part (or such a sale or transfer is being contemplated), your Personal Data may be transferred to the new entity or potential new entity as part of the transfer itself or as part of an initial review for such transfer/purchase (i.e. due diligence), subject to any rights provided by applicable law, including jurisdictions where the new entity or potential new entity are located. CoinShares has a legitimate interest in being able to perform these transactions (Art. 6(1)(f) GDPR).
Other third parties with your consent or at your direction to do so.
Third parties for any legitimate business purpose not otherwise prohibited by the Applicable Laws.
How can you restrict us from sharing your Personal Data
It is possible to limit our use and sharing of your Personal Data, as such:
You may unsubscribe from marketing emails, by clicking the “Unsubscribe” link in the email footer or contacting [email protected].
You can modify your browser settings to decline cookies, but certain features of the Website may not function properly or be unavailable if you do so. For more information, you can also directly access settings in the cookie settings banner and read our Cookie Policy. During your browsing, you can always withdraw you consent to cookies at any time by changing your cookie preferences in our cookie settings centre (bottom left of the Website).
On your mobile device, you can know which third parties have currently enabled cookies and eventually opt-out of some of those cookies. You may also select “Limit Ad Tracking” (on iOS devices) or “Opt out of Interest-Based Ads” (on Android). Even if you disable tracking, keep in mind that you may still receive interest-based advertising, including from third parties with whom your information had been previously disclosed and that you may still receive advertising from third parties, although such advertising may not be based on your interests and preferences.
We use the information provided by Google Analytics to improve our Services. For more information regarding how Google collects, uses, and shares your information and how to opt-out of certain uses please visit How Google uses information from sites or apps that use our services – Privacy & Terms and Google Analytics Opt-out Browser Add-on Download Page. Please also see our Cookie Policy for more information on how we use cookies on our Website.
Note that our information collection and disclosure practices, and the choices we provide to visitors, will continue to operate as described in this Policy whether or not a Do Not Track signal is received.
Third-Party Links
Our Websites may contain links to third-party websites, including social media sites. By including a link to a third-party website, we do not endorse or recommend any products or services offered or information contained at the third-party website. Any access to and use of such linked websites is not governed by this Policy, but instead is governed by the privacy policies of those third-party websites. We are not responsible for the information practices of such third-party websites. If you decide to visit a third-party website via a link contained in or by the Website, you do so at your risk.
Asserting your rights
You may request, for example, to access, correct, or delete Personal Data that you have provided to us. You will not be permitted to examine the Personal Data of any other person or entity and may be required to provide us with Personal Data to verify your identity prior to accessing any records containing information about you.
Unless stated otherwise by the Applicable Laws or any other legal provision or applicable regulations, you may exercise the following rights:
Right of access: You have the right to obtain confirmation from CoinShares to whether your Personal Data is being processed. In that case, you have the right to request a copy of the Personal Data and additional information such as the purposes of the processing, the categories of Personal Data concerned, where the data came from and the recipients or categories of recipients to whom the Personal Data have been or will be disclosed. To request a copy of the Personal Data undergoing processing does not mean that you always have the right to obtain the document itself where your Personal Data occurs. The right of access should not be confused or equated with right to access official documents from an authority. For additional copies requested by you, we may charge a reasonable fee based on administrative costs.
Right to rectification: You have the right to obtain from us the rectification of inaccurate Personal Data concerning you. Depending on the purposes of the processing, you have the right to have incomplete Personal Data completed, including by means of providing a supplementary statement.
Right to erasure: In certain cases, you have the right to ask us to erase your Personal Data if, for example, the Personal Data is no longer necessary in relation to the purpose, you withdraw your consent and there is no legal ground for us to process the Personal Data, the Personal Data have been unlawfully processed or you have objected to the processing and there are no overriding legitimate grounds for the processing. To the extent that it is necessary to continue the processing of your Personal Data, for example to fulfil our legal obligations or to establish, exercise or defend legal claims, we are not obliged to delete your Personal Data. This means that certain data can be stored until we are no longer obliged to process them. However, we will cease our communication (direct marketing/newsletter) to you after you have requested to be deleted.
Right to restriction of processing: You have the right to request the restriction of the processing of your Personal Data if you believe that your Personal Data is inaccurate, our processing is unlawful or that we no longer need the Personal Data for specific purpose. If you object to the processing of Personal Data you may also request the restriction while we assess the legitimate grounds (the objection request). In this case, the respective data will be marked and the Personal Data may only be stored and processed by us for certain purposes. CoinShares will inform you when the restriction is lifted.
Right to withdraw your consent: If CoinShares processes your Personal Data based on consent, you have the right to withdraw your consent at any time by contacting us and this will not affect the lawfulness of the processing based on consent before the withdrawal.
Right to data portability: You have the right to receive a copy of the Personal Data concerning you which you have provided to us and that we process by automated means for the performance of a contract with you or based on your consent. You have the right to receive your Personal Data in a structured, commonly used, and machine-readable format and this allows you to transmit those Personal Data to another entity without hindrance from us.
Right to object: You have the right to object at any time to our processing of your Personal Data with reference to your personal circumstances and provided that the processing is based on a legitimate interest (Art. 6(1)(f) of the GDPR) as a legal basis. Unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims, we will no longer process this data. If your Personal Data is processed for direct marketing, you have the right to object to the processing at any time and we have no right to continue processing your Personal Data for such purposes. In your objection, please state which processing purpose(s) you object to and your grounds relating to your particular circumstances.
Contact the competent supervisory authority
We remind you that you have the possibility to file a complaint with the competent supervisory authority, in particular in the EU Member State of your habitual residence, place of work or alleged infringement of the GDPR. CoinShares International Limited is incorporated in Jersey and owns this Website. Pursuant to Article 56 of the DPL, in Jersey, this authority is the Jersey Office of the Information Commissioner (Jersey Office of the Information Commissioner).
How to contact us
The following legal entity is data controller for the processing of your Personal Data:
CoinShares International Limited
Company registration number: 102185 (Jersey Financial Services Commission)
Registered address: 2nd Floor, 2 Hill Street, St Helier, JE2 4UA, Jersey, Channel Islands
If you want to exercise any of your rights, have any questions regarding this privacy policy or the processing of your Personal Data, please contact our Compliance Function at the following address: [email protected].
Changes to this policy
As our business is constantly evolving, it may become necessary to update the Policy from time to time as necessary to comply with Applicable Laws or for legitimate business purposes. In such case, a new version will be published on the Website.
June 2024