1. Privacy policy and explanations on data processing (data protection notices)
he following statements contain the legal information about the way in which cpi Crypto Payment International GmbH collects, processes and stores (personal) data when you use our services, as well as the options available to you in connection with this data.
By using the service, you agree to the collection and storage of data by us in accordance with the GTC and these terms and in this respect give consent to data processing.
1.1. Name and contact details of the controller and the company data protection officer.
This privacy notice applies to data processing by:
cpi Crypto Payment International GmbH (cpi).
You can reach cpi as follows:
Address: Lottumstraße 1, 10119 Berlin
E-mail: support@cpi-int.coop
Legally authorized representatives (managing directors)
Frank-Peter Evertz, Jochen Heim, Tobias Kreß
Legally authorized representatives (Prokurist)
Björn Pusch
The company data protection officer is Mr. Jochen Heim. If you wish to contact Mr. Heim with regard to data protection issues:
For fast processing, please choose a meaningful keyword in the subject line, such as "Data protection" or "Data processing".
1.2. Definitions
Unless otherwise specified in each case, the terms appearing in these provisions shall each have the same meaning as assigned to them in our General Terms and Conditions (GTC).
Services
We are a technical operator for the dispatch of digital assets, in particular virtual currencies, service provider for the custody of assets on our own responsibility, in particular certain digital assets such as virtual currencies, the provision of services in connection with the settlement of transactions on digital assets and other services and transactions related thereto without performing activities requiring a license under the KWG or ZAG, provided that it does not fall under the service of investment brokerage within the meaning of §1 para, 1a sentence 2 No. 1 KWG.
Furthermore, cpi Crypto Payment International GmbH acts as a contractually bound intermediary within the meaning of Section 2 (10) of the German Banking Act (KWG) on behalf of, for the account of and under the liability of Effecta GmbH within the scope of its activities to assist in the sale of crypto securities, insofar as it provides services that fall under the service of investment intermediation within the meaning of Section 1 (1a) sentence 2 no.1 KWG. We are registered in the Register of Intermediaries of the Federal Financial Supervisory Authority (BaFin) under the number 80171010.
Personal data
Personal information is information that relates to a living individual who is identifiable from that information (or from that information in combination with other information already in our possession or likely to come into our possession).
Usage data
Usage data is data that is automatically collected in the course of using the service or within the service infrastructure itself (for example, for the duration of a page visit).
Cookies
Cookies are small files that are stored on your device (computer or mobile device).
1.3. Collection, processing and storage of (personal) data
We collect different types of data for a number of occasions and for different purposes
1.3.1. Occasion-related data collection, processing and storage
a) When visiting the website at www.cpi-int.coop
The cpi automatically collects and stores usage data in a log file, so-called server log files, each time our Internet offer is called up (retrieval of a file). This data is anonymous information that the browser transmits to our server by default of the Internet user. This means that when you call up our website, information is automatically sent to our website server by the browser used on your end device. The usage data is data that is not actively provided by the visitor to our website, but data that is passively collected (automatically without active intervention) while you are browsing our website.
This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automated deletion:
IP address of the requesting computer,
Date and time of access,
Name and URL of the accessed file,
website from which the access was made (referrer URL),
browser used and, if applicable, the operating system of your computer as well as the name of your access provider.
The aforementioned data is processed by us for the following purposes:
Ensuring a smooth connection setup of the website,
Ensuring a comfortable use of our website,
evaluation of system security and stability as well as
for further administrative purposes.
An assignment of the above data with regard to specific persons or an identification of users does not take place. This data is used exclusively for statistical purposes and to optimize our consulting services.
The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest follows from the purposes for data collection listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person.
In addition, we use cookies when you visit our website. You will find more detailed explanations of this in the corresponding section of the data protection declaration in the context of the explanation of the processing mechanisms. When calling up individual pages, temporary cookies are used to facilitate navigation of our website. These so-called "session cookies" do not contain any personal data and expire at the end of the session.
The data processed by cookies is permissible for the aforementioned purposes to protect our legitimate interests according to Art. 6 para. 1 p. 1 lit. f DSGVO and also because we thereby fulfill our mission to provide you with information about the company and the products (Art. 6 para. 1 p. 1 lit. b DSGVO)
b) When using our contact form
For questions of any kind, we offer you the opportunity to contact us via a form provided on the website. In doing so, it is necessary to provide a valid e-mail address so that we know from whom the inquiry originates and so that we can answer it. Further information can be provided voluntarily.
Data processing for the purpose of contacting us is carried out in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO, because we assume on the basis of your information that you agree to the storage and processing of the data and because this is necessary for the fulfillment of our order or or for the implementation of pre-contractual measures (Art. 6 para. 1 p. 1 lit. b DSGVO).
The personal data collected by us for the use of the contact form will be automatically deleted after completion of your request after expiry of the statutory retention periods.
c) For the use of our services
Finally, we collect, store and process data as part of our actual services. However, these services require either an order or at least a business initiation. The data, must and may be collected because this is necessary for the fulfillment of our order or or for the implementation of pre-contractual measures (Art. 6 para. 1 p. 1 lit. b DSGVO) and because we are legally obliged to do so (Art. 6 para. 1 p. 1 lit. c DSGVO).
The type and scope of data collection depends on the service and may differ in individual cases.
1.3.2. Types of data
Personal data
As part of your use of our Service, we may ask you to provide certain personally identifiable information that we use to contact or identify you ("Personally Identifiable Information"). Personally identifiable information includes (but is not limited to), for example, the following:
- Name and address
- date of birth
- telephone number
- email address
- Cookies and usage data
- IP addresses (as far as a person can be assigned to it)
- Wallet addresses of cryptocurrencies
Data of your contacts
To facilitate your interaction with other users, our app offers a friends list feature where you can see which of your contacts are also already using our app. Therefore, please allow us to access the phone numbers of your saved contacts. With your permission, we will send them to our server. This will allow us to match which of your contacts are already using our app as well, making it easier for you to interact with these users. We only send the phone number, without any other information such as saved names, to our server. The data is not stored there, but deleted after the comparison with our user database.
Usage data
We may also collect data about the manner in which our Service is accessed or used, or it may arise directly as a side effect of use ("Usage Data").
This Usage Data may include your computer's Internet Protocol (IP) address, your browser type, browser version, the pages you visit within our Service, the time and date of your visit, the total time spent on the relevant pages, individual device identifiers and other diagnostic data.
We also include among the usage data the data about the cryptographic keys stored by us or through us or the data provided to us in the context of the use of the cpi-Wallet.
Behavioral data (especially tracking & cookies)
From our homepage, we use cookies and similar tracking technologies to monitor activity within our service and store certain data in this context.
Cookies are files with a small amount of data, such as anonymous unique identifiers. Cookies are sent from a website to your browser and stored on your device. The other tracking technologies we use are so-called beacons, tags and scripts and are used to collect and track data and to improve and analyze our service.
You can determine in the settings of your browser whether you want to reject all cookies or accept only certain cookies. However, if you refuse to accept cookies, you may not be able to use parts of our service.
Examples of cookies we use:
- Session Cookies. We use session cookies to operate our Service.
- Preference cookies. We use preference cookies to store your preferences and various settings.
- Security Cookies. We use security cookies for security purposes.
1.3.4. Purpose of the collection and storage of personal data and their processing
The collection, processing and storage of this data by cpi is done,
- to be able to identify you as our customer and to verify your identity;
- to provide and maintain our service to you;
- to notify you of changes in relation to our service;
- to allow you to participate in the interactive portions of our service, if you so choose;
- Obtain analytics data and other valuable data so that we can improve our Service;
- monitor the use of our service
- to detect, prevent and correct technical problems;
- to correspond with you;
- for billing and invoicing purposes;
- to process any civil claims and to assert any claims in the event of disputes with other market participants
- for forwarding to third parties, insofar as we act as an intermediary at your express request and initiate or help to initiate purchase or sales transactions relating to financial instruments.
The data processing is carried out on your order and is insofar required according to Art. 6 para. 1 p. 1 lit. b DSGVO for the aforementioned purposes for the appropriate processing of the order and for the mutual fulfillment of obligations arising from the service contract.
1.4. Principles of data processing
Your data, including personal data, may be transferred to computers and processed and stored on such computers. They will be handled in accordance with the respective current data protection regulations, in particular the General Data Protection Regulation (DSGVO) and the Federal Data Protection Act (BDSG). If these computers are located outside the Federal Republic of Germany or if data must be transferred there for processing or storage, cpi will ensure that this transfer is in accordance with European regulations and that equivalent protection exists in the destination country.
If you are located outside of Germany and decide to transfer data to us, you must acknowledge that we will transfer your data, including personal data, to Germany and process it there in accordance with the rules applicable in Germany.
Your consent to this privacy policy and any subsequent transfer of data by you constitutes a declaration of consent by you to the aforementioned transfer, processing and storage.
cpi will take all necessary steps to ensure that your data is handled in a secure manner and in accordance with the law and this Privacy Policy, and that your personal data is not transferred to organizations or countries where there are insufficient controls over the security of your data and other personal information.
Our Service is not directed to individuals who are under the age of 18 ("Minors").
We do not knowingly collect personally identifiable information about minors. If you are a parent or guardian and it comes to your attention that a minor under your supervision has provided us with personally identifiable information, please contact us. If we become aware that we have collected personally identifiable information from a minor without parental consent, we will implement measures to remove that information from our servers.
1.5. Disclosure of data to third parties
A transfer of your personal data to third parties for purposes other than those listed does not take place.
As far as this is necessary according to Art. 6 para. 1 p. 1 lit. b DSGVO for the processing and handling of orders or other measures in connection with our service, your personal data may be passed on to third parties.
The disclosure also takes place to the providers and marketplaces that we suggest to you for the purchase or sale of financial instruments, but only insofar as you wish to take advantage of services from there, possibly also already in the context of an initiation and preparation of transactions requested by the customer.
1.5.1. Disclosure due to special circumstances
cpi may disclose your personal information under certain circumstances if, in accordance with the principles of good faith, it believes that disclosure is necessary to achieve the following objectives:
- to comply with a legal obligation
- to protect and defend the rights or property of cpi
- to prevent or investigate possible misconduct in relation to the service
- to protect the personal safety of users of the service or the general public
- to avoid liability claims
1.5.2. Order data processing
We may, after careful selection, engage third party companies and individuals ("Contract Data Processors") to provide support services to facilitate the provision of our Service, to provide services on our behalf, or to provide services related to our Service.
These third parties may access your personal data only to the extent necessary to perform those tasks on our behalf and may not disclose, use, share or in turn commercially exploit it for any other purpose. For this purpose, each commissioned data processor must undertake to comply with all data protection standards to which cpi is also subject.
In addition, we perform commissioned data processing for third parties to a certain extent, in particular with regard to brokerage activities for financial instruments, in the context of which we provide information to providers and collect or verify information and data on behalf of the institutions.
Furthermore, commissioned data processing is carried out by cpi from the point of view of the settlement of brokered transactions, insofar as we receive data from the provider or the networks about the stock or the change of crypto securities in the cpi wallet.
1.5.3. Data analysis and Google Analytics
We may engage third parties to monitor and analyze the use of our service.
Google Analytics
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data obtained to track and monitor the use of our service. This data is shared with other Google services. Google may use the data obtained to contextualize and personalize advertisements within its own advertising network.
You can disable the transmission of your activity within our service to Google Analytics by installing the browser add-on to disable Google Analytics. The add-on prevents data transmission to Google Analytics on visits or activity via the JavaScript of Google Analytics (ga.js, analytics.js and dc.js).
For more information about Google's privacy practices, please visit Google's Privacy Terms webpage: https://policies.google.com/privacy?hl=en
1.5.4. Links to other websites
Our Service may contain links to other providers or websites that are not operated by us.
If you click on a third-party link, you will be redirected directly to the website of the relevant third party. In this case, you will be redirected from our server to the destination server, whereby the operator of the latter (may) become aware that you have previously visited our site.
However, we have no control over the content, privacy policies and practices of third party websites or services and assume no liability in this regard. We strongly recommend that you read the privacy statements of each and every website you visit.
1.6. Note on data security
The security of your data is important to us. However, please remember that there are no transmission methods over the Internet and no electronic storage media that are 100% secure. Although we always strive to implement commercially acceptable measures to protect your personal data, we cannot guarantee absolute security.
1.7. Reservation of right of modification
We may update our Privacy Policy from time to time. We will make such changes through an updated version of the Privacy Policy, which will be posted on the Privacy Policy page.
We will notify you by email and/or by means of other visible notice within our Service prior to the effective date of the applicable change and update the "Effective Date" at the beginning of this Privacy Policy.
We encourage you to review this Privacy Policy periodically for changes. Changes to this Privacy Policy will be effective at the time they are posted on this page.
1.8. Data subject rights
You have the right
- in accordance with Art. 7 (3) DSGVO to revoke your consent to data processing and storage at any time. This has the consequence that we may no longer continue the data processing based on this consent for the future; it is pointed out that this generally means that there is no longer any possibility of continuing the business relationship. Insofar as your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) p. 1 lit. f DSGVO, you have the right pursuant to Art. 21 DSGVO to object to the processing of your personal data, insofar as there are grounds for doing so that arise from your particular situation.
- in accordance with Art. 15 DSGVO, to request information about your data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making, including profiling and, if applicable, meaningful information about its details;
- pursuant to Art. 16 DSGVO, to request the correction of incorrect or incomplete personal data stored by us without undue delay;
- pursuant to Art. 17 DSGVO, to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defense of legal claims;
- pursuant to Art. 18 DSGVO, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing pursuant to Art. 21 DSGVO;
- pursuant to Art. 20 DSGVO, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller; and
- complain to a supervisory authority in accordance with Art. 77 DSGVO. The supervisory authority responsible for us is the Federal Financial Supervisory Authority.
If you wish to exercise your right to object, simply send an e-mail to info@cpi-int.coop.
1.9. Duration of processing and storage
The personal data collected by us for the processing of the business relationship will be stored at least until the expiry of the statutory retention period. They will be deleted thereafter, unless we are obliged to store them for a longer period according to Art. 6 para. 1 p. 1 lit. c DSGVO due to tax and commercial law retention and documentation obligations (from HGB, StGB or AO). According to current regulations, it is assumed that a storage period of 10 years is required under tax law, so that your data will be finally deleted no later than 10 years after the end of the business relationship, unless an earlier deletion is required for individual data.
Last updated: 22.10.2020