Our Commitment to Data Privacy
Protecting the privacy of individuals who provide us with Personal Data ("Personal Data") is of sincere importance to CoinShares France (“CoinShares”, “we”, “our”, us) and to the way we do business. You have shown your trust in us by interacting with SHPRD.FINANCE (the “App”), and we value that trust.
To this end, we are committed to respecting local data privacy legislations (together “Applicable Laws”), in particular, the (EU) 2016/679 General Data Protection Regulation of the European Parliament and of the Council of 27 April 2016 on the protection of persons with regard to the processing of personal data (“the GDPR”).
Data Protection Officers
When using the App, we are the personal data controller. This means that we determine the purposes and means by which your data is processed. “Controller”, “Joint controller” or “Processor”, used in this Policy, refer to the terms defined in Article 4 of the GDPR. We are not a public authority or body; a body whose core activities would lead us to carry out regular and systematic monitoring of individuals on a large scale; or a body whose core activities would lead us to process on a large scale so-called "sensitive" data (biometric data, genetic data, data concerning health, sex life, racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership) or data concerning criminal convictions and offences. As a result, we are not required to appoint a Data Protection Officer at the group level, although we understand the importance of ensuring good governance of this system. To do so, we have appointed our Compliance Function with the duty to ensure that our processing operations comply with this Policy and, more generally, with the Applicable Laws. The Compliance Function will endeavour to answer any questions or requests in relation to the processing of your data, your rights, and our Policy. If you have any questions or requests regarding the processing of your Personal Data, please contact our Compliance Function at the following address: email@example.com
Automated decision-making and profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you. Please note that we may use automated decision-making systems, especially in the context of preventing fraud in relation to our regulatory obligations. However, no decision is exclusively based on such a type of processing, as each decision always requires human intervention.
How we process your Personal Data
We collect and process information relating to you and your use of the Services. How we handle it differs as set out below:
Identification data (your first and last name, age, postal address, your citizenship(s)), place and date of birth, ID number, your wallet address and past transactions
● Detect, investigate and prevent potentially prohibited or illegal activities, such as fraud or money laundering; ● Verify the accuracy of and authenticate your information.
● Compliance with our legal obligations
● As long as the contract duration and at least five (5) from the end of the business relationship. ● After ten (10) years from the record data, your data is deleted.
Browsing our App
Activity analysis (your IP address, computer or mobile device information, frequency, time, operating system, browser type, device type, unique device identification number, cookies, possibly form data, crash reports, performance data, third party cookies, performance data)
● Communicate about accounts or transactions and send information about features and enhancements ; ● Provide the CoinShares services and customer support ;
● Consent (for all cookies except necessary ones) ● Legitimate interests (for cookies other than necessary)
Statistical and marketing data (number of visitors, frequency, clicks, time, locations, target groups, data from cookies and similar technologies, consumer behaviours, interests and preferences, data relating to market research and target group surveys etc)
● Provide advertising, including advertising based on your use of the CoinShares Services or third-party Apps ● Perform statistical, demographic and marketing analyses of users of the CoinShares Services and their purchasing patterns ● Conduct any other legitimate business activities not otherwise prohibited by law ● Personalise content and experiences, including providing recommendations based on your preferences
● Improve our App, performance and user experiences.
How long do we keep your Personal Data?
We retain the data collected for the time strictly necessary for the purpose of the processing, and within the limits provided for by Applicable Laws if it allows longer retention. Unless explicitly stated in this Policy, the Personal Data we process is deleted or anonymized as soon as it is no longer necessary for the purpose for which it was collected and if the deletion does not conflict with our legal retention obligations.
How do we protect your Personal Data?
We adopt appropriate data collection, storage, processing practices and security measures to protect against unauthorised access, alteration, disclosure, or destruction of your Personal Data, username, password, transaction information, and data stored on the App. All Personal Data is being dealt with in accordance with the Applicable Laws. We designed our systems with your security and privacy in mind. We implemented technical and organisational security measures to protect your data from an accidental or unlawful destruction, loss, alteration, unauthorised access or disclosure, in particular: Ultra-secure encryption; Secure servers; Backups; Continuous monitoring. We maintain physical, technical, administrative, and procedural safeguards to protect Personal Data, and access to Personal Data is limited to the employees who require it for their job functions. CoinShares is ISO 27001 certified, demonstrating thereby our engagement to maintain a secure platform for our customers, under strict design, procedures, controls and continual improvement.
How do we share your Personal Data?
Please note that we do not sell, trade or rent your Personal Data to others. We will only share your Personal Data with third parties as described in this Policy and ensure the data recipients follow practices at least as protective as those described in this policy. We may share your Personal Data with: ● Group's companies: Relevant departments from the Group will receive your Personal Data if they need it to contribute to the purpose of processing. We transfer data as part of our business operations, to carry out our internal administrative activities efficiently and to improve our products and services. ● Service providers, affiliates and commercial partners: These recipients help us with our business operations, and only have access to Personal Data necessary for the performance of their functions and may not use it for any other purpose. Processors are also carefully selected and contractually obliged to ensure the confidentiality and security of your personal data that they process on our behalf. ● Third parties, including governmental authorities and law enforcement: We may transfer your personal data to the relevant public authorities to i) defend our legal rights, interests or property and any of its related entities; ii) protect the safety and security of our customers or members of the public; iii) protect against fraudulent activities, or comply with Applicable Laws, subpoena or legal process. ● Companies that we plan to merge with or may be acquired by. If Coinshares may be sold or transferred in whole or in part (or such a sale or transfer is being contemplated), your personal data may be transferred to the new entity or potential new entity as part of the transfer itself or as part of an initial review for such transfer/purchase (i.e. due diligence), subject to any rights provided by applicable law, including jurisdictions where the new entity or potential new entity are located. Coinshares has a legitimate interest in being able to perform these transactions (Art. 6(1)(f) GDPR). ● Other third parties with your consent or at your direction to do so. ● Third parties for any legitimate business purpose not otherwise prohibited by the Applicable Laws. Data transfer within and outside the European Economic Area (EEA) The Personal Data we process on this App is stored by our hosting provider Amazon Web Services on servers located within the European Union. Due to the international nature of our business, we may transfer your Personal Data inside and/or outside the European Union, as well as outside the European Economic Area (EEA). Where applicable, we will put in place appropriate technical, organisational and contractual safeguards, to ensure that such transfer is carried out in accordance with applicable data protection rules, unless the country to which the data is transferred is already considered by the European Commission to provide an adequate level of protection. If you need further information on how your Personal Data is being transferred, you can reach us as described in Section 3 of this Policy.
How can you restrict us from sharing your Personal Data?
The App may contain links to third-party Apps, including social media sites. By including a link to a third-party App, we do not endorse or recommend any products or services offered or information contained in the third-party App. This Policy does not govern any access to and use of such linked Apps, but instead is governed by the privacy policies of those third-party Apps. We are not responsible for the information practices of such third-party Apps. If you decide to visit a third-party App via a link contained in or by the App, you do so at your risk.
Asserting your rights
You may request, for example, to access, correct, or delete Personal Data that you have provided to us. You will not be permitted to examine the Personal Data of any other person or entity and may be required to provide us with Personal Data to verify your identity prior to accessing any records containing information about you. Unless stated otherwise by the Applicable Laws or any other legal provision or applicable regulations, you may exercise the following rights: ● Right of access: You have the right to obtain confirmation from CoinShares to whether or not your personal data is being processed. In that case, you have the right to request a copy of the personal data and additional information such as the purposes of the processing, the categories of personal data concerned, where the data came from and the recipients or categories of recipients to whom the personal data have been or will be disclosed. To request a copy of the personal data undergoing processing does not mean that you always have the right to obtain the document itself where your personal data occurs. The right of access should not be confused or equated with right to access official documents from an authority. For additional copies requested by you, we may charge a reasonable fee based on administrative costs. ● Right to rectification: You have the right to obtain from us the rectification of inaccurate personal data concerning you. Depending on the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement. ● Right to erasure: In certain cases, you have the right to ask us to erase your personal data if, for example, the personal data is no longer necessary in relation to the purpose, you withdraw your consent and there is no legal ground for us to process the personal data, the personal data have been unlawfully processed or you have objected to the processing and there are no overriding legitimate grounds for the processing. To the extent that it is necessary to continue the processing of your personal data, for example to fulfil our legal obligations or to establish, exercise or defend legal claims, we are not obliged to delete your personal data. This means that certain data can be stored until we are no longer obliged to process them. However, we will cease our communication (direct marketing/newsletter) to you after you have requested to be deleted. ● Right to restriction of processing: You have the right to request the restriction of the processing of your personal data if you believe that your personal data is inaccurate, our processing is unlawful or that we no longer need the personal data for specific purposes. If you object to the processing of personal data you may also request the restriction while we assess the legitimate grounds (the objection request). In this case, the respective data will be marked and the personal data may only be stored and processed by us for certain purposes. Coinshares will inform you when the restriction is lifted. ● Right to withdraw your consent: If Coinshares processes your personal data based on consent, you have the right to withdraw your consent at any time by contacting us and this will not affect the lawfulness of the processing based on consent before the withdrawal.Right to data portability: You have the right to receive a copy of the personal data concerning you which you have provided to us and that we process by automated means for the performance of a contract with you or based on your consent. You have the right to receive your personal data in a structured, commonly used and machine-readable format and this allows you to transmit those personal data to another entity without hindrance from us. ● Right to object: You have the right to object at any time to our processing of your personal data with reference to your personal circumstances and provided that the processing is based on a legitimate interest (Art. 6(1)(f) of the GDPR) as a legal basis. Unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims, we will no longer process this data. If your personal data is processed for direct marketing, you have the right to object to the processing at any time and we have no right to continue processing your personal data for such purposes. In your objection, please state which processing purpose(s) you object to and your grounds relating to your particular circumstances.
Contact the competent supervisory authority
We remind you that you have the possibility to file a complaint with the competent supervisory authority, in particular in the EU Member State of your habitual residence, place of work or alleged infringement of the GDPR. In France, this authority is the Commission National Informatique et Libertés (CNIL), whose App address is: https://www.cnil.fr.
How to contact us
Changes to this policy
As our business is constantly evolving, it may become necessary to updatethe Policy from time to time as necessary to comply with Applicable Laws or for legitimate business purposes. By continuing to use our App, you agree to remain bound by the Policy. You acknowledge and agree that it is your responsibility to periodically review this Policy and check for any changes. In such a case, a new version will be published on the App.
About the Cookies Policy
What are cookies, and why do we use them?
Cookies are text files placed on the user's device when visiting an App. Cookies are downloaded to the Visitor’s computer, tablet, smartphone or other devices. Cookies then allow us to recognise that device, track your browsing and record helpful information to optimise your visit to our site and access the various features. Cookies can be classified by their lifetime and by the domain to which they belong: ● By legitimacy: ○ Necessary: Necessary cookies help make an App usable by enabling essential functions like page navigation and access to secure areas of the App. The App cannot function properly without these cookies. ○ Preferences: Preference cookies enable an App to remember information that changes the way the App behaves or looks, like your preferred language or the region that you are in. ○ Statistics: Statistic cookies help App owners to understand how visitors interact with Apps by collecting and reporting information anonymously. ○ Marketing: Marketing cookies are used to track visitors across Apps. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third-party advertisers. ○ Unclassified: Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies. ● By duration: ○ Session cookies: These are cookies that are deleted when the user closes the web browser. ○ Persistent cookies: These are cookies that remain stored on the hard disk of the user's terminal for a predefined period. ● By domain: ○ First-party cookies: These are cookies deposited by the server of the visited App that shares the same domain. ○ Third-party cookies: These are cookies that are deposited by a domain other than that of the App visited. Because of the way they work, we cannot access the data collected by third-party cookies, and in particular, we cannot control all the tracking functions of third-party tools. However, these providers are required to comply with applicable data protection regulations. We may use different types of cookies.
Which tools do we use and can you opt out?
Because of how cookies and similar technologies work, we cannot access data collected by third-party cookies, nor can other companies or persons access the data generated by such tools, and in particular, not all tracking functions of third-party tools can be controlled by us. All the following providers are obliged to comply with the applicable data protection regulations and are solely responsible for any processing of personal data as a data controller according to article 4(7) of the GDPR.
How to manage your cookies settings?
Changes to this Policy
Please note that this Policy may be updated from time to time. We, therefore, recommend that you read this policy whenever you decide to accept or decline cookies from us or change your initial cookie setting.
If you have any questions about this Cookies Policy, or more generally about the processing of your personal data, please contact us at firstname.lastname@example.org.