1.CoinCoupon ltd. with legal address 61 Bridge Street, Kington, Herefordshire, United Kingdom, HR5 3DJ, Identification number: 12674755, registered in the United Kingdom (the "Controller") in accordance with its obligations under articles 13 and 14 of the GDPR hereby informs you of the way your personal data is processed. The words "We", "Ours" and any variations of these words will be used to identify the Controller in the text of the Document.

2.The Data subjects include, in particular, Consumers who enter into a Coin Coupon Purchase Agreement with the Controller (the "Agreement"). Data subjects also include other individuals who have given their consent to the Controller to process their personal data for the relevant purposes or visitors to the www.coincoupon.io website (for more information, see the Cookie Regulations). The words 'You', 'Your' and any variations of these words may be used to identify the Data Subject in the text of the Document.

3. We have developed this Privacy and Personal Data Protection Policy ("Document") for the Data Subjects in order to ensure sufficient transparency and to clarify the basic principles we follow in protecting your privacy and personal data.

4. Since we are especially concerned about the security and legality of your personal data processing, and therefore in this Document we have set up specific mandatory rules for the processing of personal data, based on the basic principles for the processing of personal data as set out in Article 5(1) of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (the "GDPR").

5.This Document represents an internal privacy policy which we have introduced in accordance with Article 24 of the GDPR to demonstrate our compliance with the General Data Protection Regulation.

6. This Document concerns the processing of personal data and adherence of the basic principles of personal data lawful processing particularly based on the implementation of the necessary processing of personal data in a lawful manner, fair to all interested parties and transparent to the Data Subjects. We constantly pay great attention to the security of the processing of personal data, while minimizing the data processing operations to the minimum necessary for the proper conclusion of our mutual Agreement and the fulfillment of our obligations under it and the use of the Website.

7. In addition, this Document provides you with obligatory information in accordance with Article 13 of the GDPR and provides you with information on the content of this Document before collection of personal data when you provide us with personal data for the first time or directly when you give your consent to the processing of personal data for specific purposes.

1. The subject of processing personal data in order to create a personal Account on the Website is an e-mail address and password to access the Account. The legal basis for the processing of personal data is the implementation of the Agreement in accordance with Article 6 (1)(b) of the GDPR. There is unlimited period of time during which personal data are processed - until the Agreement is terminated or the Account is cancelled. This personal data is necessary to fulfill the Agreement.

2. If you choose to purchase a Coin Coupon, we will be processing the following personal data: name, surname, address, phone number. According to article 6(1)(b) of the GDPR, the legal basis for the processing of personal data is the execution of the agreement according to article 6(1)(c) of the GDPR and the fulfillment of legal obligations according to article 6(1)(c) of the GDPR arising from the laws governing taxes and accounting. Regarding the period during which personal data are processed, the period of validity of the Agreement in case of processing in accordance with article 6(1)(b) of the GDPR and the period during which personal data are processed in case of compliance with legal obligations under article 6(1)(c) of the GDPR is established by law for a period of 10 years following the year in which the recording event took place (invoice). This personal data is necessary to fulfill the Agreement.

3. Due to the payment of funds to obtain a Coin Coupon, we also need to request the personal data required to verify your identity in accordance with money laundering and terrorist financing legislation (Anti Money Laundering Law). We therefore require the processing of your personal data as stated on your identity card, in full, the personal data included in this document. Such personal data includes, in particular: name, surname, address, date of birth, date of issue and expiry of the identity card, identity card number, photo and other personal data relevant to the fulfilment of our legal obligations. The legal basis for the personal data processing is the observance of legal obligations arising from the relevant laws in accordance with Article 6(1)(c) of the General Data Protection Regulation (GDPR). This personal data is necessary to fulfil the Agreement.

4. Among other things, the Website is a tool for processing personal data when using the Account and purchasing the Coin Coupon. The automated identity verification system operated by our processor may also be a means of processing personal data to verify your identity in order to prevent money laundering and terrorist financing.

5. In addition, we process information about "how did you know about us?". We will process this personal data based on the legal interest of the Joint Controller in accordance with Article 6(1)(f), which is an interest in creating statistical information on information flows relating to information about our services. We then process this personal data only in a summarized form, without linking it to the specific Data Subject who provided us with this personal data. Subsequently, we process these statistical data in accordance with Art. 89 of the GDPR for an indefinite period of time.

6. No personal data will be published or transmitted without your consent to any third country that does not provide an adequate level of protection of personal data. We ensure that your personal data will be processed only within the Member States of the European Union.

7. We may only publish personal data on the basis of your individual consent or your conscious behaviour (e.g. posting content to our official profile created on social networks). In this regard, we inform you that by posting messages, photos or carrying out any activity as a result of which you are identified in our official profile on the social network, your personal data is processed in the information systems of that social network and in our profile. By following the previous sentence, you give your "tacit" consent to the processing of your personal data for our marketing activities.

8. Not only do we regularly review and revise the security measures taken to ensure a high level of security in the processing of personal data, but also other procedures and rules aimed at protecting your privacy and personal data, and we may work together with an expert assigned as the Data Protection Officer (DPO).

9. When transmitting data over a public computer network between your endpoint and our server, we use appropriate encrypted data protection measures (the SSL certificate). Likewise, we store all data and personal data in these data storages, which are protected by appropriate encrypted data protection measures.

10. We undertake to ensure that we do not make consent to the processing of personal data conditional on the conclusion or execution of a contract. You can freely express your permission to the processing of personal data without prejudice to access to our services. You can also withdraw your consent to the processing of your personal data at any time by sending a written request to the e-mail address of the Controller ([email protected]); withdrawal of your consent does not affect the lawfulness of the processing of your personal data before withdrawing it.

11. All subjects, except us, who are legally involved in the processing of personal data, will be transparently identified in this Document together with their status according to the GDPR. We will not carry out any processing of your personal data against a third party and/or recipient if the third party and/or recipient is not identified in this Document transparently and at the same time we have no legal basis for this in accordance with Art. 6 of the GDPR.

12. All personal data recipients will have access to this personal data solely on the basis of the authorization granted by us; they will have legal obligations and legal guarantees that strengthen the protection of personal data of the Data Subjects.

13. We will not disclose your personal data to any of the parties for commercial purposes without first obtaining your individual and free consent. When using Google Analytics, personal data of Website visitors may, under certain circumstances, be processed by Google Inc. as a third party and independent controller; such personal data processing is beyond our control and influence. We also need to inform you that the part of the personal data processing relating to the use of the functions integrated into the Website may be carried out separately and entirely independently of us by third parties acting as independent controllers, other than our personal data information systems; these are mainly the operators of "payment gateways" for making non-cash payments over the Internet. You provide these third parties with your personal data directly, without our involvement or any influence on this process. This aspect of the personal data processing is regulated by internal policies and precautions taken by these third parties and we have no influence on this processing of personal data, including the possibility of exercising the rights of the Data Subject of which we are notifying you in this Document.

14. We have carefully checked with our business partners (the Processors) whom we have authorised to process your personal data, taking into account their capacity to ensure that the processing of your personal data is safe and lawful.

15. When processing personal data and communicating with Data subjects, we use, in addition to the usual communications (such as phone and e-mail), the Website and the official profiles created on the social networks Facebook and Instagram.

16. However, please do not disclose unnecessary data or information about you that is not directly related to the Agreement in our mutual communication.

1. When processing your personal data, we use the following suitably tested and professionally trained business partners who are able to guarantee the security of your personal data processing and who act as processors in accordance with Art. 28 of the General Data Protection Regulation (GDPR):

the Website provider,

the provider of user behavior analysis on the Website,

the accounting company.

1. We are interested in staying in touch with you and being able to keep you informed about news and offers of our services and information from the world of Cryptocurrency. For this purpose, we offer you the opportunity to express your consent to the processing of your personal data for marketing purposes.

2. If you give your consent, we will process the following personal data until you withdraw your consent: name, surname and e-mail address. These personal data will be used to send you relevant information that will enable you to use our offer and services.

3. Your failure to consent will not affect our mutual Agreement as set out in the provisions of this Document.

4. You can withdraw your consent to the processing of your personal data at any time by sending a written request to the e-mail address ([email protected]); withdrawal of your consent will not affect the lawfulness of processing your personal data before withdrawing it. The unsubscription of marketing information, which forms part of every marketing information e-mail sent as a separate button or web link, is also considered a revocation of consent.

1. In addition, we use the website www.coincoupon.io (the "Website") to process some of your personal data..

2. The abovementioned Website uses cookies. A cookie is a small text file that the Website stores on your computer or mobile device while you are browsing. Because of this file, the Website saves information about your actions and preferences (such as your user name, language, font size and other display settings) for some time so that you do not have to type them repeatedly when you next visit the Website or when you view individual subpages of the Website..

3. We also use our own cookies ("First Party Cookies") to optimise the Website`s functions and improve the user experience on the Website and other cookies ("Third Party Cookies") to show behavioral advertising.

4. The Website also uses "short-term cookies", which are automatically deleted when you stop using your Internet browser from your computer system or from your other end devices. However, in some cases, \"long-term cookies\" are also processed which remain on the end user`s device and allow us to see that the website has been repeatedly visited by the respective end user`s device, which may be related, depending on the settings made by the user, e.g. by remembering a set access password, etc..

5. We notify you and all the Website visitors that all cookies that the Website may store on the endpoint of any Website visitor may be viewed and deleted. By properly setting your Internet browser, you can effectively and completely disable the use of cookies. For more information and instructions on how to set the preferences of individual Internet browsers you can find here: https://www.aboutcookies.org/how-to-control-cookies/; and information required to erase cookies from a user's technical device can be found here: https://www.aboutcookies.org/how-to-delete-cookies/. As a rule, you should enable a function in your Internet browser, which is usually called "Protection against spying"..

6. If the web browser used by your endpoint device allows the Website to use cookies to access and view their content, we may consider this to be your valid consent to the use of cookies..

7. We also use Internet analytics services from Google Inc. on the Website; nevertheless, we do not process any personal data or other identifiers (e.g. IP address) that may be used to indirectly identify the Data Subjects. However, this does not mean that Google Inc., which is the operator of Google Analytics and Google adWords, will not process your personal data in this way..

8. Google Analytics and Google adWords also use cookies, which are saved on the website end user's device (computer, tablet, smartphone) to analyze your activity on the Website. Google will make the IP address relating to your IP address anonymous as soon as it is acquired by the Website end-user, thus protecting the privacy of the data subject. Google Inc. will use the information generated by your use of the website to evaluate your use of the website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage. This data processing by Google Analytics and Google adWords can also be prevented by adjusting the settings of the internet browser in which you install the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en..

9. Using the services of Google Analytics and Google adWords on the Website, we can also generate online advertising through remarketing, i.e. the results of our marketing communication can be displayed by other digital service providers and internet content providers, including Google Inc., on various web pages which will be shown on your device in the future once they have left the Website..

10. In addition, we use Google Analytics reports for more effective marketing communication, in which you can process the demographics and interests associated with the acquired Google Inc. Data Subjects (e.g. age, gender, religion), which may also be used by us. We will not, however, process your personal data when you use Google Analytics, as we do not have enough identifiers to identify you directly or indirectly..

11. You may prohibit Google from displaying personalised commercial banners via this link..

12. More information on the use of data by Google Inc. in the context of the use of the website can be found at https://www.google.com/policies/privacy/partners/..

13. Simultaneously we inform you that if during your visit and use of the Website you subscribe to other internet services provided by Google Inc., Google Inc. may process your personal data. We have no control or influence over this processing of personal data and do not participate in it in any way..

14. Regarding the use of the Website by the data subjects Google Inc. is a third party acting as a separate controller. For more information about the current privacy policy of Google Inc., data subjects can be found here: https://www.google.com/policies/privacy/?hl=en..

15. To promote our products and services, we also use the social network Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA. When processing your personal information through our profiles created on this social network, however, we have authorization only as administrators. This company is an independent administrator of personal data and your personal data is being processed in accordance with the terms and conditions set by Instagram. Therefore, your personal data may be provided to third parties and Instagram social network may transfer your personal data to third countries and we have no control over this processing nor are we responsible for it. You can find an overview of Instagram additions, their possibilities and ways of processing your personal data at.

16. On our website we also use Facebook social network additions in the form of Facebook Conversion Pixel and Facebook Remarketing and other services provided by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. In the meantime, we promote our products and services through our company profile on Facebook. Whenever you visit our website that contains this addition, a link will be established between your browser and the social network. After that, the social network will receive information about your visit to the website from your browser. If you are logged in to the Facebook social network, your visit may be linked to your profile on the social network. Any information and metadata generated by the add-on may then be saved by the social networking operator. Using the Facebook Conversion Pixel, we and Facebook may inform you that you clicked on our Facebook ads and were redirected to our Website. Though, we do not have access to data from other sites that you have accessed. The information collected by Facebook Conversion Pixel is used to compile statistics on the use of our Facebook advertising campaigns. However, we do not receive any information that can be used to identify you. By using Facebook Remarketing technology, users who have already visited our sites can be redirected to targeted advertising on other Facebook pages or sites that cooperate with Facebook. No information on the direct targeting of these advertisements to specific individuals is available to us, however. You can find more detailed information about the purpose and scope of the information collected and the processing of your personal data by Facebook as well as about the privacy settings of Facebook in the Facebook Data Policy available here. Here you can prohibit the posting of advertisements by Facebook and other member companies of interest on the Internet. To prevent this personal data from being collected, you must log out of the social network before accessing to our website..

1. We are obliged to maintaining the integrity and confidentiality of your personal data, and therefore we are committed to ensure the reliable protection of personal data not only through individual modern technical and organizational safeguards, but also through the possibility to exercise the rights of the Data Controller at any time by means of a written signed statement implying his or her identity and the right which the Data Controller is obliged to exercise. You can send applications to exercise your right to Data Subject to our e-mail address: [email protected].

2. You can withdraw your consent at any time in cases where the legitimate reason for processing your personal data is your consent. You are free to withdraw your consent to the processing of your personal data at any time by contacting the Controller at any institution or by sending a written request to [email protected]; withdrawal of your consent does not affect the legality of processing your personal data before revoking it.

3. Where the contractual relationship is legal, it is necessary to provide us with the required personal data; if not, it is impossible to enter into a legal contractual relationship and provide you with goods or services.

4. You however have the right of access to personal data (art. 15 of the GDPR), the right to rectification (art. 16 of the GDPR), the right to deletion (art. 17 of the GDPR), the right to restriction of processing (art. 18 of the GDPR), the right to portability of data (art. 20 of the GDPR), the right to object to the processing (art. 21 of the GDPR), the right to demand revision of an individual decision based on automated processing of personal data (art. 22 of the GDPR).

5. Every application for the exercise of the personal data subject's rights under the GDPR can be submitted on the basis of a signed written application sent to the registered office of our company, indicated in the Commercial Register, or to our e-mail address: [email protected]

6. We must draw your attention to the fact that we may require from you a convincing proof of your identity when considering your application for the exercise of the right to data subject, especially if you apply for the realization of the right in a manner other than by a signed written letter, an e-mail with a valid qualified electronic signature or in person at our company's registered office (e.g. in the case of routine e-mail enquiries or telephone calls).

7. Each submitted application for the exercise of the data subject's right will be evaluated individually and competently; the result will always be given to you within 30 days of receiving the application. The application process for the exercise of data subject rights is free of charge. If, in your opinion, we have not considered your application for the exercise of data subject rights according to the GDPR, you can file a complaint with the supervisory authority or apply for judicial remedy directly with the court of general jurisdiction.

8. If there are any questions about the protection of privacy and personal data or information about the content and exercise of your rights, or if you need further clarification of the content of this document, you can contact us at any time by e-mail to the following address:

1. Unless you agree with or understand insufficiently the content or meaning of any part of this Document, we will welcome your actual reservations and comments, which we will discuss with you with a view to protecting and supporting your rights and preventing the occurrence and increase of any risks to your rights and freedoms which may be caused or affected by the use of the Website and/or other processing of personal data contained in this Document.

2. We review and update this Document on a regular basis; the current version of this Document published on the Website is always valid.

3. You may file a complaint regarding the processing of personal data with the supervisory authority, which is the Office for Personal Data Protection of the United Kingdom. Contact details of the supervisory authority: