This privacy policy (the “Policy”) of Collect & Exchange CY Ltd (collectively “Collect & Exchange CY ”, “we” or “us”) explains how we collect, use and disclose personal information through our website, mobile application, and other online products and services that link to this Policy. The privacy of our visitors is our top priority.
Collect & Exchange CY Ltd is a limited liability company incorporated under the Laws of the Republic of Cyprus with registered No. HE 456884 and registered office at Thessalonikis 13 str., 3025, Limassol, Cyprus. Our services are located at https://collectnexchange.cy (the ‘Website’) and the categories of information that Collect & Exchange CY collects and records, as well as how we use this information is located at https://collectnexchange.cy/privacy-policy (‘’the Policy’’).
Please get in touch with us if you have any more inquiries or need more details about our privacy policy.
This Privacy Policy is relevant for visitors to our Website and web application with regards to the information they shared and/or collected in Collect & Exchange CY and it only pertains to our online activities. Information gathered offline or from sources other than this website is not covered by this Policy.
Please read this Privacy Policy carefully. We recommend that you print off a copy of this Privacy Policy and any future versions in force from time to time for your records.
Personal Data is any information (including opinions and intentions) which relates to an identified or Identifiable Natural Person. Personal Data is subject to certain legal safeguards and regulations, which impose guidelines on how organizations may process Personal Data including General Data Protection Regulation (GDPR) - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 and other relevant laws to provide you with adequate levels of data protection. However, you should be aware that Collect & Exchange CY is a company licensed and acting under the European Union Regulation (EU) on markets in crypto-assets (MiCA) and the prevention and suppression of money laundering and terrorist financing laws of 2007- 2021 (AML/CFT LAW) as amended and fall under the regulation of EU on the protection of personal data and supervised by the Cyprus Securities and Exchange Commission (CySEC).
Collect & Exchange’s leadership is fully committed to ensuring continued and effective implementation of this Policy and expects all Employees and Third Parties to share in this commitment.
Collect & Exchange CY Ltd acts as the data controller for personal data processed in connection with the Collect & Exchange CY web application.
Address: Thessalonikis 13 str.,3025, Limassol, Cyprus.
Data Protection Authority: Office of the Commissioner for Personal Data Protection, Iasonos 1, 1082 Nicosia, Cyprus ([email protected]).
Data Protection Officer (DPO)
Collect & Exchange CY has appointed a Data Protection Officer.
You can contact the DPO regarding any data-protection matter at [email protected].
These definitions should help you understand this Privacy Policy.
“Personal Data” or “Personal Information” means any information that identifies or can be used to identify an individual, directly or indirectly, including, but not limited to, first and last name, date of birth, email address, occupation, work performance data, gender or other demographic information.
“Processing” of Personal Information means any operation or set of operations which is performed upon Personal Information, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.
“Controller” means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of Personal Information.
“Customers” means a person or organization that is authorized to use the Collect & Exchange.
“Corporate Information” or “Legal Entity Data” means information that relates to a legal person (e.g., company name, registration/VAT numbers, registered office, directors/shareholders lists, corporate documents, ownership and control structure, business account details). This information is not Personal Data under GDPR, but we treat it as confidential and process it under contracts, MiCA/AML laws and this Policy where relevant.
“Website” or Web application or “Collect & Exchange” or “us” or “we” means Collect & Exchange CY Ltd, a company incorporated as a Crypto-Asset Service Provider (CASP) regulated in Cyprus under the Regulation (EU) 2023/1114 (MiCA) and relevant national legislation, and complies with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable Cyprus data protection laws. We also comply with AML/CFT laws as amended from time to time. By using our Website/Web Application, you agree to this Privacy Policy.
By using our Website, you hereby consent to our Privacy Policy and agree to its terms.
Our dealings with you are based on: (i) contractual dealings in form of public offer as per Terms & Conditions on the website and/or Web application (ii) customer’s explicitly consent for personal data processing in form of declaration (signed electronically) as a mandatory part of Collect & Exchange CY account registration or for using of Collect & Exchange CYservices. We process this information to provide services to the legal entity and to comply with MiCA/AML and other laws.
Depending on how you interact with us, we may collect (not limited to):
The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information.
If you contact us directly, we may receive additional information about you such as your name, the contents of the message and/or attachments you may send us, and any other information you may choose to provide.
PLEASE NOTE, THAT YOU MIGHT NOT BE ABLE TO TAKE ADVANTAGE OF MANY OF OUR FEATURES IF YOU CHOSE NOT TO PROVIDE US WITH SOME OF THE INFORMATION ABOVE.
We respect your privacy and design our services to protect it.
We use your information strictly according to the European Union Regulation (EU) on markets in crypto-assets (MiCA) and the prevention and suppression of money laundering and terrorist financing laws (AML/CFT LAW) and General Data Protection Regulation (GDPR) as amended, as well as Collect & Exchange CY Client’s Terms & Conditions, and this Privacy Policy on the website and/or the Web application and for the one of the following purposes:
personalization of content, business information or user experience;
account set up and administration;
responding to your requests;
delivering marketing and events communication;
carrying out polls and surveys;
improving our services;
internal research and development purposes;
providing Collect & Exchange CYservices;
legal obligations (eg. prevention of fraud);
meeting internal audit requirements;
changing a payment schedule for our Services;
communicate with you, either directly or through one of our partners, including for customer service, to provide you with updates and other information relating to the website, and for marketing and promotional purposes;
send you emails;
find and prevent fraud;
Also we inform you about cases, when the third person can request from us information your personal information:
in response to lawful requests by public authorities, including to meet legitimate national security or law enforcement requirements;
to protect, establish, or exercise our legal rights or defend against legal claims; to comply with a subpoena, court order, legal process, or other legal requirement;
or when we believe in good faith that such disclosure is necessary to comply with the law, prevent imminent physical harm or financial loss, or investigate, prevent, or take action regarding illegal activities, suspected fraud, threats to our property, or violations of Collect & Exchange CY, Client’s Terms and Conditions.
Please note that above mentioned lists are not exhaustive. We will record all purposes for which we process your personal data.
WE PROCESS PERSONAL DATA UNDER THE FOLLOWING LEGAL BASES: (A) CONTRACT (ART. 6(1)(B) GDPR) TO REGISTER ACCOUNTS, PROVIDE SERVICES AND SUPPORT; (B) LEGAL OBLIGATION (ART. 6(1)(C)) FOR MICA/AML/CFT, TAX AND OTHER LAWS; (C) LEGITIMATE INTERESTS (ART. 6(1)(F)) FOR SECURITY, FRAUD PREVENTION, SERVICE IMPROVEMENT; (D) CONSENT (ART. 6(1)(A)) FOR OPTIONAL MARKETING AND NON-ESSENTIAL COOKIES.
Collect & Exchange CY follows a standard procedure of using log files. These files log visitors when they visit websites. All hosting companies do this and a part of hosting services' analytics. The information collected by log files include internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. These are not linked to any information that is personally identifiable. The purpose of the information is for analyzing trends, administering the site, tracking users' movement on the website, and gathering demographic information.
You hereby shall be duly informed on the existence of automated decision-making algorithms (including profiling) used by Collect & Exchange CY that are giving us help to improve our experience of communication with you as our customer and customizing future shopping for you.
For example, such automated decision-making algorithms may profile you based on your browsing history and adverts that you click on our website/mobile apps to help us customize the advertisement showing to you according to your interests.
YOU AT ANY TIME HAVE THE RIGHT TO OBJECT ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, AGAINST THE PROCESSING OF YOUR PERSONAL DATA ON SUCH AN AUTOMATED BASIS. JUST SEND US YOUR OBJECTIONS AGAINST PROCESSING OF YOUR PERSONAL DATA BY AUTOMATED DECISION-MAKING ALGORITHMS ON THE EMAIL [email protected]
We adopted all statutory requirements with regards our obligations as a data controller and/or processor under the regulation of EU on the protection of personal data, including General Data Protection Regulation (GDPR) - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.and other relevant laws to provide you with adequate levels of data protection. However, you should be aware that Collect & Exchange CY is a company registered and acting under the European Union Regulation (EU) on markets in crypto-assets (MiCA) and the prevention and suppression of money laundering and terrorist financing laws of 2007- 2021 (AML/CFT LAW) as amended and fall under the regulation of EU on the protection of personal data, including General Data Protection Regulation (GDPR) - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.
However, Collect & Exchange CY has implemented all appropriate safeguards to guarantee our clients the compliance of the highest personal data protection standards and principles.
BY USING COLLECT & EXCHANGE, YOU CONSENT TO THIS PRIVACY POLICY AND, WHERE REQUIRED, TO OPTIONAL PROCESSING (E.G., MARKETING OR NON-ESSENTIAL COOKIES). WHERE WE TRANSFER PERSONAL DATA OUTSIDE THE EEA/UK, WE USE THE EU STANDARD CONTRACTUAL CLAUSES (SCCs) AND, WHERE NECESSARY, SUPPLEMENTARY MEASURES AND TRANSFER IMPACT ASSESSMENTS.
Safeguarding personal information. The Web Application employs the necessary managerial, technological, physical, and electronic safeguards to secure and preserve the security of the Users' personal data. The Web application will make every effort to prevent any personal data obtained through the Web application from becoming the target of annoyance by any third party not affiliated with us.
The Web application may implement a variety of security mechanisms, including but not restricted to:
Physical safeguards: User personal information records shall be kept in a secure environment.
Electronic measures: Computer data containing Users' personal information will be kept on storage media and in computer systems that have stringent login requirements.
Management precautions: Only employees who have been given proper permission by the web application may access the personal data of Users, and such employees are required to abide by the web application's internal code of conduct on the confidentiality of personal data.
Technical safeguards: Users' personal data may be transmitted via encryption methods like Secure Socket Layer Encryption.
Like many other websites, our website uses cookies. 'Cookies' are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit. For example, we use cookies to store your country preference. This helps us to deliver a more personalized service when you browse our website and improves our services.
It is possible to switch off cookies by setting your browser preferences. Turning cookies off may result in a loss of functionality when using our website.
We use:
Session cookies that enable Collect & Exchange CY to process and memorize your transactions and requests during a given session on your account. These cookies are necessary in order to use the Services.
Persistent cookies that enable us to remember your information in order to provide easier and more convenient access to the Services, tailored information, web content.
Recognizing your browser or device for security purposes and preventing fraudulent activity on your account.
Recognizing you when you sign-in to use our website or mobile application for cross-device tracking. This allows us to recognize your activity on Collect & Exchange CY across multiple devices and browsers and track of items stored in your shopping basket.
Tracking of your activity in Collect & Exchange CY allows us to discover what adverts you click on our website in order to show you related content or to limit the number of times of displaying such ads.
Attribution tracking allows us to estimate what advertising or marketing source you followed to come to Collect & Exchange, and/or to determine what marketing source should get credit for actions like a visit or a purchase.
Researching how customers interact with our services (for example, statistical reports) allows us to improve the quality of Collect & Exchange CY website, mobile application and services.
Collect & Exchange CY retains the right to cooperate with any third party (include search engines, providers of measurement and analytics services, social media networks, and advertising companies) which may use its own tracking technologies to provide certain services or features, including targeted online marketing techniques such as attribution tracking, remarketing, and cross-device tracking. Such third parties may provide us with some statistical information about you (for example, your interests, information on your devices etc.), which help us to improve the adverts shown each time you visit Collect & Exchange.
PLEASE NOTE THAT IF YOU REJECT OR BLOCK ALL COOKIES IN YOUR BROWSER SETTINGS, YOU WILL NOT BE ABLE TO TAKE FULL ADVANTAGE OF COLLECT & EXCHANE CY SERVICES AS SOME COOKIES ARE NECESSARY FOR THE SITE TO FUNCTION PROPERLY. NON-ESSENTIAL COOKIES AND ADVERTISING/MEASUREMENT TECHNOLOGIES ARE USED ONLY WITH YOUR CONSENT. YOU CAN MANAGE PREFERENCES VIA OUR COOKIE BANNER AND BROWSER SETTINGS.
We always treat personal data confidentiality and do not disclose your personal data to other clients, organizations or individuals, if such disclosure is not necessary for providing Collect & Exchange CY services or conducting our business operations with you, as it is outlined in the purposes for processing of such data.
In addition to the disclosures outlined within this Privacy Policy we may disclose information about you:
to the extent that we are required to do so by law;
in connection with any legal proceedings or prospective legal proceedings;
in order to establish, exercise or defend our legal rights - including providing information to others for the purposes of fraud prevention and reducing credit risk.
WE WILL NEVER SELL YOUR PERSONAL INFORMATION TO ANY THIRD PARTY.
In addition, we may share data with trusted partners to contact you based on your request to receive such communications, help us perform statistical analysis, or provide customer support. Such third parties are prohibited from using your personal data except for these purposes, and they are required to maintain the confidentiality of your information. If you do not want us to share your personal data with these companies, kindly contact us.
In event we employ other companies and people to provide services to visitors of our website and/or web application, our customers, and users of the Collect & Exchange CY services and may need to share your information with them to provide information, products or services to you. Examples may include analyzing data and providing customer service. In all cases where we share your information with such agents, we explicitly require the agent to acknowledge and adhere to our privacy and Customer data handling policies.
We take care of your safety. This is important for us, because this depends on the success of our cooperation with you. We provide such opportunities to protect our information from violent abuse: Your account information is protected by a password. In turn, we advise you to choose a password carefully, take care of the safety of your computer and mobile phone. When personal data (such as a credit card number) is collected on our Website and/or transmitted to other websites, it is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol.
Personal Data Breaches
In the event of a personal-data breach, Collect & Exchange CY will notify the Office of the Commissioner for Personal Data Protection within 72 hours where required by Article 33 GDPR and will inform affected individuals without undue delay when the breach is likely to result in a high risk to their rights and freedoms.
WE KEEP PERSONAL DATA NO LONGER THAN IS REASONABLY NECESSARY FOR THE PURPOSES DESCRIBED AND TO MEET LEGAL REQUIREMENTS. IF YOU CLOSE YOUR PROFILE, WE ERASE PERSONAL DATA THAT WE ARE NOT LEGALLY REQUIRED TO RETAIN (E.G., UNDER AML/CFT OR TAX LAWS).
In accordance with the Prevention and Suppression of Money Laundering and Terrorist Financing Law 188(I)/2007 (as amended), we must retain customer due diligence (CDD/KYC) documents and information, as well as transaction records, for at least five (5) years after the end of the business relationship with the customer or after the date of an occasional transaction. This period may be extended where requested by a competent authority or where necessary for the establishment, exercise or defence of legal claims.
We may also retain certain records for the periods required by applicable tax, accounting or other laws.
If you withdraw your consent or close your profile, we will stop processing such data for marketing and will delete data that we are not required to keep by law.
When statutory or business‑need periods expire, we delete or irreversibly anonymise the data.
If you close your profile, we will deactivate your account and erase Personal Data that we are not legally obliged to retain. Please note that backup systems may retain copies for a limited time consistent with our security and business continuity obligations.
You may consult this list to find the Privacy Policy for each of the advertising partners of Collect & Exchange CY-
Third-party ad servers or ad networks use technologies like cookies, JavaScript, or Web Beacons that are used in their respective advertisements and links that appear on Collect & Exchange CY- which are sent directly to users' browsers. They automatically receive your IP address when this occurs. These technologies are used to measure the effectiveness of their advertising campaigns and/or to personalize the advertising content that you see on websites that you visit.
Note that Collect & Exchange CY- has no access to or control over these cookies that are used by third-party advertisers.
We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:
The right to access – You have the right to request copies of your personal data. We do not charge a fee unless your request is manifestly unfounded or excessive, or you request additional copies.
The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.
The right to erasure – You have the right to request that we erase your personal data, under certain conditions.
The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions. When you have any objection to processing your personal data, you can do so by sending an email on [email protected]
The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.
The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
We appreciate our clients, but also we appreciate their freedom of choice. You can withdraw your consent to our processing of your information and your use of the Services. You are able to do it at any time by closing your account by sending an email on [email protected] to request that your personal information be deleted.
We are able to provide you with a copy of all the personal data that we have regarding you, in electronic format. You always have the ability and capacity to export your personal data collected or stored digitally concerning you as our customer by sending your request to via email on [email protected]
If you reasonably believe that we are violating our responsibilities to protect your privacy, you have a right to lodge a complaint.
In any time, you may:
withdraw your consent to use your personal data that you previously gave to us;
You can request access to, removal and erasure of your personal data;
You have right to make corrections, amendments and updates to your personal data;
You can object to or restrict us in use of your personal information, if there is a disagreement about its accuracy, or we're not lawfully allowed to use it.
If you would like to port your data elsewhere (if the processing is being done by automated means, you may ask us to provide it to you or another service provider in a machine-readable format), you can contact Collect & Exchange CY for assistance and we will respond to your request within 30 days.
You have a right to ask us to restrict the processing of some or all of your personal information if there is a disagreement about its accuracy, or we're not lawfully allowed to use it.
Another part of our priority is adding protection for children while using the internet. We encourage parents and guardians to observe, participate in, and/or monitor and guide their online activity.
Collect & Exchange CY - does not knowingly collect any Personal Identifiable Information from children under the age of 18. If you think that your child provided this kind of information on our website, we strongly encourage you to contact us immediately and we will do our best efforts to promptly remove such information from our records.
Collect & Exchange CY does not provide services or marketing directed at minors. Account verification procedures ensure compliance with MiCA requirements regarding eligible participants.
There could be some cases where we may contact you. In light of the fact that each accountant on the website is required to keep a relevant e-mail address, all notifications from Collect & Exchange CY should be sent on your e-mail. As well push notifications could be used on our website in order to inform you about some warning or important information.
Some of cases for receiving messages from Collect & Exchange CY described below:
Messages by email or by push – notifications (e.g. about creation of accounts),
Messages by phone (e.g. about confirming transaction details),
Messages by email or by phone (e.g. about Transactions, security of your account, etc.)
Messages by email or by your account (e.g. about funding balance of your account).
When you open an account at Collect & Exchange CYyou will have a choice to subscribe on our newsletter. By opening an account via our website you consent to receive marketing emails from Collect & Exchange CY and other messages from us. Members may also control some marketing emails or messages through their account settings as well as through the opt-out link included in marketing emails or messages.
You at any time can unsubscribe from our marketing communications by sending your request to via email on [email protected]
We may update this Privacy Policy from time to time by posting a new version online. You should check this page occasionally to review any changes. If we make any material changes we will notify you by posting the revised Privacy Policy on our website and providing notice to your email corresponding to your account. This helps you to always be aware of what information we collect, how we use it and under what circumstances, if any, it is disclosed.
Your continued use of the Collect & Exchange CY website, application, or services after the effective date of any update constitutes your acceptance of the revised Privacy Policy.
If you do not agree to the updated Policy, you should discontinue using our services and may request account closure at any time.