Privacy Notice

This Privacy Notification is effective as of May 19, 2025.

This Privacy Notice explains how CoinsPaid processes the personal data of our customers and website users, referenced as either “customers”, “users”, “data subjects”, “you”, “your/s”.

Our contact details

All references to “CoinsPaid”, “us”, “we” or “our” apply to:

Dream Finance OÜ, a company incorporated under the laws of the Republic of Estonia with the registration number 14783543. Our registered office is at: Harju maakond, Tallinn, Kesklinna linnaosa, Kai tn 4, 10111, Estonia.
And
Dream Finance UAB, a limited company, incorporated under the laws of Lithuania, with company registration number 306036821, whose registered office is at Laisvės pr. 10, Vilnius, LT-04215, Lithuania,

For questions related to how we process personal data please contact our Data Protection Officer at: [email protected].

The categories of personal data subject to the processing

• As a data processor, we process the following categories of personal data:
  • Information related to cryptocurrency wallets, including wallet addresses and associated data;
  • Data related to Transactions, including but not limited to Transaction dates, times, Transaction IDs (TxIDs), balances, and risk scores;
  • Information related to Fiat Transactions, including SEPA or SWIFT data required for processing payments;
  • IP addresses, browser and operating system details, device fingerprints, and other technical data used to access or interact with the Services;
  • Email addresses of Account operators or individuals authorized to access or manage the Account;
  • Information regarding system fees, transaction limits, and other operational parameters for Transactions and activities such as deposits, withdrawals, and exchanges;
  • Data related to the version of the API used for integration with the Services;
  • Credentials, which may include: User IDs, passwords, access keys, or any other authentication mechanisms, Authorized Users.
  • Data for technical support, service optimization, troubleshooting, and performance analysis.
• As a data controller we process the following categories of personal data:
  • Contact information: full name, email
  • Signatures: Authorisation form, signed by the Director
  • Financial information: Bank statement of the company representing transactions of the past few months.
  • Identification documents, including photos of Directors, UBO – Ultimate Beneficial Owner, account owners
  • Passport numbers
  • Other individuals and legal entities within the company structure
  • CV of Directors and the UBO
  • Documents confirming source of funds of the UBO (for example: pay slips, tax declarations, bank statements, for Business Wallet or cases where a company is funded by UBO funds)
  • Video interview for high-risk users or for cases where EDD required.
  • Certificates: i.e., Certificate of Incorporation, certificate of shareholders, Certificate of Directors and Secretaries
  • Memorandum and Articles of Association, ownership structure
  • Position
  • Geolocation: Country of residence, residence address
  • IP addresses
  • Age
  • Website use: History of your logs and activity on the Website

Purpose of the processing

We process personal data for the purposes listed below.

• As a data processor we process personal data to provide the following services:
  • Facilitation of payments using virtual currency
  • Conversion service support for digital assets
  • Management of virtual currency wallets
  • API integration to enable the sale of Client’s services to End Customers
  • Client account setup and administration
• As a data controller, we process personal data for the purposes listed below:
  • Regulatory Compliance & Fraud Prevention:
    Conducting AML, KYC, KYB, counter-terrorist financing, and sanctions screening,
    as well as due diligence assessments to detect and prevent fraud, money laundering, and other illicit activities.
  • Legal & Operational Integrity:
    Ensuring adherence to regulatory requirements, audits, dispute resolution processes,
    and maintaining the integrity of our services.
  • Risk & Security Management:
    Evaluating client risk profiles, protecting assets from unauthorized access,
    and preventing fraud and scam activity.
  • Financial & Transaction Management:
    Maintaining detailed transaction records, managing invoicing,
    and facilitating fiat currency transactions through financial service providers.
  • Communication & Assistance:
    Responding to requests, providing information on products, news, and updates,
    and offering support in criminal investigations and regulatory actions.
  • Dispute Resolution & Protection:
    Safeguarding the interests of both users and the organization
    through appropriate legal and operational measures.

Please be informed that the processing of your personal data may involve automated decision-making, including profiling. We may utilize these processes for purposes such as onboarding, account management, and fraud prevention.

Legal basis of the processing

Our legal basis for processing the personal data described above will depend on the personal data concerned and the specific context in which we process it. When processing personal data for the purposes described in this Privacy Notice, we will rely on:

• Contractual necessity — When processing is required to fulfill the terms of an agreement with individuals or businesses, ensuring service delivery and contractual obligations.
• Compliance with legal obligations — When processing is necessary to fulfill regulatory and statutory requirements.
• Public interest — Where processing supports activities that benefit the wider community or ensure compliance with public regulations.
• Legitimate interest — When processing is essential for the operation, security, or improvement of our services, provided such interests do not override individual rights.
• Consent — When we obtain explicit authorization from individuals to process their personal data for specific purposes.

Sources of the personal data we process

We primarily process personal data provided directly to us. However, we also collect and process personal data from publicly available sources. This includes utilizing screening lists from data vendors, identity verification services, anti-fraud solutions, and transaction monitoring systems.

The categories of recipients of the personal data we process

Typically we share personal data with the following recipients as necessary to provide our services and ensure compliance with legal requirements:

• Affiliates, agents, and representatives who support our operations.
• Identity verification and anti-fraud service providers ensuring security and regulatory compliance.
• Contractors supplying information from publicly accessible sources, including sanctions lists.
• Financial service providers facilitating fiat currency transactions to and from our services.
• Compliance and verification providers, including those offering Travel Rule solutions under the Markets in Crypto-Assets (MiCA) Regulation, ensuring secure data exchange, transaction monitoring, and counterparty verification for Virtual Asset Service Providers (VASPs).
• Cloud computing service providers hosting our solutions.
• Law enforcement or regulatory agencies, when required or permitted by law.

Transfers of personal data to third countries

We may transfer your personal information outside the European Economic Area (EEA) only under the following conditions:

• Adequate Level of Protection: The destination country provides a level of personal data protection deemed adequate by the European Commission’s decision.
• Appropriate Safeguards: We implement safeguards to protect your rights as a data subject, such as Standard Contractual Clauses (SCCs) or obtaining your explicit consent for the transfer.
• Legal or Public Interest Exceptions: Specific derogations may apply if the transfer is necessary for the establishment, exercise, or defense of legal claims, or is required for important reasons of public interest.

You may request the essence of the applicable safeguards by contacting us at [email protected].

Personal data retention

We retain personal data only for as long as necessary to fulfill its intended purpose. This includes compliance with legal obligations, dispute resolution, and safeguarding both your and our legitimate interests. Personal data will be stored for a maximum of five (5) years following the termination of our legal relationship, unless a longer retention period is required by applicable legal obligations.

You may request the deletion of your personal data at any time. However, in certain cases, we are legally required to retain specific information to ensure regulatory compliance.

Your rights

You are entitled to the following rights regarding the processing of your personal data:

• Right of Access — You may request copies of your personal information.
• Right to Rectification — You can ask us to correct any inaccurate information or complete any incomplete data.
• Right to Erasure — You have the right to request the deletion of your personal information.
• Right to Restriction of Processing — You may ask us to limit the processing of your data in specific circumstances.
• Right to Object to Processing — You have the right to object to the processing of your personal data.
• Right to Data Portability — You can request the transfer of your personal data to another organization or directly to you.

Please note that these rights are not absolute and may be subject to certain limitations depending on the nature of processing and legal requirements. If we are unable to fully comply with your request, we will provide you with an explanation.

To comply with KYC (Know Your Customer) and AML (Anti-Money Laundering) requirements, we require certain personal data during the application process for services that involve identity verification and ongoing activity monitoring. Additionally, in some cases, we may request additional data and documents to meet KYC and AML/CTF (Counter-Terrorist Financing) obligations. If you choose not to provide this information, we will be unable to offer our services to you.

If we process your personal data based on your consent, you have the right to withdraw it at any time. To do so, please contact us at [email protected].

You also have the right to lodge a complaint with the relevant Data Protection Authority if you believe your personal data has been processed unlawfully or in violation of applicable regulations.

Our Data Protection Supervisory Authority is Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon). You can complain to Data Protection Inspectorate if you are unhappy with our data protection practices.

The address of Data Protection Inspectorate is:

Tatari 39
10134 Tallinn
Tel. +372 6828 712
email: mailto:[email protected]
Website: https://www.aki.ee/

For California consumers only

In addition to the rights listed in the section “Your rights” you benefit in addition to the following rights:

You have the right to limit the processing and/or disclosure of your Sensitive Personal Information (SPI). However, please note that we do not process SPI for secondary purposes, including:

• Targeted advertising or marketing based on sensitive financial data.
• Selling SPI to third parties (which many financial institutions do not engage in).
• Consumer profiling for purposes unrelated to fraud prevention or service delivery.

If we offer a financial incentive or a price or service difference in exchange for your personal information, we will notify you in advance and provide details on how you can opt in.

We do not sell or share your personal information for cross-context behavioral advertising. If this policy changes, we will notify you and provide information on how to opt out of such data processing. Additionally, we do not sell personal information to third parties under the meaning of the CCPA, and therefore, no opt-out process is currently provided.

You have the right to not receive discriminatory treatment for exercising any of your privacy rights. We will not treat you differently unless we can demonstrate that the value of the personal information you provide is reasonably related to the difference in price or service offered.

Our Products and Services are not directed to or intended for use by minors. We do not intend to and we do not knowingly collect personal information from children under the age of 16. If you have reason to believe that a child under the age of 16 has provided us with personal information through this website, please contact us at [email protected] and we will take appropriate steps to remove the data from our records.

Personal data security

CoinsPaid has implemented security measures to comply with acknowledged international security standards, such as Communication channels encryption:

• Encryption at rest
• Access management controls
• Antimalware tools Technical vulnerabilities fixing process
• Application security test
• Data Masking

Our platform uses SSL or TLS encryption for security reasons and for the protection of confidential content transmission when you send us requests.

Changes to the Privacy Notice

We reserve the right to update this Privacy Notice at any time. Any changes will be posted on this page, and where required by applicable law, we will notify you through appropriate channels.

By continuing to use the website, Products, or Services, or by providing us with information after the updated Privacy Notice has been published, you acknowledge and agree to be bound by its revised terms.