General Data Protection Regulation
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Special categories of personal data
Personal data which are, by their nature, susceptible to fundamental rights and freedoms merit specific protection as the context of their processing could create significant risks to the fundamental rights and freedoms. Special Categories of personal data are personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
‘Consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
Services” means [describe the services provided].
2. How we collect personal data
- Directly from you: We collect personal data directly from you when you visit our website, when you request information, submit a request, create an account, perform a transaction.
- By automated means through the use of the website: When you visit the Project’s website, we may collect data from you based on your browsing and using our services. This data may include search history, address IP, screen resolution, the browser you used, operating system and settings, access times and URL reference, as well as data collected through cookies (See Policy cookies).
- From third parties: If you connect to https://www.hnc-coin.com/ through a third-party service (e.g. Facebook), this third-party service may send us information, such as your registration information and profile from that service. This information varies and is controlled by or authorized by you through your privacy settings in the third-party service. Also, and to the extent required and permitted by applicable law and within the context of due diligence under national and international standards to prevent money laundering, terrorist financing and circumventing trade and economic sanctions, we may use data collected from third parties and service providers and/or partners, and combine it with information we have about you.
3. What personal data we collect
When you visit the website https://www.hnc-coin.com/ we collect the following personal data, which (data) may vary depending on the use performed by each visitor (contact form, account information etc):
- Email address
- Telephone (mobile, landline)
- Any information you include in the text of the contact form.
- The information you provide to create an account and specifically :Full legal name (including former name, and names in local language), Proof of identity (e.g. passport, driver’s license, or government-issued ID), residential address, Proof of residence, full legal name of all beneficial owners, directors, and legal representatives of corporate entities, percentage of ownership for Individual/corporate owners, the Contact information of owners, principals, and executive management (as applicable), Proof of identity (e.g., passport, driver’s license, or government-issued ID) for corporate legal representative
- Browsing data such as address IP, screen resolution, browser used, operating system and settings, access times and URL and data collected through (cookies).
5. Processing purpose
The purpose of the data collection/processing is to provide information to all users, existing and prospective clients, about the company and the services offered, to effectively communicate with the users and clients, to enable you to create and manage your individual or corporate account with HNC Coin, to promote and perform the contractual relationship with our clients and to protect the security of transactions. Specifically, we use your data:
- To enable you to access and use our website and the services we provide through our website.
- To enable you to create and manage an account with HNC Coin.
- To respond to customer requests.
- To administer, deliver, improve, and personalize the Service.
- To communicate with you in relation to other products or services offered by HNC Coin and/or its partners.
- To send you notices and commercial communications,
- To perform marketing and promotional campaigns.
- To be able to detect and prevent cases of fraud, abuse, security incidents and other harmful activities and to perform security and risk assessments.
- To ensure the company’s compliance with legal obligations.
- To improve our services and enhance the user experience, control, troubleshoot, and improve the functionality and quality of our online services and generally optimize and tailor our web platform to your needs, making our website easier and more efficient to use.
6. Legal basis for processing
The legal basis for the processing of personal data collected in accordance with the above is:
- Processing of the personal data is necessary for the performance of the contract between you and HNC COIN, specifically to provide the services and/or information requested.
- Processing is necessary for the purposes of the legitimate interests pursued by HNC COIN or by a third party. HNC COIN will always balance your rights and interests in the protection of your personal data against HNC COIN’s rights and interests or those of the third party.
- Processing is necessary to comply with a legal obligation to which HNC COIN is subject (such as tax law or lawful law enforcement requests).
- Your consent, in order to process your personal data for direct marketing purposes, to provide personalized offers, or any other instance where consent is required under applicable law.
The Project also reserves the right to regularly communicate with our customers by telephone, mail, email, SMS or any other means of communication, using the contact information which has been obtained lawfully, within the context of the Project ’s contractual relationship with the user (article 11§ 3 of N. 3471/2006) provided that the user has not opposed this communication. This communication may include an update on services provided, research to improve the services provided to the Customers and other promotional activities and to serve similar purposes.
7. Social media share button
HNC COIN has official social media accounts, specifically on Facebook, Instagram, Reddit, YouTube and Twitter. On its website, the Project incorporates an additional social media share button for Facebook, Linked In and Twitter, inviting website visitors and users to follow the Project in the respective social media (follow/like) as well as upload posts and comments. We may collect certain personal data during your use of social media (such as your profile data in the corresponding medium).
The purpose of the data processing is to make visible and promote the project’s image and services, to provide updates or to communicate with you, responding to the messages/comments you send us.
The legal basis for processing is your consent, which you provide when you actively click on the social media share button, the “like” or “follow” button on the project’s social media. You can withdraw your consent at any time, in the same manner you provided it, i.e. by clicking “unlike” or “unfollow”.
8. Personal data recipients
HNC Coin will not share your Personal Data with third parties (other than its partners in connection with their services to HNC Coin) except if you have given your consent. In brief, for the fulfilment of each of the above processing purposes and within the scope of the responsibilities and duties of each recipient, the recipients of the user’s data may be:
- The employees of the company
- Payment service providers and financial institutions;
- Customer communications platforms;
- Tax and other authorities or other public authorities in case of audits
- External partners providing accounting services, audits, Internet services, technical support services or other services necessary for the operation of the website and the performance of the services by the Project.
We may also share personal data with financial institutions, insurance companies or other companies in the case of a merger, divestiture, or other corporate re-organization and notify you of such sharing of your information to be able to exercise any of your rights where applicable.
Additionally, we need to advise you that we are subject to and we have implemented international standards to prevent money laundering, terrorist financing and circumventing trade and economic sanctions under the applicable European (e.g. Dir. (EU) 2018/843 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL, amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU) and national legislation, which requires us to undertake due diligence on our customers. This may include the use of third-party data and service providers which we will cross-reference with your personal information.
It should be noted that when storing, accessing and/or processing the user’s personal data, the employees and agents of the company fully comply with the relevant provisions of the European General Data Protection Regulation 2016/679 on the protection of Data. The Project requires of its employees, its website hosting and service providers, as well as its third-party partners, to take all necessary technical and organizational measures (including appropriate policies and procedures) to prevent unauthorized disclosure of users’ personal data to which they gain access, and implement procedures for the management and processing of personal data in a lawful manner and protect such data according to GDPR imposed obligations.
9. Retention period
We retain your personal data for the duration of our contractual relationship. The personal data we process is not retained for a longer period than is necessary for the performance of the contract and any services directly related to it:
- when we provide a service,your personal data is retained for as long as it is necessary to fulfil the service and for a period of 5 years from the completion of the specific service and at least for as long as it is defined by the legal (tax or other) obligation.
- when you open an account, your data is retained for as long as you keep your account active and for a period of 3 years from the time you decide to terminate/disable your account and at least for as long as it is defined by the legal (tax or other) obligation.
- In case you contact us via email, your personal data is retained for as long as necessary to respond to your request and for a period of time 2 years afterthe completion of the request.
We will also retain personal data:
- To the extent required by law (for example, in order to comply with tax legislation)
- In order to comply with court proceedings (any ongoing or future court proceedings)
- To establish, exercise or defend our legal rights, personal security of the users and the public.
However, some necessary personal data regarding your contractual relationship with the Project as well as information concerning your notification on the processing of your data and your consent, where applicable, may be retained to establish the lawfulness of processing of user data by the Project and the legal claims of the parties.
10. Technical and organisational measures
The Project, its developers, processors, assistants, agents shall implement appropriate technical and organizational measures to ensure, as much as possible, the most appropriate protection of personal data against accidental or unlawful destruction, loss, alteration, unlawful disclosure or access to them and any unlawful processing, as well as to ensure the possibility of restoring availability and access to them. Such measures include:
- the pseudonymisation and TLS 1.2 encryption of personal data;
- 2-factor authentication;
- access control policies and procedures;
- Incident response plan and procedures
- Testing, assessment, and evaluation procedures of our technical and organizational measures’ effectiveness in order to ensure that the security measures in place are up to date and comply with the legal and technical developments.
- Implementation of measures that enable us to ensure the ongoing confidentiality, integrity, availability and resilience of our processing systems and services;
- Implementation of measures that enable us to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.
In addition, as mentioned above, the Project requires its developers, its website hosting and service providers, as well as its third-party partners, to treat personal data as confidential and take all necessary technical and organizational measures (including appropriate policies and procedures) to prevent unauthorized disclosure of such data, and implement procedures for the management and processing of personal data in a lawful manner and protect such data according to GDPR imposed obligations.
These measures also serve so as to demonstrate that processing is performed in accordance with GDPR, obviously taking into account the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, while applying appropriate procedures for the regular testing, evaluation and evaluation of the effectiveness of the techniques and organizational measures.
11. Your rights
Under the GDPR (articles 12-22) you have the following rights:
- Request a copy of your personal data.
- Withdraw your consent when this is the legal basis of the processing of your personal data.
- Request that your personal data be corrected if it is inaccurate.
- Request erasure of the personal data you have provided under the conditions set out by law.
- Request restriction of processing under the conditions set out by law.
- Request the portability of your personal data if you have provided us with the data and the processing is based on consent or performance of a contract, and processing is based on automated means.
- Oppose some form of processing of your personal data by the Project.
To exercise any of the above rights, you may contact us via e-mail: firstname.lastname@example.org
We will take all possible measures to satisfy your request within a reasonable period, no later than one (1) month after submitting the request and proper proof of your identity. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. Please note that the absolutely necessary user data may be retained, in order to safeguard the legal interests of the Company.
Please note that depending upon the circumstances and the request, we may not be permitted to provide access to personal data or otherwise fully comply with your request; for example, where producing your information may reveal the identity of someone else. We reserve the right to charge an appropriate fee for complying with your request where allowed by applicable law and/or to deny your requests where, in the Project ’s discretion, they may be unfounded, excessive, or otherwise unacceptable under applicable law.
Finally, each user has the right to submit a request to the Project inquiring on how the Project processes and protects your personal data, and if you consider that your rights are infringed, you have the right to file a complaint with the Data Protection Authority (https://edps.europa.eu/_en).
Please be aware that the content and services of this site are not intended for persons under 18 years of age. No personal data must be submitted to the Project through the website by visitors under 18 years of age. If we become aware that a user under the age of 18 has provided personal data without the explicit consent of the parent or legal guardian, we will immediately delete, after receiving such information or request, the relevant data in accordance with the applicable Project policy.
The Project may change this policy. Please check the effective date at the top of the policy to see when it was last revised. Every revision will be implemented as soon as we publish the revised policy.
If we make substantive changes to this policy that broaden our rights to use the personal data that we have already collected from you, we will inform you and provide you with a choice for the future use of these data.