Cometa.gg

Privacy Policy

Exchange RulesAML/KYC PolicyPrivacy Policy

Privacy Policy of the Cometa Service

The Cometa Service (hereinafter referred to as the Service) constantly monitors legislative updates and complies with all laws regulating the activities of financial institutions, anti-money laundering and anti-terrorist financing laws, as well as European laws and directives concerning data privacy. In accordance with the introduction of the General Data Protection Regulation (GDPR), the Service has taken the appropriate measures described in this document.

Since its launch, the Service has adhered to a number of core privacy principles. These principles apply to all individuals and organizations whose personal data we hold. In particular, we pay special attention to the following key principles:

  • The Service's principles and practices must be transparent. Our Users must understand what personal data the Service collects, for what purposes personal data is collected, how personal data is stored, and what our privacy principles mean;
  • The Service guarantees the security and control of Users' personal information and provides our Users with the right to choose regarding their personal data;
  • The Service's core principle is the protection and security of personal and financial data. The Service ensures compliance with relevant security standards and the protection of Users' personal data;
  • As a system for providing Internet services for the exchange of electronic assets, the Service collects personal data to provide exchange services. Personal data is primarily used to prevent fraud and suspicious transactions, as well as to comply with local and international laws on the prevention of money laundering and terrorist financing.

Our privacy policy consists of the following articles:

  • Business and Legal Information of the Cometa Service.
  • Definition of Personal Data. What data the Service collects about its Users.
  • How personal data is collected in the Service.
  • How personal data is used by responsible Service employees.
  • Disclosure and transfer of Users' personal data to other organizations:
    • 5.1. Marketing.
    • 5.2. International Data Transfer.
    • 5.3. Data Storage.
  • Users' rights related to personal data.
  • Security and storage of personal data:
    • 7.1. Minors.
  • Right to file a complaint and withdraw data.
  • Policy on the use of cookies and other access methods.

1. Business and Legal Information of the Cometa Service

The Cometa Service is a system for providing Internet services for the exchange, sale, and purchase of electronic assets and electronic money. The Service may be operated by several legal entities with corresponding licenses in various jurisdictions. Up-to-date legal information about the managing companies is provided to Users upon request or in the relevant sections of the Website (cometa.gg). Support Email:.

The purpose of this Privacy Policy is to provide Users of the Service with information on how the Service collects and processes any personal data when Users use the website or register with the Service. This includes all areas of interaction with our Users. According to Directive 95/46/EC (General Data Protection Regulation), the Service is a data controller and is therefore responsible for using personal data securely in accordance with applicable law and the agreement between the Service and its Users. Please familiarize yourself with this Privacy Policy and additional information related to the services offered by the Service. In case of questions, please contact us at the email address provided above.

2. Definition of Personal Data. What data the Service collects about its Users

Personal data is any information of a personal nature that identifies an individual. Data that cannot establish a person's identity (anonymized data) is not considered personal data. The Service collects, uses, processes, stores, or transfers personal data such as:

  • Identification data. This data includes full name(s), date of birth, government-issued identification number, number and series of any identity document. The Service uses this data, in particular, to identify its Users, to prevent money laundering (ML) or terrorist financing (TF).
  • Contact data. This is data used to contact Users, such as phone number, address, email, and payment details. This data is also used for two-factor identification of the User to prevent any risks associated with ML or TF.
  • Financial data. This data includes bank account number, payment card details, and other related financial data. They are also used for monitoring and identifying the User to prevent any risks associated with ML or TF.
  • Payment details. When Users register, this includes information related to payments when using our products or services.
  • Technical data and access data. This includes data such as Internet usage information, Internet Protocol address ("IP address"), login data, unique user identifier, installed software version, screen resolution, language settings, cookie preferences, content and pages that the User visits on the Website, and the dates and times of the User's visits to the Website.
  • Marketing and communication data. This data includes the User's decision to subscribe or unsubscribe from receiving marketing materials from the Service or its third parties.

The detailed scope of personal data required for using a specific service can be found in the Exchange Rules, which are available on the website https://cometa.gg. The Service does not collect, store, or process special categories of its Users' personal data (racial or ethnic origin, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, health information, genetic, and biometric data). To the extent that the Service's website contains links to third-party websites, plugins, and applications, by agreeing to the Privacy Policy, the User must understand that the Service does not control third-party sites and does not influence their privacy policy.

3. How personal data is collected in the Service

As a system for providing Internet exchange services and having obligations to prevent ML and TF, the Service collects data, including personal data, to be able to provide its services to Users. The Service collects only the personal data necessary for the operation of the Service and the provision of services:

The Service is legally obligated to verify the authenticity and validate payments to mitigate and protect against identity theft or fraud, money laundering, and terrorist financing. For this purpose, certain personal and non-personal data of the User may be collected directly by the Service and entered into fraud analysis systems available for such verification:

  • to verify the User's identity and compare User information for accuracy;
  • to retain User data if the User uses their right to withdraw from completed exchanges or if they are subject to a dispute or refund, for transferring transaction information to financial institutions for dispute resolution;
  • in accordance with the law and terms with Users, the Service will not be able to provide services until it receives the requested data.

The Service collects information on its websites in various ways, specifically when the User provides their personal data directly to the Service. This includes:

  • providing User data on the website to contact the User regarding the services provided;
  • creating an application for Service services directly on web pages or by email;
  • sending requests to the Service support team.

The Service receives personal data through third parties or public access, namely as follows:

  • technical data for the purposes of preventing fraud and risks;
  • identification data and contact data from publicly available sources in accordance with applicable law.

4. How personal data is used by responsible Service employees

The main and principal purpose for which the Service uses personal data is the provision of Internet exchange services, including ensuring proper quality of services. Additionally, the Service uses Users' personal data in the following cases:

  • when necessary to comply with the legitimate interests of the Service or the legitimate interests of a third party;
  • when the Service uses personal data to fulfill its legal obligations — for example, to prevent ML and TF, as well as other legal requirements;
  • personal data is used with the User's active and informed consent;
  • to enable the Service to communicate effectively with its Users.

To improve products or services, the Service may use automated tools, including profiling and automated analysis of Users' personal data, for the following purposes:

  • to conduct the KYC procedure prescribed by applicable law;
  • to prevent fraud in accordance with the requirements of applicable law;
  • to conduct KYC procedures and risk assessment;
  • to inform the User about the status and history of transactions;
  • for issuing and storing invoices and accounting documents;
  • for data analytics to improve websites, products, or services.

5. Disclosure and transfer of Users' personal data to other organizations

When working with Users' personal data, the Service shares this data with:

  • Internal third parties — responsible staff employees of the Service and specific third parties, such as company groups providing financial and compliance support, as well as ML/TF services.
  • External third parties:
    • payment gateways in accordance with service agreements and terms;
    • contracted service providers who assist the Service in its business operations, such as software providers for payment risk analysis (AML providers).

In case of a request from law enforcement agencies, a court order, or any other similar legal procedure, the Service takes all reasonable organizational and technical measures to ensure that each third party uses protection standards in accordance with applicable law.

5.1. Marketing

The Service maintains a register of marketing communication data, and every User has the right to unsubscribe from receiving marketing notifications at any time by clicking the unsubscribe link.

5.2. International Data Transfer

The Service does not transfer its Users' personal data to third parties, except for persons who are part of the Service's legal obligations and third parties within the framework of contractual relations, when the transfer of personal data is carried out to provide exchange services.

5.3. Data Storage

In accordance with international standards for combating money laundering (AML) and terrorist financing (CFT), the Service stores Users' personal data, collected identification data (KYC), and detailed transaction history for a minimum of 5 (five) years from the date of the last transaction or termination of business relations. Data storage by the Service is determined taking into account compliance with legal (contractual or statutory) obligations, accounting requirements, as well as for interaction with regulators and law enforcement agencies. Databases are reliably protected against leaks and unauthorized access using modern encryption methods (details in section 7 of this Policy).

6. Users' rights related to personal data

Any User may claim their rights provided for by applicable law. The Service guarantees the following rights related to the protection of personal data:

  • the right to access the User's personal data;
  • the right to rectification or modification of the User's personal data;
  • the right to erasure of the User's personal data (subject to the restrictions in section 8 of this Policy);
  • the right to restriction of processing of the User's personal data;
  • the right to data portability;
  • the right not to be subject to automated individual decision-making, including profiling.

7. Security and storage of personal data

The Service takes the legal, technical, and organizational measures it deems necessary to ensure the security of Users' personal data. The Service follows industry standards regarding the protection of personal data, including standard options for Transparent Data Encryption of databases. All data related to Users' personal data is encrypted with the AES 256 algorithm with a crypto period of 1 year. The encryption key is encrypted according to the X.509 standard, with a key length of 2048 bits and a crypto period of 1 year. The private key is shared only among a few Service employees using the Shamir's secret sharing scheme, so that none of the employees have separate access to the data independent of other employees. Access to the information infrastructure is secured in accordance with the PCI DSS standard. The Service has established procedures to respond to any suspicion of a personal data breach and will notify its Users and any applicable regulatory authorities of a breach if the Service is legally obligated to do so.

7.1. Minors

The Cometa Service does not provide its services to persons under the age of majority. The use of the Service by minors is strictly prohibited, including with the consent of parents or guardians. The Service does not collect, use, or process personal data of minors. If the Service becomes aware that the received data belongs to a minor, such data will be immediately deleted, and the provision of services will be terminated.

8. Right to file a complaint and withdraw data

Every User has the right to file a complaint regarding the processing and storage of personal data by the Service with the data protection regulatory body in the User's jurisdiction.

Every User has the right to request the modification of their data, as well as to withdraw the consent to the processing of personal data that the User gave to the Service, and to prevent its further processing if there are no other legal grounds.

Important exception: in accordance with legal requirements, the Service reserves the right to refuse the User the complete erasure of their identification data (KYC) and transaction history until the mandatory 5-year retention period expires. This data is not subject to early deletion, as it is necessary for conducting Due Diligence procedures, complying with AML policies, and providing information upon official requests from law enforcement agencies.

In case of a complaint or claim regarding personal data or the need to withdraw it, please contact us at the email address provided below. To file a complaint, withdraw consent, or make any other changes to personal data, please fill out an application and send it to the email address.

9. Policy on the use of cookies and other access methods

The Service uses cookies, web beacons, and other access methods on its website. "Cookies" are used to adapt the content of websites to user preferences and optimize the use of websites. The Service uses two types of "cookies" — "session" and "persistent". Personal data obtained through "cookies" is encrypted in a way that makes it impossible for unauthorized persons to access it. Restrictions on the use of "cookies" may affect some features available on the site.