HiCo Trading Company (in the following referred to as “HiCo”)
HiCo collects, uses and stores user’s personal data in accordance with the applicable Data Protection Legislation. Personal data means any information relating to an identified or identifiable natural person. Below HiCo informs all website users about the type, extent and purpose of the collection and use of personal data. Terms defined in the Terms and Conditions of HiCo shall have the same meaning here.
Sec. 1 and 2 apply to users who register and subscribe to HiCo’s services, Sec. 3 to 10 of this Privacy
Policy apply to all visitors of HiCo’s website.
1. Collection and Processing of Personal Data when registering to HiCo’s website
On HiCo’s website HiCo offers the possibility to buy a License for The HiCo Bitcoin Trading Terminal, a downloadable software client owned and provided by HiCo according to its Terms and Conditions.
For purchasing the Purchaser needs to register on HiCo’s website. For this purpose, HiCo requests in accordance with Art. 6 para. 1 sent. 1 point b GDPR, the following data:
If the Purchaser is a business user, he also has to provide HiCo with his VAT number.
HiCo needs this data for offering its services and for invoicing. Moreover, the Purchaser may provide HiCo the following data:
- First and last name
If the Purchaser provides HiCo with this data he gives his express consent that HiCo is allowed to process this data for contract purposes. The Purchaser has the right to withdraw his consent at any time by simply deleting this data from his profile. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
2. Collection and Processing of Personal Data with a License
When buying a License the Purchaser needs to choose a payment method. The Purchaser may chose from the following payment methods:
Payment via Paypal and others
If the Purchaser choses to pay with PayPal (PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg) HiCo collects and processes the following data provided by PayPal:
The name, e-mail address, phone number (if applicable), the date of sign-up, the number of payments the Purchaser has received from verified PayPal users, and whether the Purchaser has been verified to have control of a bank account. Moreover, PayPal provides HiCo with the billing address of the Purchaser and with the login status of the Purchaser. If an attempt to pay HiCo fails, or is later invalidated, PayPal may also provide HiCo with details of the unsuccessful payment. However, HiCo is not provided by PayPal with the credit card number, bank account and other financial information of the Purchaser, except with the express permission of the Purchaser or if PayPal is required to do so pursuant to credit card rules, a court order or other legal process.
HiCo processes these data according to Art. 6 para. 1 sent. 1 point b GDPR.
For more information on the use data of data through PayPal, please visit the PayPal website: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=en_DE#5
3. Collection and Processing of Personal Data via Cookies and Logfiles
- In accordance with Art. 6 para. 1 sent. 1 point f GDPR, HiCo’s website uses so-called cookies in order to make available personalized functions and in order to analyze the use of HiCo’s website. A cookie is a small file which stores certain information about a user’s access device (PC, Tablet, Smartphone etc.) on such device. When such device accesses HiCo’s server’s website, the server receives such cookies. The server can evaluate the information stored in the cookie by different methods. Cookies enable e.g. personalized advertisements according to the collected user behavior and collecting statistical data of the use of the website. The Users may accept or disable cookies via their browser settings. However, if a user disable cookies he or she may potentially not be able to use all interactive functions of HiCo’s website. For more information about the processing of personal data via cookies see the section 4 Google Analytics.
Moreover, in accordance with Art. 6 para. 1 sent. 1 point f GDPR, every single web page uses log files, i.e. for every page impression, the access data are saved to the server log. The saved data record contains the following details:
- The date, the time, the file accessed, the status, the request that user’s browser sent to the server, the amount of data transmitted and the webpage from which the user accessed the requested page (referrer) as well as
- The product and version information of the browser used, user’s operating system and user’s country of origin.
- HiCo uses the log data only in anonymized form (i.e. without any allocation to or indications about user’s person) for statistical analyses, e.g. to find out on which days and at what times the offers of HiCo’s webpages are most popular and how much data volume is generated on HiCo’s webpages. Moreover, the log files enable HiCo to detect possible errors, e.g. faulty links or software bugs. Thus, HiCo can use the log files for the further development of HiCo’s webpages. HiCo never associates the use and page impressions that are stored in the server log with individual persons. HiCo reserves the right to use data from log files if certain facts give rise to the suspicion that users use HiCo’s websites and/or services in an unlawful or non contractual way.
4. Google Analytics and Yandex Metrika
In accordance with the Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 transfers from a controller or processor in the European Union to organisations in the U.S. that have self-certified their adherence to the EU-U.S. Privacy Shield Framework Principles with the Department of Commerce and have committed to comply with them are allowed. Google has self-certified its adherence to the EU-U.S. Privacy Shield Framework Principles and has committed to comply with them.
In case of activation of the IP anonymization on this website, Google will shorten the IP address beforehand for Member States of the European Union as well as for other parties to the Agreement on the European Economic Area. Only in exceptional cases, the full IP address is sent to and shortened by Google servers in the USA. The IP anonymization is active on this website. On behalf of HiCo Google will use this information for the purpose of evaluating user’s use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website provider.
5. Collection and Processing of Personal Data when using HiCo’s Contact Form
If a user provides HiCo personal data by using HiCo’s contact form he expressly gives his consent that HiCo may store and use this data for the processing of user’s query. He has the right to withdraw his consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Please see also further information on User’s rights in Sec. 8 and about the Period of Data Storage in Sec. 9.
6. Collection and Processing of Personal Data of Newsletter Recipients
If you register for HiCo’s Newsletter, HiCo collects, stores and uses the data asked for in the registration form only for the purpose of sending you the newsletter. Moreover, HiCo stores your IP address in order to be able to prove your consent. With the Newsletter HiCo informs you about the products and services offered by HiCo. By subscribing to HiCo’s newsletter only your email address provided at the registration is being transferred to, and stored at, the MailChimp server in the United States of America. MailChimp is a service offered by The Rocket Science Group LLC with legal seat in the U.S. In accordance with the Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 transfers from a controller or processor in the European Union to organisations in the U.S. that have self-certified their adherence to the EU-U.S. Privacy Shield Framework Principles with the Department of Commerce and have committed to comply with them are allowed. The Rocket Science Group LLC has self-certified its adherence to the EU-U.S. Privacy Shield Framework Principles and has committed to comply with them.
After registration, you receive an email to confirm your membership in the email list. On behalf of HiCo MailChimp stores and uses your email address for sending of the newsletter only. MailChimp will not transfer your email address.
In HiCo’s newsletter MailChimp includes single pixel gifs, also called web beacons. Web beacons allow MailChimp to collect information about when you open the email, your IP address, your browser or email client type, and other similar details. MailChimp uses the data from those Web Beacons to create reports about how HiCo’s email campaign performed and what actions you took. MailChimp provides HiCo with these reports.
At the bottom of each email newsletter you will find a hyperlink via which you may unsubscribe from the newsletter at any time.
When you unsubscribe from the Newsletter, the personal data which have been retained to make available the newsletter to you will be deleted, provided such deletion does not contradict to a statutory data retention requirement.
If you do not confirm your registration for the Newsletter, HiCo deletes the respective data after 24 hours from your receipt of the confirmation mail.
7. The recipients or categories of recipients of the personal data
8. Your Rights
The data subject may according to Articles 15 through 18 GDPR request from HiCo access to and rectification or erasure of personal data or restriction of processing concerning the data subject. Moreover the data subject has, subject to Art. 20 GDPR, the right to receive the personal data concerning him or her, which he or she has provided to HiCo, in a structured, commonly used and machine-readable format, and the right to transmit those data to another controller without hindrance from HiCo. According to Art. 21 para. 1 GDPR, the data subject shall also have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Art. 6 para. 1 sent. 1 GDPR. HiCo shall comply with the aforementioned requests if and to the extent such compliance is required by the applicable statutory laws.
Each data subject has the right to lodge a complaint with a supervisory authority of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the GDPR.
Where personal data are processed for direct marketing purposes, according to Art. 21 para. 2 GDPR, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
9. Period of Data Storage
HiCo processes and stores personal data only for the period, which is required to meet the purpose of processing, or as long and to the extent as statutory laws require HiCo to process and/or store such data.
If the purpose of processing does not apply anymore and the applicable statutory retention requirement expires, HiCo will as a matter of routine erase data or restrict the processing of data in accordance with the applicable statutory laws.