Privacy Policy

Privacy and Cookies Policy

 

Welcome to ecx.bg

Website on domain www.ecx.bg is owned by Dis-Trading ltd., UIC 130327432, digital currency exchange and custody service provider with registry number of NRA ВВ-83/28.06.2022.

We at ecx.bg value the privacy of your data highly. This privacy and cookies policy (“Policy”) contains information about the purposes and ways of using your personal data in connection with the provision of our services (“Services”) on the platform www.ecx.bg (ecx.bg“, “Platform“). You can get more information about us and our Services on our website at  www.ecx.bg (“Website”, “Site”).

Read this policy carefully to find out how we collect, use, protect and process your personal data in accordance with applicable legislation, including the Bulgarian Data Protection Act (“BDPA”),  the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and our AML/KYC policy on anti-money laundering and terrorist financing measures.

Acceptance and agreement with this policy is a mandatory condition for the use of the services of Dis-Trading Ltd., offered to clients through the site ecx.bg if you do not agree with our policy, you should not use the website and its services.

 

1. Definitions

"Personal data” – any type of information that is related to an identified person or an identifiable person.

"Cookies” – small files that a site or service provider stores in the memory of your device through the browser you use (if you allow this).

”Personal data controller” – a natural or legal person, public authority, agency or other body, which alone or jointly with others determines the purposes and means of the processing of personal data.

”Processor of personal data” – a natural or legal person who, on the basis of a contract, processes personal data provided by the Administrator for the agreed purposes.

 

2. Administrator

Personal data controller ecx.bg is "Dis-Trading" ltd., entered in the commercial register at the Registry Agency with UIC 130327432, with headquarters and address of Management: city Sofia, Blvd. "Prince Alexander Dondukov" 66  („Administrator“, „We“).

 

3. What information do we collect and for what purposes?

On our site, we collect the information submitted by you by filling in contact forms and form(s) on the site, by creating a user profile, during the execution of transactions or when you otherwise use the services of the website.

The table below lists the categories of personal data we collect, for what purposes we collect them, on what legal basis we process them, as well as the period for which we store them:

 

Purpose

Personal data

Legal basis

Storage period

Create a user profile with an email address

  • Name and surname;

  • email address;

  • Phone number;

  • Visual identification by photo, video.

Fulfillment of a contractual obligation we have to you.

At your request before signing a contract.

Until you withdraw your consent by making a request for deletion of your personal data.

Processing and execution of transactions and sending relevant documentation

  • Name and surname;

  • Email address;

  • Phone number.

  • Information about transactions and their history.

Fulfillment of a contractual obligation we have to you.

To protect our legitimate interests: to prevent fraud and violations.

Until you withdraw your consent by requesting the deletion of your personal data.

Our legal obligations.

 

Identification and verification of the identity of the client and the beneficial owner of the legal entity
  • Name and surname;

  • Date of birth;

  • Physical address;

  • Email address;

  • Phone number;

  • Identity document;

  • Information from other sources (credit history, related party data, etc.);

  • Visual identification by photo, video;

To comply with legal obligations under the Know Your Customer (KYC) procedure and beneficial owner identification and compliance with relevant AML/CFT laws and procedures in relation to the fight against money laundering and terrorist financing.

 

No longer than is necessary to achieve the purposes for which the data were collected. The administrator has a legal obligation to maintain an archive and store the data for a period of 5 years.

.

Contact you and respond to your inquiries
  • Name and surname;

  • Email address;

  • Phone number.

To fulfill contractual obligations to you.

To protect our legitimate interest: improving our services and customer service.

No longer than is necessary to achieve the purposes for which the data were collected.

Personalizing your user experience, providing content, suggestions and offers that you may be interested in and improving the quality of our Services

 

  • Name and surname;

  • email address;

  • IP address;

  • Geolocation;

  • Traffic data;

  • Cookie data.

Your consent.

For our legitimate interest: improving the quality of our services.

Personal data collected through cookies and similar technologies will be processed until your cookie preferences change.

 

Marketing purposes - sending periodic notifications and newsletters about other products and services offered by us and our partners
  • Name and surname;

  • Email address;

  • Phone.

 

Your consent.

For our legitimate interest: improving the quality of our services.

The personal data necessary to send a communication will be processed until you withdraw your consent to receive such communication..

Maintaining a community of followers on social media and providing our followers with access to special posts, publications and content on our social media accounts (e.g. Facebook, Instagram, Youtube)

  • Name and surname;

  • email address;

  • Phone number;

  • Username/nickname and other data from your social media profiles.

Your consent.

Personal data will be processed until you stop following us on social media.

 

4. How do we use the collected information?

Information collected from and about users we may use in one of the following ways:

 

5. Do we use cookies?

Our website uses cookies. Cookies do not usually contain information that personally identifies a user, but the personal data we hold about you may be related to the information stored in and received from cookies. Our website uses the following types of cookies:

You can change your cookie preferences at any time by changing your browser options. To block cookies in a particular browser, learn more here:

Refusal of cookies may result in restriction of functionality or inability to use the services on our website.


6. Do we disclose your data to third parties?

We do not sell your personal data, do not exchange it, nor in any other way disclose it to third parties except in the above cases.

User information may be provided to the law enforcement and control authorities, for example sans, CCCCIAP, NRA, CPP, but not only if requested in due order and when it is necessary to comply with the laws, the rules of the site or to protect the rights, property or safety of the administrator, users and/or third parties.

We may transfer your personal data to our partners, third parties and service providers based in other countries. We outsource certain functions on our behalf to third parties, including, but not limited to, algorithmic AML/KYC procedures, data analysis, valet address and transaction verification, marketing and advertising services, payment processing, credit risk assessment, and others. These third-party service providers have access only to personal data necessary to perform their services and may not use it for other purposes. They are obliged to process personal data in accordance with applicable data protection laws. In such cases, we put in place appropriate technical, organisational and contractual safeguards to ensure that such transfer takes place in accordance with applicable data protection rules or where the country to which the personal information is transferred has already been determined by the European Commission to provide an adequate level of protection.

Any collected information that is not personal data or does not contain classified information may be made available to third parties for marketing, advertising or other purposes.


7. Compliance with the General Data Protection Regulation (GDPR). Protection measures

The administrator complies with the requirements of the PDPA and GDPR regarding the collection, use and protection of personal data. The controller shall take all possible technical and organizational measures recognized by applicable data protection law to protect all data it may store and/or process. Personal data are processed by the administrator in accordance with the applicable Bulgarian legislation.

 

7.1. How we protect your personal data:

Your personal information collected through the use of the services on the site is stored and processed on the territory of the Republic of Bulgaria or in another country operating in the EU and the European Economic Area (EEA).

We do not transfer the collected personal information to a country or jurisdiction that does not have the same high data protection requirements applicable to the laws of the Republic of Bulgaria or European legislation.
In the case of transfers of personal data outside the EU, we guarantee a high level of data protection through contractual clauses or other instruments recognised by the applicable law. .

We implement appropriate technical and organizational measures to protect your personal data (including but not limited to encryption) from accidental loss and unauthorized access, use, alteration or disclosure. Procedures have been put in place to protect information from loss, misuse and unlawful disclosure. Although we work hard to protect your personal data, we cannot guarantee that our actions will prevent any unauthorized attempt to access, use or disclose personal data. However, if you believe that there is a threat to the security of your personal data, please contact us immediately via the contact details set out in this policy..

When you become aware of unauthorized access or use of your user profile on the website, you must immediately notify us via the contact details specified in p.12.

 

We implement additional information security measures, including access control, strict physical protection and reliable information collection, storage and processing practices. The processing of personal data is ensured by modern technical means such as SSL technology.  

If you wish to access or change personal information we hold about you, or to request deletion of data, you can contact us at any time via the contact details in art. 12 of this policy. Users can update or edit the information in their profile. When updating personal information, it may be necessary to re-verify the identity in cases where a request has been sent to us. You may delete (erase) your account on the platform at your sole discretion, at any time after finalizing an open transaction or finalizing another service on the platform.

Users can request the deletion of data by the administrator. In cases where users have any obligations related to their current transactions on the site and/or other obligations related to the respective services, the administrator will delete the personal data only after full fulfillment of the respective obligations. In such cases, we will store the data within the deadlines specified in p.7.2.

Although changes you make are reflected immediately in active user databases or within a reasonable period of time, we may retain all information you provide to prevent fraud, abuse or our other legal obligations or when we believe that we have a good reason for this.

 

7.2. How do we store your personal data?

We only store the personal data provided by the user while the account is active, or otherwise we store it for a limited period of time as long as we need it to fulfill the purposes for which it was originally collected, unless otherwise provided by law. We will retain and use the information that is necessary to comply with our legal obligations, resolve disputes and enforce our agreements, some of which are: (a) payment information is retained for 10 years in accordance with accounting and tax laws.; (b) information on legal transactions shall be retained for 10 years in accordance with the general limitation period set for civil claims.

 

8. Supervisory Authority

The Supervisory Authority for personal data protection in Bulgaria is the commission for personal data protection (CPDP) with address: Sofia, P.K. 1592, Blvd. "Prof. Tsvetan Lazarov” apostille 2, and with phone for users: 02/91-53-555. More information on the protection of personal data can be found on the CPDP page – with a web address (URL) www.cpdp.bg.

 

9. Changes to the Privacy Policy

Changes to the privacy policy of personal data are published on the website with the date of last update reflected in them, as well as through communication with users when required by law. If you do not agree to the changes, you should stop using the site and services.

 

10. Your rights

Under the applicable law, you have the legally recognized right to object at any time to the processing of your personal data by sending an explicit request through the website or to the following email address: office@ecx.bg.

You have the right to access the personal data we hold about you, in a structured, widely used and machine-readable format, by sending an explicit request or to the following email address: office@ecx.bg.

You have the right to request the transfer of your personal data to another controller by sending an explicit request or following email address: office@ecx.bg.

In the event that some of the information we hold about you is incorrect or inaccurate, you have the right to correct the information contained in your profile by sending an explicit request or to the following email address: office@ecx.bg.

You have the right to request the deletion of your personal data by sending an explicit request or to the following email address: office@ecx.bg. This does not apply to those personal data that we are required to keep by law.

You also have the right to request restriction of the processing of your personal data in respect of individual collection, processing and sharing actions by sending an explicit request or to the following email address: office@ecx.bg.

You have the right to require third parties who have access to your data to be notified of the restrictions, deletion or prohibition of processing of your data in order to delete by these third parties all links and copies of your personal data.

We will respond to your request or inform you in writing of the actions taken in connection with the request within the statutory period of two months from receipt of the request. The time limit may be extended by another month when this is necessary due to the complexity or number of requests, of which you will be duly notified.

11. Minimum age

We do not collect or process personal data provided by persons under the age of 18. If a user has circumvented this prohibition, the administrator will delete all information provided by a minor upon learning of this circumstance.

 

12. Contact us

If you have any questions about this privacy and cookies policy, you can contact us at an email address.: office@ecx.bg.

Effective from 15.Dec.2023.

 

©  ”Dis-Trading” ltd. 2023  | All rights reserved

 

Buy | Sell Crypto

Euro Crypto Exchange - access to the crypto market through bank and cash

 

office@ecx.bg

+359 889753399

Sofia, „Knyaz Alexander Dondukov " 66