C-Patex Privacy Notice

Last Updated: 14.12.2024
  • 1. Why Do You Need this Privacy Notice?
  • 2. Where Can You Find the Definitions?
  • 3. Who Are We and How to Reach Us?
  • 4. What Personal Data Do We Collect?
  • 5. How Do We Use Personal Data?
  • 6. How Long Do We Process Your Data?
  • 7. How Do We Share Your Data?
  • 8. Do We Transfer Your Personal Data to Third Countries?
  • 9. What Are the Features of Blockchain Data Processing?
  • 10. Are You Subject to Automated Decision-Making?
  • 11. What About Interacting with Third-Party Links?
  • 12. What About Securing Your Personal Data?
  • 13. What Data Subject Rights Do You Have?
  • 14. Do We Process Children’s Personal Data?
  • 15. Can We Modify and Update this Privacy Notice?

1. Why Do You Need this Privacy Notice?

We encourage you to carefully read this Privacy Notice as it provides you with information about your personal data being processed in connection with your access to and use of the Services. In this Privacy Notice, personal data and personal information are used as synonyms and mean any information that directly or indirectly identifies you as an individual. In this Privacy Notice we explain which types of personal data we hold on you, how we collect and process such data, how long we keep it, and so on.

2. Where Can You Find the Definitions?

Unless otherwise provided in this Privacy Notice, capitalized terms used in this Privacy Notice have the meaning determined in the C-Patex Terms of Service (the Terms). We encourage you to read the Terms carefully as they affect your obligations and legal rights.

3. Who Are We and How to Reach Us?

When we say we, us, or our, we mean C-PATEX ATIVOS DIGITAIS S.A., a company, established under the laws of Brazil, having registered address at Av. Pres Juscelino Kubitschek 1455, Sala 42, Vila Nova Conceicao, 04543-011 São Paulo/Sp, Brazil.

We process your personal data in accordance with this Privacy Notice and we endeavor to comply with the applicable data protection legislation.

If you have any questions regarding this Privacy Notice or the processing of your personal data, do not hesitate to contact us via the following contact details:

Email:legal@c-patex.com

4. What Personal Data Do We Collect?

The categories of personal data we collect depend on how you interact with us, use the Services, and the requirements of the applicable laws. We collect and process the following types of personal data as outlined below. Please note that we may also collect certain other information, which may be required under the applicable laws.

 Category of Data  Examples Description or Comments 
 Account Data  email address  -
   password  
   internal ID  When a User Account is created, a unique internal ID, which essentially is a random identification number, will be automatically assigned to each such User Account. The internal ID is technically necessary to operate the Services and used for internal purposes to count the Users. Without any other pieces of data, the internal ID does not identify you as an individual.
 Verification Data  first name, last name, and middle name  -
   gender  
   date of birth  
   email  
   phone number  
   facial image data and biometrical data  This includes photos of your face (including selfie images) and photos or scans of the face on the identification document, videos, and sound recordings, as well as facial features.
   ID document information  This may include your passport, ID card, or driver license and associated information.
  address information This includes information about the country of residence, city, ZIP code, name of the street, building and/or apartment number.
 Payment Data Addresses “Address” means a public address used to track the ownership of Digital Assets on the respective blockchain network. It constitutes a random set of symbols assigned by us to enable you to carry out certain Transactions.
  account details, such as account number, beneficiary name, etc.

When you make a Deposit or Withdrawal to or from your User Account, we collect such data, Wallet address, and other payment information associated with such Deposit or Withdrawal.

Please note that account and card details are processed by the respective payment processors and/or payment service providers, which are separate data controllers with respect to such data. We neither process this data nor manage, control, or affiliate with such payment processors and/or payment service providers.

  card details, such as: card number, name of the holder, security code (also known as CVV or Card Verification Value code), expiry date, etc.  
   Wallet address  This means a public address on the respective blockchain associated with the relevant Wallet. It constitutes a random set of symbols assigned by the respective blockchain network.
  Transaction amount -
  Addresses, account or card details of sender and recipient  
  the type of Funds used in the respective Transaction  
  Transaction time and date  
  Transaction status  
  Transaction ID  
 Application Data  email address  -
   contact details  This includes your Telegram or WhatsApp contacts.
   any other data requested by us or data that you choose to provide us with  Please do not provide personal data unless it is reasonably necessary or requested by us.
 Technical Data  internet protocol (IP) address  This means a unique address of a device, which allows us to identify your approximate location (country, city, region, ZIP code). For better understanding, IP addresses are expressed as a set of numbers, for instance: 194.150.2.33.
   browser details  This includes information about the browser type and its version.
   device details  This includes information about the type of device (e.g., computer, tablet, or smartphone) and its model.
   operating system  This means the information about the type and version of the operating system on your device (e.g., Windows 10, macOS version 12.4, etc.).
 Analytical, Statistical, and Marketing Data  

Information collected by Google Products (Google Analytics and Google Tag Manager), which includes:

(a) IP address;

(b) the type of device used;

(c) the device operating system; and

(d) the browser used.

When you access and use the Services, certain data may be collected automatically via solutions provided by Google. More information regarding Google solutions is available here. The information is gathered by placing cookies. Cookies are a feature of the software that allows web servers to recognise the device used to access the Services. A cookie is a small text file that the Platform saves on your device when you visit thereof. They allow the Platform to remember your device, actions and preferences over a period of time.


In addition to the above, by using the Google tools, we collect certain information regarding the use of the Services, for instance, when you clicked a certain button or made some input. This information is also aggregated and we cannot identify your actions from the actions of other Users.


You can learn more about how Google processes personal data in Google’s privacy policy.


With respect to the personal data collected via Google solutions, Google acts as our data processor. However, Google may use this personal data for any of its own purposes, such as profiling and cross-platform tracking. In this case, Google acts as an independent data controller. You can learn more about Google tools here. 
   Meta Pixel  

When you access and use the Services, certain data may be collected automatically via solutions provided by Meta. More information regarding Meta solutions is available here


The Meta Pixel is a cookie that is placed on your device. Cookies are a feature of the software that allows web servers to recognise the device used to access the Services. A cookie is a small text file that the Platform saves on your device when you visit thereof. They allow the Platform to remember your device, actions and preferences over a period of time.


Your browser automatically establishes a direct connection with the Meta server as soon as you have agreed to the use of the Meta Pixel cookies. Through the integration of the Meta Pixel, Meta receives the information that you used our Services or clicked on an advertisement from us. If you are registered with any of Meta products, Meta can assign the visit to your respective account.


Meta processes the data received from the Meta Pixel tool in accordance with their Meta Privacy Policy. Additional information regarding the Meta Pixel may be found in the Meta Pixel Help Center.
 Referral Data  referral ID  

When you participate in our referral program, we generate a referral link and automatically assign to you a referral ID,  which essentially is a unique identification number, used for internal purposes to identify you as a User, who shares a referral link and invites others to use the Services. It constitutes a set of random letters and numbers, such as 0180a6ac-1b67-4838-b80d-396670eb77e1.

Invited users are also assigned with a unique internal identification number to identify referred users.

 Contact Data  full name  -
   contact details This may include your email address or social media contacts, such as Telegram, WhatsApp, etc.
   any other data requested by us or data that you choose to provide us with Please do not provide personal data unless it is reasonably necessary or requested by us. 
 Subscription Data  email address  -

5. How Do We Use Personal Data?

Category of Data Description Lawful Basis for Processing
Account Data To create and register a User Account in order to access and use certain Services. To take steps at your request prior to entering into a contract, and, further, to perform a contract with you.
    If you act on behalf of a legal entity 一 our legitimate interest to ensure the access and use of the Services by the legal entity you represent.
Verification Data To identify you as an individual and verify your identity. Our legitimate interest to prevent money laundering, financing of terrorism, or other illegal activities in relation to the Services, and to comply with the applicable sanctions, administered or enforced by any country, government or international authority, including the EU, OFAC, United Nations Security Council, but not limited to the above.
  To enable you to use certain functionality of the Services, such as Withdrawal.  
Payment Data To carry out certain Transactions, arising out and in connection with your use of the Services. To perform a contract with you.
    Our legal obligation to keep and retain the financial records to comply with the applicable laws.
    Our legitimate interest as well as the interests of other Users to prevent and detect fraud and abuse, and protect the security of our Users.
Application Data To enable you to apply for the listing on the Exchange. Our legitimate interest to ensure the access and use of the Services by a project you represent.
Technical Data To ensure the operation of the Services. To perform a contract with you.
  To ensure the security of your User Account, for instance by identifying suspicious activities.  
  To provide a better user experience by improving functionality, usability, user flow and interface of the Services. Our legitimate interest to ensure the security of your User Account, improve the Services functionality and user experience, detect fraud and respond to requests from authorities.
Analytical, Statistical, and Marketing Data Google Products: After collecting the personal data, Google creates reports about the use of the Services, which contain the aggregated information where we do not see any data pertaining to a particular person. In other words, we cannot identify you from the other users. We use the reports to collect statistics with respect to the use of the Services and to improve the Services (user flow, interface, etc). Your consent.
 

Meta Pixel: We use the Meta Pixel for the following purposes:


(a) Meta Custom Audiences. We use the Meta Pixel for the remarketing purposes to be able to contact you again within 180 days. This allows us to display interest-based advertisements (Meta Ads) to the Platform visitors when they visit Meta products or other third-party websites also using the Meta Pixel tool. In this way, we pursue the interest in displaying advertisements that are of your interest in order to promote us and make the Platform or its content more interesting for you.


(b) Meta conversion. We also use the Meta Pixel to ensure that our Meta Ads match the potential interest of users and are not irritating. With the Meta Pixel, we can track the effectiveness of the Meta Ads. This is necessary for statistical and market research purposes by seeing whether users were redirected to the Platform after clicking on the Meta Ads.
Your consent. 
Referral Data

To enable you to participate in our referral program.

To perform a contract with you.
 

To count you as a User, who shares a referral link and invites others to use the Services.

 
 

To accrue the relevant referral remuneration to you, if any.

 
   To count the invited user.  Our legitimate interest to ensure the participation in our referral program by the respective User, who invited you to use the Services.
 Contact Data  To respond to your inquiry.  Our legitimate interest to respond to your inquiry and to respond to requests from government authorities.
Subscription Data To provide you with marketing and newsletter emails concerning the Services, our projects, as well as general updates.

Your consent. This notwithstanding, we may provide current Users, that are not subscribers, with marketing and newsletter emails due to our legitimate interest to notify them about updates, available functionality, and/or opportunities regarding the Services as well as to enable the Users to take advantage of them.

You may revoke your consent and/or unsubscribe from receiving marketing and newsletter emails from us at any time by (i) contacting us; or (ii) clicking the unsubscribe button available at the bottom of each marketing and newsletter email.

In such a case, we will delete your email address from the respective marketing database.

Please note that administrative or service-related communications (security alerts, email verifications, maintenance notifications, etc.) are not considered marketing and such communications may not offer an option to unsubscribe.

6. How Long Do We Process Your Data?

As a general rule, we keep personal data as long as it is necessary for the purposes it was collected. We may process certain personal data longer than outlined below, if it is necessary:

  1. to meet our legal obligations under the applicable law;
  2. in relation to anticipated or pending legal proceedings; or
  3. to protect our rights and legitimate interests or those of third parties.

Category of Data Storage Period Rationale
Account Data As long as you keep your User Account with the Exchange. We process your Account Data as long as it is necessary for the operation of your User Account.
Verification Data As long as you keep your User Account and for seven (7) years after its termination, regardless of reason. We set this retention period due to the retention period for Verification Data established under our policies and procedures and the law of our jurisdiction.
Payment Data

As long as you keep your User Account and for seven (7) years after the completion of the respective Transaction. 

Please note that due to the nature of a blockchain, the Addresses, Wallet addresses and Payment Data associated therewith may be stored permanently on the applicable blockchain (not by us).

We set this retention period due to the retention period for Payment Data established under our policies and procedures and the law of our jurisdiction. 
 Application Data  If we approve your application and enter into a contractual relationship with the entity you represent during our engagement and for seven (7) years after its termination.  We need this data to perform an engagement with you and to comply with our policies and procedures and the applicable law.
   If we reject your application or you refuse our engagement, we will erase the data following one (1) after the last contact.  
Technical Data The Technical Data is stored during your active session with the Platform. We store the IP address for one (1) year after it was collected. We need such data for the purposes outlined by us earlier.
Analytical, Statistical, and Marketing Data Data collected by Google: Up to 2 years. You may find specific timelines here. We need such data for the purposes outlined by us earlier.
  Data collected by Meta: Up to 180 days after last interaction with the Meta Pixel.  
Referral Data Until User Accounts of inviting and invited persons are terminated. We need such data only as long as an inviting or invited user has a User Account.
Contact Data As long as you keep your User Account and for seven (7) years after its termination. We set this retention period due to our policies and procedures, and the law of our jurisdiction.
Subscription Data As long as you remain a subscriber. We process such data only until you opt out from receiving our marketing and newsletter emails.
     

7. How Do We Share Your Data?

General. We do not sell or rent out your data. However, we may share your personal data in accordance with this Privacy Notice, applicable legislation, or with your consent, in each case for the purposes of and if it is reasonably necessary:

  1. to provide you with access to the Services and performance of our undertakings with you;
  2. for compliance with the applicable laws and regulations; or
  3. for our legitimate interest to maintain, improve and develop the Services, detect fraud or breach of law.

Please note that if we share any portion of your personal data with third persons, we will endeavor to secure such transfer using appropriate legal, organizational, and technical measures.

Recipients. Given the purposes outlined above, your personal information is shared with the following categories of recipients:

  1. Affiliates;
  2. support and technical teams;
  3. verification service providers;
  4. email delivery service providers;
  5. hosting service providers;
  6. payment processors and payment service providers;
  7. government authorities, upon their request or if necessary to comply with our legal obligations;
  8. another entity if we sell or otherwise transfer the Services or their part; and
  9. other third-party solutions, which may be from time to time integrated in relation to the Services.

8. Do We Transfer Your Personal Data to Third Countries?

Sometimes we may transfer your personal data to countries that may not offer the same level of data protection as the laws of your country. In this case, we will endeavor to put in place suitable safeguards and take reasonable steps to ensure that your privacy rights continue to be protected as outlined in this Privacy Notice and provided for in the applicable legislation. This paragraph does not apply to the transfer of the data on or through a blockchain, since such data is publicly available. Please consider the “What Are the Features of Blockchain Data Processing?” section of this Privacy Notice below.

9. What Are the Features of Blockchain Data Processing?

Please note that Addresses, Wallet addresses, and information about Transactions associated therewith interact with public decentralized blockchain infrastructures and blockchain-based software, including smart-contracts, that work autonomously. When we say that a blockchain is decentralized we mean that there is no single person, including us, who controls the blockchain or stores data available thereon, and when we say “public” we mean that the access is available for anyone and cannot be restricted. The data entered in a public decentralized blockchain is distributed via the nodes that simultaneously store all records entered into the blockchain.

By design, blockchain records cannot be changed or deleted and are said to be “immutable”. Please be aware that any Transaction within a blockchain is irreversible and information entered into a blockchain cannot be deleted or changed. Therefore, your ability to exercise certain data protection rights or abilities may be limited.

In addition, due to the blockchain’s nature, the information that was entered in a blockchain will be publicly available and we will neither control such information nor manage access to it. Once you start carrying out Transactions, certain data, which may be considered personal, will become publicly available on a blockchain. The ultimate decision whether to transact on a blockchain or carry out any Transactions rests with you.

10. Are You Subject to Automated Decision-Making?

Automated decision-making is the process of making a decision by automated means without any human influence on the outcomes. It is mandatory for you to provide the Verification Data in order to be eligible and authorized to access and use certain functionality of the Services. When you provide us with your Verification Data, the verification systems will process it automatically and report to us whether you are eligible to use certain functionality of the Services. If the verification systems notify us that you are not eligible to use certain functionality of the Services, you will be automatically refused from using the respective Services functionality.

In addition, we may also automatically block Users based on their geographical location. This is necessary to restrict access to the Services for the Users from prohibited jurisdictions (meaning the jurisdictions in which the use of the Services or its functionality is prohibited by applicable laws or regulations, the Terms, or our rules and policies).

If you do not agree with the outcomes of automatic decisions, you may: (a) request us to manually review the respective information and provide you with the outcomes of the review and/or (b) express your point of view and provide additional information or documents in order to contest the decision.

11. What About Interacting with Third-Party Links?

The Platform may include links and social media plugins to third-party websites and applications. Clicking on those links or enabling those connections may allow third parties to collect or share certain data about you. We do not control these third-party websites and applications, and are not responsible for their privacy statements. When you leave the Platform, we encourage you to read the privacy policy/notice/statement of every website or application you visit.

12. What About Securing Your Personal Data?

We strive to do our best to keep your personal data secure. We always review and update appropriate technical and organizational measures to (i) keep your personal data secure in accordance with the applicable legislation, our internal policies and procedures regarding the storage of, access to, and disclosure of personal data; and (ii) protect you against unauthorized or unlawful processing of personal data and accidental loss or destruction of, or damage to them. We endeavor to implement and maintain technical and organizational measures, which are appropriate to the harm that might result from the unauthorized or unlawful processing or accidental loss, destruction, or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures. Your personal information may undergo anonymisation, pseudonymisation, and/or encryption to ensure safe transfer and/or processing.

13. What Data Subject Rights Do You Have?

General. According to the applicable legislation, you may have the rights outlined below. In order to exercise your rights as a data subject, we may request certain information from you to verify your identity and confirm that you have the right to exercise such rights.

Blockchain Data Processing. Please note that when you interact with a blockchain, we may not be able to exercise certain rights that you may have pursuant to the applicable legislation with respect to the Addresses, Wallet addresses and information about Transactions associated therewith. For instance, we may not be able to ensure that such personal data is deleted, corrected, or restricted. You may learn more above in the “What Are the Features of Blockchain Data Processing?” section of this Privacy Notice.

How to Exercise Your Rights. To exercise your rights as outlined in this Section, you must contact us at legal@c-patex.com Please note that requests sent to other contact details may not be processed.

Data Subject Rights. According to the applicable legislation, you may have the following rights:

Rights Description
Right to access your personal data This enables you to ask us whether we process your personal data. If we process your data, you may request certain information about the processing activity and/or a copy of the personal data we hold about you, and check that we are lawfully processing it.
Right to rectification of the personal data This enables you to have any incomplete or inaccurate data we hold about you completed or rectified, though we may need to verify the accuracy of the new data you provide to us.
Right to erasure of your personal data (commonly known as a “right to be forgotten”)

This enables you to ask us to delete or remove personal data where there is no good reason for us to continue processing it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. 

Note, however, that we may not always be able to comply with your request of erasure for specific legal or technical reasons which will be notified to you, if applicable, at the time of your request.

 Right to object to processing of your personal data This enables you to object to processing of your personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. 
Right to restrict the processing of your personal data This enables you to ask us to suspend the processing of your personal data in the following scenarios: (i) if you want us to establish the data’s accuracy, (ii) where our use of the data is unlawful but you do not want us to erase it, (iii) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims, (iv) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data (commonly known as a “right to the data portability”) We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you
Right to withdraw consent You may withdraw your consent at any time where we are relying on consent to process your personal data.
Right not to be subject to automated decision-making If and to the extent applicable, you reserve the right not to be subject to a decision based solely on automated processing of data, including profiling, which produces legal effects concerning you or similarly significantly affecting you.
Right to file a complaint You may file a complaint with a relevant supervisory authority in case we violate your rights or obligations imposed on us under the applicable legislation. The relevant supervisory authority will particularly depend on where you are located.

14. Do We Process Children’s Personal Data?

The Services are not intended for the use of children (under 18 years old or older, if the country of your residence determines a higher age restriction). We do not knowingly market to, solicit, process, collect, or use personal data of children.

If we become aware that a child has provided us with personal information, we will use commercially reasonable efforts to delete such information from our database. If you are the parent or legal guardian of a child and believe that we have collected personal information from your child, please contact us.

15. Can We Modify and Update this Privacy Notice?

We keep our Privacy Notice under regular review and we may update it at any time. If we make any changes to this document, we will change the “Last Updated” date above. Please review this Privacy Notice regularly to check for the updates. If we make substantial changes to the way we treat your personal information, we will either (i) display a notice on the Platform, or (ii) notify you by email prior to the change becoming effective.