PRIVACY POLICY OF THE CO2IN, A.S.

  1. 1.INTRODUCTORY PROVISIONS
    1. 1.1The Policy shall apply to the processing of the personal data in connection with the use of the Mobile Application, Services, E-Shop and Website.
    2. 1.2By downloading, browsing and using the Mobile Application or accessing the Mobile Application, our Services or browsing the Website, you acknowledge that you have read the Policy and are, thus, familiar with its content.
    3. 1.3The Policy specifies the rights and obligations governing the relationship between us, The CO2IN, as the operator of the Mobile Application, provider of the Services, operator of the Website and personal data controller, and you, as the Client.
  2. 2.DEFINITION
    1. In this Policy, the following capitalized terms shall have the following meanings unless the context dictates otherwise:
    1. 2.1Terms such as “The CO2IN” or the “Company” and “we”, “us” and “our” refer to The CO2IN, a.s., with its registered office at Pobřežní 620/3, Prague, 186 00, Czech Republic, Company ID no. 094 50 050, established and operating under the laws of the Czech Republic.

      Account” refers to the account created in the Mobile Application during Registration.

      Allowance” means another asset value corresponding to the right to emit into the atmosphere the equivalent of one tonne of carbon dioxide within the meaning of the Allowances Trading Act.

      Allowances Trading Act” means Act No. 383/2012 Coll., On the Conditions for Trading in Greenhouse Gas Emission Allowances, as amended.

      Client” means a user of the Mobile Application, Services, E-Shop and/or Website.

      E-Shop” means the electronic shop operated by the Company at eshop.co2in.cz.

      Framework Agreement” means the Framework Agreement for the provision of Token-related services used to provide the CO2IN Services.

      GDPR” refers to Regulation (EU) 2016/679 of April 27th 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data and repealing Directive 95/46/EC.

      GTC” means the current version of the General Terms and Conditions for the CO2IN Services issued by the Company.

      Liquidation of the Allowance” means the decommissioning of the Allowance, whereby the decommissioning of the Allowance may indirectly reduce CO2 emissions into the atmosphere.

      Mobile Application” means the Mobile Application used for, among other things, (i) Token Transfer; (ii) the Company allows Clients to liquidate the Allowance; and (iii) the Company may conduct all electronic communication (remote communication) with Clients.

      Policy” means this Privacy Policy available at co2in.com.

      Register” means the process of creating an Account on the Mobile Application.

      Registration” means the act of creating an Account on the Mobile Application, i. e., concluding the Framework Agreement.

      Services” means all the services we provide to you via the Mobile Application under the Framework Agreement.

      Tariff” means the Company’s tariff containing a list of fees and their amount charged by the Company to the Client in connection with the provision of the Services and other Service-related parameters.

      Token” means a virtual instrument “CO2IN” disposable in accordance with the Framework Agreement and the GTC.

      Token Transfer” means (i) the issuance and settlement of a Token between Client and the Company, and/or (ii) the exchange of a Token between Clients, and/or (iii) the exchange of a Token for goods or services of another Client, and/or (iv) the provision of a service and sale of goods to other Clients in exchange for a Token.

      Verification” means the process of submitting to the Company all required documents by the Client for the identification and/or verification of the Client, and the successful completion of the complete identification and/or verification of the Client by the Company based on the submitted documents.

      Website” means our website available at co2in.com.

  3. 3.PERSONAL DATA
    1. 3.1You acknowledge that we process the personal data you have provided or we have gathered about you to operate the Mobile Application, provide the Services, and/or use our Website in accordance with the applicable legislation on processing and protection of personal data, in particular, but not limited to the GDPR and any judicial or administrative interpretation of the data processing and protection laws, any instructions, codes of conduct or approved mechanisms for issuing certificates issued by competent authorities.
    2. 3.2Personal data means all information about an identified or identifiable natural person, in particular, you or your contact person; an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to a specific identifier, such as name, identification number, location information, network identifier or one or more specific physical, physiological, genetic, psychological, economic, cultural or the social identity of this natural person.
    3. 3.3Processing of personal data is lawful provided that at least one of the following conditions is met during processing:
      1. a)You have given us consent to the processing of personal data as referred to in Article 6 (1) (a) GDPR for one or more specific purposes and have not withdrawn the consent as of the moment of processing of personal data;
      2. b)Personal data processing is necessary for the performance of the contract concluded between you and us or the implementation of measures taken prior to the conclusion of such a contract at your request pursuant to Article 6 (1) (b) GDPR;
      3. c)Personal data processing is necessary to fulfil our legal obligation applicable; or
      4. d)Personal data processing is necessary for the purposes of our legitimate interests pursuant to Article 6 (1) (f) GDPR.
    4. 3.4We process personal data for the following purposes:
      1. a)To provide services and fulfil our contractual obligations, we may process personal data you have provided or will provide in the future o that we obtain through our activities while using our services. Personal data processing is necessary for the performance of the contract concluded between you and us;
      2. b)We may process personal data necessary to assert our possible claims, and to protect our rights, provided that such personal data processing is in our legitimate interest;
      3. c)To ensure the operation of the Website;
      4. d)To ensure the operation of the E-Shop;
      5. e)To comply with out statutory obligations;
      6. f)If you consent to process your personal data, its purpose shall be stated directly therein.
    5. 3.5We shall retain the personal data processed pursuant to Article 3 (4) (a) to provide services and fulfil contractual obligations for the duration of the contractual relationship established between you and us.
    6. 3.6We shall retain the personal data under Article3 (4) (b) to protect our rights for the duration of our legitimate interest.
    7. 3.7We shall retain the personal data pursuant to Article 3 (4) (c) to ensure the smooth operation of the Website for the entire duration of your visit to the Website.
    8. 3.8We shall retain the personal data pursuant to Article 3 (4) (d) to ensure the smooth operation of the E-Shop, the performance of our contractual obligations arising from the E-Shop and/or the administration of the user account for the entire duration of your visit to the E-Shop, the duration of the obligations arising from the concluded contracts, and/or the existence of the user account.
    9. 3.9We shall retain the personal data pursuant to Article 3 (4) (e) for the period required by law.
    10. 3.10We shall retain the personal data pursuant to Article 3 (4) (f) for the purpose and period specified in the consent.
    11. 3.11Therefore, we shall retain the personal data only for the time necessary to exercise the rights and obligations under the law, the legal relationships between the contractual parties, between you and us, or until you withdraw your consent to process the data. After this period, the personal data shall be anonymized or deleted.
    12. 3.12We hereby declare that we have taken all appropriate technical and organizational measures to secure the personal data we process. Our technical and organizational security measures are designed to ensure that all data is protected against both unintentional and intentional manipulation, loss, destruction or access by unauthorized persons. The security measures adopted are continuously developed and improved in line with technological developments.
  4. 4.MOBILE APPLICATION
    1. 4.1The Mobile Application is a platform used to, inter alia, (i) effect Token Transfers; (ii) the Company allows Clients to carry out the Liquidation of the Allowance in exchange for Tokens; and (iii) the Company may manage all electronic communication (distance communication) with Clients. The Company processes personal data in connection with such activities, as well as other processes related to the Mobile Application and the Services provided not listed herein.
    2. 4.2The Mobile Application can only be installed on devices equipped with iOS and Android operating systems.
    3. 4.3You hereby acknowledge that we process personal data within the following scope to ensure the Mobile Application operation: (i) name and surname, (ii) date of birth, (iii) telephone number, (iv) e-mail address, (v) bank account number, (vi) profile photo, and (vii) other data related to your identification (Verification) and address you have submitted in connection with the use of the Mobile Application and the use of the Services.
    4. 4.4For the Verification, we use facial recognition tools and identification documents. For this purpose, we collect a picture of your face, which you provide via a mobile app (i. e., a selfie) and a photo or scan of your ID card. We use this technology for Verification purposes only. For the Verification, we process the following personal data of the Client or their representative: (i) first and last name, (ii) address of permanent residence, (iii) place of birth, (iv) date of birth, (v) the number of your identification document, (vi) gender, (vii) nationality, (viii) photo or scan of your identification document (including other personal data contained therein), (ix) photo of your face, (x) bank account number, (xi) information about any sanctions and political exposure of the Client or their representative. We process the personal data obtained in this way for the time required by law.
    5. 4.5Furthermore, you acknowledge that we can also process personal data you have not provided, which, however, directly relates to the use of the Mobile Application and Services provided. It may include, for example, the financial balance and movements in your Account, individual transactions, a breakdown of fees paid, transaction history, and other similar data. We obtain or verify certain personal data ourselves, such as information about possible sanctions or the existence of a politically exposed person.
    6. 4.6When using the Mobile Application, facial or fingerprint recognition functionality (Touch ID, Face ID, etc.) may be used to login. This operation does not involve any personal data processing on our part, as the biometric data used is matched directly by the Client’s device, not by us.
    7. 4.7We may make audio recordings during phone communication with the Client. The Client is always informed in advance and may use another means of communication if they do not agree to the recording.
  5. 5.WEBSITE
    1. 5.1When visiting the Website, information about its use is automatically collected and evaluated. Therefore, data that may contain personal data is evaluated and stored on our server each time you visit the Website to carry out statistical research and to ensure the security and stability of the system. Due to technical reasons, your internet browser automatically provides data to our server when accessing the Website. Inter alia, such include the date and time of access, the URL of the referring website, the file viewed, the volume of data sent, the type and version of the browser, the operating system, and the IP address of the visitor’s device. This data is stored separately from other data you enter when using the Website.
    2. 5.2As a result, your personal data is collected and processed during the website operation to determine traffic or information about its operation and improve its content.
    3. 5.3Apart from the above, we only collect and process data you have provided by entering it in our contact form, mainly your name and e-mail address. We process such data to handle your enquiry or comment, and the personal data is stored until your enquiry or comment has been handled, but for no longer than two (2) months.
  6. 6.E-SHOP
    1. 6.1When visiting the E-Shop, information is automatically collected in the same way as when visiting the Website, as the E-Shop is part of the Website.
    2. 6.2We process personal data about E-Shop customers in connection with the operation of the E-Shop and the conclusion and performance of contracts to the extent necessary to fulfil the contract, in particular, name and surname, delivery address, e-mail address and telephone number, bank and accounting data, as well as information about the history of orders placed.
    3. 6.3To conclude and perform the contract, you are required to provide us with some of your personal data that we need to process your order. For this reason, the data required to create an order and set up an account are mandatory; all other data are optional.
    4. 6.4In addition to the above, we only collect and process data you provide by entering it in our contact form located on the E-Shop, in particular, your name and e-mail address. The data are processed to handle your enquiry or comment and are stored until your enquiry or comment has been handled, but for no longer than two (2) months.
  7. 7.COOKIES
    1. 7.1We do not use any cookies on the Website.
  8. 8.PROCESSORS
    1. 8.1We can forward personal data to cooperating personal data processors, in particular, but not limited to, those providing financial, technical and other services to us, always in accordance with the purposes set out above and applicable law.
    2. 8.2When transmitting personal data to our processors, we transfer it outside the European Union (to third countries). Personal data may be transferred to a third country if the EU Commission has determined that the third country, a specific territory or one or more specific sectors in that particular third country guarantee an adequate level of protection. If no such decision exists for the third country in question, the processors have provided us with appropriate safeguards (in particular, using standard data protection clauses) to ensure that the data subject’s rights are enforceable and that the data subject has effective legal protection.
    3. 8.3We use the tools of Jumio Corporation, 395 Page Mill Road, Suite 150, Palo Alto, CA 94306, United States of America, jumio.com, to perform Verification.
  9. 9.THIRD PARTIES
    1. 9.1Our Mobile Application, Services and Website may also contain third-party links and search results or include third-party integrations. By using those links, you may be providing information, including your personal information, directly to a third party, us or both. You acknowledge and agree that we are not responsible for how those third parties collect or use your information.
  10. 10.UNDERAGE USERS
    1. 10.1Our Mobile Application and Services are not intended for persons under the age of 18.
    2. 10.2Should the information you provide in this regard be not truthful, we are not liable as the age is verified based on the information and documents provided by the User.
    3. 10.3If you are under the age of 18, you cannot use the Mobile Application or the Service.
  11. 11.MARKETING COMMUNICATION
    1. 11.1We may send you marketing communication regarding the Mobile Application and the Services based on our legitimate interest.
    2. 11.2You may choose to receive the newsletters, surveys, offers and other promotional materials from us by e-mail or messages.
    3. 11.3We shall provide each such message or e-mail with an unsubscribe link so you can unsubscribe at any time.
    4. 11.4We may still deliver you in-app notifications even if you unsubscribe from receiving such marketing messages or e-mails. You can turn off such in-app notifications at any time, depending on the device you are using.
  12. 12.YOUR RIGHTS CONCERNING THE PERSONAL DATA PROCESSING
    1. 12.1You may exercise the following rights concerning the processing of personal data in relation to us:
      1. a)The right of access to personal data
        You have the right to know whether your personal data is being processed. If we are actually processing your personal data, you have the right to access it and to be informed about the processing.
        The right of access also includes the right to be provided with a copy of your personal data. The first copy of your personal data is provided to you free of charge. If you abuse your right of access to personal data, for instance by repeatedly making unjustified requests, we are entitled to charge you a fee equivalent to the administrative costs of processing the request prior to dealing with your request.
      2. b)The right to rectification or completion of personal data
        If you think your personal data that we process is inaccurate or incomplete, you have the right to have it corrected.
      3. c)The right to deletion of personal data
        Under the deletion right, you have the right to request that we delete your personal data if one of the following grounds is met: (i) Your personal data is no longer necessary to fulfil the purposes we have processed it for; (ii) You withdraw your consent to the processing of your personal data, and we have no further reason to process it; (iii) You object to the processing of your personal data, and we have no other legitimate interest in processing your personal data; (iv) We are processing your personal data in breach of generally binding legal provisions; (v) We have been obliged to erase your personal data. We shall not delete your personal data if there are other grounds for processing it. This includes cases where processing your personal data is necessary for the establishment, exercise or defense of our legal claims or the fulfilment of our legal obligations imposed by generally binding legal regulations.
      4. d)The right to the restriction of the personal data processing
        You have the right to request the restriction of the processing of your personal data if one of the following reasons applies: (i) You object to the accuracy of your personal data we process for as long as we verify the accuracy of your personal data; (ii) You object to the processing of your personal data, for as long as we examine the validity of your objection; (iii) The processing of your personal data generally infringes binding legal regulations, but at the same time, you do not want us to delete your personal data; (iv) We need your personal data to establish, exercise or defend your legal claims.
      5. e)The right to data portability
        When technically feasible, the right to portability constitutes your right to require us to transfer the personal data you have provided in a structured and machine-readable format to another controller.
      6. f)The right to withdraw consent to the processing of personal data
        If we process your personal data by virtue of your consent, you have the right to withdraw it at any time.
      7. g)The right to lodge a complaint with the competent supervisory authority
        If you believe that your personal data processing has violated your right to data protection or any other right under related legislation, you may lodge a complaint with the relevant supervisory authority. For the territory of the Czech Republic, the supervisory authority means the Office for Personal Data Protection (www.uoou.cz), located at Pplk. Sochor 27, Prague 7, Postcode: 170 00, Czech Republic, e-mail: posta@uoou.cz.
    2. 12.2To exercise any of the rights mentioned above, you may contact us at the Company’s registered office at The CO2IN, a.s., Pobřežní 620/3, Prague, 186 00, Czech Republic, or by e-mail at info@co2in.com. We will provide you with all assistance in exercising your rights.
    3. 12.3The Data Protection Officer shall supervise the processing and protection of personal data in the Company. The Company’s Data Protection Officer may be contacted via the following contacts: (i) At the delivery address: The CO2IN, a.s., at the hands of the Data Protection Officer, Pobřežní 620/3, Prague, Postcode: 186 00, Czech Republic, or
      (ii) At the e-mail address dpo@co2in.com. The Data Protection Officer may be contacted by anyone on all matters relating to the Company’s processing and protection of personal data.
  13. 13.FINAL PROVISIONS
    1. 13.1Shall any dispute arise in connection with the Privacy Policy and the provision of our services, it shall be settled pursuant to the Framework Agreement.

This Privacy Policy shall enter into force and become effective as of February 22, 2022.