Privacy policy

This procedure applies to GOin SAS, incorporated at 29 rue Marbeuf, 75008 Paris (France) under number 839 009 669 RCS Paris, registered as a Crypto Asset Service Provider (in French « PSAN ») by the AMF under number E2022-053,

Hereinafter « GOin » or the « Company.

GOin complies with European Regulation n°2016/679 on the protection of personal data (« Personal Data ») of individuals, know as the GDPR Regulation, as well as to the law n°78-17 of January 6th, 178 relating to data processing, files and freedoms. This Policy presents the information collected by GOin, the way it is collected, processed and protected, the purpose of its processing as well as your rights regarding this data.

Scope of Application

This Policy applies to data:

• Both directly and indirectly collected by GOin in the course of its business
• Collected via GOin’s website, www.goin-invest.com (“GOin Website”)
• Collected via its investment portal, https://access.investor.goin-invest.com (“Investor Portal”)

In the course of its business, GOin may be required to collect different types of Personal Data, including – but not limited to:

• Data relating to your identity, civil and family statuts – first name, last name, age, residence, marital status, …
• Contact information – postal address, phone number, email, …
• Fiscal data: tax address, tax status, country of residence, tax statements, …
• Economic, legal and financial data – employment, remuneration, pay sheets, standard of living, assets, inheritance deeds, …
• Banking, financial and transactional data – banking details, crypto asset public addresses, bank statements, …
• Information relating to your investment profile – investment habits, amounts invested, nature of investments made, …

Data Controller

GOin SAS, incorporated at 29 rue Marbeuf, 75008 Paris (France) under number 839 009 669 RCS Paris, is the data controller for your Personal Data (“Data Controller”).

In addition, GOin has appointed a Data Protection Officer (“DPO”). Any question or request relating to the processing of your data can be sent to him, by following the procedure detailed in the section “Rights of individuals” below.

Origin of the processed data

1. Direct collection

In the course of its business, GOin might collect Personal Data directly from its clients (“Clients”), both individuals and legal entities – notably concerning legal representatives, beneficial owners, contact people, …

2. Indirect collection

In order to verify information and complete its databases and analyses, GOin might also collect Personal Data from external sources, such as:

• Databases published by official authorities – Commercial Courts, …
• Information that you have made public yourselves, particularly through websites or social networks
• Data provided by third-party organizations, including business intelligence organizations, anti-fraud organizations, or any other organization communicating data in compliance with the RGPD Regulation

3. Use of cookies

GOin’s Investor Portal uses a tracker to authenticate the user to this service. The data collected by the tracker is encrypted and inaccessible to third party sites. This tracker does not require consent.

GOin Site also uses a consent-exempt tracker to store the user’s permission to use a tracker for statistical purposes.

4. Special cases

GOin may also collect Personal Data from persons who are not users of GOin’s Site or Investor Portal, Clients or legal representatives, beneficial owners or agents of its legal entity Clients. The collection of data may thus concern :

• Its contacts at its partners
• Its prospects and commercial contacts
• Any representative of an individual and/or legal entity with whom GOin may have to deal in the context of its missions

Purposes and legal bases of the various processing operations

1. Legal and regulatory obligations

GOin is required to comply with obligations to counter money laundering and terrorist financing (“AML/CTF”) and to know its clients (“Know Your Customer” or “KYC”). In this context, before any relationship with a Client, throughout the duration of the relationship with a Client and for a period of five years after the end of the relationship with a Client, GOin collects, uses and retains the Personal Data necessary to comply with the following obligations:

• Combating Money Laundering and Terrorist Financing
• Fighting against fraud, including fiscal fraud, in compliance with regulatory requirements in terms of tax declaration and control
• Responses to official requests from public and/or judicial authorities in the context of appropriate procedures
• Application of appropriate measures in the event of suspicions abouts its Clients’ intentions, in particular asset freezing procedures and declarations to the competent authorities
• Compliance with national, regional and international legislation in general

In addition, GOin uses its Clients’ Personal Data upon entering into a relationship in order to:

• Be able to contact them and provide them with the necessary information and legal documentation
• Assist them in the course of creating their account, during each transaction or more broadly throughout the duration of the relationship
• Evaluate their knowledge and/or experience in investment and financial culture, as well as on the crypto asset sector
• Know their investment goals in order to offer them products and services adapted to their needs
• Provide them with the most complete available information on the status of their portfolio
• Answer their interrogations or complaints

2. Serving its legitimate interests

In compliance with the GDPR Regulation, GOin’s Clients Personal Data might also be used to serve its legitimate interest. This includes in particular:

• The development of its products and services: automation of the various procedures needed for the efficient management of its risk and the improvement of its offer, anonymized analyzes for research and development purposes, …
• The management of its financial and legal risks: prevention of fraud, abuse and AML/CTF through controls on operations
• The management of its IT risks: protection of data, infrastructure and/or people
• The defense of its interests in court

Time limit

GOin keeps Personal Data for the maximum period necessary for the purposes for which they are processed.

In the course of its business, GOin’s Clients Personal Data are kept for a period of five years after the end of the business relationship, in compliance with the current regulation.

Data Sharing

In the course of its business, GOin may share Personal Data of its Clients:

• With financial and judicial authorities, state agencies or public bodies, upon request and within the context of legal and regulatory procedures
• To certain regulated partners, notably its statutory auditors (CAC), lawyers or notaries
• To other companies in its group in the context or specific treatments

Data transfers outside the European Economic Area (EEA)

The only Personal Data transferred outside the EEA are those relevant and necessary for the purposes for which they are transferred and processed. In case of transfer, Personal Data is transmitted on the basis of the adequacy decision made public by the European Commission where applicable.

Data protection

GOin implements technical and organization measures to prevent:

• Any accidental of unlawful loss, destruction or alteration of Personal Data
• Any accidental of unlawful access, theft or unauthorized disclosure

In addition, GOin requires services providers or any third party organization processing on its behalf or receiving Personal Data from it to take the necessary and appropriate security measures.

Rights of individuals

Articles 12 to 21 of the GDPR Regulation grant rights to individuals regarding their personal data, including:

• Right of information, access and rectification. You can obtain information regarding the processing of your Personal Data, a copy of such Personal Data and request their modification if you deem it necessary
• Right to erasure. You may ask for the erasure of your Personal Data, within the limits of the regulation in force – as detailed below
• Rights to limit processing, to object or to withdraw consent. You may ask for the limitation of the processing of your data, or object to their use for a particular purpose. In addition, you may withdraw your consent at any time, within the limits of the regulation in force – as detailed below

However, given the legal obligations to which GOin is subject, the exercise of some of these rights will be limited in certain situations. In addition, in case of refusal to communicate certain Personal Data requested by GOin, it may be required to terminate the business relationship.

If you have any question, want to exercise your rights or reclamation concerning the collect, treatment and storage of your Personal Data, you may contact GOin’s DPO. To do so, please send an email to dpo@goin-invest.com specifying the object of your request.

Moreover, in accordance in the application regulation, you may at any time file a complaint with the Commission Nationale Informatique et Libertés (CNIL).