By using Napoleon Group services, you consent to the collection, storage, processing and transfer of your personal information as described in this policy.
3. Personal data controller
Napoleon Group is your personal data controller. This means that it determines the purposes and means by which your data is processed.
By “controller”, “joint controller” or “processor”, as used in this policy, we refer to the terms defined in Article 4 of the GDPR.
Napoleon Group has appointed a Data Protection Officer (DPO), whose contact details can be found in section 1, who will endeavour to answer any questions or requests in relation to the processing of your data and your rights.
Napoleon Group’s products and services are not intended for persons under the age of 18. Only persons of legal age may register for our services. Therefore, we do not process personal data of minors.
5. On which grounds do we use your personal data?
We process your personal data on one or more of the following legal grounds (in accordance with Article 6 of the GDPR):
|Processing for the performance of a contract or prior to entering a contract (article 6. 1. b GDPR)||The processing of your personal data is necessary to take the necessary steps for your request, prior to entering into a contract or to perform that contract with you.|
|Processing based on your consent (Art. 6. 1. a. GDPR)||If you have given us your consent to process your personal data, the processing will only be carried out for the purposes and to the extent stated in the declaration of consent. If you no longer agree with this processing, you have the possibility of revoking your consent at any time, without the need for justification.|
|Processing necessary for the purposes of our legitimate interests (Art. 6. 1. f. GDPR)||We process some of your personal data to best protect our legitimate interests and those of our users, for example as part of our risk management, or when we detect and prevent fraud and abuse to protect the safety of our users, ourselves or others.|
|Processing for compliance with a legal obligation (Art. 6. 1. c. GDPR)||In the course of our business, we are required to process some of your personal data in order to comply with our legal obligations (inter alia, identity checks, anti-money laundering controls, anti-fraud and market integrity, disclosure of data to supervisory authorities and other competent public authorities, if necessary, etc.)|
6. Data categories
We may process the following personal data on the basis mentioned in section 5:
- Contact data : when creating a new account or communicating with us, we may process, for example, the following personal data: surname, first name, address, nationality, e-mail, account photo.
- Financial data : When purchasing and selling our services, we may process, for example, the following data : bank details (IBAN, BIC), payment service provider information, payment details, transaction identification data.
- Account operation data : To ensure the proper operation of your account, we may process the following data: language preferences, login/password, transaction data, products and strategies chosen, user profile type, trading data, list of connected exchanges, API keys of connected exchanges, subscription date, amount of assets allocated and allocation(s), login time(s) and date(s), affiliate and referral program data, performance reports, billing data.
- Activity analysis data : During certain activities on the website, we may process for example the following data: your IP address, computer or mobile device information, frequency, time, operating system, browser type, device type, unique device identification number, cookies, possibly form data, crash reports, performance data, third party cookies, etc., performance data and only with your explicit consent, data from camera, microphone, storage, phone.
- Data related to a support/complaint request : if you contact our support team, we may process for example personal data provided to our team for this purpose.
- Data for marketing purposes : If you visit our website or social networks, or during the use of mobile applications, we may process statistical and marketing data, e.g. number of visitors, frequency, clicks, time, locations, target groups, data from cookies and similar technologies, consumer behaviours, interests and preferences, data relating to market research and target group surveys etc.
7. Personal data retention period
Napoleon Group retains the data collected for the time strictly necessary for the purpose of the processing, and within the limits provided for by European and national legislation if it allows longer retention.
8. Personal data recipients
We do not sell the personal data we collect from our users. Napoleon Group may only share personal data collected from users as described below, and with subsidiaries or affiliates of Napoleon Group, or its parent company, that follow practices at least as protective as those described in this policy.
|Data transfer within the group||Within the group, the relevant departments/employees will receive the personal data they need to fulfill the purposes of processing.|
We transfer data as part of our day-to-day business operations, such as the management of customer accounts and other operations you have requested, as well as to carry out our internal administrative activities efficiently and to improve our products and services.
|Data transfer to processors||We may transfer data to processors who provide services to us. These service providers only have access to personal information that is necessary for the performance of their functions and may not use it for any other purpose.|
Processors are also carefully selected and contractually obliged to ensure the confidentiality and security of your personal data that they process on our behalf.
|Data transfer to third parties||Joint controllers: In the event that Napoleon Group is jointly responsible for the processing of personal data with other parties, we will pass on the data to these parties (in accordance with the legal bases in point 5). In the case of joint control, we will only pass on your data if there is sufficient agreement with our partners.|
|Data transfer to public administrations and institutions||We may transfer your personal data to the relevant public authorities for the purposes of legal obligations, investigations, legal proceedings, or if we consider that the disclosure of personal data is necessary to prevent damage or financial loss.|
9. Where do we store your personal data ?
The personal data we process is stored by our hosting provider Amazon Web Services on servers located within the European Union (in Ireland).
10. Data transfer within and outside the European Economic Area (EEA)
Due to the international nature of our business and our membership of the CoinShares Group, Napoleon Group may transfer your personal data outside the European Union and outside the European Economic Area (EEA).
Where applicable, Napoleon Group will put in place appropriate technical, organisational and contractual safeguards (under Article 46 of the GDPR), to ensure that such transfer is carried out in accordance with applicable data protection rules, unless the country to which the data is transferred is already considered by the European Commission to provide an adequate level of protection.
For more information regarding the transfer of data, you may contact us as described in Section 1.
You have the right to object to the processing of your personal data for advertising purposes. If you wish to object to this processing in general, you can contact us by email at the following address: firstname.lastname@example.org
The objection does not affect the lawfulness of the processing of your personal data on the basis of legitimate interests before your revocation.
With the cookie banner mentioned in section 11, please note that you also have the possibility to unsubscribe from tracking and setting cookies for advertising purposes.
13. Protection of your personal data
We design our systems with your security and privacy in mind. Napoleon Group implements technical and organisational security measures to protect your data from accidental or unlawful destruction, loss, alteration, unauthorised access or disclosure.
14. Asserting your rights
|Right of access||You have the right to obtain confirmation from the controller as to whether or not your personal data is being processed. If they are, you have the right to request access to them.|
|Right to rectification||You may request the rectification of your inaccurate personal data. In view of the purposes of the processing, you can have this data completed.|
|Right to erasure||In some cases, you have the right to have your personal data deleted. In such cases, we will delete the data as soon as possible.|
|Right to restriction of processing||Upon request, you may obtain the restriction of the processing of personal data, in accordance with the conditions set out in Article 18 of the GDPR.|
|Right to data portability||You can ask us to disclose your personal data and you also have the right to pass this data on to another controller without us objecting.|
|Right to object||You have the right to object to the processing of your personal data at any time. Unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims, we will no longer process this data.|
|Right of appeal||Have you noticed a failure in the processing of your personal data? You can lodge a complaint with the authority that transferred the data, the authority receiving the data or both. To do so, you can contact our DPO, whose contact details are given in section 1.|
To assert your rights, or for any related questions, you can contact us:
- via Zendesk or the chatbot accessible on Napbots;
- by email at the following address: email@example.com.
In accordance with Applicable Regulations, we will ask you to prove your identity.
15. Contact the competent supervisory authority
We remind you that you have the possibility to file a complaint with the competent supervisory authority. In France, this authority is the Commission National Informatique et Libertés (CNIL), whose website address is: https://www.cnil.fr.
16. Policy updating