0. Definitions according to the GDPR
NSAPDP represents The National Supervisory Authority for Personal Data Processing, Romanian independent public authority responsible for the compliance with the protection of personal data requirements;
Personal data represents any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Processing represents any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Restriction of processing represents the marking of stored personal data with the aim of limiting their processing in the future;
Controller represents the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by the European Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
Processor represents a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
Recipient represents a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether it is a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with the European Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
Third party a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;
Data Breach represents a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data. This means that a breach is more than just losing personal data.
1. Who is Coreto
Coreto or Coreto Platform is a limited liability company with its headquarters in, Bucharest Romania.
According to the GDPR regulation, considering the personal data processed by our Platforms, we (Coreto) are considered data controller and our visitors and users are considered recipients.
Coreto observes the confidentiality and security of the personal data constantly ensuring that when personal data is processed, it is only for specific, explicit and legal purposes, according with the principles and provisions of the GDPR.
2. Where can you find us and how you can contact us
With respect to any information regarding the personal data we process, you can e-mail us at admin[at]coreto.io.
3. What personal data Coreto may process, how personal data is processed, the purpose, legal basis, and periods of the processing
In general, we only collect personal data if necessary, ensuring your control over the type of information you provide to us. In compliance with GDPR art.5/1/c, Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
In order for you to easily identify the personal data we process we have combined them in several categories according to the purpose of processing.
Coreto processes the personal data of the people who visit the Platforms, as follows:
Category 1 – Enrolment And Further Use
Personal data – First Name (optional), Last Name (optional), username; display name (optional); user’s birthday; e-mail address; password; social media account (optional) and personal bio (optional);
The purpose of processing – the personal data is processed for account creation and its further use such as logging in, using Platform’s features or confirming the activities for which verification of the account owner's consent is required.
The legal Basis – art. 6 para. 1 letter b) of the GDPR Regulation, which allows us to process personal data when necessary, for the performance of a contract.
In addition, the processing of personal data obtained during contractual relationships establishes various communications made to you (soft-opt in) for information and marketing on services and products similar to those previously purchased.
The collection method - directly from the recipients by filling in the available fields on the Platform;
The retention period – until the users request the deletion of the account, unless the legal provisions require, for certain activities performed by users, a longer storage period;
Category 2 – Security, Kyc/Aml And Other Restrictions
Personal data such as:
- location based on user’s and visitor’s IP;
- users' full name, address and other personal identification elements; the user’s source of funds;
The purpose of processing – the personal data mentioned above are processed for:
- restricting the access of users/visitors who are located in jurisdictions where access to this type of services is forbidden or to determine malicious connections;
- for complying with the applicable regulation (when those information are necessary to prevent and combat AML and terrorism financing);
The legal Basis: art. 6 para. 1 letter f) of the GDPR, which allows us to process personal data when the processing is necessary for respecting the applicable regulations;
The collection method – personal data are:
- automatically collected when users access the Platform;
- directly received from the account’s owner (if requested);
The retention period: for a period equal to the duration required by the legal provisions, depending on the nature of the situation for which we collect those information;
Category 3 – User’s Performances
Personal data – related to each user, such as:
- users’ level of experience/knowledge and interest in cryptocurrencies which may arise from (i) the opinion expressed in the SOOPs published by each user, (ii) user’s activity on the Platform which may include: the performance of the published SOOPs’; the performance of the SOOPs in which a user decided to be engaged or at which he reacted; user’s performance and trust points obtained or its position in the leaderboard;
- users’ wealth which may arise indirectly from (i) the total amount of the COR tokens stored in the Platform, (ii) the amount of the COR tokens used to pledge a SOOP, (iii) ERC-20 wallet’s public address and the correspondent tokens stored in it;
The purpose of processing – the personal data mentioned above are processed to provide users with Platform’s features such as the creation / involvement in SOOP or the calculation of user’s trust and performance points;
The algorithm used to determine the amount of points/COR tokens due to each user is described in our Terms and Conditions.
The legal Basis: Art. 6 para. 1 letter b) of the GDPR Regulation, which allows us to process personal data when necessary, for the performance of a contract;
The collection method – personal data are collected directly from users when they sign in on the Platform;
The retention period: until the users request the deletion of the account, unless the legal provisions require, for certain activities, a longer storage period;
Personal data – personal data related to:
- name, nickname, e-mail or any other information users decide to provide us with by the “Feedback” and “Contact Us” sections available on the Platforms;
- standard technical information for connecting to the internet which may include data such as information about the computer or device used to access our site (device type, operating system, screen resolution, language, country where you are, type of web browser used etc.), a truncated version of the IP address or your preferences regarding cookies that process personal data;
* for this purpose, the IP is collected and stored in an anonymized format by deleting the last byte;
Standard technical login details are required to technically ensure the functionality, optimization, and security of our website.
The purpose of processing – the personal data mentioned above are processed:
- to receive user’s feedback and to implement it;
- to facilitate user’s access to our Platform (for example, to adjust the size of the Platform according to the characteristics of the device used), to recognize and stop any improper use of the Platform, etc.
Technical dates are processed to facilitate your access to our site (for example, to adjust the size of the Platform according to the characteristics of the device used), to recognize and stop any improper use of the Platform, etc.
The legal Basis – art. 6 para. 1 letter b) of the GDPR Regulation, which allows us to process personal data when necessary, for the performance of a contract and art. 6 para. 1 letter f) of the GDPR, which allows us to process personal data when the processing is necessary for the purpose of the legitimate interests pursued by the operator. - respectively (i) to maintain the Platform’s security; (ii) to improve Platform’s functionality and to optimize the internal trade flows; (iii) to repair bugs identified by users.
The collection method – personal data are:
- directly received from the account’s owner;
- automatically collected when users access the Platform;
The retention period: 30 days or more depending on the content of user’s feedback or request;
Personal data – related to each user, such as: user’s social media accounts; any other information users decide to provide us with when they contact us on the social media platforms; any other information users decide to provide us with when they contact us by e-mail; comments and/or posts on our profiles;
Given that the internet is not a safe space, please do not send us or limit as much as possible the personal data communicated through social platforms or e-mail.
The purpose of processing – the personal data mentioned above are processed for customer support purposes;
The legal Basis: Art. 6 para. 1 letter b) of the GDPR Regulation, which allows us to process personal data when necessary, for performance of a contract or for the steps prior to its conclusion;
The collection method – personal data are collected directly from users when they decide to contact us;
The retention period: personal data are stored for the purpose of proving the fulfilment of contractual obligations between the parties for a period between 30 days and 1 year, depending on the nature of the request (complaint, request for guarantee, contractual request, general request, etc.);
Generally, personal data are kept for a limited period according to the purpose of the processing and the legal provisions applicable to each category of data.
Coreto ensures the proper deletion of personal data when processing is no longer necessary.
Personal data – personal data processed for:
- analytic purposes such as: the city where the connection to the Platform is made, demographic information, number of visitors, the timeframe in which the platform was accessed, the most used sections and other visitors’ activity on the Platform.
We may collect aggregate analytical statistics, as defined above, using cookies created by third party providers.
According to their Policy, their product is an easy-to-use tool that helps site owners measure (track usage data) how users interact with the content of a webpage and also provide:
- Tag management
- Improve advertisement efficiency
- Collect anonymous statistical data
- Aid in content performance and A/B testing
- Contextualize and personalize ads in their own advertising network
- Connects multiple page views by a user under a single ID
- Identify unique visits and contributes to creation of analysis reports
- Reporting, personalization and other operational purposes
- Determine if the specific browser supports cookies or not
- Measure bandwidth for optimal web page performance
You can disable or restrict the transmission of cookies by changing the settings of the browser used. At the same time, cookies that are already stored can be deleted at any time.
user’s e-mail for sending newsletters;
The purpose of processing – the personal data are processed for marketing purposes;
The legal Basis: Art. 6 para. 1 letter a) of the GDPR Regulation, which allows us to process personal data when the data subject has given his or her consent;
The collection method – personal data are:
automatically collected when they use the Platform;
directly collected from the recipients by filling in his e-mail in the “subscription” section;
The retention period: until the users request the withdrawal of consent;
We inform you that, at any time, you can send us the option to no longer receive (or withdraw your consent for) marketing communications / purposes to: admin[at]coreto.io
The communication of your choice or the withdrawal of consent to the processing of personal data for marketing purposes will operate for the future and does not affect the processing already performed.
You are also free to decide what personal data you wish to share with us, but if you refuse to provide us with the personal information necessary to provide you with our services, such as your email address and username to open your account, we will be unable to provide our services.
The disclosure of your personal to third parties
Throughout its normal course of business Coreto will not disclose or transfer, for direct marketing purposes, your personal data to third parties, regardless if such parties are located in Romania, in EU or outside EU.
What Are Cookies
Different types of cookies:
- First Party Cookies: These are cookies collected by our website or app and are only used by us when the user visits our web pages.
- Third Party Cookies: These cookies are used to share information with third parties such as advertisers or social media platforms.
- Session Cookies: These are only temporary cookies which remain active on the user's browser until it is closed.
- Persistent Cookies: A user's browser stores these cookies for a specific amount of set time before they expire. These are used to perform functions such as keeping a user logged in, for web analytics and for performance statistics purposes.
- Secure or HTTP-only Cookies: These cookies help prevent possible malicious cross-site attacks.
How / Why We Use Them
We use first and third party cookies for several reasons. Some cookies are required for technical reasons in order for our Websites to operate, and we refer to these as "essential" or "strictly necessary" cookies. Other cookies also enable us to track and target the interests of our users to enhance the experience on our Online Properties. Third parties may serve cookies through our Websites for advertising, analytics and other purposes. This is described in more detail below.
Unfortunately in most cases there are no industry standard options for disabling cookies without completely disabling the functionality and features they add to the site. It is recommended that you leave on all cookies if you are not sure whether you need them or not in case they are used to provide a service that you use.
Your Cookie Choices
You are always free to block, delete, or disable these technologies if you so choose. However, if you decline cookies or other similar technologies, you may not be able to take advantage of certain features and services. You may also be required to re-enter your password more frequently during your browsing session.
Where applicable, we protect our cookies and other similar technologies to help ensure that only we and/or our authorized service providers can interpret them by anonymizing and assigning them a unique identifier that is designed for interpretation only by us.
Any personal information that we collect and store through use of these technologies is first obtained through notice and prior consent by providing you with transparent notice of use of these technologies and providing you with the opportunity to make a choice to disable them.
You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Be aware that disabling cookies may affect the functionality of this and many other websites that you visit. Disabling cookies may result in also disabling certain functionality and features of a site. Therefore it is recommended that you do not disable cookies.
Other Tracking Technologies
Like web beacons, Flash cookies, LSOs, and anonymized data.
Cookies are not the only way to recognize or track visitors to a website. We may use other, similar technologies from time to time, like web beacons (sometimes called "tracking pixels" or "clear gifs"). These are tiny graphics files that contain a unique identifier that enable us to recognize when someone has visited our Websites or opened an e-mail including them. This allows us, for example, to monitor the traffic patterns of users from one page within a website to another, to deliver or communicate with cookies, to understand whether you have come to the website from an online advertisement displayed on a third-party website, to improve site performance, and to measure the success of e-mail marketing campaigns. Websites may also use so-called "Flash Cookies" (also known as Local Shared Objects or "LSOs") to, among other things, collect and store information about your use of our services, fraud prevention and for other site operations.
Every time a user visits our web page(s), our analytics, where possible, tracks anonymously to tell us whether or not you've visited the site before. This allows us to track how many individual unique users we have, and how often they visit the site. This information is used for statistical purposes and to improve our operational services.
In many instances, these technologies are reliant on cookies to function properly, and so declining cookies will also impair their functioning.
The Cookies We Set
Essential website cookies
These cookies are strictly necessary to provide you with services available through our Websites and to use some of its features, such as access to secure areas.
Performance and functionality cookies
These cookies are used to enhance the performance and functionality of our Websites but are non-essential to their use. However, without these cookies, certain functionality may become unavailable.
Account related cookies
Login related cookies
Email newsletters related cookies
This site offers newsletter or email subscription services and cookies may be used to remember if you are already registered and whether to show certain notifications which might only be valid to subscribed / unsubscribed users.
Forms related cookies
When you submit data through a form such as those found on contact pages or comment forms cookies may be set to remember your user details for future correspondence.
Site preferences cookies
In order to provide you with a great experience on this site we provide the functionality to set your preferences for how this site runs when you use it. In order to remember your preferences we need to set cookies so that this information can be called whenever you interact with a page that is affected by your preferences.
Analytics and customization cookies
These cookies collect information that is used either in aggregate form to help us understand how our Websites are being used or how effective our marketing campaigns are, or to help us better customize our Websites for you.
These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.
These are cookies that have not yet been categorized. We are in the process of classifying these.
Third Party Cookies
This site uses several widespread and trusted third party analytics solutions (detailed below) for helping us to understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content.
From time to time we test new features and make subtle changes to the way that the site is delivered. When we are still testing new features these cookies may be used to ensure that you receive a consistent experience whilst on the site whilst ensuring we understand which optimisations our users appreciate the most.
To provide better services it's important for us to understand statistics about our visitors and as such this is the kind of data that these cookies will track. This is important to you as it means that we can accurately make business predictions that allow us to monitor our advertising and costs and to aid our continuous research and development to offer the best possible services.
We also use social media buttons and/or plugins on this site that allow you to connect with your social network in various ways. For these to work the following social media sites including;
- Google, Youtube, Doubleclick
- Facebook (Meta platforms), Atlas, Instagram
- Microsoft, Bing, Clarity, Linkedin
may set cookies through our site which could be used to enhance your profile on their site or contribute to the data they hold for various purposes outlined in their respective terms & policies.
Essential / Strictly necessary
Performance / Functionality
Name: SM Provider: clarity.ms Type: http_cookie Expires in: session
Name: MR Provider: bing.com Type: http_cookie Expires in: 7 days
Name: MR Provider: clarity.ms Type: http_cookie Expires in: 7 days
Analytics / Customization
Name: _ga_# Provider: coreto.io Type: http_cookie Expires in: 1 year 11 months 29 days
Name: _gat# Provider: coreto.io Type: http_cookie Expires in: 1 minute
Name: #collect Provider: coreto.io Type: pixel_tracker Expires in: session
Name: _gid Provider: coreto.io Type: http_cookie Expires in: 1 day
Name: c.gif Provider: coreto.io Type: pixel_tracker Expires in: session
Name: _ga Provider: coreto.io Type: http_cookie Expires in: 1 year 11 months 29 days
Name: MUID Provider: bing.com Type: http_cookie Expires in: 1 year 24 days
Name: 395970801/ Provider: coreto.io Type: pixel_tracker Expires in: session
Name: MUID Provider: clarity.ms Type: http_cookie Expires in: 1 year 24 days
Name: ANONCHK Provider: clarity.ms Type: server_cookie Expires in: 10 minutes
Name: SRM_B Provider: bing.com Type: server_cookie Expires in: 1 year 24 days
Name: a Provider: coreto.io Type: pixel_tracker Expires in: session
Name: _gcl_au Provider: coreto.io Type: http_cookie Expires in: 2 months 29 days
Name: _fbp Provider: coreto.io Type: http_cookie Expires in: 2 months 29 days
Name: IDE Provider: doubleclick.net Type: server_cookie Expires in: 1 year 11 months 29 days
Name: test_cookie Provider: doubleclick.net Type: server_cookie Expires in: 15 minutes
Name: YSC Provider: youtube.com Type: http_cookie Expires in: session
Name: VISITOR_INFO1_LIVE Provider: youtube.com Type: server_cookie Expires in: 5 months 27 days
Name: _cltk Provider: coreto.io Type: html_session_storage Expires in: session
Name: _clsk Provider: coreto.io Type: http_cookie Expires in: 1 day
Name: CLID Provider: clarity.ms Type: server_cookie Expires in: 11 months 30 days
Name: _clck Provider: coreto.io Type: http_cookie Expires in: 11 months 30 days
Name: CoretoSession Provider: coreto.io Type: server_cookie Expires in: 25 days
The date at the top of this Policy indicates when it was last updated.
Hopefully that has clarified things for you and as was previously mentioned if there is something that you aren't sure whether you need or not it's usually safer to leave cookies enabled in case it does interact with one of the features you use on websites.
If you are still looking for more information then you can contact us through one of our contact methods.
Coreto employees having access to personal data have been trained to observe the security and confidentiality of the personal data they have access to in performing the business activity. Coreto employees’ access to personal data is limited to the information required in performing their specific tasks, processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’)..
We perform our daily activities at the highest standards thus sometimes we chose to cooperate with other companies in order to facilitate several technical or administrative processes such as: billing services, management services, card payments services, e-mail hosting services, storing data, marketing services, legal services etc.
In case we decide to contract third parties for the supply of specific services, we will ensure that such third parties comply with the provisions of GDPR and we will provide all information required for the proper performance of their services.
Your personal data may be communicated to governmental authorities and/or law enforcement agencies if required by the applicable law.
Which are your rights and how can you effectively exercise them
Coreto as a controller, ensures technical and organizational measures to be sure that your rights (as a data subject) are observed:
Right of access
You have the right to obtain the confirmation as to whether or not personal data concerning you are being processed by us, and, where that is the case, access to your personal data and information on how they are processed.
Right to data portability
You have the right to receive some of your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and you have also the right to transmit those data to another controller without hindrance from us, where technically feasible.
Right to object
You have the right to object to processing of your personal data, when processing is necessary for the performance of a task carried out in the public interest or for the purposes of the legitimate interests pursued by us. You have the right to object at any time if your personal data are being processed for direct marketing purposes.
Right to rectification
You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. The rectification shall be communicated to each recipient to whom the data was sent unless this proves impossible or involves disproportionate (demonstrable) efforts.
Right to erasure (‘right to be forgotten’)
You have the right to obtain from us the erasure of personal data concerning you without undue delay and we have the obligation to erase your personal data without undue delay where one of the following grounds applies: your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraws consent on which the processing is based and there is no other legal ground for the processing; you objects to the processing and there are no overriding legitimate grounds for the processing; your personal data have been unlawfully processed; your personal data have to be erased for compliance with a legal obligation; your personal data have been collected in relation to the offer of information society services.
Right to restriction of processing
You have the right to obtain from us restriction of processing where one of the following applies: you contest the accuracy of your personal data, for a period enabling us to verify the accuracy of your personal data; the processing is unlawful and you oppose the erasure of your personal data and request the restriction of their use instead; we no longer need your personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; you has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.
Right not to be subject to a decision based solely on automated processing
You have the right not to be subject to a decision solely based on automated processing, including profiling, which produces legal effects concerning the data subject or similarly affects the data subject in a significant manner. Therefore, we hereby state that Coreto does not use applications, algorithms, artificial intelligence or automatic process to make automatic decisions (without human intervention) that produces legal effects.
The exercising of the above rights may be performed at any time. For using these rights we encourage you to submit your written request (together with your contact details) in electronic format by mail at admin[at]coreto.io
As we mentioned below the distribution algorithm used by Coreto to reallocate the COR Tokens to the corresponding users or to offer performance and trust points is described in our Terms and Conditions and it represents only an automation of a mathematical process with no other legal consequences for users.
To exercise your rights listed above you can send us your request (accompanied by your contact details) electronically to the e-mail address admin[at]coreto.io
Children’s personal data
Coreto does not collect any Personal Data from children under the age of 16. So, if you are under 16 please do not submit to us any Personal Data.
What security precautions does Coreto take to protect your personal data
We have assumed the responsibility to implement proper technical and organizational measures regarding the protection of privacy and security of your personal data. We have taken all reasonable measures to protect your Personal Data from damage, loss, misuse, unauthorized access, alteration, destruction, or disclosure, as following:
People who have access to our filing system are only those nominated by Coreto. To accesses the system, they use individual accounts and passwords which are changed periodically.
All our employees, collaborators and service providers who are in contact with personal data must act in accordance with the principles and policies regarding to the processing of personal data. They were informed and they have assumed to respect of the GDPR by signing the Data Processing Agreements or as an effect of the law.
Our employees and collaborators access personal data for the performance of their professional duties and only in accordance with the stated purpose of data collection.
Computers from which the filing system is accessed are password-protected and have antivirus, antispam and firewall security updates.
Personal data is printed only by authorized users, if it is necessary to perform our activity or to fulfil our legal obligations.
Please also select carefully what personal data do you choose to submit thinking that the internet or e-mails are not impenetrable spaces, and a technical error can cause an unhappy event anytime with respect to your personal data.
Links to other websites
On our website you can find links to other organizations. This Privacy Notice do not cover the personal data processed by them.
If you decide to access other organization’s links, we encourage you to carefully read their Privacy Notices which should be found on their websites. In general, the Privacy Notice may be accessed on the bottom section of the website.
Believing that we are constantly developing our services, we are confident that our platform may soon have new functions, so our Privacy Notice will be updated accordingly.
In order to keep you informed, we always publish the latest version of the Privacy Notice on our website, without any specific notice in this respect.
We assure you that we collect and process your personal data in accordance with the provisions of the General Data Processing Regulation and only when and for how long it is necessary.
Information concerning Data Protection Supervisory Authority
If you consider that your rights provided by Regulation no. 679/2016 have been violated, you can address directly to us or to our Data Protection Supervisory Authority: National Authority for the Supervision of the Processing of Personal Data (Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal) ”ANSPDC” by submitting a complaint.
Contact details of the regulatory authority:
Contact details of the Controller