Loading...

Discover the top freelance on the crypto market! Learn more

Data Safety

Effective Date: July 30, 2025

Company: Cointract UAB
Website: https://cointract.io
Contact Email: [email protected]
Registered in: Republic of Lithuania

1. Introduction to Our Commitment

At Cointract, we are committed to protecting your personal data and ensuring your privacy. This Data Safety Policy outlines how we collect, process, store, and protect your data, in full compliance with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), the ePrivacy Directive (Directive 2002/58/EC), and other relevant Lithuanian data protection laws.

We believe in transparency and giving you control over your personal information. Our practices are designed to uphold the principles of data minimization, purpose limitation, accuracy, storage limitation, integrity, confidentiality, and accountability.

2. Data Controller

Cointract UAB acts as the Data Controller for the personal data processed in connection with your use of the Platform. This means we determine the purposes and means of processing your personal data.

3. Types of Personal Data We Collect

To provide our services, and depending on your use of the Platform (as a Client or Freelancer), we may collect and process various categories of personal data, including but not limited to:

  • Identity Data: Full name, username, date of birth, gender, nationality, photographs, and copies of identification documents (e.g., passport, ID card) for KYC/AML purposes.
  • Contact Data: Email address, phone number, physical address, billing address, and country of residence.
  • Financial Data: Bank account details, credit/debit card information (processed securely via third-party payment processors), cryptocurrency wallet addresses, transaction history on Cointract, and tax identification numbers.
  • Profile Data: Professional title, skills, experience, portfolio, project descriptions, bids, reviews, ratings, and any other information you choose to include in your public or private profile.
  • Transaction Data: Details about payments to and from you, details of services you have purchased or offered through the Platform, and records of Service Contracts.
  • Technical Data: Internet Protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this Platform.
  • Usage Data: Information about how you use our Platform, products, and services, including pages viewed, features used, and time spent on the Platform.
  • Communication Data: Records of your communications with other Users and with Cointract support (e.g., messages exchanged on the Platform, email correspondence, chat logs).
  • Marketing and Communications Data: Your preferences in receiving marketing from us and our third parties, and your communication preferences.

4. How We Collect Your Data

We collect data through various methods:

  • Direct Interactions: You provide data when you create an account, complete your profile, post projects or bids, communicate with other users, make payments, or contact our support.
  • Automated Technologies or Interactions: As you interact with our Platform, we may automatically collect Technical and Usage Data using cookies, server logs, and other similar technologies. Please refer to our separate Cookie Policy for more details.
  • Third Parties or Publicly Available Sources: We may receive personal data about you from various third parties and public sources, such as:
    • Payment processors (e.g., Stripe, crypto payment gateways) for transaction data.
    • Identity verification services for KYC/AML compliance.
    • Analytics providers (e.g., Google Analytics, Firebase) for Usage and Technical Data.
    • Publicly available sources (e.g., business registries, social media if you link your accounts).

5. Legal Basis for Processing Your Data

We will only process your personal data when we have a lawful basis to do so under GDPR. The primary legal bases we rely on are:

  • Performance of a Contract: Processing is necessary for the performance of the contract with you (i.e., to provide you with access to and use of the Cointract Platform and its services, including the escrow functionality).
  • Legal Obligation: Processing is necessary for compliance with a legal obligation to which Cointract is subject (e.g., KYC/AML regulations, tax reporting requirements, consumer protection laws).
  • Legitimate Interests: Processing is necessary for our legitimate interests (or those of a third party), provided your fundamental rights and interests do not override those interests. This includes improving our services, preventing fraud, ensuring network security, and for internal administrative purposes. We conduct a balancing test to ensure your rights are protected.
  • Consent: Where required, we will obtain your explicit consent for specific processing activities (e.g., for certain types of marketing or non-essential cookies). You have the right to withdraw your consent at any time.

6. Purposes for Which We Use Your Data

We use your personal data for the following purposes:

  • To Provide and Maintain the Platform: To register your account, operate the marketplace, facilitate Service Contracts, manage the centralized escrow service, and process payments.
  • To Facilitate Communication: To enable communication between Clients and Freelancers, and between you and Cointract support.
  • To Ensure Security and Prevent Fraud: To verify your identity (KYC), comply with AML/CTF obligations, detect and prevent fraudulent activities, and maintain the security of our Platform.
  • To Improve Our Services: To analyze usage patterns, troubleshoot issues, conduct research, and develop new features to enhance the user experience.
  • To Personalize Your Experience: To tailor the Platform content and recommendations to your preferences (where applicable and with consent if required).
  • For Marketing and Promotion: To send you updates, newsletters, and promotional materials about Cointract’s services (you can opt-out at any time).
  • To Comply with Legal Obligations: To respond to legal requests, court orders, or governmental regulations, and to enforce our Terms and Conditions.
  • For Analytics: To understand how our Platform is used and improve its functionality and performance.

7. Data Sharing and Third-Party Processors

We never sell your personal data. Data is shared only when necessary to deliver our services, comply with legal obligations, or with your consent. When we share data, we ensure strict safeguards are in place.

Data is shared with:

  • Other Users: Limited profile information (e.g., username, skills, ratings) is shared between Clients and Freelancers to facilitate engagements.
  • Essential Service Providers: Third-party companies that perform services on our behalf. These include:
    • Payment Processors: For handling Fiat and Cryptocurrency transactions (e.g., Stripe, crypto payment gateways). They process your financial data securely.
    • Analytics Services: For monitoring and analyzing Platform usage (e.g., Google Analytics, Firebase). This data is often anonymized or pseudonymized where possible.
    • Authentication Services: For secure user login and identity verification.
    • Cloud Hosting Providers: For storing our data and operating the Platform infrastructure.
    • Customer Support Tools: For managing and responding to your inquiries.
    • Legal and Compliance Advisors: When necessary for legal advice or compliance.
  • Legal and Regulatory Authorities: When legally required, such as in response to a court order, subpoena, or government request, or to comply with AML/CTF regulations.
  • Business Transfers: In the event of a merger, acquisition, or asset sale, your personal data may be transferred as part of the transaction.

All third-party service providers who process personal data on our behalf are bound by Data Processing Agreements (DPAs) that comply with Article 28 of the GDPR. These agreements ensure they:

  • Process data only on our documented instructions.
  • Commit to confidentiality.
  • Implement appropriate technical and organizational security measures.
  • Assist us in complying with data subject rights and data breach notifications.
  • Do not engage sub-processors without our prior authorization.

8. International Data Transfers

As a Lithuanian company, Cointract primarily stores and processes data within the European Economic Area (EEA). However, some of our third-party service providers may operate outside the EEA.

When your personal data is transferred outside the EEA, we ensure that appropriate safeguards are in place to protect your data, as required by GDPR. These safeguards may include:

  • Adequacy Decisions: Transfers to countries deemed to provide an adequate level of data protection by the European Commission.
  • Standard Contractual Clauses (SCCs): Implementing SCCs approved by the European Commission, which provide contractual obligations for data protection.
  • Binding Corporate Rules (BCRs): For transfers within a group of undertakings, where approved by supervisory authorities.

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

  • User Account Data: Retained for the duration of your active account on Cointract. If you delete your account, we will delete or anonymize your data, subject to legal obligations.
  • Financial and Transaction Data: Retained for periods required by Lithuanian and EU financial, tax, and AML laws (typically 5-10 years after the business relationship ends).
  • App Analytics Data: Generally retained for up to 14 months, unless anonymized or aggregated.
  • Communication Data: Retained for a reasonable period to manage customer relationships and for legal defense.

When personal data is no longer required, we will securely delete or anonymize it.

10. Your Data Protection Rights (GDPR)

Under GDPR, you have the following rights regarding your personal data. To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month, which may be extended for complex requests.

  • Right to Access (Article 15 GDPR): You have the right to request copies of your personal data held by us.
  • Right to Rectification (Article 16 GDPR): You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
  • Right to Erasure (“Right to be Forgotten”) (Article 17 GDPR): You have the right to request that we erase your personal data under certain conditions (e.g., no longer necessary for the purpose, withdrawal of consent, unlawful processing).
  • Right to Restrict Processing (Article 18 GDPR): You have the right to request that we restrict the processing of your personal data under certain conditions (e.g., accuracy contested, unlawful processing but you oppose erasure).
  • Right to Object to Processing (Article 21 GDPR): You have the right to object to our processing of your personal data under certain conditions, particularly where processing is based on legitimate interests or for direct marketing.
  • Right to Data Portability (Article 20 GDPR): You have the right to request that we transfer the data that we have collected to another organization, or directly to you, in a structured, commonly used, machine-readable format, under certain conditions.
  • Right to Withdraw Consent (Article 7 GDPR): Where processing is based on your consent, you have the right to withdraw your consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

11. User Control and Choices

You have direct control over much of your data and preferences:

  • Account Settings: You can access, review, update, or delete certain personal data directly via your account settings on the Platform.
  • Account Deletion: You can request full account deletion by emailing [email protected]. Please note that some data may be retained for legal compliance purposes as outlined in Section 9.
  • Marketing Opt-Out: You can opt out of receiving marketing communications from us by following the unsubscribe link in our emails or by adjusting your notification settings in your account.
  • Analytics and Tracking: You can manage your preferences for analytics and tracking technologies via our Cookie Consent Banner. For mobile apps, you may be able to opt out of certain tracking via your device’s operating system settings (e.g., Android OS settings).
  • App Permissions: You can revoke app permissions (e.g., notifications, camera access if applicable) at any time through your device’s settings.

12. Data Security Measures

We implement robust technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption: Encryption of data in transit (e.g., using TLS/SSL) and at rest.
  • Access Controls: Strict access controls and authentication mechanisms to limit access to personal data to authorized personnel only.
  • Pseudonymization/Anonymization: Where feasible and appropriate, using pseudonymization or anonymization techniques to protect data.
  • Regular Security Audits: Conducting regular security assessments, penetration testing, and vulnerability scanning.
  • Employee Training: Providing regular data protection and security training to our staff.
  • Incident Response Plan: Maintaining an incident response plan to address potential data breaches promptly and effectively, including notification to supervisory authorities and affected individuals where required by law (within 72 hours of becoming aware of a breach).

13. Legal Compliance

Our data handling practices comply with:

  • General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679)
  • ePrivacy Directive (Directive 2002/58/EC)
  • Law on Legal Protection of Personal Data of the Republic of Lithuania
  • Google Play Developer Policy (relevant for Android app users)
  • CCPA (California Consumer Privacy Act) (if applicable for California users, we strive to extend similar protections to all users where feasible).
  • AML/CTF legislation relevant to financial services and virtual asset service providers in Lithuania and the EU.

14. Right to Lodge a Complaint

If you have concerns about our data processing practices, we encourage you to contact us first at [email protected] so we can attempt to resolve the issue.

However, you also have the right to lodge a complaint with the relevant data protection supervisory authority, particularly if you are in the European Economic Area. In Lithuania, the supervisory authority is:

State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija) L. Sapiegos g. 17, 10312 Vilnius, Lithuania Email: [email protected] Website: https://vdai.lrv.lt/

15. Changes to This Data Safety Policy

We may update this Data Safety Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting the updated policy on our Platform and updating the “Effective Date” at the top of this document. We encourage you to review this policy periodically.

16. Contact Us

For any questions, data requests, or concerns regarding this Data Safety Policy, please contact:

Cointract UAB
Email: [email protected]
Registered in Lithuania

Our platform offers top features for crypto freelancers and clients, making it easy to connect, collaborate, and build the future of blockchain.

Top Rated Categories

AI Development
Video Art
Ads Compaign
Social Media
Digital Marketing
Art & Illustration

AI Development
Video Art
Ads Compaign
Social Media
Digital Marketing
Art & Illustration

Feel free to contact us

2025 Cointract ©️ All rights reserved.