Privacy Policy

Effective Date: November 7, 2025


Welcome to Localcoin’s Privacy Policy. We explain how we handle your personal data when you use our website and online services in Poland. This policy covers personal data collected through our online services and our cryptocurrency kiosks (ATMs) in Poland. We also address how personal data collected during in-person ATM transactions (such as identification details and CCTV footage) is processed for security and compliance. All such data is handled in accordance with this Privacy Policy.


Who We Are (Data Controller)

Coinlab sp. z o.o. (trading as “Localcoin” in Poland) is the data controller for our website and kiosk services in Poland. Coinlab sp. z o.o., registered in Poland (KRS 0000685866), is based at ul. Jana Henryka Dąbrowskiego 28 lok. 32, 15-872 Białystok, and is responsible for determining how and why your personal data is processed.

If you have any questions or requests about your personal data, you can contact us at [email protected]. We respond to privacy inquiries in English or Polish.


Data We Collect About You

We collect only the personal data we need for the purposes described in this policy. Here are the categories of data we collect through our website and/or kiosk: 

  1. Identity Information: Your name and surname, and your Polish national identification number (PESEL), where applicable. We collect PESEL specifically when verifying your identity as required under Polish anti-money laundering (AML) law. We may also collect other identity numbers (e.g., from passports or national IDs), your date of birth, nationality, and other similar personal identifiers required for compliance and security checks.
  2. Contact Information: Your contact details, like email address, phone number, and mailing address. This is collected when you fill in forms on our site.
  3. Government ID Documents: Copies or scans of your identification documents and the information contained in those documents. This includes document numbers, issuance and expiry dates, and other details shown on the ID.
  4. Photographs for Verification: Photos you provide for identity verification, such as a scan or photo of your ID document and a selfie to compare with your ID. These images are used to confirm your identity as part of our KYC process.
  5. Account and Transaction Information: If you buy or sell cryptocurrency through Localcoin, we may collect details of the transaction. We also keep records of your transactions and activity on our platform for compliance and customer service.
  6. Financial Information: In general, we do not collect your payment card details. However, if you use any online payment or transfer method we offer, we would collect the necessary payment information to complete the transaction.
  7. Location Data: We may collect or infer your approximate location. For instance, we might use your IP address to determine your general location. We use this to display our site in the correct language, show nearby ATM locations, or for fraud prevention. We do not continuously track your GPS location via the website, but we might ask for your location once.
  8. Device and Browser Data: Technical information about the device and browser you use. This includes your IP address, browser type and version, device type, operating system, unique device identifiers or advertising IDs, and other similar data. We collect this automatically when you use our site, through server logs and cookies. This helps us secure the website, adapt content to your device, and fix technical issues.
  9. Website Usage Data: Data about how you interact with our website. For example, which pages you visit, buttons or links you click, how long you stay on pages, and how you arrived at our site. We obtain this through cookies and analytics tools to understand usage patterns and improve our services. This information may include cookie identifiers or other online identifiers. (See the Cookies and Tracking section for more detail.)
  10. Communications: Copies of communications you have with us. If you email us, chat with our support, or fill out a contact form, we will collect the information you provide. We may also record call details if you call our support line. We use these communications to assist you and to keep records of support requests.
  11. Self-Reported Data: Any other information you choose to give us via the website, our kiosks or other methods of communication. For example, if there are profile settings, survey responses, or optional account information, we will collect whatever you provide. We will always tell you which information is optional.
  12. Kiosk Camera Footage: Our physical cryptocurrency kiosks (ATMs) are equipped with security cameras. We do not use these cameras to perform real-time identity verification (KYC) during your transaction. However, we record and retain footage from these kiosks for security and compliance purposes. For example, if needed, we may later review the footage to confirm that the person who used the kiosk matches the individual who completed our KYC process. Such footage is stored securely and retained only as long as necessary to meet these purposes.

We collect most data directly from you when you enter it on our website or during identity verification. We may also get data from trusted third parties for verification and compliance, such as identity verification results or risk scores from our KYC provider or checks against public sanction/watchlist databases required by law. If we receive information from third parties, you must accept their terms and conditions, and we ensure they are authorized to share it and use it according to this policy.

Important: If you do not provide certain data that we require by law or to perform our contract with you, we may not be able to offer you the service. For instance, we need identification information to complete mandatory KYC/AML checks – if you choose not to provide this, we may not allow you to transact on our platform. 


How We Use Your Data (Purposes of Processing)

We use your personal data for specific purposes, and only when necessary. Below are the purposes for which Localcoin processes data collected via its website, kiosks and through third parties:

  1. To Provide Our Services: We use your data to manage your account and provide requested services, such as processing cryptocurrency transactions or helping you find ATMs and pre-fill forms.
  2. Identity Verification (KYC): We process identification data to verify your identity as required by law and our policies, part of our “Know Your Customer” process. For certain transactions or features, we confirm who you are using automated and sometimes manual checks.
  3. Anti-Money Laundering & Compliance: As a regulated business, we must comply with AML and counter-terrorist laws. We use your data to screen for risks, check identities against sanction lists, monitor transactions for suspicious activity, and keep records. This helps us prevent illegal activities and meet Polish and EU financial requirements.
  4. Fraud Prevention and Security: We process data to protect our platform, users, and ourselves from fraud, cyberattacks, and illegal acts. This includes using your data to detect suspicious activity and secure our systems. For example, device and browser data help identify fraud or malware, while location and usage data assist in blocking unauthorized access and preventing scams.
  5. Fulfilling Legal Obligations: Besides AML, we must adhere to other laws. We collect and retain personal data as needed to meet legal and regulatory obligations, such as tax and accounting rules, official requests from law enforcement or regulators, or audit requirements. We will only process or share your data when legally required and within data protection limits.
  6. Communicating with You: We use your contact information to communicate about our services, including transactional messages like confirmation emails or text messages (SMS) with transaction confirmations, policy updates, or security alerts. These are essential notices, not marketing. If you contact support, we will use your information to respond and resolve issues. In addition, SMS is one of our primary communication channels for important updates. For example, we may send you text messages to provide customer support updates or to deliver transaction receipts and verification codes. We might also reach out via SMS to request information required to meet our regulatory obligations. As noted below, we use SMS for marketing promotions only if you have given your consent.
  7. Marketing and Promotions: If you consent or laws permit, we may send you marketing messages about promotions, offers, news, or features. For example, we might contact you via email or SMS about referral programs or discounts. We only send marketing emails or texts if you've opted in, and you can unsubscribe anytime without spam.
  8. Personalizing and Improving the Website: We aim to make our website user-friendly and useful by analyzing usage data to understand navigation patterns and popular features. This helps us improve design, fix bugs, and develop relevant features. We may also personalize your experience by remembering preferences or showing region-specific content. Typically, this analysis is aggregated through tools like Google Analytics and does not focus on individuals.
  9. Customer Support and Service Quality: Your information helps us provide support. We review your data when you report a problem or ask a question to resolve issues. Feedback may also be used to improve our services.
  10. Enforcing Terms and Legal Claims: We may use personal data to enforce our Terms, resolve legal disputes, or defend legal claims, such as in transaction disputes or regulatory compliance. Data is also used to prevent abuse and protect our rights and those of our users.

We will not use your personal data for unrelated purposes. If we need to process it for a new reason, we will inform you and seek your consent if necessary. We do not sell your data to third parties.


Lawful Bases for Processing

Under GDPR, we must have a valid legal basis to process your personal data. Depending on the specific processing activity, we rely on one or more of the following bases:

  1. Contract (Article 6(1)(b) GDPR): We process your data to fulfill our contract or at your request before entering it. When you use our website or kiosk services, you agree to this, and we need your data to deliver services like processing crypto transactions, verifying identity, and maintaining your account. If you don’t provide necessary data, we can’t fulfill our contract. We also use your data to support ongoing customer service, including handling inquiries, complaints, account history, service updates, and essential communications like transaction confirmations and security alerts under Article 6(1)(b).
  2. Legal Obligation (Article 6(1)(c) GDPR): We process data to comply with legal requirements, such as AML regulations that mandate collecting, verifying, and retaining KYC data for at least five years in Poland. We only perform the necessary processing to meet these obligations.
  3. Legitimate Interests (Article 6(1)(f) GDPR): We process data for our legitimate interests unless your rights override them, having balanced our interests with your privacy:
  4. Preventing fraud and securing our platform: We prioritize keeping our services safe, reliable, and free from fraud or misuse, processing data to detect and prevent such harms to protect ourselves and our users.
  5. Improving our services: We analyze user interactions to improve our website and kiosk functionality and experience, ensuring privacy is maintained.
  6. Service-related communication: We may send you non-marketing messages about your use of the service, such as transaction confirmations, alerts, or updates on changes to our terms or features. These are not marketing messages and are sent based on our legitimate interest to keep you informed. Marketing emails or SMS will only be sent if you give explicit consent, in line with GDPR and Polish laws. You can withdraw your consent at any time, and we will respect your choice.
  7. Protecting our legal rights: We process data to defend legal claims, avoid liabilities, and resolve disputes, ensuring our business can operate and protect its interests.

When relying on legitimate interests, we process data proportionately and respect your privacy. You can object to this processing (see Your Rights under GDPR below) if your situation warrants.

  1. Consent (Article 6(1)(a) GDPR): In some cases, we will seek your consent to process your personal data, such as for marketing emails or cookies. For special categories of data, we will request explicit consent unless there's another lawful basis. You can refuse or withdraw consent at any time; however, consent is required for certain service features. Withdrawal will not affect past processing or other lawful bases. We rely on your consent for marketing communications like emails, SMS, newsletters, and offers, and you can unsubscribe or contact us to withdraw at any time.

In summary, most of our processing for the website and kiosks is based on contract or legal obligations, while some supporting activities are based on legitimate interests and marketing or certain optional features are based on consent. If you have questions about the specific legal basis for a particular processing activity, feel free to contact us and we will clarify.


Automated Decision-Making and Profiling

Automated decision-making means that some decisions affecting you are made by computer algorithms without a human involved. Profiling means analyzing personal data to evaluate certain things about a person. We want to be transparent about how we use these techniques:

1. Automated Decisions in Fraud and Compliance: Localcoin uses automated systems for fraud prevention and AML compliance. When you submit your ID and selfie, a third-party platform may automatically verify your ID and compare your selfie. If the ID is fake or the selfie doesn’t match, the system might automatically reject the verification. We also use an AML tool that scores transactions and user activity for risk, quickly analyzing each for signs of money laundering or fraud. If a transaction is flagged as highly suspicious, our system may automatically stop it to prevent illicit activity. These automated decisions help us comply with legal requirements and protect our platform.

Automated decisions will not solely determine your service denial; human review is always involved. Our automated tools offer recommendations or flags for the compliance team, who can reverse or adjust decisions if needed. If you believe you've been unfairly affected by an automated decision, you have the right to request a human review under GDPR Article 22, which ensures a real person examines the case.

2. Profiling: We conduct profiling for fraud detection, AML, and marketing. For example, we analyze transaction patterns to identify high-risk users. Our system uses real-time dynamic risk profiling based on behavior and other factors to assess risk levels, helping us flag suspicious activities. In marketing, we segment users by usage history, such as differentiating between frequent ATM users and those who only use online services once. All profiling is solely for these purposes and not for unrelated reasons.

We do not conduct profiling with significant legal effects without human intervention. Profiling is either combined with human decisions or used minimally so as not to greatly impact you.

Automated tools help keep the service safe and compliant, but they do not control your access. You can request more information or object to profiling. We aim to use these technologies responsibly.


Who We Share Your Data With (Recipients of Data)

We treat your personal data with care and confidentiality. We do not sell your personal information. However, we do share data with certain third parties in order to run our business and comply with laws. These third parties fall into the following categories:

  1. Service Providers (Processors): These are companies that process data on our behalf and under our instructions. We have contracts (Data Processing Agreements) with all such providers to ensure your data is protected and used only for the agreed purpose. Key service providers we use include:
  2. Sumsub: This is our identity verification partner. When you go through online verification, your KYC data is submitted via Sumsub’s secure portal. Sumsub verifies your documents and selfies for authenticity and compliance, stores the data securely, and reports the results back to us. They specialize in KYC/AML verification and adhere to GDPR by storing EU users’ data in the EU. Using Sumsub ensures your verification is safe and efficient. They only use your data for Localcoin checks and not for their own purposes.
  3. Flagright: This AML transaction monitoring platform detects and prevents illicit activity by sharing transaction and account data with Flagright. Their system uses rules and AI to flag suspicious behavior, providing real-time risk scores and alerts for potential money laundering or fraud. For instance, unusual transaction patterns are highlighted. Flagright acts as our processor, running the analysis software. This enhances our compliance at ATMs and online as we grow. They do not use your data beyond offering these services.
  4. Amazon Web Services (AWS): We use AWS for hosting our website and kiosks, and managing data. Personal data from the site may be stored on AWS servers, usually in the EU for European users. AWS, based in the USA, acts as a data processor under our instructions, with strict security in place. They are a trusted global provider, ensuring our service runs reliably 24/7, and are contractually bound to keep your data secure.
  5. Atlassian Jira: Jira is an internal tool for project and issue tracking,An Australian company with global cloud operations, Atlassian acts as a processor and is bound by strict data protection standards.
  6. Zendesk: We use Zendesk for customer support. When you email us or fill out a contact form, your inquiry is stored in Zendesk, including your name, email, and request details. Zendesk helps us manage support tickets, respond efficiently, and provide help center resources. Based in the US with EU hosting options, Zendesk participates in the Data Privacy Framework Program and processes data solely to support your interactions with us. They cannot use your information for any other purpose.
  7. Other IT and Analytics Providers: We use standard tools to operate our website. For example, Google Analytics monitors performance and collects usage data through cookies, acting as our processor to provide aggregated statistics. We also use Cloudflare to filter malicious traffic by processing IP addresses and requests. If we send newsletters, an email provider may handle our mailing list, obtaining your email and name to send messages on our behalf. All providers are under contract and cannot use your data for their own marketing.

We regularly vet our service providers for strong security practices. We ensure these processors only access the data necessary for their function and that they handle it safely and lawfully. If any service provider is located outside the EU/EEA, we take extra steps as described in the International Data Transfers section.

  1. Companies Within Our Corporate Group: Localcoin operates in multiple countries. In Poland, Coinlab sp. z o.o. is the data controller. Our Canadian affiliate, 9992987 Canada Inc., supports certain functions as our data processor, accessing and processing personal data only on our instructions for purposes like hosting, maintenance, compliance, or other back-office services. They do not decide how data is processed or use it independently. Access by authorized personnel is strictly limited to what is necessary for contracted services. Data transfers are governed by processor agreements and international safeguards, ensuring 9992987 Canada Inc. acts solely as a processor, not as an independent controller.
  2. Authorities and Legal Requirements: We may share personal data when required by law or to protect legal rights, such as reporting suspicious transactions to authorities under Polish law. If law enforcement or regulators lawfully request certain data, we will provide it after verification. We may also share data to enforce our terms, respond to government requests elsewhere, or to prevent harm or fraud.
  3. Professional Advisors: Sometimes we share data with lawyers, auditors, accountants, or similar professionals for specific reasons. For example, during an audit, we might show sample KYC records, or our lawyers might review transaction logs to defend a legal claim. These parties are bound by confidentiality and only access the information necessary to perform their services.
  4. Business Transfers: If Localcoin (Coinlab sp. z o.o. or the broader Localcoin business) undergoes a merger, acquisition, reorganization, or sale of assets, your personal data may be shared with involved parties during due diligence and transferred to a new owner or merged entity. We will ensure your data remains protected as described in this policy and will notify you of any change in data controller.

We want to reassure you that whenever we share data, we share the minimum amount necessary and analyze the necessity and proportionality of the disclosure. We also ensure that third parties handling your data have robust data protection measures in place. For all processors, we maintain contracts that oblige them to protect your data to GDPR standards. We do not allow any third party to use your personal information for their own marketing or purposes not related to providing services to Localcoin.


International Data Transfers

Localcoin’s operations are global, and some of the third parties and affiliates mentioned above are located outside Poland. This means your personal data may be transferred to and stored in countries outside the European Economic Area (EEA). In particular:

  1. Canada: Our parent company, 9992987 Canada Inc., and some infrastructure are based in Canada. The European Commission considers Canada to have adequate data protection for personal data transferred from the EU under PIPEDA. Since our Canadian affiliate falls under this, data transfers to Canada are legally allowed without extra safeguards. Practically, this means your data stored or accessed in Canada remains protected as if in the EU, with GDPR-level care. If the adequacy framework doesn't apply, we would use other safeguards like Standard Contractual Clauses.
  2. Philippines: We transfer some personal data to the Philippines, such as support or compliance staff or service providers there. Since the Philippines lacks an EU adequacy decision, we use Standard Contractual Clauses (SCCs)—EU-approved legal contracts—to ensure your data is protected to EU standards. These SCCs are included in our agreements with Philippine-based providers or affiliates, giving your data a protection level similar to that in the EU, even when processed in the Philippines. You can request a copy of the SCCs if you wish.
  3. Other Countries: Our main third-party processors operate globally. We prefer EU data centers or options to keep data within Europe whenever possible. For example, with AWS, we use EU regions; Sumsub stores EU user data in the EU by default. Zendesk and Atlassian also offer EU storage options, which we utilize as feasible. However, some providers or team members might access data outside the EU. When data leaves the EU, we ensure a legal transfer mechanism is in place.

We understand that international transfers can sound concerning, but please rest assured: no matter where your data is processed, we protect it to the same high standard. All our providers, whether in Europe, North America, or Asia, must comply with strict data protection obligations. We also continuously monitor legal developments around data transfers. If, for example, there are changes in the legal status of transfers to a certain country, we will adapt accordingly.

If you have questions about where your data is stored or transferred, or want more details about the safeguards in place, feel free to contact us. Your privacy is important globally, not just in Poland or the EU, and we work to ensure it is respected wherever your data travels.


Data Retention – How Long We Keep Your Data

We will not keep your personal data for longer than necessary for the purposes for which we process it. Retention periods are determined based on legal requirements and our business needs. Here is an overview of how long we retain different types of data:

  1. KYC and AML Data (Identification Records, Verification, Transaction Logs subject to AML laws): Under anti-money laundering laws, we must keep your customer data, including ID copies, verification photos, and transaction records, for at least 5 years after our relationship ends or after a single transaction, unless regulators or specific law provisions specify otherwise. Afterward, we will delete or anonymize your data, meaning we keep only aggregated information that cannot identify you.
  2. Account Information: If you have an online account, we keep your data while it's active. You can close it anytime. After closure, we delete or anonymize your personal data, except where legal obligations apply, like transaction records or consent logs. AML-related information is retained for five years. If inactive for a long time, we may contact you to confirm if you want to keep the account; without a response, we might close and delete it, retaining only necessary data.
  3. Customer Support Communications: We retain communications for 2 years to manage customer relations, support tickets, and internal training. After this period, we delete or anonymize the data unless legally required to keep it. 
  4. Marketing Data: We retain your data for marketing purposes until you unsubscribe or withdraw consent. Upon opt-out, we stop sending marketing emails and promptly remove or anonymize your contact in our marketing records. We may keep a suppression list to honor your choice, but it’s not used for other purposes.
  5. Website Analytics Data: Data collected via cookies and similar tracking is retained during the cookie’s lifetime or as set in our analytics tool. Afterward, data is deleted or aggregated. You can clear cookies to remove some tracking identifiers earlier (see Cookies and Tracking). Analytics reports are usually aggregate and not linked to individuals.
  6. Legal Documents and Records: We may retain certain information longer when required for legal or business reasons, such as contracts, consents, audit logs, data access records, and compliance documents, for the applicable limitation period. If a legal proceeding or investigation is ongoing, we will keep relevant data until it is resolved, even if that exceeds normal retention periods.

When we no longer need personal data, we either delete it securely or anonymize it. We also take care to safely dispose of or permanently erase any physical copies of personal data when they are no longer required.

In summary, our guiding principle is to retain data only for as long as it’s needed: to serve you, to fulfil the purposes we collected it for, and to comply with laws. If you have specific questions about how long a certain type of data is kept, please contact us – we can provide more detail tailored to your situation.


Your Rights Under GDPR

As a user of our services and as a data subject under EU law, you have several rights regarding your personal data. We are committed to honoring these rights. Below we outline your key GDPR rights and how you can exercise them:

  1. Right to Access: You can request a copy of your personal data and information on its processing, known as a Subject Access Request. After verifying your identity, we will provide a summary of your data, including categories, purposes, recipients, retention periods, and the data itself. This service is free, except in rare cases of repeated or excessive requests where a fee may be charged. We aim to respond within one month of your request.
  2. Right to Rectification: If any of your personal data is inaccurate or outdated, you have the right to have it corrected. For example, if your name is misspelled or your contact information has changed, please ask us to update it. You may also be able to update certain details yourself through your account profile. We aim to keep data accurate and appreciate your help. We'll correct it promptly after your request. If we can't, we will explain why, and you can disagree or file a complaint.
  3. Right to Erasure: Known as the “right to be forgotten,” this allows you to request deletion of your personal data under certain conditions. You can ask us to erase your data if it’s no longer needed, if you withdraw consent and no other legal basis exists, if you object to processing based on legitimate interest and we have no overriding reason to continue, if the data was processed unlawfully, or if we are legally obliged to delete it. We evaluate each request on a case-by-case basis. Exceptions apply: we cannot delete data required by law or vital for our legal obligations, such as transaction and KYC records we are required to retain for up to five years for anti-money laundering reasons. If you have an active account or recent transactions, some data may be retained. We will either fulfill your request or explain why we cannot delete. When we delete data, we also notify any processors to delete it.
  4. Right to Restriction of Processing: You can request to restrict how we process your data instead of deleting it or while fixing errors. Restrictions apply if: (a) you challenge the data’s accuracy—we’ll hold processing until verified or corrected; (b) processing is unlawful but you prefer restriction over deletion; (c) we no longer need the data, but you require it for legal reasons; or (d) you object to processing and we’re checking if our legitimate interests outweigh your rights. During restriction, we store the data but don’t use it except for the reason it’s restricted. We’ll notify you when a restriction is lifted.
  5. Right to Object: You have the right to object to certain data processing, including direct marketing and processing based on legitimate interests. To object, tell us your specific situation and why. We will review your case and, if valid and without stronger grounds to proceed, stop processing your data—such as if you object to analytics due to personal reasons.
  6. Right to Data Portability: You have the right to request a copy of your data in a common, machine-readable format if we process it automatically based on your consent or a contract. You can also ask us to transfer this data to another provider if technically possible, which may include your account details or transaction history. We will gladly provide the data upon request and can send it directly to another controller if you prefer. Note that this right applies only to data you provided or that is generated by your actions under consent or contract; it does not include data we create.
  7. Right Not to be Subject to Automated Decision-Making: You have rights regarding decisions made solely by algorithms. You can object to decisions based only on automated processing, including profiling, if they have legal effects or significantly affect you—unless necessary for a contract, lawfully authorized, or based on your explicit consent. While we use automated tools, final decisions with legal impact are rarely fully automated and typically involve human oversight. If you believe you’ve been subjected to an improper automated decision, you can exercise your right to request review, and a human will reassess the decision. We strive to prevent this, but your right remains.
  8. Right to Withdraw Consent: If we process your personal data based on your consent, you can withdraw it at any time. This won't affect previous processing. For example, you can opt out of marketing emails or disable optional features. To do so, use the “unsubscribe" link, adjust cookie settings, or contact us. If there’s no other legal basis, we will stop processing your data after withdrawal. In some cases, data might be linked to multiple bases, so withdrawal may not lead to deletion if another basis exists.

To exercise any of your rights, you can contact us at [email protected]. For certain requests, we may need you to provide information to verify your identity. This is usually a verification through your account email, etc. We will respond to your requests as soon as possible, generally within one month as required by GDPR, and we’ll inform you if an extension is needed.

If you believe we have not addressed your concerns satisfactorily, you also have the right to lodge a complaint with the supervisory data protection authority.

Poland’s Supervisory Authority: The President of the Office for Personal Data Protection (PUODO) is the Polish data protection authority. You can contact the UODO or file a complaint if you think your data has been mishandled. The UODO’s contact address is ul. Stanisława Moniuszki 1A, 00-014 Warsaw, Poland. More information can be found on their official website. We kindly ask that you attempt to resolve any issues with us first, but you have the right to approach the authority at any time.

We take your rights seriously. European data protection law is designed to give you control, and our goal is to facilitate, not hinder, your exercise of these rights. If you have any questions about your rights or how to use them, please let us know.


Cookies and Tracking Technologies

Like most websites, Localcoin’s site uses cookies and similar tracking technologies to provide and improve our services. We want to explain in a user-friendly way what this means for you:

What are cookies? Cookies are small text files stored on your device when you visit a website, enabling recognition and recalling information like language preference or login status. Similar technologies include pixels, local storage, and SDKs for mobile apps, but all are referred to as “cookies” for simplicity.

Our website uses cookies and similar technologies to enhance your experience and provide services. Cookies are small files stored on your device, and we also use trackers like pixels or local storage. These are categorized as necessary, analytics, and marketing based on purpose. Necessary cookies are essential for core functions or requested services and do not need your consent. Analytics and marketing cookies are non-essential and used only if you consent via our cookie banner, in accordance with EU privacy laws. You can manage your preferences anytime through the cookie settings.

  1. Necessary Cookies & Functional Services: These cookies and tools are essential for basic site functions and to deliver requested features. They may remember your preferences, keep you logged in, or ensure security. For instance, using our ATM locator uses your device’s location to find the nearest Localcoin ATM via Google Maps, processing only for that purpose. Because these are necessary, cookies are enabled by default and don’t require your consent.
  2. Analytics Cookies (Google Analytics & Microsoft Clarity): These cookies help us understand visitor behavior to improve the website. Google Analytics uses first-party cookies to track traffic and user activity. Microsoft Clarity gathers insights through heatmaps and session recordings, showing where users click or scroll. This aggregated data helps identify what works well and what needs improvement. Analytics cookies only run with your consent; declining them disables these tools but core website functions remain.
  3. Marketing Cookies (Google Ads & Meta Pixel): These cookies track advertising and conversions, helping us and partners measure ad effectiveness. For example, clicking a Localcoin ad and later making a transaction can be recorded by Google Ads or Meta Pixel. This data shows which ads work and allows for more relevant ads in the future. Since marketing cookies aren't essential, these tools only load if you've accepted marketing cookies. Opting out disables tracking tools, but you can still use the site.

Your Choices: We respect your privacy and let you control these technologies. When you first visit, a cookie banner appears where you can accept, reject, or customize your preferences. Your choices are saved, but you can change them anytime via the banner or cookie settings. Cookies and tracking will only be used according to your selections and the law, with non-essential cookies disabled unless you consent. This keeps you in control of your data while enjoying our services confidently.

Managing Cookies: Besides our banner, you can control cookies through your browser’s Settings under Privacy or Security. You can delete existing cookies, block new ones, or use private modes that limit storage. Browser extensions can also help manage cookies and trackers. Keep in mind, blocking all cookies may impair site functionality. It’s usually better to allow necessary cookies and block only unwanted ones.

Tracking Technologies in Emails: We may include a tracking pixel in some emails to track opens and clicks, helping us measure engagement. If you prefer, you can disable images or unsubscribe.

Third-Party Sites: Links to external sites or embedded content may set cookies from third parties. This policy only covers our website and kiosks. Check third-party policies for their cookie and privacy practices.

We aim to be transparent and give you control over cookies. They help our site run smoothly, improve our service, and keep you updated on Localcoin news. If you have questions or suggestions about our cookie use, please contact us. We also have a detailed Cookie Policy or can provide specifics on the cookies used.


Contact Us

We hope this policy has explained everything clearly. If you have any questions, concerns, or requests regarding your personal data or this Privacy Policy, please do not hesitate to contact us:

Email: [email protected] Postal Address: Coinlab sp. z o.o. (Localcoin Poland) – Privacy Team, Jana Henryka Dąbrowskiego 28/32, 15-872 Białystok, Poland.

(Contacting us by email is usually fastest. We can communicate in English or Polish as needed.)

When you contact us about privacy, please describe your question or request with as much detail as possible. If you are making a rights request, note that we may need to verify your identity for security – we will guide you through that process.


Data Protection Officer

At the time of publication of this Privacy Policy, Coinlab sp. z o.o. has not formally appointed a Data Protection Officer (DPO). However, we have designated a dedicated contact point for all matters related to personal data protection. You can contact our privacy team at [email protected] with any questions, concerns, or to exercise your rights under GDPR. Once a DPO is appointed, we will update this policy to reflect their contact details.


Complaints

Your satisfaction is important to us, and we take privacy seriously. However, if you believe we have not handled your personal data properly or have infringed your rights, you have the right to lodge a complaint with the data protection authority, as mentioned above.

In Poland, the supervisory authority is the President of the Personal Data Protection Office (Polish: Prezes Urzędu Ochrony Danych Osobowych). Address: ul. Stanisława Moniuszki 1A, 00-014 Warsaw, Poland. Website: https://uodo.gov.pl/en (for information in English). Phone: +48 22 531 03 00.

We respectfully ask that you consider reaching out to us first to see if we can address your issue directly. We will do our best to resolve any complaint or concern. But you are fully entitled to go to the authority at any time.


Updates to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Significant changes will be highlighted, such as through website notices or emails. The “Effective Date” indicates the most recent update. Please review this Policy regularly to stay informed about our data protections.

We will not reduce your rights under this Privacy Policy without your consent. Changes will mainly clarify or improve transparency. If we propose a new use for your personal data, we will seek your consent or give you a clear opt-out opportunity.

Thank you for reading our Privacy Policy. Using our website means you accept our practices. Your privacy is important to us at Localcoin, and we're here to answer your questions.

***