GDPR in one minute

The General Data Protection Regulation (GDPR) is the EU law that sets rules for processing personal data. It has applied since 25 May 2018 and is widely regarded as one of the world’s strongest privacy frameworks. See the Council of the EU’s official overview and rights summary (consilium.europa.eu).

Plain-language primers are available at GDPR.eu and the consolidated legal text (all articles) at gdpr-info.eu.

Does GDPR apply to CoinW?

Yes—if CoinW processes personal data of people in the EU/EEA or offers services to them, GDPR applies even if CoinW is based outside the EU. This is the GDPR’s territorial scope (Article 3).

Your key rights as a CoinW user

On what legal basis can CoinW process your data?

Processing must fit at least one lawful basis (Article 6): consent, contract, legal obligation, vital interests, public task, or legitimate interests. In practice on an exchange: executing the user agreement (contract), complying with AML/KYC laws (legal obligation), security/fraud prevention (legitimate interests), and optional marketing (consent).

International transfers (EU → non-EU)

If CoinW stores or accesses EU user data outside the EEA (for example, in global support or analytics systems), Chapter V requires a valid transfer mechanism: an adequacy decision, Standard Contractual Clauses or other safeguards, or a narrow derogation.

Automated decisions & profiling (anti-fraud/transaction monitoring)

Exchanges often use automated risk scoring and transaction monitoring. Under Article 22, you have the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects (with limited exceptions and safeguards).

Security & breach notifications

Controllers must notify the relevant supervisory authority of a personal-data breach without undue delay—and, where feasible, within 72 hours of becoming aware (Article 33). Users must also be informed when the breach is likely to result in high risk.

What happens if GDPR is breached?

Supervisory authorities can impose serious administrative fines—up to €20 million or 4% of worldwide annual turnover, whichever is higher, for certain infringements (Article 83).

What this means for you on CoinW (practical takeaways)

Official resources

• GDPR overview & individuals’ rights — Council of the EU
• Plain-language guide — GDPR.eu
• Legal text by Article — gdpr-info.eu
• Background explainers — IBM

Quick FAQ for CoinW users

Can CoinW refuse my erasure request?
Sometimes. For example, where retention is required by anti-money-laundering or financial-record laws (a legal obligation), or to establish/defend legal claims.

Will my data leave the EU?
Many exchanges rely on global infrastructure. If transfers occur, GDPR requires an adequacy decision, SCCs, or other Chapter V safeguards—and CoinW must tell you.

What if my account gets auto-flagged?
If a decision is made solely by an algorithm and significantly affects you, Article 22 gives you rights to human review and to contest the decision.

How fast must CoinW report a breach?
Without undue delay and, where feasible, within 72 hours to the authority; users must also be informed when risk is high.