Privacy Policy and Personal Data Processing
Effective Date: April 7, 2026
1. Introduction and Identity of the Data Controller
The company Couponeau, located at Centre d'Affaires Washington Plaza, 29 Rue de Washington, 75008 Paris (hereinafter "We"), attaches paramount importance to the protection of its users' privacy. This document exhaustively details how we collect, process, store, and protect your personal data when you use the https://couponeau-crypto.com website, in strict compliance with Regulation (EU) 2016/679 (GDPR) and amended Law n° 78-17 of January 6, 1978 (French Data Protection Act).
2. Categories of Personal Data Collected
We only collect data strictly necessary for the purposes pursued. This data includes:
Identification and account creation data
Last name, first name(s), date and place of birth, copy of a valid official identification document (Passport, National ID Card), photograph (selfie for biometric verification), and proof of address less than three months old.
Contact data
Email address, mobile phone number, full postal address.
Transactional and financial data
Digital Asset wallet addresses (crypto wallets), transaction history related to our platform, bank statements (only upon request for verification of the origin of funds).
Connection and technical data (Telemetry)
IP address, browser type and version, operating system, device identifiers (MAC address), time zone, connection logs, and browsing behavior on the platform.
3. Purposes of Processing and Legal Bases
Each processing of your data is based on a specific legal basis defined by Article 6 of the GDPR:
Performance of a contract (Art. 6.1.b)
For the creation and management of your User Account, the provision of analysis Services, and technical assistance (customer support).
Compliance with legal obligations (Art. 6.1.c)
To meet our obligations concerning Anti-Money Laundering and Counter-Terrorist Financing (AML/CFT Directive / AMLD), for keeping accounting records, and for responding to requests from judicial and regulatory authorities (AMF, Tracfin).
Legitimate interest of the Data Controller (Art. 6.1.f)
To detect and prevent fraud, ensure the IT security of our network, analyze audience to improve our algorithms, and defend our rights in case of dispute.
Explicit consent (Art. 6.1.a)
For sending commercial communications (newsletters, promotional offers) or placing non-essential cookies. You can withdraw this consent at any time.
4. Data Retention
Your data is kept for a period that does not exceed what is required for the purpose for which it was collected:
- Data related to your account: Retained for the duration of your use of the Services, then archived for a period of five (5) years after account closure for evidentiary purposes and legal prescription.
- KYC and AML/CFT data: Mandatorily retained for a period of five (5) years from account closure or transaction execution, in accordance with the obligations of the French Monetary and Financial Code.
- Connection data (Logs): Retained for a maximum period of twelve (12) months.
5. Sharing and Recipients of Data
Couponeau does not sell your personal data under any circumstances. However, to ensure the operation of the Platform, your data may be shared with trusted third parties strictly governed by Data Processing Agreements (DPAs): Technical and hosting providers, KYC/AML service providers, and Competent Authorities.
6. Data Transfers Outside the EEA
Our main servers are located within the European Economic Area (EEA). However, if your data were to be transferred to subprocessors located outside the EEA, Couponeau ensures that such transfer is carried out to countries recognized as offering an adequate level of protection by the European Commission, or that appropriate safeguards (such as the European Commission's Standard Contractual Clauses) are in place.
7. Data Security
We implement state-of-the-art technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction: Encryption of data in transit and at rest (TLS 1.3 Protocol, AES-256), Strict control of physical and logical access to our databases, Regular security audits, and Intrusion detection protocols.
8. Your Rights Under the GDPR
In accordance with Articles 15 to 22 of the GDPR, you have the following rights regarding your personal data:
Right of access
Obtain confirmation that your data is being processed and obtain a copy of it.
Right to rectification
Require the correction of inaccurate or incomplete data.
Right to erasure ("Right to be forgotten")
Request the deletion of your data, subject to our legal retention obligations (including AML/CFT).
Right to restriction of processing
Freeze the use of your data in specific cases.
Right to data portability
Receive your data in a structured, commonly used, and machine-readable format.
Right to object
Object, on legitimate grounds, to the processing of your data, as well as to commercial prospecting.
9. Contact and Data Protection Officer (DPO)
For any questions regarding this Privacy Policy or to exercise your rights, you may contact our Data Protection Officer (DPO):
- By E-mail: [email protected] (Subject: For the attention of the DPO)
- By postal mail: Couponeau - DPO, Washington Plaza Business Center, 29 Rue de Washington, 75008 Paris, France.
If, after contacting us, you believe that your "Information Technology and Freedoms" rights are not respected, you can submit a complaint to the National Commission for Information Technology and Freedoms (CNIL) (www.cnil.fr).