California Privacy Notice
Last updated: January 20, 2023
This California Privacy Notice (“Notice”) is for California residents, and describes how we collect, use, and share your personal information. This Notice supplements our Global Privacy Policy. Any terms defined in the California Consumer Privacy Act (as amended by the California Privacy Rights Act of 2020) (“CCPA”) have the same meaning when used in this Notice.
The CCPA, does not apply to certain information, such as information subject to the Gramm-Leach-Bliley Act. The specific personal information that we collect, use, and disclose relating to a California resident covered by the CCPA will vary based on our relationship or interaction with you.
Sources of Personal Information. We gather various types of personal information from our customers, individuals who access or use our Services, from a range of sources, such as:
information you give us when you sign up for, or otherwise use our Services;
information we receive from our Affiliates and third parties; and
information we collect automatically through cookies and similar technologies (see our Cookie Policy for more information on this type of information).
Purpose for Collection and Disclosure of Personal Information. We’ve collected and disclosed the below categories for personal information to create, develop, operate, deliver, and improve our Services, to communicate with you, to ensure the safety, security and integrity of our Services, and for the business and commercial purposes outlined in Section 2. How We Use Your Information and Section 3. How and Why We Share Your Information, respectively. We do not collect, use, or disclose sensitive personal information for purposes other than those specified in this privacy policy, to provide the Services, or as permitted under applicable law.
Collection and Disclosure of Personal Information. In the past 12 months, we’ve collected the below categories of personal information, and disclosed the specific types of personal information below (as that data is further referenced and outlined in Section 1. What Information We Collect) with the following categories of third parties:
| Category of Personal Information as outlined in the CCPA | Information Collected and Disclosed | Categories of Recipients |
Identifiers | Basic User Information Supplemental Identification Information Electronic Identification Information Institutional Information Financial Information | Third party identity verification services Financial institutions Service providers Professional advisors Our Affiliates |
Protected classifications under California and federal law, including gender, age, and citizenship | Supplemental Identification Information Electronic Identification Information | Third party identity verification services Professional advisors |
Commercial information such as records of services purchased, obtained, or considered | Transaction Information | Third party identity verification services Financial institutions Service providers Professional advisors Our Affiliates |
Biometric information | Electronic Identification Information
| Third party identity verification services Financial institutions Professional advisors |
Internet or other electronic network activity information | Product Usage Information App, browser, and device information Information from cookies and similar technologies | Third party identity verification services Service providers Professional advisors Our Affiliates |
Geolocation data | App, browser, and device information | Third party identity verification services Service providers Professional advisors |
Audio, electronic, visual, thermal, olfactory, or similar information | Call and video recordings Communications | Third party identity verification services Service providers Professional advisors Our Affiliates |
Professional or employment related information | Institutional Information Direct deposit Salary | Third party identity verification services Service providers Professional advisors Our Affiliates |
Inferences about preferences, characteristics, predispositions, etc. | Information derived from other information about you, which could include your preferences, interests, and other information used to personalize your experience or provide you Services | Service providers Professional advisors Our Affiliates |
Collection and Disclosure of Sensitive Personal Information. In the past 12 months, we’ve collected and disclosed the following categories of sensitive personal information, with the following categories of third parties:
| Category of Sensitive Personal Information as outlined in the CCPA | Information Collected and Disclosed | Categories of Recipients |
Government identifiers | Supplemental Identification Information Electronic Identification Information | Third party identity verification services Professional advisors |
The contents of a resident’s mail, email, and text messages | Communications
| Service Providers Professional Advisors
|
Biometric information | Electronic Identification Information | Third party identity verification services Financial institutions Professional advisors |
Selling or Sharing of Personal Information. In the past 12 months, we’ve shared (as that term is defined in the CCPA, as amended by the California Privacy Rights Act of 2020, and the CCPA Regulations) identifiers with third party analytics providers, advertising partners, and ad networks for analytics and advertising purposes.
We do not have actual knowledge that we sell or share personal information of individuals under 16 years of age.
Rights. As a California resident, you may have the rights listed below in relation to personal information that we have collected about you. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law.
Right to Know. You have a right to request the following information about our collection, use and disclosure of your personal information over the prior 12 months, and ask that we provide you with a copy of the following:
categories of and specific pieces of personal information we have collected, sold, or shared about you;
categories of sources from which we collect personal information;
the business of commercial purposes for collecting personal information;
categories of third parties to whom the personal information was disclosed for a business purpose; and
categories of personal information disclosed about you for a business purpose.
Right to Correct. You have a right to request that we correct inaccurate personal information maintained about you.
Right to Delete. You have a right to request that we delete personal information, subject to certain exceptions.
Right to Opt out of Selling or Sharing. You have the right to direct a business that sells or shares personal information about you to third parties to stop doing so.
Right to Non-Discrimination. We will not discriminate against you for exercising any of these rights.
Exercising Your Rights. You may exercise your rights by going to your Privacy Rights Dashboard, which also allows you to make individual rights requests relating to your personal information after verifying your identity. If you cannot access the Dashboard, you can contact us via our Support Portal or email dpo@coinbase.com. We may take steps to verify your identity before complying with your request to protect your privacy and security, and may decline your request if we are unable to verify your identity. To verify your identity, we may collect information such as your email address, government issued ID, or date of birth, before providing a substantive response to the request.
You can request to opt-out of the sale or sharing of your personal information by logging into your account via the web, going into your Privacy Options and unclick the “Share My Personal Info with third party partners for Advertising” button. Alternatively, you may also contact us at dpo@coinbase.com to opt out.
Authorized Agent. Generally, if you are a California resident, you may designate an authorized agent to make a request to access or a request to delete on your behalf. To do so, you must: (1) provide that authorized agent written and signed permission to submit such a request; and (2) verify your own identity directly with us. Please note, we may deny a request from an authorized agent that does not submit proof that they have been authorized by you to act on your behalf. We will respond to your authorized agent's request if they submit proof that they are registered with the California Secretary of State to be able to act on your behalf, or submit evidence you have provided them with power of attorney pursuant to California Probate Code section 4121 to 4130. We may deny requests from authorized agents who do not submit proof that they have been authorized by you to act on their behalf, or are unable to verify their identity.
Questions. If you have questions or concerns regarding this Notice, or if you have a complaint, please contact us on our Support Portal, at dpo@coinbase.com, or by writing to us at the address of your Coinbase service provider (provided in Section 11. Our Relationship With You).