Privacy Policy

Privacy Policy


  1. Introduction

We, MCM 965 doo. Belgrade, (Cukarica) (further: MCM or Handler), value your privacy and therefore take the security and protection of your personal data seriously. The safety and proper use of your personal details is of utmost importance to us and all our users. With this privacy policy we would like to share with you the type of personal data we collect, how we process it and what purposes we use them. Also, we would like to explain and point out the rights you have with regard to your personal data, as well as guide you on how you can exercise these rights.

This notice is inextricably linked to “The Business rules of the provider of digital assets MCM 965 doo”, but it is not a part of them. It does not regulate rights and obligations, but aims to guide you on which personal data we process, in connection with the services offered related to digital assets, why and how we process the data, and when and how third parties come into contact with them.


2. Personal data handler

MCM 965 doo Belgrade (Cukarica) st Orfelinova 5, Company Number: 20731796, Tax/Identification Number: 107047758, collects and processes personal data in accordance with the Personal Data Protection Act (Official Gazette of RS” No. 87/2018). In this notification, the pronouns “we” and “us” or “our” shall mean MCM or Handler. If you have any questions, remarks or suggestions in relation to this notification of MCM’s or our handling of your personal data, you can send us an email to our Privacy Manager at [email protected] or by mail, to the following address: MCM 965 doo, St. Orfelinova 5, Belgrade.


3. The meaning of the expression

Personal data is any data related to a person whose identity is immediately determined or determinable. The types of personal data that are covered by this notice are basic data on the user and data on completed transactions.

Basic data is all data that contains a personal document (identity card, passport) which the user sends in the form of a photocopy in order to complete the registration process.

Data on processed transactions is data that refers to the time a user completed a transaction, the price the transaction was completed for, the type of digital asset that was the subject of the transaction, and the whether the transaction was completed through customer service (cashless) or via crypto-atm (cash).

Data on communication with the user is data that is created through communication between the customer and us, the the form of inquiries, complaints, requests, and they refer to a written form of communication, which means communication via email and via “Zendesk” (internal tool) that is located on our website; through which users can directly contact us via the chat tool. Telephone calls made between us and users are recorded and stored in Avaya Reporting tool (internal tool).

Data on video surveillance on our crypto-atm’s for buying and selling digital currency, consists of a factory integrated (built-in) camera by the manufacturer, which records the users face in the time of completing the transaction. All rooms where the devices are located are equipped with video surveillance, as well as video surveillance of the buildings, where the devices are located.

4. Principles of personal data processing

MCM wants to be a reliable partner to its users in protecting their personal data and to justify the trust placed in them. Therefore, personal data is:

  • processed in good faith and in a transparent manner
  • collected for purposes that are specifically determined, justified and legal
  • processed in order to provide users with better services and in accordance with their needs

MCM takes necessary measures to ensure adequate personal data protection of data  that is processed:

  • personal data of our users in processed in accordance with applicable regulations and laws
  • users are informed of the data we collect and in what way we collect it
  • collected data is processed in accordance with legal purposes and only for the duration necessary for achieving the purpose for which the data was initially collected for.
  • respect all rights guaranteed by the Data Protection Act, including the right to access personal data, the right to correct data, the right to object, etc.
  • implement the necessary technical and organizational measures to protect our users personal data and prevent any cases of illegal destruction, illegal access, accidental loss, alteration, as well as any other different form of illegal processing.

5.How we collect users personal data

MCM collects personal data directly from the user both during the registration process itself and during the identification process, as well as throughout the duration of the business relationship. When registering, the user is obliged to agree with the Privacy Policy and the method of how personal data is processed, which is described in the above mentioned Privacy Policy. Data collection during identification is done in two ways. The first way is through a processor, for which purpose MCM has concluded contracts with third parties, namely VIP SISTEM D.O.O. BELGRADE and DANUBE – UNION d.o.o. Belgrade (further: Processors). Employees of the mentioned parties, determine the personal data on the spot, along with the identification of the user in relation to the data related to him/her. The second way of data collection is through ECD caravan, as a process in which MCM employees go to a location previously agreed upon with the user, most often in the user’s city of residence and on the spot, with the user (with immediate identification), collects their personal data.


6.Purpose of personal data processing

Personal data is processed exclusively for the purpose of providing services related to digital assets, along with the commission we charge for those services. Personal data can also be used for the purpose of informing about the service and the completed transaction, and if necessary for the purpose of reporting to authorities, as well as for the purpose of direct marketing, when the user has given consent for direct marketing, and all in the interest of the user.


7. To whom we forward personal data

Supervision of MCM’s operations is carried out by the Securities Commission (hereinafter: KHoV), as well as The National Bank of Serbia (hereinafter NBS); therefore MCM is obliged to undertake actions and measures for prevention and detection of money laundering and terrorist financing in accordance with the Law on prevention of money laundering and financing of terrorism (“Official Gazette of RS”, no. 113/2017, 91/2019 and 153/2020), including actions and measures of knowing the party through specialized checks, publicly available and commercial databases, as well as reporting to authorities, in accordance with the law, to the Directorate for the Prevention of Money Laundering (Ministry of Finance). That being said, MCM uses a specialized, commercial database “LexisNexis Risk Management Solutions” for personal data checks. Then, MCM is obliged to provide personal data in the case of an NBS order, asking for data in regards to a specific user or transaction. Also, MCM is obliged to also act according to the orders of other competent authorities (KHoV, Ministry of Internal Affairs, Public Prosecutor’s Office, etc). In case of doubt about the obligation to forward personal data, MCM will request a written opinion from the Commissioner for Information of Public Importance and Data Protection.


8. Storage of personal data

MCM uses servers to store personal data located on the Google platform cloud, in their data center europe-west3 in Frankfurt, and we store personal data for as long as it is justified for the purpose of data processing and as long as it is necessary to fulfill our obligations in accordance with the relevant laws, and above all with The Law on Prevention of Money Laundering and Financing of Terrorism (“Official Gazette of RS”, No. 113/2017, 91/2019 and 153/2020); therefore MCM is obliged to provide data and documentation related to the user, established business relationship with the user, performed risk analysis and performed transactions, acquired in accordance with this law, shall be kept for at least ten years from the date of termination of the business relationship or completed transaction. After the expiry of the said period,

the personal data stored in the information system are anonymized, and paper documentation is destroyed. The data on the server is under a known code

only to the Personal Data Manager, and access to the data is governed by the Assignment Procedure access rights to information system resources. Physical data on the users personal data is kept locked in a secured room, meant for only that purpose.


9. User rights to which the data relates

The user has the right to ask MCM for information on whether it is processing his personal data, and that, if it processes them, it requests access to that data. If personal data belonging to the user are incorrect, the user has the right to request that they be corrected. The user has the right to require MCM to delete their personal data, when the data is no longer necessary for the purposes for which it has been collected and processed, as well as personal data relating to the user that was processed illegally. The user has the right to withdraw his consent to the authorization initially given to MCM for sending notifications for direct marketing purposes. The user has the right to object to the processing of personal data relating to him at any time and for any reason. Depending on the nature of the complaint raised by the user, MCM will carry out an internal check on the matter with an objection, and depending on the assessment, accept or reject the same. In any case, the user has the right to submit a Complaint to the Commissioner for Information of Public Importance and Data Protection person, if he believes that MCM violates the Personal Data Protection Act.


10.Updating the Privacy Notice

The privacy notice may be amended or supplemented due to changes in applicable laws, on initiative of MCM, users or competent authorities. We recommend that users regularly check the latest version of the data privacy notice on the MCM website.


11. Anonymous data

MCM collects and processes data of a non-personal nature, such as the type of Internet browser, the name of your internet provider, the platform from which you make contact, so that the level of service provided is of highest of quality. MCM uses Google Analytics technology and only for the purpose of measuring traffic on the website. In the maintenance and operation of the site we do not use “cookies”.


12. Recording conversations with users

Recording of telephone conversations enables review of conducted conversations, improvement of service and help in solving possible objections. When calling the contact center, the voice machine informs the user that all conversations with the operator are being recorded. For the recording of telephone conversations, only a software can be used, whose technical features, of sound recording, ensure accuracy and reliability, and which fulfills the following conditions:

  • establishing the exact time when the conversation is conducted by telephone
  • identification of the telephone number of the user with whom the telephone conversation was conducted

If the user does not want the conversation to be recorded, he should end the call before the operator answers and in that case, contact customer support via email or chat box. Listening to the recording must be done exclusively in the premises of MCM 965 DOO BELGRADE.


13. Cookie notice

During the use of any page on the website, MCM 965 D.O.O. can save

certain information via cookies (“cookie”) to the user’s computer and thereby enable the page to show the user information that is tailored to his needs. The cookie is a small file that is stored on the user’s computer at the time when he accesses a certain Internet page. Cookies allow the website to “remember” the user’s interests, settings on the page, and according to what the user chose when visiting the page. A cookie itself does not contain or collect personal data, so MCM 965 D.O.O. is not able to identify a natural person through information stored in a cookie. However, in combination with the internet browser, it can help the website to deliver to the user a “personalized” service. Cookies are located in the memory of your browser and each usually contain data such as e.g. the name of the server from which the cookie was sent, the duration of the cookie and value (usually a randomly generated unique number).

MCM 965 D.O.O. does not have its own created cookies that it uses in its business, but

uses cookies generated by Google Analytics, Zendesk, Facebook, WordPress and other third-party libraries we use. MCM 965 D.O.O. uses constant cookies (“Persistent cookies”). Permanent or constant cookies are those cookies that remain on your computer after closing the internet browser. Permanent cookies can stay on your computer for days, months and years.

If you wish, you can disable the storage of cookies on your computer. However, blocking all cookies could have a negative impact on the use of many websites, including our own. If you want to delete and disable them, you need to update settings of your internet browser (information on how to delete and disable search for cookies in your internet browser by selecting the help option).

You can find more information at the following address:

MCM 965 D.O.O. excludes any liability for any loss of functionality of the Services and the quality of the content on our site in all cases, when the user chooses a different cookie setting from those that are predefined.