If you have any questions about how we process your personal data or if you wish to submit an application for exercising your rights related to processing your personal data, please contact us through the contact information provided in the section "Contacts" below.
|“Personal data”||Any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular on the basis of such a record as the name, personal identification code, place of location information or network identifier, or on the basis of one or more physical, physiological, genetic, mental, economic, cultural or social identities.|
|“Data subject” or “User”||Natural peson who uses Cryptus Services or whose personal data is processed by Cryptus.|
|“Processing”||Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.|
|“Data Processor”||Natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.|
|“Services”||Any services provided by Cryptus via our Platform from time to time, including digital currency wallet service, service of exchanging digital currency against fiat currency and service of exchanging digital currency against another digital currency offered by Cryptus.|
2. WHY WE PROCESS PERSONAL DATA AND WHAT PERSONAL DATA DO WE PROCESS?
- When you have opted to use our Platform, we need to process your personal data to enable the Services to you via our Platform.
- Cryptus uses a two-step registration process and the types of data we process and collect about you depend on the registration process.
- During the first step, we ask and process personal data that we need to create and register the
User account for you for using our Services. During this first step we ask you to submit us the
- general personal information: first name; last name;
- contact information: email address (which will also be your username for using Cryptus Platform) and password.
- During the second step, we ask and process personal data that we need to complete the
registration and that we are required to process in order to provide you the Services according
to applicable laws, including pursuant to applicable money laundering and terrorist financing
prevention regulations. During this first step we ask you to submit us the following data:
- general personal information: client type (natural person/legal person); gender, personal identification code, date of birth, legal capacity, nationality, citizenship;
- contact details: such as address, email address, telephone number;
- identity document details: name of the document (for example, passport/ID card/driver’s license, etc), issuing country, document number, expiry date;
- facial recognition data and biometric data: photos, videos and sound recording, photographs taken from you and your document and/or video and sound recording, biometrical data, such as facial identifiers, provided that processing of such data is necessary during verification process of your identity.
- During your use of the Platform and the Services, we might also process following data about you
regarding which the exact types of data we process depend on how exactly you use the Services
- transaction data: date or period and a description of the substance of the transaction(s) made by you via our Platform; details of your bank / payment institution, payment cards and details of payment instruments you have used and disclosed on the Platform in the course of using the Services;
- business relationship data: information on the circumstances of termination of a business relationship in connection with the impossibility of application of the due diligence measures, if applicable; information on refusal to establish a business relationship or make an occasional transaction, if applicable; the circumstances of a waiver to establish a business relationship or make a transaction, including an occasional transaction, on the initiative of the person participating in the transaction, the person using an official service or the customer where the waiver is related to the application of due diligence measures by Cryptus; information serving as the basis for the duty to report in case of suspicion of money laundering and terrorist financing under the applicable law.
- technical data: technical information we need in order to identify the User and prevent the use of the Services and Platform for malicious and illegal purposes, including your IP address, network and device time zone difference, network and communication service provider’s location difference, network and browser time zone difference, browser status, SDK emulator usage, jailbroke device usage, virtual media device usage, VPN usage, data center usage, etc.
- For more detailed information on the exact categories of personal data processed by Cryptus about you, please contact us using the contact details provided below in Section “Contacts”.
3. WHAT IS THE LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA?
- We process your personal data to provide Services to you (please read Cryptus Terms and Conditions). Legal basis for such data processing is GDPR Article 6-1-(b), i.e. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
- We also process your personal data when processing is necessary for compliance with a legal obligation to which Cryptus is subject to. Legal basis for such data processing is GDPR art 6-1-(c). For example, we are required to comply with is Estonian Money Laundering and Terrorist Financing Prevention Act (MLTFPA), primarily Sections 46, 47 and 49 of the MLTFPA, and with applicable accounting legislation.
- In certain specific situations we might also process your personal data where processing your personal data is necessary for the purpose of our legitimate interests pursued by us. Legal basis for such data processing is GDPR Article 6-1-(f). In such a case we shall ensure that processing is proportionate and that we have carried out legitimate interest impact assessment. For example, for the purpose of our legitimate interest we analyze how our Services and Platform are used by our customers so we can provide better service. For the purpose of our legitimate interest we might also process personal data to operate, manage and improve our Platform and/or our business; contact you to respond to your requests or enquiries; ensuring the security of the Platform and our systems and networks; prevent, investigate or provide notice of fraud, physical harm, financial loss, unlawful or criminal activity, or unauthorized access to or use of personal data, the Platform or our data systems; or to enforce our Terms and Conditions.
- In certain specific situations we may also process your personal data based on your consent. Legal basis for such data processing is GDPR Article 6-1-(a). In those situations, we process your personal data on the terms as provided in the consent that you have granted to us.
4. WHEN DO WE SHARE YOUR PERSONAL DATA?
- To the extent this is necessary for the provision of our Services, we may share your personal data with certain third parties.
- We may share and disclose personal data about you (a) if we are required or permitted to do so by law or legal process, for example due to a court order or a request from a law enforcement agency, (b) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, (c) in connection with an investigation of suspected or actual fraudulent or other illegal activity, and (d) in conjunction with (i) the making, management, or disposition of any of our investments, (ii) business continuity, or (iii) to successors in interest or entities that acquire all or part of our business in connection to a corporate sale, merger, reorganization, dissolution or similar event.
- We may share your personal data with service providers that perform Services (or part of the
Services) on our behalf such as IT service providers, analytics providers or hosting providers.
In accordance with applicable law, we have entered into legally binding agreements requiring
them to use or disclose personal data only as necessary to perform services on our behalf or,
where permitted by law, to comply with applicable legal requirements. At the moment of adopting
- Microsoft Azure cloud server provided by Microsoft Corporation, registered in US. Privacy Statement adopted by Microsoft Corporation is available at https://privacy.microsoft.com/en-us/PrivacyStatement.
- We may also transfer your personal data to third countries, i.e. countries outside the EU/EEA
third countries, we will ensure that the transfer is subject to appropriate safeguards under
GDPR and that your rights are protected, meaning that:
- the country to which the personal data will be transferred has been granted an adequacy decision by the European Commission; or
- we have put in place other appropriate safeguards in respect of the transfer, for example the EU Model Contracts.
- You may request a copy of the safeguards that we have put in place in respect of transfers of personal data by contacting via contact details provided below in Section “Contacts”.
5. HOW LONG IS YOUR PERSONAL DATA RETAINED?
- Cryptus does not retain personal data longer than it is necessary for the purposes of processing personal data or pursuant to applicable law.
- Personal data related to the use of our Platform can be retained during the term of the contract and based on our legitimate interest pursuant to Article 6 (1) (f) of the GDPR until the end of the statutory limitation periods under applicable law. Accordingly, as a general rule Cryptus retains your personal data as long as it is necessary for the provision of the Services during the term of the contract concluded between you and Cryptus and for 3 years after the term of the contract. In this regard, as a general rule, if you have not used our Platform for 3 years (you have not logged in to your profile on our Platform for 3 years), your profile and all personal data therein will be deleted, unless we are permitted or required to retain your data during longer period.
- Also, pursuant to statutory law, Cryptus is required to retain certain personal data about you during the retention periods as provided by applicable law. In this regard, pursuant to Estonian Accounting Act, we retain accounting documents for 7 years. Pursuant to Estonian Money Laundering and Terrorist Financing Prevention Act, we retain the originals or copies of the documents collected for the purpose of identification of persons and verification of submitted information as well as the documents serving as the basis for the establishment of a business relationship for no less than 5 years after the termination of the respective business relationship with you in which regard the data was collected.
- For more detailed information on the exact retention periods for your personal data processed by Cryptus, please contact us using the contact details provided below in Section “Contacts”.
6. HOW DO WE PROTECT YOUR PERSONAL DATA?
- To protect your personal data from unauthorized access, unlawful processing or disclosure, accidental loss, modification or destruction, we use appropriate technical and organizational measures that comply with applicable laws. These measures include but are not limited to the implementation of appropriate computer security systems, protection of paper and electronic format files by technical and logical means, controlling and limiting access to documents, retaining log files, etc.
- We use following type of cookies on our Platform:
- Strictly necessary cookies, that are essential in order to enable you to move around and navigate on Platform and use the features of Platform.
- Functional cookies, that record information about choices you have made and allow to tailor Platform. Functionality cookies remember choices you make such as language preference, country location, or other online settings and provide personalized or enhanced features that you select, so that next time you visit you won’t have to enter all this information again.
- Statistics cookies, that record information about the way our Platform is used, to acquire knowledge on how often our Platform is visited, where on our Platform our visitors spend the most time, how often they interact with a page or part of a page, this allows us to make the structure, navigation, and content of our Platform as user-friendly as possible.
- Advertising cookies, to help measure the delivery and the performance of advertising campaigns and limit the number of times you see an advert. Third-party targeted advertising cookies may be placed on your device by third-party advertisers, ad networks, data exchanges, marketing analytics and other service providers.
- The specific cookies that Platform uses are the following:
Name Purpose Retention period _ga Registers a unique ID that is used to generate statistical data on how the visitor uses the website 2 years _gat Used by Google Analytics to throttle request rate 1 day _gid Registers a unique ID that is used to generate statistical data on how the visitor uses the web site 1 day _hjid Sets a unique ID for the session. This allows the web site to obtain data on visitor behaviour for statistical purposes 1 year _hjid Sets a unique ID for the session. This allows the website to obtain data on visitor behaviour for statistical purposes Persistent _fbp Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers 3 months _hjIncludedInSample Determines if the user's navigation should be registered in a certain statistical place holder. Session ads/ga-audiences Used by Google AdWords to re-engage visitors that are likely to convert to customers based on the visitor's online behaviour across websites Session cid Optimises ad display based on the user's movement combined and various advertiser bids for displaying user ads 2 months fr Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers 3 months tr Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers Session uid Registers a unique user ID that recognises the user's browser when visiting web sites that use the same ad network. The purpose is to optimise display of ads based on the user's movements and various ad providers' bids for displaying user ads 2 months _hjTLDTest To check whether user’s browser has cookies enabled Session
- You can delete or block cookies on Platform through your browser settings at any time. However, some cookies might be necessary for the functionality of Platform. Therefore, you understand that when blocking or deleting the cookies some features of Platform might not function correctly.
- For more general information about cookies including the difference between session and persistent cookies please see www.allaboutcookies.org.
8. YOUR RIGHTS
- Cryptus is dedicated ensuring that all data subject rights arising under applicable law are
always guaranteed to you. In particular, any data subject has:
- the right to access the personal data that Cryptus processes about you, including to request confirmation of whether we process personal data relating to you and, if so, to request a copy of that personal data;
- the right to request that Cryptus rectifies or updates any inaccurate, incomplete or outdates personal data about you;
- the right to request Cryptus to erases your personal data and/or restricts of processing of your personal data if we do not have valid legal basis for processing;
- the right to receive your processed personal data in a structured, commonly used and machine-readable format and have the right to transmit your personal data to another controller;
- the right to object to certain of our data processing, such as for direct marketing purposes;
- where you have given us consent to process your personal data, to withdraw your consent.
- If you believe that your rights have been infringed, you may contact and lodge a complaint to the supervisory authority applicable for your jurisdiction (in Estonia: Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon), address Tatari 39 10134 Tallinn, phone +372 6828 712, email: firstname.lastname@example.org, website: http://www.aki.ee/). Contact details for data protection supervisory authorities in other EU member states are available at https://edpb.europa.eu/about-edpb/board/members_en.
9. GOVERNING LAW AND JURISDICTION
Company name: OpenGate Technology OÜ
Phone: +372 635-51-08
E-mail address: email@example.com
Address: Narva Road 7B, 10117 Tallinn Estonia