Different Cryptopay companies may control and process your data. The company that provides you the Service, as identified in the relevant services agreement, is the company directly responsible for handling personal data.
The Policy covers following questions:
- Information we may process, legal basis and purposes of processing
- How we use information
- How long we retain information
- How we share collected information
- Cross-border transfer
- How we store and protect collected information
- Rights of users
- Changes to the Policy
- What if I do not want to accept the Policy?
Information we may process, legal basis and purposes of processing
We may process personal information of Users in a variety of ways, including, but not limited to, when users visit our Site, App, or use any of our Services; register on the Service; fill out any form; provide information for passing of anti-money laundering procedures or take any actions directly stipulated by the features of the Site or App.
We may obtain information about you from third party sources as required or permitted by applicable law, such as public databases, credit bureaus, ID verification partners, resellers and channel partners, joint marketing partners, and social media platforms for purposes of verifying your identity. We obtain information from third parties for the purposes of compliance with legal obligations, such as anti-money laundering laws, and for the purposes of contractual performance.
Categories of DATA involved in DATA processing include:
- Personal Identification Information: Name, e-mail, date of birth, citizenship, gender, utility bills, photographs, phone number, mailing address, ID or other documents’ number and other details;
- Payment Information: Bank information, card information, transaction history;
- Employment Information: Employer details, job title;
- Other data collected by cookies: see sections 2 and 3 of the Policy regarding cookies.
From time to time, we may process this and additional types of data about Users to make sure our Service is not used fraudulently or for other illicit activities. In such instances, processing is necessary for one of the legal bases as described below. We may ask you to supply additional documents or information where it is necessary for compliance with our legal obligations and for the purposes of legitimate interests e.g. in the prevention of fraud, money laundering and counter-terrorism.
Users can always refuse to supply personally identification information, except that it may prevent them from engaging in certain Service or related activities. Thus, in some cases, we will be unable to render Services to you if you do not provide us your personal identification information due to the requirements of anti-money laundering laws and other legal acts.
Information collected automatically
Web browser cookies
How we use information
We process aforementioned information relying on the following legal grounds:
- where it is necessary to perform a contract with you for the provision of our Services or to enter into a contract with you for the provision of our Services;
- where it is necessary for compliance with our legal obligations across jurisdictions with regard to provision of financial services, as stipulated by accounting, taxation and other laws and to prevent criminal activity, fraud and money laundering;
- where it is necessary for the purposes of our legitimate interests to prevent fraud, money laundering or unauthorized use of your account, and to analyze your account activity in order to be able to provide you with an adequate and reliable service and to offer you the best possible options suitable for your needs;
- where we have received your explicit consent as required by applicable law.
and for the following purposes:
- to identify you as a client and distinguish you from other users of our Service;
- to be able to continuously provide you with functional, secure, efficient, and customized service;
- to operate and develop our Service;
- to publish content and advertising on the Site and App;
- to prevent losses and frauds;
- to respond to you about any comment or enquiry you have submitted;
- to comply with legal and regulatory requirements, including Know-Your-Customer (KYC) anti-money laundering (AML) requirements;
- to provide you with customer and technical support;
- to inform you about our and our partner’s offers, products and to perform other marketing activity where we have received your consent.
We also may process personal information including your email address to send you service updates and notifications (regarding your account settings), newsletters, marketing messages and certain email notifications where we have obtained your explicit consent or are otherwise lawfully permitted to do so. You can change your preferences later and opt-out from such emails at any time just by following the link, which may be placed in every email from Cryptopay or through settings.
We will ask User’s consent before processing of aforementioned information in other purposes. When collecting such consents, we inform the Data Subject of the respective purposes of processing and such processing is conducted only when appropriate consent is received.
How long we retain information
We store collected information for as long as it is necessary to perform our contractual obligations in order to provide products and services to you. If you decide to delete your account, do not use Services and choose to terminate contract with us, we keep your information and information on your transactions for 5 years after you delete your account for the compliance with the requirements of anti-money laundering laws and other legal acts. However, the information may be, wholly or in part, retained for longer or shorter term if required by applicable laws or if there is other justified reason to retain or delete them.
In some cases, we can keep your information longer than 5 years: such exceeding can be used only in a case of arising of legal requirements that will oblige us to store your information for more than 5 years. Information associated with your account will be kept until your account is deleted, unless we no longer need the data to provide products and services.
Please note that retention periods may be changed from time to time based on legal and regulatory requirements.
How we share collected information
We sometimes need to share personal information we process with third parties. When necessary or required we may share information with authorities, other companies within the group of companies for internal administrative purposes, companies which the group cooperates with and to other third parties, such as third party service providers used in connection with our Services (e.g. various analytical services and financial institutions that we have partnered with to jointly create and offer a product). The legal basis for data transfer is performance of contract between you and us, as well as our legitimate interest and our legal obligation.
We may share collected information with:
- credit reference agencies;
- KYC providers;
- debt collection and tracing agencies and other companies in the same group;
- suppliers and services providers (analytical, financial);
- government bodies and other recipients in order to comply with applicable law;
- courts and tribunals.
We intend to transfer the collected information we obtain from you to recipients in countries other than the country in which the information has been originally collected. Those countries may not have the same data protection laws as the country in which you initially provided the information.
The collected information may be transferred to a state outside the European Economic Area ("EEA"). For such transfers we use standard contract clauses or other suitable safeguard to permit data transfers from the EEA to other countries. A copy of standard data protection clauses adopted by a supervisory authority may be obtained by request made to the firstname.lastname@example.org.
How we store and protect collected information
We adopt appropriate data collection, storage and processing practices and security measures to protect from unauthorized access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our Site. We use encryption to protect information and we grant access to information to our employees and third parties only when it is necessary for them to process said information.
However, the transmission of such data over the Internet using personal computers or mobile devices is not completely safe and therefore we cannot guarantee the security of documents submitted to our platform. Any transmission of such documents is at your own risk. As soon as we receive your information, we implement strict security measures and procedures to avoid unauthorized access from any third party.
Rights of users
You have a right to request from us:
access to information and update information
You have a right to review information we keep about you and if you suppose that information is inaccurate or incomplete, you may contact us in order to update information.
Updating your information. If you believe that the information we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion or object to its processing, please contact us.
restriction of processing and erasure of your personal data
If you believe that we are not entitled to use your information and you want to request its deletion or object to its processing, you may contact us.
personal data in a structured, commonly used and machine-readable format
Please note that the above is subject to limitations by relevant data protection laws. You may exercise the aforementioned rights by sending a request to e-mail address provided in the Contacts section. In your request please provide us with your account login and we will respond you shortly for further discussion
Where the processing is based on consent, you have a right to withdraw such consent at any time. However, we might keep processing information if we have a legal basis for it.
We will not keep outdated or deleted information, unless we have to do so in accordance with legislative requirements.
Changes to the Policy
What if I do not want to accept the Policy?
By using our Services, you acknowledge that we process information in the ways described by the Policy. If you do not agree to this policy, please do not use our Services. Your continued use of the Services following the posting of changes to this policy will be deemed as your acceptance of those changes.
If you already have registered an account on the Site, but you do not agree with the Policy, you shall terminate your account. You can ask our support team to terminate or cancel your account by sending an email to email@example.com.
If you have any questions about the Policy or would like to exercise any of your rights, please contact our Data Protection Officer at firstname.lastname@example.org.
If you feel that your rights under the data protection laws are infringed, please let us know and we will investigate.