- To provide you with our products and services, provide you with updated information, and comply with applicable law, we collect personally identifiable information (hereinafter, personal information) from you as a user or prospective user.
- Your personal information is of utmost importance to us, and it is our priority and policy to safeguard and respect the confidentiality of the information we collect and that you provide to us.
- We endeavor to review this privacy statement and policy regularly to ensure we comply with the latest privacy and security standards in our countries of operation and internationally accepted standards.
- Personal Information: refers to any information relating to you, as an identified or identifiable person, including your name, an identifiable number, location data, or online identifier, or factors specific to the physical, economic, cultural, or social identity of you as a natural person.
- Data Controller: Cypher Trading, UAB
- Data Processor: Sum & Substance Limited (under Article 26 of the General Data Protection Regulation (EU) 2016/679 (hereinafter, GDPR).
- Cryptology Account refers to your user-accessible account.
- Datacenter locations: we process and retain your personal information on servers in data centers located in the European Union.
3. Your rights
- Right to obtain confirmation as to whether or not his or her personal data are being processed (Article15 EU GDPR);
- Right to obtain rectification of inaccurate personal data without undue delay (Article 16 EU GDPR);
- Right to erase personal data or “right to be forgotten” (Article 17 EU GDPR); please note that in accordance with our obligations under anti-money laundering laws, we are obligated to retain certain personal and transactional data from you for a period of at least 5 years after we have ended our business relationship or you have requested us to erase your personal data.
- Right to restrict data processing, in particular when the accuracy of the data is contested (Article 18 EU GDPR);
- Right to receive communications as to rectification or erasure of personal data or restriction on processing (Article 19 EU GDPR);
- Right to receive personal data in a form that is machine-readable and ready for transmission to another controller (Article 20 EU GDPR);
- Right to object data processing (Article 21 EU GDPR);
- Right not to be subject to a decision based solely on automated processing (Article 22 EU GDPR).
4. Data that we collect
- Name and surname
- Date of birth
- Passport or any identity document data
- Registered address
- Banking details
- Facial image
- Localization information (such as IP address), login information, browser type, and platform, device-specific information, and system activity
- Other additional information may be necessary in order to identify and verify your identity
5. Reason to collect data
- Performance of a Contract: We collect personal information and data from you to create a contract, between you and us, for the provision of products and services regulated under the service-specific Terms and Conditions.
- Compliance with a legal obligation: We also collect personal information and data from you for the purpose of identification and client due-diligence compliance in accordance with the laws governing our intended business relationship (KYC and AML).
- For the purpose of safeguarding a legitimate interest: We process personal information and data from you to safeguard our legitimate interests in initiating legal claims, and preparing our defense in litigation procedures, preventing fraud and potential crime, asset security and access controls, and overall internal risk management. We may need to use personal information collected from you to investigate issues or to settle disputes with you because it is in our legitimate interest to ensure that issues and disputes get investigated and resolved in a timely and efficient manner. We may need to use your personal information to comply with any applicable laws and regulations, subpoenas, court orders, or other judicial processes, or requirements of any applicable regulatory authority. We do this not only to comply with our legal obligations but because it may also be in our legitimate interest to do so.
- To provide you with information about our products and services: Once you successfully open a Cryptology account, or subscribe to information, we must use your personal information to perform our services and comply with our obligations to you. It is in our best interest to keep you informed of new releases and updates to our products and services. We may use your personal information to send you marketing communications by email or other agreed forms (including social media campaigns), to ensure you are always kept up-to-date with our latest products and services. If we send you marketing communications we will do so based on your consent and registered marketing preferences.
6. Disclosure of your personal information
- We will not disclose your personal information to any third party, except to the extent that it is required to do pursuant to any applicable laws, rules, or regulations; if there is a duty to disclose; in line with our Terms and Conditions; at your request or with your consent. We will endeavor to make such disclosures on a need-to-know basis unless otherwise instructed by a regulatory authority.
7. Transfers outside the European Economic Area
- We may transfer your personal information outside the EEA and UK to other service providers (i.e Data Processors) who are engaged on our behalf. To the extent that we transfer your personal information outside of the EEA and UK, we will ensure that the transfer is lawful and that Data Processors in third countries are obliged to comply with the GDPR and the UK Data Protection Act 2018.
8. Privacy related to blockchains
- Your funding of bitcoin, XRP, ether, and other Digital Assets, may be recorded on a public blockchain. Public blockchains are distributed ledgers, intended to immutably record transactions across wide networks of computer systems. Many blockchains are open to forensic analysis which can lead to deanonymization and the unintentional revelation of private financial information, especially when blockchain data is combined with other data.
- Because blockchains are decentralized or third-party networks that are not controlled or operated by us, we are not able to erase, modify, or alter personal data from such networks.
10. Contact us