Privacy Policy
Protecting your right for privacy is essential for our company, Cryptacash, NIP: 5252911005, POLAND, WARSZAWA, 00-141, AL. JANA PAWŁA II 38/5 (“Company”). We’re providing the Privacy Policy (“Policy”) thereto state regulation regarding the collection, use and disclosure of information that we process in the course of our business. We regularly review our compliance with this Policy and may revise it from time to time. This Privacy Policy is an essential part of our Terms of Use.
1. Definitions
The following terms has the meaning of:
● GDPR means the General Data Protection Regulation (EU) 2016/679, of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC, as amended, replaced or superseded and in force from time to time and as transposed into member-state legislation.
● Personal Data means any information which relates to an identified or identifiable natural person. An identifiable person is one who can be identified directly or indirectly in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
● You (“Client”) means you, when you are visiting our Website, utilizing our services, products or contacting us by digital means of communication.
2. Who we are
We are Cryptacash, a company incorporated under the laws of Poland, company number: 5252911005, whose registered office is at ul. Twarda 18, 00-824, Warszawa, Poland.
Cryptacash is the operator and owner of the website https://www.cryptacash.finance/ (hereinafter jointly and separately referred as to “Website”, "us", "we", or "our", “Cryptacash”).
3. What we do
We provide services in order to exchange cryptocurrencies to fiat currencies. Our website is a universal portal for exchanging Cryptocurrencies, Cash Funds, and Non-Cash Funds. Additional information on our services can be read in our Terms of Use.
We use personal information only for the purposes specified in this Policy and to provide you with our services described in our Terms of Use. We transfer the personal information of the Client to third parties only if it is necessary to provide our services, and only after the Client has expressed his consent.
4. How to contact us
Questions, comments and requests regarding this Privacy Policy are welcomed and should be addressed to: [email protected].
5. Voluntary nature of data provision
We strongly respect Your privacy. This Privacy Policy details important information regarding the use and disclosure of user information collected on the Website. Company provides this Privacy Policy to help You make an informed decision about whether to use or continue using of the Website.
Company reserves the right to amend the Privacy Policy at any time. In case of such amendment, Company shall publish a relevant notification of such changes on the official Website.
We gather Personal information (also referred as to “PI”, “Personal Data”, “PD”) only in scope, that is required for providing You with relevant services and that confirms with purposes of such collection. We gather Personal information only for purposes, that are stipulated in this Privacy Policy, or requirements, that follow from applicable law.
Our main purposes in gathering of information are to provide You with possibility to use and improve our Website, our services, and Website’s content to allow You use Website in an appropriate and legally compliant way.
We don’t store PI for a longer period of time, than it is required for maintaining of our services for You and other users.
There's no obligation for a Client to share their personal information with the Company. However, we cannot provide some of our services until such information is shared.
Persons under the age of 18 are not allowed to use the Website. We will not knowingly collect information from any person under the age of 18. If we become aware that we are storing data about such a person, we will take all reasonable measures to delete such data.
6. Types of Personal Data
We classify our Client's personal information into three main types:
7. Directly collected information (D)
This refers to the information, which a Client directly provides himself (e.g., by filling the website forms).
8. Indirectly collected information (I)
This kind of information relates to the Client but he does not provide it directly (e.g., an IP address).
9. Automatically gathered / generated information (A)
This type of information is generated automatically by the system. Though such information isn't provided by the Client himself it relates to him and according to the Article 4 (1) of the GDPR is considered to be Personal Data. It has 2 subtypes:
● static A (SA). This information doesn't usually change once it's created. An internal user id is an example.
● dynamic A (DA). This subtype changes accordingly to the actions performed by the Client.
We use these abbreviations below to address different types of personal information: D, I, SA, and DA.
10. What information we collect, when and why
There are several points in the ‘Company-Client’ relationship at which personal information is collected:
10.1. Registration and ongoing collection of information
| # | Персональні дані | Тип | Мета / Коментарі |
|---|---|---|---|
| 10.1.01 | Computer and connection information such as browser type, version, and time zone setting, browser plug-in types and versions, operating system, and platform | I | To improve our services and offers. |
| 10.1.02 | Data from mobile devices (for example, location). | I | In order to show you documentation relevant to your jurisdiction and in the language of the regions that you are active in.
You can hide it from us, if you don’t know how to disable your device's location services, we recommend you contact your mobile service carrier or your device manufacturer. In case if you hide your location we will not be liable for displaying information irrelevant to you, and we wave any liability connected herewith. We will reply only on information provided by you at your own discretion and at your own responsibility.
We will only respond to information provided by you at your discretion and responsibility.
|
| 10.1.03 | Behavior | AD | To improve our services and offers. |
| 10.1.04 | Name and Surname | D | To identify a Client and KYC compliance and AML/CFT Policy. |
| 10.1.05 | Email address | D | To provide you with relevant notifications and alerts. |
| 10.1.06 | Phone number | D | To identify a Client. |
| 10.1.07 | ID card, passport details or driving license | D | To identify a Client and KYC compliance and AML/CFT Policy. |
| 10.1.08 | Confirmation of address | D | To identify a Client and KYC compliance and AML/CFT Policy. |
| 10.1.09 | Financial information: Bank details; Bank card numbers; Information about completed transactions. | D | To identify a Client and KYC compliance and AML/CFT Policy. |
This information and purposes is not exhaustive, and is laid out to give You an idea about use of fundamental collected information. The Company will record all information collected and purposes for which the Company process that data.
11. Lawfulness of Processing and Disclosure
You agree to this conditions of collection, processing, transfer and storing Your Personal Data. When weprocess Your Personal Data for one of the legal bases specified in this Privacy Policy, we will take all steps reasonably necessary to ensure that Your Personal Data is treated securely and in accordance with this Policy. We protect Your Personal Data under internationally acknowledged standards, using physical, technical, and administrative security measures to reduce the risks of loss, misuse, unauthorized access, disclosure, and alteration. Some of the safeguards we use are firewalls and data encryption, physical access controls to our data centers, and information access authorization controls.
We also authorize access to Personal Data only for those employees or contractors who require it to fulfill their job or service responsibilities. our staff is trained on procedures for the management of personal information, including limitations on the release of information. Access to personal information is limited to those members of our staff and contractors whose work requires such access. We conduct periodic reviews to ensure that proper information management policies and procedures are understood and followed. All of our physical, electronic, and procedural safeguards are designed to comply with applicable laws and regulations.
When You provide Your Personal Data through our Website, this information is transmitted across the internet securely using industry standard encryption. Your Personal Data will be held encrypted on secure servers.
Where any third parties process Your Personal Data on our behalf, we require that they have appropriate technical and organizational measures in place to protect this Personal Data and We will also ensure that a GDPR compliant. Data Processing Agreement is in place between our Company and the third party so that both parties understand their responsibilities and liabilities pursuant to GDPR.
Company hereby informs you that the collected information may be lawfully disclosed to third parties such as:
● Agencies that deal with: law enforcement, regulators, governmental bodies, fraud or collusion prevention. identity verification, payment processing, credit reference, financial institutions, court.
● Introduction parties: that you permit us to introduce You to.
● Providers and contractors/subcontractors, employees that may need information for provision of services: such as IT maintenance, to make sure the Website is running perfectly, marketing services on behalf of the Website, technical communication services in order to communicate with You, data processing, external auditors and legal support services and others.
The Company is obliged to disclose your personal information in following cases:
● in response to lawful requests by public authorities, including to meet legitimate national security or law enforcement requirements;
● to protect, establish, or exercise our legal rights or defend against legal claims, including to collect a debt; to comply with a subpoena, court order, legal process, or other legal requirement;
● or when we believe in good faith that such disclosure is necessary to comply with the law, prevent imminent physical harm or financial loss, or investigate, prevent, or take action regarding illegal activities, suspected fraud, threats to our property, or violations of Terms of Use;
● to third parties in case of: merger, restructuring, joint venture, assignment, sale part of the business or the whole business.
12. Third Parties
We may share some of the Client's Personal Data with the following third parties (in amount limited to what is necessary in relation to the purposes):
● Mailing service provider. The personal information disclosed: 10.1.05
● KYC service provider. The personal information disclosed: 10.1.04-10.1.09
● AML compliance service provider. The personal information disclosed: 10.1.04-10.1.09
13. Where we store Personal Data
Data collected about our Users will be stored on our server. To ensure the security and privacy of your personal information, we take measures designed to protect that information from loss, misuse, unauthorized access, disclosure, alteration or destruction.
14. How long we store Personal Data
We store Personal Data for 5 years or until a Client withdraws their consent to further processing of the Personal Data, and for 5 years after cession of service provision according to the GDPR provisions.
15. Notifications
In the case of a Personal Data breach, Company shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal information breach to the supervisory competent authority, unless the personal information breach is unlikely to result in a risk to the rights and freedoms of natural persons.
If Company learns of a security systems breach, then we may attempt to notify You electronically so that You can take appropriate protective steps. Company may post a notice on the Company website if a security breach occurs.
When the Personal Data breach is likely to result in a high risk to the rights and freedoms of users, the Company will inform You.
In the event that Company is acquired by or merged with a third party entity, we reserve the right, in any of these circumstances, to transfer or assign the information we have collected from our Users as part of such merger, acquisition, sale, or other change of control. If we become involved in a merger, acquisition, or any form of sale of some or all of its assets, we will notify Users before personal information is transferred and becomes subject to a different privacy policy. In the unlikely event of our bankruptcy, insolvency, reorganization, receivership, or assignment for the benefit of creditors, or the application of laws or equitable principles affecting creditors' rights generally, we may not be able to control how Your personal information is treated, transferred, or used.
16. Obtain confirmation
Any Client has the right to obtain confirmation as to whether or not Personal Data concerning him or her are being processed.
16.1 Access Personal Data
If Personal Data concerning the Client is being processed by the Company, the Client has the right to access such data.
16.2 Disclosure of Personal Data
We collect personal information about our users to detect and prevent fraud. In this regard, Personal information about the User may be provided to a third-party service provider cooperating with Cryptacash Types of third parties we share information with:
● state authorities, law enforcement officials - to fulfill the requirements of the law, directive or court process;
● banks and other financial institutions cooperating with Cryptacash;
● our partner companies provide identity verification services (customer registration, customer identity verification, including PEP and sanctions).
16.3 Request of information by Client
Any Client has the right to demand the following additional information concerning their Personal Data:
● the purposes of the processing
● the categories of Personal Data concerned
● the recipient (s) or category (ies) of recipient to whom the Personal Data have been or will be disclosed
● the criteria determining the period for which the Personal Data will be stored
16.4 Request rectification
Any Client has the right to obtain the rectification of inaccurate Personal Data concerning them (this includes to have incomplete Personal Data completed) from the Company without any undue delay.
16.5 The right to be forgotten
Any Client has the right to withdraw their previously given consent and have the personal information erased from our system. In this case third party will no longer get the Personal Data of a Client.
However, it doesn’t mean that your data will be erased immediately it will still be stored at our facility in order to comply with numerous statutory obligations, specifically provision of the GDPR regulations, under which we are required to store any collected information for a minimum period of 5 years from the closure of your Account, for the purposes of the prevention, detection, analysis and investigation of money laundering or funding of terrorism activities. After this period has elapsed, your Personal Data will be deleted from our records.
16.6 Restrict processing
The Client has the right to obtain restriction of processing if the accuracy of the Personal Data is contested by him, for a period enabling the Company to verify the accuracy of the Personal Data.
16.7 Receive Personal Data
The Client has the right to receive Personal Data concerning them, which they have provided to the Company, in a structured, commonly used and machine-readable format.
16.8 Have Personal Data transmitted
The Client has the right to have the Personal Data transmitted directly from one controller to another, where technically feasible.
16.9 Object
The Client has the right to object, on grounds relating to his or her particular situation, at any time to processing of Personal Data concerning him or her.
16.10 Communications
Throughout our cooperation You shall receive information messages from the Company. as described below, given that you where applicable “opt-in” and don't "opt-out" from this options:
● messages by email [email protected];
● messages by phone;
● messages by push notifications.
17. Implementation of changes
We may subsequently change this privacy policy for operational, legal or regulatory reasons.
18. Conclusion
Please acknowledge by implementing rights given by GDPR (erasure, stop processing), You will deprive yourself of some features of the Website and in some cases, where applicable, we might be forced to close your account at the Website, launch an investigation and will reserve the right to forfeit deposited funds in case of fraudulent intentions from your side.
We are committed to protecting the privacy of Personal Data and try to disclose the processing details in a transparent and easy way.
Should you have any questions concerning the information above, please, don't hesitate to contact us (see Section 4 of this Policy for our contact details).
Should we lawfully receive your Personal information from a third party you will have same rights regarding information in question as regarding information that you have provided to us directly or we have collected during cooperation with you.
If you reasonably believe that we are violating our responsibilities to protect your privacy, you have a right to lodge a complaint with a relevant supervisory authority.