Privacy policy
General
This privacy policy (hereinafter – the “Privacy Policy”) governs the manner in which the Cryt platform (hereinafter – the “Cryt”, ,”CRYT Group”, “we”, “us”, “our”) collects, uses, processes, stores, and discloses information received from users of our websites based on the domain cryt.exchange and all sub domains (“Websites”) in order to provide you with services available through the Website (hereinafter – the “Services”).We assume that you have carefully read this document and accepted it.
What is GDPR, who is under compliance?
The General Data Protection Regulation (“GDPR”) is EU privacy and data protection law. It calls for more granular privacy guardrails in an organization’s systems, more nuanced data protection agreements, and more consumer-friendly and detailed disclosures about an organization’s privacy and data protection practices.
This Regulation applies to the processing of Personal Data wholly or partly by automated means, and to the processing other than by automated means of Personal Data which form part of a filing system or are intended to form part of a filing system. Generally, The GDPR requirements apply to all companies, institutions, and organizations that process Personal Data.
Processing Personal Data is a broad concept under the GDPR
The GDPR governs how the Personal Data of individuals may be processed by organizations. “Personal Data” and “processing” are frequently used terms in the legislation, and understanding their particular meanings under the GDPR illuminates the true reach of this law:
The GDPR can apply to organizations located outside the EU
The GDPR is relevant to any globally operating company, not just those located in the EU. Under the GDPR, organizations may be in scope if (i) the organization is established in the EU, or (ii) the organization is not established in the EU, but the data processing activities are with regard to EU individuals and relate to the offering of goods and services to them or the monitoring of their behavior.
Personal Data collection and usage
We will collect, store and use your Personal Data for the purposes set in this Privacy Policy.- Zendesk: https://www.zendesk.co.uk/company/agreements-and-terms/privacy-notice/
- Sumsub: https://sumsub.com/privacy-notice/
Sumsub supplemental agreement
Sumsub’s obligations as the Processor:-
Sumsub will only process the Personal Data to the extent and in such a manner as is necessary for the Business Purposes and this Agreement. Sumsub will also process Personal Data in accordance with the Customer's written instructions from Authorised Persons, if applicable. Sumsub will not process the Personal Data for any other purpose or in a way that does not comply with this Agreement or Data Protection Legislation.
-
Sumsub must promptly comply with any of the Customer’s requests or instructions from Authorised Persons requiring Sumsub to rectify, transfer, delete or otherwise process the Personal Data, or to stop, mitigate or remedy any unauthorised processing. Sumsub must promptly notify the Customer if, in its opinion, the Customer's instruction would not comply with Data Protection Legislation.
-
Sumsub will maintain the confidentiality of all Personal Data and will not disclose Personal Data to third parties unless the Customer or this Agreement generally authorises the disclosure or as required by law. If a law, court, regulator or supervisory authority requires Sumsub to process or disclose Personal Data, Sumsub must first inform the Customer of the legal or regulatory requirement and give the Customer an opportunity to object or challenge the requirement unless the law prohibits such notice.
-
Sumsub will reasonably assist the Customer with meeting the Customer's compliance obligations under Data Protection Legislation, taking into account the nature of Sumsub's processing and the information available to Sumsub, including in relation to Data Subject rights, data protection impact assessments and reporting to and consulting with supervisory authorities under the Data Protection Legislation.
-
Regardless of the type of integration (Web SDK or API) the Customer applies, Sumsub will assist the Customer in notifying data subjects that Sumsub’s identity verification services may involve the collection of biometric data; Sumsub will also require data subjects to consent to that processing from the outset of the identity verification process as per applicable Data Protection Legislation provides.
What Personal Data we may collect
1. Personal Data that our customers provide us for the registration, include:
-
your e-mail address or mobile number(s);
-
your IP address at time of registration.
2. Know Your Customer (KYC) Personal Data from you, third parties and/or publicly available sources including:
- passport or another government-issued identity document (as well as the number and expiry date of the identity document);
- your photo;
- documents establishing your source of funds;
- results of KYC or Politically Exposed Person (PEP) checks, including information collected by our suppliers;
- other Personal Data if provided during passing KYC/compliance/verification procedures (including additional), etc.
- Results of sanctions checks against known sanctions lists from the UK and EU.
- biometric data while capturing face and processing of the biometric identifiers,
- your password;
- your account and marketing preferences.
- your orders, instructions to us;
- your transactions using your account(s), including your account(s) in third-party bank(s), financial institution(s), etc., the amount, originator or beneficiary, and time/date of the transfers you make and receive;
- information about the digital device through which you access our Services, such as device type, operating system, screen resolution, unique device identifiers, the mobile network system;
- IP address;
- date and time of log-in and requests;
- Personal Data in your correspondence with us, by e-mail, telephone, messaging, texts, on-line chats, via social media, or otherwise;
- whether you've clicked on links in electronic communications from us, including the URL clickstream to our website;
- Personal Data that you provide in response to our surveys.
5. Personal Data that we collect from third parties in order to be able to register you as a customer or to provide Services to you:
- Personal Data related to payments to or from your accounts with us, provided by payment processing services, banks, card schemes and other financial services firms;
- Personal Data from credit reference agencies or fraud prevention agencies.
6. Personal Data that we collect through your use of our website (whether or not you have registered for our Services) including:
- device information such as operating system, unique device identifiers, the mobile network system;
- hardware and browser settings;
-
date and time of visits;
-
the pages you visit, the length of the visit, your interactions with the page (such as scrolling, clicks and mouse-overs), methods to browse away from our website, and search engine terms you use;
-
IP address.
7. Personal Data that we collect from individuals representing organizations such as our corporate customers and suppliers, including:
-
names, roles, and contact details of individuals working for organizations;
-
other Personal Data regarding such individuals;
-
any Personal Data contained in correspondence with those individuals.
How we may use your Personal Data
We collect and process all types of Personal Data to provide you with our Services, ensure that Services function properly, as well as to verify your identity and ensure the security of our Services, as follows:- process your registration request;
- on-board you as a customer;
- provide our products and Services;
- manage and administer our Services, including your account with us;
- communicate with you about your account and our Services, including informing you of our products and Services;
- send personalised offers of Services and products.
We may use Know Your Customer (KYC) Personal Data to:
- carry out regulatory checks and meet our obligations to our regulators;
- help us ensure that our customers are genuine and to prevent and detect fraud, money laundering and other crime (such as terrorist financing and offenses involving identity theft).
We may use Personal Data that you provide as part of your account with us to:
- manage and administer your account with us;
- communicate with you regarding your account and our Services.
We may use Personal Data relating to your use of our Services to:
- manage and administer our Services and systems;
- check if you are in a location or using a device consistent with our records in order to help prevent fraud;
- develop and improve our Services based on analyzing this information, the behaviors of our users, and the technical capabilities of our users;
- improve our Services to better suit the behaviors and technical capabilities of the users of our Service;
- answer any issues or concerns;
- monitor customer communications for quality and training purposes.
- manage and administer our Services and systems;
- help us to prevent and detect fraud.
- develop new Services based on the information being collected, the behaviors of our users, and the technical capabilities of our users;
- identify issues with the website, including website security, and user's experience of it;
- monitor the way our website is used (including locations it is accessed from, devices it is accessed from, understanding peak usage times, and analyzing what functionality and information is most and least accessed), where our customers have come from online (such as from links on other websites or advertising banners), and the way in which our website is used by different users groups;
- do statistical analysis and research with the purpose of better understanding the breakdown of our customers, their use of our Services, and what attracts our customers to our Services.
- provide Services and products;
- build relationships and BtoB collaborations with other organizations;
- provide marketing communications to these individuals;
- improve our Services and develop new Services based on the preferences and behaviors of these individuals;
- obtain Services for our business.
Rights of the Personal Data subject
You have certain rights with respect to your Personal Data, including those set forth below.
Right to be informed - you have the right to be informed about the collection and use of your Personal Data and the following information: who has collected Personal Data and processed, the purposes for processing your Personal Data, retention periods for Personal Data, who the Personal Data will be shared with etc.
Direct Marketing
Please note that if you have given explicit consent for marketing communications, this can be withdrawn at any time. You can also unsubscribe from our marketing communications.
Legal requirements
We need to collect certain types of Personal Data for compliance with legal requirements relating to our anti-fraud and Anti-Money Laundering/Countering Financing of Terrorism/Know Your Customer obligations. If this Personal Data is not provided we cannot agree to provide a Service to you.Personal Data we do not process
Security of Personal Data
We use a variety of physical, technical, and administrative security measures to ensure the confidentiality of your Personal Data, and to protect your Personal Data from loss, theft, unauthorised access, misuse, alteration or destruction as well as from other illegal actions of third parties.
Sharing your Personal Data
We do not sell, trade, or rent our Users’ Personal Data to any third parties. We may transfer certain Personal Data of Users (such as your contact and/or identification information) to third-party financial institutions in exceptional cases, when required by the rules and policies of such financial institutions, in order to identify Users and provide them with our Services.
Retention of Personal Data
We retain your Personal Data only for those periods necessary to fulfil the various purposes outlined in this Privacy Policy unless a longer retention period is required or allowed by law.
Personal Data disclosure
Personal Data transfers
We may transfer to, and store your Personal Data we collect in, countries other than the country in which the data was originally collected, including the countries outside the European Economic Area (“EEA”), the United Kingdom and Switzerland. Those countries may not have the same data protection laws as the country in which you provided the data. When we transfer your Personal Data to other countries, we will protect the Data as described in this Privacy Policy and comply with applicable legal requirements providing adequate protection for the transfer of data to countries outside the EEA, the United Kingdom and Switzerland.
If you are located in the EEA, the United Kingdom or Switzerland, we will only transfer your Personal Data if:
-
the country to which the Personal Data will be transferred has been granted a European Commission adequacy decision; or
-
we have put in place appropriate safeguards in respect of the transfer, for example, we have entered into EU standard contractual clauses and required additional safeguards with the recipient, or the recipient is a party to binding corporate rules approved by an EU, UK or Swiss supervisory authority.
Changes to the Privacy Policy
We reserve the right to amend the Privacy Policy at our discretion and at any time. Any changes to this Policy will take effect from the moment this Policy is published on https://support.cryt.com/hc/en-us/articles/20873156182801-Privacy-and-Data-Policy . You shall regularly review the Privacy Policy and pay attention to its revisions. Your continued use of our Website and Services following the posting of changes constitutes your acceptance of the amended Privacy Policy. We always indicate the date the last changes were published.