Controller is a legal term set out in the General Data Protection Regulation (GDPR), it means the party responsible for deciding what Personal Data to collect and how to use it;
Personal Data means data which can be used to identify a living individual. This could be a name and address, or it could be a number of details which when taken together make it possible to work out who the information is about. It also includes information about the identifiable individual;
Processor is a legal term set out in the GDPR, it means the party who has agreed to process Personal Data on behalf of the Controller.
1. Why we collect your personal information
We manage your Personal Data to help us to improve our customer services, for operational purpose such as dealing with any queries relating to your account, to comply with legal and regulatory compliance requirements and to prevent fraud and financial crimes. We also use your data for research and development purposes, to enhance users’ website experience and engage in marketing activities based on your communication preferences.
2. What type of information we collect
Depending on the service you wish to use, payment method, size of transaction and the purpose of our legitimate interest, we collect the following types of information:
• Basic personal information: Full name, date of birth, nationality, place of birth, age, phone number, home address, and/or email.
• Formal Identification Information: Tax number, passport number, driver`s license details, national identity card details, photograph identification cards.
• Financial information: Bank account details, payment card details, transaction history, trading data, and/or tax identification, personal wealth, assets and liabilities, proof of income and expenditure, credit and borrowing history.
• Survey responses: Information provided to our support team, public social networking posts, authentication data, security questions, user ID, other data collected via cookies and similar technologies.
3. How your personal information is used
We will only use and share your information where it is necessary for us to lawfully carry out our business activities. Your information may be shared with and processed by other third parties. We want to ensure that you fully understand how your information may be used. CryptoCheckout may share your information in the following circumstances:
• We share your information with third party identity verification services in order to prevent fraud. This allows CryptoCheckout to confirm your identity by comparing the information you provide us to public records and other third-party databases.
• We may share your information with financial institutions with which we partner to process payments you have authorised.
• We may share your information with law enforcement or regulatory agencies, as may be required by law.
To ensure that we have sufficient records for accounting and audit purpose, to protect ourselves in the event of a dispute arising between you and us, to comply with law and regulations and to enhance your experience on using our services, we may keep customer account records up to six years after your relationship with us ends, whilst other records are retained for shorter periods vary by the nature of relationship between you and CryptoCheckout.
We may on exception retain your information for longer periods, particularly where we need to withhold destruction or disposal based on an order from the courts or an investigation by law enforcement agencies or our regulators. This is intended to make sure that CryptoCheckout will be able to produce records as evidence, if they’re needed.
4. Customer Rights
• Right to be informed: the right to be informed about what Personal Data the Controller collects and stores about you and how it’s used.
• Right of access: the right to request a copy of the Personal Data held, as well as confirmation of:
(i) the purposes of the processing;
(ii) the categories of personal data concerned;
(iii) the recipients to whom the personal data has/will be disclosed;
(iv) for how long it will be stored; and
(v) if data wasn’t collected directly from you, information about the source.
• Right of rectification: the right to require the Controller to correct any Personal Data held about you which is inaccurate or incomplete.
• Right to be forgotten in certain circumstances, the right to have the Personal Data held about you erased from the Controller’s records.
• Right to restriction of processing: the right to request the Controller to restrict the processing carried out in respect of Personal Data relating to you. You might want to do this, for instance, if you think the data held by the Controller is inaccurate and you would like to restrict processing the data has been reviewed and updated if necessary.
• Right of portability: the right to have the Personal Data held by the Controller about you transferred to another organisation, to the extent it was provided in a structured, commonly used and machine-readable format.
• Right to object to direct marketing: the right to object where processing is carried out for direct marketing purposes (including profiling in connection with that purpose).
• Right to object to automated processing: the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects (or other similar significant effects) on you.
5. Additional information from external sources.
We may obtain information about you from third party sources as required or permitted by applicable law, such as public databases, credit bureaus, ID verification partners, resellers and channel partners, joint marketing partners, and social media platforms. We obtain such information to comply with our legal obligations, such as anti-money laundering laws. Our lawful basis for processing such data is compliance with legal obligations. In some cases, we may process additional data about you to ensure our Services are not used fraudulently or for other illicit activities.
6. Automatically collected information.
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration, problem solving and service improvement. This is statistical data about our users' browsing actions and patterns and does not identify any individual.
8. Protection of the personal information
Any security incidents which may impact on the confidentiality, integrity or availability of personal data held by us must be reported immediately to our Data Protection Officer.
Such events could include:
• Loss of records, laptops or media containing personal data;
• Unauthorised access to information systems containing personal data;
• Access of personal data with no justifiable business need;
• Personal data being misdirected to an incorrect recipient;
• Loss of access to systems containing personal data.
All reported incidents will be recorded to ensure appropriate mitigation measures are in place and to identify lessons for necessary improvements. Please be aware that we are not responsible for any loss and/or we might not be able to stop any personal data breach in case you have failed to notify us.
We will not permit any third parties to contact you directly on an unsolicited basis in relation to their own products or services. We do not sell, trade, or rent your personal identification information to others. You should never disclose your account password to unauthorized parties. We use certain security measures to help keep your personal information safe, but we cannot guarantee that these measures will stop any users try to get around the privacy or security settings on the Website through unforeseen and/or illegal activity.
If you have any questions or concerns about how we are using Personal Data about you, please contact our Data Protection Officer immediately at our registered address or by email to firstname.lastname@example.org.
If you wish to make a complaint about how we have handled Personal Data about you, you may lodge a complaint with the Information Commissioner’s Office by following this link: https://ico.org.uk/concerns/.