updated: October08, 2020
1. GENERAL PROVISIONS
1.2. We take great care to limit the Personal Data We collect and use only for the purposes, which are necessary for providing our Services.
1.3. Company collects and processes Personal Data, that is necessary for legitimate business purposes, which will be disclosed to the data subject. Cryptoart will use and process this information only for the purposes for which it was collected, retaining the Personal Data only for so long as it is required for specific purpose of collecting the information, unless a longer period is necessary for our legal obligations or to defend a legal claim.
2. ABOUT US
2.1. The legal entity, which acts as a Personal Data Processing Company is CRYPTOART OÜ, [hereinafter also “Cryptoart”/ “Company”/ “We” / “Us] (company code 14298546), having registered office at: Estonia, Harjumaa, Tallinn, Pärnumnt. 141-59, 11314.
3. WHAT DATA WE COLLECT ABOUT YOU
3.1. «Personal Data» (also refereed as to the «PD», «Personal Information») shall mean any information, that identifies You, i.e. Your email, login (User name) requests to our support team, statistics and etc. If You cannot be identified (for example, when Personal Data has been anonymized), this Policy shall not apply.
3.2. Whenever You visit our Website or use our Services, We collect and process Your Personal Data.
3.3. We divide the information We collect about You as follows:
3.3.1. Information You provide us with by Yourself:
a) When You use our Services, (f.e. during registration of a Personal Account) You provide Us with Your Personal Data which includes following info:
- Login and Email address;
- Real Name and Surname;
b) In certain cases, (when additional verification by bank or compliance authority is needed according to governmental rules, AML Policy, or if such information is required for providing You with a customer support services) Cryptoart, or our duly authorized KYC-provider, may require You to provide additional information, and namely:
- Date of Birth;
- Bank account info;
- Place of Birth;
- Information on whether You hold a prominent public function;
- Residential address information and relevant proof of address information (utility bill or bank reference letter or other confirming documents, as is set by the Terms and by the AML Policy);
- Proof of identity information (foreign or internal passports, ID-card, driver license or other confirming documents, as is set by the Terms and by the AML Policy);
- Mobile phone number;
- Numbers, that You may use or have registered with Your local tax authority;
- Additional photographs of You;
- Confirmation of proceeds sources (for example, additional bank statements);
- Sworn statements;
- Other information (including, but not limited to that information, mentioned in the AML Policy).
Be aware, that due to the Applicable Law, We may be some times obliged to conduct KYC procedures. We preserve the right to conduct KYC at any time of Your Platform’s Usage, as it is mentioned in the Terms.
The abovementioned information and details shall be provided only upon special personal request to the User and specified in respective email or message from us or our duly authorized KYC-provider.
3.3.2. Information We collect automatically (applies even if You do not register User Account or use offered Services):
a) IP address;
b) User-Agent. Due to the nature of how the Internet works, We may receive service information (known as “User-Agent”) automatically sent by Your web-browser, such as data associated with the source device’s Internet browser/content delivery software (e.g., Microsoft Explorer, Mozilla Firefox or Google Chrome). The User-Agent information We receive may also include information such as device type (e.g., computer, tablet, mobile device), preferred language, and/or date/time of visit/pattern of Website usage and other information. Similar to the collection of IP addresses, our Website also receives User-Agent information associated with Your browser and type of device.
c) Information from cookies (Section 6 of this Policy).
This information is useful to us because it helps us to better understand how You use our Services, so that We can improve them for You. We may collect general anonymous analytical information regarding the use of the Services for their optimization.
3.3.3. Information we receive from third parties. We do not exclude the possibility of collecting Your Personal Data from other sources, for example, from publicly available sources, such as social networks, Affiliates, or from trusted third parties like payment providers (if any). We use this information in addition to the Personal Data We have already collected about You in order to better personalize and improve our services for You, as well as to verify the Personal Data You provide Us with.
4. HOW WE USE YOUR PERSONAL DATA
4.1. We may deliver, personalize, and improve our Platform, other Services by combining and using the Personal Data We have about You (including information We receive on and off our Platform, Services) to understand how You use and interact with our Services and the people or things You’re connected to and interested in. We also may use the information We have about You for the following purposes:
4.1.1. Provide, maintain, improve, and develop relevant features, content, and Services;
4.1.2. Fulfil Your requests and when authorized by You;
4.1.3. Research and develop new Services;
4.1.4. Detect and defend against fraudulent, abusive, or unlawful activity;
4.1.6. We may use Your Personal Information to contact You with newsletters, marketing, information regarding different events or promotional materials and other information that may be of interest to You. You may opt-out of receiving any, or all, of these communications from us by following the instructions provided in any email We send or by following the unsubscription link in those emails;
4.1.7. Send You technical notices, updates, security alerts, invoices and other support and administrative messages;
4.1.8. Provide customer support and similar services;
4.1.9. If You choose to contact us directly (by email, form, chat, or postal mail) using the contact information We provide on the Website, We will use Your contact information to respond to Your inquiry and for the promotional communications purposes, as it is mentioned above.
4.1.10. Personalize the Services and provide advertisements, content and features that match User profiles or interests;
4.1.11. For publishing of news and updates in our official social networks, in our Platform, or on our Website and etc.
5. HOW WE SHARE YOUR PERSONAL DATA
5.2. Website may contain links to other websites and file downloads from other websites. We do not exercise control over any website that may be linked to from within content on our Website. We are not responsible for the privacy practices or content of such websites.
5.3.1. With our partners. We may share information with affiliates, vendors, consultants, and other service providers who need access to such information to carry out work for Us, but not with the advertisers. The partner’s use of Personal Data will be subject to appropriate confidentiality and security measures.
5.3.2. To comply with the law. We may share information in response to a request for information if We believe disclosure is in accordance with, or required by, any applicable law, regulation, legal process or governmental request, including, but not limited to, meeting national security or law enforcement requirements. To the extent the law allows it, We will attempt to provide You with prior notice before disclosing Your information in response to such a request. We may also share Your Personal Data with regulatory, state and law enforcement agencies, courts, fraud prevention agencies, licensing authorities or other third parties, in cases where applicable laws or regulations must be observed, as well as to implement, establish or protect our legal rights (when it is possible and appropriate, We will immediately inform You about disclosure of Your Personal Data to such third parties);
5.3.3. In an emergency. We may share information if We believe it’s necessary to prevent imminent and serious harm to a person;
5.3.4. To enforce our policies and rights. We may share information if We believe Your actions are inconsistent with our user agreements, rules, or other policies, or to protect the rights, property, and safety of ourselves and others;
5.3.5. With our Affiliates. We may share information between and among Cryptoart and any of our parents, Affiliates, subsidiaries, and other companies under common control and ownership;
5.3.6. M&A.If Cryptoart is acquired or merged with another company, We will transfer currently collected Personal Data to the acquiring company.
5.3.7. With Your consent. We may share Your Personal Data with Your consent or at Your direction.
5.5. We may share aggregated information (i.e., information that cannot be used to identify an individual) for a variety of reasons, including under the following circumstances:
5.5.1. Partner with third-party advertisers, ad networks to deliver advertising and content targeted to Your interests;
5.5.2. To better understand Your use of the Services;
5.5.3. To administer our Websites and Services;
5.5.4. For marketing purposes;
5.5.5. If Company is acquired or merged with another company, We will transfer aggregate information to the acquiring Company.
5.5.6. We may share aggregate information if necessary, to comply with a subpoena or court order, to establish or exercise our legal rights or defend against legal claims, or to cooperate with government and/or law enforcement officials.
5.5.7. For any lawful basis.
These third parties may collect information sent by Your computer, browser, or mobile device in response to a request for content, such as unique identifiers, Your IP address, location or other information about Your computer or device.
5.6. As were mentioned above, when You send Us messages, We can keep them for administering of Your inquiries, for improving of our Services. We shall not transfer information from such messages to third parties.
5.7. In other cases, We do not share Your Personal Data, but retain it encrypted on our servers, for more details about that please see section “Security of Your Personal Data”.
6.3. You can globally prevent the setting of cookies by adjusting the privacy settings of Your web browser (see Your web browser Help for how to do this). As was already mentioned, disabling cookies will negatively affect the functionality and many other websites that You visit. Disabling cookies will also usually result in disabling of certain functionality and features of the Website. Therefore, it is recommended that You do not disable cookies, or You experience from the usage of the Website will be affected.
6.4. Below you can find the links to the instructions on how to manage cookies for the most common web browsers:
6.4.1. Internet Explorer;
6.4.2. Google Chrome;
6.4.3. Mozilla Firefox;
6.5. We collect following information via Cookies:
6.5.2. Website address;
6.6. We don’t request or require You to provide Personal Information to just accessing/viewing our Website without using of Services in any possible way. As previously stated, We may receive Your IP address and browser user agent information automatically as a part of obligatory technical information exchange between Your device and our web server. If You optionally elect to fill out our contact request forms, We may receive Your Full Name, Email, Messenger (Telegram or other available method) username, Phone number.
6.7. In case You require the detailed technical information and descriptions of the actual cookies that We use, You are free to contact us both via email or online.
7. LENGTH OF DATA RETENTION
7.1. We retain Your Personal Data to fulfill our legal, operational, contractual and regulatory obligations. For each type of records, the recordkeeping requirements may vary so We guarantee that in no event shall We retain Your Personal Data longer than required. If You would like to know more about the length of retention for a specific data, please contact us via firstname.lastname@example.org.
8. SECURITY OF YOUR PERSONAL DATA
8.1. We provide the following safety measures regarding protection of Your Personal Data:
8.1.1. Evaluation of the effectiveness of used security measures, prior to the launch of the Website and its updates;
8.1.2. Establishing rules to access to Personal Data processed by the Website, as well as ensuring registration and recording of all actions performed with PD in the information systems of the Website;
8.1.3. Detection of the facts of unauthorized access to PD and the adoption of appropriate response measures;
8.1.4. Restoration of PD that was modified or destroyed due to unauthorized access to them (within the framework of technical capability of the Project).
8.2. WE USE, STORE AND PROCESS YOUR PERSONAL DATA ON OUR SERVERS IN VARIOUS JURISDICTIONS, WHERE OUR FACILITIES AND/OR SERVICE PROVIDERS ARE LOCATED. BY CHECKING A RELEVANT BOX, VIEWED ON THE WEBSITE DURING REGISTRATION PROCEDURE, YOU AGREE TO THIS TRANSFER, STORING, OR PROCESSING. COMPANY WILL TAKE ALL STEPS REASONABLY NECESSARY TO ENSURE THAT YOUR PERSONAL DATA IS TREATED SECURELY AND IN ACCORDANCE WITH THIS POLICY. We protect Your Personal Data under internationally acknowledged standards, using physical, technical, and administrative security measures to reduce the risks of loss, misuse, unauthorized access, disclosure, and alteration. Some of the safeguards Cryptoart use are firewalls and data encryption, physical access controls to our data centers, and information access authorization controls. All services related to operations and infrastructure are accessible only through secure connectivity (e.g., SSL, SSH). All systems require multi-factor authentication. Our back-office, service, and infrastructure password policies require minimum lengths, complexity, expiration, lockout, and disallows reuse. Company grants access to staff and contractors on the basis of least privilege rules, reviews permissions monthly, and revokes access immediately after employee contract termination.
8.3. All of our physical, electronic, and procedural safeguards are designed to comply with applicable laws and regulations. Third parties may be located in other countries where the laws on processing of Personal Data may be less stringent than in Your country. From time to time, the Personal Data may be also stored in other locations, and in such cases, Company will ensure that the Personal Data will be stored and processed with the reasonable level of care and security.
8.4. All employees of our Company are required to undergo national background checks, are also required to sign non-disclosure agreements, undertake other confidentiality obligations and complete security training for ensuring compliance with these provisions. We are doing our best to limit the amount of the employees, which have access to the Personal Information. Only those employees, who are engaged in services provision via Website, Personal Information protection or maintenance of the Website have accesses to the Personal Information.
8.5. Our Platform, systems and applications undergo security review for vulnerabilities prior to production deployment.
9. KNOW YOUR RIGHTS
9.1. If You are a resident of the European Union, You have certain data protection rights under the GDPR:
9.1.1. You may delete several types of Your Personal Account information, which were provided by Yourself, at any time from the relevant page. But We may retain certain Your Personal Data as required by law or for legitimate business purposes after You delete Your Personal Account. If You initially consent to our collection of location information, You can subsequently stop the collection of this information at any time by changing the preferences on Your browser.
9.1.2. You have the right to receive information regarding purposes of Personal Data collection, regarding third parties, to which we disclose Your Personal Data, information, regarding safeguards that are applicable for secure storage of Your Personal Data, period of time for which Personal Data will be stored.
9.1.3. You also have the right to demand full erasure of Personal Data concerning You sending Us a request via email@example.com.Company shall fulfil Your request in appropriate period of time. If there is no other lawful ground for storing and processing of Your PD, as prescribed by Applicable Law, we shall erase such PD. If there is another legal ground for such processing, Cryptoart shall notify You in appropriate period of time.
9.1.4. You also have the right to demand restriction of the storing and processing of the PD, if legal grounds for such demands have arisen / or are prescribed in Applicable Law.
9.1.5. You have the right to object processing of Personal Data concerning Yourself under circumstances, that are prescribed in Applicable Law. In case of such objection, Company shall restrain from processing of Your PD, if there will be no other legal grounds for continuing of processing.
9.1.6. You have the right to ask Company to provide You with a structured, list of previously provided PD (and of the currently processed PD by the Company). You also can ask Us to transmit Your PD to previously chosen third party.
9.2. You may delete several types of Your Personal Information, which were provided by Yourself, at any time from the relevant page in Your User Account;
9.3. You can opt-out of receiving certain marketing or promotional communications from Company at any time by using the unsubscription link in the email communications We send.
9.4. Company takes Your rights very seriously. However, if You are of the opinion that We have not dealt with Your complaints adequately, You have the right to submit a complaint to the data privacy protection authorities responsible.
9.5. To send a request for delete, rectification and submission of PD please contact support via firstname.lastname@example.org.
10. DATA TRANSFERS
10.1. When We transfer PD outside the European Union or EFTA, We ensure, that the adequate level of PD security is provided. During such transfer, We also ensure that adequate level of Your rights protection is also applied, on the basis of adequacy analysis of the third country Personal Data protection legislation, on the basis of contractual obligations, assumed by the PD recipient.
11.1. If Company becomes aware of security systems breach, then we may attempt to notify You electronically so that You can take appropriate protective steps. Cryptoart may post a notice on our Website if the security breach occurs.
12. COLLECTION OF CHILDREN’S PD
12.2. PERSONNEL OF CRYPTOART DOES NOT KNOWINGLY COLLECT OR MAINTAIN PERSONALLY IDENTIFIABLE INFORMATION OR NON-PERSONALLY-IDENTIFIABLE INFORMATION ON OUR SERVICES FROM PERSONS UNDER 18 YEARS OLD, AND NO PART OF OUR SERVICES IS DIRECTED TO PERSONS UNDER 18. IF YOU ARE UNDER 18 YEARS OLD, THEN PLEASE DO NOT USE OR ACCESS THE CRYPTOARTS SERVICES AT ANY TIME OR IN ANY MANNER. IF CRYPTOART LEARNS THAT PERSONALLY IDENTIFIABLE INFORMATION OF PERSONS LESS THAN 18 YEARS OLD HAS BEEN COLLECTED ON THE CRYPTOARTS SERVICES WITHOUT VERIFIED PARENTAL CONSENT, THEN COMPANY WILL TAKE THE APPROPRIATE STEPS TO DELETE THIS INFORMATION AND SUSPEND YOUR ACCOUNT.
12.3. Additionally, if You are in the EEA, You must be over the age required by the laws of Your country to create an account or otherwise use the Services, or we need to have obtained verifiable consent from Your parent or legal guardian.
13. CONTACT US