Krypteros S.A.S. (“Krypteros”, “we”, “us”, “our”) respect and protect the privacy of the visitors to our websites and our customers who use our services (the "User" or "you" or “your”).
The protection and confidentiality of your personal data is of particular importance to us. We treat your personal data confidentially and in accordance with the applicable data protection laws, in particular with the EU General Data Protection Regulation (the "GDPR").
TYPE OF INFORMATION COLLECTED
a. Information you provide to us at registration
When you create a Krypteros Account, you provide us with personal information that includes your contact information (email address, username and a password).
b. Information we collect when authenticating user identity
To comply with global industry regulatory standards including Anti-Money Laundering (AML), Know-Your-Customer (KYC), and Counter Terrorist Financing (CTF), Krypteros requires Users to undergo identity authentication. This entails collecting personal identification Information: full name, date of birth, age, nationality, gender, utility bills, photographs, home address and formal identification information: passport number, driver’s license details, national identity card details, photograph identification cards, proof of residency.
c. Information we collect as you use our services
Through your use of the Krypteros platform, we also monitor and collect tracking information related to usage such as access date & time, device identification, operating system, browser type and IP address. This information may be directly obtained by Krypteros or through third party services. This service usage data helps us our systems to ensure that our interface is accessible for users across all platforms and can aid during criminal investigations.
d. Transaction Information
We collect transaction information regarding deposits, withdrawals, account balances, commitments and uncommitments history and associated accounts. This transaction data is monitored for suspicious activity for user fraud protection, and legal case resolution.
e. Usage Data:
Survey responses, information provided to our support team, public social networking posts, authentication data, security questions, user ID, click-stream data and other data collected via cookies and similar technologies.
WHY DOES KRYPTEROS COLLECTS THIS INFORMATION?
Below are the specific purposes for which we use the information we collect about you: (i) Provide the Services, customer support you request; (ii) Verify your account; (iii) Resolve disputes and troubleshoot problems; (iv) Prevent and investigate potentially prohibited or illegal activities, and/or violations of our posted Terms; (v) To ensure network and information security; (vi) Customize, measure, and improve the Services and the content and layout of our application; (vii) Deliver targeted marketing and service update notices based on your communications preferences.
WE WILL NOT USE YOUR INFORMATION FOR PURPOSES OTHER THAN THOSE PURPOSES WE HAVE DISCLOSED TO YOU, WITHOUT YOUR PERMISSION.
HOW DOES KRYPTEROS PROTECT AND STORE YOUR DATA?
Our operations are supported by a network of computers, servers, and other infrastructure and information technology, including, but not limited to, third-party service providers. We and our third-party service providers and business partners store and process your personal data in the European Union, and the United States of America.
We understand how important your privacy is, which is why Krypteros maintains adequate physical, technical and administrative safeguards to protect the security and confidentiality of your personal information.
We protect your personal information by maintaining physical, electronic, and procedural safeguards in compliance with the applicable laws and regulations.
For example, we use computer safeguards such as firewalls and data encryption, we enforce physical access controls to our buildings and files, and we authorize access to personal information only for those employees who require it to fulfill their job responsibilities.
However, we cannot guarantee that loss, misuse, unauthorized acquisition, or alteration of your data will not occur. Please recognize that you play a vital role in protecting your own personal information. When registering with our Services, it is important to choose a password of sufficient length and complexity, to not reveal this password to any third-parties, and to immediately notify us if you become aware of any unauthorized access to or use of your account.
a. Why we share personal information with other parties
We take care to allow your personal information to be accessed only by those who really need to in order to perform their tasks and duties, and to share with third parties who have a legitimate purpose for accessing it. Krypteros will never sell or rent your personal information. We will only share your information in the following circumstances: (i) We share your information with third party identity verification services in order to prevent fraud. This allows Krypteros to confirm your identity by comparing the information you provide us to public records and other third-party databases. These service providers may create derivative data based on your personal information that can be used solely in connection with provision of identity verification and fraud prevention services. (ii) We may share your information with service providers under contract who help with parts of our business operations such as bill collection, marketing, and technology services. Our contracts require these service providers to only use your information in connection with the services they perform for us, and prohibit them from selling your information to anyone else. (iii) We may share your information with law enforcement, officials, or other third parties when we are compelled to do so by a subpoena, court order, or similar legal procedure, or when we believe in good faith that the disclosure of personal information is necessary to prevent physical harm or financial loss, to report suspected illegal activity or to investigate violations of our Terms or any other applicable policies.
b. Third-parties privacy policies
TRANSFERS OF PERSONAL INFORMATION
a. Transfer of Personal Information Outside of the European Economic Area (EEA)
We may transfer your personal information outside the EEA to other Company subsidiaries, service providers and business partners (i.e Data Processors) who are engaged on our behalf. To the extent that we transfer your personal information outside of the EEA, we will ensure that the transfer is lawful and that Data Processors in third countries are obliged to comply with the European Union (EU) General Data Protection Act 2016 and the UK Data Protection Act 2018. If transfers of personal information are processed in the US, we may in some cases rely on applicable standard contractual clauses, binding corporate rules, and EU-US Privacy Shield.
b. Transfers of personal information outside of your country
By using our products and services, you consent to your Personal Data being transferred to other countries, including countries that have differing levels of privacy and data protection laws than your country. In all such transfers, we will protect your personal information as described in this Privacy Notice, and ensure that appropriate information sharing contractual agreements are in place. Transfers of personal information from APAC countries will be in line with the APEC Framework.
DATA RETENTION PERIOD
Safeguarding the privacy of your personal information is of utmost importance to us, whether you interact with us personally, by email, over the internet or any other electronic medium. We will hold personal information, for as long as we have a business relationship with you, in secure computer storage facilities, and we take the necessary measures to protect the personal information we hold from misuse, loss, unauthorized access, modification or disclosure.
When we consider that personal information is no longer necessary for the purpose for which it was collected, we will remove any details that will identify you or we will securely destroy the records. However, we may need to maintain records for a significant period of time (after you cease being our client). For example, we are subject to certain anti-money laundering laws which require us to retain the following, for a period of 5 years after our business relationship with you has ended: (i) a copy of the records we used in order to comply with our client due diligence obligations; (ii) Supporting evidence and records of transactions with you and your relationship with us
Also, the personal information we hold in the form of a recorded information, by telephone, electronically or otherwise, will be held in line with local regulatory requirements (i.e. 5 years after our business relationship with you has ended or longer if you have legitimate interests (such as handling a dispute with you)). If you have opted out of receiving marketing communications, we will hold your details on our suppression list so that we know you do not want to receive these communications.
HOW YOU CAN ACCESS AND CONTROL YOUR INFORMATION
Pursuant to regulations, any User shall have a right to access, rectify and, in certain cases, object to the processing, ask for the restriction of the processing, or the erasure and portability of the data and, where relevant, the deletion of personal data related to them. Furthermore, any User shall have the right to make a claim to a supervisory authority. In the following we inform you on your rights:
a. Right of access
You have the right at any time to demand information on if we process your personal data. In the event of such processing, you may request the following information from us: (i) the purposes for which personal data are processed; (ii) the categories of personal data which are processed; (iii) the recipients or categories of recipients to whom your personal data have been or will be disclosed; (iv) the planned duration of the storage of your personal data or, if specific information is not possible, criteria for determining the storage duration; (v) the existence of a right to correct or delete your personal data, a right to restrict the processing by us or a right of objection to such processing; (vi) the existence of a right of appeal to a supervisory authority; (vii) all available information on the origin of the data if the personal data are not collected directly from you; (viii) the existence of automated decision-making, including profiling in accordance with Article 22 paragraph 1 and 4 GDPR and, at least in these cases, meaningful information on the logic involved and the scope and intended impact of such processing on you.
b. Right of rectification
You have the right to demand us to correct and/or complete your personal data if your personal data processed is incorrect or incomplete.
c. Right to restrict processing
You may request to restrict the processing of your personal data if (i) you deny the accuracy of the personal data for a period of time that enables us to verify the accuracy of the personal data; (ii) the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of the personal data; (iii) we no longer need your personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims; (iv) if you have lodged an objection against the processing and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your grounds.
d. Right of deletion
You may demand your personal data to be deleted if (i) the personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed; (ii) you revoke your consent to the processing and there is no other legal basis for the processing; (iii) you submit an objection to data processing and there are no predominant justifiable reasons for the processing; (iv) your personal data have been processed illegally; (v) the deletion of your personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which we are subject.
e. Right to data portability
You have the right to obtain your personal data in a structured, commonly used and machine-readable format. You have the right to transmit your data to another controller. Where technically feasible, you have the right to have your data transmitted directly from us to another controller.
f. Right to object
On grounds relating to your particular situation, you have the right to object at any time to the processing of your personal data which is carried out on the basis of Article 6 paragraph 1 lit. f) GDPR. Such grounds exist, in particular, if they underline your interests and outweigh our interest in the respective data processing. If your personal data are processed in order to carry out direct advertising, you have the right to object at any time to the processing of personal data for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct advertising.
g. Right to revoke the declaration of consent under data protection law
If you gave us the consent to process your personal data, you have the right to revoke your declaration of consent at any time. The revocation of the consent does not affect the legality of the processing carried out based on the consent until the revocation.
h. Right to lodge a complaint with the supervisory authority
When you access our Services, we may place small data files called cookies or pixel tags on your computer or mobile device.
You can follow the instructions provided by your browser or device (usually located under “Settings” or “Preferences”) to modify your cookie or pixel data settings. Please note that if you set your browser or device to disable cookies, certain of our Services may not function properly.
If you have any question relating to data processing in connection with our websites and services, and your rights according to the applicable data protection laws, you may contact us by email at email@example.com.