1. DATA WE COLLECT
We collect information you provide directly to us and we also get some information about you when you interact with CryptoBox Services. For example, we collect information about you when you create an online account, complete a transaction, fill out a form, complete a verification (KYC) procedure, use our software products and mobile applications, respond to surveys, post messages to our forums or wikis or otherwise communicate with us.
The types of information we may collect are as follows:
- Your personal information, such as your name, surname, company name, email, address and nationality (registered seat of the legal entity), bank account, ID number and image of the ID document, date and place of birth, personal picture, phone number, utility bill and other relevant data relating to user verification (KYC) procedure (hereinafter “User Data”).
- Contact information, namely your email address and phone number. Your bitcoin address. Account information such as username, two-factor authentication keys and account preferences.
- All information associated with SMART contracts. Any information that is required for the tax purposes namely your VAT identification number.
Users Data shall be collected and processed by a third party Equinix, Inc. and registered in USA, whose registered office is at One Lagoon Drive, Redwood City, CA 94065. Equinix is CryptoBox’s trusted partner for collecting and processing Users data on behalf of CryptoBox. Equinix is an experienced identity verification company that will process User Data for the purposes of the necessary KYC/AML procedures. Equinix will obtain and process all the above stated User Data and run KYC/AML procedures and ensure compliance with the relevant AML legislation. For the purposes of maintaining and reviewing users for the purposes of KYC/AML compliance, CryptoBox will collect and process the same information that Equinix will collect in the process of user verification (KYC) procedure.
Bitcoin address does not in itself allow us to identify an individual person and would as such in certain jurisdictions not be considered personal information. In such jurisdictions, if we do combine this non-personal information with personal information, the combined information will be treated as personal information for as long as it remains combined.
When you access or use the CryptoBox Services, we automatically collect information as follows:
- Transaction information: we collect information about the transaction you complete via the CryptoBox Services.
- Location information: Our mobile applications may collect precise geolocation information from your mobile device with your prior consent. If you initially consent to our collection of location information, you may be able to subsequently stop the collection of this information through your device operating system settings. You may also stop our collection of location information by following the standard uninstall process to remove our mobile applications from your device.
- Device and Log information: we collect information about the computer or mobile device you use to access the CryptoBox Services, including device identifiers, mobile network information, type of operating system, type of hardware used and the type of browser used. We also log information about your use of the CryptoBox Services, including access times, pages viewed, IP address, other standard web log data, and the page visited before and after navigating to our websites.
- Software auto-update: Our desktop and mobile software products may utilize auto-updating features with your prior consent. If you initially consent to auto-update features, you may be able to subsequently stop the auto-update features through our software products or your device operating system settings.
2. HOW WE USE YOUR DATA
We use your data to operate effectively and provide the best experience with our services.
We use your data to authorize access to CryptoBox Services, to provide customer support, to manage your account(s) and send you technical notices, updates, security alerts and support and administrative messages. We also use your data to process transactions, to send notices about your transactions and to help prevent potentially prohibited or illegal activities and enforce our user agreement.
With the help of the data you provide us and with linking or combining it with information we obtain from others, we personalize, measure and improve the CryptoBox Services. Any optional personal data that you choose to disclose within your profile settings will be solely used for identification and communication purposes and will not be processed or shared in any other way.
We may also carry out any other purpose for which the data was collected, to the extent such purpose is necessarily contemplated by the collection of such information or as otherwise notified in the CryptoBox Services at the time of collection.
We use third party services to help us provide our services effectively (e.g., maintenance, analysis, audit, transactions, fraud detection, marketing and development). They will have access to your information as reasonably necessary to perform these tasks on our behalf and are obligated not to disclose or use it for other purposes.
We use your email address to get in contact with you, to deliver marketing and promotional offers on behalf of CryptoBox and others.
You may opt out of receiving promotional communications from us by following the instructions in those communications. You may also opt out of receiving our newsletter or certain administrative emails by modifying your communications preferences through the settings feature of your online account. If you opt out of receiving promotional communications, we may still send you transactional or relationship messages, such as those about your account or our ongoing business relations.
We target (and measure the performance of) ads to users, visitors and others both on and off our services directly or through a variety of partners. We are using data from advertising technologies on and off CryptoBox Services, like web beacons, pixels, ad tags, cookies, and device identifiers.
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. They are typically stored on your computer’s hard drive.
We use third party service provider(s), to assist us in better understanding the use of our Site. Our service provider(s) will place cookies on the hard drive of your computer and will receive information that we select that will educate us on such things as how visitors navigate around our site, what products are browsed, and general transaction information. Our service provider(s) analyses this information and provides us with aggregate reports. The information and analysis provided by our service provider(s) will be used to assist us in better understanding our visitors’ interests in our Site and how to better serve those interests. The information collected by our service provider(s) may be linked to and combined with information that we collect about you while you are using our services. Our service provider(s) is/are contractually restricted from using information they receive from our Site other than to assist us.
3. HOW AND WHY WE SHARE YOUR DATA
We will only use and disclose your personal information internally in order to:
- understand and meet your needs and preferences;
- develop new and enhance existing service and product offerings;
- manage and develop our business and operations;
- carry out any purposes for which we have received your consent;
- meet legal and regulatory requirements.
We may disclose any information we collect about you, whether you are a current or former customer, with law enforcement, data protection authorities, government officials, and other authorities, when:
- compelled by subpoena, court order or other legal procedure;
- we believe the disclosure is necessary to prevent physical harm or financial loss;
- disclosure is necessary to report suspected illegal activity;
- we obtain your consent or at your direction.
Other than in connection with a merger, sale of CryptoBox’s assets, financing or acquisition, we will not sell or rent any of your information to third parties for their own marketing purposes.
3.1. SHARING DATA WITH THIRD PARTY SERVICE PROVIDERS
3.1.1. CRYPTOBOX SERVICE
We share some of your data with third party service providers for analytic purposes in order to provide the best user experience. We are sharing data gathered from cookies, device identifiers and usage data with:
- Facebook SDK to track and examine the use of CryptoBox Miner and CryptoBox Website to prepare reports and analysis;
- Fospha for connecting data from CryptoBox Website with action performed in CryptoBox Miner;
- Google Analytics to track and examine the use of CryptoBox Website in order to prepare reports and analysis.
CryptoBox has data processing agreements in place with its providers, ensuring compliance with GDPR. All hosting is performed in accordance with the highest security regulations. All transfers of data internally is done in accordance with this data processing agreement. All User data, which is collected and processed within the KYC procedure by Equinix and are stored on servers in European data regions. Such personal data is not transmitted to other data regions.
We are sharing your email addresses with third party service providers such as MailerLite and MailGun, to send you marketing communications, communicate with you about our services and let you know about our policies and terms. We also use your information to respond to you when you contact us. 3.1.4. Advertising and Analytics (Non-Personally Identifiable Information Only) We use third-party analytics and advertising providers to help us analyse and improve our services. We are sharing data gathered from cookies and usage data and do not share information that personally identifies you. We use analytic tool Facebook Pixel to measure the effectiveness of our advertising, to understand your actions on CryptoBox Website and to optimize our advertising. We also use Google AdWords to connect data gathered from Google AdWords advertising network with actions performed on CryptoBox Website.
4. LEGAL BASIS FOR PROCESSING DATA
We collect, use and share data as described above.
We will only collect and process personal data about you where we have lawful bases. Lawful bases include consent (where you have given consent), contract (where processing is necessary for the performance of a contract with you – learn more in our Terms of Service on CryptoBox Website) and “legitimate interests”.
Where we rely on your consent to process personal data, you have the right to withdraw or decline your consent at any time and where we rely on legitimate interests, you have the right to object. If you have any questions about the lawful bases upon which we collect and use your personal data, please contact our Data Protection Officer – dpo@CryptoBox.com.
5. YOUR CHOICES AND OBLIGATIONS
5.1. DATA RETENTION
5.2. ACCESSING AND CONTROLLING YOUR PERSONAL DATA
Regarding your personal data, you have the following options:
- Delete data: You can request deletion of your personal data that we have about you. We will delete the data that we are not legally obliged to keep and since some of the data is necessary to provide CryptoBox Services to you, you will not be able to use our services after the deletion;
- Change or correct data: You have the right to request change of incorrect personal data that we have about you;
- Object to or limit or restrict use of data: You can request that we stop using all or some of your personal data (e.g., if we have no legal right to keep using it) or to limit our use of it (e.g., if your personal data is inaccurate or unlawfully held).
- Right to access and/or take your personal data: You have the right to ask us for a copy of your personal data and can ask for a copy of personal data you provided in machine readable form.
You can make a request for any of the above mentioned actions by sending an email to dpo@CryptoBox.com. In relation to all procedures relating to the collection, processing and storage of your personal data, you have the right to appeal to the Information Commissioner of the Singapore.
5.3. ACCOUNT INFORMATION AND ACCOUNT DELETION
You may access and review or update your online account information at any time by logging into your account.
If you choose to close your CryptoBox Account, please contact us at dpo@CryptoBox.com. Your account will be deleted and your personal data will be erased within 30 days of receiving your request.
We retain your personal data even after you have closed your account if reasonably necessary to comply with our legal obligations, meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse or enforce our Terms of Service. We will retain de-personalized and fully encrypted information after your account has been deleted.
We implement reasonable security practices and procedures to help protect the confidentiality and security of your information, including any non-public personal information.
We protect your information using reasonable physical, technical and administrative security measures, including by limiting access to your information to employees with a need to know such information. To make sure your personal information is secure, we communicate our privacy and security guidelines to our employees and strictly enforce privacy safeguards within the company.
7. CONTACT US
Last updated: April 12, 2020