Date of the last revision: 15th June 2018
1.1 Cryptocurrenciesregister.org Oy ("we") are committed to safeguarding the privacy of our data-subjects ("you" or "user"); in this policy we explain how your personal data, meaning any information relating to you as an identified or identifiable natural person, which we may have regarding you, is collected, used, stored, disclosed, and removed (each and all referred to as "processing").
1.2. We do not actively collect personal information regarding minors under the age of 18. If you feel that a child under this age has supplied us with personal information, please inform our customer support.
1.3. This Policy only applies to information we process, and does not apply to information from companies or employees that are outside our area of control. If you click on links found on our site and provide personal information to that site, you will be covered by any privacy policies they may have. Please be sure to read the privacy policies of any third-party sites you visit. It is those sites use your information for illicit purposes, you must turn to them for redress; it is their responsibility to protect any information you give them, so we cant be held responsible for their wrongful use of your personally identifying information.
1.4. We may update this policy from time to time and will notify you of changes to this policy affecting your rights by email and/or by posting on our website at Cryptocurrenciesregister.org.com.
2.How We Use Your Personal Data
2.1 When do we gather your information?
We gather your information when you: register on our site, place an order, subscribe to a bulletin, fill out a form, use live chat, make a request for support or enter information on our site.
2.2. You registration data ("registration data") may be processed. This data may include your username, email address, home address, and phone numbers. We obtain this information from you. This registration data is required in order for you to make use of our services. The legal bases for this processing are your consent and accepting a contract between you and us and/or taking steps, at your request, to enter into such a contract;
2.3. We may process your account data ("account data"). Account data may include your full name, email address, username, country and telephone number. We obtain this account data from you. It may be processed for the purposes of providing our services, ensuring the security of our users and services, and communicating with you. Users may need to set their full name to their user profile before buying bitcoins online from some traders. The full name is only shown to bitcoin sellers with whom the user has opened trading. Verifying the full name helps protecting users against fraudulent payments, increase user’s trustworthiness, and provides an alternative way to access user’s Cryptocurrencies Public Register wallet in case the password is lost or the account is hacked. The phone number is used for notification purposes and as an alternative mechanism for identifying users in case the password is lost or the account gets hacked into. The legal bases for this processing are consent, the creation of a contract between you and us and/or taking steps, at your request, to enter into such a contract; and our legitimate interests, namely the operation of our business model.
2.4. We may process your identity documents ("ID data"). Verifying account with an ID is currently obligatory for all advertisers and users whose trading volume exceeds a certain limit. ID data may contain your full name, country, date of birth, Social Security number and gender. The purpose of ID data is to protect our users from fraud and helps us to prevent, detect and investigate fraud, money laundering, criminal activity or other misuses of our service. Moreover, by requiring all advertisers to verify ID will help us to provide a more trustworthy, safe and reliable trading experience for our customers. ID creates a strong assumption about the ownership of the account and thus ensures that we can return access to your account in case your account is hacked. Legal bases for this processing are consent and legitimate interests, ours and/or third-parties, mainly for preventing, detecting and investigating fraud, criminal activity or other misuses of our services and to prevent security issues.
2.5. We may process data about your use of our website and services ("usage data"). Usage data is primarily non-personally-identifying information of the sort that web browsers, servers, and services like Google Analytics typically make available, such as the browser type, language preference, referring site, and the time of each visit. Other non-identifying information that we might have access to includes: how you use the service (e.g. search queries), your approximate location, cookies set by our site, etc. Usage data may include: 1) Data that we collect mainly for behavior statistics, business intelligence and email campaigns ("analytics data"). We gather website traffic data with the help of Google Analytics.
2) Data that we collect mainly for technical, security and/or fraud prevention reasons or for tracking errors ("technical data"). We gather data from website errors assisted by Sentry, which may occasionally contain usage data. We also log certain events from what you do on our site. The legal basis for this processing is for our legitimate interests and/or those of third-parties; it is mainly for monitoring service quality and improving our website and services, as well as preventing, detecting and investigating possible fraud, criminal activity or other misuse of the services and for preventing security issues.
2.6. Some of the information used in your communications to us or what is created by the use of our services of may be processed by us.
Communication data include:
1) all your messages, requests and other communication means with our customer support which may take place during the dispute review process or via support tickets, emails, or by means of any other communication tool; processed communication data may include, email address, username, IP address, full name, audio and video files and in the case of manual ID verification: photo of the user’s personal ID, photo of the user, and photo of the user’s utility bill or related document. The communication data may be processed for the purposes of communicating with you, record-keeping, reviewing and resolving disputes, serving our customers better and improving our services. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business.
2.7. We may process information that you provide to us when you subscribe to our email notifications, SMS notifications and/or newsletters ("notification data"). The notification data could include your email address, phone number, username and full name. Your notification data may be processed for the purpose of sending you the relevant notifications and/or newsletters. The legal basis for this processing is consent. You can unsubscribe at any point by contacting us or by clicking the unsubscribe link in the email.
2.8. It is possible that we may profile you by compiling and using the information and data received through your use of our services and other methods as described above and/or other data obtained from external sources (see section 4). In a very few cases, our automated processors may restrict or suspend access to our services if these processes detect activity that might possibly provoke a safety or other risk to our service, our users or third parties. We process this information because of our legitimate interests in protecting our service and brand; preventing, detecting and investigating fraud, criminal activity or other misuse of the services optimizes the products and services we offer and complies with applicable laws.
2.9. We may process any of your personal data when necessary for the establishment, exercise or defense of legal claims, whether in court proceedings or outside the court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
2.10. In addition to the specific purposes for which we may process your personal data set out in this Section 2, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
2.11. All the aforementioned general categories of data may contain data which do not identify you and are therefore not considered personal data
2.12 We may request, and process other data required by our Compliance Department in order to accomplish the KYC (Know your Customer procedure) required by law. The KYC procedure is a simple online process of identification. In order to be added to the whitelist and have access to our services, participants will need to provide a high-quality image of a passport or other government-issued ID. The procedure will take place online, in real time, and, in most cases, the results will be almost immediate. Other personal information such as bank references, professional references and family information may be required for specific services. This information will not be disclosed to third parties, unless we receive a Court order.
KYC controls include the following:
• Collection and analysis of basic identity information such as Identity documents (referred to in US regulations and practice as a "Customer Identification Program" or CIP);
• Name matching against lists of known parties (such as "politically exposed person" or PEP);
• Determination of the customers risk in terms of propensity to commit money laundering, terrorist finance, or identity theft;
• Creation of an expectation of a customers transactional behavior;
• Monitoring of a customers transactions against expected behavior and recorded profile as well as that of the customers peers.
3. Information You Choose to Display Publicly on Our Services
3.1. Some users may choose to publicly post personally identifying or sensitive information about themselves in their normal use of our services. Anything you may use, such as optional profiles, what you post on public boards while interacting with other users and using forums on cryptocurrenciesregister.org, or if you publicly share a part of something that previously private. Such information, voluntarily posted in public parts of our services, is considered to be public, even if it would, in private areas, be considered as personally identifying or sensitive. As such, it is not subject to the protocols listed below, because we dont control these areas: you do. In addition, voluntarily making such information public means that you lose any privacy rights you might normally have regarding that information. It may also increase your chances of receiving unwanted communications, like spam.
3.2. Please remember also, that if you choose to provide personally identifiable information using certain public features of our services, individuals reading such information may use or disclose it to other individuals or entities without our control and without your knowledge, and search engines may index that information. We therefore urge you to think very carefully about including any specific information you may deem private in content that you create or information that you submit through our Services.
4. Providing Your Personal Data to Others
4.1. In this Section 4 we describe:
• External services ("processors") that we use for processing personal data on our behalf;
• Types of personal data that processors may process;
• The reason for using them.
4.2. For behavioral statistics, business intelligence and email campaigns we use the service by Google LLC ("Google Analytics"), a company located in the United States. Data that we may provide to Google Analytics may include your IP address and that data is used by Google Analytics to generate information about your usage of our service.
4.3. In addition to the specific disclosures of personal data set out in this Section 4, we may also release your personal data 1) to our auditors, lawyers, accountants, consultants and other professional advisors insofar as it is reasonably necessary for the purposes of obtaining professional advice or managing legal disputes and risks; 2) where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your fundamental interests and/or the fundamental interests of a third-party.
5. International Transfers of Your Personal Data
5.1. We store your information in the cloud. However, some features and requirements of the service, involve transferring your information to international third-party service providers.
6.1. This Section 6 describes our policies regarding data retention and deletion, which are designed to help ensure that we comply with our legal obligations in relation to the user’s right to be omitted.
6.2. Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for any purpose or purposes.
6.3. Users may request the deletion of their account through our site.
6.4. We will retain or delete your personal data as follows:
• For all users who have deleted their account:
• Personally-identifiable analytics data is removed 30 days after account deletion.
• Our processors do not usually store notification materials, but they may retain activity logs for a short period of time (this time varies depending on the processor in question but is no longer than 12 months).
• Your communication data will be deleted 2 years after you delete your account.
• Your registration data, account data, ID data, trade data and technical data will be deleted 2 years after you delete your account.
6.5. In some cases, it is not possible for us to be specific on how long your personal data will be retained. In these cases, we will determine the period of retention based on the period we need to access the data for the provision of services, receiving payment, resolving your customer support problems or other problems or for any other auditing or legal reasons.
6.6. Notwithstanding the other provisions of this Section 6, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your fundamental interests or the fundamental interests of another natural person.
7. Your Rights
7.1. Section contains a summary of the principal rights that you have under data protection law. Some of the rights are complex and might contain restrictions depending on the legal basis for processing the data, and not all the details have been included in our summaries.
Therefore, you should read the relevant laws and guides provided by regulatory authorities for a full explanation of these rights.
7.2. Your principal rights under data protection law are:
(a) The right to access;
You have the right to confirm whether or not we process your personal data and, where we do, to access to the personal data. As long as the rights and freedoms of others are not affected, we will supply you with a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee. You can ask for your personal data by contacting our customer support.
(b) The right to corrections;
You have the right to have any inaccurate personal data about you corrected and, taking into account the purposes of the processing, to complete any incomplete personal data about you.
(c) The right to removal;
You have the right to remove your personal data. We have described our policy for retaining and deleting personal data above in Section 6.
(d) The right to object to processing;
You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that it is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims.
(e) The right to data portability;
To the extent that the legal basis for our processing of your personal data is consent, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would negatively affect the rights and freedoms of others.
(f) The right to complain to a supervisory authority;
If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection.
(g) The right to withdraw consent.
To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
7.3. Without prejudice to the user, if we have reasonable doubts concerning the identity of a user exercising his/her rights referred to in Section 7.2 or if we otherwise feel, due to security reasons, that it is necessary, we may request the user to provide additional information and otherwise use all reasonable measures necessary to confirm the identity of said user.
7.4. You may exercise any of your rights regarding your personal data by contacting our customer support. Regarding "Right to removal" users are also able to request the deletion of their account through our site.
(a) What are cookies?
Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies
For more general information on cookies see the Wikipedia article on HTTP Cookies
(b) Cookies that we use
When you enter data through a form like those found on contact pages or comment forms, cookies may be set to remember your user details for future communications. In order to provide you with a great experience on this site, we provide the component for setting your preferences for how this site runs when you use it. In order to remember your preferences we need to set cookies so that this information can be called up whenever you interact with a page that is affected by your preferences.
We run an affiliate program and, as a part of it, affiliates advertise our site and services. With the affiliate program we use tracking cookies to track users who visit our site through one of our affiliate partner sites in order to credit them appropriately, and where applicable, allow our affiliate partners to provide you any bonus for making a purchase.
(c) Cookies used by our service providers
In addition, Cloudflare will add a security cookie to any domain or subdomain that is using our service as a proxy.
(d) Managing cookies
You can prevent the setting of cookies by adjusting the settings on your browser (see your browser: Help for how to do this). Disabling cookies will result in disabling all functionalities and features of this site. Therefore, it is recommended that you do not disable cookies.
9. How to Contact Us
Data Protection officers contact details
Cryptocurrencies Public Register Data Office
Cryptocurrencies Public Register Institute