Any information stored on KRIPTOMAT platform is treated as confidential. All information is stored securely and is accessed by authorized personnel only. KRIPTOMAT implements and maintains appropriate technical, security and organizational measures to protect Personal Data against unauthorized or unlawful processing and use, and against accidental loss, destruction, damage, theft or disclosure.
This policy applies where we are acting as a data controller with respect to the personal data of our website visitors and service users; in other words, where we determine the purposes and means of the processing of that personal data.
Our website incorporates strict privacy controls which will have an impact on how we will process your personal data. By using the privacy controls, you can specify whether you would like to receive direct marketing communications and limit the publication of your information.
For the purposes of this Policy, KRIPTOMAT defines the term “User”, “Visitor”, “Client” or “You” as a natural or legal person, either a visitor of www.kriptomat.io website or as the user with a trading account at KRIPTOMAT. The term “we”, “us”, “our” refers to KRIPTOMAT.
2. Collection and use of information
The following sections cover the specifics of each of the two groups from which data is collected: website Visitors and Users of our Services.
2.2 Website Visitors and collection of Visitors Data
If you are a Visitor to our website only, and not a User of our Services or the KRIPTOMAT platform otherwise, then this section is relevant for you.
If you do not agree with the Terms set out herein, we ask you to not visit this website www.kriptomat.io. In cases when required by the applicable law, we will ask for your explicit consent to process Personal Data, which shall be collected on this website or volunteered by you. Kindly note that any consent will be entirely voluntary. However, if you do not grant the requested consent to the processing of your Personal Data, the use of this website may not be possible or may be limited.
KRIPTOMAT may add information collected by way of page view activity. Furthermore, KRIPTOMAT may collect and process Personal Data that you voluntarily and with your consent give to KRIPTOMAT in our website’s forms, such as when you sign up for information and newsletters. You can unsubscribe from the newsletter by opening the one of KRIPTOMAT e-mail, which you received, and clicking “unsubscribe” at the bottom of the page. You can also send us an e-mail to [email protected] and ask us to unsubscribe you.
If you provide KRIPTOMAT with your social media details, KRIPTOMAT may retrieve publicly available information about you from social media. KRIPTOMAT uses such information for better user experience, enabling a user to make a login to our website with the users’ Facebook profile.
Such Personal Data may comprise your IP address, first and last name, your postal and email address, your telephone number, your job title, data for social networks, your areas of interest, interest in KRIPTOMAT services as well as information as to the type of relationship that exists between KRIPTOMAT and yourself. The information is collected for the purpose of improved user experience.
KRIPTOMAT gathers data about visits to the website, including numbers of Visitors and visits, Geo-location data, length of time spent on the site, pages clicked on or where Visitors came from.
2.2.1 Purpose of processing personal data
KRIPTOMAT uses the collected data to communicate with Visitors, to customize content for Visitors, to show ads on other websites to Visitors, and to improve its website by analyzing how Visitors navigate its website. KRIPTOMAT will process all Data in order to monitor and improve website and Services.
2.2.2 Sharing and storing personal data
KRIPTOMAT may also share such information with service vendors or contractors in order to provide a requested service or transaction or in order to analyze the Visitor behavior on its website.
The data that we collect from you is stored within the territories of the European Union. Automatically collected data (Google Analytics) by third parties may be stored outside the EU.
2.2.4 Links to other websites
2.2.5. Geographical location of collection and storing Personal Data
The website KRIPTOMAT runs on servers in European data regions. A KRIPTOMAT “Data Region” is a set of data centers located within a defined geographical area where User data is stored. Personal Data is not transmitted to other Data Regions. For KRIPTOMAT website visitors, all Personal Data of visitors are located in KRIPTOMAT European Data Region, all Personal Data is processed in the EEA.
2.2.6. Third-party Plugins
In addition to that, visitors of Kritpomat website can also sign up to Disqus, or login with Facebook, Twitter or Google and share their likes and comments. Kriptomat is using plugins and is not considered as a primary controller of the personal data. The primary controllers are Facebook, Twitter, Google and Disqus.
In respect of operations involving the collection and disclosure of the data Kriptomat can be considered as a joint controller with Facebook, Instagram, Google and Disqus in respect of the collection and transmission of a certain personal data of visitors to its website.
In order to provide services to its Users, KRIPTOMAT collects certain types of data from them. This section will describe how Users` data is collected and used by KRIPTOMAT. Data entered or transferred into KRIPTOMAT by Users such as texts, questions, contacts, media files, etc., remain the property of the User and may not be shared with a third party by KRIPTOMAT without express consent from the User.
KRIPTOMAT will process your account data you provide when you open KRIPTOMAT account, perform transactions on the KRIPTOMAT platform, or use other KRIPTOMAT Services. This information may include:
- Contact information, such as name, home address, email address, date and place of birth, mobile phone number.
- Account information, such as username and password.
- Financial information, such as bank account numbers, bank statements, and trading information.
- Identity verification information, such as an image of your government issued ID, passport, national ID card or driving license, and under special conditions also a social security number (US residents)
- Residence verification information, such as utility bill details, phone bill or similar document.
The source of the account data is a user who opens an account. The account opening data will be used and processed for the purposes of performing a detailed Know Your Customer (Hereinafter: KYC) procedure according to necessary Anti-Money Laundering and Anti-Terrorist Regulations.
Users are visitors of the KRIPTOMAT website and therefore their Personal Information is collected as described in the previous section. This Personal Information will be used for operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with Users.
Kriptomat will use users’ e-mail phone number and residential address for communication purposes with users regarding: login, registration, transactions, orders, safety requirements, notifications about safety measures, reminders about the status of orders, transactions, user profile level, and other necessary communication with users. The user will also receive occasional notifications about new token listing and other promotions.
2.4.2 Collection of User data
During a User’s registration at KRIPTOMAT exchange platform, Users provide information such as name, company name, email, address and nationality (registered seat of the legal entity), bank account, ID number and image of the ID document, date and place of birth, personal picture, phone number, utility bill and other relevant data.
The Users Data shall be collected and processed by a third party – Sum and Substance, LIMITED, with its registered office at Suite 1, 5 Percy Street, Fitzrovia, London, England, W1T 1DG (hereinafter Sum and Substance), who is a trusted partner of KRIPTOMAT for collecting and processing Users data on behalf of KRIPTOMAT. Sum and Substance is an experienced identity verification company that will process Personal Data for the purposes of the necessary KYC/AML procedures. Sum and Substance will obtain and process all the above stated Personal Data and run KYC/AML procedures and ensure compliance with the relevant AML legislation.
If you wish to stop receiving marketing communications from us, please contact us at [email protected] to opt-out.
Users of KRIPTOMAT services can at any time access and edit, update or delete their contact details by logging in with their username and password to KRIPTOMAT platform and use “Delete User Account” setting. KRIPTOMAT will not retain User data longer than is necessary to fulfill the purposes for which it was collected or as required by the applicable laws and regulations.
In the course of its activity, Kriptomat shall also communicate with the users via the telephone using the telephone numbers given in the identification process. Communication will serve for the purpose of verifying the credibility of the user account, thereby strengthening the platform’s security, strengthening the brand, informing users about new offers and events, about new issues of tokens and direct sales of Kriptomat services.
2.4.3. Geographical location of processing Personal Data
All Personal Data, which will be collected and processed within the KYC procedure by Sum and Substance and KROPTOMAT are stored on servers in European data regions. Such Personal Data is not transmitted to other Data Regions.
KRIPTOMAT has servers in European data regions. A KRIPTOMAT “Data Region” is a set of data centers located within a defined geographical area where User data is stored. Personal Data is not transmitted to other Data Regions. For KRIPTOMAT Users, all accounts are located in KRIPTOMAT European Data Region, all Personal Data is processed in the EEA.
It has to be noted that KRIPTOMAT is a platform that offers buying, selling and storing virtual currencies. Trading virtual currencies take place on the blockchains (Ethereum, Bitcoin, etc.) which are decentralized databases software platforms for virtual assets. Blockchains are a list of records, called blocks, which are linked and secured using cryptography. Each block typically contains a cryptographic hash of the previous block, a timestamp and transaction data. By design, a blockchain is inherently resistant to modification of the data. Therefore Data cannot be modified or deleted, since there are no servers involved. Data are dispersed among computer all around the world in an encrypted version.
If you trade virtual currencies you agree that your Personal Data may be collected, stored, processed and that you will not be able to delete it or invoke the right to be forgotten. Your data are encrypted, meaning they are coded (anonymized). Note that also encrypted personal data that is your e.g. crypto wallet address with KRIPTOMAT can still be traced back to a person if enough effort is put into it by experts or someone holds the key to decryption. With trading virtual assets via KRIPTOMAT platform you expressly agree to give your Personal Data on the (public) blockchain that these Data (even though encrypted) cannot be deleted and that Personal Data may be transferred outside European territory.
You acknowledge and expressly agree that by the nature of the technology it is not possible to delete personal data from the blockchain and invoke the right to be forgotten. You also agree that by the nature of the technology it is not possible to keep personal data within the EU borders.
188.8.131.52 Processing in accordance with General Data Protection Regulation
The processing of Personal Data is performed in accordance with privacy rights and regulations following the EU Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 (the Directive), and the implementations of the Directive in local legislation. From May 25th, 2018, the Directive and local legislation based on the Directive will be replaced by the Regulations (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, known as the General Data Protection Regulation (GDPR), and our processing will take place in accordance with the GDPR.
KRIPTOMAT processes Personal Data as a Controller, as defined in the Directive and the GDPR:
KRIPTOMAT Ltd. which you as a Visitor entered an agreement with when using KRIPTOMAT’s platform as a Visitor, will be the Controller for Visitors data, as outlined above in “Collection of Visitor data” section.
For Users data, as outlined in the “Collection of Users data” section, the KRIPTOMAT will be the Controller in accordance with GDPR. The Users Data shall be processed by a third party Processor – Sum and Substance, to Collect and process Users data on behalf of KRIPTOMAT. Sum and Substance is an experienced identity verification company that will process Personal Data for the purposes of the necessary KYC/AML procedures. Sum and Substance will obtain and process users: name, surname, address, residency, date and place of birth, ID number, copy ID, users’ picture, email, phone number, utility bill and other personal information. Sum and Substance is a certified ID verification company having sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of GDPR and ensure the protection of the rights of the data subject.
KRIPTOMAT has data processing agreements in place with its providers, ensuring compliance with GDPR. All hosting is performed in accordance with the highest security regulations. All transfers of data internally is done in accordance with this data processing agreement.
KRIPTOMAT adheres to the Directive of 1995 and the GDPR from May 25th, 2018. Consequently, KRIPTOMAT processes all data provided by its Users with accounts in its European Data Region, in the European Union, EGS and Switzerland only.
3. Retention and deletion of Personal Information
KRIPTOMAT will not retain data longer than is necessary to fulfill the purposes for which it was obtained for or as required by applicable laws or regulations. When a users’ account is terminated or expired, all Personal Data collected through the platform will be deleted, as required by applicable law.
Every user or visitor can invoke the right be right to be forgotten at any time. Users and visitors can request a list of his or hers personal data. In case you wish to obtain such data send an e-mail to [email protected]. You will receive the list within one month from receiving your request by KRIPTOMAT.
4. Acceptance of these Conditions
In case of the change in the types or purpose or processing procedure of your personal data, KRIPTOMAT will ask for your consent if required by EU and national regulations.
5. Legal Obligation to Disclose Personal Information
5.1. Disclosure to third parties
5.2. Disclosure to prevent damage and disclosure to legal authorities
We will reveal user’s personal information without his/her prior permission only when we have reason to believe that the disclosure of this information is required to establish the identity of, to contact or to initiate legal proceedings against a person or persons who are suspected of infringing rights or property belonging to KRIPTOMAT or to others who could be harmed by the user’s activities or of persons who could (deliberately or otherwise) transgress upon these rights and property. We are permitted to disclose personal information when we have good reason to believe that this is legally required and when the competent authorities have required to present them with such Personal Information.
6. Data Protection Officer
KRIPTOMAT has a “Data Protection Officer” who is responsible for matters relating to privacy and data protection. This Data Protection Officer can be reached at the following email: [email protected]
7. Security of Personal Information
We use a variety of security measures to ensure the confidentiality, integrity, availability and privacy of your Personal Information and to protect your Personal Information from loss, theft, unauthorised access, misuse, alteration or destruction. These security measures include, among others:
- Password protected directories and databases.
- Secure Sockets Layered (SSL) technology to ensure that your information is fully encrypted and sent across the Internet securely.
- Vulnerability Scanning to actively protect our servers from hackers and other vulnerabilities.
- Regular penetration testing.
- Secure coding principles.
- Encryption of sensitive data during transfer and at rest.
- 2-factor authentication.
- Logging of activities performed in the platform.
- Access controls and
- other measures to mitigate risks identified during the risk assessment process.
All financially sensitive and/or credit information is transmitted via SSL technology and encrypted in our database. Only authorized KRIPTOMAT personnel are permitted access to your Personal Information, and this personnel is required to treat the information as highly confidential. The security measures will be reviewed regularly in light of new and relevant legal and technical developments.
8. Access right to your personal information
You have the right to access your Personal Information to correct, update, and block inaccurate and/or incorrect data. To exercise this right, contact us at [email protected]
9. Information, Complaints and Contact
If you have any further questions regarding the data KRIPTOMAT collects, or how we use it, then please feel free to contact us by email at: [email protected] or in writing at: Kriptomat OÜ, Roosikrantsi 2-KRM, 10119 Tallinn, Estonia.
You have a right to lodge a complaint with supervisory authority, to enforce your rights, as specified above. You can find out how to do this at the Estonian Data Protection Inspectorate (AKI) http://www.aki.ee/en/ inspectorate or European Data Protection Supervisor https://edps.europa.eu/.
Last update: 15 April 2019