LAST UPDATED ON 20/01/2021
Crosschange International OÜ, is a private limited company incorporated under the laws of the Republic of Estonia, with registry code: 14707163 (collectively the “Company,” “Crosschange” “we,” “us” and “our”).
Crosschange will dedicate all its efforts to protect your Personal Data as well as respect your privacy.
The Company is committed to protecting the information collected through its products, services, and websites accessed through internet-capable hardware platforms including but not limited to personal computers, mobile computers, mobile devices, or software platforms.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
Crosschange may notify you of other data collection needed for specific services or products, through supplementary policies or private notice provided to you.
“Personal Information/Personal Data” refers to any information that allows a natural person to be identified. That information can on its own identify the person or jointly with other data allow the identification of the person.
The personal information the Company holds is provided in the ways described in section 1 and 2 of this Policy.
1. Type of PERSONAL INFORMATION collected
1.1. All Users or web visitors may navigate through the public sections of the Website without having to disclose their names or any Information or Personal data; therefore, if you use the public sections of the Website you will remain anonymous unless you decide to register through the website or log into your account.
1.2. Upon registry through the Website, the Company may request the User to provide information, which is necessary for the use of the platform, website or provision of the Services.
1.3. The Company is entitled to collect the following information about the customer during the account registration:
Client name & surname;
Date of birth;
Time and date of registration on the Platform;
Source of arrival on the Platform;
Password and Username;
1.4. Additionally, the Company collects some data automatically, namely information about devices (including mobile devices), which the User may use to access the Website, this includes:
IP- address of the User’s device,
Used browser and operating system,
Device used to access the platform,
Time and date of account logins,
Transaction history when using the Services.
1.5. Once the client is registered, the Company will collect more data, in the event the Client uses any of the Services provided. That information includes:
Identity document issued by a Government (scanned copy of the passport, ID card, Driver license, Tax ID number),
Bank account information of a financial institution that you provide during an Order;
Records of correspondence, including requests, reports or feedback sent through the Customer Support Desk.
Proof of origin of funds,
Proof of documentation of the Company (Articles of association…).
Other information that in our sole discretion is deemed necessary to comply with legal obligations.
2. HOW INFORMATION IS COLLECTED
2.1. Your personal information is collected in different ways: (i) Information you provide to Us during registration of the account or during the provision of the services, (ii) information which is collected automatically from your use of the Services, such as device information, IP address, etc., and (iii) information collected from third parties or associated partners.
2.2. In order to provide you with our Services, you must be 18 years old or of legal age in your jurisdiction.
We do not knowingly collect personal information from any user under age.
If a User is suspected to be under the age of 18, the Company may proceed to close the account and cease the use of Services.
If the Company learns that information has been collected of a User that is under the age of 18, measures will be taken in order to close the account and remove the information collected.
2.3. Information you provide the Company with: In order to register an account, to interact with our Customer Support Desk and/ or access our Services, you will have to provide the information described in section 1.3 and 1.5 of this Policy.
You may be required to provide further information or documentation for verification purposes, for the provision of new Services or settings as well as to prevent fraud or other illegal activities.
You understand and accept that you are responsible for the correctness and accuracy of the data you have provided the Company with and that all information must be up to date at all times.
Sharing such information constitutes consent to allow Crosschange International OÜ to store this information in your account. It does not give us the ability or right to share that information with any third party, except as expressed in section 8 of this Policy, or to post on or use it in social media.
2.4. Information collected automatically from you: The Company will collect information from you automatically whilst you are interacting with the Services, such as your: IP address, Logins, browser details or other information stated in section 1.4 of this Policy.
The information collected automatically helps the Company address any incidents, requests and complaints, prevent unauthorized access, as well as allows to improve the running and performance of the Platform.
2.5. Information collected from other sources, third parties or associated partners: Crosschange might obtain information from other sources if required or permitted by law.
The Company may access the following sources to gather information from you:
2.5.1. Public databases and registry’s,
2.5.2. ID verification partners,
2.5.3. Blockchain data,
2.5.4. Associated Partners, Marketing Partners or Security partners.
2.5.5. Information on any sanction lists the Client appears.
2.5.6. Bank or entity from which you make a transfer.
2.6. By not providing the information required you understand and accept that the Company may not be able to provide the Services.
2.7. By registering in the platform and using the Services, you confirm that you have read and accept the terms herein established.
2.8. When required by law or to provide the Services, the Company may ask you to provide more information. If the information is not provided, you may find that some Services are not available to you.
3. USE OF INFORMATION
3.1. The information we collect is primarily intended to facilitate account access, provide the Services and allow a smooth functionality of the site and its features.
The Company may use the information you have provided for the following purposes and under these legal bases:
To verify your identity when required by law,
To perform contractual obligations and fulfill any Service requested,
To comply with legal obligations,
To provide or improve existing Services or develop new services,
To provide site functions and customer service or technical support,
To troubleshoot technical problems and provide support to resolve questions, incidents and disputes,
To process transactions and exchanges as well as notify you of such transactions,
To collect fees and facilitate withdrawals and deposits,
To ensure no illegal activity or crime is being carried out, such as money laundering or other financial crimes,
To measure the effectiveness of our design, layout, and site functionality,
To measure performance of the Services and invite you to customer satisfaction surveys;
To provide targeted services, marketing, and offers specific to your site uses and interests.
To detect, monitor and inform of any security incidents, updates or any important notices related to this matter.
To allow Corporate transactions (mergers, acquisitions, fusions…).
To process, manage and store your personal data for any purpose you consent.
3.2. The Company may send you a notification to your e-mail address regarding news or updates to the platform or in order to ensure your account is secured.
The Client cannot opt-out of receiving notifications when these involve legal or security matters.
3.3. The Company does not sell any personal data of the Users to third parties.
3.4. Crosschange International OÜ has the right to hire authorized contractors for the purpose of compliance with this Policy or other internal documents. The Company may disclose the User’s personal data only to enforce and comply with the law or this purpose.
3.5. Crosschange will not use any of the Clients personal information for purposes that have not been here disclosed.
However, the Company may use, process and disclose non personal information for any purposes it deems appropriate.
4. legal bases for the collection of information
4.1. The Collection and processing of personal information for EEA residents relies on the following legal bases:
4.1.1. The User has consented to the processing of his personal data.
All information will be used for the purposes herein foreseen.
In case additional information is needed to be collected or the Company decides to send notifications for marketing purposes, the Client will be asked to give his consent and will be able to withdraw it at any time.
4.1.2. Data is processed in order to perform the contract reached.
Personal data is needed by the Company in order to provide or improve the Services, manage your account, provide Customer Support Service, as well as ensure a great User experience based on the contractual relationship that has been created.
Likewise, Crosschange will keep record of all your data processed in order to ensure that both you and the Company are Complying the obligations set in the Terms & Conditions of the service.
4.1.3. Crosschange will also process the data if necessary, for compliance with a legal obligation.
The Company is subject to many regulations and legal obligations such as anti-money laundering, KYC regulations, data privacy laws, etc.
In addition, the Company may need to notify you of certain changes to the laws, the Terms of the Service or any substantial modification of the product.
Likewise, the Company may have to provide your information to governmental authorities, courts of law or any supervisory body when contacted by them.
4.1.4. Processing is necessary to protect your or our interests.
As mentioned in section 3, processing is needed to provide and improve Services, to provide Customer Support, to troubleshoot incidents in the platform, to prevent fraud, unauthorized access to an account or any illegal activities, to comply with any laws, etc.
We may have a legitimate interest in processing and keeping record of your information to defend our interests in legal procedures, to settle disputes between you and the Company or a third party, as well as comply with our legal obligations.
4.1.5. Processing is necessary in order to exercise official authority.
Whenever obliged by law or subject to the application of a regulation that will enter into effect, as well as required in a legal proceeding or to comply with a governmental request, the Company will process your information.
4.2. The Company will not send communications to you for marketing purposes. As stated in this Policy, information will be used to deliver updates on the platform, ensure security and provide the services.
5. STORAGE AND PROTECTION OF YOUR INFORMATION
All the information we store that may in any way be used to identify you is treated with the greatest degree of caution. The Company understands how important it is to preserve your Privacy, as well as to comply with the applicable privacy laws.
5.2. The Company protects your personal information from unauthorized access, disclosure, destruction, use, loss, damage or any other misuse, in the following ways:
5.2.1. We store all client information in secure environments (using technical measures, access control measures, encrypted forms, firewalls…).
5.2.2. We comply with all regional and international laws in terms of the safeguarding all of our client privacy and information.
5.2.3. We restrict access to all of our infrastructure both physical and online.
5.2.4. We detect and block any security threats, as well as unauthorized or suspicious actions in your account. Also, in these cases we will notify you of the threat we have observed so that the necessary steps are taken.
5.2.5. We authorize access to client information only to staff, contractors, service providers or agents who require access to fulfill their job responsibilities.
All staff with access to sensitive information are monitored and properly trained to ensure compliance with regulations and are subject to be disciplined if non- compliance with their contractual obligations and confidentiality agreements.
The Administration shall strictly keep confidentiality of and prevent unauthorized third-party access to personal data.
5.2.6. Crosschange requires all Associated entities and Partners to maintain the same degree of protection and confidentiality of the personal information of the Client.
5.2.7. To protect your account the Company recommends and facilitates the use of the following settings and security features: 2FA, Backup code and anti-phishing code.
5.2.8. The Company reviews and updates the processing practices and physical security measures to prevent security threats.
5.3. The Company will securely store all client information throughout the duration of the use of Crosschange International OÜ services as well as for up to the time required or permitted by law to fulfill the purposes established in section 6.
5.4. The company reminds that none of the existing data transmission methods or security measures can be absolutely safe. Therefore, despite all safety measures implemented, the Company cannot fully guarantee integrity and safety of the information and data.
The client accepts that there could be risk of unauthorized access, loss, destruction or damages and agrees to bear the consequences derived from such risks.
5.6. Neither will the Company be responsible for the access of third parties caused by the Clients fault.
The Client agrees to choose a complex enough password to ensure his account, and agrees in no way to disclose the password or any information that could lead to the access of the account.
If you have suspicions that an unauthorized action or access to your account is taking place you must notify the Company immediately so that security measures can be adopted in order to ensure the safety of the account.
6. PERIOD OF RETENTION OF PERSONAL INFORMATION
6.1. Crosschange Bank will only retain your personal information for as long as it is required to comply with the purposes described in this Policy, and in any case, only for as long as it is required or permitted by law to fulfil other purposes such as: business purposes, providing the Service, reporting to an authority, complying with AML obligations, observing regulations or complying with legal obligations and in order to resolve or settle any dispute that arises regarding the use of the Services.
6.2. The above includes all information collected and stored in any form, that is: personal information, data stored in the account, recorded zoom verifications, authorizations sent to the Company to carry out certain procedures and tickets created via the Support Desk.
6.3. If the data is no longer necessary and there is no legal obligation to retain the information, the Company will securely destroy the information.
6.4. In those cases where the client requests a deletion of account, the Company will close the account and will stop providing the Services. However, Personal Data will not be deleted if there is an obligation to retain it for the purposes stated in section 6.1.
7. data transferring
7.1. Crosschange may transfer, manage or process personal data in servers that are located in a country different to the one the Client resides.
The Company will work hard to always maintain a high level of security when managing any information, as well as will comply with any legal obligations relating to transferring and processing of data.
7.2. When transferring and sharing data, as the level of data protection may differ from country to country, the Company will maintain the same level of protection of the information herein established as well as will comply with the decree of protection of personal data required by the applicable laws of the country or region in which the Client resides.
By using our Services, you consent to the transfer and processing of information in other countries.
7.3. To facilitate operations, we may transfer personal information to service providers, affiliates or partners located out of the EU.
7.4. Crosschange may also transfer personal data to its Business Partners within the “Ecosystem”, which the Company is a part of.
These Partners, affiliates and Service Providers may have their headquarters in a different country.
7.5. In addition, all Partners, Affiliates and Service Providers will be obliged to maintain the same standard and level of protection of the information required by law. To do so, the Company will sign a written agreement where the Partner or entity ensures that it complies with the Data protection laws and with the same degree of protection of the information established in this Privacy Notice.
8. information disclosure and THIRD-PARTY services
8.1. The Company will share your information with third parties in the following circumstances:
8.1.1. When the Client has expressly consented the Company to share information with a certain individual or entity.
8.1.2. With third party identity verification services in order to comply with AML & KYC regulations, as well as prevent fraud or any unauthorized action. The identity verification will confirm that your data matches to the official documents presented, that the selfie you take matched the photo in your government issued identity document.
8.1.3. With our trusted businesses or service providers that need to process the information for us in order to provide Services such as: security, customer support, network infrastructure, etc. In this case, the collection and storage of information will be done following our instructions and in accordance with this Policy.
8.1.4. When the Company is subject to any kind of Corporate operation, such as: merge, acquisition, fusion, etc., information will be disclosed to the Company or entity with whom the operation will be carried out. This type of actions will be notified to the User beforehand.
8.1.5. With entities with whom the Company partners to process payments in order to offer the Services of dataphones, payment cards or any other Services.
8.1.6. The Company will disclose information for any legal purposes, such as the following:
188.8.131.52. When required by a Court of Law or any law enforcement body or official,
184.108.40.206. To comply with a law or regulation,
220.127.116.11. To consult a matter with its legal advisors,
18.104.22.168. To ensure the Company is fulfilling all Compliance and legal audits,
22.214.171.124. When necessary to prevent damages, fraud or to protect a legitimate interest.
126.96.36.199. To report suspicious activities and or prevent fraud or money laundering.
188.8.131.52. To enable the collaborations with business partners part of the Ecosystem, in order so that Services related to the use of cryptocurrencies are provided.
If Crosschange discloses your information to these other business partners, such partners may store the information in order to comply with their obligations of service provision or legal obligations.
Any information provided by us to third parties will not be used for any purpose other than complying with the Service contracted with the Company. In case the partner uses the information for other purposes, they will have to notify you and you will have to agree to their data protection policies.
8.2. The Company will not disclose information on any other bases or for a different purpose to the ones set out in this document.
9. Client control over information and rights
9.1. If the European data protection law applies to you (“GDPR”) the Company will allow you to exercise the rights thereunder provided.
If you are not a resident to whom the GDPR applies, the Company will in its sole discretion decide if it provides you with those rights or not.
9.2. The rights established by law are the following: right to access, be informed, to rectify, erase, restrict, export and object to the processing of information.
9.2.1. Right to be informed and to access: You may ask us if we are collecting your information and what kind of information. Also, you may request us to provide you with a copy of the personal information we hold from you.
You may request for an export copy of the transaction history of your account, the history of wallets in your account, or any other information useful to you.
9.2.2. Right to rectification: The Client will have the right to correct, complete or update his inaccurate personal information.
The Client has the power to complete or correct information through his Backoffice, in aspects such as the wallet and telephone number.
To correct or complete other information, the Client will have to request it to the Company.
In order to correct or complete information such as: Name, surname, date of birth, email address and ID documents the account holder will have to contact the Support Desk. As modifying this information could put on risk your account or be made in fraud, the Company will put in place the necessary measures to ensure the account is secured, such as: ask you to provide your identity documents, send a selfie, sign authorizations, proceed with zoom verifications, etc.
9.2.3. Right to erasure: The Client may request the Company to close his account and erase personal information in certain given circumstances.
In this case, the Company will leave the account as closed so that no further use or action is carried out in it.
However, the Company will keep record of certain information in the database, after the relationship is done with you, for a certain period of time in order to comply with legal obligations, prevention of fraud or anti-money laundering obligations as well as to ensure the defense of its interests if any conflict arises.
9.2.4. Right to restrict processing or object to it: Under certain circumstances the company will block the processing of the personal information.
The Company in that case will cease to the provision of Services if the information is necessary for it.
This does not mean that the Company will eliminate your data, which will be subjected to the foreseen by applicable law, as well as Section 6 of this Policy related to the retention of personal information.
If the Company has disclosed personal information to business partners or Service providers, they will be notified of the restriction or objection to the further processing of information.
9.2.5. Right to portability: In certain circumstances, you may have the right to ask us to transfer the information we hold of you to a third part of your choice.
9.3. If the personal information is based on your consent, you may withdraw your consent at any time for future collection of information.
The information that was provided with consent will not be affected and will still be processed and managed by the Company in order to defend its interests or comply with any regulations.
9.4. To exercise the rights herein foreseen you must contact the Support Desk which shall redirect you to the designated Agent for these matters.
10.1. The Company may use at times cookies, web beacons, unique identifiers, and similar technologies or tracking tools to collect information about the pages the User surfed and the links the User clicked.
10.3. The User may block, delete, or disable these technologies if his/her web-browser or device allows this.
Recognize you as a Crosschange International OÜ user as well as remember your settings (language, login account…)
Customize the content you see,
Track the effectiveness of affiliate or marketing campaigns,
Collect basic information about your computer, device, and browser in order to prevent security,
To improve functionality of the website.
10.5. We may use both “session” and “persistent” cookies in order to effectively achieve the above results. “Session” cookies are used to improve the website function within a single session, “persistent” cookies stay on your computer after your logout in order to remember your preferences next time you visit.
10.7. All of the cookies collected by the Company are encoded so that no third-party can intercept or use any of the information collected in them.
Please view the following link for more information on the cookies used https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=en
11. AMENDMENTS and changes to the policy
11.1. The Company retains the right to update, edit and amend this Policy whenever deemed necessary to ensure the Company is adjusted to the technology, business practices and in compliance with regulations applicable at the time.
11.3. In the event that changes are significant, the Company will provide an extended notice or Pop Up explaining those changes to the Policy to make sure that you are aware of the changes.
11.4. Crosschange will not reduce the rights obtained in this Policy without the client’s express consent to it.
12. data controller
12.1. The data controller of the Client’s that are based in the EEA is Crosschange International ÖU.
12.2. Crosschange will be responsible of collecting, handling, using and processing your information as well as complying with the Data protection laws that apply to you.
12.3. If you have any questions regarding this Policy you can contact our Data Protection Office at firstname.lastname@example.org
12.4. Likewise, you may contact the data protection authority established in your country of residence to request for more information or file a complaint: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
13. contact us
13.1. If you any questions, complaints, requests or suggestions regarding this Policy, please submit a request via our Support Zendesk at: https://crosschange-bank.zendesk.com/hc/en-us
13.2. If the matter has not been resolved, you may contact our Data Protection Officer at: email@example.com