RELATIONSHIP TO YOU (CUSTOMER) AND CG
THE PERSONAL INFORMATION WE COLLECT
PERSONAL INFORMATION COLLECTED
We collect personal information to provide you with our Services. When we require certain personal information from users it is because we are required by law to collect this information or it is relevant for specified purposes. Any information you provide to us that is not required is voluntary. You are free to choose whether to provide us with the types of personal information requested, but we may not be able to serve you as effectively or offer you all of our Services when you do choose not to share certain information with us.
Although we generally collect personal information directly from you, on occasion, we also collect certain categories of personal information about you from other sources. In particular:
- financial and/or transaction details from payment providers in order to process a transaction;
- For example, we collect personal information which is required under the law to open an account, add a payment method, or execute a transaction. We also collect personal information when you use or request information about our Services, subscribe to marketing communications, request support, complete surveys, or sign up for a CryptoGold event, even if hosted by another provider. We may also collect personal information from you offline, such as when you attend one of our events, or when you contact customer support. We may use this information in combination with other information we collect about you as set forth in this Policy.
- third party service providers (like Zendesk), which may provide information about you when you login to your account and connect via support ticket with the third party provider and they send us information such as your username, e-mail adress. This only occurs if you are using the support Ticket function. The Information varies and is controlled by that service provider or as authorized by you via your privacy settings at that service provider;
- For example, fraud warnings from service providers like identity verification service. We also receive information about you and your activities on the CG platform through partnerships, or about your experiences and interactions from our partner ad networks. We also receive information about you as a rights holder from our third party authors. For example, information in the form of a model release when your image is used in an item made available on our Sites.
We collect the following types of information (if necessary):
- Personal Identification Information:Full name, email, date of birth, nationality, gender, signature, utility bills, photographs, phone number, and/or home address,
- Formal Identification Information:Tax ID number, passport number, driver’s license details, national identity card details, photograph identification cards, and/or visa information.
- Financial Information:Bank account information, payment data, Wallet numbers, transaction history, trading data, and/or tax identification.
- Transaction Information:Information about the transactions you make on our Services, such as the name of the recipient, your name, the amount, the wallet you choose and/or timestamp.
- Online Identifiers:Geo location/tracking details, browser fingerprint, OS, browser name and version, and/or personal IP addresses.
HOW WE USE YOUR PERSONAL INFORMATION
Our primary purpose in collecting personal information is to provide you with a secure, smooth, efficient, and customised experience. In general, we use personal information to create, develop, operate, deliver, and improve our Services, content and advertising, and for loss prevention and anti-fraud purposes. We will your personal information in the following ways:
- To maintain legal and regulatory compliance. Some of our core Services are subject to laws and regulations requiring us to collect and use your personal identification information, formal identification information, payment information, transaction information, employment information, online identifiers, and/or usage data in certain ways. For example, CryptoGold must identify and verify customers using our Services in order to comply with anti-money laundering and terrorist financing laws across jurisdictions. In addition, we can use third parties to verify your identity by comparing the personal information you provided against third-party databases and public records. If they exceed legally-specified maximum values for purchases with your CG Account, we may require you to provide additional information which we may use in collaboration with service providers acting on our behalf to verify your identity or address, and/or to manage risk as required under applicable law. The consequences of not processing your personal information for such purposes is the termination of your account as we cannot perform the Services in accordance with legal and regulatory requirements.
- To enforce our terms in our user agreement and other agreements. CryptoGold handles very sensitive information, such as your identification and financial data, so it is very important for us and our customers that we are actively monitoring, investigating, preventing and mitigating any potentially prohibited or illegal activities, enforcing our agreements with third parties, and/or violations of our posted user agreement or agreement for other Services. In addition, we may need to collect fees based on your use of our Services. We collect information about your account usage and closely monitor your interactions with our Services. We may use any of your personal information collected on our Services for these purposes. The consequences of not processing your personal information for such purposes is the termination of your account as we cannot perform our Services in accordance with our terms.
- To provide CryptoGold Services. We process your personal data in order to provide you with the services of CryptoGold. For example, if you want to buy mining hardware and dig your own digital currency, we need certain information, such as your identification, contact information, payment information, and transaction information. Without this information we can not offer you any services.
- To provide Service communications. We send administrative or account-related information to you to keep you updated about our Services, inform you of relevant security issues or updates, or provide other transaction-related information. Without such communications, you are unlikely to be aware of any significant developments in your account that could impact the use of our services.
- To provide customer service. We process your personal information when you contact us to resolve any questions, disputes, collect fees, or to troubleshoot problems. We may process your information in response to another customer’s request, as relevant, but without personal reference to you. Without processing your personal information for such purposes, we cannot respond to your requests and ensure your uninterrupted use of the Services.
- To ensure customer support, services and quality control. We process your personal information for customer support, quality control and staff training to make sure we continue to provide you with accurate information. If we do not process personal information for quality control purposes, you may experience issues on the Services such as inaccurate transaction records or other interruptions. Our basis for such processing is based on the necessity of performing our contractual obligations with you.
- To ensure network and information security. We process your personal information in order to enhance security, monitor and verify identity or service access, combat spam or other malware or security risks and to comply with applicable security laws and regulations. The threat landscape on the internet is constantly evolving, which makes it more important than ever that we have accurate and up-to-date information about your use of our Services. Without processing your personal information, we may not be able to ensure the security of our Services.
- For the future, research and development purposes. We process your personal information to better understand the way you use and interact with CG´s Services. In addition, we use such information to customise, measure, and improve CG’s Services and the content and layout of our website and applications, and to develop new services. Without such processing, we cannot ensure your continued enjoyment of our Services. Our basis for such processing is based on legitimate interest.
- To support and enhance your website experience. We process your personal information to provide a personalised experience, and implement the preferences you request. For example, you may choose to provide us with access to certain personal information stored by third parties Without such processing, we may not be able to ensure your continued enjoyment of part or all of our Services.
- To facilitate corporate acquisitions, mergers, or transactions. We may process any information regarding your account and use of our Services as is necessary in the context of corporate acquisitions, mergers, or other corporate transactions. You have the option of closing your account if you do not wish to have your personal information processed for such purposes.
- To engage in marketing activities. Based on your communication preferences, we may send you marketing communications to inform you about our events or our partner events; to deliver targeted marketing; and to provide you with promotional offers based on your communication preferences. We use information about your usage of our Services and your contact information to provide marketing communications. You can opt-out of our marketing communications at any time.
We will not use your personal information for purposes other than those purposes we have disclosed to you, without your permission. From time to time we may request your permission to allow us to share your personal information with third parties. You may opt out of having your personal information shared with third parties, or allowing us to use your personal information for any purpose that is incompatible with the purposes for which we originally collected it or subsequently obtained your authorisation. If you choose to so limit the use of your personal information, certain features or CryptoGold Services may not be available to you.
INFORMATION FROM THIRD PARTY SOURCES
From time to time, we may obtain information about you from third party sources as required or permitted by applicable law, such as public databases, credit bureaus, ID verification partners, resellers and channel partners, joint marketing partners, and social media platforms.
- Public Databases, Credit Bureaus & ID Verification Partners:We obtain information about you from public databases and ID verification partners for purposes of verifying your identity. ID verification partners use a combination of government records and publicly available information about you to verify your identity. Such information includes your name, address, job role, public employment profile, credit history, status on any sanctions lists maintained by public authorities, and other relevant data. We obtain such information to comply with our legal obligations, such as anti-money laundering laws. Pursuant to EEA Data Protection Law, our lawful basis for processing such data is compliance with legal obligations. In some cases, we may process additional data about you to ensure our Services are not used fraudulently or for other illicit activities. In such instances, processing is necessary for us to continue to perform our contract with you and others.
COLLECTION & USE OF INFORMATION COLLECTED AUTOMATICALLY
WE SHARE PERSONAL INFORMATION WITH OTHER PARTIES
We take care to allow your personal information to be accessed only by those who really need to in order to perform their tasks and duties, and to share with third parties who have a legitimate purpose for accessing it. CryptoGold Ltd will never sell or rent your personal information. We will only share your information in the following circumstances:
- We share your information, if necessary with third party identity verification services in order to prevent fraud. This allows CG to confirm your identity by comparing the information you provide us to public records and other third party databases. These service providers may create derivative data based on your personal information that can be used solely in connection with provision of identity verification and fraud prevention services.
- We may share your information with service providers under contract who help with parts of our business operations such as bill collection, marketing, support and technology services. Our contracts require these service providers to only use your information in connection with the services they perform for us, and prohibit them from selling or forwarding your information to anyone else.
- We share your information with financial institutions with which we partner to process payments you have authorised.
- We may share your information with companies or other entities that purchase CG assets pursuant to a court-approved sale under U.S. bankruptcy law and / or where we are required to share your information pursuant to insolvency law in the VAE or in any other jurisdiction;
- We may share your information with law enforcement, officials, or other third parties when we are compelled to do so by a subpoena, court order, or similar legal procedure, or when we believe in good faith that the disclosure of personal information is necessary to prevent physical harm or financial loss, to report suspected illegal activity or to investigate violations of our User Agreement or any other applicable policies.
HOW WE SHARE PERSONAL INFORMATION WITH THIRD-PARTY SITES AND SERVICES
If you use your CG Account to transfer Digital Currency in connection with the purchase or sale of goods or services, we or you may also provide the seller with your shipping address, name, and/or email to help complete your transaction with the seller. The seller is not allowed to use this information to market their services to you unless you have agreed to it. If an attempt to transfer Digital Currency to your seller fails or is later invalidated, we may also provide your seller with details of the unsuccessful transfer. To facilitate dispute resolutions, we may provide a buyer with the seller’s address so that goods can be returned to the seller.
In connection with a Digital Currency transfer between you and a third party, including merchants, a third party may share information about you with us, such as your email address or mobile phone number which may be used to inform you that a transfer has been sent to or received from the third party. We may use this information in connection with such transfers to confirm that you are a CG customer, that Digital Currency transfers are enabled, and/or to notify you that you have received Digital Currency. If you request that we validate your status as a CG customer with a third party, we will do so. You may also choose to send Digital Currency to or request Digital Currency from an email address. In such cases, your user name will be displayed in an email message notifying the user of the designated email address of your action.
Please note that merchants you interact with may have their own privacy policies, and CG is not responsible for their operations, including, but not limited to, their information practices. Information collected by third parties, which may include such things as contact details or location data, is governed by their privacy practices. We encourage you to learn about the privacy practices of those third parties.
If you authorise one or more third-party applications to access your CG Account, then information you have provided to CG may be shared with those third parties. Unless you provide further authorisation, these third parties are not allowed to use this information for any purpose other than to facilitate your transactions using CG Services.
HOW WE PROTECT AND STORE PERSONAL INFORMATION
We understand how important your privacy is, which is why CG maintains (and requires its service providers to maintain) appropriate physical, technical and administrative safeguards to protect the security and confidentiality of the personal information you entrust to us.
We may store and process all or part of your personal and transactional information, including certain payment information, such as your wallet. bank account and/or routing numbers, in Dubai and elsewhere in the world where our facilities or our service providers are located. We protect your personal information by maintaining physical, electronic, and procedural safeguards in compliance with the applicable laws and regulations.
For example, we use computer safeguards such as firewalls and data encryption, we enforce physical access controls to our buildings and files, and we authorise access to personal information only for those employees who require it to fulfill their job responsibilities. Full bank account data is securely transferred and hosted off-site by a payment vendor in compliance with Payment Data Security Standards. This information are accessible to CG and support staff.
However, we cannot guarantee that loss, misuse, unauthorised acquisition, or alteration of your data will not occur. Please recognise that you play a vital role in protecting your own personal information. When registering with our Services, it is important to choose a password of sufficient length and complexity, to not reveal this password to any third-parties, and to immediately notify us if you become aware of any unauthorised access to or use of your account.
HOW YOU CAN ACCESS OR CHANGE YOUR PERSONAL INFORMATION
You are entitled to review, correct, or amend your personal information, or to delete that information where it is inaccurate. You may do this at any time by logging in to your account and clicking Member Management and than Profile tab.
Where we require your personal information to comply with legal or contractual obligations, then provision of such data is mandatory: if such data is not provided, then we will not be able to manage our contractual relationship with you, or to meet obligations placed on us.
RIGHTS IN RELATION TO THE USE OF YOUR PERSONAL INFORMATION
Rights of access, correction and deletion. You have a right of access to the personal information that we hold about you under European data protection legislation, and to some related information. You can also require any inaccurate personal information to be corrected or deleted.
Right to object. You can object to our use of your personal information for direct marketing purposes at any time and you may have the right to object to our processing of some or all of your personal information (and require them to be deleted) in some other circumstances.
If you wish to exercise any of these rights, please contact us as set out below.
RETENTION OF PERSONAL INFORMATION
We store your personal information securely throughout the life of your CG Account. We will only retain your personal information for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting obligations or to resolve disputes. While retention requirements vary by jurisdiction, information about our typical retention periods for different aspects of your personal information are described below. Contact Information such as your name, email address and telephone number for marketing purposes is retained on an ongoing basis until you un-subscribe. Thereafter we will add your details to our suppression list indefinitely.
Content that you post on our website such as support desk comments, photographs, videos, blog posts, and other content may be kept indefinitely after you close your account for audit and crime prevention purposes. Information collected via technical means such as cookies, webpage counters and other analytics tools is kept for a period of up to one year from expiry of the cookie.
CHILDREN’S PERSONAL INFORMATION
We do not knowingly request to collect personal information from any person under the age of 18. If a user submitting personal information is suspected of being younger than 18 years of age, CG will require the user to close his or her account and will not allow the user to continue buying hardware or transfering digital currencies. We will also take steps to delete the information as soon as possible. Please notify us if you know of any individuals under the age of 18 using our Services so we can take action to prevent access to our Services.
INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION
While CryptoGold Ltd are based in the Dubai (which is within the UAE), our service providers may store, transfer, and otherwise process your personal information in countries outside of the country of your residence, including the United States, Asia, the Philippines, and possibly other countries. We use approved Model Contractual Clauses for the international transfer of personal information collected in the European Economic Area and Switzerland, or require that any third party located in the U.S. receiving your personal information is certified under the E.U.-U.S. and/or the Swiss-U.S. Privacy Shield Frameworks and require that the third party agree to at least the same level of privacy safeguards as required under applicable data protection laws.
If you have a complaint about our privacy practices and our collection, use or disclosure of personal information please contact us at firstname.lastname@example.org.
EEA USERS & DATA
For the purposes of applicable EU data protection law (including the General Data Protection Regulation 2016/679 (the “GDPR”), we are a ‘data controller’ of your personal information. These entities determine the means and purposes of processing data in relation to e-wallet and cryptocurrency transactions.
Legal bases for processing personal information. Our legal bases for processing under EEA Data Protection Law are described above in the sections entitled “How Your Information Is Used” and “Information From Third Party Partners.” We may process your personal information if you consent to the processing, to satisfy our legal obligations, if it is necessary to carry out our obligations arising from any contracts we entered with you, or to take steps at your request prior to entering into a contract with you, or for our legitimate interests to protect our property, rights or safety of CG, our customers or others.
Direct Marketing. Where we have your consent to do so (e.g. if you have subscribed to one of our e-mail lists or have indicated that you are interested in receiving offers or information from us), we send you marketing communications by email about products and services that we feel may be of interest to you. You can ‘opt-out’ of such communications if you would prefer not to receive them in the future by using the “unsubscribe” facility provided in the communication itself.
You also have choices about cookies, as described below. By modifying your browser preferences, you have the choice to accept all cookies, to be notified when a cookie is set, or to reject all cookies. If you choose to reject cookies some parts of our Sites may not work properly in your case.
If you are a new customer and located in the EEA , we will contact you by electronic means for marketing purposes only if you have consented to such communication. If you do not want us to use your personal information in this way, or to pass your personal information on to third parties for marketing purposes, please contact us at email@example.com. You may raise such objection with regard to initial or further processing for purposes of direct marketing, at any time and free of charge. Direct marketing includes any communications to you that are only based on advertising or promoting products and services
Our Profil Dashboard allows you to set your communication preferences and make individual rights requests relating to your personal information. We encourage you to make any individual rights requests through the ticket system because it ensures that you have been authenticated already. Otherwise, when we receive an individual rights request via email we may take steps to verify your identity before complying with the request to protect your privacy and security.
Right to withdraw consent. You have the right to withdraw your consent to the processing of your personal information collected on the basis of your consent at any time. Your withdrawal will not affect the lawfulness of CG’s processing based on consent before your withdrawal.
Right of access to and rectification of your personal information. You have a right to request that we provide you a copy of your personal information held by us. This information will be provided without undue delay subject to some fee associated with gathering of the information (as permitted by law), unless such provision adversely affects the rights and freedoms of others. You may also request us to rectify or update any of your personal information held by CG that is inaccurate. Your right to access and rectification shall only be limited where the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question, or where the rights of persons other than you would be violated.
Right to erasure. You have the right to request erasure of your personal information that: (a) is no longer necessary in relation to the purposes for which it was collected or otherwise processed; (b) was collected in relation to processing that you previously consented, but later withdraw such consent; or (c) was collected in relation to processing activities to which you object, and there are no overriding legitimate grounds for our processing. If we have made your personal information public and are obliged to erase the personal information, we will, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform other parties that are processing your personal information that you have requested the erasure of any links to, or copy or replication of your personal information. The above is subject to limitations by relevant data protection laws.
Right to data portability. If we process your personal information based on a contract with you or based on your consent, or the processing is carried out by automated means, you may request to receive your personal information in a structured, commonly used and machine-readable format, and to have us transfer your personal information directly to another “controller”, where technically feasible, unless exercise of this right adversely affects the rights and freedoms of others. A “controller” is a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of your personal information.
Right to restriction of or processing. You have the right to restrict or object to us processing your personal information where one of the following applies:
(a) You contest the accuracy of your personal information that we processed. In such instances, we will restrict processing during the period necessary for us to verify the accuracy of your personal information.
(b) The processing is unlawful and you oppose the erasure of your personal information and request the restriction of its use instead.
(c) We no longer need your personal information for the purposes of the processing, but it is required by you to establish, exercise or defense of legal claims.
(d) You have objected to processing, pending the verification whether the legitimate grounds of CryptoGold processing override your rights.
Restricted personal information shall only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. We will inform you if the restriction is lifted.
Notification of erasure, rectification and restriction. We will communicate any rectification or erasure of your personal information or restriction of processing to each recipient to whom your personal information have been disclosed, unless this proves impossible or involves disproportionate effort. We will inform you about those recipients if you request this information.
Right to object to processing. Where the processing of your personal information is based on consent, contract or legitimate interests you may restrict or object, at any time, to the processing of your personal information as permitted by applicable law. We can continue to process your personal information if it is necessary for the defense of legal claims, or for any other exceptions permitted by applicable law.
Automated individual decision-making, including profiling. You have the right not to be subject to a decision based solely on automated processing of your personal information, including profiling, which produces legal or similarly significant effects on you, save for the exceptions applicable under relevant data protection laws.
Right to lodge a complaint. If you believe that we have infringed your rights, we encourage you to contact us first at firstname.lastname@example.org so that we can try to resolve the issue or dispute informally. You can also complain about our processing of your personal information to the relevant data protection authority. You can complain in the EU member state where you live or work, or in the place where the alleged breach of data protection law has taken place.
Storage of your personal information. CG will try to limit the storage of your personal information to the extent that storage is necessary to serve the purpose(s) for which the personal information was processed, to resolve disputes, enforce our agreements, and as required or permitted by law.
Your rights to personal information are not absolute. Access may be denied when:
- Denial of access is required or authorized by law;
- Granting access would have a negative impact on other’s privacy;
- To protect our rights and properties; and
- Where the request is frivolous or vexatious.
Cookies and right to object in direct mail “Cookies” are small files that are stored on users’ computers.
Targeting with Google Analytics
We use Google Analytics to display advertisements displayed within Google and its affiliate advertising services, only those users who have shown an interest in our online offering or who have certain characteristics (eg interests in specific topics or products visited by them) Web pages) that we submit to Google (so-called “remarketing” or “Google Analytics audiences”). With Remarketing Audiences, we also want to make sure that our ads meet the potential interest of users.
Based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offer within the meaning of Art. 6 (1) lit. GDPR)
Use of Facebook social plugins
Based on our legitimate interests (ie interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 (1) f. GDPR)
In addition to this website, we also maintain presences in various social media, which you can reach via corresponding buttons on our website. If you visit such a presence, personal data may be transmitted to the provider of the social network. It is possible that in addition to the storage of the data you have actually entered in this social media, further information is processed by the provider of the social network. Moreover, the social network provider may process the most important data of the computer system from which you visit it – for example, your IP address, the processor type used, and the browser version and plug-ins. If you are logged in while visiting such a website with your personal user account of the respective network, this network can assign the visit to this account.
The purpose and scope of the data collection by the respective medium as well as the further processing of your data as well as your respective rights can be found in the respective regulations of the responsible person, e.g. under:
Use of YouTube
We use YouTube videos and YouTube plug-ins on our website. YouTube is a service of and provided by YouTube LLC (“YouTube”), 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube LLC is a subsidiary of Google Inc. (“Google”), 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
The legal basis for the processing of personal data described here is Article 6 (1) lit. f) GDPR. Our legitimate interest in doing so lies in the great benefits that YouTube offers. By integrating external videos we relieve our servers and can use corresponding resources elsewhere. This can i.a. Increase stability of our servers. In addition, YouTube or Google has a legitimate interest in the collected (personal) data to improve their own services.
HOW TO CONTACT US
If you have any questions about our privacy practices or the way in which we have been managing your personal information, please contact our privacy champion in writing at PO Box 390667 Dubai, UAE or email@example.com