Last Update 17.10.2019
Cryptolocator is a company registered in Seychelles. (“Cryptolocator”).
For the purposes of this Policy, Cryptolocator defines the term “User”, “Visitor” or “You” as a natural or legal person, either a visitor of www.cryptolocator.com Website or as User with a trading Account at Cryptolocator. The term “we”, “us”, “our” refers to Cryptolocator.
If we, or a fraud prevention agency, determine that you pose a fraud, money laundering or other criminal risks, we may refuse to provide the Services you have requested, or we may stop providing existing services to you.
Cryptolocator.com is a peer-to-peer platform service that enables its users to buy and sell digital currencies with a lot of different ways to exchange. All transactions are made directly between Users. Cryptolocator is not itself a party to any transactions conducted by its Users and only acts as an arbiter in resolving disputes and as an escrow agent to provide secure transactions.
Any information stored on the Cryptolocator Platform is treated as confidential. All information is stored securely and is accessed by authorized personnel only. Cryptolocator implements and maintains appropriate technical, security and organizational measures to protect Personal Data against unauthorized or unlawful processing and use, and against accidental loss, destruction, damage, theft or disclosure.
We process your data in an appropriate and lawful manner, in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679) (the “Regulation” or the “GDPR”).
Note that you will need to successfully open and register a User Account with us (as subject to our User approval requirements and policies) in order to request and receive any of our Services.
INFORMATION WE COLLECT AND ITS PURPOSES
The following sections cover the specifics of each of the two groups from which data is collected: Website Visitors and Users of our Services.
Website Visitors and collection of Visitors Data
If you are a Visitor to our Website only and not a User of our Services or the Website otherwise, then this section is relevant for you. In cases when required by the applicable law, we will ask for your explicit consent to process Personal Data, which shall be collected on this Website or volunteered by you. The personal identification information is collected from Visitors only if they voluntarily submit such information to us. Visitors may refuse to supply personally identification information, except that it may prevent them from engaging in certain Website related activities. However, if you do not grant the requested consent to the processing of your Personal Data, the use of this Website may not be possible. Cryptolocator may collect, record and analyze information of Visitors to our Website.
We may collect your Internet protocol address, geographical location, the type of browser and operating system you use, length of visit, the domain name of your Internet service provider, page views and Website navigation paths, as well as information about the timing and frequency of your service use. The source of the usage data is our analytics tracking system. This usage data may be processed to administer our Website, to block Visitors from access to the Website if such users are located in certain jurisdictions and for the purposes of analyzing the use of the Website and Services and improving Visitors’ experience, performance and future development of the Services. The legal basis for this processing is our legitimate interest for monitoring and improving our Website and Services.
Furthermore, Cryptolocator may collect and process Personal Data that you voluntarily (with your consent) give to Cryptolocator in our Website’s forms, such as when you sign up for information and newsletters.
If you join one of our mailing lists, we track how you interact with emails we send you. This helps us to understand what is important to you and improve the content we provide. We track whether you open our emails, which links you follow, and when you do so.
You can manage your preferences or unsubscribe at any time by following the links in emails we send you.
If you provide Cryptolocator with your social media details, Cryptolocator may retrieve publicly available information about you from social media. Such Personal Data may comprise your IP address, first and last name, your postal and email address, your telephone number, your job title, data for social networks, your areas of interest, interest in Cryptolocator Services, and certain information about the company you are working for (company name and address) and all other publicly available information.
Purpose of processing personal data
Cryptolocator uses the collected data to communicate with Visitors, to administer and protect our business, the Website and our Services (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data), to customize content for Visitors and to improve its Website by analyzing how Visitors navigate its Website. Cryptolocator will process all data in order to monitor and improve Websites and Services.
Sharing and storing personal data
Cryptolocator may also share such aggregated and anonymized statistical information with service vendors or contractors in order to monitor and analyze the Visitor behavior on its Website. The data we collect from you is stored within the territories of the European Union.
Links to other Websites
The Website may contain links to websites maintained by third parties, whose information and privacy practices are different from ours. We are not responsible or liable for the information or privacy practices employed by such third parties. We encourage you to read the privacy statements of all third-party websites before using such websites or submitting any personal data or any other information on or through such websites.
In order to provide services to its Users, Cryptolocator collects certain types of data from them. This section will describe how Users` data are collected and used by Cryptolocator.
Cryptolocator will process your account data you provide when you create an individual Account, perform transactions with other Users on the Cryptolocator Platform, or use other Cryptolocator Services.
Users will be asked to provide the following data:
- Account data: username and password. We will ask you to provide this information to be able to use our Services, to ensure the security of our Users, Website and our Services.
- Trade data: your transactional history on the Website; payment methods; offers information; Buyer and Seller usernames; trade chats; time scale of trade. We collect it to perform an Agreement between you and us, for internal recordkeeping, for billing and invoice purposes, for tax purposes and to resolve a disputed trade.
- Identity verification data may be required when you pass certain trade volume limits, during trade disputes, fraud investigations, and to ensure Account ownership. As part of our ID verification process, we require you to provide us with documents that verify your identities such as your government-issued ID, passport or driving license. We collect this information to conduct User due diligence measures on you, to establish and verify your identity, for KYC purposes, to resolve a disputed trade, to protect our Users from fraud.
- Usage Data includes details about how you use our Services and the Website. To administer and protect our business, the Website and our Services (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data, to market our products and Services to you by email or other means if you have subscribed).
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices which you (whether a User or otherwise) use to access and browse the Website. We use it to administer and protect our business, the Website and our Services (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data), to carry out market research campaigns.
- Website Visit Data includes the full Uniform Resource Locators (URL), clickstream to, through and from the Website (including date and time), services you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page. To administer and protect our business, the Website and our Services (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data), to carry out market research campaigns, To deliver relevant Website content and advertisements to you, and measure or understand the effectiveness of the advertising that we serve to you.
The source of the Contact data, Account data, Trade data, Identity verification data is a User who opens an Account.
The source of the Usage data, Technical data, Website Visit data is browser and Google Analytics.
The above-mentioned data will be used and processed for the purposes of performing a detailed Know Your Customer procedure according to necessary Anti-Money Laundering and Anti-Terrorist regulations, performing a contract that we have with you; as part of our legitimate (business) interests to verify the identity of our Users, mitigate against risks (such as potential or suspected fraud). These Personal Data will be used for operating our Website, providing our Services, ensuring the security of our Website and Services, maintaining backups of our databases and communicating with Users.
HOW WE COLLECT USER DATA?
We may collect personal identification information from Users in a variety of ways: when Users visit our Website, apply for or register on the Website, fill out forms, create an Account and in connection with Services available on our Website. When you communicate with us for support service or other purposes (e.g. by emails, chat etc.), or provide any feedback, we keep such information and our responses to you in the records of your Account.
- During a User’s registration at Cryptolocator peer-to-peer platform, Users provide information such as email address, country of residence, mobile phone number, username and password. We will ask you to provide us with your Identity verification data when you pass certain trade volume limits.
The Users Data shall be collected and processed by a third party – https://shuftipro.com, which is a trusted partner of Cryptolocator for collecting and processing Users data on behalf of Cryptolocator. Shuftipro is an experienced identity verification company that will process Personal Data for the purposes of the necessary KYC/AML procedures. Shuftipro will obtain and process all the above stated Personal Data and run KYC/AML procedures and ensure the compliance with the relevant AML legislation. For the purposes of the maintaining Users’ Accounts and reviewing Users for the purposes of KYC/AML compliance, Cryptolocator will collect and process the same that Shuftipro will collect in the process of User verification (KYC) procedure.
- Automated technologies or interactions. When you interact with our Website, we may automatically collect Technical, Website visit and Usage Data about your equipment, browsing actions and patterns. We may collect this Personal data by using cookies, server logs and other similar technologies.
We, upon receiving your consent, may provide you with promotional messages and other information about Services of ours, our affiliates, and third parties such as partners and notices and other information related to the Services and your interests.
By selecting the checkbox “I agree to subscribe to promotional messages and other information about Services of ours, our affiliates and third parties such as partners, and notices and other information related to the Services and my interests”, you consent that we may send all such aforementioned materials and information to your email.
You can manage your preferences or unsubscribe at any time by following the links in emails we send you.
HOW WE USE YOUR PERSONAL DATA?
We will only use your Personal Data when the law allows us. Most commonly, we will use your Personal Data in the following circumstances:
- Where you wish to enter into a User’s relationship with us;
- Where we need to perform the Agreement we have or which are about to enter into with you as a User;
- In order to operate and provide our Services, users support, improvements and customization of our Services;
- To communicate with You regarding our Services;
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
- Where we need to comply with a legal or regulatory obligation.
LEGAL BASES FOR COLLECTING THE INFORMATION
Our legitimate interest. It means our interest to conduct and manage our business affairs appropriately and responsibly, to protect the reputation of our business and to provide our Visitors with the best possible Service and the Users of the Website with a secure experience. We do not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
Legal obligation. We process your Personal Data where it is necessary for compliance with a legal or regulatory obligation we are subject to.
Marketing. Collecting Personal Data for this purpose, we are able to form a view on what we think you may want or need. This is how we then decide which of our Services may be relevant or of interest to you.
We will only use your Personal Data for the purposes we collected it for, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose, or we are obliged to process your data by applicable laws or court / enforceable orders.
If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at email@example.com.
If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis that allows us to do so. Please note that we may process your Personal Data without the need to obtain your consent, in compliance with the above rules, where this is required or permitted by law.
WEB BROWSER COOKIES
Our Website may use "cookies" to enhance User experience. Cookies, pixel tags and similar technologies (collectively ‘cookies’) are files containing small amounts of information which are downloaded to any internet enabled device – such as your computer or smartphone – when you visit the Website or use our application.
Different types of cookies
Session cookies are temporary cookies which only exist during the time you use the Website (or sometimes, until you close the browser after using the Website). Session cookies help our Website remember what you chose on the previous page, avoiding the need to re-enter information and improve your experience whilst using the Website.
Persistent cookies stay on your device after you’ve visited our Website. Persistent cookies help us identify you as a unique visitor. The length of time a cookie stays on your device depends on its type.
The cookies on the Website may be from any of the following categories:
If you choose to disable or block our cookies on your computer or other device, you will need to do so in a pop-up window when you enter the Website. If you block cookies, you may be unable to access certain areas of our Website and certain functions and pages will not work in the usual way.
TRANSFER AND SHARE INFORMATION
We may share information with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if required for the legal protection of its own legitimate interests in compliance with applicable laws. We will only use and share your information where it is necessary for us to lawfully carry out our business activities. The legal basis for this data processing is our legitimate interest and our legal obligation.
Disclosure to prevent damage and disclosure to legal authorities.
We will reveal User’s Personal Data without their prior permission only when we have reason to believe that the disclosure of this information is required to establish the identity of, to contact or to initiate legal proceedings against a person or persons who are suspected of infringing rights or property belonging to Cryptolocator or to others who could be harmed by the User’s activities. We are permitted to disclose Personal Data when we have good reason to believe that this is legally required and when the competent authorities have required providing them with such Personal Data.
We require all affiliated entities and third-party service providers to respect the security of your Personal Data and to treat it in accordance with the law. We do not allow them to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our documented instructions.
INTERNATIONAL DATA TRANSFERS
We store your information primarily within the European Economic Area.
However, some features and requirements of the Services involve transferring your information to third-party service providers outside the European Economic Area when it may be necessary in order to:
- provide the requested Services,
- fulfil our contractual obligations to you,
- comply with our legal and/or regulatory obligations or assert, file or exercise a legal claim.
We will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal data by the European Commission. In the absence of an adequacy decision, we will use specific contracts approved by the European Commission, which give Personal Data the same protection it has in Europe.
If such service providers are not established in a country ensuring an adequate level of protection within the meaning of Regulation (EU) 2016/679, such as the United States, the transfers will be covered by the standard data protection clauses adopted by the European Commission or by another appropriate safeguard mechanism such as the Privacy Shield Framework.
HOW WE STORE AND SECURE COLLECTED INFORMATION
For Cryptolocator Users, all Accounts are located in Cryptolocator European Data Region, all Personal Data is processed in the EEA.
Cryptolocator takes the security of the data that it collects very seriously. Cryptolocator has implemented a number of technical, organizational and administrative measures to ensure the confidentiality, integrity, availability and privacy of your Personal Data and to protect your Personal Data from loss, theft, unauthorised access, misuse, alteration or destruction which are generally accepted by the industry to protect the Personal Data in its possession.
These measures include, but are not limited to the implementation of current security technologies: Secure Sockets Layered (SSL) technology to ensure that your information is fully encrypted and sent across the Internet securely, secure coding principles, regular penetration testing. Only authorised Cryptolocator personnel are permitted to have access to your Personal Data, and these personnel are required to treat the information as highly confidential. The security measures will be reviewed regularly in light of new and relevant legal and technical developments. Additionally, we use encryption (HTTPS/TLS) to protect data transmitted to and from our Website.
Transport Layer Security (TLS) is a protocol that provides privacy and data integrity between two communicating applications. It's the most widely deployed security protocol used today, and is used for Web browsers and other applications that require data to be securely exchanged over a network, such as file transfers, VPN connections, instant messaging and voice over IP.
Cryptolocator is committed to handling your information with high standards of information security. However, the transmission of such data over the Internet using personal computers or mobile devices is not completely safe and therefore we cannot guarantee the security of documents submitted to our Website. Any transmission of such documents is at your own risk. As soon as we receive your Personal Data, we implement strict security measures and procedures to avoid unauthorized access from any third party.
RETENTION AND DELETION OF PERSONAL DATA
Personal Data that we process for any purpose or purposes shall not be kept for longer than it is necessary for that purpose or those purposes.
Visitors data will be removed 14 days after your visit to our Website.
Users may request the deletion of their Account through our Website.
We will retain and delete your Personal Data as follows:
For all Users who have deleted their Account:
- Usage, Website visit and technical data is removed 14 days after Account deletion.
- Contact data is not generally stored by our processors but they may retain activity logs for a short period of time (this time varies depending on the processor in question but is not greater than 12 months).
For Users who have not conducted or initiated any cryptocurrency transactions, we will delete all personal data 14 days after the approval of your Account deletion request.
For Users who have conducted or initiated any trades or sent or received any bitcoin transactions using their wallet and whose Account deletion request has been approved by us, our data deletion policy is the following:
- Your profile and Offers will be hidden 14 days after you delete your Account.
- Your Contact data will be deleted 5 years after you delete your account. Trade chat messages are deleted 180 days after the trade is completed. Trade chat messages from disputed trades will be deleted 5 years after you delete your Account.
- Your Account data, Trade data, Identity verification data will be deleted 5 years after you delete your Account.
In some cases it is not possible for us to specify in advance the periods for which your Personal Data will be retained. In such cases, we will determine the period of retention based on the period we need to access the data for the provision of Services, resolving your disputed trades or other issues or for any other auditing or legal reasons.
Notwithstanding the other provisions of this Section, we may retain your Personal Data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
Cryptolocator will not retain data longer than it is necessary to fulfill the purposes it was obtained for or as required by applicable laws or regulations. When a Users’ Account is terminated or expired, all Personal Data collected through the Website will be deleted, as required by applicable law.
We store collected information for as long as it is necessary to be able to provide Services to you. In some cases, we can keep your information longer than 5 years: such exceeding can be used only in a case of arising of legal requirements that will oblige us to store your information for more than 5 years.
Every User or Visitor can invoke the right to be forgotten at any time. Users and Visitors can request a list of their Personal Data. In case you wish to obtain such data send an e-mail to [email protected] You will receive the list within one month from receiving your request by Cryptolocator.
Your principal rights under data protection law are:
- Request access to your Personal Data. This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
You may send an email to firstname.lastname@example.org requesting such information as the Personal Data which we process. You shall receive one copy free of charge via email of the Personal Data which is undergoing processing. Any further copies of the information processed shall incur a charge of €20.00.
- Right to information when collecting and processing Personal Data about you from publicly accessible or third party sources. When this take places, we will inform you, within a reasonable and practicable timeframe, about the third party or publicly accessible source from whom we have collected your Personal data.
- Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where:
- there is no good reason for us continuing to process it;
- you have successfully exercised your right to object to processing (see below);
- we may have processed your information unlawfully; or
- we are required to erase your Personal Data to comply with local law.
Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons you will be notified about, if applicable, at the time of your request. These may include instances where the retention of your Personal Data is necessary to:
- comply with a legal or regulatory obligation to which we are subject; or
- establish, exercise or defend a legal claim.
- Request correction or rectification of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected and/or updated, though we may need to verify the accuracy of the new data you provide to us. As mentioned, it is in your interest to keep us informed of any changes or updates to your Personal data which may occur during the course of your relationship with us.
- Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Data for direct marketing purpose.
In some cases, we may demonstrate that we have compelling legitimate grounds to process your personal information that override your rights and freedoms.
- Request restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of your Personal Data in the following scenarios:
- if you want us to establish the data's accuracy;
- where our use of the data is unlawful but you do not want us to erase it;
- where you need us to hold onto the data even if we no longer require it, as you need it to establish, exercise or defend legal claims; or
- where you have objected to our use of your Personal Data, but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your Personal Data to you or to a third party. We will provide to you, or a third party you have chosen, your Personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Request to withdraw your consent at any time where we are relying on consent to process your Personal data (which will generally not be the case). This will not however affect the lawfulness of any processing which we carried out before you withdrew your consent. Any processing activities that are not based on your consent will remain unaffected.
Kindly note that none of these data subject rights are absolute, and must generally be weighed against our own legal obligations and legitimate interests. If a decision is taken to override your data subject request, you will be informed of this by our data protection team along with the reasons for our decision.
In the event of Personal Data breach Cryptolocator is obliged to notify the appropriate supervisory authority without undue delay and, where, feasible, not later than 72 hours after having become aware of it. In such situation, you also shall be notified immediately.
If you have any further questions regarding the data Cryptolocator collects, or how we use it, then please feel free to contact us by email at [email protected]