Last updated on 05.10.2023

Personal Data Processing Policy

This Privacy and Cookie Policy (hereinafter the “Privacy Policy”) applies to the collection of personal data and use of "cookie" files and similar technologies on the kryptonim.com website and other Kryptonim sub-sites, including but not limited to:

buy.kryptonim.com,
app.kryptonim.com

together with their mobile versions, jointly referred to as the “Platform”.

By continued use of the Platform, you consent to be bound by the provisions of this Privacy Policy.

1. Personal Data Controller

The controller of your personal data is Kryptonim Spółka z ograniczoną odpowiedzialnością, a limited liability company with its registered office in Warsaw (00-844) at Plac Europejski 1/40, registered in the National Register of Entrepreneurs kept by the District Court for the Capital City of Warsaw in Warsaw, XIII Economic Division of the National Court Register under KRS number: 0001017630, NIP: 5273040828, REGON: 52438515800000, hereinafter referred to as the 'Company'.

2. Contact

In case you would like to contact the us regarding your personal data and how we process it, please send an e-mail to: support@kryptonim.com.

3. Categories of personal data

We process the following categories of your personal data:

A.   Personal data processed in connection with providing Kryptonim Services:

Categories of data. To provide you with Services, we process the following categories of data: identification data, address data, and contact data, including payment card and cryptocurrency wallet numbers used to carry out the process related to operations conducted through the Platform. We may also process personal data such as date of birth or copy of ID for AML/KYC purposes in line with our AML/KYC Policy available on the Platform.

Purpose. Provision of Services, customer support, tailoring Services to your needs and ensuring security, enabling communication with you and general management of the relationship with you pursuant to the concluded contract.

Legal bases. We process your personal data because:

  • the processing is necessary to conclude contract with you and to fulfill contractual obligations we have towards you;
  • we have a legal obligation to process personal data for AML/KYC purposes
  • we have a legitimate interest to process your personal data in: (i) ensuring security and preventing fraud; (ii) processing of complaints, requests and claims; (iii) improving operation of the Platform; (iv) defense against legal claims and participation in proceedings related to provision of Services.

B. Personal data processed for marketing purposes:

Categories of data. When you express interest in our Services (eg. by submitting a contact form available on the Platform) we process the following categories of personal data: name, surname, e-mail address, personal data which you may disclose in messages addressed to the Company.

Purpose. Responding to your contact requests and providing information about our Services, including marketing materials.

Legal bases. We process your personal data because:

  • we have a legitimate interest in direct marketing of our Services; or
  • we have your consent for processing of personal data for the purpose of sending you marketing materials. Your consent can be withdrawn at any time, which does not affect legality of the processing conducted before the consent was withdrawn.

C.   Other:

We may process certain data in connection with social media communication addressed to you. In such cases we process personal data provided by you through a social media platform for communication purposes. The legal basis is our legitimate interest in responding to your inquiries and in direct marketing of our Services.

The Company also collects certain data points which, depending on individual circumstances, may or may not be classified as personal data. These includes data points such as IP address, information on User’s activity on the Platform, e.g. the order in which the page is viewed or technical information about the device from which the User logs in, parameters of software and hardware used by the User, pages viewed, mobile device identification number, and other data on devices and use of systems. Such information does not usually allow for unique identification of the User. This kind of information allows us to keep statistics and adapt the Platform to the User's preferences, as well as to ensure security and to prevent fraud on the Platform. Insofar as such data may constitute personal data, we ensure adequacy of information and data minimization. The legal basis for such processing is our legitimate interest in improving operation of the Platform, as well as detecting and preventing fraud.

4. Sharing of personal data

We entrust the processing of your personal data to entities, which act on our behalf and solely based on our instructions (data processors). In particular, we use data processors, whom we select carefully, to store your data on secure servers, provide us with CRM solutions, technical cookie management tools as well as tracking and analytics solutions and advertising networks.
We also transfer your personal data to companies in the UK, listed in section 5 below, in order to maintain security of transactions conducted through the Platform.
We may have to share your personal data with competent authorities (in particular the police or prosecution service), if they approach us with such a request, provided that there exists an appropriate legal basis for making your personal data available to them (e.g. a court order, administrative decision or an injunction).

5. Transfer of personal data to a third country

Your data may be to countries outside the European Economic Area and the United Kingdom in connection with communications with cryptocurrency exchanges or entities - custodians of virtual currencies, which may be based outside the EEA.
The Company uses the Platforms of third parties whose servers are located in the United States: Google Analytics (keeping statistics). The operation of Google Analytics can be disabled in the settings of your browser or by blocking it by selecting the appropriate answer when entering the Platform. On the site there is a link to the Google Maps Platform - depending on the settings of your device, the Platform may read your location data. All the above-mentioned entities are certified and provide the highest level of data protection.


In order to maintain the security of transactions conducted through the Platform, the data processed for this purpose is also transferred to:
a) Straal Ltd. (company number: 11185551),
b) Sum and Substance Ltd (company number: 09688671),
c) Elliptic Enterprises Limited (company number: 08458210).


The transfer of data and information is carried out with an appropriate degree of protection, such as:
a) relevant adequacy decision(s) of the European Commission;
b) standard contractual clauses approved by the European Commission,
c) binding corporate rules approved by the relevant supervisory authority.

6. Period of storage of personal data

Your personal data will be stored for the period:
(a) of the contract concluded with the Company, and after its termination: in connection with the Company's legal obligation under generally applicable laws (such as obligation to store data for accounting and tax-related purposes, as well as AML/KYC obligations),
(b) necessary for the Company to assert claims in connection with its operations or defend itself against claims directed against the Company, based on generally applicable laws, taking into account the periods of limitation of claims specified in generally applicable laws,
(c) if you object to the processing of your data for statistical and marketing purposes
and marketing purposes, they will be deleted immediately,
(d) in the case of processing of data on the basis of the consent granted, we will stop processing your data if you withdraw your consent.

7. Your rights

In connection with the Company's processing of your personal data, you have:
(a) the right to access your personal data,
(b) the right to rectify your personal data,
(c) the right to erasure of personal data (right to be forgotten),
(d) the right to restrict the processing of personal data,
(e) the right to data portability to another controller,
(f) the right to object to the processing of data, including profiling, and for the purposes of direct marketing, including profiling,
(g) the right to withdraw consent where the Company will process your personal data based on consent, at any time and in any manner, without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal,
(h) the right to lodge a complaint with the authority responsible for supervising the protection of personal data in the country where the transaction is carried out, if you consider that the processing of personal data violates the provisions of the Regulation.

8. Source of data - the information applies to personal data obtained by means other than from the data subject

Your personal data may originate from your legal representative, principal in the case of a power of attorney granted, entrepreneur in relation to whom you remain a beneficial owner, employer, party to a contract concluded with the Company, and from publicly available sources, in particular, from databases and registers.

9. Requirement to provide data

Provision of your personal data is necessary for the purpose specified in point 34 above, for:
a) the conclusion and performance of the agreement concluded with the Company, and the consequence of not providing your personal data will be the inability to conclude and perform the agreement concluded with the Company,
b) provision of Platforms by the Company, and the consequence of not providing your personal data will be the lack of provision of Services,
c) processing of complaints, requests or appeals and the consequence of your failure to provide your personal data will be the inability to process the complaint, request or appeal,
d) to receive offers or marketing of products offered or Services provided by the Company, and the consequence of your failure to provide your personal data will be the inability to receive such offers or marketing of products or Services.

10. Automated decision-making, including profiling

The Company will not make automated decisions based on your personal data, including decisions resulting from profiling. Profiling means any form of automated processing of personal data that involves the use of personal data to evaluate certain personal factors of an individual, in particular to analyze or forecast aspects of that individual's work, economic situation, health, personal preferences, interests, reliability, behavior, location or movement.

11. Additional information

We reserve the right to make changes to the Platform's privacy policy, which may be affected by developments in Internet technology, possible changes in data protection laws and the development of our Platform. We will inform you of any changes in a visible and understandable manner.
Links to other websites may appear on the Platform. Such websites operate independently of the Platform and are not supervised by the Company in any way. These websites may have their own privacy policies and regulations, with which we recommend that you familiarize yourself.

12. Cookies Policy

We reserve the right to make changes to the Platform's privacy policy, which may be affected by developments in Internet technology, possible changes in data protection laws and the development of our Platform. We will inform you of any changes in a visible and understandable manner.
Links to other websites may appear on the Platform. Such websites operate independently of the Platform and are not supervised by the Company in any way. These websites may have their own privacy policies and regulations, with which we recommend that you familiarize yourself.

§1 [GENERAL PROVISIONS]
(1) The Cookies Policy governs the use of cookies, and moreover how information about the User is processed through them.
(2) The Site performs functions of obtaining information about the User and his behaviour.
(3) Acquisition of information about the User takes place in particular through:
a. saving cookies on the User's terminal equipment;
b. collecting web server logs on the server managed by the Company.
(4) Personal data collected using cookies may be processed only for the purpose of performing certain functions for the User, as described below. Such data shall be encrypted in a manner that prevents access by unauthorized persons.
(5) The entity placing cookies on the Platform User's terminal equipment and accessing them is the Company.
(6) Cookies allow, in particular, to recognize the User's device and appropriately display the Platform adapted to his individual preferences, allow the Platform to be displayed in the User's language 'remembered' by these files, as well as to use other settings of the Platform selected by the User.
(7) Cookies usually contain the name of the Platform from which they originate, the time they are stored on the end device and a unique number.


§2 [PURPOSES OF THE COOKIE POLICY]
(1) The purpose of the Cookies Policy is:
a. making the User aware of the extent to which information about him or her is processed through cookies, including his or her personal data, so that the User can make his or her own, free and informed decision on whether to use the Platform;
b. generally specifying how and for what purpose the Company collects information about the User and for what purposes it uses this information;
c. informing the User to whom and where the Company sends their data.
(2) With a view to the Users' trust in the Platform, the Company shall exercise due diligence to ensure that the data is processed in a safe, reliable, lawful and transparent manner for the User.


§3 [PURPOSE OF USING COOKIES]
Cookies are used in particular to:
(1) adapt the content of the Platform to the User's preferences and end device and optimizing the use of the Platform. These files allow recording the User's choices as to language, browser, settings of selected elements of the Platform, as well as recording information about the User's location;
(2) create anonymous, aggregated statistics that help to understand how the User uses the Platform, which allows to improve their structure and content, excluding personal identification of the User. Cookies also help to ensure the refinement and smooth operation of the Platform, including testing its performance;
(3) maintain the session of the User of the Platform.


§4 [TYPES OF COOKIES]
(1) The Company uses, as a rule, two types of cookies – ‘session’ and ‘permanent’. The former are temporary files that remain on the User's device until the User logs out of the Platform or shuts down the software (web browser). ‘Permanent’ files remain on the User's device for the time specified in the parameters of the cookies or until they are manually deleted by the User.
(2) The Company uses the following types of cookies:
a. in order to provide services through the Platform:
i. indispensable - which are absolutely necessary for the proper functioning of the Platform or the functionality that the User wants to use;
ii. functional - which are important for the operation of the Platform, as they:
1. serve to enrich the functionality of the Platform; without them, the Platform will work properly, but it will not be tailored to the User's preferences;
2. serve to ensure a high level of functionality of the Platform; without them, the level of functionality of the Platform may decrease, but their absence should not prevent the complete use of the Platform;
3. serve the majority of the functionality of the Site; their blocking will result in selected functions not working properly.
b. With regard to the length of time for which cookies will be placed on the User's end device, the Company uses the following types of cookies:
i. session cookies - which are placed for the duration of the use of the browser (session) and are deleted after closing the browser or logging out of the Platform;
ii. persistent cookies - which are not deleted when the browser is closed and remain on the User's device for a specified period of time or without expiration, depending on the Platform owner's settings.
c. Due to the origin of the web site administrator who manages cookies, the Company uses the following types of cookies:
i. own cookies (first-party cookies) - which are placed on Platforms directly by the Company;
ii. external cookies (third-party cookies) - which are placed on Platforms by entities other than the Company.
d. With regard to the purpose for which cookies serve, the Company uses the following types of cookies:
i. Platform configuration - which enable the setting of features and Platforms on the Platform;
ii. Platform security and reliability - which enable verification of authenticity and optimization of the performance of the Platform,
iii. session status - which allow you to record information about how you use the Platform. These may relate to the most frequently visited Platform or possible error messages. Cookies used to record the so-called 'session state' help to improve the Platform and enhance your browsing experience on the Platform;
iv. processes - which enable the smooth operation of the Platform and the functions available on them;
v. location - which make it possible to adjust the information displayed to the location of the Uses.

§5 [COOKIES VS. PERSONAL DATA]
(1) Cookies, as a rule, do not constitute personal data, but certain information stored in such files (e.g. as to preferences), in combination with other information about the User, are treated as personal data.
(2) Personal data collected using cookies may be processed only for the purpose of performing the specified functions described above for the User. Such data shall be encrypted in a manner that prevents access by unauthorized persons.


§6 [DELETION OF COOKIES]
(1) The Company's authority to store and access cookies is based on the consent given by the User. This consent is given by the User when configuring the Internet browser or the selected Platform or Platform. The User has the option to return to these settings at any time and determine the conditions for storing or accessing this information by the Company.
(2) Web browsing software (i.e. web browsers) by default allows cookies to be placed on the User's terminal device. These settings can be changed in such a way as to block the automatic handling of cookies in the settings of the web browser or inform about their transmission to the User's device each time.
(3) In order to exercise the right of objection granted by the RODO Regulation, it is necessary to log out of all devices and delete cookies from them. The update process may take up to 48 hours.
(4) Restricting the use of cookies may affect some of the functionality available through the Platform.


§7 [SYSTEM LOGS]
(1) Information about certain behavior of the User is subject to logging in the server layer. This data is used solely for the purpose of administering the Platform and to ensure the most efficient operation of the hosting Platforms provided to the Company.
(2) Viewed resources are identified by URLs. In addition, the record may be subject to:
a. time of arrival of the request;
b. time of sending the response;
c. the name of the User's station - identification realized by HTTPS protocol;
d. information about errors that occurred during the execution of the HTTPS transaction;
e. URL of the page previously visited by the User (referer link) - in case the access to the Site was through a link;
f. information about the User's browser;
g. IP address information;
(3) The above data are not associated with specific persons browsing the Platform, and are used only for server administration purposes.