Effective Date: 1 July 2019
1. Overview and Legal Basis
1.1 Overview: In order to provide the Ecrypty Group B.V. Services and to reduce the risk of fraud, Ecrypty Group B.V., the data controller, must ask you to provide the information (as defined below) about yourself, including your bank account details, information about any other financial instruments that may be connected to your Ecrypty Group B.V. wallet and the information particularly set out in Section 2 below.
it is necessary for the legitimate interests of the subsidiaries, affiliated companies and other related corporations of Ecrypty Group B.V. (collectively, the “Ecrypty Group B.V. Group”), including our interests in fulfilling the purposes in Section 3 below and when we make the disclosures referred to in Section 5 below, necessary for providing products and services of a consistently high standard, keeping our customers satisfied, and meeting our accountability and regulatory requirements around the world, in each case provided such interests are not overridden by your privacy interests;
it is necessary for us to enter into, and perform our obligations under, our contract with you, such as when we use your data for the purposes in Section 3 below;
it is necessary for compliance with a legal obligation under EU law or the laws of a Member State (e.g. any mandatory disclosures to an authority, regulator or government body); and in some cases, we have obtained your prior consent.
2. Information We Collect
2.1 Account Information: We will collect the following information for the purposes of opening and operating the Ecrypty Group B.V. account.
Account opening and usage
To open a Ecrypty Group B.V. account or use the Ecrypty Group B.V. Services, we need your:
zip code and city;
the details of your identification document(s); and email address.
Topping up and making payments:
To top-up your available balance of your Ecrypty Group B.V. account, order a payment card or make certain payments through the Ecrypty Group B.V. Services, we need (where applicable): your bank (or another payment instrument) account information; and other additional commercial and/or identification information, if you send or receive certain high-value transactions or high overall payment volumes through the Ecrypty Group B.V. Services, or we are otherwise required by anti-money laundering laws and regulations.
Know-Your-Customer/Anti-Money Laundering information from third parties and other sources:
In order to complete our customer screening and identity verification process, including checks in relation to fraud detection and prevention, anti-money laundering, know-your-client and countering of the financing of terrorism, Our payment provider DialXS or the partnering Exchanges will verify the information you provide with the Ecrypty Group B.V. Group, or those third party companies, payment partners, service providers and fraud agencies as well as information available through internet and publicly accessible social network data. In the course of such verification, we will collect information on your political opinions, records on past criminal jurisdictions and whether you are a politically exposed person or included in any sanction list.
They need you to upload a picture of yourself and your face must be recognizable in order for us to complete our customer screening and identity verification process.
Confirmations and additional information:
If they cannot verify the information that you provide, they may ask you to upload or send us additional confirmations or to answer additional questions online to help verify your information.
If you send or receive high overall payment volumes or display inconsistent transactional patterns through the Ecrypty Group B.V. Services, or if you have a limited transactional history with us, we will conduct a background check on you by obtaining information about you and/or your business, and potentially (if legally permitted) also about your directors, shareholders and partners, from a credit reference or fraud agency. If you owe us money, we may obtain additional information about you from a fraud agency, to the extent permitted by law. Ecrypty Group B.V., at its sole discretion, reserves the right to periodically retrieve and review a business and/or consumer credit report supplied by such credit reference or fraud agency for any account, and reserves the right to close an account based on information obtained during this credit review process.
2.2 Provision of the Ecrypty Group B.V. Services: We also will collect the following information to provide you with the Ecrypty Group B.V. Services:
Using your Device:
When you use the Ecrypty Group B.V. Services using any device (whether connected to Ecrypty Group B.V. wirelessly or by a fixed line or otherwise), we will additionally collect and store device sign-on data (including but not limited to device ID) and IP data in order to provide the Ecrypty Group B.V. Services.
When you use the Ecrypty Group B.V. Services to send funds to someone else, we will ask you to provide information related to that transaction. This information includes the amount and type of transaction (such as purchase of goods, purchase of services, or simple peer-to-peer transfer), and the details pertaining to the identity of the third party. Also, when you send money to another Ecrypty Group B.V. customer, you may be asked to provide your personal details to that customer to complete the transaction. Your personal details may then be passed on to us from that customer. We also collect the IP address and other identifying information about the computer or device you use to access your Ecrypty Group B.V. account or use the Ecrypty Group B.V. Services, in order to help detect possible instances of unauthorized transactions.
Website Traffic Information:
Because of the way Internet communication standards work, when you arrive at or leave the Ecrypty Group B.V. website, we automatically receive the web address of the site that you came from or are going to. We also collect information on the pages of our website which you visit, IP addresses, the type of browser you use and the times you access our website.
Cookies, Web Beacons, Local Storage and Similar Technologies:
When you communicate with us for customer service or other purposes (e.g., by emails, phone calls, tweets, etc.), or provide any feedback, we retain such information and our responses to you in the records of your account.
We may also collect public information about your business and your behavior on social media platforms (such as your e-mail address and the number of “likes” and “followers”), to the extent relevant to confirm an assessment of your transactions and/or your business, including its size and the size of its customer base.
2.3 We set out in Section 3 below greater detail (in addition to what is set out in the foregoing of this Section 2) on how we use the information we collect.
3. How We Use the Information We Collect
We will use your Account Information to provide the Ecrypty Group B.V. Services. In particular, we will use your information for the following purposes:
3.1 Internal Uses: Our primary purpose in collecting your information is to provide you with a safe, smooth, efficient, and customized experience in your use of the Ecrypty Group B.V. Services. We do this by processing your information to:
process transactions and provide the Ecrypty Group B.V. Services;
complete our customer screening and identity verification process including checks in relation to fraud detection and prevention, anti-money laundering, know-your-client and the countering of the financing of terrorism;
resolve disputes, collect fees, and troubleshoot problems;
manage risks and carry out investigations, in relation to any illegal activity or potential illegal activity or transactions for breach or potential breach of our terms and conditions;
provide you with customer support services;
improve the Ecrypty Group B.V. Services by customizing your user experience;
measure the performance of the Ecrypty Group B.V. Services and improve their content and layout;
manage and protect our information technology infrastructure;
provide targeted marketing and advertising, service updates, and deliver promotional offers based on the communication preferences you have defined for your Ecrypty Group B.V. account (please refer to the section “Our Contact with Ecrypty Group B.V. Customers” below) and your activities when using the Ecrypty Group B.V. Services; and
perform creditworthiness and solvency checks, compare information for accuracy, and verify it with third parties.
3.2 Our Contact with Ecrypty Group B.V. Customers: We communicate with our users on a regular basis via email and chats to provide requested services. We may also communicate with our users by phone to:
resolve customer complaints or claims made by users;
respond to requests for customer service;
inform users if we believe their accounts or any of their transactions have been used for an illegitimate purpose;
confirm information concerning a user’s identity, business or account activity;
carry out collection activities;
conduct customer surveys; and
investigate suspicious transactions.
We use your email or physical address to confirm your opening of a Ecrypty Group B.V. account, to send you notice of payments that you send or receive through Ecrypty Group B.V., to send you information about important changes to our products and services, and to send notices and other disclosures required by law. Generally, users cannot opt out of these communications, but they will be primarily informational in nature rather than promotional.
We also use your email address to send you other types of communications that you can control, including “news” and “notice of special third-party promotions”. You can choose whether to receive some, all or none of these communications when you complete the registration process, or at any time thereafter, by logging in to your account and then selecting settings and updating your preferences.
3.3 Other purposes: In some cases, we will also use your information for the purposes of, or in connection with:
Independent audits of our financial statements and operations – the auditors may seek to contact a sample of our customers to confirm that our records are accurate. However, these auditors cannot use personally identifiable information for any secondary purposes;
an official request from a public or judicial authority where either compelled by law or where appropriate in all the circumstances;
applicable legal or regulatory requirements;
financial accounting and invoicing purposes;
maintaining and managing insurance and insurance claims relating to our business;
services we receive from our professional advisors, such as lawyers, accountants, insurance brokers and consultants;
the transfer to a potential buyer, transferee, merger partner or seller and their advisers in connection with an actual or potential transfer or merger of part or all of Ecrypty Group B.V.’s business or assets, or any associated rights or interests, or to acquire a business or enter into a merger with it; and
protecting our rights and those of the Ecrypty Group B.V. Group.
We may combine your information with other information we collect from other companies and use it to improve and personalize the Ecrypty Group B.V. Services and send marketing communications to you. You will only receive such marketing communications from us or may participate in our ad-customization programs if you have expressly consented to doing so. If you have consented, but no longer wish to receive marketing communications from us or participate in our ad-customization programs, simply update your preferences.
5. How We Share your Information with Other Third Parties
We will share your information with the following types of third parties in the circumstances described below.
5.1 Disclose necessary information to the police and other law enforcement and/or fraud prevention agencies:
Such entities include security forces, competent governmental, inter-governmental or supranational bodies, regulatory authorities and recognized self-regulatory authorities. Disclosure to such entities will be made where (i) the law (including but without limitation the GDPR, the applicable regulations on the US Foreign Account Tax Compliance Act (the ” FATCA Law”), and regulations on the OECD common reporting standard (the “CRS Law”)) compels or permits us; or (ii) we have reason to believe it is appropriate for us to cooperate with such entities for checks in relation to fraud detection and prevention, anti-money laundering, know-your-client and countering of the financing of terrorism, or investigations in relation to any other illegal activity or potential illegal activity. If you are covered by the FATCA Law or the CRS Law, we are required to give you notice of the information about you that we may transfer to various authorities.
5.2 Disclose necessary information to other third parties such as payment processors, auditors, financial products providers, business partners, marketing and public relations agencies, shipping and courier companies, Ecrypty Group B.V. Group companies, marketplaces, service providers and your agents or legal representatives:
Such disclosure is required for purposes of our provision of the Ecrypty Group B.V. Services, investigations into transactions on breach or potential breach of our terms and conditions, support of our business operations, checks in relation to fraud detection and prevention, anti-money laundering, know-your-client and countering of the financing of terrorism, investigations in relation to any other illegal activity or potential illegal activity, bill collection, marketing, provision of customer support services and public relations purposes.
5.3 Disclose necessary information to intellectual property rights owners:
Such disclosure is required under the applicable national law in the event that an owner of intellectual property rights commences any action or pursues a claim against Ecrypty Group B.V. for an out-of-court information disclosure due to an infringement of their intellectual property rights for which the Ecrypty Group B.V. Services have been used.
5.4 Disclose necessary information to card networks and schemes:
Such disclosure is required in response to the requirements of the card networks through which your use of the Ecrypty Group B.V. Services may rely on.
5.5 Grant access to information in event of mergers or acquisitions involving Ecrypty Group B.V.:
5.6 Disclosing transactional details of Ecrypty Group B.V. users in event of transfer of funds between them:
If you are a registered Ecrypty Group B.V. user and you are sending funds or transacting with another registered Ecrypty Group B.V. user, as a part of the transaction, the name, email address, date of sign-up and pertinent transactional details of both parties will be shared as a part of transaction notification. However, your card number, bank account and other financial information will not be revealed to anyone whom you have paid or who has paid you through the Ecrypty Group B.V. Services or third parties that use the Ecrypty Group B.V. Services, except with your express permission or if we are required to do so pursuant to credit card rules, a court order or other legal process.
5.7 Disclosing information to sellers when Ecrypty Group B.V. users use purchase goods/services using the Ecrypty Group B.V. Services:
If you are buying goods or services and pay through Ecrypty Group B.V., we may provide the seller with the delivery address for the goods and your billing address to complete your transaction. If an attempt to pay your seller fails, or is later invalidated, we may also provide your seller with details of the unsuccessful payment. To facilitate dispute resolutions, we may provide a buyer with the seller’s address so that goods can be returned to the seller.
5.8 Disclosing information to loyalty schemes of which Ecrypty Group B.V. users are members:
If you link your membership of an eligible loyalty scheme to your account in our mobile app, we will share your loyalty scheme membership ID with the relevant loyalty scheme when you pay using Ecrypty Group B.V. If you remove your loyalty scheme membership ID from your Account, we will stop sharing this information.
5.9 Disclosing information to third party service providers who facilitate payments from or to you:
We work with third parties to enable them to accept or facilitate payments from or to you using the Ecrypty Group B.V. Services. In doing so, a third party may share information about you with us such as your email address or phone number, when a payment is sent to you or when you are attempting to pay that third party. We use this information to confirm that you are a Ecrypty Group B.V. customer and that Ecrypty Group B.V. can be enabled to make a payment, or where a payment is sent to you to send you a notification that you have received a payment. Also, if you request that we validate your status as a Ecrypty Group B.V. customer with a third party, we will do so. Please note that third parties you receive funds or buy from may have their own privacy policies, and Ecrypty Group B.V. is not responsible for their operations, including but not limited to their information handling practices.
6. Cross Border Transfers of your Information
6.1 Please note that some of the recipients of your information referred to above will be based in countries outside of the European Economic Area whose laws may not provide the same level of data protection. These countries are: United States and Bosnia Hercegovina. Ecrypty Group B.V. is committed to adequately protecting your information regardless of where the data resides and to providing appropriate protection for your information where such data is transferred outside of the EEA.
6.2 The appropriate safeguard we use to secure your information in the context of such transfers are the EU Model Clauses. You can find a sample of such EU Model Clauses under http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm or contact our data protection officer (see Section 10 below).
6.3 Further details of the transfers of your information outside of the European Union and the adequate safeguards used by us in respect of such transfers (including copies of relevant agreements) are also available from us by contacting firstname.lastname@example.org
7. Your Rights
7.1 You have a number of rights in relation to your information. Where you contact us to exercise your rights, we will honor your privacy request as required under the GDPR but your rights are not absolute as they do not always apply and exemptions may be applicable. You may also send us an email at email@example.com if you wish to make a complaint to us relating to your privacy.
7.2 Under the GDPR, you have rights:
of access to, rectification of, and/or erasure of your information;
to object to processing of your information;
withdraw consent to our processing of your information (to the extent such processing is based on consent) or restrict our processing of your information;
where processing your information is necessary for entering into or performing our obligations under a contract with you, you may have the right to request your information be transferred to you or to another controller; and
to request not to be subject to automated decision making.
To exercise any of your rights, or if you have any other questions about our use of your information, please e-mail firstname.lastname@example.org
7.3 Finally, you have the right to lodge a complaint with the data protection authority in the place where you live or work, or in the place where you think an issue in relation to your data has arisen.
8. Retention of your Account Information
8.1 We will retain your information for as long as necessary to fulfil the purposes outlined in Section 3. However, we will retain your information for a longer period where required by law and for the duration of any statutory limitation period for claims.
8.2 In general, although there are limited exceptions, we will retain your information during the period when you are using the Ecrypty Group B.V. Services and for at least six (6) years after your use of the Ecrypty Group B.V. Services ceases.
9. Information Security
9.1 Ecrypty Group B.V. is committed to handling your information with high standards of information security. We use computer safeguards such as firewalls and data encryption, we enforce physical access controls to our buildings and files, and we authorize access to information only for those employees who require it to fulfil their job responsibilities.
9.2 The security of your Ecrypty Group B.V. account also relies on your protection of your Ecrypty Group B.V. password. You may not share your Ecrypty Group B.V. password with anyone. Ecrypty Group B.V. representatives will never ask you for your password, so any email or other communication requesting your password should be treated as unauthorized and suspicious and forwarded to email@example.com If you do share your Ecrypty Group B.V. password with a third party for any reason, including because the third party has promised to provide you additional services such as account aggregation, the third party will have access to your account and your information, and you may be responsible for actions taken using your password. If you believe someone else has obtained access to your password, please change it immediately by logging in to your account and changing your Profile settings, and also contact us right away.