CryptoEye OÜ is the controller and is responsible for your personal data processing when you use his «Genesis Vision» technical service («Platform») and services described in terms and conditions («Service»). In CRYPTOEYE OÜ we respect your privacy and therefore all companies within the GENESIS MARKETS group of companies are committed to protect information that identifies or is capable of identifying an individual («personal data»), which it collects, uses and/or has access to. When we provide our services to you, we use the Clients’ personal data («data»), i.e. any information transmitted by the Client that is personal identifiable information and may identify the Client as the subject of personal data processing.
In order to get registered at https://genesismarkets.io (or their mobile versions), you may need to provide us with certain identifying details, in order for us to be able to provide our services efficiently and/or in order for us to comply with our ongoing legal and regulatory obligation, including, inter alia, to prevent fraud and Money Laundering.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data)
Processing of your data is carried out by our Company following the principles of lawfulness, fairness, transparency, and always adhering to the intended purpose of data processing, the principle of data minimization, accuracy, limited data storage, data integrity, confidentiality and accountability.
The Company will take measures to implement advanced data protection policies and procedures and to update them from time to time for purpose of safeguarding the Client's private information and Accounts. Your data is protected by the legal, administrative and technical measures that we take to ensure the privacy, integrity and accessibility of data. To prevent security incidents with your data, we use a mixed organizational and technical approach based on the results of annual risk assessment.
Please note that some types of information are classified as ‘sensitive’ for the purposes of European data protection law and there are additional restrictions on how we may use and hold this information. As a general principle, we do not collect and/or process in any way special categories of data (i.e. sensitive data) relating to race, ethnicity, political views, membership in trade unions, religious and philosophical views, health, sexuality, sexual orientation of the subject, or genetic and biometric data.
Generally, it is necessary to obtain your consent before we can hold and use such information. However, we note that it may be necessary to hold and use such information without consent for limited statutory purposes such as monitoring compliance with our equal opportunities policies and health and safety rules, or if necessary to protect your vital interests, for legal claims, or in the public interest.
In any case, we will make clear the purposes for which we wish to use your sensitive information if and when it is being collected, and, if necessary, obtain your consent at that time. In such cases, you will be able to withdraw your consent at any time.
As a precondition for performing online transactions, the Client may be asked to provide certain identifying documents and any other documents required by the Company. Please note that if such documents are not provided, the Company may, at its sole discretion, freeze the Client's Account for any period of time as well as to permanently close the Account. If you refrain from providing required documents it might have as a consequence that you may not be able to benefit from some of the service offerings provided by us and/or not allow us to provide you with our services in a secure manner.
The Company shall not divulge any private information of its Clients and former Clients unless the Client approved in writing such disclosure or unless such disclosure is required under applicable law or is required in order to verify the Client's identity. The Clients' information is passed only to employees of the Company dealing with the specific Client's Accounts. All such information shall be stored on electronic and physical storage media according to applicable law.
The Client acknowledges that all or part of the information concerning the Client's Account and Transactions will be stored by the Company and may be used by the Company in case of dispute between the Client and the Company.
The Client is responsible for updating any personal data provided to us in case of any change. Although we will strive to keep your personal up to date and review and inspect any information provided by the Client, for any purpose we may not be able to always do so without your help. The Client acknowledges that the Company holds neither commitment nor responsibility to the Client due to any aforesaid review or inspection of information.
Why do we process your data (purpose of the processing) and on what legal basis
We process the aforementioned personal data in compliance with the provisions of GDPR and the applicable local legislation as amended from time to time.
- For compliance with a legal obligation
- For the performance of contractual obligations
- For the purposes of safeguarding our legitimate interests
- On the basis of your consent
The information which your share with us
To provide you with our services we process different types of information. Indicatively we set out below some categories of data we may collect and further process:
First name, last name, and patronymic (if available) are used for user identification. For identification of your location we use information including, inter alia, your residence address. For identification of your account we use your account photo.
We don’t allow for users under 18 years old to use our services, thus we need the date of your birth to clients ages checks.
Your contact phone number is needed for verification, for providing to you secure authentication and support services. Your email is used for identification and authentication. Besides of it, we provide to you identification and authentication services via social networks protocols and use the links to the your accounts in social networks in these purposes.
To comply the DIRECTIVE 2005/60/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL OF 26 OCTOBER 2005, PERSONAL DATA PROTECTION ACT 2007, PUBLIC INFORMATION ACT 2001, ELECTRONIC COMMUNICATION ACT 2005 we use your data in KYC (Know your customer) Scoring Processing, in which we need to obtain reasonably complete information about you for conducting financial transactions in order to prevent money laundering, financing of terrorism and tax evasion. The next data we use in KYC process: identity document information, residence address certifying document information, your economic profile (information on annual income, net profit, expected annual amount of investment, sources of funds), your conformity assessment (education, employment status, trading experience), number of your payment wallet). During our activity we are in particular in compliant with § 6 of the PERSONAL DATA PROTECTION ACT 2007 including but not limited the principles of minimalism and security.
Personal contact details provided and/or will be provided by you during your activity at https://genesismarkets.io may be used by the Company for direct marketing purpose (within the legitimate interests of the Company) i.e. sending the advertising content to you. The information about your contact phone number, email and gender is needed in marketing goals and for providing the effective and personalized customer service to you. We use your data to communicate with you in case of support and sending newsletters, push-messages and calls to keep you in touch with our new features, news and events and the efficient provision of the full scope of our services.
If you don’t want to receive any marketing newsletters or transmit your data to the third-parties for marketing purposes, you can configure your preferences. Such configuring can be done when (i) opening an account or (ii) when receiving such advertising content or (iii) by logging in and going to My Account > Personal Details. You may also send to the Company, at any time, an email to [email protected] asking the Company to cease from sending such advertising content or sending your data to the third-parties in the marketing purposes. The aforesaid mark removal and/or e-mail receipt by the Company will oblige the Company to cease sending advertisement content to the you within 7 (seven) business days.
The technical information which we automatically receive
When using our services, your device automatically transmits to us its technical characteristics. Locale (a set of parameters that determine regional settings of your interface, namely, residence country, time zone and the interface language) is used in the purpose of providing you with the best possible service within our platform.
By using the information about IP address, cookies files, information about browser and operating system used, the date and time of access to the site, and the requested pages addresses, we provide the correct operation on our web application, mobile and desktop versions of our application and monitor your behavior in the purpose of improving efficiency and usability of our services.
We use web analytics tools to track performance of our website and marketing source of user by cookies in order to optimize our marketing costs and provide users with better experience.
A cookie is a small amount of data that often includes a unique identifier that is sent to your computer or device browser from a website's computer and is stored on your device's hard drive for tracking site usage. A website may send its own cookie to your browser if your browser's preferences allow it, but, to protect your privacy, your browser only permits a website to access the cookies it has already sent to you, not the cookies sent to you by other websites. Many websites do this whenever a user visits their website in order to track online traffic flows. When you visit our website, our system automatically collects information about your visit, such as your browser type, your IP address and the referring website. Cookies do not contain any information that could identify the individual user personally.
Cookies stored may determine the path the Client took on our site and used to anonymously identify repeat users of the website and what pages were most popular for Clients. However, the Company protects the Client’s privacy by not storing the Client’s names, personal details, emails, etc. Using cookies is an industry standard and is currently used by most major websites. Stored cookies allow https://genesismarkets.io website to be more user-friendly and efficient for Clients by allowing the Company to learn what information is more valued by Clients versus what isn’t. You can set your browser not to save any cookies of this website and you may also delete cookies automatically or manually. However, please note that by doing so you may not be able to use all the provided functions of our website in full.
The third-parties with whom we share your data
In general, your data are used by our processors — the legal entities that process personal data on behalf of our Company. Our processors are Genesis Vision LP, Sum and Substance Ltd — KYC, AML and Identity Verification Processor.
With regard to the transfer of data to recipients outside the Company, we note that we strive to maintain discretion with respect to client related matters and assessments of which we acquire knowledge. We may disclose information that concerns you if we are legally required to do so, if required when you expressly order us to process a transaction or any other service and the provisions of the GDPR, applicable local legislation as amended from time to time as well as any other relevant legislation.
We may disclose your personal data to third parties in order to comply with any legal obligation or in order to enforce or apply our terms and conditions and other agreements.
Personal data is shared with companies within the CryptoEye OÜ group and organizations including but not limited to:
1. Service Providers
We may share your personal data with our trusted third-party service providers, who, on our behalf, operate, maintain, and/or support our IT systems and IT infrastructure, our websites, manage our payment solutions, perform statistical analysis, sending newsletters, provide customer support and perform other important services for us.
2. Other CryptoEye OÜ Affiliates
We may also disclose your personal data to other Group companies in in order for them to provide us with relevant services.
3. Legal Successors
A transfer of your personal data to another legal entity may occur as part of a transfer of our business or parts thereof in form of a reorganization, sale of assets, consolidation, merger or similar.
4. Regulator and state authorities
Within the context of the control, monitoring and evaluation of the legality of the licensed activity of our Company by the state regulator of the Republic of Estonia, there are mandatory requirements requiring the transfer of personal data of users processed by the controlled entity. Thus, we may share your data if required by law with Estonian Data Protection Inspectorate (Republic of Estonia) or Estonian Financial Intelligence Unit (FIU) (Republic of Estonia).
The Client's details that are provided and/or will be provided by the Client during his/her activity on the site may be disclosed by the Company to official authorities. The Company will make such disclosure only if required to be disclosed by the Company by applicable law, regulation or court order and to the minimum required extent.
5. Other disclosures
In addition to where you have consented to a disclosure of the personal data or where disclosure is necessary to achieve the purpose(s) for which, it was collected, personal data may also be disclosed in special situations, where we have reason to believe that doing so is necessary to identify, contact or bring legal action against anyone damaging, injuring, or interfering (intentionally or unintentionally) with our rights or property, users, or anyone else who could be harmed by such activities, or otherwise where necessary for the establishment, exercise or defence of legal claims.
For the subsequent provision of you with targeted and informative advertising we may transmit your data to Facebook, LinkedIn, AdRoll and Google. Besides what, we use Google services for analytic. You may at any time chose to disable and/or restrict such transfers by notifying us at the contact details listed below.
For the recognition of the text specified in the documents in order to clarify the correctness of the Client’s data, which were previously personally indicated in the service profile, we use Google Vision and may use Jumio. For the comparison of the user first and last name contained in the recognized documents with the user first and last name, which were previously personally indicated in the service profile, we may use Sum&Sub API.
Sum&Sub may provide screening service for the possible presence of the user in sanctions sheets, PEP sheets (Politically exposed person), media references for participation in criminal activities or presence in Interpol's and other agencies search lists. This kind of user verification is one of the requirements for fighting corruption and laundering of money, obtained as part of criminal activity.
We may transmit your contact data only to Mailchimp mass texting operator and Sendgrid emailing operator, Zendesk ticket system and UserEcho feedback portal for efficient communication with our Clients.
In order to ensure safe storage of your personal data we locate our equipment in the Leaseweb datacenters.
The use of service providers and disclosure of your personal data to other Genesis Vision LP companies might imply a transfer of your personal data to countries, which might not have data protection regulation as protective as in your jurisdiction and might not be considered ensuring an adequate level of protection of personal data by the EU Commission or a national data protection authority (so called «Third Countries»).
We require that all recipients of your personal data provide appropriate safeguards to protect your personal data, when it is transferred to «Third Countries», through the adherence to standard data protection clauses adopted by the EU Commission cf. the GDPR article 46(2).
How long we store your data
We store your data for the period of 5 (five) years from the date of the Platform/Service using termination by the user, whichever is later. So, the data storage period may be extended from 5 to 7 years from the Platform/Service using termination, whichever is later, by the user upon the competent authority (regulator of the Company licensed activity) request.
All other data is stored for a 30 (thirty) business days after the date of the service using termination.
At the expiration of data retention time the data is erased by irreversible destruction, and also informs all third parties, to whom the data was transferred, regarding such erasure and demand implementation of similar actions on their part.
Managing your information — YOUR RIGHTS AND HOW TO WITHDRAW CONSENTS AND UNSUBSCRIBE
We ask you to provide us true, accurate and updated information on your identity and not misrepresent yourself to be another individual or legal entity. Any changes in your identifying details shall be notified to the Company immediately and in any case no later than the 7th day from the date of such changes. If your data is incorrect or incomplete, please contact [email protected] to change your data.
You have certain rights according to the applicable data protection regulation. Some of the rights are rather complex and include exemptions, accordingly you are recommended to read relevant laws and guidance from the regulatory authorities for full explanation of these rights. However, you can find a summary of your rights below in this section.
Summary of your rights:
1. The right to access
You have a right to obtain the confirmation as to whether or not your personal data are being processed by us. In addition, you have a right to obtain more detailed information about the personal data kept and the processing undertaken by us and under certain circumstances the right to receive a copy of this personal data.
2. The right to rectification
You have the right to have inaccurate personal data about you rectified, and, taking into account the purpose of the processing, to have incomplete personal data completed.
3. The right to erasure
In some cases, you have the right to erasure of your personal data without undue delay. Those circumstances include; i) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; ii) you withdraw consent to consent-based processing; iii) the processing is for direct marketing purposes and iv) the personal data has been unlawfully processed. However, there are certain general exclusions of the right to erasure. Those general exclusions include where processing is necessary; i) for the exercising the right of freedom of expression and information; ii) for compliance with legal obligation; or iii) for the establishment, exercise or defence of legal claims. In case if you want to obtain complete erasure of your data (to apply the «right to be forgotten»), please, be informed that we may be obliged to comply with the provisions of the applicable laws for the minimum period for your data storage. The data erasure can be applied at any time, but only with respect to data that is not subject to mandatory storage provided by the applicable laws if any.
Thus, we shall take all reasonable actions to erase data, except for the data stored in accordance with the provisions of applicable laws, within 30 (thirty) business days from the date of receipt by our [email protected] of your written request. We inform all third parties, to whom the data was transferred, regarding such erasure and demand implementation of similar actions on their part.
4. The right to restriction of processing
In some cases, you have the right to restrict the processing of your personal data. Where processing has been restricted, we may continue to store your personal data. However, we will only otherwise process it i) with your consent; ii) for the establishment, exercise or defence of legal claims; iii) for the protection of the rights of another natural or legal person; or iv) for reasons of important public interest.
5. The right to data portability
To the extent the legal basis for the processing is your consent, and such processing is carried out by automated means, you have the right to receive your personal data in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
6. The right to object
You have the right to object to the processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for i) the performance of a task carried out in the public interest or in the exercise of any official authority vested in CryptoEye OÜ; or ii) the purpose of legitimate interests pursued by us or a third party. In such case we will cease processing the personal data, unless we can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms or the processing is for the establishment, exercise or defence of legal claims.
You also have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
7. The right to withdraw consent
To the extent that the legal basis for the processing is your consent, you have the right to withdraw from that consent at any time.
In case you withdraw from a consent given, then we will cease to process your personal data, unless and to the extent the continued processing is permitted or required according to the applicable personal data regulation or other applicable laws and regulations. The withdrawal from your consent will in no event effect the lawfulness of processing based on consent before its withdrawal.
If you refrain from providing required consents, or later on withdraw from the consents, it might have as a consequence that you may not be able to benefit from some of the service offerings provided by us.
8. The right to complaint to data protection supervisory authority
You may always lodge a complaint with your local data protection supervisory authority. The data protection supervisory authority in the Republic of Estonia is
ESTONIAN DATA PROTECTION INSPECTORATE
39 Tatari St.,
We do our best to ensure that we protect your personal data, keep you informed about how we process your personal data and comply with the applicable data protection regulation. In case you are not satisfied with the processing and protection of your personal data or the information you have received from us, then we urge you to inform us in order for us to improve. Please also do not hesitate to contact us, if you want to make use of your rights.
You can always withdraw from a consent to receive newsletters etc. and unsubscribe from an e-mail list by following the instructions in any e-mail or other communication you receive from us.
If you want to exercise any of your rights mentioned above and/or obtain more information regarding your rights and/or our policies and procedures please contact us through the points of contact listed in the Section OUR CONTACT DETAILS below. Please also provide us with relevant information to take care of your request, including your full name and email address so that we can identify you. We will respond to your request without undue delay.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Your help is always valuable in ensuring that your data is kept safe. Upon registration to genesismarkets.io (or their mobile versions), the Client will be asked to choose a username and password to be used by the Client on each future login and for the performance of Transactions and use of the Company's Services. In order to protect the Client's privacy and operation with genesismarkets.io, sharing registration details (including without limitation, username and password) by the Client with other persons or business entities is strictly prohibited. The Company shall not be held responsible for any damage or loss caused to the Client due to improper use (including prohibited and unprotected use) or storage of such username and password, including any such use made by a third party, and whether or not known to or authorized by the Client.
Any use of genesismarkets.io with the Client's username and password is Client's sole responsibility. The Company shall not be held responsible for any such use, including for validation that Client is actually operating in his/her Account.
The Client is obliged to forthwith notify the Company's client service of any suspicion for unauthorized use of the Account.
Encryption of your data in transit
Encryption provides a high level of security and privacy for your data. When you enter your personal data in our platform we use strong encryption technologies (such as Transport Layer Security) to protect your data during transmission from your devices to our servers.
For providing more trust and security we use digital EV (Extended Validation) Certificates issued by trusted Certificate Authorities. You can see the Green Bar in supported browser versions which confirms what all transmitted data is secure.
Protection of your data in our infrastructure
We make it a priority to develop services that are secure «by default». The «default» security of our services means that every new services and features are designed with strict security requirements in mind before we even begin development. This is the key to guaranteed protection and privacy of all data that our services handle and store, once the service or new feature is released.
For secure your data we use the pseudonymisation which allows most of our services to operate without using your actual data. Instead of that, our services use a system ID that can't be traced back to identify you.
The Company is always vigilant about the security of your data stored in our infrastructure. Because of that we locate all our equipment which used for your data processing in secure data centers. Network access to this equipment is isolated from the Internet. We use network segmentation for isolation of services which need different level of security from each other. In addition, we restrict logical access to your data for our employees on «need to know» basis. So, only personnel, who really needs your data in the purpose to provide you our best service, will access it.
Our Company is highly knowledgeable about modern threats to data security and privacy, and we are well prepared to combat them. All events that occur in our infrastructure are continuously monitored, analyzed and responded, which allows us to ensure proper protection of your data, keeping it safe from threats, vulnerabilities, and the effects of malware.
In the event of a failure that affects the accessibility of your data, we have data backup and recovery procedures in place that will us help to restore your personal data in short time. For guarantee the quick recovery we use high availability mode enabled for most critical databases which allows us to minimize downtime.
Employee awareness of data security
Our employees may handle your personal data in order to provide you with the first-class service.
To guarantee the security and confidentiality of your data, we monitor all employees’ actions with data in our systems and grant access strictly on a «need to know» basis: only employees who need access will receive it.
We hold regular training sessions to make sure that each employee understands the principles that the Company follows to achieve robust data security and privacy.
If you choose not to give your personal information
In the context of our business relationship we may need to collect personal information by law, or under the terms of a contract we have with you. Without this data, we are, in principle, not in a position to close or execute a contract with you.
If you choose not to give us this personal information, it may delay or prevent us from meeting our obligations. It may also mean that we cannot perform services needed to run your accounts or policies.
To what extent we carry automated decision-making and profiling
Any data collection that is optional would be made clear at the point of collection. To what extent we carry automated decision-making and profiling.
In establishing and carrying out a business relationship, we generally do not use automated decision-making. If we use this procedure in individual cases, we will inform you of this separately.
In some cases, we may proceed with profiling in order to evaluate certain personal aspects. We shall inform you accordingly in case we perform any profiling.
OUR CONTACT DETAILS
Who is responsible for the data processing and who you can contact
The entity responsible for your data processing is:
OFFICE 29, CLIFTON HOUSE, FITZWILLIAM STREET LOWER, DUBLIN 2, REPUBLIC OF ESTONIA
The data protection officer contact details at CRYPTOEYE OÜ are:
ROOSIKRANTSI TN 2, KESKLINNA LINNAOSA, TALLINN, HARJU MAAKOND, 10119, REPUBLIC OF ESTONIA
If you have any questions, or want more details about how we use your personal information, you may contact us at the above contact details and we will be happy to provide you with further details.
LINKS TO OTHER WEBSITES
We may provide links to third party websites. These linked websites are not under our control, and we therefore cannot accept responsibility or liability for the conduct of third parties linked to our websites. Before disclosing your personal data on any other website, we advise you to examine the terms and conditions of using that website and its privacy policies.
Your comments and feedback are always welcome.