Crystal powers cryptocurrency transaction analysis and monitoring on the blockchain, bringing best-in-class anti-money laundering compliance and risk management solutions to exchanges, banks, and financial institutions.
We have determined our respective responsibilities for compliance with our obligations under applicable privacy legislation for processing your personal data concerning our global processing activities through an arrangement between you and us. In summary, we have arranged that if you want to exercise your rights, such as your right to access, correct, erase, restrict, object or port personal data or to withdraw your consent, or if you have any questions about the processing of your personal data, you can contact us in accordance with par. 11 “How to Contact Us”.
Crystal ensures that you can exercise your rights and that your questions will be handled within a reasonable time frame.
When you visit our website to read or browse through website material or to download information, we may collect and process the following categories of personal data:
You may choose to write to us or fill out certain forms for registration or online data requests, which provide the abovementioned information. We may use this information to respond to your questions and requests and to proceed with the registration for the application.
When you send us an e-mail or otherwise communicate with us online (for example, via social media), we register your communication with us.
When you are a customer of ours, we also collect data for the purpose of order processing, pricing, and other information related to your order history.
We are active on various social media platforms such as LinkedIn, Facebook, and Twitter
We collect the mentioned above categories of personal data in the following ways:
When you communicate with us via e-mail, online or social media, when you place a purchase order, when you share personal preferences with us, we collect data directly from you.
We provide certain services in co-operation with other companies (that our group of companies, which work together in processing your orders). These companies share your personal data with us if necessary for services provided to you. We also share your personal information with these third parties (please see par. 6 „Information Sharing“ below).
For example, when you follow us via social media platforms, such as LinkedIn, we can receive personal data of these platforms related to your profile.
If you send us an e-mail or communicate with us online or via social media, we process your data to respond to you.
We use automatic tools (such as cookies) to perform statistical research into general trends regarding the use of this website and the behavior of the website’s visitors to improve this website.
We collect, store and use your data for internal business purposes, such as record keeping, and to comply with our legal and fiscal obligations.
If you place an order on this website, we work on your data to process your order.
If you register on our application, we work on your data to improve our service.
We collect, use, and store your personal data to comply with the legal obligations we are subject to, if necessary for our legitimate interests or the interests of a third party, for the execution of an agreement, or on the basis of your consent.
If we process your personal data on the basis of your consent, you may withdraw your consent at any time by following the specific instructions in relation to the processing for which you provided your consent, by adjusting your settings (if available), or by contacting us (please see par. 9 ‘Your Rights’ below).
When we process your personal data for our legitimate interests or the interests of a third party, we have balanced these interests against your legitimate interests. Where necessary we have taken appropriate measures to limit implications and prevent unwarranted harm to you. Our legitimate interests may, for example, include security and safety purposes, to improve this website, or to provide better products and offers to you. For more information on these interests, please see the purposes, for which we process your personal data above. More information on the balancing tests we perform is available upon request. Where we process your personal data for our legitimate interests or the third-party interests, you have the right to object at any time on grounds relating to your particular situation (please see par. 9 ‘Your Rights’ below).
Where we process your personal data for a purpose other than that for which we collected it initially (and we rely on a legal basis other than consent or complying with legal obligations for this new purpose), we will ascertain whether processing for this new purpose is compatible with the purpose for which the personal data were initially collected. More information on this assessment is available upon request (please see par. 9 ‘Your Rights’ below).
Generally, we do not sell or share your personal data with anyone outside Crystal and its affiliates. However, we do disclose or share data with the following categories of recipients for the following purposes:
We use third parties for support services to this website, such as IT suppliers (for example, SalesForce CRM system for processing your orders), social network providers, marketing agencies, credit and charge card companies, and anti-fraud screening service providers. All such third parties will be required to adequately safeguard your personal data and only process it by following our instructions.
For statistical research, we make use of third-party software such as Google Analytics or social media platforms. These platforms also have access to the data they collect. For example, when you accept cookies for this website, we analyze cookie data for statistical research via Google Analytics.
When you use one of our services, it is possible that we share data with one of our group companies. For example, when you send us an e-mail about a subject that falls under the responsibility of one of our subsidiaries, we will forward your question to the correct subsidiary.
If the ownership of Crystal changes as a result of a merger, acquisition, transfer, sale of assets, reorganization, or bankruptcy your personal data may be transferred to the successor entity.
If we are required to by law, we also collect and share your identifying information with public authorities or governmental organizations.
This website contains links to third-party websites; if you follow these links, you exit our website. While these third-party websites are selected with care, we cannot accept liability for the use of your personal data by these organizations. For more information, please consult the privacy statement of the website you are visiting (if such a statement is provided).
Crystal ensures that your personal data are properly secured by appropriate technical and organizational measures so that they are protected against unauthorized or unlawful use, alteration, unauthorized access or disclosure, accidental or wrongful destruction, and loss.
Crystal may transfer your personal data to countries other than your country of residence (including countries outside the European Economic Area). International transferring occurs in the course of providing your services or because our affiliates, partners, or service providers have operations in countries across the world. The laws of these countries may not afford the same level of protection to your personal data.
In the course of providing your services or because our group companies, partners, or service providers have operations in countries across the world, we may transfer your personal data to Georgia, China, Russia, the United Arab Emirates, Ukraine, the United Kingdom, and the United States of America.
The European Commission has determined that certain countries outside the European Union offer an adequate level of data protection (see article 45 General Data Protection Regulation (GDPR)).
Crystal ensures that adequate safeguards are in place to comply with the requirements for the international transfer of personal data under applicable privacy laws. For transfers of personal data outside the European Economic Area, Crystal may use European Commission-approved Standard Contractual Clauses as safeguards (see article 46 General Data Protection Regulation (GDPR)). Contact us to obtain a copy.
You may contact us (please see par. 11 ‘How to Contact Us’ below) to exercise any of the rights you are granted under applicable data protection laws, which includes (1) the right to access your data, (2) to rectify them, (3) to erase them, (4) to restrict the processing of your data, (5) the right to data portability and (6) the right to object to processing.
You may ask us whether or not we process any of your personal data and, if so, receive access to that data in the form of a copy. When complying with an access request, we will also provide you with additional information, such as the purposes of the processing, the categories of personal data concerned as well as any other information necessary for you to exercise the essence of this right.
You have the right to have your data rectified in case of inaccuracy or incompleteness. Upon request, we will correct inaccurate personal data about you and, taking into account the purposes of the processing, complete incomplete personal data, which may include the provision of a supplementary statement.
You also have the right to have your personal data erased, which means the deletion of your data by us and, where possible, by any other controller to whom your data has previously been made public by us. Erasure of your personal data only finds a place in certain cases, prescribed by law and listed under article 17 of the General Data Protection Regulation (GDPR). Certain cases include situations where your personal data are no longer necessary in relation to the initial purposes for which they were processed as well as situations where they were processed unlawfully. Due to the way we maintain certain services, it may take some time before backup copies are erased.
You have the right to obtain the restriction of the processing of your personal data, which means that we suspend the processing of your data for a certain period of time. Circumstances that may give rise to this right include situations where the accuracy of your personal data was contested but some time is needed for us to verify their (in)accuracy. This right does not prevent us from continue storing your personal data. We will inform you before the restriction is lifted.
Your right to data portability entails that you may request us to provide you with your personal data in a structured, commonly used, and machine-readable format and to have such data transmitted directly to another controller, where technically feasible. Upon request and where this is technically feasible, we will transmit your personal data directly to the other controller.
You also have the right to object to the processing of your personal data, which means you may request us to no longer process your personal data. This only applies in case the ‘legitimate interests’ ground constitutes the legal basis for processing (see par. 5 “Legal Basis” above).
At any time and free of charge you can object to direct marketing purposes in case your personal data are processed for such purposes, which includes profiling purposes to the extent that it is related to such direct marketing. In case you exercise this right, we will no longer process your personal data for such purposes.
You may withdraw your consent at any time by following the specific instructions in relation to the processing for which you provided your consent, by adjusting your settings (if available), or by contacting us (please see par. 11 ‘How to Contact Us’).
Under conditions, we are entitled to deny or restrict your rights as described above. In any case, we will carefully assess whether such an exemption applies and inform you accordingly.
We may, for example, deny your request for access when necessary to protect the rights and freedoms of other individuals or refuse to delete your personal data in case the processing of such data is necessary for compliance with legal obligations. The right to data portability, for example, does not apply in case the personal data was not provided by you or if we process the data not on the basis of your consent or for the performance of a contract.
When you would like to exercise your rights, all you have to do is send your request to us using the contact details stated below (please see par. 11 “How to Contact Us”).
Crystal Blockchain B.V.; our office is located at the Strawinskylaan 3051, 1077ZX Amsterdam, the Netherlands.