Privacy & Legal Policies of CtoC UAB
Privacy Policy
This section constitutes the Privacy Policy of CtoC UAB (hereinafter “C2C”) and is set up in accordance with the European legislation GDPR.
Types of data collected:
C2C collects different types of data:
- Information connected directly to you, such as personal data in connection with a customer relationship, both existing and potential (e.g. name, contact details, birthdate, identification documents etc.)
- Information, which does not directly identify you, also called usage data, which is data collected automatically when using the platform or app (hereinafter “Applications” of C2C) or simply by browsing our website.
Please note, that not all cookies contain personally identifiable information or other unique identifiers, but some might.
When do we use personal data?
There are several situations, where we might use your data and often this will be in connection with your specific consent or instructions, e.g. you have filled out a contact form on our website because you are interested in learning more about or services or if you choose to enter into a customer relationship with us, then some data related to you must be available to us in order for us to provide these services to you (e.g. for Anti-Money Laundering purposes, we must be able to identify you but there are also other regulatory requirements for situations, where we need to be able to use your personal data).
How do we gather the information?
Directly:
- If you fill out one of our forms, we will directly be collecting the data you provide in the form and of course we will also ask you for consent to use it to contact you and keep it for future references. We will store your data for as long as we are legally obligated. Should you decide to enter into a customer relationship with us, all such data will become part of the history of this relationship. This is also applicable for situations, where you have chosen to give your contact details to one of our employees, e.g. in the form of a business card.
- When you choose to enter into a customer relationship with us we will request specific data from you, which you must provide us with consent to register. If you are not able or willing to provide all the requested information or consent, we might not be able to provide you with our services.
- C2C uses Zendesk for support purposes. Support questions and calls will be stored in Zendesk.
Indirectly:
There are several situations where we may indirectly collect data related to you, also where this does not directly link or identify you, e.g. you browse our website using an IP address registered in country X and we can then see, that we had a visit on our site from that particular country. This is also applicable if you have given our app consent to see your location. Please note, that you can change the consent to e.g. sharing of your location on your mobile device.
Where we offer the possibility of social media sign-on, e.g. for a quick registration option where you can use an existing social media account, you are granting permission to the provider of the particular social media, which you choose to use to log into our site and/or app. The permission granted will allow the provider to share your user details with us etc. This will be subject to the terms and conditions of the social media provider and not subject to our terms and conditions. If you choose to contact us using a social media account, e.g. with facebook or linkedin, their terms and conditions also applies to this and you are granting us permission to reply to you using the same media, which you used to contact us.
Contact from us:
When you choose to request us to contact you through our contact form, you can decide how you wish for us to contact you (e.g .phone, email).
If you become a customer of ours, the majority of the communication will be through our platform as, as an extra measurement of protection of your data, we strive to limit the amount of data we will send out e.g. per email. There might be situations, where we will need to be able to contact you in connection with the services provided and we will have to either send you emails or contact your per phone and we cannot offer you an opt-out from such notifications until such time, where you decide you no longer wish to use our services.
Updating your personal data with us:
If you have set up an “account” with us, both an active customer account and a potential customer account, you can at any time log into the account and access the contact details we have on file for you. If you wish to delete or amend any data, please contact us at legal@crypto2cash.com or submit a request through the platform and we will assist you as soon as possible.
Protecting your information:
We have chosen to have several layers of protection. The password you provide when logging in is encrypted and furthermore we use 2 factor authentication for logging in to your account. A SMS will be sent to your phone in order to ensure protection against unauthorized access to your account, or you can use an authenticator app. Furthermore, we have chosen to create a platform in which most information is closed – e.g. it is not possible for most of our employees to send emails out of the platform and they are thus only able to communicate with you within the platform. This prevents unintentional sharing of your information in e.g. misspelling an email address.
In order to access the C2C CRM. C2C employees also need 2 factor authentication.
Disclosing your information:
We may disclose your information if this is needed in regards to e.g. the services provided by us. It can be that a bank is requesting information about the beneficial owner of the funds and we will then need to be able to provide any such information.
We may disclose your information if required under law, e.g. by request of a court, or if in good faith we believe such action is necessary to comply with the law and legal obligations.
Legal Policy
This section constitutes the Legal Policies of CtoC UAB
Conflict of interests:
In order to avoid conflicts of interest within the Company, the Company has established strict separation of functions principles as follows:
- The Company operates on a three lines of defence model, each of them having a separate function and each of them having separate persons fulfilling them. The fulfilment of the functions does not overlap, i.e. conflict of interests is avoided.
- The 3LoD does not assess the functioning of the internal audit (i.e., the internal auditor does not audit itself). Consequently, the internal auditor will not be involved in the development of any internal rules as the internal auditor must subsequently assess the function of the internal control system.
- The especially appointed AML Officer is responsible for putting a framework in place, and implementing necessary systems, controls and procedures to identify, escalate and manage potential conflict of interests effectively.
The Company must also avoid situations where the interests of the owners, directors and the employees of the Company (including contractors etc.) and the interests of the Customers would be in a conflict. This means the following:
- Employees must always fulfil the obligations included in this Policy and/or as stated in applicable law;
- Obligation to fulfil the obligations and rights from the Policy, including the obligation to implement the DD measures fully, must always be more important than the interest of bringing in new business (establishing new Business Relationship(s)) or servicing existing Customers;
- Employees must identify and escalate potential conflict of interests so that they may be appropriately managed and resolved;
The Board of Directors is responsible for putting the framework in place, and implementing necessary systems, controls and procedures to identify, escalate and manage potential conflict of interests effectively;
Seeking to determine potential conflict of interests that might affect the Company detrimentally relating to its fulfilment of the requirements set out in this Policy and applicable AML legislation, the Company appoints dedicated Employees that should observe the following minimum criteria and assess whether any Employees are exposed to any of the situations listed below, when the employee:
- may experience a financial advantage or avoid a financial loss at the potential expense of the compliance with the AML legislation or this Policy;
- has an interest in the result of the rendered service or in the result of a transaction concluded at the potential expense of the Company’s compliance with the AML regulation or this policy;
- receives or will receive from a person (other than the Customer) an inducement in relation to a service provided to the Customer, in the form of monies, goods or services, other than a standard commission or fee for that service;
An example conflict of interests is where an Employee would prefer personal financial gains to properly implementing the Company’s obligations and/or rights from the Policy and/or the applicable law.
In the performance of their functions, each Employee must ascertain whether there is any conflict of interests and avoid conflict of interests. An Employee who is exposed to the conflict of interests must not be responsible for dealing with the relevant Customer and such function should be fulfilled by another Employee who is not in the conflict of interest. If the conflict of interest cannot be avoided by any Employees, then such a Customer will not be onboarded and/or provided services by the Company.