Privacy Policy

Last updated: May 2020

We are delighted that you have chosen to use our App or visit our website. We take our data protection responsibilities with the utmost seriousness and we have designed our website so that you may navigate and use our website with only having to provide the necessary Personal Data for your own and other users protection.

This Privacy Policy sets out what Personal Data we collect, how we process it and how long we retain it. This Privacy Policy applies to all of our processing activities where we act as a data controller. In this Privacy Policy, "we", "us" and "our" refers to Close Cross Limited (Close Cross) a company incorporated in London, UK with its registered address at Suite 27A, 23 Wharf Street, Greenwich, SE8 3GG and Close Cross (IoM) Limited, a company incorporated in the Isle of Man with its registered address at Second Floor, 14 Athol Street, Douglas, Isle of Man, IM1 1JA. For more information about us, see the Contact Us section (section 11) of this Privacy Policy.

In this Privacy Policy, “personal data” means any information relating to you as an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an online identifier or to one or more factors specific to your physical, physiological, genetic, mental, economic, cultural or social identity.

In this Privacy Policy, “processing” means any operation or set of operations which is performed on personal data (as defined in this Privacy Policy) or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Navigating this Policy

1.Your information and the Blockchain

Blockchain technology, also known as distributed ledger technology (or simply ‘DLT’), is at the core of our business and technology. Blockchains are decentralized and made up of digitally recorded data in a chain of packages called ‘blocks’. The manner in which these blocks are linked is chronological, meaning that the data is very difficult to alter once recorded. Since the ledger may be distributed all over the world (across several ‘nodes’ which usually replicate the ledger) this means there is no single person making decisions or otherwise administering the system (such as an operator of a cloud computing system), and that there is no centralized place where it is located either.

Accordingly, by design, a blockchain’s records cannot be changed or deleted and is said to be ‘immutable’. This may affect your ability to exercise your rights such as your right to erasure (‘right to be forgotten’), or your rights to object or restrict processing of your Personal Data. Essentially, data on the blockchain cannot be erased and cannot be changed. Although “smart contracts” may be used to revoke certain access rights, and some content may be made invisible to others, data may not necessarily be fully deleted.

Further, in certain circumstances, in order to comply with our contractual obligations to you (such as delivery of tokens) it will be necessary to write certain Personal Data, such as your Ethereum or other cryptocurrency wallet address, onto the DLT; this is done through a “smart” contract and requires you to execute such transactions using your wallet’s private key.

In most cases the ultimate decisions to (i) transact on the blockchain using your Ethereum or other cryptocurrency wallet address, as well as (ii) share the public key relating to your Ethereum or other cryptocurrency wallet address with anyone (including us) rests solely with you.

Client confidentiality and privacy of personal data is central to the Company’s offering. In accordance with the EU’s General Data Protection Regulation (“GDPR”) the Company has factored in data protection considerations from inception and will ensure that Clients, by default, will get the maximum privacy settings (Privacy by Design) unless disclosure is necessary due to a legal obligation or with your prior explicit Consent.All of your personal data will be hosted and stored on cloud based secure and encrypted databases, under our ultimate control, with GDPR compliant data processors whose servers are located within the EU or a country deemed by the EU to provide adequate protection with regard to data protection.

As with other DLT applications, wallet addresses and transactions will be stored on the blockchain and will accordingly be publicly available however no personal data linked to the wallet will be stored on the blockchain.

The wallet is created upon successful registration and it is essentially an Ethereum private key generated on your desktop directly from within our application or website. We do not own the wallet but merely facilitate its creation and the private key and recovery details are only known to you and we do not have the ability to recover these wallets if you forget or inadvertently lose the password. You are in full control of and the owner of the wallet at all times.

IF YOU WANT TO ENSURE YOUR PRIVACY RIGHTS ARE NOT AFFECTED IN ANY WAY, YOU SHOULD NOT TRANSACT ON BLOCKCHAINS INCLUDING CLOSE CROSS’ DLT AS CERTAIN INFORMATION RIGHTS MAY NOT BE FULLY AVAILABLE OR EXERCISABLE BY YOU OR US DUE TO THE TECHNOLOGICAL INFRASTRUCTURE OF THE BLOCKCHAIN OR DLT. IN PARTICULAR THE BLOCKCHAIN BY ITS VERY NATURE IS AVAILABLE TO THE PUBLIC AND ANY PERSONAL DATA SHARED ON THE BLOCKCHAIN WILL BECOME PUBLICLY AVAILABLE

2. How We Use Personal Data

2.1. When visiting our website

We may collect and process Personal Data about your use of our website. This data may include:

  1. The browser types and versions used
  2. The operating system and device used to access the system;
  3. Behaviour: subpage, duration, and revisit
  4. The date and time of access to our website
  5. The Internet protocol address (“IP address”); and
  6. Any other similar data and information that may be used in the event of attacks on our information technology systems.

This data may be processed in order to deliver the content of our website correctly, to optimize the content of our website to ensure the long-term viability of our information technology systems and website technology, and to provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. The legal basis for this processing is our legitimate business interests, namely monitoring and improving our website and the proper protection of our business against risks and your consent when agreeing to accept cookies.

2.2. When trading in the derivatives markets

When participating in the derivatives market, Personal Data may be collected and processed by CloseCross and/or the Ethereum blockchain network. The data will be stored in different instances.

A) On the Ethereum blockchain the following data will be stored:

  1. Your wallet address; and
  2. Trade data (the asset types predicted upon as well as the amount predicted).

The data will be stored on the Ethereum Blockchain. Given the technological design of the blockchain, as explained in Section1, this data will become public and it will not likely be possible to delete or change the data at any given time.

This Personal Data may be processed in order to deliver the functionality of the product and services which you have requested us to provide as well as to comply with our legal requirements such as anti-money laundering and counter of terrorism legislation and other relevant laws governing our operations.

B) In our Database the following personal data will be stored:

  1. Financial information obtained to determine your level of financial risk such as details of your annual income, sector of employment and current employment status
  2. Preferred Name (as given by you)
  3. Identity verification data, such as ID documentation (passport driving licence etc.), nationality, evidence of residential address and other information such as marital status, educational details etc.
  4. your wallet address
  5. trade data; asset traded on and the amount traded
  6. holdings
  7. email address and other relevant contact details; and
  8. All the IP addresses used to login to your account

This Personal Data is required to be processed in order to deliver the functionality of the product and services which you have requested us to provide as well as to comply with our legal requirements such as anti-money laundering and counter of terrorism legislation and other relevant laws governing our operations and in order to further our legitimate interests, namely monitoring and improving the services that we provide to you.

C) Furthermore we will store log data which includes:

  1. your wallet address
  2. trade data
  3. browser description and device; and
  4. the Internet protocol address (“IP address”)

This Personal data may be processed in order to deliver the functionality of the product and the services which you have requested us to provide.

2.3. When receiving the email notification

If you have subscribed to our email notification service, each time you receive an email notification from us, we may collect and process Personal Data. This data may include:

  1. The date and time you opened the email;
  2. What (if any) links or URLs you accessed from our newsletter;
  3. The location it was accessed from.

This Personal Data is collected and processed for the purpose of improving the content of our email notification service. The legal basis for this processing is your explicit consent when you agree to sign up to our regular e-mail notifications . You can opt out of receiving our e-mail notifications at any time by removing your consent.

2.4. Product Research

When participating in our product research, we may collect and process Personal Data. This data may include:

  1. Your job;
  2. Financial risk portfolio;
  3. your trading experience;
  4. Trade data;
  5. Name; and
  6. email address.

The legal basis for this processing is your explicit consentwhich is required to be provided by you before participating in the product research. You can opt out of your participation inour product research by removing your consent and and we will cease processing your data with regard to our product research

2.5. Other uses of your Personal Data

We may process any of your Personal Data where it is necessary to establish, exercise, or defend legal claims. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.

3. Use of Third Party Applications

The Primary 3rd party services that we utilise are listed below:-

3.1. Ethereum Blockchain

When using the Close Cross platform and specifically your wallet address and the transactions made with the account will be stored on the Ethereum blockchain. As mentioned, previously the wallet is created upon successful registration and it is essentially an Ethereum private key generated on your desktop directly from within our application or website. We do not own the wallet but merely facilitate its creation and the private key and recovery details are only known to you and we do not have the ability to recover these wallets if you forget or inadvertently lose the password. You are in full control of and the owner of the wallet at all times.

The information will be displayed permanently and public, this is part of the nature of the blockchain. If you are new to this field, we highly recommend informing yourself (and consult with subject matter professionals) about the blockchain technology before using our services.

3.2. Amazon Webserver

We use the Amazon Web Server (AWS) to store log and database data as described in section 2 For further information and the applicable data protection provisions of AWS please visit https://aws.amazon.com/privacy/?nc1=f_pr.

3.3 SubSum

In order to participate in CloseCross’ technology and platform all users must have successfully passed through KYC/AML (Know Your Customer / Anti Money-Laundering) checks/review. For this purpose, we utilise the services of SumSub(https://www.sumsub.com/).

For further questions please have a look at their Privacy Policy (https://sumsub.com/privacy-and-cookie-policy/) and Terms of Use (https://sumsub.com/terms-of-use/). We may store information collected by SumSub for legal and regulatory compliance purposes only. This data may be shared with other vendors who need to conduct KYC in order to provide you with the level of service you require to use the platform. e.g. if you wanted to purchase cryptocurrency to trade with on CloseCross, an exchange may ask for your details in order to conduct their own KYC/AML checks.

3.4. SendGrid

We use Sendgrid(https://sendgrid.com) for our email notification service to subscribers. Sendgrid allows us to prepare customized Emails and manage our subscribers. We do not store any information collected by Sendgrid. Sendgrid’s privacy policy is available at (https://sendgrid.com/policies/privacy/). Sendgrid’s purpose and function is further explained on their website as above.

Where we use thirdparty data processors we will always ensure that a GDPR compliant data processing contract is in place between us, as the Data Controller and the third party as our data processor. This contract ensures that each party complies with the requirements of GDPR, protects your personal data and ensures that both parties understand their role regarding the personal data that is being processed and are able to demonstrate this.

4. Sharing Your Personal Data

We may pass your information to our business partners, administration centres, third party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing the servicesthat you have requested us to provide to you. In addition, when we use any other third-party service providers as data processors, we will disclose only the Personal Data that is necessary to deliver the service required and we will endeavour to ensure that they protect the data at all times and will only use the personal data in conjunction with our written instructions and the purposes for which we have provided the personal data to them. We will ensure that GDPR compliant data processing contracts are in place between ourselves as data controllers and all of our third party data processors.In addition, we may transfer your Personal Data to a third party as part of a sale of some, or all, of our business and assets or as part of any business restructuring or reorganisation, or if we are under a duty to disclose or share your Personal Data in order to comply with any legal obligation. However, we will take steps to ensure that your privacy rights continue to be protected under this Privacy Policy.

5. Transferring Your data outside of the EU/EEA

GDPR restricts the transfers of personal data outside of the EU/EEA or to a country deemed by the EU not to provide adequate protection from a data protection perspective, unless the rights of individuals in respect of their personal data is protected .

We always attempt to avoid transferring your personal data outside of the EU/EEA (or to a country deemed by the EU to not provide an adequate level of data protection), however whilst providing our services to you it maybe necessary from time to time for us to transfer yourpersonal data to such a jurisdiction. In such instances we will always ensure that such personal data is transferred subject to the “additional safeguards” as required within GDPR

However, when interacting with the blockchain, as explained above in this Privacy Policy, the blockchain is a global decentralized public network and accordingly any Personal Data written onto the blockchain may be transferred and stored across the globe.

6. Existence of Automated Decision-making

For regulatory purposes and to protect you as a customer, we do utilise automated decision making processes when undertaking our risk assessment processes. Our risk assessment process is used to determine whether certain instruments are appropriate for use by you.Pursuant to GDPR where such automated decision making exists, and it produces an adverse legal effect or significantly effects you, you have a right to not be subject to a decision which is based solely on automated processing. In such instances we will provide a process where you can requesthuman intervention, express your point of view,obtain an explanation of the decision and permit you to challenge the decision.

7. Data Security

We have put in place reasonable and appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your Personal Data on ourexplicit instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

8. Your Rights as a Data Subject

You have certain rights under applicable legislation, and in particular under Regulation EU 2016/679 (General Data Protection Regulation or ‘GDPR’). We explain these below. You can find out more about the GDPR and your rights by accessing the European Commission’s website.

Right Information

You have a right to be informed about the processing and use of your Personal Data andthe purpose of this Privacy Policy is to transparently provide you with this information. Of course, if you have any further questions about this Privacy Policy you can contact us on the details listed in Section 11 of this Privacy Policy.

Right to rectification

You have the right to have any inaccurate Personal Data rectified and to have any incomplete Personal Data completed. A request to rectification can be made to us either verbally or in writing. The accuracy of your Personal Data is important to us. If you do not want us to use your Personal Data in the manner set out in this Privacy Policy, or need to advise us of any changes to your Personal Data, or would like any more information about the way in which we collect and use your Personal Data, please contact us using the details in section 11.

Right to erasure (right to be ‘forgotten’)

You have the general right to request the erasure of your Personal Data in the following circumstances:

- the Personal Data is no longer necessary for the purpose for which it was collected;

- you withdraw your consent to consent based processing and no other legal justification for processing applies;

- you object to processing for direct marketing purposes and this is the only purpose for us processing your personal data ;

- we unlawfully processed your Personal Data; and

- erasure is required to comply with a legal obligation that applies to us.

However as noted above, when interacting with the blockchain we may not be able to ensure that your Personal Data is deleted or erased. This is because by its nature the blockchain is a public decentralized network and blockchain technology does not generally allow for data to be deleted and your right to erasure may not be able to be fully enforced. In these circumstances, we will only be able to ensure that all Personal Data that is held by us is permanently deleted.

Right to restrict processing and right to object to processing

You have a right to restrict processing of your Personal Data, such as where:

  • you contest the accuracy of the Personal Data;
  • where processing is unlawful you may, instead of requesting erasure, request that we restrict the use of the unlawfully processed Personal Data;
  • we no longer need to process your Personal Data but need to retain your information for the establishment, exercise, or defence of legal claims.

However, when interacting with the blockchain, as it is a public decentralized network, we will likely not be able to prevent external parties from processing any Personal Data which has been written onto the blockchain. In these circumstances we will use reasonable endeavours to help ensure that all processing of Personal Data held by us is restricted, notwithstanding this, your right to restrict to processing may not be able to be fully enforced.

Right to data portability

Where the legal basis for our processing is your consent or the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, you have a right to receive the Personal Data you provided to us in a structured, commonly used and machine-readable format, or ask us to send it to another person.

Right to freedom from automated decision-making

As explained above, we do use automated decision-making within our risk assessment process and this is undertaken to assess your suitability for use of our services and products., You do have the right to express your point of view and contest a decision, as well as request that a decision be taken with human intervention, if a decision is taken by automated decision-making and produces an adverse legal effect or significantly effects you. In such instances please contact us using the details in the Section 11 to this Privacy Policy.

Right to object to direct marketing (‘opting out’)

You have a choice about whether or not you wish to receive direct marketing information from us. In order for us to provide you with direct marketing informationyou must provide your prior explicit consent, which can be removed at any time.

You can change your marketing preferences at any time by contacting us on the details listed within Section 11 of this Privacy Policy..Furthermore, on each and every marketing communication, we will always provide the option for you to exercise your right to object to the processing of your personal data for marketing purposes (known as ‘opting-out’) by clicking on the ‘unsubscribe’ button on our marketing emails or choosing a similar opt-out option on any forms we use to collect your data. Please note that any administrative or service-related communications (to offer our services, or notify you of an update to this Privacy Policy or applicable terms of business, etc.) will solely be directed at you and such communications generally do not offer an option to unsubscribe as they are necessary to provide the level of services that you have requested and to keep you fully informed of any changes to our business model or related processes which may have an effect on you. Therefore, please be aware that your ability to opt-out from receiving marketing and promotional materials does not change our right to contact you regarding your use of our website or services as part of the contractual relationship we have with you.

Right to request access

You also have a right to access information we hold about you commonly known as a “Data Subject Access Request”. This can be made verbally or in writing. We are happy to provide you with details of your Personal Data that we hold or process. To protect your Personal Data, we follow set storage and disclosure procedures, which mean that we will require proof of identity from you prior to disclosing such information. You can exercise this right at any time by contacting us on the contact details listed in Section 11 of this Privacy Policy.

As Data Controller we have 1 month to respond to your Data Subject Access Request, and we are obliged to provide this free of charge in most circumstances.

Raising a complaint about how we have handled your personal data

If you wish to raise a complaint on how we have handled your personal data, you can contact us using the contact details listed in Section 11 to this Privacy Policy and we will then investigate the matter and report back to you with our findings.

Right to lodge a complaint with a relevant supervisory authority

If we have not responded to you within a reasonable time or if you feel that your complaint has not been resolved to your satisfaction, you are entitled to make a complaint to the Data Protection Commissioner

You have the right to lodge a complaint with the Supervisory Authority in the country of your habitual residence, your place of work, or the place where you allege an infringement of one or more of our rights has taken place, if that is based in the EEA or a country deemed by the EU to have adequate data protection legislation.

Close Cross (IoM) Limited is registered as a data controller in the Isle of Man and complaints can be made direct to the Isle of Man Information Commissioner at https://www.inforights.im/

9. Storing Personal Data

We retain your Personal Data only for as long as is necessary for the purposes for which we process the Personal Data as set out in this Privacy Policy. Our regulatory obligations or other legal obligations may require us to maintain your personal data for a number of years after the termination of our relationship.

10. Changes to this Privacy Policy

We may make changes to this Privacy Policy from time-to-time, in our sole discretion. Where we do so, we will notify those who have a business relationship with us or who are subscribed to our emailing lists directly of the changes and change the ‘Last updated’ date above.

We encourage you to review the Privacy Policy whenever you access or use our website to stay informed about our information practices and the choices available to you. If you do not agree to the revised Privacy Policy, you should discontinue your use of this website.

11. Our details

This website is owned and operated by

Close Cross Limited.

registered in London, UK under registration number 06444459, and our registered office is located at:

Close Cross Limited
Suite 27A, 23 Wharf Street,
Greenwich, London,
SE8 3GG,
United Kingdom

Close Cross (IoM) Limited

Registered in the Isle of Man under registration number and our registered office is located at

Second Floor
14 Athol Street
Douglas
IM1 1JA
Isle of Man

If you have any queries concerning your rights under this Privacy Policy, please contact us at [email protected]