We are delighted that you have chosen to use our App or visit our website. We take our data protection responsibilities with the utmost seriousness and we have designed our website so that you may navigate and use our website with only having to provide the necessary Personal Data for your own and other users protection.
Blockchain technology, also known as distributed ledger technology (or simply ‘DLT’), is at the core of our business and technology. Blockchains are decentralized and made up of digitally recorded data in a chain of packages called ‘blocks’. The manner in which these blocks are linked is chronological, meaning that the data is very difficult to alter once recorded. Since the ledger may be distributed all over the world (across several ‘nodes’ which usually replicate the ledger) this means there is no single person making decisions or otherwise administering the system (such as an operator of a cloud computing system), and that there is no centralized place where it is located either.
Accordingly, by design, a blockchain’s records cannot be changed or deleted and is said to be ‘immutable’. This may affect your ability to exercise your rights such as your right to erasure (‘right to be forgotten’), or your rights to object or restrict processing of your Personal Data. Essentially, data on the blockchain cannot be erased and cannot be changed. Although “smart contracts” may be used to revoke certain access rights, and some content may be made invisible to others, data may not necessarily be fully deleted.
Further, in certain circumstances, in order to comply with our contractual obligations to you (such as delivery of tokens) it will be necessary to write certain Personal Data, such as your Ethereum or other cryptocurrency wallet address, onto the DLT; this is done through a “smart” contract and requires you to execute such transactions using your wallet’s private key.
In most cases the ultimate decisions to (i) transact on the blockchain using your Ethereum or other cryptocurrency wallet address, as well as (ii) share the public key relating to your Ethereum or other cryptocurrency wallet address with anyone (including us) rests solely with you.
Client confidentiality and privacy of personal data is central to the Company’s offering. In accordance with the EU’s General Data Protection Regulation (“GDPR”) the Company has factored in data protection considerations from inception and will ensure that Clients, by default, will get the maximum privacy settings (Privacy by Design) unless disclosure is necessary due to a legal obligation or with your prior explicit Consent.All of your personal data will be hosted and stored on cloud based secure and encrypted databases, under our ultimate control, with GDPR compliant data processors whose servers are located within the EU or a country deemed by the EU to provide adequate protection with regard to data protection.
As with other DLT applications, wallet addresses and transactions will be stored on the blockchain and will accordingly be publicly available however no personal data linked to the wallet will be stored on the blockchain.
The wallet is created upon successful registration and it is essentially an Ethereum private key generated on your desktop directly from within our application or website. We do not own the wallet but merely facilitate its creation and the private key and recovery details are only known to you and we do not have the ability to recover these wallets if you forget or inadvertently lose the password. You are in full control of and the owner of the wallet at all times.
IF YOU WANT TO ENSURE YOUR PRIVACY RIGHTS ARE NOT AFFECTED IN ANY WAY, YOU SHOULD NOT TRANSACT ON BLOCKCHAINS INCLUDING CLOSE CROSS’ DLT AS CERTAIN INFORMATION RIGHTS MAY NOT BE FULLY AVAILABLE OR EXERCISABLE BY YOU OR US DUE TO THE TECHNOLOGICAL INFRASTRUCTURE OF THE BLOCKCHAIN OR DLT. IN PARTICULAR THE BLOCKCHAIN BY ITS VERY NATURE IS AVAILABLE TO THE PUBLIC AND ANY PERSONAL DATA SHARED ON THE BLOCKCHAIN WILL BECOME PUBLICLY AVAILABLE
We may collect and process Personal Data about your use of our website. This data may include:
This data may be processed in order to deliver the content of our website correctly, to optimize the content of our website to ensure the long-term viability of our information technology systems and website technology, and to provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. The legal basis for this processing is our legitimate business interests, namely monitoring and improving our website and the proper protection of our business against risks and your consent when agreeing to accept cookies.
When participating in the derivatives market, Personal Data may be collected and processed by CloseCross and/or the Ethereum blockchain network. The data will be stored in different instances.
A) On the Ethereum blockchain the following data will be stored:
The data will be stored on the Ethereum Blockchain. Given the technological design of the blockchain, as explained in Section1, this data will become public and it will not likely be possible to delete or change the data at any given time.
This Personal Data may be processed in order to deliver the functionality of the product and services which you have requested us to provide as well as to comply with our legal requirements such as anti-money laundering and counter of terrorism legislation and other relevant laws governing our operations.
B) In our Database the following personal data will be stored:
This Personal Data is required to be processed in order to deliver the functionality of the product and services which you have requested us to provide as well as to comply with our legal requirements such as anti-money laundering and counter of terrorism legislation and other relevant laws governing our operations and in order to further our legitimate interests, namely monitoring and improving the services that we provide to you.
C) Furthermore we will store log data which includes:
This Personal data may be processed in order to deliver the functionality of the product and the services which you have requested us to provide.
If you have subscribed to our email notification service, each time you receive an email notification from us, we may collect and process Personal Data. This data may include:
This Personal Data is collected and processed for the purpose of improving the content of our email notification service. The legal basis for this processing is your explicit consent when you agree to sign up to our regular e-mail notifications . You can opt out of receiving our e-mail notifications at any time by removing your consent.
When participating in our product research, we may collect and process Personal Data. This data may include:
The legal basis for this processing is your explicit consentwhich is required to be provided by you before participating in the product research. You can opt out of your participation inour product research by removing your consent and and we will cease processing your data with regard to our product research
We may process any of your Personal Data where it is necessary to establish, exercise, or defend legal claims. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
The Primary 3rd party services that we utilise are listed below:-
When using the Close Cross platform and specifically your wallet address and the transactions made with the account will be stored on the Ethereum blockchain. As mentioned, previously the wallet is created upon successful registration and it is essentially an Ethereum private key generated on your desktop directly from within our application or website. We do not own the wallet but merely facilitate its creation and the private key and recovery details are only known to you and we do not have the ability to recover these wallets if you forget or inadvertently lose the password. You are in full control of and the owner of the wallet at all times.
The information will be displayed permanently and public, this is part of the nature of the blockchain. If you are new to this field, we highly recommend informing yourself (and consult with subject matter professionals) about the blockchain technology before using our services.
We use the Amazon Web Server (AWS) to store log and database data as described in section 2 For further information and the applicable data protection provisions of AWS please visit https://aws.amazon.com/privacy/?nc1=f_pr.
In order to participate in CloseCross’ technology and platform all users must have successfully passed through KYC/AML (Know Your Customer / Anti Money-Laundering) checks/review. For this purpose, we utilise the services of SumSub(https://www.sumsub.com/).
Where we use thirdparty data processors we will always ensure that a GDPR compliant data processing contract is in place between us, as the Data Controller and the third party as our data processor. This contract ensures that each party complies with the requirements of GDPR, protects your personal data and ensures that both parties understand their role regarding the personal data that is being processed and are able to demonstrate this.
GDPR restricts the transfers of personal data outside of the EU/EEA or to a country deemed by the EU not to provide adequate protection from a data protection perspective, unless the rights of individuals in respect of their personal data is protected .
We always attempt to avoid transferring your personal data outside of the EU/EEA (or to a country deemed by the EU to not provide an adequate level of data protection), however whilst providing our services to you it maybe necessary from time to time for us to transfer yourpersonal data to such a jurisdiction. In such instances we will always ensure that such personal data is transferred subject to the “additional safeguards” as required within GDPR
For regulatory purposes and to protect you as a customer, we do utilise automated decision making processes when undertaking our risk assessment processes. Our risk assessment process is used to determine whether certain instruments are appropriate for use by you.Pursuant to GDPR where such automated decision making exists, and it produces an adverse legal effect or significantly effects you, you have a right to not be subject to a decision which is based solely on automated processing. In such instances we will provide a process where you can requesthuman intervention, express your point of view,obtain an explanation of the decision and permit you to challenge the decision.
We have put in place reasonable and appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your Personal Data on ourexplicit instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
You have certain rights under applicable legislation, and in particular under Regulation EU 2016/679 (General Data Protection Regulation or ‘GDPR’). We explain these below. You can find out more about the GDPR and your rights by accessing the European Commission’s website.
Right to rectification
Right to erasure (right to be ‘forgotten’)
You have the general right to request the erasure of your Personal Data in the following circumstances:
- the Personal Data is no longer necessary for the purpose for which it was collected;
- you withdraw your consent to consent based processing and no other legal justification for processing applies;
- you object to processing for direct marketing purposes and this is the only purpose for us processing your personal data ;
- we unlawfully processed your Personal Data; and
- erasure is required to comply with a legal obligation that applies to us.
However as noted above, when interacting with the blockchain we may not be able to ensure that your Personal Data is deleted or erased. This is because by its nature the blockchain is a public decentralized network and blockchain technology does not generally allow for data to be deleted and your right to erasure may not be able to be fully enforced. In these circumstances, we will only be able to ensure that all Personal Data that is held by us is permanently deleted.
Right to restrict processing and right to object to processing
You have a right to restrict processing of your Personal Data, such as where:
However, when interacting with the blockchain, as it is a public decentralized network, we will likely not be able to prevent external parties from processing any Personal Data which has been written onto the blockchain. In these circumstances we will use reasonable endeavours to help ensure that all processing of Personal Data held by us is restricted, notwithstanding this, your right to restrict to processing may not be able to be fully enforced.
Right to data portability
Where the legal basis for our processing is your consent or the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, you have a right to receive the Personal Data you provided to us in a structured, commonly used and machine-readable format, or ask us to send it to another person.
Right to freedom from automated decision-making
Right to object to direct marketing (‘opting out’)
You have a choice about whether or not you wish to receive direct marketing information from us. In order for us to provide you with direct marketing informationyou must provide your prior explicit consent, which can be removed at any time.
Right to request access
As Data Controller we have 1 month to respond to your Data Subject Access Request, and we are obliged to provide this free of charge in most circumstances.
Raising a complaint about how we have handled your personal data
Right to lodge a complaint with a relevant supervisory authority
If we have not responded to you within a reasonable time or if you feel that your complaint has not been resolved to your satisfaction, you are entitled to make a complaint to the Data Protection Commissioner
You have the right to lodge a complaint with the Supervisory Authority in the country of your habitual residence, your place of work, or the place where you allege an infringement of one or more of our rights has taken place, if that is based in the EEA or a country deemed by the EU to have adequate data protection legislation.
Close Cross (IoM) Limited is registered as a data controller in the Isle of Man and complaints can be made direct to the Isle of Man Information Commissioner at https://www.inforights.im/
This website is owned and operated by
Close Cross Limited.
registered in London, UK under registration number 06444459, and our registered office is located at:
Close Cross Limited
Suite 27A, 23 Wharf Street,
Close Cross (IoM) Limited
Registered in the Isle of Man under registration number and our registered office is located at
14 Athol Street
Isle of Man