I. Scope of the Personal Data Protection Policy
This Policy may be amended, revised or supplemented at any time without prior notice. By using the Website after it is amended, revised or supplemented, the User confirms that they accept the amendments, revisions or supplements.
This Policy is available at: https://cryptosistem.com/privacy-policy/. All amended versions of Policy shall be available on the same web address.
II. Types of Data Processed; Transmission of Data; Data Retention Period
The Provider collects and processes the following personal data about Users:
- Name and surname
- Address and country of residence
- Telephone number
- E-mail address
- Dates and times of logins to the Website
- Bank account number (IBAN, SWIFT)
- Digital wallet address
- IP of the User used to access the Website
The Provider collects the data listed in the preceding paragraph for the purposes outlined in Section III and keeps the data for as long as it is justified to fulfil the purposes or for as long as it is needed to comply with applicable legislation and regulations (the “ The data collected based on the consent of the User shall be kept until the consent is withdrawn by the User.
After the expiration of the Data Retention Period the collected data shall be deleted, destroyed or anonymized unless it is determined otherwise by applicable legislation and regulation.
The collected data shall be deleted in such a manner that it shall be impossible to reconstruct such data in part or in whole.
III. Purposes of Processing; Security
The Provider uses the collected User data for the following purposes:
- registration on/login to the Website and enabling purchases of products and/or Services on the Website;
- keeping a record of registered Users of the Website;
- processing Users’ orders on the Website;
- performing executed orders;
- meeting other contractual obligations and the requirements of consumer protection laws;
- meeting the requirements of tax laws;
- communicating with Users as far as it is necessary to execute the Services and/or ordering of products;
- occasionally sending non-commercial e-mails related to the Website or any activity of the Provider;
- statistical, marketing and other analyses and research;
- occasionally sending commercial e-mail related to the Website, and/or Products and Services offered, promoted, marketed or sold by the Provider.
The Provider carries out all the personal data protection procedures and measures required by the laws of the Republic of Slovenia and the European Union.
The Provider shall execute the processing enlisted in indents 9 and 10 of the first paragraph of this Section III only upon receiving explicit consent from the User. The User shall be explicitly asked for consent regarding analyses and researches executed by the Provider and for sending occasional commercial e-mails (i.e. newsletter).
The User shall be presented with requests for consents in the registration process on the Website. The User shall have the right, at any time, to withdraw their consent to the processing of their personal data, either in whole or for one or more purposes listed in paragraph 1 of this Section III, save for the processing carried out based on the laws and regulations binding on the Provider and the processing necessary for the performance of the contract between the User and the Provider. The User may withdraw their consent by sending an email to email@example.com.
The User agrees that the Provider may assign specific tasks related to User data to third parties (data processors) on the basis of written agreement
Cookies are small files sent from the Website to the User’s browser and stored on the data medium (typically a hard drive) of the User’s electronic device (computer, smartphone etc.) as the User browses the Website. The next time the User visits the Website, the information stored in the cookie can be retrieved by the Website to inform the Website of the User’s past activity.
The Provider collects information using cookies in a manner that does not personally identify a specific User.
The Provider uses its own cookies (first-party cookies), but allows certain third parties to install their own cookies (third-party cookies).
Information on specific cookies, their data controllers, the purposes of processing data collected using cookies, and the validity period of the cookies is listed below:
|Data controller||Cookie name||Purpose of data processing||Cookie validity period|
|Provider||PHPSESSID||This cookie enables the Website to store data for the current browsing session. It is used on the Website to create user sessions and transmit data on the status of session cookies.||Since the cookie is not time-limited, the session ends when the User’s browser is closed.|
2. Google Inc.
|Google Analytics cookies||Web analytics and statistics. More information about the cookies, how they function and the purposes for which the collected data is processed is available here.||Information about the validity period of individual cookies is available here.|
The User may set, modify, adjust or revoke their consent (to the storage and accessing of cookies) in the browser they use to access the Website.
V. Rights of the User
The User may send a request to the Provider at the e-mail address firstname.lastname@example.org to confirm whether it collects or processes data related to the User. Such request may be sent once every quarter of the year.
The User may send a request to the Provider at the e-mail address email@example.com send the User a copy of any data related to the User by e-mail. Such request may be sent once every quarter of the year.
The User shall have the right to access its personal data directly at the Website. The User shall be obliged to keep such data accurate at any time. To change or update any data related to the User that may be incomplete or incorrect and are not accessible at the Website the User may send a request to the Provider at the e-mail address firstname.lastname@example.org.
The User may send a request to the Provider at the e-mail address email@example.com to permanently delete all data related to the User, except any data that the Provider is required to retain by law. Before the Provider deletes any data, it may request that the User proves their identity. Should the Provider still have any doubts as to the identity of the User, it may reject the User’s request.
The User shall have the right to receive the personal data concerning him, which he has provided to the Provided, in a structured, commonly used and machine-readable format and have the right to transmit those data to third person without hindrance from the Provider to which the personal data have been provided.
The Provider is obliged to communicate any rectification made in connection with the execution of the User’s rights.
VI. Notification of a personal data breach to the supervisory authority
In the event of a personal data breach, the Provider shall notify such breach to the competent supervisory authority. The Provider shall report a personal data breach to the police and/or competent prosecution authority should a suspicion of a criminal offence exist.
In the event the personal data breach is likely to result in a high risk to the rights and freedoms of the User, the Provider shall communicate the nature of the personal data breach to the User in clear and plain language without undue delay.
The User shall have the right to lodge a complaint with a competent supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the User considers that the processing of personal data relating to him or her infringes any applicable regulation or legislation.
Exclusion of Liability
The Provider assumes no liability for any damage suffered by the User as a result of the User providing false, inaccurate or incomplete information when registering on or visiting or using the Website.
If the above exclusion of liability is void or unenforceable for any reason, the Provider’s liability is limited to the maximum extent permitted by law.
VII. Final Provisions
If any provision of this Policy is invalid for any reason, such invalidity does not affect the validity of the rest of the Policy. In such a case, the invalid provision is deemed not to exist and the Policy applies without such provision.
Any legal relationship between the User and the Provider based on this Policy is governed by and construed in accordance with the laws of the Republic of Slovenia, and the courts of the Republic of Slovenia have exclusive jurisdiction over any dispute or controversy arising out of or in relation to this Policy.
This Policy is effective as of March 1st, 2018.