Bacryp Credit Privacy Policy

I. INTRODUCTION

This Bacryp Privacy Policy (the “Privacy Policy”) governs the privacy relationship between you (“Client” or “you”) and any holding company, subsidiary, or entity belonging to the Bacryp group of companies (“Bacryp” or “we”), regarding the processing and protection of your personal data as you use the Bacryp Services. This includes services provided on any Bacryp website, such as https://bacryp.com/ (the “Website”), mobile applications, and any other official Bacryp communication channels. The Privacy Policy applies to all content and services made available on or through these platforms, including any updates, upgrades, and versions thereof, and constitutes a legally binding agreement (the “Agreement”) between the parties.

We encourage you to read this Privacy Policy carefully to understand how the information we collect about you is used and protected. The Privacy Policy is reviewed regularly to ensure that any new services, updates, or changes to our business model and practices are taken into account.

We will notify you of any material changes to the Privacy Policy by, for example:

  • Placing a notice on the Website or the Bacryp Platform, and/or
  • Sending you an email.

Your continued use of the Bacryp Platform after changes are made is deemed to constitute your acceptance of those changes, so please review the Privacy Policy periodically for updates.

Unless otherwise stated herein, references shall be made to the Bacryp Services General Terms and Conditions, Bacryp Crypto Credit General Terms and Conditions, Bacryp Earn Interest Product General Terms and Conditions, Bacryp Exchange Service General Terms and Conditions, the Bacryp Cookies Policy, and any other terms and conditions governing the relevant Bacryp service (jointly the “Bacryp General Terms”). All defined terms used in this Privacy Policy shall have the same meaning as provided in the Bacryp General Terms, as applicable.

II. DEFINITIONS

  1. Controller
    Refers to any holding company, subsidiary, or entity belonging to the Bacryp group of companies, which acts as a personal data controller for the purposes of this Privacy Policy.
  2. Bacryp Platform
    Refers to any Bacryp website, mobile application(s), and any other official Bacryp communication channels, including the content and services made available on or through these platforms, along with any updates, upgrades, and versions thereof.
  3. Personal Data
    Refers to any information relating to an identified or identifiable natural person (the “Data Subject“). An identifiable natural person is someone who can be identified, directly or indirectly, particularly by reference to an identifier (such as a name, identification number, location data, or online identifier) or to one or more specific factors related to their physical, physiological, genetic, mental, economic, cultural, or social identity.
  4. Privacy Laws
    Refers to any applicable personal data protection legislation that governs the processing, handling, and protection of Personal Data.
  5. Processing
    Refers to any operation or set of operations performed on Personal Data or on sets of Personal Data, whether by automated means or not. This may include, but is not limited to, activities such as collecting, recording, organizing, structuring, storing, adapting, or altering, as well as retrieving, consulting, using, disclosing, or erasing Personal Data

III. INFORMATION WE COLLECT

Bacryp may collect the following types of Personal Data when you visit the Website, register on the Bacryp Platform, use Bacryp Services, and when you interact and communicate with Bacryp through any media or channel:

  1. User-Provided Information:
    • Identification Information: Full name, personal identification number, date, place and/or country of birth, your picture and/or selfie, pictures of your identification document (passport, ID, or driver’s license – front and back), email address, PEP status (Politically Exposed Persons), statements of your social status or official position held, sanctions status.
    • Contact and Communication Information: Permanent and current address, telephone number, social media profiles, tags and handles, messages on any social platform or communication channel.
    • Labour Status: Occupation, industry, employment status.
    • Financial Information: Bank account number, digital asset wallet, source of funds, source of crypto, transaction history, assets on the Bacryp Platform.
    • Other Information: Any additional information you provide to Bacryp at your own discretion.
  2. Information We Collect Automatically: When you visit the Bacryp Platform, we automatically collect the following information:
    • Technical Information: Information about your device, network, software, and internet connection. This includes:
      • Type and version of your browser.
      • Time zone setting.
      • Type and version of browser extensions.
      • Operating system and platform.
      • Screen resolution, geolocation, and font coding.
    • Website Visit Information: History of your visits, including:
      • Unified Resource Locator (URL) history to, through, or from the Bacryp Platform (including the date and time of visits).
      • Consent to Terms and Conditions and the Cookie banner.
      • Services you searched for or viewed.
      • Forwarding/initial webpages.
      • Files viewed on the Bacryp Platform (e.g., HTML pages, graphics).
      • Page response times, page load errors, access times, and webpage interaction (clicking, cursor movements), and exit pages.
      • For additional information, refer to our Cookies Policy.
    • Information Generated by Using Bacryp Services: Includes:
      • Assets on the Bacryp Platform.
      • Account status, loyalty level, transaction history.
      • Activity log, IP log, geolocation.
  3. Information We Receive from Third Parties:
    • Bacryp obtains information about you from third parties only in the context of account creation, verification, and during regular due diligence processes in compliance with statutory obligations.
    • More information about third parties and identity verification providers is available in Section [to be referenced].

IV. THIRD PARTIES

  • Limited Third-Party Data Collection:
    Apart from the information outlined above, Bacryp does not request or collect any additional Personal Data about you from third parties, unless specified in this policy.
  • Consequences of Refusal to Provide Data:
    If you refuse to provide Personal Data when requested, especially where Bacryp is required by law or under a contractual obligation to collect such data, it may affect Bacryp’s ability to perform the relevant contract. This includes the possibility that Bacryp may be unable to offer or continue providing its services to you.

V. PROCESSING PURPOSES

Bacryp processes your Personal Data only in accordance with applicable Privacy Laws and this Privacy Policy for the following purposes:

  1. Identification and Verification:
    To process your application, provide services, and verify your identity, which may include the use of biometric technologies.
  2. Transaction Services:
    To accept and process orders, payments, and communicate with you regarding orders, services, and promotional offers.
  3. Recommendations and Personalization:
    To tailor your experience on the Bacryp Platform and offer content and services that match your preferences, including saving your preferences and login information, and providing customized content.
  4. Continuous Improvement of the Bacryp Platform:
    • To provide various functionalities, analyze performance, fix errors, and improve the usability and effectiveness of the Bacryp Platform.
    • To ensure the quality and safety of Bacryp’s services, including internal quality control and debugging to repair errors affecting functionality.
    • To analyze usage metrics (e.g., pages visited, features used) and for data analysis, research, audits, reporting, or other business purposes.
  5. Compliance with Applicable Legislation:
    In certain cases, Bacryp collects and uses your Personal Data to comply with Privacy Laws and other local and international laws and regulations.
  6. Communication:
    To communicate with you regarding your access to the Bacryp Platform, the provision of Bacryp Services, and to inform you about any changes to Bacryp, its services, or the contractual relationship.
  7. Fraud Prevention:
    To monitor and detect security incidents and to protect against malicious, deceptive, fraudulent, or illegal activities, including money laundering, terrorism financing, and other criminal actions. This includes holding individuals responsible for such activities.
  8. Marketing Purposes:
    • Bacryp may use your Personal Data to send marketing communications via email or other agreed forms (e.g., social media campaigns), ensuring you are kept up-to-date with the latest Bacryp products and services.
    • All marketing communications will include an unsubscribe option.
  9. Consent-Based Processing:
    Bacryp may ask for your consent to process your Personal Data for specific purposes that will be communicated to you. If you consent to such Processing, you can withdraw your consent at any time, and Bacryp will cease processing your data for that purpose.
  10. Other Purposes:
    Bacryp may process your data for any other purposes related to the activities listed above, provided such processing is not prohibited by law.

V-1. LEGAL BASIS FOR PROCESSING

To achieve the purposes listed in this Privacy Policy, Bacryp collects and processes your Personal Data in a legitimate and transparent manner, in accordance with Privacy Laws, under the following legal bases:

  1. Contractual Necessity:
    To conclude or implement a contract with you, including the provision of Bacryp Services.
  2. Legal Obligations:
    To fulfill our obligations under applicable legislation, ensuring compliance with local and international laws and regulations.
  3. Legitimate Interests:
    For the purposes of Bacryp’s legitimate interests, provided that these do not override your own interests and rights.
  4. Consent:
    Where necessary, Bacryp will process Personal Data based on your explicit consent. In such cases, Personal Data Processing will only commence once consent is received. You have the right to withdraw your consent at any time.

VI. AUTOMATED DECISION MAKING AND PROFILING

Automated decision making refers to decisions made by technological means without human involvement. Bacryp uses automated decision-making processes for several reasons, including:

  1. Consistency and Fairness:
    Automated decisions ensure greater consistency and fairness in decision-making by reducing the potential for human error or discrimination.
  2. Efficiency:
    Automated decision-making enables faster and more efficient decisions compared to human-based processes, improving the overall speed of service delivery.
  3. Risk Mitigation:
    Automated decisions help reduce risks, such as clients failing to meet loan repayments, by making timely decisions based on data.

Automated decisions can be based on various types of data, such as:

  • Direct Data: Information provided directly by the Data Subject to Bacryp or its identity verification service providers.
  • Observed Data: Information observed about the Data Subject, such as location data collected via the Bacryp Platform.
  • Inferred or Derived Data: Data that is inferred or derived, such as your credit loan-to-value ratio as determined by the Bacryp Oracle.

VII. THIRD PARTIES

Bacryp may disclose your Personal Data to other companies within the Bacryp group for the purpose of providing our services to you. We have taken all necessary measures to ensure that all Bacryp companies handle your Personal Data with the same level of care and confidentiality.

Additionally, we may disclose your Personal Data to selected third parties outside the Bacryp group to fulfill our contractual obligations with you and for other purposes described in this Privacy Policy and the Bacryp General Terms. The categories of external third parties to whom we may share your Personal Data include:

  1. Banking and Payment Network Service Providers:
    To facilitate uploading funds, making and receiving payments, and withdrawing funds. These providers include banks, acquirers, alternative payment providers, card providers, and account information service providers.
  2. Risk Assessment and Fraud Detection Services:
    Providers that assist us with Know Your Customer (KYC) checks, anti-money laundering, and counter-terrorism financing services.
  3. Online Advertising Platforms:
    To assist with marketing Bacryp services.
  4. Analytics and Search Engine Providers:
    To improve and optimize the Bacryp Platform.
  5. Cloud Service Providers:
    To provide us with the necessary infrastructure to safely store and manage your Personal Data.
  6. Auditors, Advisors, and Legal Representatives:
    To provide advisory services to Bacryp, subject to confidentiality obligations.
  7. Government Bodies and Legal Authorities:
    Bacryp may disclose your Personal Data when legally required, including but not limited to:
    • Law enforcement bodies
    • Regulatory authorities
    • Government agencies
    • Courts
      Such disclosure will be made in good faith when it is necessary to protect your safety or that of others, to safeguard Bacryp’s rights, to prevent and investigate fraud, or to comply with a government request.
  8. Third-Party Websites and Links:
    The Bacryp Website may include links to third-party websites, plug-ins, handles, and applications. Clicking on these links or enabling those connections may allow third parties to collect or share your Personal Data. Bacryp does not control these third-party websites and is not responsible for their data processing activities. When you leave the Bacryp Website, we encourage you to read the privacy policy of every third-party website you visit.

VIII. TRANSFERS

When transferring Personal Data, Bacryp is committed to ensuring that the data importer implements security measures similar to those Bacryp applies for storing and processing Personal Data. Your Personal Data may be processed, stored, and transferred to third parties in accordance with this Privacy Policy, any contract(s) between you and Bacryp, and the consents you provide.

Personal Data may be transferred to locations outside your country of residence for processing, which includes but is not limited to:

  • Payment processing
  • Data analysis (including fraud detection, risk assessment, and compliance checks)
  • Collecting data on the use of Bacryp websites and services
  • Advertising purposes (including behavioral advertising)
  • Providing support for your service or product needs

We take all reasonable steps to ensure the safety of your Personal Data in compliance with this Privacy Policy and relevant local and international legislation.

Bases for International Transfers:

Depending on your citizenship, international transfers of Personal Data may follow different legal frameworks. Below are the key bases for such transfers:

  1. European Union (EU) Citizens:
    • Any transfers of EU citizens’ data outside the EU or European Economic Area (EEA) will be based on the 2021 European Commission Standard Contractual Clauses, unless the European Commission has issued an adequacy decision (Art. 45 GDPR) for the importing country.
    • More information on EU/EEA transfers can be found on the European Commission’s website.
  2. United Kingdom (UK) Citizens:
    • Any transfers of UK citizens’ data outside the UK will be based on the 2010 European Commission Standard Contractual Clauses, unless the UK has issued an adequacy regulation for the importing country.
    • More information on UK transfers is available on the Information Commissioner’s Office (ICO) website.

IX. DIRECT MARKETING

In accordance with applicable legislation, Bacryp may occasionally send direct marketing materials promoting its services and activities to its existing clients and users of the Website who have subscribed for updates. These communications may include promotional offers, service updates, and other relevant information.

Opt-Out Options:

You may opt out of receiving direct marketing communications at any time by using one of the following methods:

  1. Marketing Preferences Centre:
    • Each direct marketing communication will include an option for you to adjust your marketing preferences and opt out of future communications.
  2. Direct Communication:
    • You may also send an email to Bacryp’s Data Protection Officer (DPO) at sp@bacryp.com, indicating your preference to opt out of direct marketing. Bacryp will add your details to the marketing suppression list and confirm the action in writing.

X. DATA SECURITY

Bacryp takes data security seriously and has implemented robust measures to protect your Personal Data. All Personal Data collected through the Bacryp Platform or otherwise is stored on secure servers hosted in a cloud environment within the European Union (EU). Bacryp is ISO 27001 certified, ensuring that the security of your data meets international standards.

Security Measures:

Bacryp employs a variety of security measures to safeguard Personal Data, including:

  • Administrative, Technical, and Physical Safeguards:
    • Bacryp uses firewalls, data encryption, and other network safeguards to protect your data from unauthorized access, loss, or alteration.
  • Access Control:
    • Access to Personal Data is limited to employees, agents, contractors, and other third parties who require it to fulfill legal or contractual obligations.
    • Those granted access are carefully selected, regularly evaluated, and bound by confidentiality agreements.
  • Confidentiality Obligations:
    • All personnel with access to Personal Data are required to adhere to strict confidentiality agreements and follow Bacryp’s security protocols.

Breach Notification:

In the event of a security breach leading to the unlawful destruction, loss, alteration, unauthorized disclosure, or access to your Personal Data, Bacryp will notify you without undue delay, particularly when the breach poses a high risk to your rights and freedoms. Bacryp will also report such breaches to the relevant data protection authorities.

For more detailed information about Bacryp’s security practices, visit our security panel on the Website [click here].

Your Responsibility:

To further ensure the security of your data, you should keep your Bacryp Platform username and password confidential. Note that Bacryp employees will never ask for your credentials. Bacryp also conducts regular malware scanning to enhance protection.

XI. STORAGE AND RETENTION

Bacryp stores Personal Data for varying periods depending on the type of data and its specific use. Below are the key retention policies:

  • Automatic Deletion:
    Some data is automatically deleted based on predefined schedules or scripts, or upon user request (e.g., certain user preferences or activity logs).
  • Marketing Communications:
    If you opt out of receiving marketing communications, Bacryp will retain your email address on a suppression list to ensure no further promotional emails are sent to you.
  • Account Information:
    Account-related data may be retained for an extended period based on the contract between you and Bacryp, in accordance with industry standards and guidelines, and in line with Bacryp’s legitimate business interests, such as preventing promotion abuse or similar activities.
  • Business Practices:
    Bacryp may retain Personal Data for legitimate business reasons, such as improving products and services, fraud prevention, maintaining records, resolving complaints, or enforcing legal rights.
  • Legal Compliance:
    Certain categories of Personal Data must be retained to meet audit, reporting, and legal obligations, including but not limited to compliance with Financial Action Task Force (FATF) recommendations and relevant anti-money laundering legislation. For example, Bacryp is required to retain certain data for five (5) years after the relationship between you and Bacryp ends. This retention period may be extended further if stipulated by applicable laws.

XII. YOUR RIGHTS

Depending on your jurisdiction, residency, or citizenship, you may be entitled to one or more of the following Data Subject rights. Bacryp will respond to your requests promptly, generally within thirty (30) days, extendable by two months as per Art. 12 GDPR or as required by other Privacy Laws.

1. Right of Access

You have the right to obtain confirmation about whether or not your Personal Data is being processed. If so, you can access details about the processing, including the purposes, categories of data, recipients, and retention period.

2. Right to Rectification

You have the right to correct inaccurate or incomplete Personal Data.

3. Right to Erasure (Right to be Forgotten)

You can request the deletion of your Personal Data. However, Bacryp may not always be able to comply with this request due to specific legal reasons, which will be explained if applicable.

4. Right to Restrict Processing

Under certain circumstances, you have the right to request that Bacryp restricts the processing of your Personal Data.

5. Right to Data Portability

You have the right to:

  • Receive a copy of your Personal Data in a structured, commonly used, and machine-readable format.
  • Request that Bacryp transmits the Personal Data to another controller, where technically feasible.

6. Right to Object to Processing

You may object to the processing of your Personal Data for:

  • Profiling
  • Direct Marketing
  • Statistical, scientific, or historical research purposes

7. Right to Object to Automated Decision-Making

You have the right not to be subject to decisions made solely by automated means, including profiling, if these decisions have legal or significant effects on you.

8. Right to Withdraw Consent

You may withdraw your consent at any time when processing is based solely on consent. This will not affect the lawfulness of the processing carried out before the withdrawal.

Verification and Handling of Requests

  • Bacryp will take reasonable steps to verify your identity before granting access to your Personal Data.
  • Bacryp will make every effort to respond to your requests promptly, although certain requests may be denied where they are considered manifestly unfounded or excessive.
  • If your Personal Data is publicly available, you must submit any request directly to the third-party provider of that information.

Fees

  • Accessing your Personal Data and exercising your rights is generally free.
  • However, Bacryp reserves the right to charge a reasonable fee for manifestly unfounded or excessive requests.

XIII. CONTACT US

We highly value your opinion. If you have any questions or concerns about this Privacy Policy, Bacryp’s handling of your Personal Data, or you want to report a possible Personal Data Breach or exercise your rights, you can contact our Data Protection Officer (DPO).

Contact Bacryp DPO at:

Email: sp@bacryp.com

Please include the following details in your email:

  1. Full Name
  2. Preferred Communication Channel (if none, the default is email)
  3. Country of Residence and Access
  4. Type of Request (e.g., access, portability, deletion, etc.)
  5. Detailed Description of the Request

If you feel that Bacryp has not resolved your complaint satisfactorily, you can lodge a complaint directly with your local data protection authority. For a list of all European supervisory bodies, you can refer to this resource.

XIV. MISCELLANEOUS

Bacryp services are not directed at individuals under 18 years old, or those under the legal age required to enter into contractual relations with Bacryp, whichever is later. We do not knowingly collect or process Personal Data from these individuals (hereinafter referred to as “Children” or “Child”).

If we become aware that we have inadvertently collected Personal Data from a Child, we will take the necessary legal measures to delete that information. Additionally, Bacryp will require the user to close their account and will restrict further access to our services.

If you are a parent or guardian and discover that a Child has provided Personal Data to Bacryp, please contact us immediately at sp@bacryp.com.