Exchange Affiliate Privacy Notice
Crypto.com Exchange Affiliate Program Application Privacy Notice
Crypto.com Exchange Affiliate Program Application Privacy Notice
As a responsible company, we are aware that it is very important to you to understand how we collect, store, share and use your personal information with regards to the Crypto.com Exchange Affiliate Program (“Program”). The Program offers you the opportunity to get paid by directing potential customers to certain Crypto.com websites and applications in accordance with the terms of Crypto.com Exchange Affiliate Terms And Conditions (collectively, “Terms” or “T&Cs”).
This Crypto.com Exchange Affiliate Program Application Privacy Notice (“Privacy Notice”) explains how we collect, store and otherwise process your personal information in relation to the Program. However, the information we will process about you will vary depending on your personal circumstances.
We are committed to ensuring that your personal information is handled in accordance with the principles set out in the applicable legislation. In this Privacy Notice the terms “personal data” and “personal information” are used interchangeably.
The controller of your personal data is the legal entity that determines the “means” and the “purposes” of any processing activities that it carries out. Since Crypto.com is operating around the globe, this Privacy Notice applies to the processing of personal data by the following entities involved in the Program (“we”, “us”, “our”):
- Foris DAX Limited,
or the relevant Crypto.com entity that provides you with relevant Crypto.com services. You can find additional information on our companies in the Privacy Dashboard.
Please review this Privacy Notice carefully before applying for the Program having in mind that you should read it in conjunction with any other additional documents we may address to you. Please note that this Privacy Notice does not grant you any contractual rights, nor creates legal obligations for us. When appropriate we will provide a “just in time” notice to cover any additional processing activities not mentioned in this Privacy Notice. For further questions, you may contact our Data Protection Officer at [email protected].
Please review this Privacy Notice carefully before applying for the Program having in mind that you should read it in conjunction with any other additional documents we may address to you. Please note that this Privacy Notice does not grant you any contractual rights, nor creates legal obligations for us. When appropriate we will provide a “just in time” notice to cover any additional processing activities not mentioned in this Privacy Notice. For further questions, you may contact our Data Protection Officer at [email protected].
Last Update: 17 Apr 2024
How do we get your personal information
We may get personal information about you from the following sources:
- directly from you;
- from referees, either external or internal;
- public sources, such as professionally related social networks.
What personal information we process and why
This Privacy Notice applies to any personal information concerning you, regardless of the form they are incorporated in – such as emails, hard copies of documents or electronic documents. We do not envisage processing any sensitive information (or special categories of personal information) concerning you, such as health information. In case such processing is necessary, we will comply with the respective statutory requirements.
Application stage
You may apply for the Program by using our online application system available on our website, where your details will be collected on our behalf by a specialized service provider.
At this stage we may process the following personal information concerning you:
- Full name;
- Email address;
- Social media handles;
- Affiliate type;
- Registration country;
- Country of operation;
- Primary language used in your platforms/channels;
- Links to websites, platforms and/or channels where the Program will be performed.
Access to the above personal information will be provided to carefully selected members of our team involved in the application management process.
You do not have to provide what we ask for, but it may affect your application if you don’t.
We do not use your data for automated individual decision making, which means we do not take decisions about you by way of technological means and without personal participation.
Onboarding and Contractual stage
If you are selected to be part of the Program, we will process some additional information about you in order to facilitate the process for entering into a contractual relationship with you. When appropriate we will provide a “just in time” notice to cover the additional processing activities not mentioned in this Privacy Notice.
Lawful basis for processing your personal information
Note that we may process your personal information for more than one lawful basis depending on the specific purpose for which we are using your personal information. You may contact us if you need details about the specific lawful basis we are relying on to process your personal information:
- processing of your personal information is necessary during the Application stage in order to take steps at your request prior to entering into a contract (for instance, in order to administer your application);
- processing of your personal information is necessary for compliance with a legal obligation to which we are subject;
- processing is necessary for the purposes of the legitimate interests pursued by us as contracting entity and our interests do not contradict your interests, fundamental rights or freedoms (for instance, the interest in assessing your suitability for the Program, organizing and conducting of interviews, selection of the most suitable candidates).
We do not usually need your consent for processing personal information concerning you. If we need it, we will ask for it and provide you with the respective information as required by law. Depending on the applicable data protection framework, for example, if you are a resident of the European Economic Area (“EEA”) or the United Kingdom (“UK”), you may also have the right to withdraw your consent at any time, but please note that this will not affect the lawfulness of processing based on your consent before its withdrawal.
What will we do with the information you give us?
We will use all the information you provide to manage your application with a view to assess your suitability for joining the Program, offer you a role in the Program and to fulfill legal requirements, if necessary.
We may use any feedback you provide about your application process to develop and improve our future application campaigns.
We will not share any of the personal information you provide with any third parties for marketing purposes.
How long we keep your personal information
To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory or other requirements.
Here are some exemplary factors which we usually consider when determining how long we need to retain your personal information:
- in the event of a complaint;
- if we reasonably believe there is a prospect of litigation in respect to our relationship with you or if we consider that we need to keep information to defend possible future legal claims;
- to comply with any applicable legal and/or regulatory requirements with respect to certain types of personal information, for example if information is needed for audit purposes and so forth.
For more information you may contact our Data Protection Officer at [email protected].
How we protect your personal information
We follow the necessary physical, technical and administrative security standards with the aim to protect your personal information from loss, misuse, alteration, destruction or damage, as required by law. If you want to know more about our security practice, please visit this link.
If you need more information on our security and privacy practices, we would be glad to give you more details – please contact our Data Protection Officer at [email protected]. Do not forget that you also play a major role in the process of protection of your personal information and shall observe to whom you share your personal information and how you protect your communications and devices.
Data sharing
In some circumstances, such as under a court order, we may disclose your personal information to specific categories of persons, entities, state bodies or other organizations. We may also share information about you with third parties including external auditors.
Our service providers
We use service providers in order to facilitate the management of our business. Such may be, for example, lawyers or other legal advisors – in case of disputes or in regard to other legal procedures; experts – in order to comply with our obligations; other service providers, such as IT maintenance and platforms management; other business partners. Our service providers have access to your personal information and may use it only for the completion of the respective tasks assigned to them and based on our instructions.
Companies from our corporate group
Since we are an international business, we may need to share your personal information within our corporate group.
Data recipients upon reorganization and changes to our business
In case we are part of sale negotiations concerning our business or a part thereof, merging our business with other business, we are acquired by other business or we are subject to other kind of reorganization, we may have to share your personal information or a part thereof to the respective business or to its legal consultants as part of any due diligence process for the purposes of the analyzing of the proposed sale or reorganization.
We may need to share your personal information to the reorganized business structure or to a third structure after the reorganization has been finalized.
State bodies
If provided by law and upon compliance with the statutory provided procedure, we may share your personal information to the respective state bodies.
Do we use any data processors
Yes - a list of our current data processors can be found at Annex A – Data Processors.
Your rights in relation to this processing
As an individual you have certain rights regarding our processing of your personal information. The rights available to you depend on our reason for processing your personal information. If you need more detailed information or wish to exercise any of the rights set out below, please contact our Data Protection Officer at [email protected].
If you are an EEA resident, you may find more information on your rights here (attention: a link to a third-party website). You may make a complaint about the way we process your personal information to the supervisory authority in the EEA Member State of your habitual residence, place of work or place of the alleged infringement. Information about your supervisory authority could be found here (attention: a link to a third-party website).
If you are a UK resident, you may find more information on your rights here (attention: a link to a third-party website). You may make a complaint about the way we process your personal information to the Information Commissioner’s Office.
If you do not reside in an EEA Member State or the UK, your rights provided by law may be more limited. However, we will strive to make sure you enjoy to the maximum extent the rights available to EEA and UK residents. You may contact your local data protection regulatory authority as regards your right to make a complaint. The local data protection regulatory authority for the Cayman Islands is the Cayman Islands Ombudsman.
You may also seek a defense of legal claims before the competent court.
We would, however, appreciate the chance to deal with your concerns before you approach a data protection regulatory authority, so please feel free to contact us in the first instance.
Please also note that depending on the applicable data protection framework, we may have different time periods to respond to your request. We usually have one month for EEA and UK residents (which may be extended by two further months where necessary, taking into account the complexity and number of the requests) and we strive to comply with the same period even if the respective applicable law provides for a longer period. If the law provides for a period shorter than one month, we will act accordingly.
Transfers of personal information
We share your personal information within our group. This will involve transferring your personal information outside the Cayman Islands, EEA, the UK or the origin of where your personal information is collected.
We follow the specific legal framework applicable to such transfers. Whenever we transfer your personal data out of the Cayman Islands, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- Where the applicable country or territory is deemed to provide an adequate level of protection for personal data. For the purposes of this requirement, the Ombudsman considers the following countries and territories as ensuring an adequate level of protection:
- Member States of the European Economic Area (that is, the European Union plus Lichtenstein, Norway, and Iceland) where Regulation (EU) 2016/679 (the General Data Protection Regulation or “GDPR”) is applicable. The list of applicable countries and territories can be accessed here (attention a link to a third-party website); or
- Any country or territory in respect of which an adequacy decision has been adopted by the European Commission pursuant to Article 45(3) GDPR or remains in force pursuant to Article 45(9) GDPR. The list of applicable countries and territories can be accessed here (attention a link to a third-party website).
- Based on our own adequacy assessment regarding the applicable country or territory pursuant to Schedule 1, Part 2(4) of the DPL.
- Where the Ombudsman has authorised the international transfer.
Whenever we transfer your personal information out of the EEA or the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- the country to which we transfer your personal information has been deemed to provide an adequate level of protection (attention: a link to a third-party website) for personal data by the European Commission;
- a specific contract approved by the European Commission or the UK Government, which gives safeguards to the processing of personal data, the so-called Standard Contractual Clauses.
Please contact our Data Protection Officer at [email protected] if you want further information on the specific mechanism used by us when transferring your personal information out of the EEA or the UK.
Further information
Confidential references
In the course of your application for our Program we may give or receive references about you. We usually treat such references as confidential. Please note that the personal information included in such confidential reference may be exempt from the right of access.
Annex A – Data Processors
Data processors are third parties who provide certain parts of our staff services for us. We have contracts in place with them and they cannot do anything with your personal information unless we have instructed them to do so. You may find below more specific information in this respect. If you have any additional questions in this regard, please do not hesitate to contact our Data Protection Officer at [email protected].
Data Processor
Purpose
Privacy Notice