As a responsible company, Foris Limited is aware that it is very important to you to understand how we collect, store, share and use your personal information with regards to the Crypto.com Affiliate Program (“Program”). The Program offers you the opportunity to get paid by directing potential customers to certain Crypto.com websites and applications in accordance with the terms of Crypto.com Affiliate Program Agreement and Crypto.com Affiliate Participation Terms (collectively, “Agreement”).
This Crypto.com Affiliate Program Privacy Notice (“Privacy Notice”) explains how we collect, store and otherwise process your personal information in relation to the Program. However, the information we will process about you will vary depending on your personal circumstances.
We are committed to ensuring that your personal information is handled in accordance with the principles set out in the applicable legislation. In this Privacy Notice the terms “personal data” and “personal information” are used interchangeably.
Foris Limited, with registered address 1506-1507 Pacific Plaza 410 Des Voeux Road West Hong Kong is the data user or data controller for this information unless this notice specifically states otherwise.
Please review this Privacy Notice carefully before applying for the Program having in mind that you should read it in conjunction with any other additional documents we may address to you. Please note that this Privacy Notice does not grant you any contractual rights, nor creates legal obligations for us. When appropriate we will provide a “just in time” notice to cover any additional processing activities not mentioned in this Privacy Notice. For further questions, you may contact our Data Protection Officer at [email protected].
- How do we get your personal information
- What personal information we process and why
- Lawful basis for processing your personal information
- What will we do with the information you give us?
- How long we keep your personal information
- How we protect your personal information
- Data sharing
- Do we use any data processors
- Your rights in relation to this processing
- Transfers of personal information
- Further information
We may get personal information about you from the following sources:
- directly from you;
- from referees, either external or internal;
- public sources, such as professionally related social networks.
This Privacy Notice applies to any personal information concerning you, regardless of the form they are incorporated in – such as emails, hard copies of documents or electronic documents. The categories of personal information will depend on the stage of the application process. We do not envisage processing any sensitive information (or special categories of personal information) concerning you, such as health information. In case such processing is necessary, we will comply with the respective statutory requirements.
You may apply for the Program by using our online application system available on our website, where your details will be collected on our behalf by a specialized service provider.
At this stage we may process the following personal information concerning you:
- full name;
- contact email;
- Crypto.com account email;
- country of residence;
- number of followers/visits on social media platforms/channels;
- links to websites, platforms and/or channels where the Program Activities will be performed, as defined in the Agreement;
- targeted region where the Program Activities will be performed, as defined in the Agreement.
Access to the above personal information will be provided to carefully selected members of our team involved in the application management process.
If you are selected to be part of the Program, we will collect some additional information from you in order to prepare the contractual documentation for your engagement:
- identity card or passport number and country of issuance;
- resident address (including country, city, street and house or apartment number).
You do not have to provide what we ask for, but it may affect your application if you don’t.
We do not use your data for automated individual decision making, which means we do not take decisions about you by way of technological means and without personal participation.
Note that we may process your personal information for more than one lawful basis depending on the specific purpose for which we are using your personal information. You may contact us if you need details about the specific lawful basis we are relying on to process your personal information:
- processing of your personal information is necessary during the Application and Onboarding stages in order to take steps at your request prior to entering into a contract (for instance, in order to administer your application) and for the performance of a contract;
- processing of your personal information is necessary for compliance with a legal obligation to which we are subject;
- processing is necessary for the purposes of the legitimate interests pursued by us as contracting entity and our interests do not contradict your interests, fundamental rights or freedoms (for instance, the interest in assessing your suitability for the Program, organizing and conducting of interviews, selection of the most suitable candidates).
We do not usually need your consent for processing personal information concerning you. If we need it, we will ask for it and provide you with the respective information as required by law. Depending on the applicable data protection framework, for example, if you are a resident of the European Economic Area (“EEA”) or the United Kingdom (“UK”), you may also have the right to withdraw your consent at any time, but please note that this will not affect the lawfulness of processing based on your consent before its withdrawal.
We will use all the information you provide to manage your application with a view to assess your suitability for joining the Program, offer you a role in the Program and to fulfil legal requirements, if necessary.
We may use any feedback you provide about your application process to develop and improve our future application campaigns.
We will not share any of the personal information you provide with any third parties for marketing purposes.
Our general approach is to keep your personal information for as long as necessary in order to meet the purpose for which they have been collected by us.
In some cases the period for which we will keep your personal information is provided by law.
For more information you may contact our Data Protection Officer at [email protected].
We follow the necessary physical, technical and administrative security standards with the aim to protect your personal information from loss, misuse, alteration, destruction or damage, as required by law. If you want to know more about our security practice, please visit this link.
If you need more information on our security and privacy practices, we would be glad to give you more details – please contact our Data Protection Officer at [email protected]. Do not forget that you also play a major role in the process of protection of your personal information and shall observe to whom you share your personal information and how you protect your communications and devices.
In some circumstances, such as under a court order, we may disclose your personal information to specific categories of persons, entities, state bodies or other organizations. We may also share information about you with third parties including external auditors.
Our service providers
We use service providers in order to facilitate the management of our business. Such may be, for example, lawyers or other legal advisors – in case of disputes or in regard to other legal procedures; experts – in order to comply with our obligations; other service providers, such as IT maintenance and platforms management; other business partners.
Our service providers have access to your personal information and may use it only for the completion of the respective tasks assigned to them and based on our instructions.
Companies from our corporate group
Since we are an international business, we may need to share your personal information within our corporate group.
Data recipients upon reorganization and changes to our business
In case we are part of sale negotiations concerning our business or a part thereof, merging our business with other business, we are acquired by other business or we are subject to other kind of reorganization, we may have to share your personal information or a part thereof to the respective business or to its legal consultants as part of any due diligence process for the purposes of the analyzing of the proposed sale or reorganization.
We may need to share your personal information to the reorganized business structure or to a third structure after the reorganization has been finalized.
If provided by law and upon compliance with the statutory provided procedure, we may share your personal information to the respective state bodies.
Yes - a list of our current data processors can be found at Annex A – Data Processors.
As an individual you have certain rights regarding our processing of your personal information. The rights available to you depend on our reason for processing your personal information. If you need more detailed information or wish to exercise any of the rights set out below, please contact our Data Protection Officer at [email protected].
If you are an EEA resident, you may find more information on your rights here (attention: a link to a third-party website). You may make a complaint about the way we process your personal information to the supervisory authority in the EEA Member State of your habitual residence, place of work or place of the alleged infringement. Information about your supervisory authority could be found here (attention: a link to a third-party website).
If you are a UK resident, you may find more information on your rights here (attention: a link to a third-party website). You may make a complaint about the way we process your personal information to the Information Commissioner’s Office.
If you do not reside in an EEA Member State or the UK, your rights provided by law may be more limited. However, we will strive to make sure you enjoy to the maximum extent the rights available to EEA and UK residents. You may contact your local data protection regulatory authority as regards your right to make a complaint. The local data protection regulatory authority for Hong Kong is the Office of the Privacy Commissioner for Personal Data.
You may also seek a defense of legal claims before the competent court.
We would, however, appreciate the chance to deal with your concerns before you approach a data protection regulatory authority, so please feel free to contact us in the first instance.
Please also note that depending on the applicable data protection framework, we may have different time periods to respond to your request. We usually have one month for EEA and UK residents (which may be extended by two further months where necessary, taking into account the complexity and number of the requests) and we strive to comply with the same period even if the respective applicable law provides for a longer period. If the law provides for a period shorter than one month, we will act accordingly.
We share your personal information within our group. This will involve transferring your personal information outside Hong Kong, EEA, the UK or the origin of where your personal information is collected.
We follow the specific legal framework applicable to such transfers. For example, whenever we transfer your personal information out of the EEA or the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- the country to which we transfer your personal information has been deemed to provide an adequate level of protection (attention: a link to a third-party website) for personal data by the European Commission;
- a specific contract approved by the European Commission which gives safeguards to the processing of personal data, the so-called Standard Contractual Clauses.
Please contact our Data Protection Officer at [email protected] if you want further information on the specific mechanism used by us when transferring your personal information out of the EEA or the UK. Please also note that future changes to the Standard Contractual Clauses are expected for transfers from the UK. When this situation arises, we will comply with the guidance provided by the UK supervisory authority in this regard.
In the course of your application for our Program we may give or receive references about you. We usually treat such references as confidential. Please note that the personal information included in such confidential reference may be exempt from the right of access.
Annex A – Data Processors
Data processors are third parties who provide certain parts of our staff services for us. We have contracts in place with them and they cannot do anything with your personal information unless we have instructed them to do so. You may find below more specific information in this respect. If you have any additional questions in this regard, please do not hesitate to contact our Data Protection Officer at [email protected] .
|Data Processor||Purpose||Privacy Notice|
|Storage and communications||Third party link|
|Tableau||Data visualization||Third party link|