Crypto.com Affiliate Program Privacy Notice

Last Updated: 27 June 2022

As a responsible company, Foris Limited is aware that it is very important to you to understand how we collect, store, share and use your personal information with regards to the Crypto.com Affiliate Program (“Program”). The Program offers you the opportunity to get paid by directing potential customers to certain Crypto.com websites and applications in accordance with the terms of Crypto.com Affiliate Program Agreement and Crypto.com Affiliate Participation Terms (collectively, “Agreement”).

This Crypto.com Affiliate Program Privacy Notice (“Privacy Notice”) explains how we collect, store and otherwise process your personal information in relation to the Program. However, the information we will process about you will vary depending on your personal circumstances.

We are committed to ensuring that your personal information is handled in accordance with the principles set out in the applicable legislation. In this Privacy Notice the terms “personal data” and “personal information” are used interchangeably.

Foris Limited, with registered address 1506-1507 Pacific Plaza 410 Des Voeux Road West Hong Kong is the data user or data controller for this information unless this notice specifically states otherwise.

Please review this Privacy Notice carefully before applying for the Program having in mind that you should read it in conjunction with any other additional documents we may address to you. Please note that this Privacy Notice does not grant you any contractual rights, nor creates legal obligations for us. When appropriate we will provide a “just in time” notice to cover any additional processing activities not mentioned in this Privacy Notice. For further questions, you may contact our Data Protection Officer at [email protected].

In this notice

How do we get your personal information

We may get personal information about you from the following sources:

  • directly from you;
  • from referees, either external or internal;
  • public sources, such as professionally related social networks.

What personal information we process and why

This Privacy Notice applies to any personal information concerning you, regardless of the form they are incorporated in – such as emails, hard copies of documents or electronic documents. The categories of personal information will depend on the stage of the application process. We do not envisage processing any sensitive information (or special categories of personal information) concerning you, such as health information. In case such processing is necessary, we will comply with the respective statutory requirements.

Application stage

You may apply for the Program by using our online application system available on our website, where your details will be collected on our behalf by a specialized service provider.

At this stage we may process the following personal information concerning you:

  • full name;
  • contact email;
  • Crypto.com account email;
  • country of residence;
  • number of followers/visits on social media platforms/channels;
  • links to websites, platforms and/or channels where the Program Activities will be performed, as defined in the Agreement;
  • targeted region where the Program Activities will be performed, as defined in the Agreement.

Access to the above personal information will be provided to carefully selected members of our team involved in the application management process.

Onboarding stage

If you are selected to be part of the Program, we will collect some additional information from you in order to prepare the contractual documentation for your engagement:

  • identity card or passport number and country of issuance;
  • resident address (including country, city, street and house or apartment number).

You do not have to provide what we ask for, but it may affect your application if you don’t.

We do not use your data for automated individual decision making, which means we do not take decisions about you by way of technological means and without personal participation.

Contractual stage

In the course of our contractual relationship we will process some additional information concerning you in order to make sure that proper account is taken regarding the rights and obligations as per our contract.

At this stage we may process the following personal information concerning you:

  • Crypto.com app wallet address;
  • details about payments to and from you;
  • other details of any transactions related to your participations in the Program.


Lawful basis for processing your personal information

Note that we may process your personal information for more than one lawful basis depending on the specific purpose for which we are using your personal information. You may contact us if you need details about the specific lawful basis we are relying on to process your personal information:

  • processing of your personal information is necessary during the Application and Onboarding stages in order to take steps at your request prior to entering into a contract (for instance, in order to administer your application);
  • processing of your personal information is necessary during the Contractual stage for the performance of our contract;
  • processing of your personal information is necessary for compliance with a legal obligation to which we are subject;
  • processing is necessary for the purposes of the legitimate interests pursued by us as contracting entity and our interests do not contradict your interests, fundamental rights or freedoms (for instance, the interest in assessing your suitability for the Program, organizing and conducting of interviews, selection of the most suitable candidates).

We do not usually need your consent for processing personal information concerning you. If we need it, we will ask for it and provide you with the respective information as required by law. Depending on the applicable data protection framework, for example, if you are a resident of the European Economic Area (“EEA”) or the United Kingdom (“UK”), you may also have the right to withdraw your consent at any time, but please note that this will not affect the lawfulness of processing based on your consent before its withdrawal.

What will we do with the information you give us?

We will use all the information you provide to manage your application with a view to assess your suitability for joining the Program, offer you a role in the Program and to fulfill legal requirements, if necessary.

We may use any feedback you provide about your application process to develop and improve our future application campaigns.

We will not share any of the personal information you provide with any third parties for marketing purposes.

How long we keep your personal information

To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

Here are some exemplary factors which we usually consider when determining how long we need to retain your personal information:

  • in the event of a complaint;
  • if we reasonably believe there is a prospect of litigation in respect to our relationship with you or if we consider that we need to keep information to defend possible future legal claims;
  • to comply with any applicable legal and/or regulatory requirements with respect to certain types of personal information:
    • under the applicable tax legislation we are obliged to retain your personal information for a period of at least 7 years after any transactions completed during our business relationship with you;
    • if information is needed for audit purposes and so forth.

For more information you may contact our Data Protection Officer at [email protected].

How we protect your personal information

We follow the necessary physical, technical and administrative security standards with the aim to protect your personal information from loss, misuse, alteration, destruction or damage, as required by law. If you want to know more about our security practice, please visit this link.

If you need more information on our security and privacy practices, we would be glad to give you more details – please contact our Data Protection Officer at [email protected]. Do not forget that you also play a major role in the process of protection of your personal information and shall observe to whom you share your personal information and how you protect your communications and devices.

Data sharing

In some circumstances, such as under a court order, we may disclose your personal information to specific categories of persons, entities, state bodies or other organizations. We may also share information about you with third parties including external auditors.

Our service providers

We use service providers in order to facilitate the management of our business. Such may be, for example, lawyers or other legal advisors – in case of disputes or in regard to other legal procedures; experts – in order to comply with our obligations; other service providers, such as IT maintenance and platforms management; other business partners.

Our service providers have access to your personal information and may use it only for the completion of the respective tasks assigned to them and based on our instructions.

Companies from our corporate group

Since we are an international business, we may need to share your personal information within our corporate group.

Data recipients upon reorganization and changes to our business

In case we are part of sale negotiations concerning our business or a part thereof, merging our business with other business, we are acquired by other business or we are subject to other kind of reorganization, we may have to share your personal information or a part thereof to the respective business or to its legal consultants as part of any due diligence process for the purposes of the analyzing of the proposed sale or reorganization.

We may need to share your personal information to the reorganized business structure or to a third structure after the reorganization has been finalized.

State bodies

If provided by law and upon compliance with the statutory provided procedure, we may share your personal information to the respective state bodies.

Do we use any data processors

Yes - a list of our current data processors can be found at Annex A – Data Processors.

Your rights in relation to this processing

As an individual you have certain rights regarding our processing of your personal information. The rights available to you depend on our reason for processing your personal information. If you need more detailed information or wish to exercise any of the rights set out below, please contact our Data Protection Officer at [email protected].

If you are an EEA resident, you may find more information on your rights here (attention: a link to a third-party website). You may make a complaint about the way we process your personal information to the supervisory authority in the EEA Member State of your habitual residence, place of work or place of the alleged infringement. Information about your supervisory authority could be found here (attention: a link to a third-party website).

If you are a UK resident, you may find more information on your rights here (attention: a link to a third-party website). You may make a complaint about the way we process your personal information to the Information Commissioner’s Office.

If you do not reside in an EEA Member State or the UK, your rights provided by law may be more limited. However, we will strive to make sure you enjoy to the maximum extent the rights available to EEA and UK residents. You may contact your local data protection regulatory authority as regards your right to make a complaint. The local data protection regulatory authority for Hong Kong is the Office of the Privacy Commissioner for Personal Data.

You may also seek a defense of legal claims before the competent court.

We would, however, appreciate the chance to deal with your concerns before you approach a data protection regulatory authority, so please feel free to contact us in the first instance.

Please also note that depending on the applicable data protection framework, we may have different time periods to respond to your request. We usually have one month for EEA and UK residents (which may be extended by two further months where necessary, taking into account the complexity and number of the requests) and we strive to comply with the same period even if the respective applicable law provides for a longer period. If the law provides for a period shorter than one month, we will act accordingly.

Transfers of personal information

We share your personal information within our group. This will involve transferring your personal information outside Hong Kong, EEA, the UK or the origin of where your personal information is collected.

We follow the specific legal framework applicable to such transfers. For example, whenever we transfer your personal information out of the EEA or the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • the country to which we transfer your personal information has been deemed to provide an adequate level of protection (attention: a link to a third-party website) for personal data by the European Commission;
  • a specific contract approved by the European Commission which gives safeguards to the processing of personal data, the so-called Standard Contractual Clauses.

Please contact our Data Protection Officer at [email protected] if you want further information on the specific mechanism used by us when transferring your personal information out of the EEA or the UK. Please also note that future changes to the Standard Contractual Clauses are expected for transfers from the UK. When this situation arises, we will comply with the guidance provided by the UK supervisory authority in this regard.

Further information

Confidential references

In the course of your application for our Program we may give or receive references about you. We usually treat such references as confidential. Please note that the personal information included in such confidential reference may be exempt from the right of access.

Annex A – Data Processors

Data processors are third parties who provide certain parts of our staff services for us. We have contracts in place with them and they cannot do anything with your personal information unless we have instructed them to do so. You may find below more specific information in this respect. If you have any additional questions in this regard, please do not hesitate to contact our Data Protection Officer at [email protected] .

Data Processor

Purpose

Privacy Notice

Google

Storage and communications

Third party link

Tableau

Data visualization

Third party link