Last Updated: July 30, 2021
Welcome to Foris Dax SG Pte. Ltd.’s Privacy Notice ("Privacy Notice").
We respect your privacy and we are committed to protecting your personal data. This Privacy Notice sets out the basis upon which Foris Dax SG Pte. Ltd. and its affiliates, and the Crypto.com family of companies (together, the "Company", "we", "us", "our", or "Crypto.com") may collect, use, disclose, manage or otherwise process personal data of our customers, in accordance with the Personal Data Protection Act 2012 of Singapore ("PDPA"), as amended from time to time, when using any of our websites, platforms, products, services or applications (collectively, the "Services") or when accessing or interacting with our mobile application ("App), site or any of Crypto.com Singapore’s websites ("Website").
This Privacy Notice applies to personal data in our possession or under our control, including personal data in the possession of organisations which we have engaged to collect, use, disclose or process personal data for our purposes.
In this Privacy Notice, the words and expressions below have the following meaning:
|As used in this Privacy Notice||Meaning|
|Crypto.com Singapore||means Foris Dax SG Pte. Ltd., its related corporations, companies, affiliates, subsidiaries and/or Crypto.com family of companies.|
|customer||means an individual who:
|personal data||means data, whether true or not, about a customer who can be identified:
|you, your or yours||means the persons to whom this Privacy Notice applies including customer.|
Other terms used in this Privacy Notice shall have the meanings given to them in the PDPA (where the context so permits).
This Privacy Notice aims to give you information on how we collect and process your personal data when you visit our Website, or through your use of the Services and any personal data you may provide when you register for or use the Services, sign up for alerts or newsletters, contact us with a question or request for help, participate in any renewals, promotions or surveys.
The Website and the Services are not intended for minors below 18 and we do not knowingly collect data relating to minors.
It is important that you read this Privacy Notice together with any other privacy policies or fair processing notices, we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Privacy Notice supplements other policies and privacy notices and is not intended to override them.
The Website and App may include links to third-party websites, plug-ins and applications ("Third Party Websites"). Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these Third-Party Websites and are not responsible for their privacy statements. When you leave our Website or App, we encourage you to read the privacy notice of every Third Party Website you visit or use.
We collect information from you when you access or use the Services, or when you interact with our website or mobile applications, including without limitation during your account registration process, when you make deposits, withdrawals, transfers, or trades on your account, when you access or use the Services, sign up to receive email updates, fill out any forms, complete surveys, interact with customer service, or when you otherwise communicate with us. In addition to the above, if you are using the Services on behalf of a corporation or other legal entity, we will collect all the information you provide to us. Depending on the nature of your interaction with us, some examples of personal data which we may collect, use, process, manage, store and transfer about you include:
|Category of personal data||Details of personal data|
|Marketing and Communications Data||
As explained above under Identity Data, we will also collect a visual image of your face which we will use, in conjunction with our sub-contractors, to check your identity for onboarding purposes. When we ask to collect a visual image of your face you will be asked for your specific consent. You can refuse to provide this, but it means that we will be unable to register you and provide you with the Services.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific Website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Notice.
If you refuse to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you refuse to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you the Services). In this case, we may have to cancel the Services you have with us, but we will notify you if this is the case at the time.
We generally do not collect your personal data unless:
- it is provided to us voluntarily by you directly or by organisations which have engaged us to provide the Services to you or via a third party who has been duly authorized by you to disclose your personal data to us (your "authorized representative") after you (or your authorized representative) or the organization which have engaged us to provide the Services to you:
- have been notified of the purposes for which the data is collected or processed, and
- have provided written consent to the collection, processing and usage of your personal data for those purposes, or
- collection, processing and use of personal data without consent is permitted or required by the PDPA or other laws.
We shall seek your consent or an undertaking from the organization which have engaged us to provide the Services to you that you have consented before collecting or processing any additional personal data and before using your personal data for a purpose which has not been notified to you (except where permitted or authorised by law).
Depending on the nature of your interaction with us, we may collect information from and about you from various sources including through:
Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms, providing a visual image of yourself via the Services, by email or otherwise. This includes personal data you provide when you:
- apply for the Services;
- create an account;
- subscribe to the Services or publications;
- make use of any of the Services;
- request marketing to be sent to you;
- enter a competition, promotion or survey; or
- give us feedback or contact us.
Third parties or publicly available sources. We also obtain information about you from third parties (such as employers, credit reference agencies and fraud prevention agencies) who may check your personal data against any information listed on other databases.
We may collect, process, manage and/or use your personal data for any or all of the following purposes:
- registering you as our new customer or user in connection with your request;
developing and providing the Services (whether made available by us or through us) and any App features, including but not limited to:
- executing the Services, commercial or other transactions and requests;
- carrying out research, planning and statistical analysis;
- analytics for the purposes of developing our websites, products, services, security, service quality, advertising or customization strategies; or
- delivering relevant Website content and advertisements to you and measuring or assessing the effectiveness of the advertising we serve;
- performing obligations in the course of or in connection with our provision of the Services requested by you
- enforcing obligations owed to us;
- verifying your identity before providing the Services, or responding to any of your queries, applications, requests, feedbacks and complaints;
- conducting credit checks, screenings or due diligence checks as may be required under applicable law, regulation or directive;
- responding to, handling, assessing and processing applications, instructions, requests, queries, complaints, and feedback from you or our customers;
- complying with any applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority;
- managing your relationship with us or the organisation which have engaged or partnered with us;
- managing, processing, collecting and/or transferring payment or credit transactions;
- monitoring the Services provided by or made available through us;
- communicating with you, including providing you with updates on changes to the Services (whether made available by us or through us) including any additions, expansions, suspensions and replacements of or to such Services and their terms and conditions;
- sending you marketing information about the Services including notifying you of our marketing events, initiatives and promotions, membership and rewards schemes and other promotions;
- managing our business operations and complying with internal policies and procedures;
- reporting purposes including regulatory reporting, management reporting, audit and record keeping purposes;
- administering and protecting our business, Website and App(s) including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data;
- any other purposes for which you have provided the information;
- transmitting to any unaffiliated third parties including our third-party service providers and agents, and relevant governmental and/or regulatory authorities, whether in Singapore or abroad, for the aforementioned purposes;
- to enable you to partake in a prize draw, competition or complete a survey;
- for purposes set out in the terms and conditions that govern our relationship with you or our customer; and
- any other incidental business purposes related to or in connection with the above.
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.
Promotional offers from us
We may use your Identity, Contact, Technical, Transactional, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).
You will receive marketing communications from us if you have requested information from us or purchased from us and you have not opted out of receiving that marketing.
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you.
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product / service purchase, warranty registration, product / service experience or other transactions.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
The purposes listed above may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any contract with you).
We identify to whom, and for what purposes, we disclose your personal data, at the time we collect such data from you and obtain your consent to such disclosure.
We may disclose your personal data and other information we collect with other Crypto.com entities and non-Crypto.com third parties as follows or as otherwise described herein or to you:
- where such disclosure is required for performing obligations in the course of or in connection with the provision of the Services requested by you;
- to organisations which have engaged us to perform any of the functions or purposes listed above for and on their behalf pursuant to your request; or
- to our employees, officers, third-party service providers, agents, subcontractors, and other associated organisations, our group companies and affiliates in so far as reasonably necessary for the purposes set out herein including to complete tasks, provide the Services to you on our behalf, and otherwise fulfill our obligations.
If we do disclose, we will require such employees, officers, third-party service providers, agents, subcontractors, and other associated organizations, our group companies and affiliates to respect the security of your personal data and to treat it in accordance with the applicable law. We do not allow them to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We may pass your personal data to the following entities:
- companies and organisations that assist us in processing, verifying or refunding transactions you make via our App or the MCO Visa Card and in providing any of the Services that you have requested;
- identity verification agencies to undertake required verification checks;
- fraud prevention agencies to help fight against financial crime including fraud, money-laundering and terrorist financing;
- mobile application developers;
- organisations which assist us with customer service facilities;
- anyone to whom we lawfully transfer or may transfer our rights and duties under the relevant Terms & Conditions governing the use of any of the Services;
- any third party as a result of any restructure, sale or acquisition of our group or any Affiliates, provided that any recipient uses your information for the same purposes as it was originally supplied to us and/or used by us; and
- regulatory and law enforcement authorities, whether they are outside or inside of the EEA, where the law allows or requires us to do so.
We may transfer, store, process and/or deal with your personal data outside Singapore as we may share your personal data within Crypto.com Group and/or to other external third party service providers, as the case maybe, which will involve transferring your personal data outside Singapore or the origin of where your personal data is collected.
In any event, we will comply with PDPA and other applicable data protection and privacy laws and we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of Singapore.
Under certain circumstances, you have rights under the PDPA in relation to your personal data.
Access to and correction of personal data
If you wish to make:
- an access request for access to a copy of the personal data which we hold or process about you or information about the ways in which we use, process or disclose your personal data; or
- a correction request to correct or update any of your personal data which we hold or process about you, you may submit your request in writing or via email to our Data Protection Officer at the contact details provided below.
Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.
We will respond to your request as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).
As a security measure to ensure that personal data is not disclosed to any unauthorized person, we may need to request some personal data or information so that we can verify your identity when you request access to your personal data. We may also contact you to ask you for further information in relation to your request to speed up our response.
Withdrawing your consent
The consent that you provide for the collection, use, processing and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop using, processing and/or disclosing your personal data for any or all of the purposes listed above by submitting your request in writing or via email to our Data Protection Officer at the contact details provided below. Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within thirty (30) business days of receiving it.
Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing the Services which you have requested and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing in the manner described herein.
Please note that withdrawing consent does not affect our right to continue to collect, use, process and/or disclose personal data where such collection, use, processing and/or disclosure without consent is permitted or required under applicable laws.
To safeguard your personal data from unauthorized access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical, security and technical measures such as up-to-date antivirus protection, encryption and the adoption of privacy filters to secure all storage and transmission of personal data by us, and disclosing personal data both internally and to our authorized third party service providers and agents only on a need-to-know basis.
Depending on the nature of the risks presented by the proposed processing of your personal data, we will have in place the following appropriate security measures:
- organisational measures (including but not limited to staff training and policy development);
- technical measures (including but not limited to physical protection of data, pseudonymization and encryption); and
- securing ongoing availability, integrity and accessibility (including but not limited to ensuring appropriate back-ups of personal data are held).
You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.
We have put in place procedures to deal with any suspected personal data breach and will notify you and/or PDPC of a breach where we are legally required to do so.
We generally rely on personal data provided by you (or your authorized representative). In order to ensure that your personal data is current, complete and accurate, please update us if there are changes to your personal data by informing our Data Protection Officer in writing or via email at the contact details provided below.
We may retain your personal data for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
We will cease to retain your personal data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected, and is no longer necessary for legal or business purposes.
We have appointed a Data Protection Officer (DPO) who is responsible for overseeing enquiries in relation to this Privacy Notice. If you have any enquiries or feedback about this Privacy Notice, our privacy practices or if you wish to make any request pertaining to your rights in respect of your personal data, please contact our DPO Team in the following manner:
Email: [email protected]
This Privacy Notice applies in conjunction with any other notices, contractual clauses and consent clauses that apply in relation to the collection, use, disclosure, management and processing of your personal data by us.
We may revise this Privacy Notice from time to time without any prior notice. You may determine if any such revision has taken place by referring to the date on which this Privacy Notice was last updated. Your continued use of the Services constitutes your acknowledgement and acceptance of such changes.