Last updated: October 25th, 2018
Personal data: means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location, data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use , disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Consent: any freely given, specific, informed and unambiguous indication of the user’s (data subject or you) wishes by which he or she, by statement or a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Cryptology collects information necessary to fulfill legal obligations in regards to the services provided to you and to engage into a contract for our services with you (. When registering on Cryptology’s Website or mobile applications (collectively, the “Platform”), you will be required to input personal identifiable information. Cryptology collects this information for the purpose to comply with “Know Your Customer” (“KYC”) and “Anti-Money Laundering” (“AML”) policies, standards, and regulations. The information that Cryptology collects from you in this sense is further detailed on the AML Policy.
The information collected for the purpose of identifying you is processed by Cryptology, including, but not limited to, its officers, employees, associates and/or affiliates. The information collected for KYC and AML compliance may be referred to third party contractors that provide risk management, due diligence, and/or compliance services, depending on the relationship nature with you, your country of origin, and volume of deposits or transactions. Likewise, suspicious or abnormal activity on the Platform may be subject to enhanced compliance measures that may include the transferring of information to third party contractors.
In accordance with the previous paragraph, Cryptology may seek to obtain information about you from third party sources as long as this information is publicly available; where the collection is necessary for any investigation or proceedings; and/or where the collection is necessary for evaluative purposes, in accordance with the Second Schedule of the PDPA.
Under no circumstances will Cryptology collect or process personal information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a nature person, data concerning health or data concerning your sex life or sexual orientation.
Withdrawal of consent §16. Your personal data will be deleted as far as it is not needed to comply with applicable law. Upon your withdrawal of consent or closing of your account, Cryptology will only maintain information necessary to comply with the current AML regulations in Singapore.
Cryptology has a regulatory obligation to effectively comply with AML regulations and other applicable laws of Singapore, in that sense, Cryptology may disclosure of personal data without your consent in accordance with the Fourth Schedule of the PDPA.
You have the right to request Cryptology for the personal data about you that is in Cryptology’s possession or control. However, Cryptology reserves the right to deny your request on the grounds of §21(3) of the PDPA. Cryptology will provide you with the information in writing by electronic means within one month from receiving the request.
You have the right to request Cryptology to correct an error or omission in your personal data, unless Cryptology is not satisfied on reasonable grounds that the correction should be made and shall be treated in accordance with §22(5) of the PDPA. Moreover, if your request to correct your personal data falls within the categories of the Sixth Schedule of the PDPA, Cryptology may not allow a correction on your personal data.
You have the right to request Cryptology to delete the information or personal data concerning you, where you will no longer use our services or access to the Platform or your account. However, Cryptology will maintain information or personal data for a period of 5 years from the date of termination of the relationship between you and Cryptology, to comply with any requirement from governmental authorities.
Cryptology is committed to protecting any information or personal data that is submitted by you on its Website and mobile applications. Cryptology has implemented security arrangements to prevent unauthorized access, collection, use, disclosure, copying, modification, disposal or similar risks. We have a “Two Factor Authentication” (2FA) mechanism in our website and we have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to some employees, agents, contractors and other third parties who do not require to process your personal data.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Cryptology will implement reasonable effort to ensure that the personal data is accurate and complete.
When transferring your data to authorized external processors for KYC or AML purposes, Cryptology has adhered to commit these third party contractors to only act on the written instructions of Cryptology; ensure that people processing the data are subject to a duty of confidence; take appropriate measures to ensure the security of the processing; your rights will not be impaired; the security of processing, the notification of data breach and data protection impact will not be impaired; deletion or return of all data as requested at the end of the contract with such third party.