1. Statement of Policy
Cryptosx as a subsidiary of First Bullion Holding, INC. is committed to protect and respect your personal data privacy. We are at the forefront of not only implementing but complying with the Data Privacy Act of 2012. We will provide individuals a Personal Information Collection Statement in an appropriate format and manner whenever we collect personal data from them (i.e. in the Sign Up page of our website, footer of our website, webpages where we collect personal data or in a notice posted at the reception area of Cryptosx events where participants’ personal data is collected in any form).
2. Definition of Terms
“Data Subject” – refers to an individual whose personal, sensitive personal or privileged information is processed by the organisation. It may refer to officers, employees, consultants, and clients of this organisation.
“Personal Information” – refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.
“Processing” refers to any operation or any set of operations performed upon personal information including, but not limited to, the collection, recording, organisation, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data.
3. Information Collection and Usage
We want you to understand the types of information we collect when you register for and use Cryptosx’s services. We collect the following personal information from you when you manually or electronically sign up and register as an user on our website, via your use of our service where you have given your consent. This may include:
3.1 Information you provide to us at registration
When you create a Cryptosx Account, you provide us with personal information that includes your contact information (Email Address, name, and a password). You can also choose to add a phone number for SMS or Google Authenticator account to be used for 2FA verification for improved security.
3.2 Information we collect when authenticating user identity
To comply with global industry regulatory standards including Anti-Money Laundering (AML), Know-Your-Customer (KYC), and Counter Terrorist Financing (CTF), Cryptosx requires user accounts to undergo user identity authentication for both Personal & Enterprise-level accounts. This entails collecting formal identification.
3.3 Service Usage Information
Through your use of the Cryptosx platform, we also monitor and collect tracking information related to usage such as access date & time, device identification, operating system, browser type and IP address. This information may be directly obtained by Cryptosx or through third party services. This service usage data helps us our systems to ensure that our interface is accessible for users across all platforms and can aid during criminal investigations.
3.4 Transaction Information
For all personal and enterprise user accounts, we collect transaction information including deposit snapshots, account balances, trade history, withdrawals, order activity and distribution history. This transaction data is monitored for suspicious trading activity for user fraud protection, and legal case resolution.
3.5 Usage of your Personal Information
- to provide and maintain our services
We use the information collected to deliver our services and verify user identity. We use the IP address and unique identifiers stored in your device’s cookies to help us authenticate your identity and provide our service. Given our legal obligations and system requirements, we cannot provide you with services without data like identification, contact information and transaction-related information.
- to protect our users
We use the information collected to protect our platform, users’ accounts and archives. We use IP addresses and cookie data to protect against automated abuse such as spam, phishing and Distributed Denial of Service (DDoS) attacks. We analyse trading activity with the goal of detecting suspicious behaviour early to prevent potential fraud and loss of funds to bad actors.
- to comply with legal and regulatory requirements
Respect for the privacy and security of data you store with Cryptosx informs our approach to complying with regulations, governmental requests and user-generated inquiries. We will not disclose or provide any personal information to third party sources without review from our legal case team and/or prior consent from the user.
- to measure site performance
We actively measure and analyse data to understand how our services are used. This review activity is conducted by our operations team to continually improve our platform’s performance and to resolve issues with the user experience.
We continuously monitor our systems’ activity information and communications with users to look for and quickly fix problems.
- to communicate with you
We use personal information collected, like an email address to interact with users directly when providing customer support on a ticket or to keep you informed on log ins, transactions, and security. Without processing your personal information for confirming each communication, we will not be able to respond to your submitted requests, questions and inquiries. All direct communications are kept confidential and reviewed internally for accuracy.
- to enforce our Terms and Conditions and other agreements
It is very important for us and our customers that we continually review, investigate and prevent any potentially prohibited or illegal activities that violate our Terms and Conditions. For the benefit of our entire user base, we carefully enforce our agreements with third parties and actively investigate violations of our posted Terms and Conditions. Cryptosx reserves the right to terminate the provision of service to any user found engaging in activities that violate our Terms and Conditions.
4. Disclosing and Transferring Personal Data
We may disclose your Personal Data to third parties and legal and regulatory authorities, and transfer your Personal Data outside the Philippines, as described below.
4.1 Disclosure to Third Parties
There are certain circumstances where we may transfer your personal data to employees, contractors and to other parties.
- We may also share your information with certain contractors or service providers. They may process your personal data for us, for example, if we use a marketing agency. Other recipients/service providers include advertising agencies, IT specialists, database providers, backup and disaster recovery specialists, email providers or outsourced call centres. Our suppliers and service providers will be required to meet our standards on processing information and security. The information we provide them, including your information, will only be provided in connection with the performance of their function;
- We may also share your information with certain other third parties. We will do this either when we receive your consent or because we need them to see your information to provide products or services to you. These include credit reference agencies, anti-fraud databases, screening agencies and other partners we do business with.
4.2 Disclosure to Legal Authorities
- disclose your information to yourself or a third party with your consent.
- disclose your information with your consent so that you may use products or services.
- disclose or share your information to comply with our legal obligations to authorities stipulated by laws and regulations, including without limitation to, administrative authorities and financial authorities.
- when we believe, in our sole discretion, that the disclosure of your information is necessary to prevent physical harm or financial loss, to report suspected illegal activity, or to investigate violations of or enforce our user agreements or other policies and agreements.
4.3 International Data Transfer
We store and process your Personal Data in data centres around the world, wherever Cryptosx facilities or service providers are located. As such, we may transfer your Personal Data outside of the Philippines. Some of the countries to which your personal data may be transferred for these purposes that are located outside the Philippines do not benefit from an adequacy decision issued by the National Privacy Commission regarding protection afforded to personal data in that country.
Such transfers are undertaken in accordance with our legal and regulatory obligations and appropriate safeguards under Data Privacy Act of 2012. will be implemented, such as standard data protection clauses with data recipients or processors approved by competent authorities. A copy may be requested at the address set out in the Contact Us section.
5. Your Statutory Rights
Under RA10173, people whose personal information is collected, stored, and processed are called data subjects. Organisations who deal with your personal details, whereabouts, and preferences are duty-bound to observe and respect your data privacy rights.
- The right to be informed
As a data subject, you have the right to be informed that your personal data will be, are being, or were, collected and processed.
- The right to access
Under the Data Privacy Act of 2012. You have the right to ask for a copy of any personal information we hold about you, as well as to ask for it to be corrected if you think it is wrong. To do so, please contact our Data Privacy Officer by sending an email with title “Personal Data Request” to email@example.com.
- The right to erasure
you are entitled to ask us to delete or remove personal data in certain circumstances. There are also certain exceptions where we may refuse a request for erasure, for example, where the personal data is required for compliance with law or in connection with claims.
- The right to object
You can exercise your right to object if the personal data processing involved is based on consent or on legitimate interest. When you object or withhold your consent, the PIC should no longer process the personal data, unless the processing is pursuant to a subppoena, for obvious purposes (contract, employer-employee relationship, etc.) or a result of a legal obligation.
- The right to damages
You may claim compensation if you suffered damages due to inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorised use of personal data, considering any violation of your rights and freedoms as data subject.
- The right to rectify
You have the right to dispute and have corrected any inaccuracy or error in the data a personal information controller (PIC) hold about you. The PIC should act on it immediately and accordingly, unless the request is vexatious or unreasonable. Once corrected, the PIC should ensure that your access and receipt of both new and retracted information. PICs should also furnish third parties with said information, should you request it. To do so, please contact our Data Privacy Officer by sending an email with title “Personal Data Update” to firstname.lastname@example.org.
- The right to data portability
This right assures that you remain in full control of your data. Data portability allows you to obtain and electronically move, copy or transfer your data in a secure manner, for further use. It enables the free flow of your personal information across the internet and organisations, according to your preference. This is important especially now that several organisations and services can reuse the same data. At Cryptosx, you have full control of your data. Simply go to “User Settings” tab to download your transaction reports.
- The right to complaint
If you feel that your personal information has been misused, maliciously disclosed, or improperly disposed, or that any of your data privacy rights have been violated, you have a right to file a complaint with the NPC by sending an email with title “Data Complaints” to email@example.com.
6. Protection of your Personal Data
Cryptosx has implemented a number of security measures to ensure that your information is not lost, abused, or altered. Our data security measures include, but are not limited to: PCI Scanning, Secured Sockets Layered encryption technology, internal data access restrictions, and strict physical access controls to buildings & files. Please note that it is impossible to guarantee 100% secure transmission of data over the Internet nor method of electronic storage. As such, we request that you understand the responsibility to independently take safety precautions to protect your own personal information.
If you suspect that your personal information has been compromised, especially account and/or password information, please lock your account and contact Cryptosx Data Privacy Officer (DPO) via email: firstname.lastname@example.org with title “Data Breach”.
7. Retention of your Personal Data
- How long you have been a Cryptosx member;
- whether there are contractual or legal obligations that exist that require us to retain the data for a certain period of time;
- whether there is any ongoing legal or financial claim that relates to your relationship with us;
- whether any applicable law, statute, or regulation allows for a specific retention period; and;
- what the expectation for retention was at the time the data was provided to us.
In accordance with our record keeping obligations, we will retain Account and other Personal Data for at least five years (and some up to ten years, as required by applicable law) after an Account is closed.
9. Final Notes
10. Contact Us