Privacy Policy

Cryptobanco (“Cryptobanco”, “we”, “our”, “us”) – company provides a platform that works in cooperation with crypto/virtual asset and fiat payment service providers to deliver secure cryptocurrency payment solutions designed for online businesses. The platform integrates advanced fraud prevention tools and maintains 24/7 operational availability to ensure continuous and reliable business operations. Cryptobanco is responsible for the collection, processing and use of your personal data within the meaning Art. 4 No. 7 GDPR, US data protection laws and privacy laws in the jurisdictions where Cryptobanco operates or where Site https://cryptobanco.com/ (the “Website”) or Platform are accessed.

Definitions

Data Controller – Cryptobanco;

Personal data – any information relating to an identified or identifiable natural person (“Data Subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to:

  • identifiers such as name, surname, date of birth, nationality, citizenship, identification number, tax number, passport/ID number, residence address, telephone number, and e-mail address;
    online identifiers such as IP address, cookies, device identifiers, login credentials, blockchain wallet address (where it can be linked to an identifiable person), or other digital identifiers connected with the use of our Website or Services;
  • financial and transactional information, including source of funds, purpose of payment, transaction history, turnover, incoming/outgoing payments, counterparties, currencies or digital assets used, wallet addresses, and related business activity data;
  • professional and corporate information where such data relates to a natural person (for example: role or position within a company, representative rights, shareholder or ultimate beneficial owner (UBO) status, contact details of directors, employees, or associates);
  • documentation and verification data such as copies of identification documents, proof of address, licenses, certificates, declarations of beneficial ownership, trust declarations, or other compliance materials collected for KYC/AML purposes;
  • factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Processing – any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collecting, recording, organizing, structuring, storing, adapting or modifying, retrieving, consulting, using, disclosing by transmission, disseminating or otherwise making available, matching or combining, restricting, deleting or destroying.

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

CCPA/CPRA – a state-level privacy law that gives consumers the right to know, access, delete, and control how their personal data is used by businesses. (California Consumer Privacy Act/California Privacy Rights Act).

PIPEDA (Personal Information Protection and Electronic Documents Act) – a Canadian federal law that governs how private sector organizations collect, use, and disclose personal information in the course of commercial activities.

CalOPPA (California Online Privacy Protection Act) – a foundational state law that requires websites and online services to post a clear privacy policy, disclose their data collection practices, and state how users can control their information.

VCDPA (Virginia Consumer Data Protection Act) – a state-level privacy law that gives Virginia residents the right to access, delete, correct, and obtain a copy of their personal data, and to opt out of data sales, profiling, and targeted advertising.

UCPA (Utah Consumer Privacy Act) – a state-level privacy law that grants Utah consumers the right to access and delete their personal data, as well as opt out of targeted advertising and data sales.

CIS – Commonwealth of Independent States.

Website – website run by us at https://cryptobanco.com/;

User – any person visiting the Website or using the services or functionalities described in this Privacy Policy.

Acceptance of This Privacy Policy

By using our Website (whether or not you register or create any kind of account with us), you agree to accept the terms set forth in this Privacy Policy as well as in the Terms & Conditions. Anyone that does not agree to the terms of this Privacy Policy and the Terms & Conditions, should not use Our Website. You agree that your only recourse should you not agree to the terms of this Privacy Policy and the Terms & Conditions shall be to discontinue using our Services and visiting our Website. By using our Services, you consent to having your Personal Data transferred to and processed by us and our third party vendors.

Consent

By using our Website and/or Services you consent to our Privacy Policy, as well as the limitation of liability, dispute resolution procedures, refund policy and all the other Terms & Conditions that form a binding agreement between you and us.

Privacy Statement

We shall be considered a data owner and Data controller in relationships with Data Subjects. We acknowledge the privacy of natural persons and make efforts to protect them against any unlawful Processing by applying relevant technical and organizational measures to protect Personal Data of natural persons in accordance with the effective legislation. Although we will make reasonable efforts to ensure safe Processing, we cannot guarantee it to be 100% secure and risk-free and you acknowledge and accept such risks.

We process Personal Data in a way that assures appropriate level of security, including protection against unauthorized Processing, destruction, accidental loss, or damage, while applying suitable organizational and technical measures under industry standards and in compliance with the following principles:

(1) lawfully, fairly and transparently;
(2) Processing is specified, explicit and only for legitimate purposes; Processing is adequate, relevant and limited to necessary purpose; accurate and kept up to date; limitation of the storage for periods not longer than necessary; Processing is done and the Personal Data is held in a manner that ensures appropriate security of the Personal Data.

When it comes to Processing, we will not discriminate against Data Subject rights.

We do not knowingly process Personal Data that relates to, or reveals, racial or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership, genetic or biometric data, or data concerning the health, sex life or sexual orientation of the natural person.

We apply the following principles in order to protect your privacy: (a) we will not sell or lease your Personal Data to third parties; and (b) any Personal Data that you provide to us will be secured with industry-standard safety protocols and technology.

Purpose and Legal Basis for Processing

We process personal data based on one or more of the following legal bases:

1. Consent
We may process your personal data when you have given us explicit consent to do so for a specific purpose (for example, to receive marketing communications or participate in optional features of our Services).
You may withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal. Consent must be freely given, informed, and unambiguous.

2. Performance of a Contract
We process your personal data when it is necessary to perform our contractual obligations to you or to take steps at your request before entering into a contract.
This includes using your data to create and maintain your account, process payments, verify your identity, provide access to our platform, and deliver related customer support.

3. Legal Obligations
We may process your personal data when required to comply with applicable laws and regulations.
This includes obligations related to anti-money laundering (AML), counter-terrorist financing (CTF), fraud prevention, tax reporting, recordkeeping, and cooperation with competent authorities, regulators, or courts.

4. Vital Interests
We may process your personal data where necessary to protect your vital interests or those of another person — for example, in emergencies affecting safety or data security.

5. Public Task or Official Authority
Where applicable, we may process personal data in the exercise of official authority or to perform a task carried out in the public interest, if required by law or regulation.

6. Legitimate Interests
We may process personal data based on our legitimate interests or those of a third party, provided such interests are not overridden by your fundamental rights and freedoms.

Our legitimate interests may include:

  • protecting our platform and users from fraud or abuse;
  • maintaining the security and integrity of our systems;
  • performing internal analytics, risk management, and business improvement;
  • marketing and communication consistent with your preferences;
  • collaborating with crypto service providers and partners to facilitate secure transactions.

Links to Other Websites

The Website may contain links to other websites of interest. However, once you have used these links to leave the Website, you should note that we do not have any control over that other website. Therefore, you agree to accept such risks and not hold us responsible for the protection and privacy of any information which you provide while visiting such sites and you understand such sites are not governed by this Privacy Policy. You should exercise caution and look at the privacy statement applicable to the website in question.

Response Timing and Format

We shall respond to the verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform the Data Subject of the reason and extension period in writing. The response is free of charge unless it is excessive, repetitive, or manifestly unfounded.

Cross-Border Data Transfers

In certain instances, personal data may be transferred to jurisdictions outside the country of residence of the data subject, including to jurisdictions that may not offer an equivalent level of data protection. In such cases, we take appropriate steps to safeguard personal data, including:

Standard Contractual Clauses (SCCs): We may implement SCCs approved by the European Commission to ensure that personal data transferred outside of the European Economic Area (EEA) is afforded an equivalent level of protection.

Adequacy decisions: Where applicable, we may rely on adequacy decisions issued by the relevant data protection authorities to transfer personal data to jurisdictions deemed to provide an adequate level of protection.

Binding Corporate Rules (BCRs): In some instances, we may rely on BCRs for intra-group transfers of personal data, ensuring that consistent data protection standards are adhered to across our global operations.

We ensure that adequate safeguards are in place to protect your personal data when it is transferred to another jurisdiction.

Retention Period

Your Personal Data will be kept for as long as is necessary to provide you with the requested service. When your Personal Data is no longer necessary to deliver the requested service, the Company will delete it as soon as possible, unless retaining your Personal Data is required by law for a certain period of time (e.g., for accountancy records).

Age Limitations

We have no official right to collect any private information from persons who are not 18 yet. It is strictly prohibited to the Users under 18 to use Our Website and any of the Services offered by Our Company. As soon as We find out that the information presented by the User is not eligible because of the age limits, it will promptly be erased. We bear no responsibility in case if You are not old enough to use the Website. You must be of legal age to be in line with Our Privacy Policy, as well as with Our Terms and Conditions.

Alert Us in case one of Your children under 18 is using Our Website trying to get access to our services. We’ll take measures to block access to Our Website from Your IP address. All affiliate websites cooperating with Our Company will be blocked for your child as well.

Your Rights

According to the EU/EEA law (General Data Protection Regulation) you have various rights regarding your personal data.

Your Rights Under EU/EEA laws (GDPR)

Right to acknowledgement and access
You have the right to receive confirmation from Us at any time as to whether personal data relating to you will be processed. If this is the case, you have the right to request from us free of charge information about the personal data stored about you together with a copy of this data.

If personal data are transferred to a third country or an international organization, you have the right to be informed of the appropriate guarantees in accordance with GDPR in connection with the transfer.

Right to correction
You have the right to request Us to correct any inaccurate personal data concerning you without delay.

Right for cancellation (“Right for oblivion”)
As a pursuant under GDPR, you have the right to demand that we delete personal data concerning you without delay, and we are obliged to delete personal data without delay if one of the following reasons applies:
1. personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
2. you file an objection to the processing pursuant to GDPR, and there are no overriding legitimate grounds for the processing, or you file an objection to the processing pursuant under conditions of GDPR.
3. you withdraw your consent, on which the processing was based pursuant according to GDPR, and there is no other legal basis for the processing.
4. the deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the Member States to which we are subject.

Right to limitation of processing
You have the right to request Us to restrict processing if one of the following conditions is met:

1. you dispute the accuracy of your personal data for a period of time that enables us to verify the accuracy of your personal data;
2. the processing is unlawful, and you have refused to delete the personal data and have instead requested the restriction of the use of the personal data;
3. We no longer need the personal data for the purposes of processing, but you do need the data to assert, exercise or defend legal claims, or
4. you have filed an objection against the processing pursuant according to GDPR, as long as it is not yet clear whether the justified reasons of our company outweigh yours.

Right to transferability of data
You have the right to receive the personal data concerning you that you have provided to us in a structured, current and machine-readable format, and you have the right to transmit this data to another person in charge without our interference, provided that
1. processing is based on consent or on a contract pursuant according to conditions of GDPR and US data protection laws.
2. processing is carried out using automated methods. When exercising your right to data transferability in accordance with paragraph 1, you have the right to request that the personal data be transferred directly by us to another person responsible, insofar as this is technically feasible.

Right of objection
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you on the basis of GDPR and US data protection laws; this also applies to profiling based on these provisions. We no longer process personal data unless we can prove compelling grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If We process personal data for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising.

You have the right to object to the processing of personal data concerning you, for scientific or historical research purposes or for statistical purposes in accordance with GDPR and US data protection laws, for reasons arising from your particular situation, unless the processing is necessary to fulfill a task in the public interest.

Automated decisions including profiling
You have the right not to be subject to a decision based exclusively on automated processing – including profiling – that has legal effect against you or significantly impairs you in a similar manner. An automated decision making based on the collected personal data does not take place.

Right to revoke consent under data protection law
You have the right to revoke your consent to the processing of personal data at any time.

Right of appeal to a supervisory authority
You have the right of appeal to a supervisory authority.

In particular, if you have EU/EEA residentship, and have a concern about our practices concerning the processing of Personal Data that we are not able to resolve, you have the right to lodge a complaint with the data protection authority where you reside or in which you work, or in which the alleged infringement occurred, each as applicable, or by contacting the authority for such issues, at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

If you are located in CIS: the Republic of Kazakhstan, Republic of Armenia, Republic of Uzbekistan, Republic of Tajikistan, Republic of Azerbaijan, Kyrgyz Republic, you are entitled to specific personal data protection rights under your local laws, including:

  • Kazakhstan: Law “On Personal Data and Their Protection” (2013)
  • Armenia: Law “On Personal Data Protection” (in force since 2015)
  • Uzbekistan: Law “On Personal Data” (2019, last amended 2021)
  • Tajikistan: Law “On Personal Data”, adopted in (2018)
  • Azerbaijan: Law “On Personal Data” (2010)
  • Kyrgyzstan: Law “On Personal Information” (2008)

We fully respect these rights and provide mechanisms to support their exercise

Your Right under CIS Region Data Protection Laws

1. Right to Be Informed
You have the right to receive clear and complete information about identity of the data controller, the purposes and legal basis of processing, the type of personal data collected, who will have access to your data

2. Right to Access
You have the right to request:

  • Confirmation whether your personal data is being processed
  • Access to that data
  • Information about the source of the data and any recipients

3. Right to Rectification
You have the right to request correction, updating, or clarification of inaccurate or incomplete data.

4. Right to Erasure (Right to Be Forgotten)
You have the right to request that your personal data be deleted if:

  • It is no longer necessary for the purpose for which it was collected
  • Processing is unlawful
  • You withdraw your consent and no other lawful basis applies

5. Right to Withdraw Consent
If processing is based on your consent, you have the right to withdraw it at any time. Withdrawal does not affect the legality of prior processing.

6. Right to Object
You have the right to object to the processing of your personal data when:

  • Processing is not required by law
  • Data is used for direct marketing or profiling purposes

7. Right to Restrict Processing
In countries like Armenia, you may request a temporary restriction on processing if:

  • You contest the accuracy of the data
  • Processing is unlawful but you oppose deletion

8. Right to Data Portability
In some cases, you have the right to request your personal data in a machine-readable format to transfer it to another controller.

9. Right to File a Complaint
You have the right to lodge a complaint with us, the data protection authority where you reside or in which you work, or in which the alleged infringement occurred, each as applicable, or by contacting the authority for such issues.

10. Right to Compensation
You have rights to be entitled to compensation for damages caused by unlawful data processing, as recognized in most CIS countries.

Your Rights under Asian Data Protection Laws

Depending on your country of residence within Asia, you may be entitled to exercise some or all of the following rights under applicable data protection and privacy laws:

Right to Be Informed
● You have the right to receive clear and transparent information about:
● The identity and contact details of the Data Controller;
● The purposes and legal basis of processing;
● The categories of personal data collected;
● The recipients or categories of recipients with whom your data may be shared.

Right to Access
● You have the right to request:
● Confirmation whether your personal data is being processed;
● Access to that data in a reasonable format;
● Information about the source of the data and how it is used.

Right to Rectification / Correction
You have the right to request correction, updating, or clarification of inaccurate or incomplete personal data held about you.

Right to Erasure (“Right to Be Forgotten”)
You may request deletion of your personal data where:
● It is no longer necessary for the purposes for which it was collected;
● Processing is unlawful;
● You withdraw consent (where consent is the lawful basis) and no other legal ground applies;
● Local law recognizes erasure as a specific right (e.g., India, South Korea, Japan).

Right to Withdraw Consent
Where processing is based on your consent, you have the right to withdraw it at any time. Withdrawal does not affect the lawfulness of processing carried out before such withdrawal.

Right to Object to Processing
You may object to the processing of your personal data in certain circumstances, for example:
● If the processing is not required by law;
● If your data is being used for direct marketing, profiling, or automated decision-making.

Right to Restrict Processing
In some jurisdictions (e.g., Singapore, South Korea), you may request temporary restriction of processing where:
● You contest the accuracy of the data;
● Processing is unlawful but you object to deletion;
● The controller no longer needs the data, but you require it for legal claims.

Right to Data Portability
In certain jurisdictions (e.g., India, Singapore, Japan), you may request a copy of your personal data in a structured, commonly used, and machine-readable format, and where technically feasible, have it transmitted to another data controller.

Right to File a Complaint
You have the right to lodge a complaint with us and/or with the relevant data protection authority in your country of residence, place of work, or where the alleged violation occurred.

Right to Compensation
Under many Asian legal frameworks, you may have the right to seek compensation or remedies for damages caused by unlawful processing or breaches of your data protection rights.

Markets in Crypto-Assets Regulation (MiCA).

Some of our partners operate under MiCA (European Union regulation that creates a comprehensive legal framework for crypto-assets across the EU. It governs how crypto-assets are issued, traded, and handled by service providers, with the goal of protecting consumers, ensuring market integrity, and supporting innovation).

As part of their regulatory obligations under MiCA, these partners may collect, process, or verify certain personal data (such as identity documents, wallet addresses, or transaction history, etc.) to ensure compliance with legal and anti-money laundering (AML) requirements.

Where necessary, we may share limited personal data with trusted third-party partners who are regulated under MiCA, solely for the purpose of enabling crypto-related services and meeting legal obligations.

Our partners under MiCA meet strict data protection standards and ensure that any data sharing is carried out in accordance with applicable privacy laws, including the General Data Protection Regulation (GDPR).

Notice to individuals in the State of California

Your Rights as a California Resident

As a California resident, you may have certain rights in relation to your personal information.

Right to Know
You may have the right to know how we have collected, used and disclosed your personal information. Specifically, you may have the right to know:
● The categories of personal information we have collected about you.
● The categories of sources from which we have collected your personal information.
● The business or commercial purpose for which we collect, sell or share your personal information.
● The categories of third parties to whom we have disclosed your personal information.
● The categories of personal information that we disclosed for a business purpose and the categories of third parties to whom your personal information was disclosed for a business purpose.
● The categories of personal information we have “sold” to or “shared” with third parties and the categories of third parties to whom we have “sold” or “shared” your personal information.

You may have the right to know the specific pieces of personal information we have collected about you.

Right to Make a Deletion Request
You may have the right to request that we delete your personal information that we have collected about you. Subject to certain exceptions, we must delete your personal information and direct any service provider or contractor to delete your personal information.

Right to Correct Inaccurate Personal Information
You may have the right to request that we correct inaccurate personal information about you, taking into account the nature of the personal information and the purposes of the processing of the personal information.

Right to Opt-Out of Sales of Personal Information
You may have the right to opt-out of the sale of your personal information.

Right to Opt-Out of Sharing of Personal Information
You may have the right to opt-out of us sharing your personal information for cross-context behavioral advertising purposes.

Right to Limit Use and Disclosure of Sensitive Personal Information
Subject to certain exceptions, you may have the right to limit our use and disclosure of your sensitive personal information. We do not use or disclose sensitive personal information in a manner that gives rise to this right.

Right to Non-Discrimination
You have the right to not be discriminated against by us for choosing to exercise your rights under the CCPA.

Other Rights: Notice to California Consumers
You have other rights under California’s “Shine the Light” law. California Civil Code section 1798.83, requires certain businesses to respond to requests from California customers asking about the businesses’ practices related to disclosing personal information to third parties for the third parties’ direct marketing purposes. Alternately, such businesses may have in place a policy not to disclose personal information of customers to third parties for the third parties’ direct marketing purposes if the customer has exercised an option to opt-out of such information-sharing. We have such a policy in place. As discussed above, if you wish to opt-out of our sharing of your information with third parties for the third parties’ direct marketing purposes, please contact the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs in writing at 1625 North Market Blvd., Suite N 112, Sacramento, California 95834 or by telephone at (800) 952-5210 or (916) 445-1254.

Categories of Data that We Hold about You

As required by the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), we inform you that we may collect, process, and maintain the following categories of personal and corporate information:

  • Identifiers: such as real name, alias, postal address, email address, telephone number, date of birth, identification number, tax number, passport/ID details, online identifiers (e.g., IP address, login credentials, cookie IDs).
  • Customer records information: such as company name, trading name, incorporation details, registration number, VAT/tax numbers, corporate website, and copies of submitted documentation (e.g., certificate of incorporation, articles of association, licenses, proof of address, powers of attorney).
  • Protected classification characteristics under California or federal law: such as nationality, citizenship, and residency information where required for KYC/AML obligations.
  • Commercial information: such as products or services purchased or used (e.g., business accounts, merchant accounts, client accounts), planned or actual transaction history, counterparties, turnover volumes, currencies used, and details of incoming/outgoing payments.
  • Internet or other electronic network activity information: such as browsing history, log data, cookie identifiers, IP address, and activity on our Website or Services.
  • Geolocation data: such as location derived from IP addresses or documents submitted for verification.
  • Professional or employment-related information: such as role or position within a company, employment details, representative rights, and business activity descriptions.
  • Financial information: such as source of funds, purpose of payment, transaction currencies, account use, and related compliance data.
  • Sensitive personal information (as defined under CPRA): such as government-issued identification numbers, account log-in data, passport details, or other information used to verify your identity.
  • Other information you provide voluntarily: including any additional data submitted during account opening, compliance procedures, or communications with us.

We collect this information for business purposes such as providing services, verifying identities, ensuring regulatory compliance (including KYC/AML requirements), conducting fraud prevention and risk management, fulfilling contractual obligations, and maintaining secure transactions.

Why We Collect Your Personal Information

We process your Personal Information in order to provide Services and personalized advertisements to You.

Where do We Collect Your Personal Information

We automatically collect User Information when Users interact with our Services that appear on our Customers’ websites and digital properties. Like most other web-based services, we collect this User Information through cookies and other technologies. We may also obtain information about you from our data partners.

We collect Information either directly from you during your use of our Sites and Services or from third parties that independently collect this Information from you, and we may combine the Information that we collect from these various sources. For more information about these collection methods, please see Sections above.

How do We Share Your Personal Information

We may disclose or make available your pseudonymous Personal Information to our trusted partners. In most cases when we do so, we have contractually restricted their uses of this data for only Our business purposes. Under the CCPA, such disclosures of Personal Information to service providers are not deemed to be a “sale” and thus are not prohibited after you exercise your right to cease or restrict disclosures or sales of your Personal Information to third parties. In any instances where we have not entered into a service provider relationship with such third parties, we will stop sharing your Personal Information when you instruct us not to “sell” your Personal Information.

California Online Privacy Protection Act

CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law’s reach stretches well beyond California to require a person or company in the United States (and conceivably the world) that operates websites collecting personally identifiable information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals with whom it is being shared, and to comply with this policy.

According to CalOPPA we agree to the following:

  • Users can visit our site anonymously;
  • Once this privacy policy is created, we will add a link to it on our home page, or as a minimum on the first significant page after entering our website;
  • Our Privacy Policy link includes the word ‘Privacy’, and can be easily found on the page specified above.

Users will be notified of any privacy policy changes on our Privacy Policy Page.
Users are able to change their personal information by emailing us.

Notice to individuals in the State of Virginia

Your Rights as a Virginia Resident

As a Virginia resident, you may have certain rights in relation to your personal data.

Right to Confirm
You may have the right to confirm whether we process your personal data and to access such personal data.

Right to Delete
You may have the right to request that we delete your personal data that we have collected about you. Subject to certain exceptions, we must delete your personal data.

Right to Correct Inaccurate Personal Data
You may have the right to request that we correct inaccurate personal data about you, taking into account the nature of the personal data and the purposes of the processing of your personal data.

Right to Opt-Out of Processing of Personal Data for Targeted Advertising
You may have the right to opt-out of the processing of your personal data for purposes of targeted advertising.

Right to Opt-Out of the Sale of Personal Data
You may have the right to opt-out of the sale of your personal data.

Right to Opt-Out of Profiling
You may have the right to opt-out of the processing of your personal data for profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.

Right to Obtain a Copy of Your Personal Data
You may have the right to obtain a copy of your personal data that you previously provided to us.

Right to Non-Discrimination
You have the right to not be discriminated against by us for choosing to exercise your rights under the VCDPA

Notice to individuals in the State of Colorado

Your Rights as a Colorado Resident

Right to Access
You have “the right to confirm whether a controller is processing personal data concerning the consumer and to access the consumer’s personal data.”

Right to Correction
You have “the right to correct inaccuracies in the consumer’s personal data, taking into account the nature of the personal data and the purposes of the processing of the consumer’s personal data.”

Right to Delete
You have “the right to delete personal data concerning the consumer.”

Right to Data Portability
You have “the right to obtain personal data in a portable and, to the extent technically feasible, readily usable format that allows the consumer to transmit the data to another entity without hindrance.”

Right to Opt-Out
Consumers have “the right to opt-out of the processing of personal data concerning the consumer for purposes of:

  • targeted advertising
  • the sale of personal data
  • profiling in furtherance of decisions that produce legal or similarly significant effects concerning a consumer.”

Right to Appeal
According to the Colorado Privacy Act regulations, Your request must be responded to within 45 days of receipt. The covered entity may subsequently extend that deadline by an additional 45 days if they are able to show reasonable necessity. However, when the deadline is extended, You must be notified by Us within the initial 45-day response period.

Notice to individuals in the State of Utah

Your Rights as a Utah Resident

Right to access, including confirming whether a controller is processing their data, and the ability to request and receive that data;

Right to deletion of personal data, if the data subject directly provided the data to the controller;

Right to portability, obtaining a copy of their personal data that they provided to the controller, in a format that is:

  • portable to a technically reasonable extent
  • readily usable to a practical extent
  • enables the consumer to transmit the data to another controller reasonably easily, where the processing is carried out by automated means.

Right to opt out of certain processing, specifically for the sale of the personal data or the purposes of targeted advertising;

Some rights that are present in other US state-level laws, but absent from the UCPA, include the right to opt out of profiling and the right to correct (to request and have omissions or inaccuracies in one’s personal data corrected).

We under the Utah privacy law are not required to recognize “universal opt-out signals” as a method for consumers to opt out of data processing.

Notice to Residents of Canada

We are committed to protecting the personal information of individuals located in Canada in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA).

Under PIPEDA, you have the right to access your personal information held by us and to request correction of any inaccuracies. We collect, use, and disclose personal information only for purposes that a reasonable person would consider appropriate in the circumstances, and we ensure that the information is accurate, up to date, and securely protected.

As part of our commitment to privacy, we follow the ten Fair Information Principles under PIPEDA, which include:

Accountability – We are responsible for all personal information in our possession and have designated a Privacy Officer.

Identifying Purposes – We inform you of the purposes for which we collect personal data at or before the time of collection.

Consent – We obtain your informed consent before collecting, using, or disclosing your personal information.

Limiting Collection – We collect only the information necessary for the identified purposes.

Limiting Use, Disclosure, and Retention – We use or disclose your information only for the purposes you consented to and retain it only as long as necessary.

Accuracy – We take steps to ensure that personal information is accurate and complete.

Safeguards – We protect your personal information with appropriate technical and organizational security measures.

Openness – We make our privacy policies and practices readily available.

Individual Access – Upon request, we will inform you of the existence, use, and disclosure of your personal information and provide access to it.

Challenging Compliance – You may challenge our compliance with PIPEDA by contacting our Privacy Officer.

If you are a resident of Canada and wish to request access to your personal data, correct any information we hold, or file a privacy complaint, please contact our Privacy Officer at [email protected]

We will respond to all privacy-related requests in accordance with PIPEDA’s timeframes and obligations.

CAN-SPAM Act

The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.

We may collect and use your email address for the following purposes:

  • To send information about our cryptocurrency payment platform, including updates, notices, and service-related announcements;
  • To respond to inquiries, requests, or questions submitted by you;
  • To provide confirmations, updates, and information regarding your account or transactions;
  • To send important security, compliance, or legal updates relating to the use of our services;
  • To share additional information related to our products, features, or services.

To comply with the CAN-SPAM Act, we agree to the following:

  • NOT use false or misleading subject lines or email addresses;
  • Clearly identify messages as commercial or promotional in nature, where applicable;
  • Include the physical address of our company or platform headquarters in all commercial messages;
  • Monitor third-party email marketing services for compliance, if engaged;
  • Honor all opt-out/unsubscribe requests promptly;
  • Provide a clear and working unsubscribe link at the bottom of each promotional email that allows you to opt out of future communications.
  • Allow users to unsubscribe by using the link at the bottom of each email.

Use of cookies and similar technologies

Cookies
We use so-called service cookies primarily to provide the User with services provided electronically and to improve the quality of these services. In connection with this, the Data Controller and other entities providing analytical and statistical services to the Data Controller use cookies, storing information or accessing information already stored in the User’s telecommunications terminal device (computer, telephone, tablet, etc.). Cookies used for this purpose include:

  • to distinguish unique users by assigning a randomly generated ID. Enables calculation of visitor, session, and campaign data;
  • to maintain session state for a specific GA4 property. Helps track user interactions across pages within a session.

Google Analytics
We use Google Analytics analytical tools, which collect information about website visits, such as the subpages you have viewed, the time you spent on the website or the time spent switching between individual subpages. For this purpose, Google LLC cookies are used for the Google Analytics service. As part of Google Analytics, demographic data and data on interests are collected. Neither the Data Controller nor Google uses the collected data to identify the User nor does it combine this information to enable your identification. Detailed information on the scope and principles of data collection in connection with this service can be found at the link: https://www.google.com/intl/eng/policies/privacy/partners.

Social networking sites
The Data Controller processes personal data of Users visiting our profiles in social media (Linkedin, Facebook, Instagram, Telegram). This data is processed solely in connection with maintaining the profile, including for the purpose of informing Users about our activity and promoting various types of events, services and products. The legal basis for the processing of personal data by the Data Controller for this purpose is its legitimate interest (Article 6, paragraph 1, letter f of the GDPR) consisting in promoting its own brand.

Categories of personal data processing

The Data Controller processes the following categories of Personal Data belonging to directors, shareholders, ultimate beneficial owners (UBOs), authorized representatives, employees, or other natural persons connected with the Company’s activities:

  • identification data (in particular: name and surname, date of birth, nationality, citizenship, identification number, tax number, passport/ID number, date of issue/expiry, issuing authority, representative rights, position);
  • contact details (telephone number, e-mail address, residence address, postal code, city, country);
  • professional and corporate role data (director, shareholder, UBO, authorized representative, position within a company, employment details);
  • verification and compliance data (copies of ID documents, proof of residence, powers of attorney, UBO/trust declarations, signature specimens);
  • financial information (source of funds, purpose of payment, transaction details, turnover, counterparties, incoming/outgoing payments);
  • online identifiers and technical data (IP address, cookies, login data, website usage information);
  • other data provided voluntarily by you in any form, necessary for the purpose for which they were provided.

Categories of Corporate data processing

The Data Controller processes the following categories of Corporate Data relating to legal entities (clients, partners, counterparties):

  • company identification data (company name, trading name, legal form, registration/incorporation number, incorporation date, VAT/tax number, corporate website);
  • registered and actual addresses (street, building, office, city, area, postal code);
  • contact persons (name, surname, position, telephone number, e-mail address);
  • business activity data (base activity, sub-activity, detailed description of business operations, duration of business activity, number of employees, countries of outgoing/incoming payments);
  • licenses and compliance information (license type, number, jurisdiction, status, date of issue, financial reporting obligations, regulatory body);
  • financial and transactional data (source of funds, purpose of business account opening, products used – business account, merchant account, client account; types of transactions – salaries, bills, goods/services, loans, operating costs, investments; transaction currencies; turnover and transaction volumes, maximum transaction size, estimates for next year);
  • counterparty data (name, incorporation country, nature of payments, website);
  • corporate governance data (information about directors, shareholders, UBOs, authorized representatives, and related documents – registers, memorandum/articles, shareholder lists);
  • supporting documents (certificate of incorporation, memorandum and articles of association, registers of directors/shareholders, proof of address, licenses, trust declarations, powers of attorney, financial reports, other legal documents);
  • other data provided voluntarily in any form, necessary for the purpose for which they were provided.

Sources of obtained data

All personal and corporate data processed by the Data Controller is obtained in the following manner:

  • Information provided directly by you – when filling out registration forms, compliance questionnaires, submitting KYC/AML documents, or contacting us via the Website, e-mail, or other communication channels. This includes, in particular, but not limited to:
    • Company identification details (company name, trading name, legal form, company number, incorporation details, VAT/tax numbers, corporate website).
    • Registered and actual business addresses, contact persons (name, surname, telephone, e-mail).
    • Business activity descriptions, licenses, duration of business activity, number of employees, purpose of account opening, products to be used.
    • Transaction information (planned turnover, currencies, sources of funds, sources of first payment, counterparties, incoming/outgoing payment details, nature of transactions).
    • Information on directors, shareholders, ultimate beneficial owners (UBOs), and/or authorized representatives.
    • Documents and proofs provided (e.g., certificate of incorporation, memorandum/articles of association, registers of directors/shareholders, licenses, powers of attorney, proof of address, identification documents, trust declarations).
  • Information obtained during the use of our Website or Services – e.g. through cookies, log files, technical data, analytics tools, or other automated means that capture activity, preferences, and communication with the platform.
  • Information received from business partners and counterparties – including employees, associates, contractors, and subcontractors, either directly from them or through the entity they represent in the course of cooperation.
  • Information obtained from financial institutions and supervisory authorities – including data required for compliance with financial reporting obligations, licensing requirements, or transaction monitoring.
  • Information from publicly available sources – including official databases, public registers (such as company registers, VAT/TAX databases), sanction and PEP (Politically Exposed Persons) lists, and other legally accessible records.
  • Information obtained from legal and regulatory requirements – for instance, in cases where the company must submit financial reports in its country of incorporation to the competent institution (e.g., registry of companies, tax authority, or financial supervisory body).

All confidential information is transmitted using Secure Socket Layer (SSL) technology.

Voluntary provision of data

Personal data is provided voluntarily. However, refusing to provide it may result in the inability to use the site’s functionality, including processing an inquiry submitted via a form, receiving a newsletter or other marketing communications.

Lack of consent to the use of cookies or its withdrawal may result in limited functionality of the Website.

Policy Updates

Cryptobanco reserves the right to update this Privacy Policy as necessary to reflect changes in our practices or for other operational, legal, or regulatory reasons.

Any significant updates will be communicated via our Website or direct notification to affected individuals.

This Privacy Policy is effective as of 10/12/2025.

Cryptobanco
Log in Try a Demo
Cookies consent management
We use technologies such as cookies to store and/or access information on a device. We do this to improve your browsing experience. By agreeing to the use of these technologies, you enable us to process data such as your browsing behavior or unique identifiers on this site. Not giving your consent or withdrawing it may negatively impact certain features and functionality.
Cookies consent management
We use technologies such as cookies to store and/or access information on a device. We do this to improve your browsing experience. By agreeing to the use of these technologies, you enable us to process data such as your browsing behavior or unique identifiers on this site. Not giving your consent or withdrawing it may negatively impact certain features and functionality.

The storage of or access to technical data is strictly necessary for the legitimate purpose of enabling the use of a specific service expressly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.

These cookies allow us to measure and analyze traffic on our website, such as pages visited and user behavior, using Google Analytics. The information is collected in an anonymized form and does not directly identify you. These cookies are only set if you give your consent.

Privacy Policy

    Contact Us

    Would you like to take full advantage of our platform?

    Privacy Policy
    Terms and Conditions