Last Updated: May 17, 2022
1. General provisions
1.1. The entity responsible for data processing is MainCoin OÜ (“Neocrypto”, “we”, “us”), a company incorporated under to the laws of the Republic of Estonia under registration number 16091714, registered and located at Harju maakond, Tallinn, Kesklinna linnaosa, Järvevana tee 9, 11314.
Our contact details are as follows:
1.2. Personal data collected by Neocrypto is processed in accordance with the laws of the Republic of Estonia, the General Data Protection Regulation (“GDPR”) and other legal acts.
1.3. Neocrypto, in accordance with the applicable legal requirements, shall ensure the confidentiality of personal data and the implementation of appropriate technical and organizational measures to protect personal data from unauthorized access, disclosure, accidental loss, alteration, destruction, or other unlawful processing.
1.8. The processing of cookies is regulated by a separate document posted on the website https://neocrypto.net. Please be guided by the provisions of the Cookies Policy when considering issues related to cookies.
2. Types of information we collect about you
2.1. The main purpose for which Neocrypto collects your personal data is to provide you with access and utility through our digital platform via software, API (application program interface), technologies, products and/or functionalities (“Services”). In the course of providing you our Services, to abide by the laws and to improve our services, we need to collect and maintain personal information about you.
2.2. Neocrypto will collect and process the following data about you:
2.2.1. Information you give us.
You may give us information about you when you sign up to use our Services, e.g. when you provide us with personal details like your name, phone number and email address. This also includes information you provide through your continued use of our Services, through entering a promotion or survey, and by reporting problems with our Services. The information you give us may include your name, date of birth, address, email address, phone number, identity information (e.g. identity documents), financial information (e.g. credit card, debit card information), geographical location, personal description and photograph. In some cases, such as when you send or receive high value or high volume transactions, or where we need to comply with anti-money laundering regulations, we may also need more commercial or identification information from you.
2.2.2. Information we collect about you.
With regard to your use of our Services, Neocrypto may automatically collect the following information:
- details of the transactions you carry out when using our Services;
- technical information, including the Internet protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
- information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our website (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer support number.
2.2.3. Information we receive from other sources.
Neocrypto may receive information about you if you use any of the other websites we operate or the other services we provide.
Also, Neocrypto may receive information that you transmit to third parties when using the Neocrypto Service (for example, from an online payment service or from an organization that provides user verification).
2.3. Data retention period: Unless otherwise stipulated by law, you agree that we have the to retain all the collected personal information for the duration you use our Services and for 5 (five) more years after you withdraw from it, and delete it if the data is no longer subject to a legal obligation to which Neocrypto is subject to. The retention period may be extended for a period not exceeding 1 (one) year, provided there is a reasoned request from a competent authority.
2.4. We do not collect information from children or other persons who are under 18 years old. If you are under 18 years old, you may not submit any personal data to us or subscribe for the Services.
3. How we protect your personal information
Neocrypto has kept your personal information safe using secured storage with industry standard encryption and implemented a number of security measures to ensure that your information is not lost, abused, or altered, including, but not limited to:
3.1. Physical Measures
Materials containing your personal data will be stored in a locked place.
3.2. Electronic Measures
Computer data containing your personal data will be stored in the computer systems and storage media that are subject to strict log-in restrictions.
3.3. Management Measures
Only authorized employees are permitted to come into contact with your personal data and such employees must comply with our internal confidentiality rules for personal data.
3.4. Technical Measures
Encryption technology may be used to transmit and store your personal data. We use various currently available security technologies and management systems to minimize the risks that your information may be disclosed, damaged, misused, accessed without authorization, disclosed without authorization, or altered. Our technical security team proactively monitors for abnormal and malicious activity in our servers and services.
3.5. Other Measures
We endeavor to protect your information from unauthorized access, alteration, disclosure, or destruction of personal data we collect and store. We take various measures to ensure information security, including encryption of our communications with you; required two-factor authentication for all sessions; periodic review of our personal data collection, storage, and processing practices; and restricted access to your personal data on a need-to-know bases for our employees and vendors who are subject to strict contractual confidentiality obligations. Please note that it is impossible to guarantee 100% security of information. As such, Neocrypto requests that you understand the responsibility to independently take safety precautions to protect your own personal information. You agree that Neocrypto shall not be liable for any information leakage and other losses not caused by our intention or gross negligence, including but not limited to hacker attack, power interruption, or unavoidable technical failure, to the maximum extent permitted by law. If you suspect that your personal information has been compromised, especially account and/or password information, please immediately contact with us.
4. Ways we use your information
We use the information we collect about you for the following purposes or in the following ways:
4.1. To provide our Services
Neocrypto uses the information collected to carry out our obligations relating to you, to provide you with the information, products and services, to deliver, maintain and provide better Services and verify your identity. We use the IP address and unique identifiers stored in your device’s cookies to help us authenticate your identity and activities and provide Services.
4.2. To protect our users
We use the information collected to protect our platforms, users’ accounts, and archives. We use IP addresses and cookies to protect against automated abuse such as spam, phishing, and DDoS attacks. Neocrypto analyzes your activities in our Services with the goal of detecting suspicious behaviors as early as possible to prevent potential fraud and loss of funds to bad actors.
4.3. To comply with legal and regulatory requirements
With respect to the privacy and security of personal data, Neocrypto will use the information in compliance with our legal obligations, government requests, and reasonable user-generated inquiries.
4.4. For research and development purposes
Neocrypto actively measures and analyzes data to administer our Services and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes and to understand the way you use and interact with our Services. This review activity is conducted by our operation teams to continually improve our Services and to resolve issues with the user experience. In addition, Neocrypto uses such information to customize, measure, and improve our Services and the content and layout of our websites, and to develop new services. We continuously monitor activity information within our systems and our communications with users to look for and quickly fix problems.
4.5. To communicate with you
We use personal information collected, like your phone number or email address to interact with you directly when providing customer support on a ticket or to keep you informed on logins, transactions, account security and other aspects or to notify you about changes to our Services. Without collecting and processing your personal information for confirming each communication, Neocrypto will not be able to respond to your submitted requests, questions, and inquiries. All direct communications are properly kept at Neocrypto or the service provider designated by Neocrypto, to be reviewed for accuracy, to be kept as evidence, or to be used to perform other statutory or contractual obligations.
4.6 To secure compliance with our terms and conditions
The collected information is also used to continually and actively enforce our terms and conditions, including but not limited to reviewing, investigating, and preventing any potentially prohibited or illegal activities that may violate the foregoing provisions, or disclose the relevant information to a third party in accordance therewith. Neocrypto reserves the right to suspend or terminate provision of any Services to any user found to be engaged in activities that violate our terms and conditions.
4.7. For marketing and advertising
Neocrypto may share your personal information with our marketing partners for the purposes of targeting, modeling, and/or analytics as well as marketing and advertising.
4.8. For other purpose
Neocrypto may disclose your personal information for any other purpose you consent to.
5. Legal bases for processing
5.1. When we process your personal data, we will rely on one of the processing legal bases below. We may process your personal data for more than one legal basis depending on the specific purpose for which we are using your data.
5.1.1. Performance of a contract
This is when processing of personal data is needed in order to perform our obligations under a contract (to provide Services) concluded with you.
5.1.2. Legal obligation or for public interest
This is when Neocrypto is required to process your personal data to comply with a legal obligation. The purposes of processing include verification controls of identity, money laundering and fraud prevention, risk control measures, as well as providing information to a competent authority, public body or law enforcement agency.
5.1.3. Legitimate interests
Where necessary, Neocrypto may process personal data where there is a legitimate interest for us or a third party in pursuing commercial and business interests, except where such interests are overridden by your interests, fundamental rights and freedoms.
5.1.4. Your consent
6. Who receives your personal data
6.1. Neocrypto receives your personal data in order to carry out requests and provide services, and to perform our contractual and legal obligations.
6.2. We will not share personal data with third parties unless this is necessary for our legitimate business needs, to carry out requests, provide services and/or as required or permitted by law. Third parties under these circumstances include:
6.2.1. Service providers
Neocrypto will disclose personal data to third party partners and service providers (processors) so they can process it on our behalf where required. These service providers are required to provide sufficient assurances in accordance with data protection law. (e.g. being bound contractually to confidentiality and data protection obligations). We will only share personal data necessary for them to provide their services.
6.2.2. Auditors, advisors and consultants
We may disclose personal data for purposes and in the context of audits (e.g. external audits, security audits), to legal and other advisors, in order to investigate security issues, risks, complaints etc.
As such, personal data may be transferred and disclosed to:
- Money laundering and fraud prevention agencies, compliance services and risk prevention services. This is required in order to verify your identity, ensure protection against fraud, confirm eligibility for our services/products.
- Banks (other credit and financial service institutions), and similar institutions. These enable us to provide our Services.
- Payment Systems (SWIFT, SEPA, Visa, Mastercard, etc.), payment service providers, card processing companies. These enable us to provide our Services.
- Data management, storage, archiving, cloud storage service providers.
- Companies assisting us with provision of our services (e.g. technological services, solutions, support such as support/maintenance/development of IT applications, technology, website management, telephony/SMS services).
- Customer support service providers and marketing service providers.
- Administrative service providers.
- Auditing and accounting services and consultants.
- External legal advisors.
6.2.3. Regulatory authorities, law enforcement, courts
Neocrypto may disclose personal data to comply with applicable legislation, regulatory obligations, to respond to requests of regulatory authorities, government and law enforcement agencies, courts and court orders.
6.2.4. Other persons
Other recipients may be any person/legal entity/organization for which you ask your data to be transferred to (e.g. reference etc.) or give your consent to transfer personal data.
6.3. Neocrypto may also disclose your data in circumstances such as the following:
- If we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request,
- In order to apply or enforce the terms and conditions or any other agreement in place in the context of our relationship and to investigate potential breaches,
- In order to protect our rights, safety or property, or that of our customers or third parties/the public. This includes exchanging information with other companies and organizations for the purposes of money laundering, fraud prevention and equivalent risks.
6.4. Operators of personal data in addition to Neocrypto are also:
- TYPEFORM SL - data processing operator: user's phone number, email, full name.
7. Transfers outside the EEA or to international organizations
7.1. Your personal data may be transferred to third countries (outside the EEA) or to international organizations if the transfer is necessary and has a legal basis as described in this document. Such transfers take place for example:
- When it is necessary to carry out in the context of the Services;
- Under applicable law;
- On the basis of your instructions or consent.
In the context of data processing undertaken by third parties on our behalf. (e.g. the data may also be processed by staff operating outside of the EEA who work for Neocrypto or for one of our third-party service providers. Such staff may be performing technical duties and support, duties related to processing of your orders, provision of support services etc.).
7.2. The processors (or controllers) in third countries in this case shall be either approved by the European Commission as providing adequate level of data protection or shall have in place appropriate safeguards with the level of data protection in the EU. We aim to take all steps reasonably necessary to ensure that your data is treated securely.
8. Automated Decisions and Profiling
8.1. We sometimes use systems to make suggestions or assist in decisions, including profiling, based on personal information we have, or that we are allowed to collect from other authorised sources, about you.
This helps us ensure our decisions are quick, fair, efficient and correct, based on what we know. These automated processes can affect the products, services or features we may offer you now or in the future.
The types of automated decisions we make may include:
- Tailored Services: Neocrypto may place you in groups with similar customer segments. We use these to study and learn about our customers’ needs, and to make decisions based on what we learn. This helps us to design products and services for different customer segments, and to manage our relationships with them;
- Detecting fraud: We use your personal information to help us decide if your personal accounts are potentially used for fraud, money-laundering or terrorist financing or if you are under international sanctions. We may detect that an account is being used in ways that fraudsters work or in a way that is unusual for you or your business. If we think there is a risk of fraud, we may stop activity on the accounts or refuse access to them.
9. Your rights
9.1 Subject to applicable laws, you may have the right to access information we hold about you. Your right of access can be exercised in accordance with the relevant data protection legislation. If you have any questions in relation to our use of your personal information, contact us. Under certain conditions, you may have the right to require us to:
- provide you with further details on the use we make of your information;
- provide you with a copy of the information that you have provided to us;
- update any inaccurate, incorrect, or out of date personal information we hold;
- delete any personal information that is no longer necessary, or no longer subject to a legal obligation to which Neocrypto is subject to;
- where processing is based on consent, to withdraw your consent so that we stop that particular processing;
- cease direct marketing to you, by contacting us or adjusting your notification preferences in the settings section of your account;
- where we undertake wholly automated decision making which results in the creation of a legal obligation or a similar significant impact, you may request that we provide information about the decision-making methodology and ask us to verify that the automated decision has been made correctly. We may reject the request, as permitted by applicable law, including when providing the information would result in a disclosure of a trade secret or would interfere with the prevention or detection of fraud or other crime. However, generally in these circumstances we will verify that the algorithm and source data are functioning as anticipated without error or bias or if required by law to adjust the processing.
- object to any processing based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights.
- restrict how we use your information whilst a complaint is being investigated.
9.2 Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege).
10. Right to file a complaint
10.1. If you have any complaints about the use of your data, exercise of your rights, please notify and/or file a complaint with us at the contact details indicated below. We will immediately investigate and inform you in regards to your complaint.
10.2. Complaints must be made in English in a comprehensive manner, and contain sufficient details and a clear description of the complaint. Neocrypto will not be able to process requests which are incomprehensive or in languages other than English.
10.3. You can also file a complaint with the supervisory authorities, but if the complaint has not been previously sent to us, we can use this fact as evidence of your unwillingness to settle the issue in a pre-trial manner.
11. Third-party links
Our Services may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility for them. Please check these policies before you submit any personal data to these websites.
13.2 If you feel that we have not addressed your questions or concerns adequately, or you believe that your data protection or privacy rights have been infringed, you can complain to your national data protection authority or other public body with responsibility for enforcing privacy laws (for example at www.aki.ee).