top of page
This site was designed with the
.com
website builder. Create your website today.Start Now

 PRIVACY POLICY

Processing of your personal data by RR Crypto

This document is intended to inform you of how the RR CRYPTO association collects and processes your personal data.

In the interest of full transparency, it is meant to inform you of the following:

  • Collection and processing of your personal data

  • Data security measures

  • Your rights regarding your data and their processing

  • Our processing obligations

Capitalized terms shall have the meanings ascribed to them in the General Data Protection Regulation (known as GDPR) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016. If you wish to consult the full version of this text, it is available here.

 

The purpose of this document is to explain the personal data processing implemented in our crypto assets management agreement and more generally in our customers related activities. It concerns you if you are:

  • one of our clients,

  • the legal representative or agent of one of our clients,

  • a partner or manager of a legal entity that is one of our clients,

  • a potential client,

  • the beneficial owner of a requested transaction,

  • A visitor on our website

1. Data controller

 

The Association RR CRYPTO, with registered office in 14, rue du Golf - 21800 QUETIGNY, France, registered under the number 880 857 024, is the data controller within the meaning of the GDPR.  In this capacity, we decide both the purposes (why we process your data) and the means of their processing (how we process them). We are therefore responsible for any damage caused by our processing operations.

2. Types of collected data and collection methods

We may be required to collect the following types of personal data:

- Identification data: title, last name, first name, date and place of birth, nationality, for a legal entity this applies to all partners and directors, specimen signature, your login, the IP address of the terminal you used logging in to your account, the photo on your ID or through our security cameras during an interview in our premises, the data allowing us to determine the beneficial owner of a transaction,

 

- Contact data: postal address, the head office address of a legal entity, e-mail address, phone number and bank details,

- Personal, professional, and financial data: family situation (marital status, family status), occupation, incomes and estates, assets, expenses and liabilities, country of tax residence, investment objectives, risk tolerance and ability to bear losses, your level of knowledge regarding digital assets, your investor profile,

- Data related to your crypto assets management agreement: amount of crypto assets in your possession, types of crypto assets, transfer orders, amount and dates of deposits and withdrawals of crypto assets, capital gains or losses,

- Data allowing us to determine if you are a politically exposed person within the meaning of the Regulation, information showing that you were or were not subject to sanctions related to money laundering and terrorist financing.

- Browsing data when using your account: some of your personal data, such as your IP address and the type of terminal you used, may be collected during your visit on our website or when logging in to your account.

 

You remain free not to provide us with some of your personal data, but you should be informed that data processing is necessary for the performance of the management agreement or for pre-contractual measures as well as to meet our legal obligations, in certain cases, we may not be able to start a new business relationship or we may have to terminate it.

The data collection takes place in the following cases :

 

- When contacting us,

- When entering into a new business relationship,

- When providing us with the supporting documents needed for your onboarding through your account or by any means,

- When, prior to our first contact, you are recommended by another client,

- When executing the management agreement you entrusted us with, 

- When performing the necessary inspections and analysis to comply with our legal obligations,

- During the resolution of a dispute or claim,

- When browsing our website or logging in to your account.

3. Purposes of collecting and lawful basis for processing

 

We may process your personal data for several reasons (these are the lawful basis allowing us to process your Data) :

- For the performance of a contract to which you are party or for the implementation of pre-contractual measures per your request: we must process your data in order to perform the management agreement you entrusted us with, before its conclusion, during our first contact, to collect information and analyse your situation before finalising or not your contract and to be able to respond to your demands for its duration,

 

- For compliance with our legal obligations: as crypto assets service provider, we are obliged by regulation to verify your identity and to determine the beneficial owner of any transaction, to identify your investor profile in order to offer you a suitable service and to be able to detect and then to alert the authority of any suspicious transaction (as part of the fight against money laundering and terrorist financing), we are obliged to verify if you appear on any sanction list. We also have to respond to the demands coming from the competent authorities, we must implement measures allowing us to detect and prevent any conflict of interest and ensure compliance with the obligations incumbent on any company, in particular related to accounting and tax.

 

- For the pursuance of our legitimate interests, to ensure a good coordination of our activities and services, for fraud prevention, to defend and protect our rights in case of a dispute, to improve our services, for the management of a clients and prospects database, for the management of our customer service, to be able to assist the customer with funds deposit, to ensure the safety of people and property in our premises and more generally, in our company operations.

 

- Your consent, when required, for instance, to send you our newsletter or to place certain cookies on the device you use when browsing our Website and logging in to your account.

And for the following reasons:

 

- To be able to create your account,

- To identify you when logging in and to timestamp your connections,

- To enable you to upload any document or information required to start the business relationship and to put update them for the duration of the relationship,

- More broadly speaking, to collect the information required for the execution of the agreement.

- To collect and manage contact requests and recommendations through our website,

- To identify the nature of the business relationship including your investor profile,

- To assess the risks of money laundering and terrorist financing,

- To decide whether to execute or terminate the management agreement,

- To comply with our legal obligations arising from the Monetary and Financial Code:

  • To collect and verify the information relating to your identity, to determine the beneficial owner of a transaction, to detect politically exposed persons, to detect persons subject to an asset freezing measure, to determine the persons subject to sanction related to money laundering and terrorist financing.

  • To verify the consistency between the transactions and the knowledge of our business relationship with you,

  • To refresh our knowledge of this business relationship,

  • To implement monitoring measures adapted to our knowledge of this business relationship,

  • If required, to implement asset freezing measures and report it to the authorities,

  • If required, to report any suspicious transaction to the competent authorities,

  • To detect, prevent and manage conflicts of interest,

  • To meet the demands of the competent authorities, especially in the case of court order,

  • To keep documents and information as proof of our compliance with these obligations,

- To comply with the legal, accounting and tax obligations,

- To perform the management agreement you entrusted us with and to do so we will need to:

  • Authenticate the initiator of a request,

  • Fulfil the request (funds withdrawal/deposit, transfer orders), issue and keep certificates (withdrawal/deposit) and supporting documents accordingly,

  • Calculate and deduct our commission,

  • Draw up and send you the monthly report of your operations,

  • Respond to your request and communicate with you for the purposes of the contract,

- To Manage subscriptions/unsusbcriptions to our newsletter, to send it and develop reading statistics,

- To resolve disputes and claims,

- To protect our interests and rights,

- To allow you to exercise your rights over your data,

- To measure the audience of our website and usage statistics, personalize your browsing and optimize its operation, in particular through the implemented cookies, detailed information related to these trackers are available in the dedicated policy : https://www.rr-crypto.com/cookies

- To ensure the safety of people and property in our premises,

- To ensure the safety of people and property within our activity by protecting our employees and partners safety and our IT system,

- To improve the quality and personalization of our services,

- To create and manage a client and prospect database.

4. Data processing for decision-making : profiling

Profiling is an automated analysis of your personal data, that we, or our subcontractors, implement to assess, analyse, or predict elements regarding your financial situation and your risk profile in order to detect any potentially fraudulent behaviour.

We must inform you that this profiling may lead to legal effect such as deny of business relationship, termination of our agreement, implementation of required measures by competent authorities, such as asset freezing.

In these cases, a human intervention will systematically precede this decision, no legal effect shall apply without the intervention of one of our employees.

5. Your rights

Subject to special conditions and exclusions provided by the regulation, you have a right to access your data (in accordance with the regulation, for processing with the purpose of fighting against money laundering and terrorist financing, you can exercise the access right or “indirect access right” to the CNIL), you also have a right to modify and delete your data and limit data processing, a right to portability and the right to withdraw consent without damaging the legitimacy of the processing prior to that withdrawal.

 

You also have the right to determine the rules governing the fate of your data after your death.

These rights can be exercised, free of charge[1], by sending:

  • An e-mail to the following address : dpo@rr-crypto.com

  • A letter to the following address :  14 rue du golf 21800 QUETIGNY

 

To make the processing of your request easier, we recommend that you specify your identity, your address for the reply in case of a request by post as well as the subject of the request. We may need to ask for a proof of your identity in order to verify the legitimacy of your request.

You also have the right to lodge a complaint with the competent supervisory authority (in France, the National Commission on Informatics and Liberty, or "CNIL").

[1] In accordance with the regulations, for unfounded or excessive requests for the right of access, we may require the payment of reasonable fees corresponding to the costs incurred.

6. Data retention period

 

The data retention period varies depending on the purpose.

The main retention periods are the following :

  • Data related to the management agreement: 5 years from the end of our contractual relationship,

  • Data related to the fight against money laundering and terrorist financing: 5 years from the end of our contractual relationship,

  • Data related to a proven or potential dispute: until the conclusion of the proceedings.

  • Data related to our accounting and supporting documents: 10 years from the end of the financial year,

  • Data from the video surveillance: one month from the recording or for the duration of the proceedings in the event of a proven or suspected violation,

  • Cookies data: see the dedicated policy here.

 

The retention period may be shortened by exercising your right to delete your data and to withdraw consent or in reason of the instructions governing the fate of your data after your death.

7. Personal data recipients

VYour data is intended for :

  • Our authorized employees,

  • Subcontractors providing us with services and assistance in order to comply with our legal obligations regarding the fight against money laundering and terrorist financing, or for the edition of the monthly reports,

  • Our technical service providers, in particular IT, who may access your data as part of their maintenance operations,

  • Some of our service providers for the need of their mission: chartered accountant, lawyers, advisers, insurers...

 

The competent authorities, when we have an obligation to report a suspicious transaction or per legal request,

8. Security measures

We implement technical and organisational measures to protect your personal data against alteration, loss, and any unauthorised use, disclosure, or access, including in particular :

  • Awareness of the confidentiality requirements of our employees having access to your personal data;

  • Securing access to our premises and our IT platforms;

  • Implementation of a general IT-security policy for the company;

  • Securing access, sharing and transfer of data;

  • Selecting subcontractors and partners applying these measures.

9. Personal data localization

We store your Data on servers located in France.

As part of the performance of our services or when relying on a subcontractor or service provider, they may transit or be accessible from a third country. If a state does not benefit from the ability to comply with a Data protection legislation equivalent to the one of the Union, we implement the appropriate guarantees: standard contractual clauses approved by the Commission or, in specific cases, we may transfer your data to a third country based on an exemption provided by the texts.  Our subcontractors and service providers are subject to the same obligations.

10. Modifications

The content of this notice may evolve due to the evolution of our operating methods, the adjustment of our security measures, or the evolution of our legal obligations.

This document is the version in force as of: 07/02/2021.

The latest version is available online, on our website or upon request.

bottom of page