Crypt Comps is a data controller of your personal data.

Reference in this document to “we”, “us” and “our” means Crypt Comps (Trading name of IBTCK LTD) and its various trading styles.

This privacy policy explains how we will collect your personal data and how we use your personal data. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

We are committed to protecting your privacy and will take all of the necessary steps to comply with our legal obligations when using your personal data. This privacy policy explains how we fulfill this commitment, so please read this carefully.

Information we collect and hold about you

We will collect and process the following data about you. Most of this will be provided by you when you contact us:

• Your title, full name, contact details (including, for instance, your email address, home and mobile telephone numbers);
• Your home address, billing address and correspondence address
• Payment card details, billing details, purchase information and payment history
• Records of how you contacted us and, if you get in touch with us online, details such as your mobile phone location data and IP address
• Your marketing preferences, other website preferences and feedback of your experiences with Crypt Comps through reviews and surveys
• In the event you were to choose to open a Crypt Comps account using your Facebook, Google, Instagram, Twitter or YouTube account, we will use your contact information used for the relevant account to help populate your Crypt Comps registration page

We may collect the following types of information from you when using our website (using cookies and or other tracking technologies). Information about how you are using our website including the time spent on each page, click through and download errors. In addition to this we may collect information about your IP address, browser type, device information, hardware type, network identifier, software identifier, operation system and system configuration.

Fraud Prevention Agencies

The personal information we collect from you will be shared with fraud prevention agencies, who will use it to prevent fraud and money laundering, and to verify your identity. If fraud is suspected or detected, we are obliged under UK law to report the same to the appropriate statutory and regulatory bodies.

The legal grounds for processing your personal data

We can only process your data for certain reasons (including when we share it with other organizations).

We have set out these reasons below.

1. Processing is necessary to perform our contract with you or for us to comply with our legal obligations:
   • To enter into a contract with you and to comply with our legal obligations, we will process your personal data, as set out below during the period of our professional relationship, including:
     • updating our records;
     • To carry out monitoring and to keep records.
   • For compliance with laws that apply to us;
   • For establishment, defense and enforcement of our legal rights;
   • For activities relating to the prevention, detection and investigation of crime;
   • To carry out identity checks, anti-money laundering checks, and checks with Fraud Prevention Agencies at various points;
   • To process information about a crime or offence and proceedings related thereto (in other words, when we know or suspect fraud);
   • To deal with requests from you to exercise your rights under data protection laws;
   • Where we share your personal information with:
     • Our legal and other professional advisers;
     • Courts and to other organizations where it is necessary for the administration of justice, to protect vital interests and to protect the integrity and security of our business; and
     • Law enforcement agencies and governmental and regulatory bodies, such as HMRC, The National Crime Agency, The Information Commissioner’s Office
2. Legitimate Interests - the UK's data protection laws allow the use of personal data where it’s processing is legitimate and isn’t outweighed by the interests, rights and freedoms of data subjects. We will use your data for the following legitimate interests:
   • To adhere to guidance and best practice under the regimes of governmental and regulatory bodies, such as:
     • HMRC;
     • The Information Commissioner’s Office
     • Law Enforcement Agencies
   • For management and audit of our business operations, including accounting;
   • To carry out monitoring and to keep records;
   • For market research and analysis and developing statistics; and
   • Where we share your personal data with:
     • Other organizations and businesses who provide services to us, such as IT software and maintenance providers, document storage providers and suppliers of other back office functions;
     • Market research organizations who help us develop and improve our services.
3. Processing with your consent - There may be circumstances where we need to obtain your consent, such as:
   • When you request that we share your personal information with someone else and consent to that;and
   • To keep you informed about our services.
4. Processing for a substantial public interest such as:
   • Processing that we need to do to fulfill our legal obligations and regulatory requirements.

How and when can you withdraw your consent?

For processing that is based upon your consent, you have the right to withdraw your consent. You can do this by contacting us using the details on our website or by emailing us at support@cryptcomps.com

Is your personal data transferred outside the UK or EEA?

The data that we collect from you may be transferred to, and stored at, a destination outside the UK or European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. This includes staff engaged in, among other things the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

What should you do if your personal information changes?

You should tell us without delay so that we can update our records. You can do this by:

• writing to us at 71-75 Shelton Street, Covent Garden, London, England, WC2H 9JQ.
• visiting our office
• emailing us at support@cryptcomps.com

Do you have to supply your personal data to us?

We are unable to enter into a business relationship with you without having personal information about you.

Do we do any monitoring involving processing of your personal information?

Monitoring means any listening to, recording of, or taking and keeping any records (as the case may be) of calls, emails, text messages, social media messages and other communications.

Some of our monitoring may be to comply with regulatory rules, procedures relevant to the business, to prevent or detect crime, to have a record of what we have discussed with you and actions agreed with you, to protect you and provide security for you (such as in relation to fraud risks), and for quality and staff training purposes.

How long is your personal information retained by us?

We will keep information for a reasonable amount of time in order to perform our business and professional roles, and/or to comply with any legal and/or statutory duty imposed upon us.

We only keep your information for as long as necessary. We generally keep personal information for 7 years after last contact with you. However, we reserve the right to keep information for longer if we feel that this is in our legitimate interests.

What are your rights under data protection laws?

Here is a list of the rights that all individuals have under data protection laws. These include:

• The right to be informed about the processing of your personal information;
• The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed;
• The right to object to processing of your personal information;
• The right to restrict processing of your personal information;
• The right to have your personal information erased (“the right to be forgotten”);
• The right to request access to your personal information and to obtain information about how we process it;
• The right to move, copy or transfer your personal information (“data portability”);

If you wish to exercise any of these rights against the CRAs or FPAs, you should contact them separately.

How to get a copy of your personal information (Data Subject Access Request)

You can obtain a copy of your personal information held by contacting us. You can do this by:

• writing to us at 71-75 Shelton Street, Covent Garden, London, England, WC2H 9JQ
• visiting our office
• emailing us at support@cryptcomps.com

We will require your address verification and identification documents for each individual making a Data Subject Access Request.

Original or certified documents which are acceptable include:

• Passport
• Driving license, which shows your current address
• Utility bill (dated within the last three months, mobile phone bills are not accepted)
• Bank statement (dated within the last three months)
• Council Tax bill (for the current financial year)
• Mortgage statement from a recognized lender for the current year

We can accept photocopies of ID, however these must be certified and stamped either by a solicitor, an independent financial adviser or an accountant. It has to be clear that the ID has been certified by one of these people, providing their name and business address.

We will deal with your request as quickly as possible, but in no more than 30 calendar days from receipt of all required identification.

We hope that we will be able to answer any questions or concerns that you have. You have the right at any time to raise your concern with the Information Commissioner’s Office at: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF (www.ico.org.uk).