Privacy Policy

CryptoSimple SAS is a french limited company, registered under the number 897 452 306 R.C.S. with headquarters at 69 rue du Rouet 13008, Marseille, France and a capital of EUR 3,500.00. The application to be registered with the AMF as a DASP (Digital Asset Service Provider) is in progress.

The priority of CryptoSimple is to ensure that customers are confident in their privacy rights when using CryptoSimple services.

CryptoSimple gathers and safeguards customer personal information in compliance with European regulation « GDPR » (Regulation (EU) 2016/679).

CryptoSimple collects and uses personal data from customers in compliance with the following principles, as stated in article 5 of the GDPR regulation:

  • Lawfulness, fairness and transparency: only lawful use cases are used to capture and process data. The customers are systematically informed of how their data is being used.
  • Limited purposes: data is collected and processed for one or more particular purposes, which are described in detail in point 2 of the following documentation.
  • Minimisation of data collection and processing: only the data necessary for the proper fulfilment of the objectives pursued by CryptoSimple simpare collected.
  • Limitation of data retention over time: personal data is retained for a limited period such as specified in point 4 of the document hereinafter.
  • Integrity and confidentiality of the data obtained and processed: CryptoSimple, as the data controller, guarantees the data's integrity and confidentiality.

CryptoSimple is committed to respecting all of these principles as part of its compliance with the GDPR.

The aim of the following policy is to inform customers about why CryptoSimple collects and handles their personal data, as well as how CryptoSimple uses and protects that data. CryptoSimple's privacy policy ensures that the consumer is aware of the following:

  1. How and why personal data is collected for business operations.
  2. Other purposes for which CryptoSimple collects such personal data.
  3. The reasons for which personal data can be revealed and to whom.
  4. How long CryptoSimple keeps personal information.
  5. The customers rights and how to exercise them.
  6. How to access and update personal information and privacy records, as well as how to get in touch with CryptoSimple.

Please note that CryptoSimple also has a cookies policy which can be found in the dedicated page.


How and why personal data is collected for business operations

CryptoSimple collects and uses only the personal data necessary for our business operations, allowing us to provide customers with customised services based on their profiles in the simplest way possible.

To do so, CryptoSimple needs the following personal information in order to open a CryptoSimple account:

  • Identification and contact details for the customer. customer surname, first name, place of birth, and date of birth, as well as face ID checks, passport and identification card numbers, postal and e-mail addresses, phone numbers, gender, age, and signature.
  • Tax information, family situation, employment information.
  • Banking, financial, and transaction data.
  • Identification and authentication data, in particular when using CryptoSimple services.

Please keep in mind that the above-mentioned list is not exhaustive, and it may be updated as required for industry, compliance, and regulatory reasons.

As previously stated, CryptoSimple requires the customer's data for business purposes, such as opening an account and offering premium customer service

A personal questionnaire is used for these purposes to ensure that CryptoSimple is suitable:

  • Provides its customers the necessary information they need.
  • If necessary, provides adapted assistance to its customers in using the solution.
  • Allows customers to use the services in a simple manner.
  • Provides security for the customers when they use the services.

Other purposes for which CryptoSimple collects such personal data

For compliance and regulatory reasons

Personal details such as the ones listed above, as well as the ones listed below, are required:

  • Publications and databases made accessible by the official authorities (Official Journal).
  • Third parties such as business intelligence, anti-fraud agencies, per data protection regulations.
  • Allows customers to use the services in a simple manner.
  • Provides security for the customers when they use the services.

For compliance and regulatory reasons

  • Proof of transactions or operations.
  • IT management including infrastructure management (eg exchange platforms) and business continuity including personal safety.
  • Prevention of fraud and abuse (security measures, control of unusual transactions).
  • Establishment of anonymized statistical models, tests, for research and development, to optimize CryptoSimple risk management or improve our offer.

The reasons for which personal data can be revealed and to whom

  • To combat money laundering and terrorist funding (AML/FT regulations), such as Directive (EU) 2018/843.
  • Adherence to existing international sanctions and embargoes legislation.
  • To combat tax avoidance, as well as to comply with tax audits and reporting requirements.
  • To be able to respond to official requests from duly authorized public officials or judicial authorities, regulated professions such as lawyers, notaries, and auditors.

How long CryptoSimple keeps personal information

CryptoSimple gathers and retains customer personal data for the length of time required to comply with relevant legal and regulatory requirements, or for a longer term that takes into account organizational limits, proactive customer relationship management, and responses to legal and regulatory requests.

Under legal guidelines, the bulk of consumer information is stored for a period of 5 years.


The Customer rights and how to exercise them

Customers have various privileges under the relevant legislation, including:

  • Right of access: customers have the right to request information about how their data is processed as well as a copy of their personal information.
  • Right to rectification: If customers feel their personal data is incorrect or incomplete, they have the right to request that it be corrected.
  • Right of cancellation: the customers have the right to have their personal data erased under the legal parameters.
  • Right to limit processing: customers have the right to restrict the processing of their personal data.
  • Right of opposition: customers have the right to object to the processing of their personal data for reasons relating to their unique circumstance. The customers have the absolute right to object the collection of personal data for commercial prospecting, including profiling related to this prospection.
  • Right to the portability of the customers data: If this right applies, the customers have the option of having the personal data given to CryptoSimple returned to them or transferred to a third party where theoretically feasible.
  • Right to set guidelines for the retention, erasure, or disclosure of customer personal data, applicable after customer death.
  • Right to withdraw customer consent: If the customers have agreed to the processing of their data, they have the right to withdraw their consent at any time.

The applicable regulations, entitle the customers to file a complaint about the competent supervisory authority such as the CNIL (National Commission for Informatics and Liberties) in France.


The Customer rights and how to exercise them

CryptoSimple enables the simplest customer experience even for this purpose.

If the customers have any questions and want to review or alter their personal information about the use of their data, the customers can contact us by email at [email protected]