PRIVACY POLICY

SENSITIVE AND CONFIDENTIAL DATA

We will not intentionally collect or maintain, do not want you to provide, and will never ask you for any information regarding medical or health conditions, race or ethnic origin, political opinions, religious or philosophical beliefs nor any other confidential information (eg. credentials, private keys, PIN code). Please prevent from disclosing to us or to any third party any sensitive personal data relating to you or any other person.

How long do we keep your information?

In accordance with the storage limitation principle set forth under Applicable Laws, we endeavor retaining data for no longer than the time required to achieve and comply with such legitimate and legal purposes, including satisfying any legal, accounting, tax or other compliance reporting requirements. 

We may archive some of your personal data, with restricted access, for an additional period of time when it is strictly necessary for us to comply with our legal and/or regulatory archiving obligations and for the applicable statute of limitation periods. At the end of this additional period, your remaining personal data will be permanently erased or anonymized from our systems.

To determine the retention period of your data, we consider the legitimate purpose for which your data has been collected and may be further processed, among those listed in this Privacy Policy. In particular,

  • Where cookies or other technical tracking technologies are placed on your computer or when we process your Browsing Data, we keep them for as long as necessary to achieve their purposes (e.g. for the duration of a session for session ID cookies) and for a maximum period defined in accordance with Applicable Laws.
     

  • If you contact us as part of an enquiry, we keep your personal data, notably your Contact Details, for as long as necessary to process your enquiry.
     

  • If you purchased a product or a service from us, we may retain some transactional data attached to your Contact Details to comply with our legal, tax or accounting obligations for a maximum 10 years period set forth by French applicable laws, as well as to allow us to manage our rights (for example to assert our claims in Courts) during applicable French statutes of limitations.

 

Who may we share your information with?

Crayonic, its employees and contractors may use some of your personal data strictly as part of their duties and in accordance with this Privacy Policy.

We may also transmit some of your data to third parties such as payment services, infrastructure, logistics, and other services providers.

We enter into contractual arrangements with these third parties to ensure that personal data they could have to process for the provision of their tasks is adequately secured and that your privacy is protected. These providers have privacy policies which you may refer to for information about how they process your information and how to exercise your data subjects’ rights as provided under Applicable Laws. All personal data processed by these third parties shall solely be used to perform the services they provide to us and for the purposes set out in this Privacy Policy.

In certain circumstances and only where required by Applicable Laws, we may disclose some of your data to competent administrative or judicial authorities or any other authorized third party.

What are your rights regarding your personal data?

You can withdraw your consent to receiving our marketing emails by clicking on the “Unsubscribe” link at the bottom of the emails we sent you.

You have the right to request access to the personal data we retain about you, their rectification or erasure, as well as the right to request the restriction of the processing or to object to the processing of your personal data.

You also have the right to request a copy, in an interoperable format (right to your data “portability”), of the personal data that you have provided to us for the performance of a contract with us or under your sole consent.

Finally, French data subjects also have the right to set general or specific guidelines regarding the fate of their personal data in the event of death and to change them at any time. They have the option to register such guidelines with a digital trusted third party certified by the French data protection authority.

If you object to the processing or ask for the erasure of your personal data by Crayonic, we shall acknowledge the receipt of your request and, within a maximum one month period, we shall stop processing your personal data or erase it from our IT systems, except where Crayonic has legitimate and compelling grounds for processing, or for the purpose of ascertaining, exercising or defending its legal rights in accordance with the Applicable Laws. If necessary, Crayonic shall inform you of the legal grounds and reasons why your request could not be satisfied in whole or in part.

To exercise any of the abovementioned rights, please send us a request using the below Contact Information. We will take steps to verify your identity, to ensure, with a reasonable degree of certainty, that you are at the origin of the data subjects’ right request. When feasible, we will match personal data provided by you in submitting a request to exercise your rights, with other information already maintained by Crayonic, this could include matching two or more data points you provide us. In some instances, when the matching cannot establish your identity, we can request you to provide a copy of a formal identification document.

Contact Information

If you wish to access, correct, modify or delete the personal information we have about you, object to their processing, exercise your right to portability, file a complaint, exercise any of the above-mentioned rights or simply obtain more information about the use of your personal data, please contact Crayonic and its privacy Team at : privacy@crayonic.com

Crayonic will endeavor to find a satisfactory solution to ensure compliance with the Applicable Laws.

In the absence of a response from Crayonic or if you are not satisfied by Crayonic's response or proposal or at any moment, you have the ability to lodge a complaint before the CNIL (the French data protection authority) or with the supervisory authority of the Member State of the European Union of your country of residence.

How do we secure personal data?

In order to ensure the integrity and confidentiality of your personal data, we implement appropriate physical, electronic and organizational procedures to safeguard and secure personal data throughout our Services. 

In particular, Crayonic implements necessary technical and organizational measures, in order to ensure the security and confidentiality of your personal data collected and processed, and particularly, to prevent your personal data from being distorted, damaged or communicated to unauthorized third parties, by ensuring an appropriate level of security with regards to the risks associated with the processing and the nature of the personal data to be protected.

We notably implement the following security measures, among others:

  • Payment Data security: If you provide us with credit card information, such information is encrypted using a secure Internet Trade Protocol (TLS) and sent directly to our Payment Service Provider (PSP). This information is never stored on our server.

  • Awareness program and employee trainings

  • Data encryption in transit and at rest

  • Data centers routinely audited 

  • Data redundancy for resilience in case of disasters

  • Role-based authentication

  • Two-factor authentication of our authorized employees

  • Continuous system monitoring

  • Industry-standard security evaluations

  • Independent third-party security reviews and penetration tests

While we endeavor to provide best-in-class protection for your personal data when you use our Services, please keep in mind that the transmission of information on the Internet is not fully secure.

You remain responsible for keeping your personal credentials, passwords, PIN codes, Payment Data, recovery phrases confidential and secure as Crayonic does not have access to that information.

How do we transfer your personal data outside of the EEA?

Personal data that we collect from you may be stored and processed in, and transferred to, countries outside the European Economic Area (EEA). For example, this could happen if our servers are located in a country outside the EEA or if one of our service providers is located in a country outside the EEA. These countries may not have data protection laws equivalent to those in force in the EEA.

If we transfer personal data outside the EEA this way, we will take the necessary steps to ensure that your personal data continues to be protected in compliance with the Applicable Laws, notably by only transferring your personal data to businesses established in countries recognized by the European Commission as providing an adequate level of protection for your personal data or to organizations with whom we have entered into contractual arrangements to ensure an appropriate protection of your personal data, including the European Commission standard contractual clauses or that commit themselves to applying a code of conduct or a certification mechanism validated by the competent European authorities.

Please note that in light of the “Schrems II” European Court of Justice decision (C-311/18) released on July 16, 2020, invalidating amongst other things the so called “EU-US Privacy Shield arrangement”, Crayonic is currently reviewing, analyzing and will apply guidelines of the European Data Protection Board as of July 24, 2020, in order to appropriately keep on ensuring an adequate level of protection of your privacy and your personal data processed by our service providers established in the USA or outside of the European Economic Area and relying on their Privacy Shield certifications as monitored by the US Federal Trade Commission. We are confident that Ledger’s long-standing security and privacy culture will enable us to identify and apply appropriate solutions to continue serving our clients globally and on both sides of the Atlantic with trust and security and without interruption.

For more information on the safeguards put in place, please contact us.

Miscellaneous

If a court or competent authority considers that any provision of this Privacy Policy (or any part thereof) is invalid, illegal or unenforceable, that provision or relevant part of the provision will, to the extent required, be deemed to be deleted. The validity and enforceability of the other provisions of this Privacy Policy will not be affected.

Unless otherwise agreed, no delay, act or omission by a party in exercising a right or remedy will be deemed a waiver of such right, or of another right or remedy.

This Privacy Policy is governed by and interpreted according to French law. Any dispute arising out of this Privacy Policy will be subject to the exclusive jurisdiction of the French courts.

Changes to our Privacy Policy

We reserve the right to make changes to this Privacy Policy as we deem necessary from time to time or as may be required by law. All changes will be posted immediately on our website and you are deemed to have accepted the new terms of the Privacy Policy when you first use the Services after such changes. Where appropriate, we will notify you of these changes in due time.

In the event Crayonic is the subject of a corporate transaction such as an acquisition or merger with another company, your information may be transferred to the new owners so that we can continue to provide our Services to you. We will, in any case, take steps to protect your privacy.

CRAYONIC 2020