Last updated on Aug 08, 2022
Who we are and what this document is about
Why we collect personal data
CC Token acts as a data controller in cases when you visit our Website, fill forms on Website, communicate with us, etc. All the personal data we process is lawfully obtained and on a legal basis. We collect personal data for specific purposes and we will use the collected data for the specified purpose only. For example, if you fill out a form to request more information about one of our products, we will use your contact data to send the requested product information to you. If our relationship changes, we may need more information.
Here is a list of the purposes for which we will request or use your data:
• Provision of the access to the Website in accordance with Terms and Conditions;
• Sharing relevant information about our products and services;
• Operation, protection, improvement and optimization of the Website, our services, business and user’s experience, such as performance of analytics;
• Providing customer support to potential or existing clients;
• Detecting and combating fraudulent or unlawful activity;
• Compliance with applicable laws, lawful requests and legal process, such as respond to requests from governmental authorities.
What personal data we collect
The exact type of data we collect depends on your Website use. We never collect more data than we need and may ask for additional data at the appropriate time.
Data we receive from you
Information you provide directly - your personal data as a Website user, received from you when you subscribe to our newsletter or sent a request to our support team. This personal data may include email address, you name, other information that you provide directly.
Information we collect automatically as a result of the Website use – that information may usually include IP address of your device, information about the operating system and browser, and your activities on our Website. These are not linked to any information that is personally identifiable.
Data we receive from third parties
When you enter the Website using your third-party service credentials (e.g. Google account), this service may send us your data associated with the credentials you used. We do not control and are not responsible for how these services provide information about you and process your personal data.
Cookies and similar technologies
Communication, engagement and actions taken through external social media platforms that Website or our company participates on are custom to the terms and conditions as well as the privacy policies held with each social media platform respectively. You are advised to use social media platforms wisely and communicate / engage upon them with due care and caution concerning their own privacy and personal details. We will not ever ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels.
How personal information is used
We use personal data in various ways that are necessary to provide you with access to the Website, protect our legal interest, and as a necessity in order to comply with applicable law. Personal data can also help us to improve our services and products.Our legal basis for collecting and using the personal data will depend on the personal data concerned and the specific context in which we collect it. We do not generally rely on your consent to allow us to process your personal data if there is another lawful ground available. If we do rely on your consent, we will make this clear to you at that time. As well, we do not use automated individual decision-making.
Purpose and manner of personal data collection and use
We collects and processes personal data in accordance with the provisions of applicable data protection laws, including the European Union General Data Protection Regulation (EU GDPR) and other EU regulations in force.
Your personal data are processed only on the basis of your approval a free and express consent to process your personal data for the purposes related to the use of the Websites. Your consent for the collection and processing of your personal data for a given purpose shall be requested when completing the appropriate form published on Website.
All collected data are electronically stored, and appropriate measures and procedures are applied in order to prevent unauthorized access, maintain the level of personal data protection, and use the data collected online in an appropriate manner.
We process your personal data as necessary for legitimate interests, which include the following:
• to administer our Website to better understand how visitors interact with the Website and to ensure that it is presented in the most effective way for you and your device;
• to develop and improve our Websites;
• to share personal data among our affiliated businesses for administrative purposes and in relation to our sales and marketing activities, except where we require your consent;
• for internal business or technical operations, including troubleshooting, data analysis, testing, research, and as part of our efforts to keep our Website secure;
• protect our rights, safety or property, and/or that of our affiliated businesses, you or others;
• enforce or defend legal rights, or prevent damage.
We may send you marketing emails about our services and products, including information about events and other promotions we feel may interest you. We will only send such emails with your consent, which was given at the time you provided us with your personal data. You can opt-out of receiving marketing communications at any time by clicking “unsubscribe” in one of the emails.
Modification and deletion of personal data
You are legally entitled to request modification or deletion of your personal data, or deletion from the registered user database at any time. Modification or deletion of data shall be effected on the basis of an appropriate notice addressed to the contact identified on the Websites.
Personal data retention periods
We will keep your personal data:as required by law or as necessary for legitimate business purposes, i.e. for tax, legal, accounting, fraud or abuse prevention and/or other purposes;any personal data held by us for marketing notifications will be kept by us until such time that you notify us that you no longer wish to receive this information.
International data transfer
Your personal data will be hosted and stored using servers that are located in the United Kingdom.
We may also transfer your personal data to recipients outside of the EEA and/or the UK. Some of these recipients are located in countries in respect of which either the European Commission and/or UK Government (as and where applicable) has issued adequacy decisions, in which case, the recipient's country is recognized as providing an adequate level of data protection under UK and/or European data protection laws (as applicable) and the transfer is therefore permitted under Article 45 of the GDPR. Some recipients of your personal data may be located in countries outside the EEA and/or the UK for which the European Commission or UK Government (as and where applicable) has not issued adequacy decisions in respect of the level of data protection in such countries (e.g. the United States). When we transfer your personal data to a recipient in such state without adequacy decision, we will either:
• enter into appropriate data transfer agreements based on the EEA or UK Standard Contractual Clauses (as applicable); or
• rely on other appropriate means permitted by the EEA/UK GDPR, which establish that such recipients will provide an adequate level of data protection and that appropriate technical and organizational security measures are in place to protect personal data against accidental or unlawful destruction, loss or alteration, unauthorized disclosure or access, and against all other unlawful forms of processing.
Who we share personal data with
We only share personal data in ways that we tell you about. We do not sell or rent personal data to the third parties and we do not share personal data with third parties that are not owned by us, under our control or direction, or in a direct business relationship with us except as described in this policy.
• We share personal data with service providers that help us with our business activities (including hosting providers, e.g. Space Galleon, email service providers, marketing providers, e.g. Elfsight). They only are authorized to process that information as necessary and as directed by us;
• We may share personal data with our affiliated businesses. Our affiliated businesses will only use your data for the purposes for which we originally collected this data;
• We may share collected data If we are involved in a merger, reorganization or other fundamental corporate change with a third party, or sell/buy a business unit to/from a third party, or if all or a portion of our business, assets or stock are acquired by a third party, with such third party including at the due diligence stage;
• We may be required to disclose personal data to comply with a legal obligation and/or judicial or regulatory proceedings, a court order or other legal process or to protect us or our contractors against loss or damage. This may include, but is not limited to, exchanging information with the police, courts or law enforcement organizations. We will take commercially reasonable steps to inform you as part of these processes (if any).
How we protect your personal data
We employ a variety of measures to safeguard the collection, transmission, and storage of the information we collect. These measures vary based on the sensitivity of the information that we collect, process and store and the current state of technology. Even so, no security measure is 100% perfect.Notwithstanding the foregoing, to protect your personal data we have the physical, electronic and procedural means of protection in accordance with international standards. We use encryption to keep your data confidential during transfer. We review, verify and update our methods for collecting, storing and processing information, including physical security measures, to prevent unauthorized access to our systems. We provide access to personal data only to our employees who need this information to process it. Anyone who has such access is subject to strict contractual obligations regarding confidentiality and may be subject to disciplinary action if he does not fulfil these obligations.
Children and special categories of personal data
The Website are not intended for use by children under 16 years of age. If you are under the age of 16 you should not try to register an account or provide us with any personal data. We do not collect any personal data from such individuals. We do not collect any special category of personal data, such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or a natural person’s sex life or sexual orientation, etc.If we become aware that we have collected children’s or special category of personal data, depending on the circumstances, we will delete this information from the moment we become aware of it. If you have reason to believe that we have collected such personal data, inform us immediately.
Specific user rights
If you are located in the EEA, among others, you have the following rights in relation to your personal data:
• Right to access: at any time, you can ask us about what personal data we have, what we do with it, why we process it, who we have told about you, etc. You also can ask us to give you a copy of the personal data processing, if you like. To request access, send us an email at firstname.lastname@example.org with the subject line "Access Request".
• Right to rectify: at any time, you update your personal data if the data is incomplete, outdated, incorrect, etc. In order to do so, each user can view, manage and/or update his/her personal data in the Account settings.
• Right to erasure: at any time, you can ask us to delete all the personal data that we have about you – it is your right to be forgotten, like if we have never met before. We will also deactivate your account. If you do so, you will no longer have access to your account.
• Right to restriction of processing: for example, if you think that your personal data is not accurate and we need time to check it, we can make a pause in processing your personal data enough to clarify, is it so or not. If you do not request deletion, then it is possible to request the reactivation of your account if it was accidentally or wrongfully deactivated. Please, note that we cannot restore permanently deleted accounts.
• Right to withdraw consent: at any time, you can withdraw your consent, if we rely on your consent to process your personal data. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent.
• Right to object: at any time, you can tell us to stop and we will no longer process your personal data, but we can still process them if we are relying on a legitimate interest to process your personal data and demonstrate compelling legitimate grounds for processing.
• Right to data portability: if you wish, you can ask us to download (export) all personal data that we have in the format acceptable to give it to someone else or ask us to give them your data directly.
• Right not to be subject to an automated decision: if we process your personal data automatically and we make some decisions according to it, and it affects you in any serious way, you can express your point of view and contest such decision.
• Right to lodge a complaint with a supervisory authority: you can always complain about us and about the way we process personal data, you can report it to any competent data protection authority of an European Union member state that is authorized to hear such concerns. If you wish to exercise any of these rights, please contact us.
If you are a resident of the California, US, you have the data protection rights in a volume not less than that indicated in the California Consumer Privacy Act (CCPA).
Please note that some of these rights may be limited where we have an overriding interest or legal obligation to continue to process the personal data or where certain exemptions apply. If we decline your request, we will tell you why, subject to legal restrictions.
To exercise any of these rights, please contact us using the contact details provided in this policy. We may request specific information from you to help us confirm your identity and process your request.
Changes to our policy