PRIVACY POLICY
Effective from 30 01 2025
This Privacy Policy applies to all customers of First Digital Trade Europe UAB, a company registered in the Republic of Lithuania with registration number 306129492 and registered address at Kaukysos 18-10 011342 Vilnius, Lithuania ("CRH", "CRHMoney.com", "we", "us", "our"). Please read it carefully before providing us with any information about yourself. The protection of your personal data is of paramount importance to us and we are committed to treating it with the utmost care and security.
CRH Money ("CRH Money", "CRHMoney.com") is a trademark of First Digital Trade Europe UAB under license from CRH Royalty S.r.l.
1. Introduction
This policy demonstrates our commitment to transparency and the protection of your privacy rights and sets out the basis on which any personal information we collect from you, or that you provide to us, will be processed by us. It applies to the processing of personal data by First Digital Trade Europe UAB, in relation to:
use of any of our products, services, or applications (collectively, the "Services");
Visit or use our website, CRHMoney.com ("Site") or mobile application ("App").
Please note that our Services, Site, and App are not intended for children under the age of 18, and we do not knowingly collect data from children. For feedback or any privacy requests, please contact us using the details provided at the end of the policy. In order to use our services, you must agree to the terms and conditions of this Privacy Policy in its entirety.
We are committed to:
keep your personal data private and secure;
not to sell the customer's personal data;
allow the customer to manage and review their marketing choices at any time.
2. Who we are
First Digital Trade Europe UAB is the data controller. The data controller is the legal entity that determines the means and purposes of any processing activity that it carries out.
2.1. Data Protection Officer
We have appointed a Data Protection Officer ("DPO") who is responsible for overseeing queries in relation to this Privacy Policy. If you have any questions or complaints regarding this Privacy Policy or our privacy practices, or if you would like to exercise your legal rights, please contact our DPO at [email protected].
2.2 Privacy Complaints
You have the right to lodge a complaint with a supervisory authority about the way we process your personal data. If you are a resident of an EEA (European Economic Area) member state, you have the right to lodge a complaint with the supervisory authority in the EEA member state of your habitual residence, place of work or place of the alleged infringement, or with the Lithuanian data protection authority (Personal Data Protection Commission).
We would, however, appreciate the chance to address your concerns before you turn to a data protection regulator. So don't hesitate to contact us in the first instance.
3. Purpose
This Privacy Policy is intended to provide you with information about why and how we collect and process your personal data. It intends to inform you about your privacy rights and how the data protection principles set out in the EU's General Data Protection Regulation ("GDPR") and post-Brexit privacy law (known as the UK GDPR) protect you.
This privacy policy is intended to be read in conjunction with other notices or policies we may provide at specific times when we collect or process your personal data. This will help you fully understand why and how we use your data. This privacy policy supplements other notices and policies and does not replace them.
4. Personal Data We Collect
"Personal data" means any information about you that can be used to identify you. This data can be:
Contact information: postal address, telephone number, email address.
Identification data: first and last name, date of birth, gender, identification documents (passports, identity cards, driver's licenses, biometrics)
Customer activity information: Using CRHMoney to make purchases.
Financial data: bank account details, payment card details.
Technical data: IP address, browser type and version, time zone settings, operating system and platform.
Usage Data: Information about how you use our Site, Services, and Apps.
Marketing and communication data: marketing preferences, survey responses.
4.1. Data Origin
We collect your personal data from a variety of sources, including:
Direct interactions: when you provide data by filling in forms on our site, or by communicating with us by phone, email or otherwise.
Automated interactions: When we automatically collect technical data through the use of cookies and similar technologies when you use our site.
Third parties or public sources: When we obtain data from fraud prevention agencies, business partners, and public sources.
5. Data security
We take appropriate technical and organizational measures to protect your personal data against loss, misuse, unauthorized access, disclosure, alteration and destruction. These measures include:
Using encryption technologies to protect data during transmission.
Implementing strict access controls to systems and data.
Continuous training of staff on data protection.
Regular monitoring and review of our security practices to address new threats and vulnerabilities.
6. Your rights
You have rights that we need to make you aware of. The rights available to you depend on the reason for which we process your personal data. If you require more detailed information or wish to exercise any of the rights set out below, please contact us.
Right of access: You have the right to request a copy of the personal data we hold about you.
Right to rectification: You have the right to request the rectification of inaccurate or incomplete data.
Right to erasure: You have the right to request the erasure of your personal data in certain circumstances (e.g. when the personal data is no longer needed or you withdraw consent).
Right to restriction of processing: You have the right to request the restriction of the processing of your personal data.
Right to data portability: You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format.
Right to object: You have the right to object to the processing of your personal data on legitimate grounds (e.g. if we process your data to improve our services, you can object if you believe that the processing is not justified in your specific case).
6.1. Exercising Your Rights
To exercise your rights, you can contact us using the contact details provided in the "Contact Us" section of this policy. We kindly ask you to provide the following information to facilitate us in processing your request:
your full name and contact details;
a clear and precise description of the right you wish to exercise;
a copy of a valid ID to verify your identity (e.g., ID card, passport).
We will respond to your requests within one month of receiving your request, as required by the General Data Protection Regulation (GDPR). In exceptional cases, this period may be extended by a further two months if the request is particularly complex or if we receive numerous requests. In such a case, we will inform you of the extension and the reasons for the delay within one month of receiving the request.
We do not charge a fee for exercising your rights, unless the request is manifestly unfounded or excessive. If we do so, we may charge a reasonable fee based on the administrative costs incurred or refuse to comply with your request.
7. Consent processes
We will only use your personal data when applicable legislation allows us to do so. In other words, we need to make sure that we have a legal basis for such use. Most commonly, we will use your personal data in the following circumstances:
Performance of a contract: We use this basis for the provision of our Services.
Legitimate interests: our interests (or those of a third party), where we ensure that we use this basis to the extent that your individual interests and rights do not override those interests.
Compliance with a legal obligation: Processing your personal data where it is necessary to comply with a legal obligation to which we are subject.
Consent: a free, specific, informed and unambiguous indication of your wishes by which, by a statement or a clear affirmative action, you express your consent to the processing of personal data concerning you.
8. Collection of your information
At CRHMoney, transparency is essential when handling your personal information. For this reason, we want to provide you with a clear explanation of how we collect and use your personal data.
8.1. Collection Methods
We collect your personal information in a number of ways, including:
· Direct Interactions: When you request or use our services, register to use our website or applications, or interact with us via phone, email, online chat, or other communication channels.
· Automated means: When we collect information automatically when you visit our websites through the use of cookies and other similar technologies. For more details on the cookies used and their purposes, please read our Cookie Policy.
All information collected is treated in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. We ensure that personal data is collected only for specific, explicit and legitimate purposes, and processed lawfully, fairly and transparently.
8.2. Sources of Collection
In some cases, we may also obtain information about you from third parties, such as credit reference agencies or fraud prevention systems. In such situations, we make sure to comply with data protection regulations and ensure that your rights are adequately protected. For more information about third parties, please see Section 12 ("Third-Party Services Used") of this Policy.
8.3. Processing of Non-Personal Information
In addition to personal information, we may also collect and use non-personal information or anonymize personal information in order to make it non-identifiable. This non-personal information may be used for business purposes, such as analyzing trends and optimizing our services.
8.4. IP Address Management
If IP addresses are considered personal information under applicable local laws, we will treat them as such and handle them in accordance with this Privacy Policy.
8.5. Application to Consumers and Companies
This Privacy Policy applies to both individual consumers and businesses. Regardless of whether you use our Services, Websites, or Apps, we are committed to treating your personal information with the utmost respect. We ensure that your privacy rights are adequately protected in accordance with the General Data Protection Regulation (GDPR) and other applicable laws.
9. Categories of Personal Data
Depending on how you use our Services, Website or App, we may collect, use, store and transfer different types of personal data about you. We've broken this data down into the following categories:
Category of Personal Data |
Specific Examples of Personal Data |
Purpose of the Processing |
Legal Basis for Processing |
Identity Data | First name, last name, date of birth, gender, etc. | Management of user accounts, provision of services, personalization of the user experience, verification of the user's identity. | Performance of a Contract, Legitimate Interest |
Social Identity Data | Company data, connections, etc. | Provision of services, risk and compliance assessment, improvement of services, personalization of offers. | Legitimate interest, consent |
Contact Information | Email address, phone number, etc. | Communications with users, service notifications, customer support, direct marketing (with consent). | Performance of a Contract, Consent |
Financial Data | Bank details, payment card details, etc. | Payment processing, billing, transaction management, fraud prevention. | Performance of a Contract, Legal Obligations |
Transactional Data | Transaction details, source of funds, etc. | Invoicing, transaction monitoring, service improvement, legal compliance. | Performance of a Contract, Legitimate Interest |
Technical Data | IP address, internet connectivity data, etc. | Analysis of site performance, site security, personalization of user experience, anonymous statistics. | Legitimate interest, consent |
Profile Data | Username, password, preferences, feedback, etc. | Personalization of the user experience, management of the user account, communications with users. | Performance of a Contract, Consent |
Usage Data | Information about site usage, interaction time, etc. | Trend analysis, site optimization, service improvement, personalization of offers. | Legitimate interest, consent |
Marketing and Communication Data | Marketing preferences, survey responses, etc. | Sending marketing communications, personalizing offers, conducting market research. | Consent |
Biometric and due diligence data
| Facial data, biometric data.
| Verification against the documents provided, unique identification of the account holder. Processed and stored by Sumsub. More information in Annex 1. | Legal obligation (European PSD2 law) |
9.1. Special Categories of Personal Data
Certain types of sensitive personal data are subject to additional protection under the legislation applicable to you. This data is commonly known as "special categories" of personal data and includes:
Personal data revealing racial or ethnic origin.
Political opinions.
Religious or philosophical beliefs.
Trade union membership.
Genetic and biometric data processed for the purpose of uniquely identifying a natural person.
Health data.
Data concerning the sex life or sexual orientation of a natural person.
As a rule, we do not collect sensitive personal data. However, in case of need, such as for the use of biometric data, we obtain your explicit consent and inform you in advance of the purpose of the collection of such data. Biometric data, such as fingerprints or facial recognition, are used exclusively to improve security and ensure the authenticity of logins. For further details on the biometric data used, please read Annex 1 of this Policy.
9.2. Refusal to Provide Personal Data
If we are required by law or under the terms of a contract to collect your personal data and you refuse to provide it, we may not be able to perform the contract we have or are trying to enter into with you. This may result in the impossibility of providing you with the requested Services. In such circumstances, we may have to cancel a product or service you have with us. We will inform you promptly if this happens.
10. How we use your personal data
We use the information we collect about you for a variety of purposes, including:
Provision of Products and Services: We use your personal data to provide you with the products and services you have requested, ensuring the proper performance of contracts entered into between you and us.
Important Communications: We notify you about any changes to our products or services and improve them based on your feedback.
Account Management: We manage your account and monitor your use of our services to ensure the security and quality of the service.
Service and Customer Support: We communicate with you to answer your questions, provide customer service and support, and alert you to potential issues or updates.
Personalized Offers: We provide information about other products or services that we think may be of interest to you, based on your previous use or stated interests.
Financial Assessment and Fraud Prevention: If you use our financial services, we use your information to assess your financial situation and prevent fraud or abuse of the financial system.
11. Use of Personal Data for Marketing Purposes
Direct Marketing
We may use your identity, contact, technical, transactional, usage and profile data to form an opinion about what we think you may be interested in or may need. This helps us decide which products, services and offers may be relevant to you.
Legal Basis for Processing Marketing Data
Consent: You will receive marketing communications from us if you have requested information, consented to receive marketing communications, or if you have purchased from us and have not opted out of receiving such communications. We will only use your marketing and communication data if we have obtained your explicit consent.
Legitimate Interests: In some cases, we may use your personal data for marketing purposes based on our legitimate business interests, ensuring that these are not overridden by your rights and freedoms.
Consent for Direct Marketing
We will ask for your explicit consent to use your personal data for direct marketing purposes. This consent can be given, for example, by selecting a checkbox when registering or during other interactions with us. You can withdraw your consent at any time by contacting us via the details provided in the "Contact Us" section of this Policy or by using the opt-out links in our marketing communications.
Rights of the Data Subject Relating to Direct Marketing
You have the right to:
Objection: You may object at any time to the processing of your personal data for direct marketing purposes. Once you have exercised this right, we will no longer process your personal data for such purposes.
Withdrawal of Consent: You can withdraw your consent at any time without having to provide a reason. This will not affect the lawfulness of processing based on consent before its withdrawal.
Access and Rectification: You can access your personal data used for marketing purposes and request that it be rectified if you believe it is inaccurate.
11.1. Third-Party Marketing
We will obtain your explicit consent before sharing your personal data with third parties for marketing purposes. We will not share your data with any third party unless you have expressly consented to such sharing.
If you decide that you no longer wish to receive marketing communications from us or from third parties with whom we have shared your data (with your consent), you may exercise your rights by contacting us directly or by using the opt-out links provided in each marketing communication.
Our Site, Apps, and applicable web browsers may include links to third-party websites, plug-ins, and applications ("Third-Party Sites"). By clicking on those links or enabling those connections, third parties may collect or share data about you. We do not control these Third-Party Sites and are not responsible for their Privacy Notices and policies. When you leave our Site or Apps, we encourage you to read the Privacy Policy of each Third Party Site you visit or use.
12. Third-Party Services Used
To provide specific features of our products and services, we use the following third-party services. Your privacy is important to us, and we are committed to ensuring that all personal data shared with these Services is treated in accordance with applicable privacy laws:
Intercom: Used for chat and customer support, answering your questions and providing assistance. To consult the Privacy Policy use this link: https://www.intercom.com/legal/privacy .
Sumsub: Used for KYC (Know Your Customer) to ensure security and regulatory compliance. To consult the Privacy Policy use this link: https://sumsub.com/privacy-notice-service/ .
SendGrid: Used as an email processor to manage email communications with our users. To consult the Privacy Policy use this link: https://sendgrid.com/en-us/resource/general-data-protection-regulation-2 .
Twilio: Used as an SMS service for important communications and SMS notifications. To consult the Privacy Policy use this link: https://www.twilio.com/en-us/legal/privacy/website .
Firebase: Used for user authentication to ensure secure access to our services. To consult the Privacy Policy use this link: https://firebase.google.com/support/privacy?hl=it .
Google Cloud: Used for certain features and data storage. To consult the Privacy Policy use this link: https://cloud.google.com/privacy .
These services are essential to support various functions of our products and services.
We encourage you to read the respective privacy policies of these services to understand how they process your personal data. Sharing data with these providers is strictly necessary to provide and improve our services, and we are committed to working only with providers who maintain high standards of data protection.
13. Use of your personal data for Other Purposes
We will only use your personal data for the purposes for which we collected it, unless we reasonably believe that we need to use it for another reason that is compatible with the original purpose. If you would like an explanation of how the treatment for the new purpose is compatible with the original one, please contact us.
14. Sale or Transfer of Business
We may need to process your personal data in the course of trading or in connection with any merger, financing, acquisition, bankruptcy, dissolution, transaction or proceeding involving all or a portion of our stock, business or assets. Such processing will be based on our legitimate interests in carrying out the transaction or to comply with our legal obligations.
15. Communication of Personal Data
We will not disclose your personal information to anyone, except as described in this policy. We may share your personal information with other companies in our Group or with our business partners. Your personal information (e.g., full name and email address) may be shared with the recipient/sender of a payment in the context of the specific relevant transaction. This may involve transferring your personal data outside of the European Economic Area (EEA) or the United Kingdom.
We may share your personal information with third parties to provide our products and services to you, including service providers, credit reference agencies, and financial institutions. We may also share your personal information with regulators and third parties to prevent crime, reduce risk, respond to legal process, investigate violations of terms of trade, or protect the rights and property of CRHMoney, our customers, or others.
16. International Data Transfers
The information we collect may be transferred to, stored and processed in countries outside the European Economic Area (EEA). These countries may have different data protection standards than your country of residence. However, we are committed to ensuring that your data is treated securely and in accordance with applicable data protection laws.
Credential Security
If we have provided you with (or you have chosen) a password, access code or any other secure means of accessing parts of our site, it is important that you keep these credentials confidential. Don't share them with anyone. You are responsible for the activities that occur under your credentials and authorize CRHMoney to act on the instructions and information received from anyone using your credentials.
Security of Data Transmission
The transmission of information via the Internet is not completely secure. We will do our best to protect your personal information, but we cannot guarantee the security of any data transmitted to our site. Once we receive your information, we will take strict measures and security features to prevent unauthorized access.
17. Data Retention
We only retain your personal data for as long as necessary to achieve the purposes for which we collected it. To determine the appropriate shelf life, we consider various factors, including:
Quantity, nature and sensitivity of data: we evaluate how delicate and relevant the data we have are.
Potential risk: We consider the risk of harm from unauthorized use or disclosure of data.
Purposes of processing: We only keep data for as long as it is necessary for the purposes for which we process it.
Available alternatives: We check if we can achieve the same goals with different methods.
Legal requirements: We comply with laws that require us to retain data for specific periods.
Here are some examples of how we apply these principles:
Complaint management: We retain data to handle any complaints.
Possibility of litigation: We retain data if we think it may be necessary to defend against any legal claims.
Legal obligations: We comply with specific regulations, such as EU and UK anti-money laundering regulations, which require us to keep your data for 5 years after the end of the relationship.
Audit and compliance: We retain data that is necessary for audit and compliance purposes.
Abuse prevention: We retain data to prevent abuse during and after our promotions.
You have the right to ask us to delete your personal data under certain conditions. See the section on your legal rights for more information. We will only honor your request for deletion if it meets the conditions required by law.
18. Use of Cookies
We use cookies and similar technologies to improve your experience on our Services and Site. Cookies are small data files that are sent to your browser by a web server and stored on your device. These cookies enable our Site to function properly and help us better understand how users interact with our Site and Services.
You can set your browser to refuse all or some cookies, or to alert you when websites set or access cookies. However, if you disable or reject cookies, please be aware that some parts of our Services or Site may become inaccessible or not function properly.
We use different types of cookies:
Strictly Necessary Cookies: These cookies are essential for the operation of our Site and Services. Without them, some services may not be available.
Performance Cookies: These cookies allow us to monitor and improve the performance of our Site. For example, they help us understand which pages are most popular and how visitors navigate the Site.
Functionality cookies: These cookies allow us to remember your preferences and provide enhanced functionality. For example, they can be used to remember your language preferences.
Targeting cookies: These cookies are used to deliver advertisements that are more relevant to you and your interests. They can also be used to limit the number of times you see an advertisement and to measure the effectiveness of advertising campaigns.
We take appropriate security measures to protect the data collected through cookies and other similar technologies. By using our Site and Services, you consent to the use of cookies in accordance with our Cookie Policy.
For more information on the cookies we use and how to manage them, please see our Cookie Policy: cookie policy link
19. Updating the Privacy Policy
We reserve the right to update this privacy policy from time to time. Any changes will be posted on this page, and if the changes are significant, we will notify you by email or other appropriate means. We encourage you to review this policy regularly for updates.
20. Contact Us
If you have any questions or requests regarding this privacy policy or would like to exercise your rights, you can contact us at:
E-mail: [email protected].
Postal:
21 Collection and processing of data by Sumsub :
Full text : https://sumsub.com/privacy-notice-service/ ( English )
CRHMoney uses the Sumsub product for the identification of the Sumsub product in accordance with the law, of which it integrates into the code the SDK that performs multiple types of automated processing. Data processing activities processes personal data for the execution of the Agreements, including the Services indicated, the obligations arising from the Agreements and the related rights, as well as for the execution of rights and the fulfillment of obligations deriving from legal acts and for the processing of User requests.
CRHMoney via the Sumsub compliance service: Data Processing Activities collects and processes User data on behalf of Clients, which may include compliance issues with applicable AML/CFT laws and regulations and/or other laws and regulations and/or the internal due diligence procedures of the Client's clients.
[b] Other purposes
We may process your data for purposes that serve CRHMoney's legitimate interests via the Sumsub compliance service: Data processing activities, which include the following purposes:
When not prohibited by applicable laws and provided that we have permission from our Customers, we may process certain personal data, including biometric data, to develop and improve identity verification services to prevent and detect fraud and other illegal activities as part of a substantial public interest via machine learning.
Given the nature of our Services, we must detect and prevent criminal activity, fraud, and money laundering by verifying the data you provide against confirmed or suspected records of illegal activity, fraud, or money laundering. If there are any signs to this effect, we will inform our Clients.
In connection with the above purpose, we may also conduct profiling, statistical and analytical analysis regarding AML/CFT trending, fraud detection and prevention. Our system may aggregate User data to generate reports and charts that our Customers can use in assessing the likelihood of risk associated with specific characteristics.
5. Data processing activities
CRHMoney through the Sumsub Compliance Service : Data Processing Activities carries out multiple types of automated processing, including, but not limited to, collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Document control
For fraud detection, CRHMoney via the Sumsub Compliance Service : Data Processing Activity subjects personal data from photos and scanned copies of documents to automated reading and authenticity verification by performing various checks, such as completeness of records, detection of screenshots, or comparison of all data from all submitted documents (e.g. name, date and place of birth, signature). We also verify the security features of the document, including the integrated security chip, optical reading zone (MRZ), barcodes, QR codes, and other security components used for genuine data validation. Our system analyzes the results to make an inference about the reliability of the document.
Biometric processing methods
CRHMoney via the Sumsub Compliance Service: Data Processing Activity may process biometric data to check if the facial images provided match, depending on the Service chosen by a particular Customer. Biometric data processing means extracting facial features from facial images uploaded or recorded on government-issued identity documents and comparing them.
Video identification processing
Usually, video identification is a process in which the person to be identified and an operator come face-to-face in a video broadcast and communicate with each other. The process is carried out if a Client has a legal obligation to do so (e.g., due to AML/CFT regulation). To perform video identification, we provide the functionality for Customers to conduct a video interview with Users during onboarding.
Data validation
These data validation checks allow Customers to verify data against third-party data providers' databases and detect whether a User is involved in illegal activities, money laundering or terrorist financing. To do this, we will check the data extracted from documents uploaded or provided by you against a database of third-party data providers.
Know Your Transaction or KYT Control
The KYT check is a check that analyzes transaction data related to senders and receivers. It allows Customers to detect and report unusual/non-characteristic behaviors or patterns that are characteristic of money laundering, terrorist financing, fraud, or other illegal activities.
Know Your Business or KYB Control
If a Client subscribes to KYB control, it requires us to verify the existence, details, ownership and control structure (e.g., the last beneficial owner) of a legal entity through the analysis of corporate records and the review of business records, where available.
Crypto Travel Rule Solution
Clients may order this check to comply with their legal obligations under AML/CFT legislation. This requires the Virtual Activity Service Provider, or VASP, which may be our Client, to obtain, verify, store and exchange the particular information of the sender and receiver of the transaction with their counterparty VASPs during or prior to the transaction.
Fraud detection
CRHMoney through the Sumsub Compliance Service : Data Processing Activities implements a fraud detection and control network based on the fraud controls required by our Customers and those included in our Services by default (e.g., the use of Photoshop or the calculation of risk triggers). Such controls require the collection, analysis, and reuse of your recorded data.
Service development
Our Clients use our Services to detect whether a real person is going through the identity verification process, as well as any impersonation or spoofing attempts, to prevent money laundering, terrorist financing, fraud, and other activities considered to be in the public interest. For this reason, as a service provider, we are responsible for providing the highest quality services. For this reason, where we have the permission of our Customers and it is not prohibited by applicable law, as a Data Controller we use personal data to develop and improve our Services by building and improving algorithms, developing and testing new verification options, products and services.
6. Types of personal data processed by CRHMoney through the Sumsub compliance service: Data processing activities
We may collect and process the following personal data of Users depending on the particular Service provided to Customers:
Categories of personal data | Examples |
General Personal Data | Full name, gender, personal identification number or number, date of birth, legal capacity, nationality and citizenship, location (street, city, country, and postal code). |
Identity document data | Document type, country of issue, number, expiration date, MRZ, information embedded in the document's barcodes (may vary depending on the document), security features. |
Facial image data | Facial photos (including selfie images) and photos or scans of the face on your ID, videos, and sound recordings. |
Biometrics | Facial features. |
Bank details | Cardholder name, expiration date, first 6 and last 4 digits of the card number. |
Contact details | Address, email address, and phone number. |
Health data | COVID passport ID number, passport issue date, name, date of birth, test result. |
Transaction data | Full name of the sender and receiver, address of the sender and receiver, unique identifier of counterparties provided by CRHMoney via the Sumsub compliance service: Data processing activities and by the particular Client. |
Crypto transaction data | Full name of the sender and recipient, physical (geographical) address of the sender, or national identification number, or customer identification number that uniquely identifies the sender at the ordering institution, or date and place of birth, recipient's account number (e.g., wallet address), hash of the wallet address, asset, chain, creation and update dates, VASP owner ID, source type, source provider, customer ID. |
Technical data | Information regarding the date, time, and activity on the Services; IP address and domain name; software and hardware attributes (e.g., camera name and type); general geographic location (e.g., city, country) from your device. |
Geolocation data | IP address. |
Unique identifier | Applicant ID created only to identify the User in the CRHMoney system via the Sumsub compliance service: Data Processing Activities. |
Publicly available data | Information regarding a person's status as a Politically Exposed Person (PEP) or presence on sanctions lists. |
Additional information | Data provided by the User during communication with CRHMoney via the Sumsub compliance service: Data processing activities (e.g., requests, reports). |
Device behavioral data | User ID, device fingerprint data (screen size, user agent, browser, incognito mode, device type, operating system, geolocation), screen resolution, session languages, OS verification, window focus/blur, time of day, focus in/out, paste, mouse movement, battery usage to detect emulators, detect touch/mouse/keystroke events, G meter/AccelMeter. |
17. Communication of data
[a] Third parties
If the Customers agree, CRHMoney via the Sumsub compliance service: Data Processing Activities may use third parties for data processing activities, which include the following categories:
Third-party sub-processors as reasonably necessary for the provision of a service under an Agreement with a respective Customer that commits them to process certain data;
Data Providers when they are supposed to be used for the provision of the Service under an Agreement with a respective Customer; and
CRHMoney Group via the Sumsub Compliance Service : Data processing activities of companies for assistance in the provision of the service and CRHMoney's EU representative via the Sumsub Compliance Service : Data processing activities to ensure the possibility for Data Subjects and the supervisory authority to contact CRHMoney via the Sumsub compliance service : Data processing activities within EU borders for the purposes of Article 27 of the EU GDPR.
CRHMoney via the Sumsub compliance service: Data processing activity requires third parties to respect the security of personal data and to process it according to applicable law. In addition, third parties are mostly limited to accessing or using personal data only to provide services to CRHMoney via the Sumsub Compliance Service: Data Processing Activities and must provide reasonable safeguards that they will adequately safeguard the data in line with Provision 14[d] of this Notice.
19. International data transfers
CRHMoney via the Sumsub Compliance Service : Data Processing Activities confirms that all personal data is stored on CRHMoney's servers via the Sumsub Compliance Service : Data Processing Activities located in the EU and/or subject to any national localization requirements in the respective countries, where such requirements exist. Customers may choose the location of the processing of personal data (including storage) to comply with applicable laws.
Where it is necessary for the provision of the Service or to ensure convenient and reliable communication with Data Subjects, CRHMoney via the Sumsub Compliance Service: Data Processing Activities transfers personal data outside of the EU/EEA, the United Kingdom or other jurisdictions (if applicable) to the third parties and recipients set out in Provision 17 of this Notice.
Whenever a transfer of personal data is made outside of the EEA or the UK, CRHMoney via the Sumsub Compliance Service : Data Processing Activities implements appropriate safeguards as set out in Chapter V of the EU GDPR or the UK GDPR by transferring on the basis of an EU Adequacy Decision (or the UK Adequacy Regulations) or concluding Standard Contractual Clauses. Third-party sub-processors are also based on appropriate warranties, which include binding corporate rules, Standard Contractual Clauses or other legal bases. Cross-border transfers of personal data from the UK to EU/EEA countries are permitted by the UK government