logo

Privacy

Privacy Policy

1. General Notice

Based on Article 13 of the Swiss Federal Constitution and the Swiss Federal Data Protection Act („DSG“), every person is entitled to the protection of their privacy and to protection against the misuse of their personal data. The operators of these pages take the protection of your personal data very seriously.

Personal data refers to all information relating to an identified or identifiable natural person. When you register with critto and use our services or visit our website, we process your personal data as described in this privacy policy, in accordance with legal data protection regulations. We treat your personal data confidentially and in accordance with legal data protection regulations as well as this privacy policy.

2. Data Security

All data stored with us or our hosting provider is protected against unauthorized access, loss, and alteration or falsification using current security standards. Extensive technical and organizational security measures are applied at a standard that complies with legal requirements. However, we would like to point out that data transmission over the Internet (e.g., when communicating via email) can have security vulnerabilities. Complete protection of data from access by third parties is not possible.

3. Responsibility

Responsible for data processing in terms of data protection law is: critto Technologies GmbH

Lindenmatt 22, 6343 Rotkreuz, Switzerland

Email: [email protected]

Website: www.bit-now.com

Authorized Managing Director: Antonio Svetec

4. Data Processing on Our Website

General

By using this website, you agree to the collection, processing, and use (referred as „processing“) of data as described in the following description. critto collects and analyzes all actions on its websites, in its APIs, and applications for the purposes of security, system monitoring, administration, marketing, and compliance with the legal and regulatory requirements to which critto is subject. critto will store this information under the appropriate security requirements for a limited period in accordance with privacy regulations.

Data Storage

According to Art. 7 (3) Swiss Anti-Money Laundering Act (AMLA), we store personal data for ten years after determination of a business relationship or after completion of an transaction.

Data Disclosure

critto will not disclose your personal data to third parties, except in the following circumstances:
a. For combating money laundering and terrorist financing in accordance with the Swiss Federal Law on Combating Money Laundering and Terrorist Financing („GwG“), the Swiss Regulation on Combating Money Laundering and Terrorist Financing („GwV“), the FINMA Anti-Money Laundering Ordinance („GwV-FINMA“), and the Quality Assurance Association for Financial Services („VQF“).
b. The verification of the customer's identity and the authentication of the customer's identification documents to fulfill regulatory necessity by a specialized external service provider. This leads to the capture and temporary storage of customer data by this service provider in accordance with legal requirements.
c. For providing the option to purchase Digital Assets by funding the purchase through a Virtual IBAN. If this option is selected by the client, personal data - such as first and last name, email address, phone number, residential address - are processed and stored by the corresponding external service provider.
d. For providing customer support for the bit-now website using an external service provider. In executing support activities, personal data - such as first and last name, email address, telephone number, IP address, and payment information - are processed and stored by this external service provider.
e. For maintaining and managing the bit-now website to the necessary external service providers. In cases where the use of an external service provider is required, critto ensures that the external service provider fulfills the same duties of care as critto with regard to data protection and data security.

Privacy Policy for Cookies

This website uses cookies. These are small text files that allow specific user-related information to be stored on the user's device while using a website. Cookies make it possible, in particular, to determine the frequency of use and the number of users of the pages, to analyze user behavior on the page, in order to make the offer more user-friendly. Cookies are stored beyond the end of a browser session and can be accessed again when visiting the site again. If you do not wish for this, you should set your internet browser to refuse the acceptance of cookies.

A general objection to the use of cookies used for online marketing purposes can be declared for many services, especially in the case of tracking, via the US-American site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by disabling them in the browser settings. Please note that not all functions of our offer may be usable if you do so.

Privacy Policy for SSL/TLS Encryption

To protect the transmission of confidential content, such as inquiries you send to us as the website operator, our website uses SSL/TLS encryption. An encrypted connection can be recognized by the change of the browser's address line from „http://“ to „https://“ and by the lock symbol in your browser line.

When SSL/TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Data Transmission Security (Without SSL)

Please note that data transmitted over an open network such as the Internet or an email service without SSL encryption can be viewed by anyone. An unencrypted connection can be recognized by the browser's address line displaying „http://“ and no lock symbol appearing in your browser line. Information transmitted over the Internet and content received online may potentially be transmitted through third-party networks. We do not guarantee the confidentiality of communications or documents transmitted over such open networks or third-party networks.

When you disclose personal data over an open network or third-party networks, you should be aware that your data may be lost or potentially accessed by third parties, who could collect and use the data without your consent. While individual data packets are often transmitted encrypted, the sender's and recipient's names are not. Even if the sender and recipient reside in the same country, data transmission through such networks frequently occurs without controls, including through third countries, i.e., countries that do not offer the same level of data protection as your country of domicile. We do not assume responsibility for the security of your data during transmission over the Internet and disclaim any liability for indirect and direct losses. We recommend using alternative means of communication if you deem it necessary or reasonable for security reasons.

Despite extensive technical and organizational security measures, data may still be lost or intercepted and/or manipulated by unauthorized parties. We take appropriate technical and organizational security measures within our system to prevent this to the extent possible. However, your computer is outside the security area that we control. It is your responsibility as a user to inform yourself about necessary security precautions and to take appropriate measures. As a website operator, we are not liable for damages that may result from data loss or manipulation.

Data provided in online forms may be passed on to commissioned third parties for order processing and may be viewed and, if necessary, processed by them.

Temporary Usage Data (Server Log Files)

With each use of our website, we process connection data that is automatically transmitted to enable you to visit the website. This connection data includes meta and communication data, website accesses, and other data generated through a website, such as:

● IP address

● Date and time of access

● Name and URL of the accessed file

● Website from which the access originates (referrer URL)

● Used browser and, if applicable, operating system of your computer, as well as the name of your access provider.

The processing of this connection data is absolutely necessary to enable the visit to the website and the platform, and for the general administration of our systems. The connection data is temporarily and minimally stored in internal log files for the purposes described above and is automatically deleted immediately after access.

Third-Party Services

The website uses the following third-party providers:

● Sum and Substance Ltd (UK) for customer verification in compliance with regulatory requirements (https://sumsub.com/privacy-notice-service/)

● Tidio LLC (US) for the live chat function (https://www.tidio.com/privacy-policy/)

● Striga Technology OÜ (registry code: 16298772, address: Sepapaja 6, Tallinn, Estonia) for purchasing Digital Assets by funding the purchase through a Virtual IBAN.

Data Processing for Third-Party Services

In case of purchasing Digital Assets by funding the purchase through a Virtual IBAN, critto Technologies GmbH processes data on instructions of Striga Technology OÜ. For processing any additional customer's data, critto Technologies acts as the data controller.

Data Processing to Countries outside Switzerland & EU/EAA

Occasionally, we may need to transfer personal data to countries outside the European Economic Area (EEA) or not covered by European Commission adequacy decisions, e.g. for online verification carried out by Third-Party Services. In these cases, we ensure compliance with data protection regulations by relying on legal bases and implementing safeguards, such as agreements with recipients or Standard Contractual Clauses approved by the European Commission.

5. Personal Data processed by critto

Personal Attributes for Verification

To verify your identity, we process several personal attributes that are legally required, e.g. your full name, date of birth, identity document data, identity document number, citizenship, residential address, facial image on photo or video and documents serving as proof of address.

Contact Details

To provide our services and for communication purposes, we process your email address and if required phone number.

Regulatory Required Data

According to the regulatory requirements, we process your occupation, PEP status, sanction status and other relevant information that are publicly available.

Financial/Payment Data

To provide our services, we also process your bank account number, your digital asset wallet address, documents serving as Source of Funds or Source of Wealth and if applicable your vIBAN number.

Transaction Data

We monitor your transactions. Therefore, we process your transaction history including initiated, cancelled, refunded and completed transactions.

6. Contact

You have various ways to get in touch with us, such as via email through the contact form on our website. In this context, we process the data you provide when contacting us (e.g., email address or phone number) solely for the purpose of communication with you.

The data collected from you during contact will be automatically deleted after your request has been fully processed, unless we still need your request to fulfill contractual or legal obligations.

7. Your Rights

You have the right to revoke any consent given to us at any time. This will result in us discontinuing the data processing based on that consent for the future. However, the legality of the processing carried out based on the consent before the revocation will not be affected. You also have the right to correct, block, or delete this data.

Furthermore, you have the right to object to the processing of your data for reasons arising from your particular situation at any time. If the objection pertains to data processing for the purpose of direct advertising, you have a general right to object that we will implement even without providing reasons.

If you wish to exercise your right to revoke or object, a simple notification to the contact details mentioned above is sufficient. However, if you wish to file a complaint, you are entitled to contact the relevant supervisory authority of your country, e.g. in Switzerland the Federal Data Protection and Information Commissioner.

You also have the right to obtain free information about your stored personal data, its origin and recipient, and the purpose of data processing.

To exercise your rights, please send us a simple notification (see Section 3 - Responsibility).

If you wish to file a complaint, you are entitled to contact the relevant supervisory authority of your country, e.g. in Switzerland the Federal Data Protection and Information Commissioner.

You also have the right to obtain free information about your stored personal data, its origin and recipient, and the purpose of data processing.

8. Objection to Third-Party Advertising Emails

The use of contact data published in accordance with legal disclosure requirements for sending unsolicited advertising and information materials is hereby expressly objected to. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, such as through spam emails.

9. Paid Services

To provide paid services, we may request additional data from you, such as account information, to verify your request in accordance with regulatory requirements and, in the event of a positive result, to execute the resulting order. We store this data in our systems within the scope of legal retention periods.

10. Copyrights

The copyright and all other rights to content, images, photos, or other files on the website belong exclusively to the copyright holder. Written consent from the website operator must be obtained in advance for the reproduction of all files.

Anyone who uses a copyrighted work without the written consent of the respective copyright holder is committing an offense and may be liable for damages.

11. General Disclaimer of Liability

Despite careful review, we do not provide any guarantee for the completeness, accuracy, and timeliness of journalistic and editorial information. Claims for liability for damages of a material or immaterial nature caused by the use of the offered information are excluded, unless there is proven intentional or grossly negligent fault.

The website operator may, at its own discretion and without notice, change or delete texts and is not obligated to update the content of this website. Use or access to this website is at the visitor's own risk. The publisher, its clients, or partners are not responsible for damages, such as direct, indirect, incidental, specific, or consequential damages, allegedly resulting from the visit to this website, and consequently, assume no liability.

The publisher also does not assume responsibility or liability for the content and availability of third-party websites accessible via external links on this website. The operators of the linked pages are solely responsible for their content. The publisher expressly distances itself from all third-party content that may be criminally or legally relevant or that violates good manners.

12. Changes of the Privacy Policy

We occasionally update this privacy policy, for example, when we modify our website or services or when legal or regulatory requirements change. The current version published on our website applies. If the privacy policy is part of an agreement with you, we will inform you of any updates by email or other appropriate means.

13. Questions to the Data Protection Officer

If you have questions about data protection, please contact the responsible person mentioned in Section 3 using the provided contact information.

Version: Mai 2024