Explore now

Feb 16, 2025

Privacy Policy

Please read this Privacy Policy carefully before using Our Service.

1. What is this Privacy Notice about?

Cryptal (referred to as "we," "us") collects and processes personal data related to you and other individuals ("third parties"). Throughout this Privacy Notice, we use the term "data" interchangeably with "personal data."

This Privacy Policy outlines how we handle your data when you use cryptal.ai or any of our associated websites or applications (collectively referred to as the "website"), when you access our services or products, interact with us in connection with a contract, communicate with us, or otherwise engage with us. When necessary, we may provide additional notices at the time of data collection to address any processing activities not specifically covered in this Privacy Policy. Additionally, we may inform you about data processing separately through consent forms, terms and conditions, supplemental Privacy Policies, forms, or other disclosures.

If you disclose personal data to us or share personal data about other individuals, such as family members or colleagues, we assume that you are authorized to do so and that the data provided is accurate. By sharing personal data about others, you confirm that you have the necessary authority and that these individuals have been informed about this Privacy Policy.

2. What data do we process?

We process various categories of data about you. The main categories of data include the following:

Technical data

When you use our website or other online services, we collect the IP address of your device along with other technical data to ensure the functionality and security of these services. This includes logs that record system usage. We generally retain technical data for one month. To enhance the functionality of our services, we may assign an individual identifier to you or your device, such as a cookie (see (Section 10). While technical data alone does not reveal your identity, it may be linked with other categories of data, including user accounts, registrations, access controls, or contractual performance, which could potentially identify you.

Registration data

Certain features, such as competitions and services (including login areas of our website, newsletters, etc.), require a user account or registration. This can be done directly with us or through third-party login service providers. In such cases, you must provide certain data, and we collect information about your use of the service. If you redeem a voucher issued by us, we may require additional data at the time of redemption. If we issue a voucher on behalf of one of our contractual partners, we may share or receive some of your registration data with the relevant partner (see Section 6). Registration data may also be necessary for access control to certain facilities, which may include biometric data, depending on the control system used. We generally retain registration data for 12 months after the last use of the service or the closure of the user account.

Communication data

When you contact us via a contact form, email, telephone, chat, letter, or any other communication method, we collect the exchanged data, including your contact details and communication metadata. If we need to verify your identity, such as in a request for information or press access, we may collect data for identification purposes (such as a copy of an ID document). Communication data is generally retained for 12 months from the last interaction. However, this period may be extended if required for evidentiary purposes, legal or contractual compliance, or technical reasons. Emails in personal mailboxes and written correspondence are typically stored for at least 10 years. Chat records are usually kept for two years.

Master data

Master data refers to basic information necessary for managing our contractual and business relationships or for marketing and promotional purposes. This includes your name, contact details, role and function, bank details, date of birth, customer history, powers of attorney, signature authorizations, and declarations of consent. We process master data if you are a customer, business contact, or representative of a business partner, or if we intend to reach out to you for our own or a contractual partner's purposes (e.g., marketing, event invitations, vouchers, newsletters, etc.). We obtain master data directly from you (e.g., during a purchase or registration), from your employer, from third parties such as contractual partners, industry associations, and address brokers, as well as from public sources like registers, websites, and social media. We may also collect master data from our shareholders and investors. Master data is generally retained for 10 years after the last exchange or contract termination. This period may be extended for evidentiary purposes, legal compliance, or technical reasons. For contacts used exclusively for marketing and advertising, the retention period is usually shorter, typically no more than two years from the last interaction.

Contract data

This refers to data collected in relation to the conclusion or execution of a contract. It includes details about the contracts and services provided or to be provided, as well as information gathered during the negotiation phase. Additionally, it covers data required or used for contract fulfillment and customer feedback, such as complaints and satisfaction evaluations. We typically collect this data from you, contractual partners, and third parties involved in contract execution, as well as from external sources like credit agencies and public records.

Contract data is generally retained for 10 years from the last contract activity or the contract's termination. This period may be extended when necessary for legal compliance, evidentiary purposes, or technical reasons.

Behavioral and preference data

Depending on our relationship with you, we may collect and process data related to your behavior and preferences to better understand your needs and tailor our products, services, and offers accordingly. This involves analyzing your interactions within our ecosystem and, in some cases, supplementing this information with third-party data, including public sources.

By processing this data, we can predict the likelihood of your engagement with certain services or behaviors. The information we use may already be known to us, such as where and when you access our services, or it may be collected through tracking your actions (for example, how you navigate our website).

Behavioral and preference data is anonymized or deleted once it is no longer relevant. Depending on the nature of the data, this retention period is generally 24 months (for product and service preferences). However, this period may be extended if required for legal compliance, evidentiary purposes, or technical reasons. We provide further details about tracking mechanisms on our website in Section 10.

Other data

We also collect data in other contexts. For example, we may process information related to administrative or legal proceedings (such as case files and evidence). In certain cases, we collect health-related data as part of regulatory health protection measures.

Additionally, we may obtain or generate photos, videos, or audio recordings where you might be identifiable, such as at events or through security cameras. We may also collect data regarding access to buildings and facilities (including visitor logs and access rights), participation in events, or the usage of our infrastructure and systems.

Furthermore, we process data related to shareholders and investors, including registration details and information regarding the exercise of their rights (such as participation in general meetings). The retention period for such data depends on the purpose of processing and is limited to what is necessary. This ranges from a few days (for security camera footage) to a few weeks (for visitor logs and contact tracing, typically 3 months) to several years or more for event documentation, particularly when images are involved. Data related to shareholders and investors is retained in compliance with corporate law but remains stored for as long as the individual holds an investment.

Sources of data collection

Much of the data described in this section is provided directly by you through various interactions, including forms, communications, contract agreements, or website usage.

You are generally not required to provide us with personal data, except in specific situations such as legal obligations under health protection measures. However, if you wish to enter into a contract with us or use our services, certain data—such as master data, contract data, and registration data—is necessary to fulfill contractual obligations. Similarly, the processing of technical data is unavoidable when accessing our website, and registration data is required for certain systems or building access.

For behavioral and preference data, you generally have the option to opt out or decline consent.

Where legally permissible, we may also collect data from public sources, including debt collection registers, land registers, commercial registers, media sources, and internet platforms such as social media. Additionally, we may receive data from public authorities and third parties, such as credit agencies, address brokers, associations, contractual partners, and internet analytics services.

3. For what purposes do we process your data?

We process your data for the purposes outlined below. Additional details related to online services can be found in Sections 10 and 11. These purposes align with our interests and, in some cases, the interests of third parties. More information regarding the legal basis for processing is available in Section 4.

  • Communication and customer support: We process your data to communicate with you, respond to inquiries, and facilitate the exercise of your rights. This also allows us to reach out to you in case of questions or issues. For this purpose, we primarily use communication data, master data, and registration data related to the services you use. We retain this data to document communications, support training and quality assurance, and enable follow-up inquiries.

  • Contract management and fulfillment: We process data to facilitate the initiation, administration, and execution of contractual relationships.

  • Marketing and relationship management: We use your data for marketing activities, including sending personalized promotions and advertisements about our products and services, as well as those of selected third parties (such as advertising partners). These marketing efforts may include newsletters and direct communications via email, telephone, or other available contact channels. We may also use your data for marketing campaigns, such as events, contests, and special offers, which may include free services like invitations or vouchers.

    You may object to marketing communications at any time or withdraw your consent if you previously agreed to receive marketing materials. Additionally, with your explicit consent, we can optimize our online advertising to better target you (see Section 10). We may also allow certain contractual partners to contact customers and business partners for marketing purposes (see Section 6).

  • Market research and service improvement: We analyze market trends, improve our services, and develop new products. This process primarily involves anonymous or pseudonymous data, meaning that no personal identifiers are used or linked to you.

  • Security and access control: We process your personal data to ensure security, monitor access to facilities, and prevent unauthorized activities.

  • Regulatory compliance: We process data to comply with laws, regulatory directives, and recommendations from authorities, as well as internal governance requirements (Compliance).

  • Risk management and corporate governance: We use personal data for risk management, corporate governance, and business operations, including organizational planning and development.

  • Additional internal processes: We may process data for other operational needs, including internal administration, process management, quality assurance, and staff training.

4. On what basis do we process your data?

When we request your consent for specific data processing activities (such as processing sensitive personal data, sending marketing emails, generating personalized behavioral profiles, or conducting advertising and behavior analysis on the website), we will provide additional information regarding the purpose of such processing.

You may withdraw your consent at any time with future effect by sending us a written notice (by mail) or, unless otherwise specified, by emailing us. Our contact details are provided in Section 13. For withdrawing consent related to online tracking, refer to Section 10. If you have a user account, you may also withdraw consent through the relevant website or service. Once we receive your withdrawal request, we will cease processing your information for the specified purpose, unless we have another legal basis to continue processing it. However, withdrawing consent does not affect the lawfulness of data processing performed before the withdrawal.

Where consent is not required, we process your personal data based on one of the following legal grounds:

  • The processing is necessary to initiate or perform a contract with you (or the entity you represent).
  • The processing is based on legitimate interests—either ours or those of a third party—in pursuing the purposes outlined in Section 3, including compliance with related measures.
  • Our legitimate interests also include compliance with legal regulations, unless applicable data protection laws already recognize compliance as a separate legal basis.
  • Other legitimate interests include the marketing of our products and services, gaining a better understanding of our markets, and ensuring the safe and efficient management and development of our company and operations.

If we receive sensitive personal data (such as health information, political opinions, religious or philosophical beliefs, or biometric data for identification), we may process such data under other legal bases, including:

  • If necessary for a legal dispute, potential litigation, or the enforcement or defense of legal claims.
  • If another legal basis applies, we will inform you separately as needed.

5. What applies in case of profiling and automated individual decisions?

We may conduct profiling, which involves automatically evaluating personal aspects related to you based on your data (Section 2) for the purposes described in Section 3. Profiling allows us to:

  • Determine preference data and personalize our services.
  • Detect misuse and security risks.
  • Perform statistical analysis.
  • Conduct operational planning.

For these purposes, we may create profiles, meaning we combine behavioral and preference data with master data, contract data, and technical data to gain a more complete understanding of your interests and characteristics. We may also generate anonymous movement profiles and, with your explicit consent, personalized movement profiles.

We take proportionality and reliability into account when conducting profiling and implement safeguards to prevent misuse. If profiling results in legal consequences for you or has a significant impact on you, we ensure that human review is conducted.

In certain situations, we may automate individual decision-making processes for the sake of efficiency and consistency. These automated individual decisions may have legal effects on you or significantly affect you. In such cases, we will inform you in advance and implement any required legal safeguards.

6. With whom do we share your data?

In connection with our contracts, website, services, products, legal obligations, protection of our legitimate interests, and other purposes outlined in section 3, we may share your personal data with third parties, particularly the following categories of recipients:

Service providers
We work with service providers in internationally who process your data on our behalf, as joint controllers with us, or as separate controllers receiving data from us. These may include IT service providers, shipping companies, advertising service providers, login service providers, cleaning companies, security firms, banks, insurance providers, debt collection agencies, credit information agencies, and address verification providers. For details on service providers related to our website, see section 10.

Contractual partners including customers
This includes customers such as service recipients and other contractual partners where data disclosure results from these contracts. For example, they may receive registration data related to vouchers, invitations, or redeemed services. If you are employed by a contractual partner, we may also share relevant data about you with that partner.

These recipients also include advertising partners with whom we collaborate or who conduct marketing activities on our behalf. We may share data for analysis and marketing purposes with these partners, including service recipients, sponsors, and online advertising providers. However, we require them to use your data for advertising purposes only with your consent. See section 10 for online advertising partners.

Authorities
We may disclose personal data to regulatory agencies, courts, and other authorities in internationally if legally required or permitted, or if necessary to protect our legitimate interests. These authorities act as independent data controllers.

Group companies
In some cases, we share personal data within our corporate group to facilitate service provision, improve products and services, manage complaints, ensure security in business operations, and support mergers and acquisitions transactions.

Other persons
In certain cases, interactions with third parties arise from the purposes described in section 3. This may include service recipients, media organizations, industry associations, or cases where you are featured in our publications.

All categories of recipients may engage third parties, meaning your data may be further disclosed to them. We can limit data processing by some third parties such as IT providers but not others such as authorities or financial institutions.

We reserve the right to disclose even confidential data, except where we have explicitly agreed not to do so, unless required by law. However, your data remains protected under applicable data protection laws in the respective jurisdictions even after disclosure. If you have concerns about specific data disclosures, please contact us, and we will assess whether your request can be accommodated. See section 13.

Additionally, we allow certain third parties to collect personal data from you via our website or events we organize, such as press photographers or providers of tools integrated into our website. If we do not control such data collection, these third parties act as independent controllers. If you have concerns or wish to exercise your data protection rights, you should contact these third parties directly. See section 10 for website-related third parties.

We do not sell or transfer personal data to third parties unless you have given your consent or such disclosure is required or permitted by applicable law.

8. Is your personal data disclosed abroad?

7. How long do we process your data?

We process your data for as long as necessary to fulfill our processing purposes, comply with legal retention obligations, and support our legitimate interests in maintaining records and evidence, or where storage is required for technical reasons. More details on storage and processing periods for specific data categories can be found in section 2, and for cookies in section 10. If there are no legal or contractual obligations preventing deletion, we will delete or anonymize your data as part of our regular processes once the applicable retention period has expired.

8. How do we protect your data?

We implement appropriate security measures to ensure the confidentiality, integrity, and availability of your personal data. These measures are designed to prevent unauthorized or unlawful processing and to protect against risks such as accidental loss, unauthorized alteration, disclosure, or access.

9. What are your rights?

Applicable data protection laws grant you the right to object to the processing of your data in certain situations, particularly for direct marketing, profiling conducted for direct marketing purposes, and other processing based on legitimate interests.

To help you exercise control over your personal data, you have the following rights, subject to applicable data protection laws:

  • The right to request information about whether we process your data and, if so, what data is being processed.
  • The right to request corrections to inaccurate data.
  • The right to request the deletion of your data.
  • The right to request that we provide certain personal data in a commonly used electronic format or transfer it to another controller.
  • The right to withdraw consent when processing is based on your consent.
  • The right to receive, upon request, additional information that may assist in exercising your rights.
  • The right to express your point of view in cases of automated individual decision-making (section 5) and to request that a human review the decision.

If you wish to exercise any of these rights in relation to us, please contact us in writing, either at our premises or via email, unless otherwise specified or agreed. Our contact details can be found in section 13. To prevent misuse, we may require you to verify your identity, such as by providing a copy of an identification document unless identification is possible through other means.

You also have these rights in relation to other independent data controllers that cooperate with us. If you wish to exercise your rights in relation to their processing activities, please contact them directly. Information on our key partners and service providers is available in section 6, with additional details in section 10.

10. Do we use online tracking and online advertising techniques?

We use various technologies on our website that enable us and third parties working with us to recognize you during your visits and, in some cases, track your activity across multiple sessions. This section explains these technologies and how they work.

The main purpose of these tracking techniques is to distinguish your access from that of other users, ensuring the proper functionality of the website while also enabling analysis and personalization. Our goal is not to identify you personally, but identification may still be possible if we or third parties associate tracking data with your registration information. Even without registration data, the tracking technologies we use are designed to recognize you as a unique visitor each time you access the website. This is achieved by assigning a specific identification number to your browser or device, commonly known as a cookie.

We use these tracking technologies on our website and may also allow certain third parties to do so. However, depending on the intended use of these technologies, we may request your consent before enabling them.

You have several options to control or block online tracking:

  • You can adjust your browser settings to block certain cookies or tracking technologies, or to delete existing cookies.
  • You can use privacy-focused browser extensions that prevent third-party tracking.
  • You can refer to your browser’s help section (usually under "Privacy" settings) or visit the websites of third-party tracking providers for further information on how to manage these technologies.

We use different types of cookies and similar tracking technologies on our website. These help us ensure functionality, improve user experience, and facilitate targeted advertising. The main categories of cookies are:

Essential cookies
Some cookies are necessary for the proper functioning of the website and certain features. For example, they allow you to navigate between pages without losing information entered in forms and ensure that you remain logged in. These cookies are typically session cookies, meaning they only exist temporarily. If you block them, the website may not function correctly. Other essential cookies store your preferences and settings beyond a single session, such as language settings, consent preferences, or automatic login functionality. These cookies may have an expiration period of up to 24 months. More details can be found in the Cookie Consent Banner.

Functional cookies
We use cookies to track and analyze website usage, allowing us to optimize our website and adapt it to user needs. These cookies may persist beyond a single session and are used in conjunction with third-party analytics services. Before using functional cookies, we request your consent. These cookies also have an expiration period of up to 24 months. More details on processing activities can be found on the websites of third-party providers (see Cookie Consent Banner).

Marketing cookies
To provide personalized advertising, we and our advertising partners use cookies that track the content you view and the actions you take, such as purchases or sign-ups. These cookies enable us and our advertising partners to display advertisements tailored to your interests, both on our website and across other platforms.

Marketing cookies typically expire within a few days to 12 months, depending on their function. If you consent to the use of these cookies, you will receive personalized advertisements. If you do not consent, you will still see advertisements, but they will not be tailored to your preferences.

In addition to cookies, we may use other technologies to optimize online advertising. For example, we may share email addresses of our users, customers, and interested parties with advertising platforms (such as social media providers). These platforms use matching processes to determine whether individuals are already registered with the same email address. If a match is found, they display our advertisements to those users. The advertising platforms do not receive personal email addresses for individuals who are not already registered. However, for known email addresses, they may infer that the person has engaged with us and viewed specific content.

We also integrate third-party services on our website, such as social media plugins. These services are deactivated by default. Once you activate them (e.g., by clicking a button), the service provider can track your activity on our website. If you have an account with that provider, they may associate this data with your profile. These providers act as independent controllers for any data they process.

We currently work with the following providers, who may use data from you or place cookies on your device for advertising purposes:

  • Google Tag Manager
  • Google Optimize
  • Google Analytics
  • YouTube Video

11. What data do we process on our social network pages?

We may operate pages and other online presences such as fan pages, channels, profiles, or other accounts on social media platforms operated by third parties. When you interact with us on these platforms, we collect certain data about you, as described in section 2 and below.

We receive data both directly from you (for example, when you comment, like, or share content, or send us a message) and indirectly from the platform itself (for example, when you visit our page, the platform collects usage data and shares some of it with us). Social media platforms analyze how you interact with our content and may combine this information with other data they have about you, such as behavioral patterns and preferences.

These platforms process your data for their own purposes, including marketing, market research, and platform management (such as personalizing your feed or deciding which content to show you). In doing so, they act as independent data controllers and are responsible for how they process your data.

We process this data for the purposes outlined in section 3, particularly:

  • Communication – responding to your messages, comments, and interactions
  • Marketing – including advertising campaigns on the platforms (see section 10)
  • Market research – understanding audience engagement and preferences

We may share or republish content that you post on our social media pages, such as comments or interactions with our announcements. In some cases, we or the platform operators may delete or restrict content if it violates platform policies or community guidelines (for example, inappropriate or offensive comments).

For more details on how social media platforms process your data, please refer to their respective privacy policies. These policies also provide information on:

  • The countries where your data is processed
  • Your rights regarding access, deletion, and correction of your data
  • How to exercise your data protection rights

Additionally, further details can be found in our Data Protection Notice for social media pages.

12. Can we update this Privacy Policy?

This Privacy Policy is not a contractual agreement and may be updated at any time. We will notify users of any significant changes. The version published on this website is always the current version.

13. Contact Us

If You have any questions regarding this Privacy Policy, You can contact us by email at support@cryptal.ai.