Privacy Policy

Last updated: November 30th, 2018

Thank you for using ChainRift!

ChainRift ("we", "us" and "our") is committed to providing you with high quality online cryptocurrency exchange services. Your Privacy is important to us. This Privacy Policy is designed to make important disclosures about how we can use, collect and/or share your information.

  1. Acceptance of Privacy Policy. By accessing and using our website and/or when you use the mobile app, API or third-party applications relying on such an API, and related services (referred to collectively hereinafter as "Services"), you signify acceptance to the terms of this Privacy Policy and consent to the collection, use, and disclosure of your personal information as described below. If you do not agree with or you are not comfortable with any aspect of this Privacy Policy, you should immediately discontinue access or use of our service.

  2. How your personal information is used. Our primary purpose in collecting personal information is to provide you with enhance security, efficiency and user experience. We will not use your personal information for purposes other than those purposes we have disclosed to you, without your permission.

    In general, we use personal information to create, develop, operate, deliver, and improve our Services, content and advertising, and for loss prevention and anti-fraud purposes. Examples of how we may use this information include:

    • To process transactions and send notices about your transactions.
    • To verify your identity by comparing your personal information against third-party databases.
    • To enforce our agreements with third-parties. To resolve disputes, collect fees, and troubleshoot problems.
    • For quality control and staff training. To provide you with Services and any customer support that you may request.
    • To enhance security, monitor and verify identity or Service access, combat spam or other malware or security risks.
    • To prevent and investigate potentially prohibited or illegal activities, and/or violations of our posted user terms.
    • To comply with our legal obligations.

    Please find below a description of types and examples of information we collect and the purpose of the collection:

    Types of Data Examples of Data Purpose/Legal Basis
    Registration Data:

    Information used to access our Services.

    Username, email address.

    For purpose of consent and performance of contract between ChainRift and the User as well as acting in furtherance of the execution of said contact.

    Account Data:

    All information provided about the User.

    Full name, email address, username, country and telephone number.

    For the purpose of providing our services, maintaining the security of our users and services, and for communication with the User.For the purpose of verification of the transactions, providing alternative access to open trades.

    ID Data:

    Digital copy of the User’s identification document.

    Full name, country, date of birth, and gender.

    For purpose of protection, detection and investigation of fraud, money laundering, criminal activity or any other misuse of our service.For purpose of creating trustworthy, safe and reliable trading platform.

    Usage Data:

    Information about the use of our Services.

    Web browser type, server, IP address, language preference, referring site, and the time of each visit:

    Analytics data: your email address, IP address and country code.

    Technical data website error, certain events and actions.

    To customize, measure, and improve ChainRift Services and the content and layout of our website and applications.

    For behaviour statistics, business intelligence and email campaigns and to aid Google Analytics monitoring.

    For technical, security and/or fraud prevention.

    For quality control monitoring and improve our website and services as well as to prevent, detect and investigate fraud, criminal activity or other misuse of the services and to prevent security issues.

    To deliver targeted marketing, service update notices, and promotional offers based on your communication preferences.

    Trade Data:

    Trade ID, initiated trades, payment method, advertisement information, buyer username, seller username, trade value (in fiat), trade value (in cryptocurrency), price, currency, timestamps of trade and trade chats as well as possible merchant invoice information and ATM trade data.

    Consent; the performance of a contract, actions taken to enter into such a contract.

    For purpose of our business model’s operation.

    Communication Data:

    Exchanges of information.

    All communications such as messages, requests and other communication with our support team.

    Communications through chat or email: Chats, email address, username, IP address, full name, audio and video files and in the case of manual ID verification: photo of the User’s personal ID, photo of the User, and photo of the User’s utility bill or related document.

    For the purposes of communicating with you, record-keeping, in order to review and resolve disputes, serve our users better and improve our service.

    For the purpose of administration of our website and business.

    Notification Data:

    Notifications by email, SMS notifications and/or newsletters.

    Email address, phone number, username and full name.

    For the purposes of sending you the relevant notifications and/or newsletters. The legal basis for this processing is consent.

    You can unsubscribe at any point by contacting us or by clicking the unsubscribe link in the email.

  3. Sharing your information with others. We ensure that your personal information is to be accessed only by those who absolutely need it in order to perform their tasks and duties, and for a legitimate purpose. ChainRift will never sell or rent your personal information. We will only share your information in the following circumstances:

    In connection with a Digital Currency transfer between you and a third-party, including merchants, a third-party may share information about you with us, such as your email address or mobile phone number which may be used to inform you that a transfer has been sent to or received from the third-party. We may use this information in connection with such transfers to confirm that you are a ChainRift User, that Digital Currency transfers are enabled, and/or to notify you that you have received Digital Currency. If you request that we validate your status as a ChainRift User with a third-party, we will do so.

    Please note that merchants you interact with may have their own privacy policies, and ChainRift is not responsible for their operations, including, but not limited to, their information practices. Information collected by third-parties, which may include such things as contact details or location data, is governed by their privacy practices. We encourage you to learn about the privacy practices of those third-parties.

    If you authorize one or more third-party applications to access your ChainRift Account, the information you have provided to ChainRift may be shared with those third-parties. Unless you provide further authorization, these third-parties are not allowed to use this information for any purpose other than to facilitate your transactions using ChainRift Services.

    However, we cannot guarantee that loss, misuse, unauthorized acquisition, or alteration of your data will not occur. Please recognize that you play a vital role in protecting your own personal information. When registering with our Services, it is important to choose a password of sufficient length and complexity, to not reveal this password to any third-parties, and to immediately notify us if you become aware of any unauthorized access to or use of your account.

    Furthermore, we cannot ensure or warrant the security or confidentiality of the information you transmit to us or receive from us by Internet or wireless connection, since we have no way of protecting that information once it leaves and until it reaches us. If you have a reason to believe that your data is no longer secure, please contact us at the email address listed at the end of this Privacy Policy.

    In addition, we may be compelled to share Personal Information with law enforcement, government officials, and regulators.

    Section 326 of the USA PATRIOT ACT requires all financial institutions to obtain, verify, and record Personal Information that identifies each person who opens an account. This federal requirement applies to all new customers. This Personal Information is used to assist the United States government in the fight against the funding of terrorism and money-laundering activities. What this means for you: when you open an account, we ask you for your name, address, date of birth, and other identifying Personal Information.

    In addition, we are a global company and thus may conduct business and collect Personal Information from individuals and institutions located within the European Economic Area (“EEA”). We are required to protect Personal Information processed in the EEA in accordance with the General Data Protection Regulation (“GDPR”). To understand more about how we protect the data we collect from individuals and institutions located within the EEA, please see the “Privacy Statement for Data Subjects Whose Personal Information May Be Collected in or from the EEA” section below.

  4. Marketing Campaigns. We may also occasionally communicate company news, updates, promotions and related information relating to similar products and services provided by ChainRift. We may share personal data with third-parties to help us with our marketing and promotional projects or sending marketing communications.

    If you want to opt out of receiving promotional and marketing emails, text messages, post and other forms of communications from us [or our promotional partners] in relation to which you might receive in accordance with this section, you can best opt out by using one of the following ways:

    • Click "Unsubscribe" at the bottom of an email we sent you.

    If you do opt out of receiving promotional and marketing messages, we can still contact you regarding our business relationship with you, such as account status and activity updates, survey requests in respect of products and services we have provided to you after you reserve from us, reservation confirmations or respond to your inquiries or complaints, and similar communications.

    You can opt-out of receiving promotional communications from ChainRift by pressing the unsubscribe button in the message.

  5. Rights of Users: You have the following rights relating to your private information :

    • Opt-Out from certain Email Communications. Subject to applicable laws and regulations, we may from time to time send communications promoting services, products, facilities, or activities to you using information collected from you. You can opt-out of receiving promotional communications from ChainRift by pressing the unsubscribe button in the message. Cookies – You may decline session cookies if your browser or browser add-on permits but choosing to remove or disable our cookies may interfere with your use and functionality of the ChainRift Exchange Services.
    • Right of Rectification. You have the right to correct any personal information that we hold on you that is inaccurate, incorrect, or out of date. However, you cannot change your full name after your verification was approved.
    • Right of Erasure. You have the right to ask us to delete your data when it is no longer necessary, or no longer subject to a legal obligation to which ChainRift is subject to.
    • Location Information. You may be able to stop the collection of location information through your device settings or by following the standard uninstall process to remove our applications from your device; however, because such data is used by us to meet legal requirements, as well as for ongoing fraud and risk monitoring purposes, choosing to remove or disable location services may interfere with your use and functionality of the ChainRift Exchange Services.
    • Access to information. Subject to applicable laws, you may have the right to access the information we hold about you. Your right of access can be exercised in accordance with the relevant data protection legislation. For further information, please contact [email protected]
    • Right to object to processing. You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third-party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
    • The right to data portability. To the extent that the legal basis for our processing of your personal data is consent, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
    • Right to withdraw consent. To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
  6. Automated decision-making. Although we do not engage in automated decision-making, we may make automated decisions on certain matters. For example, we may do this to decide whether we can provide our services to you based on a risk profiling. Depending on the outcome of the risk profiling, a decision will be reached automatically as to whether we are able to provide products or services to you.

    We may in some instances use your personal data, such as your country of residence and trade history, in order to better address your needs. When we do this, we take all necessary measures to ensure that your privacy and security are protected, and we only use anonymous or de-identified data.

    We may use the services of third-party provider(s) in order to improve your experience or to help fight financial crime. For example, so that we can provide you with a fast and efficient service, we may use automated softwares to verify your identity documents or to confirm the accuracy of the information you have provided to us. None of the processes have a legal effect on you.

  7. Public Databases, Credit Bureaus & ID Verification Partners. We obtain information about you from public databases and ID verification partners for purposes of verifying your identity. ID verification partners use a combination of government records and publicly available information about you to verify your identity. Such information may includes your name, address, status on any sanctions lists maintained by public authorities, and other relevant data. Our ID verification providers only use the information that's gathered from the government issued ID and your submitted image (selfie) to make their determination. We obtain such information to comply with our legal obligations, such as anti-money laundering laws. In some cases, we may process additional data about you based on public interest grounds to ensure our Services are not used fraudulently or for other illicit activities.

  8. International transfers of personal information ChainRift participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. ChainRift is committed to subjecting all personal information received from European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List at https://www.privacyshield.gov.

    ChainRift is responsible for the processing of personal information it receives under the Privacy Shield Framework and subsequently transfers to a third-party acting as an agent on its behalf. Pursuant to the Privacy Shield Principles, ChainRift will use personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. We will take all reasonable steps to ensure that personal information we process is limited to only what is relevant to the purposes for which it was collected and that it is accurate, complete, and up-to-date.

    ChainRift complies with the Privacy Shield Principles for all onward transfers of personal information from the EU, including the onward transfer liability provisions. Consequently, before ChainRift shares your information with any third-party that is not also certified under the E.U.-U.S. Privacy Shield Framework, ChainRift, Inc. will enter into a written agreement that the third-party provides at least the same level of privacy safeguard as required under those Frameworks, and assures the same level of protection for the personal information as required under applicable data protection laws.

    ChainRift LLC. commits to resolve European data subjects' complaints about their privacy and our collection, use or disclosure of their personal information in compliance with the EU-U.S. Privacy Shield Principles.

    If you are a European data subject with an unresolved complaint or dispute arising under the requirements of the Privacy Shield Framework, we agree to refer your complaint under the Framework to an independent dispute resolution mechanism. Please refer to our terms and conditions for more details on the resolution of conflict mechanism and jurisdiction.

  9. Retention of personal information. We store our Users' personal information securely throughout the life of the User's ChainRift Account. ChainRift will retain your personal information for a minimum of five years or as necessary to comply with our legal obligations or to resolve disputes.

    In some cases, it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the period we need to access the data for the provision of services, receiving payment, resolving your customer support issue or other issues or for any other auditing or legal reasons.

    Notwithstanding the foregoing, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

  10. Children’ personal information. We do not knowingly request or collect personal information from any person under the age of 18. If a user submitting personal information is suspected of being younger than 18 years of age, ChainRift will require the user to close his or her account and will not allow buying or selling digital currencies. We will also take steps to delete the information as soon as possible. Please notify us if you know of any individuals under the age of 18 using our Services so we can take action to prevent access to our Services.

  11. Anti-money-laundering and Combating Terrorism. For purposes of AML (anti-money-laundering) and CFT (Combating the Financing of Terrorism) ChainRift conducts - based on its legitimate interest to prevent fraud and misuse of its services (Art 6 para 1 lit f GDPR) - an examination of politically exposed persons and sanctioned persons in the course of the compliance department verification process by verifying User’s identity through third-party provider. Based on this Verification process, the Third-party provider will inform ChainRift whether the User is a politically exposed person or sanctioned person. For further information on the consequences resulting from the violation of these provisions, please refer to ChainRift's Terms and Conditions.

  12. Privacy related to digital assets and blockchain. The completion of a Digital Asset transaction may be recorded on a public blockchain which constitutes a public distributed ledgers, intended to immutably record transactions across wide networks of computer systems. Because blockchain platforms are decentralized or third-party networks which are not controlled or operated by ChainRift or its affiliates, we are not able to erase, modify, or alter personal data from such networks.

  13. Cookies. ChainRift may use cookies, (which are tiny files that are saved to your web browser), to improve your experience and to enable certain features, such as authentication. For more information please refer to our Cookies Policy.

  14. Changes to this Privacy Policy. Any changes we may make to our Privacy Policy will be posted on this page and, where appropriate, will be shared via a notification on the Services. Please check back frequently to see any updates or changes to our Privacy Notice.

  15. Data Controller. Our data controller is responsible for the collection, use, disclosure, retention and protection of your personal information in accordance with our global privacy standards, this Privacy Notice, as well as any applicable national laws. We use encryption to protect your information. Data controllers process and retain your personal information using trusted third-parties and on our servers.

    Where we have a legal obligation to do so, we have appointed data protection officers (DPOs) to be responsible for our privacy program. If you have any questions about how we protect or use your Personal Information, you can contact our DPOs by email at [email protected]

By checking the respective box as a part of the registration process, the User confirms to have read the Privacy Policy and agrees to the data processing as described herein.