This policy was prepared in the English language and, where any translation is made available, the English language version shall prevail in the event of any conflict, discrepancy or ambiguity between translations.
Effective Date: 30 April 2025
This policy describes how Crosschain Association and its affiliates (referred to as “we”, or “us” in this policy) will collect, make use of, and share (i.e. “process”) your personal data in connection with our website(s), apps and services (including API services). For the purposes of this policy, the term “affiliate” shall mean any entity, individual, firm, or corporation, directly or indirectly, through one or more intermediaries, controlling, controlled by, or under common control with Crosschain Association.
This policy also describes data protection rights you may have (depending on applicable law), such as a right to object to some of the processing which the we carry out. More information about your rights, and how to exercise them, is set out in the “Your rights” section.
We process personal data about you when you interact with us, our websites, our apps or our services (including API services). This may include:
We will aim to mark data fields as optional or mandatory when collecting personal data from you via forms. Note that where personal data is stated as mandatory: if relevant data is not provided, then we will not be able to do these things and provide the services you expect.
We may receive personal data from payment partners where you use their services to make payments to us. We receive personal data from partners when they refer you to us (for example, we receive data about the service you used, and that referred you). Third parties may monitor the Web on our behalf, for example looking for stolen or compromised credentials. Our communications service provider may also enable us to learn more about your social media presence, in order for us to send you more personalised communications. Finally, some authorities or other persons seeking access to information about users may provide information about the circumstances of their request, and about the individuals of interest.
We process this personal data for the following purposes:
To the extent required by law, we aim to carry out balancing tests when significant data processing activities are justified on the basis of our “legitimate interests”, as described above.
Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your data for other purposes, such as those set out above. In some cases, we are able to display marketing without your consent. You may have an absolute right to opt-out of direct marketing, or profiling we carry out for direct marketing, at any time, in accordance with applicable law. Where you do have such a right, you can exercise it by following the instructions in the communication where this is an electronic message, changing your account settings, or by contacting us using the details set out below.
We will share your personal data between CA Group companies so they can help deliver and improve our services, run our business, and comply with our legal obligations and related third party requests.
Personal data may be shared with courts or public authorities if required as described above, mandated by law or regulation, or required for the legal protection of our or third party legitimate interests, in compliance with applicable laws and regulations, and relevant / competent public authorities’ requests.
Personal data will also be accessed by employees or contractors, or shared with third party service providers, who will process it on our behalf for the purposes identified above. In particular, we use third party website and database hosting; web and app analytics; and customer services and support.
In the event that the business is transferred to or integrated with another business, your details will be disclosed to our advisers and any prospective purchaser’s advisers, and to the new owners of the business.
Depending on applicable law (in particular, whether the laws of the UK or EEA countries apply), you may have the right to ask us for a copy of personal data about you; to correct or delete that personal data; restrict the processing of that personal data; and to obtain a copy of personal data about you that you provided to us (in connection with our agreement with you, or with your consent), in a structured, machine readable format, and to ask us to port this data to (i.e. share that data with) another organisation.
In addition, applicable law may provide the right to object to the processing of personal data about you, in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing).
You have the right to appeal the result of significant fully automated decisions. This should be done by emailing us within 3 working days from the date of the decision, which we will then review.
If these rights apply, they may however be limited, for example if fulfilling your request would reveal personal data about another person, would infringe the rights of another person or legal entity (including our rights), or if you ask us to delete or change data which we are required by law to keep (or have other compelling legitimate interests in keeping). We will inform you of relevant exemptions we rely upon when responding to any request you make.
To exercise any of these rights, or to obtain other information, such as a copy of a legitimate interests balancing test, you can get in touch using the details set out below. If you have unresolved concerns, you typically have the right to complain to regulators, depending on applicable law. For example, in the EEA, your complaint can likely be taken to data protection authorities where you live, work or where you believe a breach may have occurred.
Where we process personal data in connection with performing an agreement with you, we keep the data for 6 years from your last interaction with us.
Where we process personal data for marketing purposes or with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a record of that request indefinitely, so that we can continue to respect your request in future.
Where we process personal data for site security purposes, we retain it for 3 years.
Longer retention periods may apply, such as where ongoing access to records continues to be important to our defence of legal claims or where we are required by law or regulation to retain information for specific periods.
We do not currently use cookies (or other local storage objects, but we refer to these collectively as “cookies” in this policy), web beacons/tags, and other related approaches to collect information about your use of our website.
Although our website and apps only look to include quality, safe and relevant external links, users should always adopt a policy of caution before clicking any links to third party websites or apps. We cannot control, guarantee or verify their contents. They will have their own policies and practices, for example with regard to privacy and personal data, and you should acquaint yourselves with those before further engaging with those third party websites or apps.
We may revise this Privacy Policy from time to time. If we make a change to this policy that we consider material, we will take steps to notify users by a notice on the website and/or app. Your continued use of the our website, apps and services (including API services) will be subject to the updated Privacy Policy.
If you have any questions or concerns about how we process your data, including if you would like to exercise any rights, you can get in touch with our contact point for privacy queries at [email protected].