Privacy Policy

ONLINE PRIVACY STATEMENT

This Privacy Policy shall be effective from 15 August 2022.

This Privacy Policy describes how Drinela UAB trading as CrissCross (Company number 306280633, registered address Vilnius, Architektų g. 56-101 Lithuania) ("We", "Us", "Our") processes personal data in compliance with the General Data Protection Regulation (GDPR). 

Crisscross respects and protects the privacy of visitors to our websites and our customers who use our services. To ensure transparency, this Privacy Policy describes our data handling practices when you access content we own or operate on the website located at crisscross.money or any other associated websites we own or operate (site(s)).

Please take a moment to read through our privacy policy. If you have any specific questions about it, you’re welcome to contact us at info@crisscross.money, and We will be happy to give you further clarity.

 

Information on our Privacy Policy

This Privacy Policy outlines what data We collect from you, how We use this information, and how We take care in disclosing this information, in compliance with data protection laws, including the General Data Protection Regulation (EU 2016/679)

By accessing and reading our Privacy Policy, you acknowledge you have been informed about the processing of your personal data that we may process from you.

In this statement We have used certain terms which are set out in the EU’s General Data Protection Regulation (GDPR or the Regulation):

personal data means: any information relating to an identified or identifiable natural person (data subject).

an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

controller means: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

processor means: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

processing means: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

 

PRIVACY STATEMENT

What is the lawful reason Crisscross uses to process personal data?

The four lawful reasons Crisscross uses to process personal data are set out in Article 6 of the Regulation. 

Processing will only be lawful if and to the extent that at least one of the following applies:

  • the data subject has given consent to the processing of his or her personal data for one or more specific purposes (Consent).
  • processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Contract Performance).
  • processing is necessary for compliance with a legal obligation which We are subject to (Legal Obligations).
  • processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child (Legitimate Interest).

1. Consent

Where We process personal data as a result of Consent, We ensure that consent is freely given, specific and informed, and established by a clear affirmative act. Where Consent is withdrawn, we have set out (below) how this may be undertaken by the data subject.

2. Contract Performance

Where We enter into a contract with third parties, processing of personal data may, as a matter of course, be necessary in order to execute such a contract or take pre-contract preparation steps.

3. Legal Obligations

Where there are legal obligations which apply to Crisscross, processing of personal data may be required by law.

4. Legitimate Interest

Where We process personal data as it is necessary for the purpose of our legitimate interests, We do so on the basis of a balanced evaluation of our interests and the rights and freedoms of the data subject which require protection. 

We have concluded that the way We manage the processing of personal data results in a cumulation of data subject protections which show that the balance is in favour of Crisscross being able to rely on Article 6.1(f) of the Regulation as a lawful reason to process personal data.

 

Why does Crisscross need to collect and store personal data?

We collect and store personal data to provide our clients, customers, suppliers or third parties with the service they require or provide as a party to a contract with us, or a third-party with an interest in Crisscross.  We do not process personal data for any reason other than this purpose. 

We only keep personal data for as long as is necessary to undertake this purpose. We are committed to ensuring that the information We collect and use is appropriate for this purpose and does not constitute an invasion of the data subject’s right to privacy.

When does Crisscross collect my information?

Crisscross collects information about you if you:

  • register with or use our Website or online services;
  • represent one of our business clients;
  • work with us as a service provider; or
  • visit a Crisscross office or register to attend a Crisscross event.

What type of data does Crisscross collect?

We distinguish in this policy between personal data and ‘non-personal data’ (this is de-identified data, and cannot be attributed to you personally).

What type of personal data does Crisscross collect?

If you wish to use any of our services, We will collect and retain certain relevant data of yours, including some of your personal information.

Personal information we collect will fall within one of the below:

  • Personal information: Basic information about you, including your signature;
  • Identification data including unique descriptors: Government issued identifiers, other unique identifiers such as date of birth, and personal descriptors that might identify you;
  • Financial and transactional: Financial information about you, transactional information and credit information, account authentication details;
  • Contractual details: information collected as part of the products and services we or our service providers provide you;
  • Socio-demographic: Details about your work or profession, nationality, education;
  • Technical information: Details about your devices and technology that you use to access our services, including IP address;
  • Behavioural: information about how you use our products and services;
  • Location: Data we receive about where you are;
  • Communications: Information we capture through your communications with us, e.g. emails, instant messaging;
  • Publicly available information: Details that are in public records and information about you that is openly available on the internet.

How does Crisscross handle my personal data?

The following principles are observed in the handling of your data:

  1. We will only collect personal data for a purpose consistent with the purpose for which it is required. The specific purposes for which information is collected will be apparent from the context in which it is requested, as they are set out as follows.
  2. Personal information will only be processed for a purpose compatible with that for which it was collected, unless you have consented to an alternative purpose.
  3. We do not retain your data indefinitely. We will destroy or delete any personal information that is no longer needed by us for the purpose it was initially collected, or subsequently deleted.  Crisscross is however required to retain certain information in accordance with the law, such as information needed for income tax and audit purposes. How long certain kinds of personal data should be kept may also be governed by specific business-sector requirements, contractual obligations and agreed practices. Personal data may be held in addition to these periods depending on individual business needs. 

How will Crisscross use the personal data it collects about me? 

We may use your personal information to:

  1. Provide, maintain, and improve the features and functionality of our site and services, based on our legitimate interest and/or the performance of the contractual relationship between you and us.
  2. Provide for internal non-marketing or administrative purposes, based on our legitimate interest.
  3. Provide information to you about updates and new services, based - when relevant - (i) on the performance of the contractual relationship between you and us or, (ii) if relevant, your consent; or (iii) if relevant, our legitimate interest.
  4. Process billing and collection of any fees based on the performance of the contractual or precontractual relationship between you and us.
  5. Meet our legal and regulatory obligations in terms of the applicable laws.

To comply with legal and regulatory requirements in rendering our services, Crisscross may be required to disclose information about you and/or your account to the following trusted third parties, namely:

  • Our agents, affiliates and/or professional advisors.
  • Service providers assisting us in processing or otherwise fulfilling transactions and/or providing required services.
  • Law enforcement, regulatory and governmental agencies if or when requested.

We don’t use your personal data to:

  • Send commercial or marketing messages to you, without your prior consent.
  • Sell your data to third parties.

 

Will Crisscross share my personal data with anyone else?

We may share your information in the manner and for the purposes described below:

  • Internally, where such disclosure is necessary to provide you with our services or to manage our business;
  • With third parties who help manage our business and deliver services, pursuant to a contract between the third party and Crisscross. In these circumstances, the third party may be another controller, processor or sub-processor. Where the third party is a processor or a sub-processor, they are obliged amongst other things, to keep your details secure, and to use them only to fulfil their contractual obligations to Crisscross under a processing agreement or terms which comply with Article 28 of the Regulation.
  • With agencies and organisations working to prevent fraud in financial services;
  • With our regulators;
  • To comply with all applicable laws, regulations and rules, and requests of law enforcement, regulatory and other governmental agencies;

When they no longer need your personal data to fulfil this service, they will dispose of the details in line with Crisscross’s data retention policy, or as otherwise set out in the processing agreement. 

 

We operate globally

The personal information we collect from you may be transferred to, stored and processed outside of the jurisdiction in which you live. The laws of those countries may vary from the laws applicable in your own country. Data gathered in the European Economic Area (EEA) may be transferred to, stored and processed at a destination(s) outside of the EEA. Said international data transfers will be carried out in strict compliance with the Regulation and after having executed the relevant Standard Contractual Clauses with the recipients of the data.

Your account is stored by Crisscross on a secure server maintained and operated by third-party service providers. These third-party providers are bound by and adhere to the relevant data processing agreements, in compliance with the Regulation.

 

Your data protection rights 

You have the right to access your personal data held by Crisscross, by contacting us with a request at info@crisscross.money. For your protection, We will take steps to verify your identity before fulfilling your request.

If there are any changes to your personal information or if you believe that the information we have about you is inaccurate, incomplete, misleading or not up-to-date, you must inform us accordingly at info@crisscross.money. You also have the right to request the restriction and objection to its processing, the right to request the portability of your personal data and the right not to be subject to a decision based solely on automated processing.

You have the right to be forgotten in terms of the Regulation. This may be done by requesting your account to be deleted in a support ticket to the Crisscross support team at info@crisscross.money. By requesting us to delete you, you may forfeit your ability to use Crisscross’s services going forward as We require certain data in order to provide our services.

We may use our discretion in allowing correction requests and may request further documentary evidence of any new information in order to avoid fraud and inaccuracy.

 

Security measures for your personal data

We take all appropriate and reasonable technical and organisational measures to prevent the loss of, damage to or unauthorised destruction of personal data and the unlawful access to or processing of such data. We have systems in place to control your data in a way that minimizes its exposure.

We will take reasonable steps to identify all reasonably foreseeable internal and external risks posed to your personal data under our possession or control and establish and maintain appropriate safeguards against any risks identified.

 

Non-personal data

In addition to personal data, We also collect and store non-personal data, which cannot be used to identify you. The kinds of non-personal data that We collect includes de-identified data about the usage patterns of our sites. This data is useful to us as it helps us to optimize our user experience.

 

When you access or use our services, we may automatically collect data about your behaviour that includes:

  1. Log Information: We log data about your use of our services, including the type of browser you use, access times, pages viewed, , and the page you visited before navigating to our Services.
  2. Device Information: We collect data about the device you use to access our services, including information about the device’s software and hardware, Media Access Control ("MAC") address and other unique device identifiers, device token, mobile network information and time zone.
  3. Consumption data: We collect data about your consumption habits relating to your use of our services, including which purchases you make with both virtual and real Currencies.
  4. Data Collected by web cookies and other tracking technologies: We use various technologies to collect data, and this may include sending cookies to your computer or mobile device.

Under what circumstances will Crisscross contact me?

The personal data We process is subject to rigorous measures and procedures to minimize the risk of unauthorized access or disclosure. We will get in touch with you where this is required under the Regulation. 

Can I find out the personal data that the organisation holds about me?

At your request and where this is technically possible, Crisscross will confirm the information We hold about you and how it is processed. As set out in the Regulation you can request the following information: 

 

  • Identity and the contact details of the person or organisation that has determined how and why to process your data. In some cases, this could be a representative in the EU. 
  • Contact details of the data protection officer, where applicable.
  • The purpose of the processing as well as the legal basis for processing.
  • If the processing is based on the legitimate interests of Crisscross or a third party, information about those interests.
  • The categories of personal data collected, stored and processed.
  • Recipient(s) or categories of recipients that the data is/will be disclosed to.
  • If We intend to transfer the personal data to a third country or international organisation, information about how We ensure this is done securely. 
  • How long the data will be stored.
  • Details of your rights to correct, erase, restrict or object to such processing.
  • Information about your right to withdraw consent at any time.
  • How to lodge a complaint with the supervisory authority.
  • Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
  • The source of personal data if it wasn’t collected directly from you.
  • Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.

Revisions to this Privacy Policy

This Privacy Policy may be revised from time to time so we can keep it up to date with global best practices, but we will always let you know when we do via email.

CONTACT DETAILS 

Email: info@crisscross.money

Address: 6th floor, Žalgirio av. 90, Vilnius, Lithuania, 090303

 

Contact

Contact Form

Address

6th floor Žalgirio av. 90 Vilnius, Lithuania

Legal

crisscross logo greenlinkedin logo

Crisscross does not offer regulated financial services. All regulated products and services are offered through our partners.