Privacy Policy GDPR

CryptoSimple SAS is a French simplified joint stock company based at 2 rue Henri Barbusse 13001, Marseille, France, with a capital of EUR 105,309.00 and the following registration number: ‍897 452 306 R.C.S. Marseille. CryptoSimple is registered as a DASP (Digital Asset Service Provider) with the AMF under the number E2021-024.

The priority of CryptoSimple is to ensure that customers are confident in their privacy rights when using CryptoSimple services.

CryptoSimple gathers and safeguards customer personal information in compliance with European regulation « GDPR » (Regulation (EU) 2016/679).

CryptoSimple collects and uses personal data from customers in compliance with the following principles, as stated in article 5 of the GDPR regulation:

Lawfulness, fairness, and transparency: only lawful use cases are used to capture and process data. The customers are systematically informed of how their data is being used.
Limited purposes: the data is collected and processed for one or more particular purposes, which are described in detail in point 2 of the present Annex.
Minimisation of data collection and processing: only the data necessary for the proper fulfillment of the objectives pursued by CryptoSimple is collected.
Accuracy : the data is accurate and, where necessary, kept up to date; every reasonable step is taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
Limitation of data retention over time: personal data is retained for a limited period such as specified in point 4 of the document hereinafter.
Integrity and confidentiality of the data obtained and processed: CryptoSimple, as the data controller, guarantees the data's integrity and confidentiality.

CryptoSimple is committed to respecting all of these principles as part of its compliance with the GDPR.

The aim of the following policy is to inform customers about why CryptoSimple collects and handles their personal data, as well as how CryptoSimple uses and protects that data. CryptoSimple's privacy policy ensures that the consumer is aware of the following:

How and why personal data is collected for business operations.
Other purposes for which CryptoSimple collects such personal data.
The reasons for which personal data can be revealed and to whom.
How long CryptoSimple keeps personal information.
The customers rights and how to exercise them.
How to access and update personal information and privacy records, as well as how to get in touch with CryptoSimple.

Please note that CryptoSimple also has a cookies policy which can be found in the dedicated page.

How and why personal data is collected for business operations

CryptoSimple collects and uses only the personal data necessary for our business operations, allowing us to provide customers with customised services based on their profiles in the simplest way possible.

To do so, CryptoSimple needs the following personal information in order to open a CryptoSimple account:

Identification and contact details for the customer, customer surname, first name, place of birth, and date of birth, as well as face ID checks, passport and identification card numbers, postal and e-mail addresses, phone numbers, gender, age, and signature.
Tax information, family situation, employment information.
Banking, financial, and transaction data.
Identification and authentication data, in particular when using CryptoSimple services.

Please keep in mind that the above-mentioned list is not exhaustive, and it may be updated as required for industry, compliance, and regulatory reasons.

As previously stated, CryptoSimple requires the customer's data for business purposes, such as opening an account and offering premium customer service

A personal questionnaire is used for these purposes to ensure that CryptoSimple is able to:

Provides its customers with the necessary information they need.
If necessary, provide adapted assistance to its customers in using the solution.
Allow customers to use the services in a simple manner.
Provide security for the customers when they use the services.

Other purposes for which CryptoSimple collects such personal data

For compliance and regulatory reasons, personal data such as that listed above, as well as the ones listed below, is required:

Publications and databases made accessible by the official authorities (Official Journal).
Third parties such as business intelligence, and anti-fraud agencies, per data protection regulations.
Permits the Clients to use the Services in a simple manner.
Provides the security of the Clients while using the Services.

For business internal reasons:

Proof of transactions or operations.
IT management including infrastructure management (eg exchange platforms) and business continuity including personal safety.
Prevention of fraud and abuse (security measures, control of unusual transactions).
Establishment of anonymized statistical models, tests, for research and development, to optimize CryptoSimple risk management or improve our offer.

The reasons for which personal data can be revealed and to whom

To combat money laundering and terrorist funding (AML/FT regulations), such as Directive (EU) 2018/843.
Adherence to existing international sanctions and embargoes legislation.
To combat tax avoidance, as well as to comply with tax audits and reporting requirements.
To be able to respond to official requests from duly authorised public officials or judicial authorities, regulated professions such as lawyers, notaries, and auditors.

How long CryptoSimple keep personal information

CryptoSimple gathers and retains customer personal data for the length of time required to comply with relevant legal and regulatory requirements, or for a longer term that takes into account organizational limits, proactive customer relationship management, and responses to legal and regulatory requests.

Under legal guidelines, the bulk of consumer information is stored for a period of 5 years.

The Clients’ rights and how to exercise them

Customers have various privileges under the relevant legislation, including:

Right of access: Clients have the right to request information about how their data is processed as well as a copy of their personal information.
Right to rectification: If Clients feel their personal data is incorrect or incomplete, they have the right to request that it be corrected.
Right of cancellation: the Clients have the right to have their personal data erased under the legal parameters.
Right to limit processing: the Clients have the right to restrict the processing of their personal data.
Right of opposition: the Clients have the right to object to the processing of their personal data for reasons relating to their unique circumstance. The Clients have the absolute right to object to the collection of personal data for commercial prospecting, including profiling related to this prospection.
Right to the portability of the customer's data: If this right applies, the Clients have the option of having the personal data given to CryptoSimple returned to them or transferred to a third party where theoretically feasible.
Right to set guidelines for the retention, erasure, or disclosure of customer personal data, applicable after the Client’s death.
Right to withdraw the Client’s consent: If the Clients have agreed to the processing of their data, they have the right to withdraw their consent at any time.

The applicable regulations, entitle the customers to file a complaint about the competent supervisory authority such as the CNIL (National Commission for Informatics and Liberties) in France

How to access and update personal information and privacy records, as well as how to get in touch with CryptoSimple

CryptoSimple enables the simplest customer experience even for this purpose.

If the customers have any questions and want to review or alter their personal information about the use of their data, the customers can contact us by email at:

legal@cryptosimple.app