Privacy Policy

GDPR Compliant Data Protection for Elite Clients

Data Controller Information

Company Details

Legal Name: CryptoElite Pro Limited
Registration: CEP-2024-ELITE-7892
FCA Reference: FRN-ELITE-789456
ICO Registration: ZA999888777

Contact Details

Address: 123 Crypto Elite Tower
Canary Wharf, London EC1V 2NX, UK
DPO Email: [email protected]
Privacy Email: [email protected]

1. Introduction

CryptoElite Pro Limited ("we", "our", "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, share, and protect your personal information in compliance with:

  • UK General Data Protection Regulation (UK GDPR)
  • Data Protection Act 2018
  • FCA regulations and guidelines
  • Anti-Money Laundering regulations
  • International data transfer requirements

Your Rights: Under GDPR, you have extensive rights over your personal data. See Section 8 for details.

2. Personal Data We Collect

Identity & Contact Data

  • • Full name and title
  • • Date of birth and nationality
  • • Contact details (email, phone, address)
  • • Government-issued ID documents
  • • Professional credentials
  • • Beneficial ownership information

Financial Data

  • • Bank account details
  • • Source of funds documentation
  • • Wealth verification
  • • Investment experience
  • • Risk tolerance assessment
  • • Transaction history

Technical Data

  • • IP address and geolocation
  • • Device and browser information
  • • Session logs and timestamps
  • • Security event data
  • • Platform usage analytics
  • • API access patterns

Compliance Data

  • • AML/KYC verification results
  • • PEP and sanctions screening
  • • Enhanced due diligence records
  • • Ongoing monitoring data
  • • Suspicious activity reports
  • • Regulatory correspondence

3. Legal Basis for Processing

Legal Obligation

Processing required to comply with FCA regulations, AML/KYC requirements, tax reporting, and other legal obligations.

Contract Performance

Processing necessary to provide our cryptocurrency services, execute transactions, and manage your account.

Legitimate Interests

Risk management, fraud prevention, security monitoring, and service improvement where not overridden by your rights.

Consent

Marketing communications, optional analytics, and non-essential processing where you have provided explicit consent.

4. How We Use Your Personal Data

Service Provision

  • Account opening and management
  • Transaction processing and settlement
  • Portfolio management and reporting
  • Customer support and communications
  • Platform access and authentication

Regulatory Compliance

  • KYC verification and ongoing monitoring
  • AML screening and transaction monitoring
  • Regulatory reporting and disclosures
  • Tax reporting and documentation
  • Audit and examination support

Risk Management

  • Fraud detection and prevention
  • Security monitoring and threat detection
  • Risk assessment and profiling
  • Market abuse surveillance
  • Cybersecurity incident response

5. Data Sharing and Disclosure

Regulatory Authorities

We may share data with FCA, HMRC, law enforcement, courts, and other regulatory bodies as required by law.

Service Providers

Custody providers, exchanges, payment processors, IT services, and professional advisors under strict confidentiality agreements.

Group Companies

Other entities within the CryptoElite Pro group for operational, risk management, and compliance purposes.

We DO NOT Sell Data

We never sell, rent, or trade personal data to third parties for marketing or commercial purposes.

6. International Data Transfers

Transfer Safeguards

When we transfer personal data outside the UK/EEA, we ensure adequate protection through:

  • Adequacy Decisions: Transfers to countries with adequate protection
  • Standard Contractual Clauses: EU-approved contract terms
  • Transfer Impact Assessments: Risk evaluation for each transfer
  • Binding Corporate Rules: Internal data protection standards

Current transfer destinations include: United States (cloud services), Singapore (custody), Switzerland (compliance services).

7. Data Security

Technical Measures

  • • End-to-end encryption
  • • Multi-factor authentication
  • • Network security monitoring
  • • Regular security audits
  • • Secure data centers
  • • Backup and recovery systems

Organizational Measures

  • • Staff training and vetting
  • • Access controls and permissions
  • • Data minimization policies
  • • Incident response procedures
  • • Regular compliance reviews
  • • Third-party security assessments

Certifications: ISO 27001, SOC 2 Type II, Cyber Essentials Plus

8. Your Data Protection Rights

Right of Access

Request a copy of the personal data we hold about you and information about how we process it.

Right to Rectification

Request correction of inaccurate or incomplete personal data.

Right to Erasure

Request deletion of personal data in certain circumstances (subject to legal retention requirements).

Right to Restrict Processing

Request limitation of processing in specific situations while maintaining data storage.

Right to Data Portability

Request transfer of your data in a structured, machine-readable format.

Right to Object

Object to processing based on legitimate interests or for direct marketing purposes.

How to Exercise Your Rights

To exercise any of these rights, contact our Data Protection Officer:

  • Email: [email protected]
  • Response Time: Within 1 month (complex requests may take up to 3 months)
  • Verification: Identity verification required for all requests
  • Fee: Usually free (excessive requests may incur reasonable fees)

9. Data Retention

Regulatory Requirements

Financial records: 7 years after relationship ends (FCA requirement)
AML/KYC data: 5 years after relationship ends (MLR 2017)
Transaction records: 5-7 years depending on asset type

Operational Data

Account data: Duration of relationship + 7 years
Communication records: 7 years
Technical logs: 2 years (unless longer retention required)

Marketing Data

Consent-based: Until consent withdrawn
Legitimate interests: 3 years since last interaction
Suppression lists: Maintained indefinitely

10. Changes to Privacy Policy

We may update this Privacy Policy periodically to reflect changes in:

  • Legal or regulatory requirements
  • Our services or business practices
  • Industry standards or best practices
  • Technology or security measures

We will notify you of material changes via email or platform notifications at least 30 days before implementation.

11. Complaints and Supervisory Authority

Right to Complain

If you believe we have not handled your personal data properly, you can complain to:

Information Commissioner's Office (ICO)

Website: ico.org.uk
Phone: 0303 123 1113
Post: Wycliffe House, Water Lane, Wilmslow, SK9 5AF

Contact Us First

We encourage you to contact us first so we can try to resolve your concerns directly.
DPO: [email protected]

Last Updated: December 2024 | Version 2.1
© 2024 CryptoElite Pro Limited. All Rights Reserved.