Article 1: Data controller

1.1. Who we are
Legal name: Pladinum Group SL
Trading as: Cryptvice
Registered address: Avenida de Manolete 3a, 29660 Marbella, Málaga, Spain
NIF: ESB72758436
Commercial registery: Registro Mercantil de Málaga

Cryptvice is the data controller responsible for processing your personal data as described in this privacy policy.

1.2. Contact for data protection
For privacy-related questions, requests, or to exercise your data protection rights, please contact:
Email: contact@cryptvice.com
Postal address: Data protection, Pladinum Group SL, Avenida de Manolete 3a, 29660 Marbella, Spain

We aim to respond to all legitimate requests within one month.

Article 2: Scope of this policy

This privacy policy applies to:
Visitors to www.cryptvice.com and related Cryptvice websitesCustomers (current, former, and prospective)
• Individuals who contact us for information, support, returns, or warranty service
• Job applicants and affiliate programme applicants
• Business contacts and partners
This policy does not apply to third-party websites linked from our site. Please review their privacy policies separately.

Article 3: Our privacy-first approach

3.1. Privacy by designAs a privacy-focused company selling privacy-enhancing products, we practise what we sell. Our approach to data protection reflects our core values:
• Data minimisation — we collect only the personal data necessary for specific, legitimate purposes
• Purpose limitation — we use personal data only for the purposes for which it was collected
• Storage limitation — we retain data only as long as necessary
• Security — we protect data using appropriate technical and organisational measures
•Transparency — we are clear about what data we collect and why

3.2. What we do not do
Cryptvice does not:
• Sell your personal data to third parties
• Share your data with advertising networks
• Use invasive tracking or profiling tools (e.g., Google Analytics, Facebook Pixel)
• Build advertising profiles based on your behaviour
• Track you across other websites
• Use your data for purposes you have not consented to

Article 4: Personal data we collect

4.1. Data you provide directly
When you interact with us, you may provide the following personal data:

Account and order information:
• Full name
• Email address
• Billing address
• Shipping address
• Phone number (where required for delivery)

Communications:
• Support inquiries and correspondence
• Return and warranty requests
• Feedback and reviews

Application information:
• Job applications (CV, cover letter, qualifications)
• Affiliate applications (website, payment details)

4.2. Transaction and payment data
When you make a purchase, we collect:
• Order details (products, quantities, prices)
• Payment status and transaction reference
• Invoice information
Important: we do not store full payment card details. Payment processing is handled by third-party payment processors (Stripe, PayPal, cryptocurrency processors) under their own security standards and privacy policies.

4.3. Technical data
When you visit our website, we may automatically collect limited technical data:
• IP address (may be anonymised or truncated)
• Browser type and version
• Device type
• Pages visited and time spent
• Referral source

This data is used for:
• Website security and fraud prevention
• Error logging and troubleshooting
• Aggregated, anonymised analytics
We do not use technical data for advertising profiling or cross-site tracking.

4.4. Data from third parties
We may receive personal data from:
• Payment processors — transaction confirmation and fraud signals
• Shipping carriers — delivery status and address verification
• Public sources — company registration data for business customers

Article 5: Legal bases for processing

Under the General Data Protection Regulation (GDPR), we process personal data only when we have a lawful basis. The legal bases we rely on are:

5.1. Contract performance (Article 6(1)(b))
We process personal data when necessary to perform our contract with you, including:
• Processing and fulfilling your orders
• Delivering products to your specified address
• Managing returns, refunds, and exchanges
• Providing customer support and warranty service
• Creating and managing your customer account

5.2. Legal obligation (Article 6(1)(c))
We process personal data when required by law, including:
• Tax and accounting records (Spanish tax law requires retention for minimum periods)
• Responding to lawful requests from authorities
• Compliance with consumer protection laws
• Anti-money laundering requirements

5.3. Legitimate interests (Article 6(1)(f))
We process personal data when necessary for our legitimate interests, provided these are not overridden by your rights. Our legitimate interests include:
• Protecting our website, services, and customers from fraud and abuse
• Improving our services and customer experience
• Administering our business operations
• Communicating about orders and service updates
You have the right to object to processing based on legitimate interests. See Article 11 for details.

5.4. Consent (Article 6(1)(a))
For certain processing activities, we rely on your consent:
• Marketing communications and newsletters
• Non-essential cookies and tracking technologies
• Processing sensitive data (where applicable)
Where we rely on consent, you have the right to withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

Article 6: How we use your data

6.1. Order fulfilment
• Confirming and processing your orders
•Preparing and packaging products
• Arranging shipping and delivery
• Sending order confirmations and shipping updates
• Managing delivery issues

6.2. Customer service
• Responding to inquiries and support requests
• Processing returns, exchanges, and refunds
• Managing warranty claims
• Providing product setup assistance
• Resolving complaints

6.3. Payments and accounting
•Processing payments through third-party providers
• Generating invoices and receipts
• Managing refunds
• Maintaining accounting records
• Complying with tax obligations

6.4. Security and fraud prevention
• Protecting our website and systems
• Detecting and preventing fraud
• Verifying payment transactions
• Preventing abuse of our services
• Maintaining security logs

6.5. Service improvement
• Analysing aggregated, anonymised usage patterns
• Identifying and fixing technical issues
• Improving website functionality
• Enhancing customer experience

6.6. Marketing (with consent only)
Only when you have opted in:
• Sending product updates and news
• Promotional offers and discounts
• Newsletter communications
You can unsubscribe at any time using the link in any marketing email or by contacting us.

Article 7: Who we share data with

We share personal data only when necessary and with appropriate safeguards. We do not sell your data.

7.1. Service providers (processors)
We engage third-party service providers who process data on our behalf under contractual data processing agreements:

Shipping and logistics:
• DHL, FedEx, UPS, national postal services
• Purpose: deliver your orders
• Data shared: name, address, phone number, order details

Payment processors:
• Stripe, PayPal, cryptocurrency payment providers
• Purpose: process payments securely
• Data shared: transaction details, billing information

IT infrastructure:
• Hosting providers, email services, security tools
• Purpose: operate and secure our services
• Data shared: as necessary for service operation

Customer support tools:
• Help desk and communication platforms
• Purpose: manage customer inquiries
• Data shared: contact details, correspondence

7.2. Professional advisors
We may share data with professional advisors (legal, accounting, tax) where necessary to:
• Obtain professional advice
• Establish, exercise, or defend legal claims
• Comply with legal obligations

7.3. Authorities
We may disclose personal data to authorities when:
• Required by law (court order, legal process)
• Necessary to protect our legal rights
• Required for fraud prevention or security purposes
We will notify you of such disclosures unless prohibited by law.

7.4. Business transfers
In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the acquiring entity. We will provide notice and, where required, seek your consent.

Article 8: International data transfers

Some of our service providers may be located outside the European Economic Area (EEA). When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place.

8.1. Transfer mechanisms
• Adequacy decisions — transfers to countries with EU-recognised adequate protection levels
• Standard contractual clauses (SCCs) — EU-approved contractual terms ensuring equivalent protection
• Supplementary measures — additional technical and organisational safeguards where required
You may request information about the safeguards used for specific transfers by contacting us.

8.2. US transfers
Where we transfer data to US-based service providers, we rely on SCCs and assess whether supplementary measures are required based on the nature of the data and the recipient.

Article 9: Data retention

We retain personal data only as long as necessary for the purposes for which it was collected.

9.1. Retention periods
Data type: Accounting records
Retention period: 6-10 years (Spanish tax law)

Data type: Order history
Retention period: Duration of customer relationship + 3 years

Data type: Support correspondence
Retention period: 3 years from resolution

Data type: Warranty records
Retention period: Duration of warranty period + 1 years

Data type: Newsletter subscriptions
Retention: Until unsubscribe + 30 days

Data type: Marketing preferences
Retention: Until withdrawal of consent

Data type: Security logs
Retention: Up to 12 months

Data type: Legal claims
Retention: Up to 10 years (limitation period in Spain)

Data type: Unsuccessful job applications
Retention: 2 years

Data type: Unsuccessful affiliate applications
Retention: 1 year

9.2. Data deletion
When retention periods expire, we securely delete or anonymise personal data. For data stored by third-party processors, deletion occurs in accordance with their data processing agreements.

Article 10: Data security

10.1. Technical measures
We implement appropriate technical measures to protect personal data:
• Encryption — TLS/SSL for data in transit, encryption for sensitive data at rest
• Access controls — role-based access, multi-factor authentication
• Firewalls and monitoring — network security and intrusion detection
• Regular updates — security patches and system updates
• Secure development — security-focused development practices

10.2. Organisational measures
• Staff training — data protection awareness training
• Access limitation — least-privilege access principles
• Vendor assessment — security evaluation of service providers
• Incident response — procedures for detecting and responding to breaches

10.3. Data breach notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:
• Notify the relevant supervisory authority within 72 hours
• Notify affected individuals without undue delay (where required)
• Document the breach and our response measures

Article 11: Your rights

Under the GDPR and Spanish data protection law (LOPDGDD), you have the following rights regarding your personal data:

11.1. Right of access (Article 15)
You have the right to:
• Confirm whether we process your personal data
• Obtain a copy of your personal data
• Receive information about how we process your data
We will provide the first copy free of charge. Additional copies may be subject to a reasonable fee.

11.2. Right to rectification (Article 16)
You have the right to request correction of inaccurate personal data and completion of incomplete data. We will rectify data without undue delay.

11.3. Right to erasure (Article 17)
You have the right to request deletion of your personal data when:
• The data is no longer necessary for the purposes collected
• You withdraw consent (where consent is the legal basis)
• You object to processing and there are no overriding legitimate grounds
• The data was unlawfully processed
Exceptions: we may retain data where necessary for legal claims, legal obligations, or public interest.

11.4. Right to restriction (Article 18)
You have the right to restrict processing when:
• You contest the accuracy of the data (while we verify)
• Processing is unlawful but you prefer restriction over erasure
• We no longer need the data but you need it for legal claims
• You have objected to processing (while we verify legitimate grounds)

11.5. Right to data portability (Article 20)
You have the right to receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller, where processing is based on consent or contract, and processing is carried out by automated means.

11.6. Right to object (Article 21)
You have the right to object to processing based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.You have an absolute right to object to direct marketing at any time.

11.7. Rights related to automated decision-making (Article 22)
You have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significant effects. We do not currently engage in automated decision-making of this nature.

11.8. How to exercise your rights
Email: contact@cryptvice.com
Subject line: Data subject request -- [your request]
Response time: Within one month (may be extended by two months for complex requests)
Fee: Free of charge (reasonable fee for manifestly unfounded or excessive requests)

Please provide sufficient information to verify your identity. We may request additional proof of identity for sensitive requests.

Article 12: Complaints

If you believe we have not handled your personal data properly, we encourage you to contact us first so we can address your concerns.You also have the right to lodge a complaint with a supervisory authority:

12.1. Spanish supervisory authority
Authority: Agencia Española de Protección de Datos (AEPD)
Address: C/ Jorge Juan, 6, 28001 Madrid, Spain
Website: www.aepd.es
Phone: +34 901 100 099

12.2. Other authorities
If you are located in another EU/EEA country, you may also complain to your local supervisory authority. A list of authorities is available at: edpb.europa.eu/about-edpb/about-edpb/members_en

Article 13: Cookies and tracking

We use minimal cookies and tracking technologies in line with our privacy-first approach. For detailed information about the cookies we use and your choices, please see our cookie policy.

Key points:
• We do not use Google Analytics or similar invasive tracking
• We do not use advertising or retargeting cookies
• We use only essential cookies required for website functionality
• You can manage cookie preferences through our consent banner

Article 14: Children’s privacy

Our services are not directed at children under 18 years of age. We do not knowingly collect personal data from children.

If you believe we have inadvertently collected data from a child, please contact us immediately at contact@cryptvice.com, and we will take steps to delete the data.

Article 15: Third-party links

Our website may contain links to third-party websites, including:
• Social media platforms
• Partner websites
• External resources and tools
Cryptvice is not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal data.

Article 16: Changes to this policy

We may update this privacy policy from time to time to reflect changes in:
• Our data processing practices
• Legal or regulatory requirements
• Our services or business operations

When we make material changes, we will:
• Update the “last updated” date at the top of this policy
• Post a notice on our website
• Where required, notify you by email
We encourage you to review this policy periodically. Continued use of our services after changes constitutes acceptance of the updated policy.

Article 17: Contact

For privacy-related questions, requests, or concerns:
Legal entity: Pladinum Group SL (Cryptvice)
Address: Avenida de Manolete, 3a, 29660 Marbella, Málaga, Spain
Email: contact@cryptvice.com
Support: support@cryptvice.com
Website: www.cryptvice.com

We aim to respond to all privacy inquiries within 5 business days.

Related documents

This disclaimer should be read in conjunction with:
• Terms and conditions — terms governing purchases and services
• Privacy policy — how we collect and process personal data
• Cookie policy — information about cookies and tracking
• Shipping and returns policy — delivery and return information