1. Data Controller

1.1 Who We Are

Pladinum Privacy SL
Trading as: Cryptvice
Registered Address: Avenida de Manolete, 3a, 29660 Marbella, Málaga, Spain
Tax Identification Number (NIF): ESB72758436
Commercial Registry: Registro Mercantil de Málaga

Cryptvice is the data controller responsible for processing your personal data as described in this Privacy Policy.

1.2 Contact for Data Protection

For privacy-related questions, requests, or to exercise your data protection rights, please contact:

Email: privacy@cryptvice.com
Postal Address: Data Protection, Pladinum Privacy SL, Avenida de Manolete 3a, 29660 Marbella, Spain

We aim to respond to all legitimate requests within one month.

2. Scope of This Policy

This Privacy Policy applies to:

• Visitors to www.cryptvice.com and related Cryptvice websites
• Customers (current, former, and prospective)
• Individuals who contact us for information, support, returns, or warranty service
• Job applicants and affiliate program applicants
• Business contacts and partners

This policy does not apply to third-party websites linked from our site. Please review their privacy policies separately.

3. Our Privacy-First Approach

3.1 Privacy by Design

As a privacy-focused company selling privacy-enhancing products, we practice what we sell. Our approach to data protection reflects our core values:

• Data Minimisation — We collect only the personal data necessary for specific, legitimate purposes
• Purpose Limitation — We use personal data only for the purposes for which it was collected
• Storage Limitation — We retain data only as long as necessary
• Security — We protect data using appropriate technical and organisational measures
• Transparency — We are clear about what data we collect and why

3.2 What We Do NOT Do

Cryptvice does not:

• Sell your personal data to third parties
• Share your data with advertising networks
• Use invasive tracking or profiling tools (e.g., Google Analytics, Facebook Pixel)
• Build advertising profiles based on your behaviour
• Track you across other websites
• Use your data for purposes you haven't consented to

4. Personal Data We Collect

4.1 Data You Provide Directly

When you interact with us, you may provide the following personal data:

Account and Order Information
• Full name
• Email address
• Billing address
• Shipping address
• Phone number (where required for delivery)

Communications
• Support inquiries and correspondence
• Return and warranty requests
• Feedback and reviews

Application Information
• Job applications (CV, cover letter, qualifications)
• Affiliate applications (website, payment details)

4.2 Transaction and Payment Data

When you make a purchase, we collect:

• Order details (products, quantities, prices)
• Payment status and transaction reference
• Invoice information

Important: We do not store full payment card details. Payment processing is handled by third-party payment processors (Stripe, PayPal, cryptocurrency processors) under their own security standards and privacy policies.

4.3 Technical Data

When you visit our website, we may automatically collect limited technical data:

• IP address (may be anonymised or truncated)
• Browser type and version
• Device type
• Pages visited and time spent
• Referral source

This data is used for:
• Website security and fraud prevention
• Error logging and troubleshooting
• Aggregated, anonymised analytics

We do not use technical data for advertising profiling or cross-site tracking.

4.4 Data from Third Parties

We may receive personal data from:

• Payment processors — Transaction confirmation and fraud signals
• Shipping carriers — Delivery status and address verification
• Public sources — Company registration data for business customers

5. Legal Bases for Processing

Under the General Data Protection Regulation (GDPR), we process personal data only when we have a lawful basis. The legal bases we rely on are:

5.1 Contract Performance (Article 6(1)(b))

We process personal data when necessary to perform our contract with you, including:

• Processing and fulfilling your orders
• Delivering products to your specified address
• Managing returns, refunds, and exchanges
• Providing customer support and warranty service
• Creating and managing your customer account

5.2 Legal Obligation (Article 6(1)(c))

We process personal data when required by law, including:

• Tax and accounting records (Spanish tax law requires retention for minimum periods)
• Responding to lawful requests from authorities
• Compliance with consumer protection laws
• Anti-money laundering requirements

5.3 Legitimate Interests (Article 6(1)(f))

We process personal data when necessary for our legitimate interests, provided these are not overridden by your rights. Our legitimate interests include:

• Protecting our website, services, and customers from fraud and abuse
• Improving our services and customer experience
• Administering our business operations
• Communicating about orders and service updates

You have the right to object to processing based on legitimate interests. See Section 11 for details.

5.4 Consent (Article 6(1)(a))

For certain processing activities, we rely on your consent:

• Marketing communications and newsletters
• Non-essential cookies and tracking technologies
• Processing sensitive data (where applicable)

Where we rely on consent, you have the right to withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

6. How We Use Your Data

6.1 Order Fulfilment

• Confirming and processing your orders
• Preparing and packaging products
• Arranging shipping and delivery
• Sending order confirmations and shipping updates
• Managing delivery issues

6.2 Customer Service

• Responding to inquiries and support requests
• Processing returns, exchanges, and refunds
• Managing warranty claims
• Providing product setup assistance
• Resolving complaints

6.3 Payments and Accounting

• Processing payments through third-party providers
• Generating invoices and receipts
• Managing refunds
• Maintaining accounting records
• Complying with tax obligations

6.4 Security and Fraud Prevention

• Protecting our website and systems
• Detecting and preventing fraud
• Verifying payment transactions
• Preventing abuse of our services
• Maintaining security logs

6.5 Service Improvement

• Analysing aggregated, anonymised usage patterns
• Identifying and fixing technical issues
• Improving website functionality
• Enhancing customer experience

6.6 Marketing (With Consent)

Only when you have opted in:
• Sending product updates and news
• Promotional offers and discounts
• Newsletter communications

You can unsubscribe at any time using the link in any marketing email or by contacting us.

7. Who We Share Data With

We share personal data only when necessary and with appropriate safeguards. We do not sell your data.

7.1 Service Providers (Processors)

We engage third-party service providers who process data on our behalf under contractual data processing agreements:

Shipping and Logistics
• DHL, FedEx, UPS, national postal services
• Purpose: Deliver your orders
• Data shared: Name, address, phone number, order details

Payment Processors
• Stripe, PayPal, cryptocurrency payment providers
• Purpose: Process payments securely
• Data shared: Transaction details, billing information

IT Infrastructure
• Hosting providers, email services, security tools
• Purpose: Operate and secure our services
• Data shared: As necessary for service operation

Customer Support Tools
• Help desk and communication platforms
• Purpose: Manage customer inquiries
• Data shared: Contact details, correspondence

7.2 Professional Advisors

We may share data with professional advisors (legal, accounting, tax) where necessary to:
• Obtain professional advice
• Establish, exercise, or defend legal claims
• Comply with legal obligations

7.3 Authorities

We may disclose personal data to authorities when:
• Required by law (court order, legal process)
• Necessary to protect our legal rights
• Required for fraud prevention or security purposes

We will notify you of such disclosures unless prohibited by law.

7.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the acquiring entity. We will provide notice and, where required, seek your consent.

8. International Data Transfers

Some of our service providers may be located outside the European Economic Area (EEA). When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place:

8.1 Transfer Mechanisms

• Adequacy Decisions — Transfers to countries with EU-recognised adequate protection levels
• Standard Contractual Clauses (SCCs) — EU-approved contractual terms ensuring equivalent protection
• Supplementary Measures — Additional technical and organisational safeguards where required

You may request information about the safeguards used for specific transfers by contacting us.

8.2 US Transfers

Where we transfer data to US-based service providers, we rely on SCCs and assess whether supplementary measures are required based on the nature of the data and the recipient.

9. Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected. Retention periods vary based on the type of data and legal requirements:

9.1 Retention Periods

Order and Transaction Data
• Accounting records: 6 years (Spanish tax law) to 10 years
• Order history: Duration of customer relationship + 3 years

Customer Support
• Support correspondence: 3 years from resolution
• Warranty records: Duration of warranty period + 1 year

Marketing Data
• Newsletter subscriptions: Until unsubscribe + 30 days
• Marketing preferences: Until withdrawal of consent

Security and Legal
• Security logs: Up to 12 months
• Legal claims: Up to 10 years (limitation period for contract claims in Spain)

Applications
• Unsuccessful job applications: 2 years
• Unsuccessful affiliate applications: 1 year

9.2 Data Deletion

When retention periods expire, we securely delete or anonymise personal data. For data stored by third-party processors, deletion occurs in accordance with their data processing agreements.

10. Data Security

10.1 Technical Measures

We implement appropriate technical measures to protect personal data:

• Encryption — TLS/SSL for data in transit, encryption for sensitive data at rest
• Access Controls — Role-based access, multi-factor authentication
• Firewalls and Monitoring — Network security and intrusion detection
• Regular Updates — Security patches and system updates
• Secure Development — Security-focused development practices

10.2 Organisational Measures

• Staff Training — Data protection awareness training
• Access Limitation — Least-privilege access principles
• Vendor Assessment — Security evaluation of service providers
• Incident Response — Procedures for detecting and responding to breaches

10.3 Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours
• Notify affected individuals without undue delay (where required)
• Document the breach and our response measures

11. Your Rights

Under the GDPR and Spanish data protection law (LOPDGDD), you have the following rights regarding your personal data:

11.1 Right of Access (Article 15)

You have the right to:
• Confirm whether we process your personal data
• Obtain a copy of your personal data
• Receive information about how we process your data

We will provide the first copy free of charge. Additional copies may be subject to a reasonable fee.

11.2 Right to Rectification (Article 16)

You have the right to request correction of inaccurate personal data and completion of incomplete data. We will rectify data without undue delay.

11.3 Right to Erasure (Article 17)

You have the right to request deletion of your personal data when:
• The data is no longer necessary for the purposes collected
• You withdraw consent (where consent is the legal basis)
• You object to processing and there are no overriding legitimate grounds
• The data was unlawfully processed

Exceptions: We may retain data where necessary for legal claims, legal obligations, or public interest.

11.4 Right to Restriction (Article 18)

You have the right to restrict processing when:
• You contest the accuracy of the data (while we verify)
• Processing is unlawful but you prefer restriction over erasure
• We no longer need the data but you need it for legal claims
• You have objected to processing (while we verify legitimate grounds)

11.5 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller, where:
• Processing is based on consent or contract, and
• Processing is carried out by automated means

11.6 Right to Object (Article 21)

You have the right to object to processing based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.

You have an absolute right to object to direct marketing at any time.

11.7 Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significant effects.

We do not currently engage in automated decision-making of this nature.

11.8 How to Exercise Your Rights

To exercise your rights, contact us at:

Email: privacy@cryptvice.com
Subject: Data Subject Request — [Your Request]

Please provide sufficient information to verify your identity. We may request additional proof of identity for sensitive requests.

Response Time: We will respond within one month. Complex requests may be extended by two additional months with notification.

No Fee: Exercising your rights is free of charge. We may charge a reasonable fee for manifestly unfounded or excessive requests.

12. Complaints

If you believe we have not handled your personal data properly, we encourage you to contact us first so we can address your concerns.

You also have the right to lodge a complaint with a supervisory authority:

12.1 Spanish Supervisory Authority

Agencia Española de Protección de Datos (AEPD)
C/ Jorge Juan, 6
28001 Madrid, Spain
Website: www.aepd.es
Phone: +34 901 100 099

12.2 Other Authorities

If you are located in another EU/EEA country, you may also complain to your local supervisory authority. A list of authorities is available at: edpb.europa.eu/about-edpb/about-edpb/members_en

13. Cookies and Tracking

We use minimal cookies and tracking technologies in line with our privacy-first approach. For detailed information about the cookies we use and your choices, please see our Cookie Policy.

Key Points:
• We do not use Google Analytics or similar invasive tracking
• We do not use advertising or retargeting cookies
• We use only essential cookies required for website functionality
• You can manage cookie preferences through our consent banner

14. Children's Privacy

Our services are not directed at children under 18 years of age. We do not knowingly collect personal data from children.

If you believe we have inadvertently collected data from a child, please contact us immediately at privacy@cryptvice.com, and we will take steps to delete the data.

15. Third-Party Links

Our website may contain links to third-party websites, including:
• Social media platforms
• Partner websites
• External resources and tools

Cryptvice is not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal data.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in:
• Our data processing practices
• Legal or regulatory requirements
• Our services or business operations

When we make material changes, we will:
• Update the "Last Updated" date at the top of this policy
• Post a notice on our website
• Where required, notify you by email

We encourage you to review this policy periodically. Continued use of our services after changes constitutes acceptance of the updated policy.

17. Contact Us

For privacy-related questions, requests, or concerns:

Pladinum Privacy SL (Cryptvice)
Data Protection Team
Avenida de Manolete, 3a
29660 Marbella, Málaga, Spain

Email: privacy@cryptvice.com
General Support: support@cryptvice.com
Website: www.cryptvice.com/contact

We aim to respond to all privacy inquiries within 5 business days.

Related Documents

This Privacy Policy should be read in conjunction with:

• Terms and Conditions — Terms governing use of our website and services
• Cookie Policy — Detailed information about cookies and tracking
• Shipping & Returns Policy — Information about delivery and returns

© 2026 Pladinum Privacy SL. All rights reserved.