search

PRIVACY, DATA PROTECTION AND COOKIE POLICY OF HUGS LIMITED

(“Company” or “we” or “us” or “our”)

Within our Privacy Policy, we describe how we collect, use, and otherwise handle any Personal Information that you provide or make available to us directly (through direct contact when you prospect or engage us to provide you with services) or through our website https://crtr.tech (“Websites”) and explains the circumstances in which we may transfer this to others.

The handling of personal data is treated seriously and the company respects privacy and rights to control personal data.

The Company collects personal data when an individual registers their personal details directly with the Company in respect of the token sale.

Personal information that we collect:

The types of information that we may collect from you (directly or indirectly) are the following:

  • Your name;

  • Your email address;

  • Your physical address;

  • Your IP address;

  • Your MAC address;

  • Any other information that you choose or are required to provide us when filling out a contact form on our websites or contribute to our projects;

  • Your geographic location (country/territory where you are living and/or working);

  • Your bank account details (when the service provided requires the holding of such information);

  • Any public key information on virtual asset wallets;

  • Your passport copy or other documentation proving your identity;

  • Any other additional information we may be obliged to collect in order to comply with applicable AML and KYC laws, as follows:

    • Date and place of birth (for an individual);

    • Nationality;

    • Gender;

    • Phone number;

    • Proof of a residential address (for an individual), or a principal place of business, local office, or other physical location (for a person other than an individual); and

    • Proof of identification with a photograph (selfie with passport in hand as we may prescribe).

How we use your Personal Information

We may use your Personal Information for our business purposes such as:

  • To process and respond to enquiries and provide our services or support to your HUGS Token contributions;

  • To manage our relationship with you;

  • To send notices, newsletters, publications;

  • For record keeping, internal reporting and research purposes;

  • To ensure network and information security;

  • To notify you about changes to our services;

  • To send information to you regarding changes to our Terms and Conditions of Service, our Privacy, Data Protection and Cookie Policy, or other legal agreements;

  • To meet legal requirements;

  • To investigate any complaint you may make;

  • To provide evidence in any dispute or anticipated dispute between you and us;

  • To customise various aspects of our websites to improve your experience;

  • To host, maintain and otherwise support the operation of our websites;

  • For the detection and prevention of fraud and other criminal offences and for risk management purposes and compliance with AML and KYC laws and regulations;

  • For business and disaster recovery (e.g. to create back-ups);

  • For document retention/storage;

  • For database management;

  • To ensure the quality of the services we provide to our users.

In addition, we may use your Personal Information for further specific purposes made clear at the point of collection.

If you choose not to provide Personal Information requested by us, we may not be able to provide you with the information and/or services you have requested or otherwise fulfil the purpose(s) for which we have asked for the Personal Information. If you wish not to receive any marketing materials, please contact us directly to privacy@hugs.limited.

Legal grounds for collection and use of Personal Information

We process your personal information where we need to do so:

  • Where an individual or a legal entity has actively registered their interest through the Company’s website and personal information may be required of natural persons connected with any such legal entity (where relevant), the lawful basis for holding and processing personal data would be a ‘contractual’ basis.

  • Personal data collected is subject to third-party checks as part of the token sale requirement to combat money laundering. In these circumstances where there is a direct contractual relationship between the Company and the individual, the Company is collecting and processing personal data on the basis of legitimate interest in responding to your queries and providing services and/or information to you. By providing personal data for this purpose individuals accept and agree that the basis upon which the Company is processing personal data is legitimate interest. The Company shall only process personal data in accordance with Gibraltar’s data protection obligations which may include but at the time of writing may not be limited to the General Data Protection Regulation as may be applicable in Gibraltar by virtue of legislation following the United Kingdom’s departure from the European Union.

  • The Company would also retain and process personal data if there is a legal obligation to do so. In order to operate and improve the business, there is also a valid legitimate interest basis for holding and processing of personal data.

The Company might also have requested explicit consent in order to use personal data. Where the Company processes personal data based on consent, individuals have a right to withdraw consent at any time.

How and when do we share information with third parties?

Some services that we provide require the involvement of third parties. We have carefully selected these third parties and taken steps to ensure that your Personal Information is adequately protected. Details about how we share Personal Information with third parties is set out below:

(a) Sharing with other third parties

We share your Personal Information with:

  • Our accountants, auditors, lawyers or similar advisers when we ask them to provide us with professional advice, however, in certain instances we may be prevented from requesting your consent by statute or otherwise (including but not limited to, for example, tipping off);

  • Any other third party if we are under a duty to disclose or share your personal Information in order to comply with any legal obligation, or to protect the rights, property and/or safety of the Company, our personnel, or others; or

  • Any other third party for the purposes of acting in accordance with the requirements of a court, regulator, or government agency, for example, complying with a search warrant or court order or acting in accordance with an applicable law or regulation.

How long do we store personal information?

It is our policy to retain your personal Information for the length of time required by the specific purpose or purposes for which it was collected. However, we may be obliged to store some Personal Information for a longer time, taking into account factors including:

  • Legal obligation(s) under applicable law to retain data for a certain period of time;

  • The statute of limitations under applicable law(s);

  • (potential) disputes; and

  • Guidelines issued by relevant taxation or data protection authorities.

Data Subject Right

Individuals have certain rights over their personal data and data controllers are responsible for fulfilling these rights. The Company is the data controller, where we decide how and why personal data is processed.

Under Gibraltar law obligations on the processing of personal information that is currently applicable by virtue of the General Data Protection Regulation as may be applicable in Gibraltar from time to time by virtue of Gibraltar law giving effect to European Union regulations following the United Kingdom and Gibraltar’s departure from the European Union, individuals have a right to:

a) Know what data is processed, how it is processed and shared and to receive a copy of their personal data;

b) Erasure, where there are no laws or regulations which mandate the retention of that data;

c) Rectification of inaccurate personal data;

d) Withdraw their consent;

e) Data portability;

f) Restriction of processing of specific personal data items;

g) Object to processing performed in the legitimate interests of the Company subject to the objection being evaluated in the context of the risk to the data subject;

h) Object to direct marketing and have the direct marketing cease immediately;

i) Restrict or be subject to a decision based solely on automated processing;

j) Claim compensation for damages caused by a breach of the General Data Protection Regulations and/or Act.

Access to Personal Data

An individual’s right to access can be exercised in accordance with the EU General Data Protection Regulation 2016 as may be applicable. Any requests from data subjects about the information held on them must be documented and include the nature of the request and the response given.

To progress your request two forms of identification (ID) will also be required before any data is compiled, these must be dated within the last 3 months. We may also require reasonable proof that the request is genuine and made by you before we act on it.

The Company, upon being satisfied that an individual meets the criteria for disclosure of data under GDPR, will provide a response to the individual within the required time frames from that date.

Last updated