Privacy Policy


Date of last revision: 01.08.2023

Northcrypto.com is committed to protecting the privacy of its users and of the people visiting the website. When you create a user account and use our service we collect, use, share and retain information related to you in ways that are described in this Privacy Policy. Below we will tell you about the ways in which your information, especially information that can be connected to you personally, may be collected, used, retained, shared and deleted (all the aforesaid jointly and separately ”process”).

Please note that this Privacy policy may at any time be updated without a prior notice. You should regularly check the valid version at northcrypto.com. We strive to always inform our users of any significant amendments to this Privacy Policy at our website northcrypto.com.

1. Personal Data Controller

NorthCrypto Oy
2918254-9
Kristiinankatu 9, 20100 Turku, Finland

In case you have any questions concerning this Privacy Policy please contact us via email at support@northcrypto.com.

2. Data we process

1) Non-personal data

For purposes of this Privacy policy ”Non-personal data” shall mean data on the basis of which you can’t be identified and which is not considered to be personal data according to the legislation that is applicable to the controller. In addition Non-personal data means aggregate and anonymized data which is data that has been collected of the use of the services but from which all personally identifiable data has been removed. Non-personal Data may contain information that is ordinarily related to profiling users or other data on basis which persons can’t be identified.

We may use analytical tools to automatically collect and use some Non-personal data. The categories of Non-personal data we collect include, among others, (i) software and device data of the user, such as data concerning web browser, operating system settings and versions (ii) general data concerning typical uses and patterns of use of the service (iii) other Non-personal data which we deem necessary in order to further develop our services.

2) Personal data

For the purposes of this Privacy Policy ”personal data” shall mean any information relating to you and on basis of which you are identifiable as a natural person (”data subject”). Identifiable natural person is a person that can be directly or indirectly identified, especially on the basis of an identifier such as name, online identifier or one or more factors specific to your identity.

Personal data we collect may include:

  • Contact data: Your name, address, email address and other contact information, your banking information and other personal information that we may ask and that you give in context of communications related to the services or by using the services. Please note that in case you don’t provide us the aforementioned information you may not be able to use our services or some part of the services.
  • Customer due diligence data: Your name, address, personal identification number and information about whether you have been listed on a financial sanctions list published by the European Union or a member state of the European Union, and the information about whether you are a politically exposed person as defined in the Act on Detecting and Preventing Money Laundering and Terrorist Financing (444/2017), as well as other due diligence information as required by the law.
  • Communication data: Data concerning the communications between you and us, including but not limited to all messages, notifications, requests and other similar communications that take place via email, using the features of the service or by other means.
  • User account data: Data concerning the activity on your user account and your trade history, the settings of your user account, your payment information and any other information on your user account.
  • Financial data: Data concerning your income or/and assets or other financial matters that may affect the use of the services.
  • Technical data: Data concerning the use of the website such as how long do you stay on the website or any of its sub-sites, your IP-address, type of your web browser, operating system, websites from which you arrive on our website as well as the site from which you leave, the dates and times of the visits and other information concerning the use of the website.

3. How do we collect data

We may collect data concerning you by the following means:

Data given by you: You may give your personal data for instance in the following situations:

  • When you create the user account and identify yourself in order to use the services, for example when you insert information on the form used for registration, or in case we have required extra identification when you are providing the required information.
  • When you use the services, for instance make trades.
  • When you make requests on our technical support, or when you send us other messages via email or by other means.
  • Other situations related to using our website or services that require providing personal data.

Automated collect: We may collect, for instance, user account data, technical data and communications data via automated means when you use our services and website.

Third parties and public sources: We may receive your personal data from the following sources:

  • Service providers providing services related to customer due diligence.
  • Technical data from service providers providing analytical tools and marketing tools.

4. How we use your personal data

We may use or process your personal data for the following purposes:

  • To provide you our services.
  • To manage your user account and use of the services, including setting restrictions on the use of the services, such as restrictions on transmission of assets.
  • To charge you for the services and collect our receivables if necessary.
  • To answer your inquiries concerning the services and to give you relevant information concerning the use of the services, such as updates on maintenance breaks, new features and matters related to the use of the services and your other actions that are related to the services.
  • To send you information concerning offers related to the use of the services or products or other services that according to our assessment may interest you. However, we will send the aforementioned messages only on the condition that we have your consent where such consent is required.
  • To protect and maintain our network and services and to prevent, identify and fix technical problems and security risks.
  • To confirm your identity and to prevent, detect and investigate frauds, money laundering, criminal activities and other misuses of the services.
  • To meet our legal obligations and to protect our own vital interests as well as those of third parties such other users of the services.
  • To study and to perform statistical analysis concerning the services, such as observing how the services are being used.
  • To be able to better allocate our resources and improving the services we provide to you and other users.

5. Legal basis for processing

We may process your personal data on different basis, including:

  • To form and to perform a contract with you, including the obligations set forth in the Terms of Use of the service.
  • To comply with our legal obligations.
  • On the basis of our legitimate interests, such as:
    • To ensure the security of our networks, data and assets.
    • To protect our important interests or those of third parties such as other users of the service.
    • To inform you about our products and services which according to our assessment might interest you.
    • To manage and in general conduct our business.
    • To prevent, detect and investigate fraud, money laundering, criminal activities and other misuses of the services.
  • To protect the vital interests of any party.
  • On the basis of your specific consent (only where the law requires or allows such consent). Where processing of your personal data is based on consent you are entitled to withdraw your consent at any time.

6. Retention of personal data

We will retain your personal data as long as it is necessary for the purposes for which the data is processed.

We shall determine the appropriate retention period on the basis of the extent, nature and sensitivity of the data. In addition we will consider the risk of damage related to possible misuse of the data or disclosure of the data; the purposes for which the data has been processed as well as legal obligations. We assess regularly what data we will retain and for the part we determine that retaining data is not necessary we will delete or anynomize the data, or in case the aforesaid is not possible (for instance for backed up data), we will retain the data in a safe manner and effectively isolate it from any further processing.

Please note that we may continue processing some personal data even after you have ceased using the services, especially in case law or order given by authorities requires the retention, or in case retention is necessary to protect our important interests or those of third parties such as other users of the service, including the reactivation of your user account without losing any data in case you decide to continue using the service, collecting payments and receivables, fixing technical problems and preventing security risks, preventing, detecting and investigating fraud, money laundering, criminal activities and other misuses of the service, to enforce our contractual rights or present claims or defending against claims presented to us, or defending our rights and assets to those of our users.

7. How we share your personal data

We may share your personal data with the following:

  • Companies that are part of the same group of companies with us.
  • Our partners and agents that are involved in providing the services you use.
  • Companies that produce operations for us or on our behalf. These include, for instance, server providers, providers of analytical tools, marketing and communications services and providers of customer due diligence services.
  • Our consultants such as auditors, legal advisors, book keepers and other consultants.
  • Providers of servicers related to prevention of fraudulent actions and debt collecting companies.
  • Authorities, courts of law and regulatory bodies or other public entities in case sharing personal data is required or allowed by the law.

In all cases your personal data will be shared solely for the purposes mentioned in this Privacy Policy and only to the extent it necessary for the said purposes.

We may also share your personal data with third parties in order to defend ourselves against hostile of fraudulent actions, or when resorting to legal remedies in order to minimize the damage inflicted to us, or in case we will sell, merge, or de-merge or otherwise re-organize our business and a new party shall become the controller.

8. How we secure your personal data

We use appropriate technical and organisational measures in order to protect your personal data. The measures we use are proportional to the risk caused by processing personal data and will protect your data from malicious or accidental destroying, disappearing, altering or unauthorized access to or disclosure of the data. Our personnel has been trained to observe information security in their work and access to personal data is limited only to those members of the personnel for whom the access is absolutely necessary. Our personnel, agents, partners and service providers will process your personal data solely according to the instructions given by us and under a confidentiality obligation.

9. International transfers of data

We will keep your personal data on secure servers in secure geographical locations within the European Economic Area (EEA). Your personal data may be transferred only to a country outside the European Union or European Economic Area that has been assessed by the European Commission to guarantee an adequate level of data protection. We may also transfer your personal data to another country on the condition that we undertake the appropriate safeguards. By the safeguards we will require from the recipient of the data that your personal data will remain protected in accordance with this Privacy Policy in spite of the transfer. The safeguards include, for instance, incorporating the standard data protection clauses adopted by the European Commission into the agreement concerning the transfer. Please contact us in case you wish to have more information on the safeguards. In one-off situations the transfer to outside the European Economic Area may also take place on the basis of your consent or the fact that we are performing a service that you have specifically requested for. The transfer may also be based on the fact that the applicable data protection legislation allows the transfer for some other reason.

10. Automated decision making

We reserve the right to make automated decisions that concern our users. The decision may be based for instance on algorithm or profiling method using machine learning. In case we start using automated decision making that has a significant effect on you we ensure that you have the possibility to demand that a human will process the data and to right to express your opinion and the right to contest the decision. We will separately inform in the aforementioned situations.

11. Opting out of our newsletter

Users registered at Northcrypto.com will receive our newsletter to the email address they have provided us. You may opt out of the newsletter by using the link included in the newsletter for the purpose of opting out.

12. Your rights

You have the right to receive a confirmation from us on whether we process your personal data, and to the extent we process your personal data you have the right to have access to the data and the right to demand the rectification and completion of inaccurate or incomplete data. In certain situations and/or for certain type of data, for certain purpose of processing or for certain legal basis you may also have the right to demand the erasure of some personal data, restriction on processing, to object the processing and/or to receive the data in a commonly used electronic form.

Please contact us in case you have questions concerning your rights as described above.

If you consider our processing activities of your personal data to be inconsistent with applicable data protection laws, you may lodge a complaint with the responsible supervisory authority. Contact information for the supervisory authority in Finland can be found here: www.tietosuoja.fi.

13. Using cookies

We use cookies in order to improve your user experience as well as the quality of the service and to analyse the use our website for purposes of marketing and quality control. Examples of the data we collect is the type of web browser, operating system, website from which you enter and from which you leave our website, date and time and the sub-sites you browse at our website. The collected data usually does not make it possible to identify individual user, and we never try to connect the data collected by cookies to you.

We may use cookies provided by third parties in order for our partners to support us for instance in analysing and assessing the use of our website and targeting our marketing. We use Google Analytics which is one of the most common and trusted analytical tools. The cookies of Google Analytics may for instance track how long you spend time on our website and which sub-sites you visit. You can have more information of Google Analytics and its cookies at the Google Analytics info page.

You may change the settings of your web browser in a way in that either all cookies or cookies that are not used in our service will be blocked. You may also change your browser settings so that you will always be informed of the use of cookies. Some third parties enable blocking cookies by setting available at website of such third party.

Please note that in case all cookies have been blocked our service may not function for some parts or at all.