Data Protection and Privacy Policy

When using the website https://cruxpool.com/ (hereinafter the “Service”) and the Services available on Cruxpool’s Website (hereinafter the “Website”), ILIUM SA (hereinafter the “Company” or “Ilium”) may collect and process personal data (hereinafter the “Personal Data”) concerning the persons using the Service (hereinafter the “Users”).

The present Data Protection and Privacy Policy (hereinafter the “Policy”) aims at informing the Users of the use that ILIUM makes of their Personal Data, in compliance with the applicable French and European legislation, in particular with the Law n° 78-17 of January 6, 1978 relating to data processing, files and freedoms (hereinafter the “Data Protection Act”) and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of Personal Data and on the free movement of such Personal Data, and repealing Directive 95/46/EC (hereinafter the “GDPR”) (hereinafter together the “Applicable Regulation”).

By accessing and/or using the Service, the User agrees that his Personal Data may be collected and processed under the terms and conditions set forth below in this Policy.

The Policy is an integral part of the Terms and Conditions of Use of the Service (hereinafter the “TOS”) and should be read in conjunction with the TOS.

This Policy applies to all User (i.e. natural persons, as well as representatives and/or beneficial owners of legal entities) and potential Users showing interest in a Service or Product offered by Cruxpool/ILIUM.

This Data protection and Privacy Policy describes ILIUM’s obligations as Data Controller, indicates the rights of the Users and potential Users regarding the processing of their Personal Data, and provide the Users and Potential Users with the legally requisite information in this regard.

The Policy may be modified at any time by ILIUM, in particular in order to comply with any legislative, regulatory, jurisprudential, editorial or technical changes.

The User must therefore refer to the latest version of the Policy before any browsing.

I. Identity of the Data Controller

ILIUM, as “Data Controller” (namely the entity that determines the purposes and the means of processing of Personal Data), collects and processes the Personal Data (namely any information relating to an identified or identifiable natural person) of each User.

The Data controller is ILIUM S.A.S., a simplified joint-stock company (société par action simplifiée) registered in the Metz Trade and Companies Register under number 831 069 729, whose registered office is at 4 Rue Marconi, METZ 57070 (hereinafter referred to as “ILIUM”, “We”, “Us”, “Our”).

However, when visiting the website https://cruxpool.com, other companies are likely to collect personal data concerning the User. Some companies may, for example, publish cookies or tags.

II. Collection of Personal Data

In order to provide the Service to the Users, ILIUM may collect and process Personal Data concerning them depending on the Services they use and/or subscribe or are about to use and/or subscribe.

In particular, ILIUM may collect and process the following Personal Data:

1. Data transmitted directly by the User

Data related to the opening and management of an online account, including e-mail, user name, password.
Data related to the subscription to the newsletter;
Data related to interactions with the support service;
Data entered via contact forms
Data related to the crypto wallet.

2. Data collected when using the Services

When using the Services, ILIUM collects Data relating to the connection, the navigation, the interactions with the proposed advertisements, or the use of the Services.

3. Data collected through other sources

When using the Services and when the User has consented to it, data relating to interactions with social networks are collected.

Depending on the Services, ILIUM may collect and process the following categories of Personal Data:

Personal identification data (e.g. name, address, email);
Personal details (e.g. date of birth, gender);
Official identification data (e.g. ID card number, passport number);
Electronic identification data (e.g. IP address);
Biometric identifiers (e.g. dynamic signature);
Data relating to the activity of the data subject (e.g. employment status);
Data relating to the financial situation of the data subject (e.g. income, wealth, assets);
Identification data on the Blockchain (e.g. public address of the wallet/wallet);
Transactions made with Ilium/Cruxpool;
Data relating to habits and preferences (e.g. data collected from browsing the Site and using the online forms on the Web Site).

With a view to meeting its legal obligation to combat money laundering and terrorism financing, as well as its duty of care regarding the “know Your Customer” requirements, and whenever it strictly necessary, ILIUM processes data about convictions and penalties, and about the holding of public mandates.

III. Purposes of the processing

The User’s Personal Data are or may be collected and/or processed by ILIUM depending on the Services the User uses or for which he or she has subscribed or is about to subscribe in order to:

Provide the Service, ensure its proper functioning;
Improve the Service, in particular to optimize or offer new features to the Service;
Facilitate the User’s navigation;
Register Users for the Service (opening an online account, etc.) “ILIUM”;
Inform Users of ILIUM’s offers and news, unless the User objects, as well as of offers and news from ILIUM’s partners, if the User has given his consent;
Manage the User’s relationship;
Manage requests made by the User via the contact forms;
Manage billing and payment operations;
Adapt and optimize the display of content, including advertising, of the Service, to the parameters or preferences, skills and interests, known, assumed or inferred, of the User, which may result from his use of the Service, information he has entered or browsing and his interactions with the Service;
Measure the audience of the Service;
Make available sharing tools on social networks when the User has consented to the sharing of information;
Fight against fraud and unpaid bills; to the extend that this processing is necessary to comply with a legal obligation to which ILIUM is subject, including in particular regulations related to measures to combat money laundering and financing terrorism, “know your customer” obligation, and detection of fraudulent transactions;
Secure the web Site and prevent any kind of accident;
Oversee the security of ILIUM’s staff, its Users and potential Users; and protect the property for which it is responsible.

IV. Legal basis for processing

Under the Data Protection Regulation, to use the User’s Personal Data, ILIUM must ensure that it has one or more of the following legal bases:

the performance of a contract (for example to open and manage an account), when such processing is necessary for the performance of the contracts between ILIUM and the User or in order to take steps at the request of the User or potential User prior to entering into a contract, or
the execution of a legal obligation (e.g. to keep invoices), and when such processing is necessary to comply with a legal obligation to which ILIUM is subject, or
when it is in the legitimate interest of ILIUM, without infringing the rights and freedoms of the User, or
the User has given his consent.

ILIUM collects and processes on such information as is necessary for the provision of Services to the Users, and for compliance with its legal obligations. Personal Data are collected from Users (e.g. when a User opens an account, by means of a questionnaire) and third-parties (e.g. from duly instructed lawyers or notaries or national authorities).

Any refusal to disclose Personal Data to ILIUM or refusal to allow ILIUM to process such data, while being left to the discretion of the User, may impede the continuation of relations with ILIUM, or preclude the provision of certain products or Services by ILIUM.

The legal bases according to the categories of data and purposes are indicated in the table available in Article VII of this Policy.

V. Third-party Personal Data

A User who provides ILIUM with third-party Personal Data (e.g. Personal Data of family members) must obtain permission from said third-parties and inform them that ILIUM processes Personal Data for the same purposes and in the same way as described in this Policy in relation with the processing of Personal Data.

VI. Recipients of the data

The Data collected or processed when the User uses the Service are intended for ILIUM’s entities, for ILIUM’s authorized persons who, by virtue of their duties, need to have knowledge of them for the purposes of the processing, and for:

ILIUM’s service providers, in order to ensure the perfect provision of the Service.
The technical service providers chosen by ILIUM may, on behalf of and on the instructions of ILIUM, intervene in order to host and store the User Data on their servers and ensure the security of ILIUM’s technical infrastructure, such as OVH. They may also manage the User relationship through contact forms and conversational tools such as Hubspot, the loyalty program and marketing campaigns, such as Google.
ILIUM’s partners. Some partners, such as Sendinblue (account creation) and Mailchimp (newsletter), may be required to process Data in order to provide the Service and for statistical analysis and audience measurement, such as Smartlook, or for fraud management, such as Chainalysis.
Social networks (for example: Facebook, Instagram, twitter, Youtube) in the event that the User has expressly consented to the association of his User account with his accounts of use of these social networks at the time of his registration on the Site.
Administrative or judicial authorities. ILIUM may be required to communicate information relating to its Users, including Data, to administrative or judicial authorities, in particular in the context of the legal obligations ILIUM has to comply with. ILIUM may transfer Personal Data if it has a legal or regulatory requirement to do so or is instructed to do so by a public authority, within the legal limits.

These recipients of Personal Data must comply with their legal and contractual obligations regarding the protection of Personal Data, including applicable secrecy and confidentiality obligations.

ILIUM may also transfer Personal Data on the User’s instructions.

VII. Transfer of Personal Data outside the European Union

ILIUM does not transfer the User’s Personal Data outside the European Union. However, several of ILIUM’s service providers and partners may transfer Personal Data outside the European Union at their convenience. These are in particular social networks but also

Hubspot,
Contact for data protection:
Nicholas Knoop
HubSpot, Inc.
25 First Street, 2nd Floor
Cambridge, MA 02141 USA

Personal Data Controller:
Smartlook.com, s.r.o.
Šumavská 524/31,
Veveří, 602 00 Brno,
Czech Republic, EU
[email protected] or [email protected]

VIII. Transfer of Personal Data outside the European Union

ILIUM undertakes not to keep the User’s Personal Data beyond the period strictly necessary for the purposes of their processing and in accordance with the Applicable Regulations.
ILIUM undertakes to archive or delete the User’s Personal Data as soon as the purpose and/or the duration of their retention expire.
These maximum periods shall apply unless the User requests the deletion or the cessation of the processing of his Personal Data before the expiration of these periods.

	Categories of Personal Data	Purposes	Period of storage	Legal basis
Data transmitted directly by the User	Data related to the online account. Data related to interactions with the support service.	-To proceed with the registration of the Users to the Services. -To provide the Service and ensure its proper functioning. -To improve the Service, in particular to optimize or offer new features to the Service. -Manage the User’s relationship via the customer service; -Manage billing and payment operations;	Up to 3 years after the user stops working. Up to 3 years after the end of the user’s activity, then 5 years for the management of claims.	Contract (TOS) Legitimate interest -Consent -legitimate interest
Data collected when using the Services	Connection Data	-Security -legal obligation	13 months	-legitimate interest -legal obligation
	Navigation Data	– To facilitate the User’s navigation; -To measure the audience of the Service;	13 months	-Consent -legitimate interest
Other types of data	Data related to social networks	Provide sharing tools on social networks when the User has consented to share information	Duration of the relationship with the User	-Consent

IX. Security of Personal Data

In accordance with the Applicable Regulations, ILIUM processes Personal Data in a secure and confidential manner. In particular, ILIUM shall implement all technical and organizational measures to ensure the security and confidentiality of the Personal Data collected and processed, and in particular to prevent them from being distorted, damaged or communicated to unauthorized third parties, by ensuring a level of security appropriate to the risks associated with the processing and the nature of the Personal Data to be protected, taking into account the level of technology and the cost of implementation.

However, ILIUM cannot guarantee the confidentiality or deletion of Personal Data made public by the User in the public parts of the Service.

The Service may include links to external websites or sources. The User acknowledges that the Policy only applies to the use of the Service and does not cover in any way the information collected and/or processed on the external sites or sources whose link may appear on the Service. Consequently, ILIUM shall not be responsible for the practices of these external sites or sources with regard to the collection and processing of Personal Data, which are governed, where applicable, by the Personal Data policies specific to each of these external sites or sources.

X. Rights of the User on his personal data

The User of the Service has the following rights:

A right to access his or her Personal Data and to obtain a copy of it,
A right to rectify his or her Personal Data if such Personal Data are incomplete or incorrect,
A right to object to the collection and processing of the Data,
In case of exercise of the right to object, ILIUM shall cease processing the Personal Data, except in case of legitimate and compelling reason(s) for the processing, or to ensure the establishment, exercise or defense of its legal rights, in accordance with the Applicable Regulations.
A right to the deletion of his Data, under the conditions and within the limits specified in the Regulation and resulting in particular from ILIUM’s legal and contractual obligation,
A right to limit the collection and processing of his Data,
A right to the portability of its Data, namely the right to receive his or her Personal Data or to require such data to be communicated to another Data Controller in a structures, commonly used and machine-readable format.

Natural persons may, at any time, withdraw consent that they have given in cases where ILIUM has sought such consent for the processing of their Personal Data? The legality of the processing based on the consent granted before its withdrawal will not be affected.

These rights may be exercised by contacting ILIUM, the company that collected the Personal Data, in the following manner
By post, by writing to us at the following address
4 rue Marconi, METZ 57070
By e-mail [email protected]
ILIUM will send a reply within 1 month after the exercise of the right. In certain cases, linked to the complexity of the request or the number of requests, this period may be extended by 2 months.

Fate of data after the death of the user:
The User may formulate directives relating to the conservation, deletion and communication of his/her Personal Data after his/her death in accordance with Article 40-1 of Law 78-17 of 6 January 1978. These directives may be general or specific.
The User can formulate his anticipated directives by email [email protected] or by post at 4 rue Marconi, METZ 57070.

XI. Cookies and other tracers

When using the Service, information relating to the navigation of the User’s terminal may be recorded or accessed in Cookies files installed on the User’s terminal, subject to the choices that the User has expressed concerning Cookies and that the User may modify at any time. The policy relating to cookies and other tracers is accessible on Cruxpool’s Website.

XII. Profiling activities

For operational purposes and in order to provide its Users with the best possible Services, ILIUM may use profiling and automated decision-making. The profiling mechanism involves a series of automated processing operations using Personal Data, with the following objectives:

To seek and identify the common characteristics of individuals likely to be interested in a specific new or existing product or service provided by ILIUM;
To seek and identify a relatively homogeneous group of Users in term of products and Services used or acquired in order to gain a better understanding of the Users needs and to personalize its commercial offering;
To combat fraud, money laundering and terrorist financing by analyzing the User’s behavior when using some services (e.g. transaction history) against a set of predefined criteria that enables the detection of suspicious activity.

XIII. Contact and Complaints

For any request concerning the processing of his Data, the User may send a request by email to [email protected] or by post to the following address 4 rue Marconi, METZ 57070.

Complaints: In the absence of a response or if the User is not satisfied with the response provided, he or she may file a complaint with the CNIL: https://www.cnil.fr/fr/plaintes or by mail: Commission Nationale de l’Informatique et des Libertés – 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07.