Политика конфиденциальности

1. Scope and Purpose

This Privacy Policy (the «Policy») explains how Kraster Technology Solutions Limited («Kraster», «we», «our»), a company incorporated in the Hong Kong Special Administrative Region, processes personal data in connection with:
• visiting our website or online store available on https://krasterwallet.com («Website»),
• purchasing Kraster hardware wallets or accessories («Products»), and
• contacting us through support or other communication channels.

This Policy applies worldwide. For users in the European Economic Area (EEA), processing is carried out in accordance with the General Data Protection Regulation (GDPR).

Kraster operates on a non-custodial basis. We never collect or store private keys, seed phrases, or other credentials that could control digital assets.

This Policy describes:
• what data we collect and why
• legal grounds for processing
• data sharing with service providers
• how long data is retained
• your rights and choices.

By using our website or purchasing our Products, you confirm that you have read and understood this Policy.

This Policy does not apply to the Kraster App. For app-specific information, see the Kraster App Privacy Policy.

2. Data Controller

The data controller for the processing described in this Policy is:
Kraster Technology Solutions Limited
A company incorporated in the Hong Kong Special Administrative Region
Registered office address: Hong Kong, Wan Chai, 171 Lockhart Road, Kingswell Commercial Tower, Flat A 8/F
Email: privacy@kraster.business

Kraster acts as the controller of personal data collected via our website and online store, including for the purposes of product sales, logistics, and customer communication.

You may contact us regarding privacy matters using the information provided in Section 12.

3. Categories of Personal Data We Collect

Depending on how you use our website or online store, we may process the following types of personal data:

a) Identification and contact data
Name and surname (as provided when placing an order); email address, telephone number (if you choose to provide it)

b) Order and delivery data
Delivery address and country of destination; products purchased and order history; delivery preferences and method

c) Technical and device data
Browser language and operating system version (used only to display the correct interface and payment options); device type and basic configuration data; IP address — stored temporarily in minimal security logs and not retained beyond the session

d) Account data
Account automatically created upon your first order, linked to your email address; purchase and delivery history associated with your account

e) Wallet data (non-custodial)
Cryptocurrency wallet address used for payment or order reconciliation. We do not collect or store private keys, seed phrases, or any credentials that can control digital assets

f) Support and communication data
Information you share when contacting Kraster support (requests, inquiries, feedback). Technical metadata of the communication (timestamp, channel)

g) Analytics data
Aggregated and pseudonymized usage statistics collected via analytics tools such as Google Analytics (activated only upon your consent)

Sources of data:
Information you provide directly (e.g., order details or support messages);
Data collected automatically from your browser or device (technical data and session logs);
Data obtained from trusted service partners, only as needed to complete your order or delivery.

4. Purposes of Processing and Legal Bases

We process personal data only for specific and limited purposes.
All data handling follows applicable privacy laws. For users in the EEA, this means compliance with the GDPR.

To process your orders and deliver Products:
We use your name, contact, and delivery details to confirm purchases, arrange shipment, and handle payments.
Legal basis: contract performance.

To provide and manage your customer account:
An account is automatically created upon your first order to display order history and status.
Legal basis: contract performance.

To communicate and provide customer support:
We use your contact and message details to respond to inquiries and ensure service quality.
Legal basis: contract and legitimate interest.

To localize your browsing experience:
We use limited technical data (such as browser language and region) to show relevant language, delivery, and payment options. This data is not stored beyond the session.
Legal basis: legitimate interest.

To maintain security and prevent misuse:
Minimal technical logs are used to protect the website and detect suspicious activity.
Legal basis: legitimate interest.

To comply with legal and tax obligations:
Some order and transaction data must be stored as required by law.
Legal basis: legal obligation.

To analyze website performance (optional):
We may collect aggregated or pseudonymized usage data via analytics tools. Activated only if you consent via our Cookie Policy.
Legal basis: consent.

To send occasional updates (optional):
If you subscribe or are an existing customer, we may send product or update emails. You can unsubscribe at any time.
Legal basis: consent or soft opt-in (where permitted).

No automated decisions:
Kraster does not use your personal data for automated decision-making that produces legal or similar effects. Localization by IP or browser settings is applied only for convenience.

5. Data Sharing: Processors and Independent Controllers

We do not sell, rent, or otherwise monetize your personal data. We share data only when it is necessary to operate our website, fulfil your orders, provide customer support, or comply with legal obligations.

Depending on the purpose, our partners may act as:
Processors - service providers that process personal data on our behalf and under written agreements ensuring appropriate data protection safeguards;
Independent сontrollers - partners that determine their own purposes and means of processing under their own privacy policies (for example, payment and delivery providers).

a) Processors
• Hosting and infrastructure: DigitalOcean (servers may be located outside the EEA).
• Email notifications: OneSignal (used to deliver order confirmations and support messages).
• Analytics (optional): Google Analytics – active only with your consent.

b) Independent сontrollers
• Payment providers: CloudPayments, Wise, 0xProcessing.
We do not collect or store payment card details; payments are processed directly by the providers under their own privacy policies.
• Logistics and delivery: CDEK and other carriers, who receive only the data necessary to deliver your order (recipient name, address, contact details).

c) Legal and compliance disclosures
We may disclose personal data only where required by applicable law or lawful request of public authorities.

d) Updates
Our list of service providers may change as our operations evolve. The current version is always available in this Policy.

6. International Data PrivacyPolicy

Your personal data may be transferred to and processed in Hong Kong and other countries where our service providers are located. Some of these jurisdictions may have data protection standards different from those of your home country.

When we transfer personal data internationally, we take steps to ensure that it remains protected:
• Standard contractual clauses (SCCs): used where applicable for transfers outside the EEA.
• Contractual and technical safeguards: our service providers are required to maintain appropriate security and confidentiality measures.
• Data minimization: only the data necessary for the specific purpose is transferred, and encrypted during transmission where feasible.

By using our website or purchasing our Products, you acknowledge that your data may be processed in these jurisdictions under appropriate safeguards.

7. Data Retention

We keep personal data only for as long as it is needed for the purposes described in this Policy, or as required by applicable law. Where possible, we apply shorter retention periods consistent with business needs and legal requirements.

Order and delivery data
Retained for as long as necessary to meet accounting, tax, warranty, or legal obligations. In most cases, this does not exceed five years, unless local law requires a longer period.

Account data
Retained while your account remains active and for a limited period after inactivity to support potential reactivation or inquiries. You can request deletion at any time, except where retention is required by law.

Support and communication data
Retained for a reasonable period (usually up to 12 months after resolution) to ensure service quality and maintain records.

Technical and session data
Stored only for the duration of your session, with minimal logs retained up to 12 months for security and fraud prevention.

Analytics data
Retained in aggregated or pseudonymized form, typically up to 14 months, and collected only with your consent via our Cookie Policy.

When data is no longer needed, we delete or anonymize it, unless the law requires longer retention.

8. Your Rights

Depending on your location, you may have certain rights in relation to your personal data.

For users in the European Economic Area (EEA), these rights are provided under the General Data Protection Regulation (GDPR):
• Access – to request confirmation whether we process your data and to receive a copy of it;
• Correction – to correct inaccurate or incomplete personal data;
• Deletion – to request that we delete your data, subject to legal or contractual retention requirements;
• Restriction – to limit the processing of your data in certain situations;
• Portability – to receive your data in a structured, commonly used format and transfer it to another controller;
• Objection – to object to processing based on legitimate interests or for direct marketing;
• Withdrawal of consent – where processing is based on consent (e.g., analytics), you can withdraw it at any time without affecting the lawfulness of prior processing.

Users outside the EEA may have similar rights under local laws, which we will respect to the extent applicable.

How to exercise your rights
You can contact us regarding any privacy matter at privacy@kraster.business or through our support form. We may ask for information to confirm your identity before processing your request.

We usually reply within one month, but complex requests may take longer, in which case we will inform you of the reason and expected timeframe. Some data may need to be retained for legal or accounting reasons even after a deletion request.

9. Data Security

We protect personal data using technical and organizational measures to prevent unauthorized access, loss, or misuse.

Our security framework includes:
• Encryption – applied to data in transit and, where relevant, at rest;
• Access control – limited to authorized personnel following the principle of least privilege;
• Secure infrastructure – maintained by trusted hosting providers that implement industry-standard safeguards;
• System monitoring – to detect and mitigate potential vulnerabilities.

Kraster does not collect or store payment card information. All payment data is processed directly by certified payment providers.

We regularly review and improve our security measures. While we take reasonable steps to protect your data, no system can guarantee absolute security.

Where required by law, we will notify the relevant authorities and, where applicable, affected users of any data breach.

10. Children’s Data

Our website and Products are intended for individuals aged 18 and over. We do not knowingly collect personal data from anyone under this age.

For users in the European Economic Area (EEA), if you are under 16 years old (or a lower age allowed by your country’s law), you must obtain permission from a parent or legal guardian before providing any personal data to Kraster.

If we learn that we have collected personal data from a minor without the required consent, we will delete it promptly. Parents or guardians who believe their child has provided data to Kraster can contact us at privacy@kraster.business.

11. Changes to This Policy

We update this Policy when our practices or laws change, or when we introduce new features.

The effective date at the top of this Policy shows when it was last updated. Updated versions will always be published on our website and, where relevant, in our application.

If we make material changes that significantly affect your rights or the way we process personal information, we will provide additional notice, such as by email (if available) or by means of a prominent notice on our website, before the new version takes effect.

By continuing to use our website or Products after the updated Policy becomes effective, you acknowledge and accept the revised version.

12. Contact Information

If you have any questions about this Privacy Policy or how Kraster handles personal data, please contact us:

Data Controller
Kraster Technology Solutions Limited
Registered office: Hong Kong, Wan Chai, 171 Lockhart Road, Kingswell Commercial Tower, Flat A 8/F

Contact for privacy matters
Email: privacy@kraster.business
Support form: https://krasterwallet.com/support

EU Representative
If appointed under Article 27 GDPR, their contact details will be published here. Until then, please direct any inquiries to Kraster directly.

Data Protection Officer (DPO)
Kraster has not appointed a Data Protection Officer at this time. If a DPO is designated in the future, their contact information will be added to this section.