Last updated: 21 January 2021


This privacy policy (hereinafter – the “Privacy Policy”) governs the manner in which CFX QUANTUM platform (hereinafter – the “CFX QUANTUM”, “we”, “us”, “our”) collects, uses, processes, stores and discloses information received from users of our websites ;; (“Websites”) and our APP “CFX Quantum ZEROONE Wallet” on Google Play Store and Apple Store in order to provide you with services available (hereinafter – the “Services”). The Websites and Apps receive customer data for Astrafin Advisors LLC.

We respect the privacy of all users of the Websites and ensure that Personal Data of the consumers is treated confidentially and in compliance with applicable laws and regulations.

This Privacy Policy applies to the Website, the Services and products offered by CFX QUANTUM (whenever you use Services through the Websites or mobile applications or by corresponding with us – for example by email or by filling massaging form on the Websites).

We assume that you have carefully read this document and accepted it. If you do not agree with this Privacy Policy, then you should refrain from using our Websites, mobile applications and/or Services or opening an Account. This Privacy Policy is an integral part of our User Agreement.

If you have any questions regarding this Privacy Policy and/or questions/requests regarding your Personal Data, please contact our Data Protection Officer at [email protected].

What is GDPR, who is under compliance?

The General Data Protection Regulation (“GDPR”) is EU privacy and data protection law. It calls for more granular privacy guardrails in an organization’s systems, more nuanced data protection agreements, and more consumer-friendly and detailed disclosures about an organization’s privacy and data protection practices.

This Regulation applies to the processing of Personal Data wholly or partly by automated means and to the processing other than by automated means of Personal Data which form part of a filing system or are intended to form part of a filing system. Generally, The GDPR requirements apply to all companies, institutions, and organizations that process Personal Data.

Processing Personal Data is a broad concept under the GDPR

The GDPR governs how Personal Data of individuals may be processed by organizations. “Personal Data” and “processing” are frequently used terms in the legislation, and understanding their meanings under the GDPR illuminates the true reach of this law:

Personal Data is any information relating to an identified or identifiable individual. This is a very broad concept because it includes any information that could be used on its own, or in combination with other pieces of information, to identify a person. Personal Data is not just a person’s name or email address. It can also encompass information such as financial information or even, in some cases, an IP address. Moreover, certain categories of Personal Data are given a higher level of data protection because of their sensitive nature. These categories of data are information about an individual’s racial and ethnic origin, political opinions, religious and philosophical beliefs, trade union membership, genetic data, biometric data, health data, information about person’s sex life or sexual orientation, and criminal record information (including Personal Data about criminal offences or alleged offences).

Processing of Personal Data is the key activity that triggers obligations under the GDPR. Processing means any operation or set of operations that is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. In practical terms, this means any process that stores or consults Personal Data is considered processing.

The GDPR can apply to organizations located outside the EU

The GDPR is relevant to any globally operating company, not just those located in the EU. Under the GDPR, organizations may be in scope if (i) the organization is established in the EU, or (ii) the organization is not established in the EU but the data processing activities are with regard to EU individuals and relate to the offering of goods and services to them or the monitoring of their behavior.

Personal Data collection and usage

We will collect, store and use your Personal Data for the purposes set in this Privacy Policy.

We have identified the types of Personal Data we may use about you and how and why we will use them in the table below.

What Personal Data we may collect

How we may use your Personal Data

Personal Data that our customers give us to register with us:

  • your contact details including: your name, address, email address, and telephone number(s);
  • your identification details, including your date of birth, gender, country of residence.
  • other non-mandatory data used to better understand the knowledge of the users and the suitability of our websites and applications.


We may use this Personal Data to:

  • process your registration request;
  • on-board you as a customer;
  • provide our products and services;
  • manage and administer our services including your account with us;
  • communicate with you about your account and our services, including informing you of our products and services;
  • send personalized offers of services and products.

Know Your Client (KYC) Personal Data from you, third parties and/or publicly available sources including:

  • passport or other government-issued identity document;
  • your photography;
  • Proof of Address: official documents from thrd parties that demonstrate your effective Address.
  • documents establishing your source of funds;
  • results of KYC or Politically Exposed Person (PEP) checks, including information collected by our suppliers;
  • other Personal Data if provided during passing KYC/compliance/verification procedures (including additional), etc.

We may use this Personal Data to:

  • carry out regulatory checks and meet our obligations to our regulators;
  • help us ensure that our customers are genuine and to prevent and detect fraud, money laundering and other crime (such as terrorist financing and offences involving identity theft).

Personal Data you provide as part of your account with us including:

  • your account name and marketing preferences.

We may use this Personal Data to:

  • provide our services to you;
  • manage and administer your account with us;
  • communicate with you regarding your account and our services.

Personal Data relating to your use of our Services including:

  • your orders, instructions to us;
  • your transactions using your account(s), including your account(s) in third-party bank(s), financial institution(s), payment card details, etc., the amount, originator or beneficiary, and time/date of the transfers you make and receive;
  • information about the digital device through which you access our services, such as device type, operating system, screen resolution, unique device identifiers, the mobile network system;
  • IP address;
  • date and time of log-in and requests;
  • Personal Data in your correspondence with us, by email, telephone, messaging, texts, on-line chats, via social media, or otherwise;
  • whether you’ve clicked on links in electronic communications from us, including the URL click stream to our website;
  • Personal Data that you provide in response to our surveys.

We may use this Personal Data to:

  • provide our services to you;
  • manage and administer our services and systems;
  • check if you are in a location or using a device consistent with our records in order to help prevent fraud;
  • develop and improve our services based on analyzing this information, the behaviors of our users and the technical capabilities of our users;
  • improve our services to better suit the behaviors and technical capabilities of the users of our service;
  • answer any issues or concerns;
  • monitor customer communications for quality and training purposes.

Personal Data that we collect from third parties in order to be able to register you as a customer or to provide services to you:

  • Personal Data related to payments to or from your accounts with us, provided by payment processing services, banks, card schemes and other financial services firms;
  • Personal Data from credit reference agencies or fraud prevention agencies.

We may use this Personal Data to:

  • provide our services to you;
  • manage and administer our services and systems;
  • help us to prevent and detect fraud.

Personal Data that we collect through your use of our website (whether or not you have registered for our services) including:

  • device information such as operating system, unique device identifiers, the mobile network system;
  • hardware and browser settings;
  • date and time of visits;
  • the pages you visit, the length of the visit, your interactions with the page (such as scrolling, clicks and mouse-overs), methods to browse away from our website, and search engine terms you use;
  • IP address.

We may use this Personal Data to:

  • develop new services based on the information being collected, the behaviors of our users and the technical capabilities of our users;
  • identify issues with the website, including website security, and user’s experience of it;
  • monitor the way our website is used (including locations it is accessed from, devices it is accessed from, understanding peak usage times and analyzing what functionality and information is most and least accessed), where our customers have come from online (such as from links on other websites or advertising banners), and the way in which our website is used by different users groups;
  • do statistical analysis and research with the purpose of better understanding the breakdown of our customers, their use of our services, and what attracts our customers to our services.

Personal Data that we collect from individuals representing organizations such as our corporate customers and suppliers, including:

  • names, roles, and contact details of individuals working for organizations;
  • other Personal Data regarding such individuals;
  • any Personal Data contained in correspondence with those individuals.

We use this Personal Data to:

  • build relationships with other organizations;
  • provide marketing communications to these individuals;
  • improve our services and develop new services based on the preferences and behaviors of these individuals;
  • obtain services for our business.

Direct Marketing

Please note that you if you have given explicit consent for marketing communications, this can be withdrawn at any time. You can also unsubscribe from our marketing communications.

Please be aware that from time to time we may need to contact you regarding operational issues or to adhere to the performance requirements of our contract with you. These will not be marketing communications and we will operate under legitimate interests in order to contact you for these reasons.

Legal requirements

We need to collect certain types of Personal Data for compliance with legal requirements relating to our anti-fraud and Anti-Money Laundering / Countering Financing of Terrorism/ Know Your Customer obligations. If this Personal Data is not provided, we cannot agree to provide a service to you.

Your Personal Data may also be processed if it is necessary on reasonable request by a law enforcement or regulatory authority, body or agency or in the defense of a legal claims. We will not delete Personal Data if relevant to an investigation or a dispute. It will continue to be stored until those issues are fully resolved.