CypherCrescent Data Policy

Last updated September 19, 2025

Introduction

CypherCrescent is committed to protecting the personal information it collects and processes. This policy outlines the principles we follow when handling personal information, in line with applicable privacy and data protection laws. Please note that certain rights and obligations may vary depending on local regulations, in which case CypherCrescent will comply with those legal requirements.

Definitions

  • Data Subject: Any individual whose personal data is held by CypherCrescent.
  • Personal Data: Any information that identifies, directly or indirectly, an individual (e.g., name, date of birth, address, telephone number, email address).
  • Sensitive Personal Data: Information that, if misused, could cause unlawful or arbitrary discrimination or pose serious risks to the data subject (e.g., racial or ethnic origin, nationality, political opinion, religious or philosophical beliefs, physical or mental health conditions).

Both personal and sensitive personal data are collectively referred to as "personal information."

Collecting and Processing Personal Information

CypherCrescent collects and processes personal information strictly for legitimate business purposes, which will be communicated to the data subject at the time of collection. Personal information will only be used for its intended purpose and retained only for as long as necessary.

Sensitive personal data will only be collected:

  • Where required or permitted by law;
  • For legitimate business purposes; or
  • With the explicit consent of the data subject, which may be withdrawn at any time.

CypherCrescent does not sell, rent, or disclose personal information for direct marketing purposes.

Transfer of Personal Information

Personal information may be transferred outside a data subject's home country only when:

  • The data subject has given consent;
  • It is necessary or permitted by law in connection with CypherCrescent's business dealings with the data subject; or
  • Required by law.

CypherCrescent takes reasonable measures to protect the confidentiality and security of personal information during transfers and ensures an adequate level of protection in all receiving locations.

Onward Transfer to Third Parties

In limited cases, personal information may be shared with third parties providing services to CypherCrescent. Such disclosures will only occur if the third party provides sufficient assurances of implementing appropriate safeguards against unauthorised use, loss, or disclosure of personal information.

If CypherCrescent becomes aware that a third party is misusing or mishandling personal information, it will take steps to stop such practices.

Disclosures to third parties will only be made for:

  • The purposes stated in this policy;
  • A compatible purpose; or
  • A purpose explicitly authorised by the data subject.

Security of Personal Information

Access to personal information is restricted to authorised personnel with a legitimate, work-related need.

In the event of a data breach, CypherCrescent will issue breach notifications in accordance with applicable laws.

Data Subject Rights

While CypherCrescent holds personal information, data subjects may, in accordance with local laws:

  • Access their personal information;
  • Request updates, corrections, or deletion;
  • Supplement or modify the information.

CypherCrescent may charge a reasonable, cost-based fee for access or copies of records. For security reasons, verification of identity may be required before granting access.

Accountability and Contact

Questions, concerns, or complaints about this policy, or about CypherCrescent's handling of personal information, should be directed to CypherCrescent.

Policy Updates

CypherCrescent may update this policy from time to time. Revised versions will be posted here with the applicable revision date.