1. GLOSSARY

1.1. All capitalised terms used in this Privacy Policy (the Policy) shall have the following meaning:

1.1.1. Applicable Law - means laws, rules, and regulations applicable to the Company and/or the Client and their activities, including the provision and use of Services, including but not limited to the Federal Act on Data Protection (the FADP).

1.1.2. Account - means a unique user profile at the Client Portal assigned to the Client, enabling the Client to access the Services.

1.1.3. Company - means M Way AG, legal entity number: CHE­- 243.390.756, acting under the laws of Switzerland.

1.1.4. Client - means any legal or natural person who is a party to the Terms and Conditions and has either requested or is currently using the Services provided by the Company.

1.1.5. Client Portal - means a secure web-based platform operated by the Company, through which the Client accesses and utilises the Services.

1.1.6. Personal Data - means any information related to an identified or identifiable natural person (the Data Subject), as defined by the Applicable Law; this includes, but is not limited to, name, email, address, phone number, government-issued identification, financial data, transaction details, and online identifiers.

1.1.7. Services - means the services provided by the Company to the Client through its platform in accordance with the Terms and Conditions, and other agreements, if any.

1.1.8. Terms and Conditions - means the Terms and Conditions of the Company available at the Website.

1.1.9. Website - means the Company’s website, located here.

1.2. Other terms shall have the meaning given to them in the body of this Policy and Terms and Conditions.

1.3. The section headings are provided for convenience only and shall not influence the interpretation of this Privacy Policy. The words “include” and “including” shall be interpreted to mean “without limitation.” Any references to singular terms shall also apply to their plural forms and vice versa.

 

2. INTRODUCTION

2.1. The Company (hereinafter also referred to as we, us, or our) is committed to protecting your (hereinafter also referred to as you, your, user) privacy, the confidentiality of your Personal Data, and ensuring compliance with Applicable Laws. This Privacy Policy applies to all visitors who access our Website and/or Client Portal and Clients who utilise our Services, including any related functionalities, tools, or integrations owned or operated by the Company.

2.2. We encourage you to read this Privacy Policy carefully, as it forms an integral part of our Terms and Conditions. By accessing the Website, Client Portal, or using our Services, you confirm that you have read and agree to this Privacy Policy. If you do not agree with any provisions in this Privacy Policy, you must immediately cease using the Website, Client Portal, and discontinue access to our Services.

2.3. This Privacy Policy provides a transparent explanation of how we collect, process, store, protect, and disclose your Personal Data and covers:

2.3.1. The types of Personal Data we collect;

2.3.2. The purposes for which your Personal Data is collected and used;

2.3.3. How we store and protect your Personal Data;

2.3.4. How long we retain your Personal Data;

2.3.5. Circumstances under which we share your Personal Data with third parties;

2.3.6. Your rights under the GDPR and other Applicable Law.

2.4. We continuously improve our Website, Client Portal, and Services, and may develop or offer new features, functionalities, or services. If any new feature, functionality, or services materially change how we collect or process your Personal Data, we will notify you in advance. Unless stated otherwise, new features, functionalities or additional services will be subject to this Privacy Policy.

2.5. The Company is the data controller, meaning we determine the purposes and means of processing your Personal Data. In certain cases, we may share your Personal Data with affiliates or third-party service providers in compliance with this Privacy Policy and Applicable Law

2.6. If any discrepancies between this Policy and the Applicable Laws, are identified, the legal acts must be followed until such discrepancies are properly eliminated. If you notice any discrepancies between this Policy and the Applicable Laws, please contact us immediately by email at compliance@fincryptou.com.

 

3. PERSONAL DATA COLLECTION

3.1. We collect and process Personal Data in the categories described below.

(A) Personal Data provided by you:

3.2. We collect Personal Data that you voluntarily provide to us when you:

3.2.1. Register an Account on the Client Portal;

3.2.2. Use our Services;

3.2.3. Contact our customer support team or otherwise communicate with us;

3.2.4. Submit identity verification documents as required by AML/KYC laws and regulations.

3.3. Such Personal Data may include, but is not limited to:

3.3.1. Full name, email address, and phone number;

3.3.2. Date of birth, gender, nationality, and country of residence;

3.3.3. Home address, postal code, city, and country;

3.3.4. Photograph, signature, government-issued identification (passport, driver’s license, ID card);

3.3.5. Payment details, credit/debit card information, and bank account details;

3.3.6. Company registration details for legal entities, including the name, legal form, registration number, head office, ownership structure, shareholder and representative details, licence  details if applicable, AML/CTF documentation if applicable, sample client documentation if applicable;

3.3.7. Tax identification number;

3.3.8. Proof of address (utility bills, rental agreements, employer declaration, etc.);

3.3.9. Financial transactions history, transaction recipients, and transaction confirmations;

3.3.10. Crypto wallet addresses;

3.3.11. Source of wealth information (e.g., could include dividend statements, copies of sale contracts of tangible/intangible assets, payslips, employment agreements, agreements and invoices with third parties).

(B) Personal Data collected automatically:

3.4. When you access the Website and/or the Client Portal, we automatically collect:

3.4.1. Device type and unique identification numbers;

3.4.2. Browser type, version, and language settings;

3.4.3. Date and time of site visits and requests;

3.4.4. Online identifiers, including cookies and IP addresses;

3.4.5. Interaction history, such as clicked links, visited pages, and session duration;

3.4.6. Geographic location (non-precise, based on IP address);

3.4.7. Operating system version and technical logs.

(C) Personal Data from third-party sources:

3.5. We may collect the Personal Data from external sources, including:

3.5.1. Public databases (e.g., regulatory compliance databases);

3.5.2. Payment service providers (e.g., transaction verification);

3.5.3. Identity verification partners (e.g., KYC/AML compliance);

3.5.4. Technical service partners (e.g., cybersecurity firms monitoring fraud and suspicious activity);

3.5.5. Advertising and marketing partners (e.g., analytics and targeted advertising).

(D) Personal Data that we do not knowingly collect:

3.6. We do not knowingly collect sensitive Personal Data, such as:

3.6.1. Racial or ethnic origin;

3.6.2. Religious or philosophical beliefs;

3.6.3. Biometric data (only if required for identity verification under KYC/AML regulations).

3.7. If we receive any sensitive Personal Data unintentionally, it will be deleted unless required to be kept for regulatory compliance.

3.8. To verify your identity, we may engage a third-party service provider, who may apply different rules for processing Personal Data.

 

4. LEGAL BASIS AND PURPOSE FOR PROCESSING

4.1. We process your Personal Data based on one or more legal bases as outlined under the Applicable Law. Below are the primary legal grounds and the purposes for which we use your Personal Data.

(A) Contractual obligations and agreements:

4.2. We collect, process, and store your Personal Data where necessary to:

4.2.1. Provide you with access to the Client Portal and our Services;

4.2.2. Register, verify, and manage your Account;

4.2.3. Process orders and transactions;

4.2.4. Ensure compliance with contractual obligations under agreements concluded.

4.3. The legal basis  – processing is necessary for the performance of a contract to which you are a party.

(B) Compliance with legal and regulatory requirements:

4.4. We are subject to strict regulatory obligations under CFT laws, data protection laws, and other Applicable Laws, and to comply with these laws and regulations, we may:

4.4.1. Identify and verify the Client under the know-your-customer (the KYC) and AML procedures;

4.4.2. Monitor and report suspicious transactions to relevant regulatory authorities;

4.4.3. Retain transaction records in compliance with financial and crypto regulations;

4.4.4. Ensure compliance with taxation, anti-fraud, and risk management regulations.

4.5. The legal basis – processing is necessary to comply with legal obligations applicable to the Company.

4.6. We may process your Personal Data based on our legitimate interest in maintaining the security integrity, availability, and confidentiality of our systems and Services. This includes measures to:

4.6.1. Detect, investigate, and prevent fraudulent activities, unauthorised access or policy violations;

4.6.2. Monitor system integrity, respond to cyber threats, and enforce our Terms and Conditions;

4.6.3. Protect our users, infrastructure, and reputation from misuse, abuse, or criminal activity;

4.6.4. Assess and manage operational, legal, and reputational risks arising from service delivery.

4.7. Given the nature of our business as a crypto-asset service provider, we apply cryptocurrency-specific security protocols in addition to standard safeguards. The majority of customer funds are held in cold wallets, fully offline and inaccessible via the internet, while a limited portion is maintained in hot wallets under continuous monitoring. Multi-signature authorisation is required for all wallet transactions to prevent unilateral access.

4.8. We employ blockchain analytics tools to monitor transaction behaviour in real time, detect fraud, and identify interactions with high-risk addresses (e.g., mixers or obfuscation services). Private cryptographic keys are stored in encrypted hardware security modules (HSMs) with access restricted to authorised personnel under strict procedural controls.

4.9. The legal basis – processing is necessary for our legitimate interests, provided that such interests do not override your rights and freedoms.

(D) Marketing, promotion, and advertising:

4.10. We may use Personal Data to:

4.10.1. Send you promotional offers, newsletters, and product updates via email or notifications;

4.10.2. Provide personalized content and recommendations based on your usage;

4.10.3. Analyze marketing effectiveness and user engagement trends;

4.10.4. Collect feedback to improve customer service quality.

4.11. The legal basis for processing is we process your Personal Data for direct marketing purposes only with your explicit consent, or, where permitted, based on our legitimate interests in direct marketing.

4.12. The Personal Data may be processed for up to 2 years after consent, unless a different term is required under Applicable Law. You may withdraw consent or unsubscribe at any time by clicking the link in communications or contacting support@fincryptou.com.

(E) Exercising or defending legal claims:

4.13. We may use Personal Data in legal proceedings to:

4.13.1. Investigate, resolve, and respond to disputes;

4.13.2. Establish, enforce, or defend legal claims;

4.13.3. Cooperate with law enforcement, courts, or regulatory agencies as required by law.

4.14. The legal basis – processing is necessary for our legitimate interest in exercising or defending legal claims.

(F) Research and service development:

4.15. To improve our Website, Client Portal, and Services, we may:

4.15.1. Analyse usage trends and user behaviour to optimise platform functionality;

4.15.2. Conduct research, statistical analysis, and product development;

4.15.3. Test and deploy new features and enhance customer experience.

4.16. The legal basis – processing is necessary for our legitimate interests in improving and developing our Services.

(G) Communication and customer support:

4.17. We use Personal Data to:

4.17.1. Send emails, system updates, and Service notifications;

4.17.2. Respond to inquiries, complaints, and customer support requests.

4.18. The legal basis – processing is necessary for the performance of a contract (e.g., responding to support requests).

(H) Inquiries via Website or Client Portal:

4.19. When you submit an inquiry via the Website or the Client Portal, we may contact you using the contact details provided.

4.20. Personal data processed for the purpose of responding to your inquiry includes name, surname, email address, subject, and message content.

4.21. The legal basis - your consent to receive information.

4.22. The Personal Data provided may be processed and stored for 12 (twelve) months from the date of inquiry submission, unless a different term is established under the Applicable Law.

(I) The candidates’ data processing:

4.23. If you submit your CV via the Website, we may contact you using the contact details provided.

4.24. The legal basis - your consent to apply for the job positions being offered.

4.25. The Personal Data provided may be processed and stored for 12 (twelve) months from the date of your CV submission, unless a different term is established under the Applicable Law.

(J) No processing beyond stated purposes:

4.26. We will not process your Personal Data for any purpose not mentioned above unless:

4.26.1. You have provided explicit consent for such processing;

4.26.2. Processing is required by the Applicable Law;

4.26.3. Processing is necessary to protect vital interests (e.g., preventing harm).

 

5. SHARING PERSONAL DATA

5.1. We only share your Personal Data when necessary for:

5.1.1. Providing our Services;

5.1.2. Fulfilling legal obligations;

5.1.3. Protecting our security and business interests.

5.2. We will never sell your Personal Data to third parties. However, we may disclose your Personal Data under the circumstances provided below.

(A) Financial institutions and payment processors:

5.3. We may share your Personal Data with banks, financial institutions, and payment processors to:

5.3.1. Facilitate payments, withdrawals, and transactions;

5.3.2. Verify your identity and comply with AML regulations;

5.3.3. Detect fraudulent activities and unauthorised transactions.

(B) Legal and regulatory authorities:

5.4. We may share Personal Data if required by:

5.4.1. A court order, arbitration ruling, or government directive;

5.4.2. Regulatory authorities for AML/KYC compliance;

5.4.3. Law enforcement agencies that are investigating fraud, cybercrime, or illegal activity.

(C) Business transfers such as mergers and acquisitions:

5.5. In case of a merger, acquisition, restructuring, or asset sale, we may transfer your Personal Data to the acquiring entity; however, before such transfer:

5.5.1. We will ensure data protection safeguards are in place;

5.5.2. We will notify you before your data becomes subject to a different privacy policy.

(D) Service providers and business partners:

5.6. We work with trusted third-party providers who support our operations, including:

5.6.1. Cloud storage and IT service providers;

5.6.2. Fraud prevention and cybersecurity firms;

5.6.3. Identity verification and authentication services;

5.6.4. Marketing and analytics platforms;

5.6.5. Blockchain analytics tools to monitor transaction behaviour in real time, detect fraud, and identify interactions with high-risk addresses (e.g., mixers or obfuscation services).

5.7. All third-party service providers are contractually bound to:

5.7.1. Use your Personal Data only for specified purposes;

5.7.2. Implement security measures to protect your Personal Data;

5.7.3. Comply with applicable data protection laws.

(E) Legal, banking, and compliance advisors:

5.8. We may share Personal Data with law firms, auditors, tax consultants, and regulatory compliance advisors to:

5.8.1. Ensure legal and financial compliance;

5.8.2. Conduct internal audits and regulatory reporting;

5.8.3. Assess risks and maintain business continuity.

 

6. INTERNATIONAL TRANSFERS

6.1. We may share, transfer, or process your Personal Data outside Switzerland, including to jurisdictions that may not provide an equivalent level of data protection to that under Swiss data protection law, the European Economic Area (the EEA) or the United Kingdom (the UK). Such transfers may occur in particular where we:

6.1.1. Engage third-party service providers, affiliates, or business partners to support our operations and provide our Services;

6.1.2. Store or process data on cloud servers or IT infrastructure operated in other jurisdictions;

6.1.3. Facilitate international payments and financial transactions through banks, payment processors, or financial institutions operating globally;

6.1.4. Comply with legal obligations, including law enforcement requests and regulatory reporting in jurisdictions where we operate.

6.2. When transferring your Personal Data outside Switzerland, the EEA or the UK, we ensure an adequate level of data protection in accordance with the FADP and, where applicable, the EU General Data Protection Regulation (GDPR), by implementing one or more of the following safeguards:

6.2.1. Adequacy decisions – we may transfer Personal Data to countries that the Swiss Federal Council or the European Commission have recognised as providing an adequate level of data protection, without requiring additional safeguards.

6.2.2. Standard Contractual Clauses (the SCCs) – where no adequacy decision exists, we use SCCs approved by the European Commission and recognised by the Swiss Federal Data Protection and Information Commissioner (the FDPIC), adapted where necessary to comply with Swiss data protection law, requiring third-party recipients to provide an adequate level of protection for Personal Data,

6.2.3. Binding Corporate Rules (the BCRs) – where applicable, we ensure that intra-group transfers are governed by binding corporate rules approved by the competent supervisory authorities and recognised by the FDPIC, ensuring an adequate level of data protection for Personal Data.

6.2.4. Other legal mechanisms – in certain situations, we may rely on specific statutory exceptions and derogations under Applicable Law, such as your explicit consent or the necessity of the transfer for the performance of a contract with you or for the implementation of pre-contractual measures taken at your request.

6.3. Additional safeguards. We implement appropriate technical and organisational measures to ensure a level of protection appropriate to the risk when transferring Personal Data internationally, including:

6.3.1. Conducting transfer impact assessments and risk assessments before transferring Personal Data outside Switzerland, the EEA or the UK;

6.3.2. Limiting cross-border transfers to what is strictly necessary to perform our Services and comply with our legal obligations;

6.3.3. Continuously monitoring the legal and regulatory environment to ensure ongoing compliance with applicable data protection laws and regulatory guidance.

6.4. If you require further details regarding international data transfers, you may contact us at support@fincryptou.com. 

 

7. THIRD PARTY WEBSITES

7.1. Our Website, Client Portal, and Services may contain links, advertisements, or integrations that redirect you to third-party websites, applications, services, or platforms that are not owned or controlled by the Company. These third-parties operate under their own privacy policies and terms of use, and we do not control, endorse or assume responsibility for their data protection practices, security measures or content.

7.2. If you follow a link to, or otherwise interact with, a third-party service, the collection, processing, and use of your Personal Data will be governed by that third party’s privacy policy and terms, which may differ from ours. We strongly recommend that you carefully review the privacy policies and terms of any third-party website or service before providing any Personal Data or using their services.

7.3. Examples of third-party interactions may include, without limitation:

7.3.1. Clicking on an advertisement displayed on our Website, the Client Portal, and being redirected to an external website;

7.3.2. Using third-party payment service providers, banks or other financial institutions to complete a transaction;

7.3.3. Engaging with social media integrations (e.g., Facebook, Twitter, LinkedIn) that may track user activity.

7.4. If you create an Account or interact with our Services through a third-party platform (e.g., via a partner website, mobile application, or social media login), your Personal Data may be shared with the operators of that platform, meaning that:

7.4.1. Your Personal Data will be subject to that third party’s privacy policy;

7.4.2. The Company is not responsible for the manner in which that third party processes your Personal Data;

7.4.3. Any data protection requests, complaints, or disputes, relating to that third-party platform must be addressed directly to that provider.

7.5. We do not control and are not liable for the data protection practices, security measures or content of third-party websites or services. If you have concerns about how a third party processes your Personal Data, please consult their privacy policy or contact them directly.

 

8. RETENTION OF PERSONAL DATA

8.1. The Company retains your Personal Data only for as long as necessary to:

8.1.1. Provide, maintain, and improve our Services;

8.1.2. Fulfill contractual and legal obligations;

8.1.3. Ensure compliance with the Applicable Laws and regulations;

8.1.4. Meet accounting, tax, audit, and financial reporting requirements;

8.1.5. Investigate security incidents, fraud, and enforce our legal rights;

8.1.6. Defend against potential claims and disputes.

8.2. The retention period for different types of Personal Data depends on:

8.2.1. The nature of the data and its processing purpose;

8.2.2. Legal and regulatory requirements applicable to our business;

8.2.3. The existence of ongoing disputes or investigations;

8.2.4. Our legitimate business interests such as fraud prevention and cybersecurity.

8.3. Upon your request, we will delete or anonymise your Personal Data, provided that:

8.3.1. There are no pending legal or regulatory requirements that necessitate retention;

8.3.2. There is no ongoing dispute or unresolved issue related to your Account;

8.3.3. We do not need to retain your Personal Data for legitimate business purposes, such as:

(a) preventing fraud;

(b) complying with AML/KYC regulations;

(c) ensuring platform security.

8.4. We retain your Personal Data according to the following categories:

8.4.1. Account information – for the duration of the contractual relationship and for up to 10 years after termination, in accordance with statutory retention obligations and limitation periods;

8.4.2. Transaction and financial data – for at least 10 years from the end of the business relationship or the execution of the transaction, in accordance with requirements under the Applicable Law;

8.4.3. Identity verification data and beneficial owner information – for at least 10 years from the end of the business relationship, in accordance with requirements under the Applicable Law;\

8.4.4. Records for the prevention of money laundering, terrorist financing and sanctions compliance (including transaction monitoring, sanctions screening and transaction logs) – for at least 10 years from the end of the business relationship or the execution of the transaction, and longer where required by Applicable Law, a competent authority, or to establish, exercise or defend legal claims.

8.5. If you have closed your Account, we may continue to store limited Personal Data:

8.5.1. To comply with legal and regulatory obligations;

8.5.2. To defend against legal claims or prevent fraudulent activities;

8.5.3. To resolve any pending disputes.

8.6. Once the retention period expires, your Personal Data will be:

8.6.1. Permanently deleted from our systems;

8.6.2. Anonymised so it can no longer be linked to you;

8.6.3. Securely stored in an encrypted format, if required for historical or statistical purposes.

8.7. If you require further details about how long we retain specific data categories, please contact us at support@fincryptou.com.

 

9. PROTECTION OF PERSONAL DATA

9.1. We take the security of your Personal Data seriously and implement appropriate technical, administrative, and organisational measures to protect it against:

9.1.1. Unauthorised access, disclosure, or use;

9.1.2. Data breaches, cyberattacks, and hacking attempts;

9.1.3. Loss, alteration, or destruction;

9.1.4. Unlawful or unauthorised processing and misuse.

9.2. Our security measures include:

9.2.1. Data encryption - the Personal Data is protected both in transit and at rest using industry-standard encryption technologies such as AES-256 and TLS/SSL;

9.2.2. Access controls - access to Personal Data is restricted according to the principle of least privilege; only authorised personnel have access according to their role;

9.2.3. Multi-factor authentication (MFA) - the MFA is required for all administrative or privileged access to systems handling Personal Data;

9.2.4. Intrusion detection systems - real-time analytics and intrusion detection systems are used to identify suspicious activities;

9.2.5. Regular security audits - periodic penetration tests, vulnerability assessments, and internal security reviews are conducted;

9.2.6. Data minimisation - only Personal Data necessary for the legitimate purposes  is collected;

9.2.7. Anonymisation and pseudonymization - techniques are applied to protect sensitive Personal Data where feasible;

9.2.8. Incident response plan - a dedicated team is in place to promptly respond to and mitigate potential data security incidents or breaches.

9.3. While we take extensive steps to secure your Personal Data, you also play a role in protecting your Account. We strongly recommend that you:

9.3.1. Use a strong, unique password for your Account;

9.3.2. Enable multi-factor authentication (MFA);

9.3.3. Never share your login credentials with anyone;

9.3.4. Log out of your Account after each session, especially when using public or shared devices;

9.3.5. Beware of phishing emails and fraudulent requests pretending to be from the Company;

9.3.6. Regularly update your software and devices to protect against malware and security vulnerabilities.

9.4. If you believe your Personal Data has been compromised, accessed without authorization, or misused, please contact us immediately. We will investigate all security reports and take appropriate measures to resolve the issue.

 

10. PRIVACY RIGHTS

10.1. Depending on your jurisdiction, you may have the following privacy rights under the GDPR and other Applicable Laws:

10.1.1. Right to be Informed – you have the right to know how your Personal Data is collected, used, and stored;

10.1.2. Right to access – you can request a copy of the Personal Data we process about you;

10.1.3. Right to rectification – you may request correction of inaccurate or incomplete Personal Data;

10.1.4. Right to erasure – the right to be forgotten – you may request the deletion of your Personal Data, subject to legal obligations or contractual requirements;

10.1.5. Right to restrict processing – you can request that processing of your Personal Data be temporarily or permanently restricted under certain conditions;

10.1.6. Right to object – you can object to the processing of your Personal Data when it is based on legitimate interests or used for direct marketing;

10.1.7. Right to data portability – you may request a structured, commonly used, and machine-readable copy of your Personal Data to transfer it to another provider, where technically feasable;

10.1.8. Right to withdraw consent – if processing is based on your consent, you may withdraw it at any time;

10.1.9. Right not to be subject to automated decision-making – you may request human intervention in cases where decisions that significantly affect you are made through automated processes.

10.2. Limitations to your rights. Your privacy rights may be limited in certain circumstances, including:

10.2.1. Compliance with legal obligations, regulatory requirements, or industry rules;

10.2.2. Cases where retention of Personal Data is necessary for contractual, legal, or security purposes;

10.2.3. Situations where deletion or restriction would adversely affect the legitimate interests of the Company or third parties.

10.3. How can you exercise your rights:

10.3.1. To exercise your rights, please contact us at support@fincryptou.com; 

10.3.2. We aim to respond promptly and, in any event, within 30 days of receiving your request, unless otherwise required by Applicable Law;

10.3.3. If you are not satisfied with our response, you have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or, if applicable, the relevant data protection authority in your country of residence.

 

11. PERSONAL DATA OF CHILDREN

11.1. The Company does not knowingly collect, process, or store Personal Data from individuals under the age of 18. Moreover, our Services are strictly intended for adults, and we do not target or provide access to minors.

11.2. If we become aware that a minor under 18 years old has provided us with Personal Data, we will:

11.2.1. Immediately close the associated Account;

11.2.2. Securely delete the minor’s Personal Data from our systems, unless retention is legally required;

11.2.3. Take additional security measures to prevent further access.

11.3. If you believe that a minor has provided us with Personal Data, please contact us immediately at support@fincryptou.com so we can take the appropriate action.

11.4. In cases where a minor has fraudulently provided false age-related information to gain access to our Services, we disclaim liability for any resulting data processing but will take appropriate corrective actions once identified.

 

12. AMENDMENTS OF THIS POLICY

12.1. We may update, amend, or modify this Policy periodically to reflect:

12.1.1. Changes in legal or regulatory requirements;

12.1.2. Updates to our Services, technologies, or business practices;

12.1.3. Security or compliance improvements;

12.1.4. User feedback and best practices in the field of data protection.

12.2. When significant changes are made to this Privacy Policy, we will:

12.2.1. Provide you with a 60-day prior notice;

12.2.2. Made available the updated Privacy Policy on the Website;

12.2.3. Ensure continued compliance with Applicable Law.

12.3. Your continued use of our Services:

12.3.1. If you continue using the Client Portal and our Services after changes take effect, it will be deemed as acceptance of the updated Policy.

12.3.2. If you do not agree with any modifications, you must stop using our Services and request account closure by contacting us at support@fincryptou.com.

12.4. In case of non-significant changes to this Policy such as (i) style and grammar corrections, paraphrasing and moving a sentence, a clause for the sake of better understanding, or (ii) other changes which do not reduce or limit your rights and do not otherwise affect you negatively, we will not provide any prior notice to you.

12.5. We encourage you to review this Policy periodically to stay informed about how we protect your Personal Data.

 

13. CONTACT DETAILS

13.1. If you have any questions, concerns, or requests regarding this Privacy Policy, or if you wish to exercise your privacy rights, please contact our Data Protection Officer at:

13.1.1. email address of the Company: support@fincryptou.com;

12.1.2. registered office address specified on the Webiste.

13.2. We will respond to inquiries within the legally required timeframe, in accordance with the Applicable Law.

 

14. FINAL PROVISIONS

14.1. This Privacy Policy may be translated into multiple languages for convenience; however, the language in which the Privacy Policy was approved by you shall prevail in case of any discrepancies or conflicts.

14.2. If any provision of this Privacy Policy is found to be invalid or unenforceable under the Applicable Law, such provision shall be deemed ineffective only to the extent necessary without affecting the enforceability of the remaining provisions.

14.3. You confirm that you have read, understood, and fully accepted this Privacy Policy. You further acknowledge that you have independently assessed your rights, obligations, and any associated risks before starting to use our Website, the Client Portal, or Services.