Thank you for visiting FINETIX, a company with its registered name as FINETIX LIMITED S.R.L., registered address at Bucuresti Sectorul 1, Strada BUZESTI, Nr. 75-77, Camera 7, Etaj 9, Romania, and registered number: 51736231, (“FINETIX”, “we,” “us,” “our,” “ours”). By visiting, accessing, or using FINETIX and associated application program interface or mobile applications (as applicable and collectively, “Site”), or when you interact with us, you consent to the policies and practices of our privacy policy (“Privacy Policy”), PLEASE READ THIS PRIVACY POLICY CAREFULLY. This Privacy Policy explains how we use your personal data as we provide you with access and utility through our digital asset trading platform via software, API (application program interface), technologies, products and/or functionalities (“Service”). In the course of providing you our Service, to abide by the laws in the jurisdictions stated in this Privacy Policy, and to improve our services, we need to collect and maintain personal information about you. We may update this Privacy Policy at any time and from time to time by posting the amended version on this site.

You are advised to read this Privacy Policy in its entirety, as it constitutes an integral part of our FINETIX User Agreement (“User Agreement”). By establishing an account with FINETIX and utilizing the Site and our services, you expressly acknowledge that you have read, understood, and consented to the terms of this Privacy Policy.

We collect and process various categories of personal data at the initiation of our relationship and throughout its duration. We reserve the right to retain certain data beyond the termination of our relationship where there is a legitimate basis or legal obligation to do so. We ensure that all data collection and processing activities are strictly limited to that which is necessary to fulfill one or more of the lawful bases set forth in this Privacy Policy.

When you register an account or access our Site, we may require certain information to verify your identity and enable the provision of services, including the buying, selling, and trading of digital assets. Such data may include, but is not limited to:

Your full legal name, physical address, age, gender, signature, email address, mobile number, date of birth, nationality, passport number, driver’s license details, national identity card details, photographs, employment details, utility bills, and/or financial information. These data may even include biometric data about yourself, for instance, facial recognition data, fingerprint data, or other biometric data that may be used as a method of authentication on the device used to access the Site. To ensure compliance with anti-money laundering (AML) regulations and to detect and report suspicious activities, we may also further require submission of official identification documents (e.g., passport, driver's license or any government issued ID number), proof of residence, Email address, mobile phone number, full legal name (including former name, and names in local language), nationality, date of birth, proof of identity (e.g. passport, driver’s license, or government-issued ID), residential address, proof of residency, and proof of income. Furthermore, there may be case that other additional personal data or documentation at the discretion of our Compliance Team for legal purpose, your use of our Service or any other reason stated hereinafter.

Data pertaining to your use of the Site, including browser type, application version, access timestamps, viewed pages, IP address, other network identifiers, tap records, search history, installed apps, running apps, crash logs, user-generated content, favorites, mouse movement, scroll position, key events, touch events and the referring website URL.

Details concerning the computer, mobile or any other device used to access our Site, such as the hardware model, operating system and version, unique device identifiers, carrier, brand, software version, manufacturer, system language, OS version, locale, fingerprint, Build ID, baseband version, SIM country, SIM serial number, battery status, network, OAID, IMEI, IDFA, GUID, MAC address, Android ID, SSID, Advertising ID, gyroscope/accelerometer data, and mobile network information.

FINETIX Account/ Password, FINETIX Nickname, records of your activities on the Site, including your survey responses, information provided to our support team or user research team, other message content, feedback, Email, SMS, App Rating, comments, content you post, account details, transaction times, values, currencies, cryptocurrency prices, and payment methods. These data may even include audio, electronic, visual and similar information, such as call and video recordings.

We may collect precise location data from your device, subject to your express permissions.

We utilize technologies such as cookies and web beacons for data collection. For more detailed information, please consult our dedicated FINETIX Cookie Policy

Information about the transactions you make on the Site and/or data related to your use of our Services, such as the name of the recipient, your name, the amount, timestamp, deposit snapshots, account balances, trade history, order activity, distribution history, bank account numbers, e-wallet identification data, currency and cryptocurrency amounts, and account statements.

Your bank account information, payment card primary account number (PAN), account assets, transaction history, trading data, tax identification, e-wallet information, credit card details (including card number, expiry date, and CVC), and trading data.

Data collected to comply with legal requirements, including but not limited to results from Politically Exposed Persons (PEP) and sanction screenings, additional personal data required to prove Source of Funds (e.g., employment contract, inheritance certificate), and information on management structure and business activities.

We may collect information you provide during the FINETIX onboarding process, which may be a completed, incomplete, or abandoned process. Offering services to residents in certain jurisdictions, we collect, store, and process your personal information in accordance with the provisions of your local data protection laws such as General Data Protection Regulation (GDPR) and Data Protection Act.

We collect your personal data through the following channels:
(a) Information you provide to us directly when you contact us;
(b) Information we receive from third parties, including but not limited to service providers;
(c) Information acquired during the course of our business relationship and interactions with you;
(d) Information collected through your use of our websites, platforms, widget, feature, function, and applications; and
(e) Information obtained from publicly available sources.
(f) Information you provided when you sign up online, log in or access FINETIX, or use any FINETIX service;
(g) Information you provided when you voluntarily complete any user survey or provide feedback to us, through email or any other channel;
(h) Cookies through your browser or software when you use or browse our web pages or clients.
(i) Other situations of self-collecting information mentioned in this agreement.

To lawfully process personal data, we rely on one or more valid legal bases as prescribed by Data Protection Legislation. The reasons for our data collection and processing activities include:

This is the primary legal basis for most of our processing activities concerning the personal data of our customers. It encompasses both the pre-contractual phase (e.g., account registration) and the entire term of the contractual agreement.

We are legally obligated to process personal data to comply with various statutory and regulatory requirements beyond Data Protection Legislation. This includes, for example, retaining records as required by law and conducting investigations, due diligence, and reporting for AML and other regulatory purposes.

We may process your personal data when it serves our legitimate interests or those of a third party, provided that these interests are not overridden by your fundamental rights and freedoms. We will always (i) identify the legitimate interest, (ii) demonstrate that the processing is necessary to achieve this interest, and (iii) perform a balancing test against your rights and freedoms. Examples of such interests include: marketing activities, the exercise, establishment, or defense of legal claims, and the prevention of fraud.

While we generally rely on other legal bases for processing personal data, we will obtain your explicit consent when legally required. Such consent will be obtained fairly by clearly informing you of the purpose and requiring a clear, affirmative action from you (e.g., ticking a box or toggling a switch). Consent may be required for: activating specific features within mobile applications and the placement of cookies and similar technologies, in accordance with our Cookie Policy.

We may utilize the personal data you provide or that we collect, in accordance with this Privacy Policy and relevant laws, for the following purposes and methods:

Most of our services are subject to laws and regulations, requiring us to collect, use and store your personal data in specific ways. For example, FINETIX must identify and verify customers that are using our services comply with cross-jurisdictional anti-money laundering laws. This includes collecting and storing photos of your ID. We will have to close your account if you do not provide the personal information as required by law.

We actively monitor, investigate, prevent and mitigate any potential prohibited or illegal activities, enforce our agreements with third parties, and prevent and inspect violations of User Agreement. We may need to assess your risk score based on our established parameters, to determine your eligibility for specific client classifications (e.g., professional, wholesale, institutional), to enforce or defend our legal rights, to satisfy our internal policy requirements, to maintain administrative records related to our business operations, and/or to implement security measures for your account, including two-factor authentication. In addition, we may need to charge you for your use of our services. We collect information about your account usage and closely monitor your interactions with our services. We may use any personal information we collected about you for these purposes.

We process your personal information to help detect, prevent and reduce fraud and abuse of our services, and to protect your account security.

We will require access to your personal information in order to provide you with services and to verify your identity and perform legally mandated checks, including but not limited to "Know Your Client," AML, fraud, sanctions, and PEP screenings. For example, when you wish to use the OTC service on our platform, we will require specific information such as your identity, contact information, and payment information, or we cannot provide you with services without such information. Third parties such as identity verification service providers may also collect your personal information when providing identity verification and/or fraud prevention services.

We will send you management or account-related information to let you know about the latest information about our services, to notify you of related security issues or updates, or to provide other trade-related information. Without these communications, you may not be aware of the important developments related to your account, which may affect your use of our services. Such as to tailor the products and services offered on our Site to your specific needs, which may involve conducting suitability or appropriateness assessments that requires communication. Further, to manage your ongoing requirements and our relationship with you, including processing transactions, troubleshooting issues, and preventing or investigating illegal activities would also require us to communicate with you. Such communications may be conducted electronically. You cannot choose to refuse to receive critical service communications, such as emails or text messages sent for legal or security purposes.

We will access to your personal information when you contact us to resolve any issues. We will not be able to respond to your request and ensure that you use the service uninterrupted if you do not process your personal information. For instance, to contact you regarding your account, including requesting additional information or documentation, or to transmit notices related to your account and/or general updates.

We will process your personal information to improve security, monitor and verify your identity and access to our services, combat spam or other malicious software or security risks, and comply with applicable security laws and regulations. It is especially important that we obtain timely and accurate information about how you use our services. We may not be able to ensure the security of our services if you do not process your personal information.

We will access your personal information to better understand how you use and interact with our services. In addition, we will also use this information to customize and improve the content and layout of our services, as well as to develop further services. We may not be able to ensure that you will be able to continue to enjoy our services if you do not process your personal information.

We will access your personal information to provide you with a personalized experience and to fulfill your needs. For example, you can allow us to access certain personal information stored by third parties. We may not be able to ensure that you can continue to enjoy some or all of our services if you do not process your personal information.

We may access any information about your account and your use of our services in the event of a corporate acquisition, merger or other corporate transaction. If you do not wish for your personal information to be processed for these purposes, you may choose to close your account.

We may send you marketing communications (such as emails or text messages), market updates, and marketing materials concerning our services to inform you about our events or the activities of our partners, to provide targeted marketing, and to offer you promotional offers. Our marketing strategy will be based on your advertising and marketing preferences and as permitted by applicable law. If you do not wish for us to send you marketing information, you may opt out of these communications at any time by providing us with written notice in the method and format that we require.

We may disclose your personal information for any purpose that you have consented to.

Notwithstanding the foregoing, we may also share, transfer and/or disclose your personal data to the below persons, entities or circumstances specified below:

Personal information that we process and collect may be transferred between FINETIX companies such as our current and future parent companies, affiliates, subsidiaries, and other companies under common control and ownership, as a normal part of conducting business and offering our Services to you.

We may employ other companies and individuals to perform functions on our behalf. Or cooperate, contract, partner with other professional advisors, vendors, consultants, and service providers (including, but not limited to, transaction service providers, IT hosting companies, banks, financial institutions, and credit reference agencies) who require access to this information to perform services on our behalf and are bound by confidentiality obligations. Examples include analysing data, providing marketing assistance, processing payments, transmitting content, assessing and managing credit risk, and coding and developing of FINETIX related mobile and/or other forms of portable applications (including FINETIX application on Google Play and/or Apple Store).

We may be required by law or by court to disclose certain information about you or any engagement we may have with you to relevant regulatory, law enforcement and/or other competent authorities. In response to a lawful request for information where we have a good faith belief that disclosure is necessary or mandated by applicable laws or legal processes, including requests from public authorities for national security or law enforcement purposes. We will disclose information about you to legal authorities to the extent we are obliged to do so according to the law. We may also need to share your information in order to enforce or apply our legal rights or to prevent fraud.

As we continue to develop our business, we might sell or buy other businesses or services. In such cases that is in connection with or during negotiations for any potential merger, sale of company assets, financing, or acquisition of all or a portion of FINETIX, user information generally is one of the transferred business assets but remains subject to the promises made in any pre-existing Privacy Notice (unless, of course, the user consents otherwise). Also, in the unlikely event that FINETIX or substantially all of its assets are acquired by a third party, user information will be one of the transferred assets.

We release accounts and other personal information when we believe release is appropriate to comply with the law or with our regulatory obligations; enforce or apply our User Agreement and other agreements; or protect the rights, property or safety of FINETIX, our users or others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction.

We also do not allow any third parties to collect, edit, sell or distribute your personal information by any means. If any FINETIX user engages in the above activities, or if we determine that your actions are inconsistent with our User Agreement or policies, or to protect the rights, property, and safety of FINETIX or others upon discovery, we have the right to terminate the service agreement with the user or you immediately.

If you are not a natural person with full capacity for civil rights and civil conduct, you are not authorized to use the service. Henceforth, we hope that you do not provide any of your personal information.

Failure to provide all requested information may impede our ability to verify your identity, which could prevent you from opening a trading account with FINETIX and utilizing our Site.

You are solely responsible for ensuring the accuracy and completeness of the information you provide. You may update your information at any time via the “Account” page on our Site. We recommend that you regularly update your profile to ensure that the services offered to you align with your current circumstances. We may require you to update your information if we determine it to be untrue, incorrect, incomplete, or inconsistent with other information you have provided. You acknowledge that we are entitled to rely on the information you provide, and you shall be responsible for any damages or losses resulting from inaccuracies, including any mismatch between our services and your needs.

We implement robust security measures to protect your personal data and the information we collect about your activities on our Site. We safeguard your personal data through advanced data security technologies, including firewalls and data encryption. We also mandate that you use a personal username and password for every online account access. As stipulated in the User Agreement, you are strictly prohibited from sharing your password with any third party.

In the event that we must share your personal data with a third party, we shall ensure that such third parties process your personal data strictly in accordance with our instructions and have executed confidentiality agreements to maintain its security. We have implemented appropriate technical and organizational measures to prevent the accidental loss, unauthorized use, access, alteration, or disclosure of your personal data. Furthermore, access to your personal data is restricted to those employees, agents, contractors, and third parties who have a legitimate business need to know such information. They will process your personal data solely on our instructions.

We have established formal procedures to address any suspected data security breaches and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including countries that may not have data protection laws equivalent to those of the EEA. In such instances, we will ensure that appropriate safeguards are in place to protect your data, such as implementing standard contractual clauses approved by the European Commission, and we will comply with all legal requirements for such transfers.

We are committed to ensuring that the personal data we hold is relevant, reliable, accurate, complete, and current. We take reasonable steps to protect its privacy and security. We will retain your personal data only for as long as is necessary to fulfill the purposes for which it was collected or to comply with legal or ethical obligations. We will not store your personal data in an identifiable form for a period longer than is required for its original purpose or to fulfill legal, accounting, or reporting obligations.

To determine the appropriate retention period, we consider the nature and sensitivity of the data, the risk of harm from its unauthorized use or disclosure, the purposes for which we process the data, and applicable legal requirements.

In certain cases, we may anonymize your personal data so that it can no longer be associated with you, in which case we may use such anonymized data indefinitely without further notice to you.

We are legally required to retain personal data related to you and your transactions for a period necessary to satisfy business or legal purposes, including compliance with anti-money laundering and counter-terrorism financing obligations.

Typically, we retain data related to financial transactions for a minimum period of 8 years after your last transaction or account closure, whichever occurs later. This period may be extended if necessary. We retain data during the service provision period, for the duration of the contract, and for 10 years following the termination of the contract or legal relationship to comply with document archiving requirements and to handle potential legal claims.

If a transaction is not completed, personal data is stored for 3 years from the date of receipt. If a transaction is refused due to AML measures, the data is retained for 8 years from the date of refusal.

Under applicable AML and counter-terrorism financing regulations, we are required to process and retain personal data for a period of 8 years from the date of receipt, with the possibility of extensions if warranted.

Should you withdraw your consent, or should the consent period expire, we will retain data confirming the consent for 5 years from the end of the consent period or its cancellation to address potential legal claims.

At the conclusion of the retention period, we will securely delete or destroy the data and ensure that our sub-processors and third-party suppliers follow the same procedure.

Pursuant to Data Protection Legislation, you have several rights concerning your personal data, including:

You may request a copy of the personal data we hold about you to verify that we are processing it lawfully.

You may request that we correct any incomplete or inaccurate information we hold about you.

You may request that we delete or remove your personal data when it is no longer necessary for the purposes for which it was processed or if you have lawfully objected to the processing.

You have the right to object to the processing of your personal data based on legitimate interests (or those of a third party) if you have specific reasons for doing so. You also have the right to object to processing for direct marketing purposes.

You may request that we restrict the processing of your personal data if you need us to verify its accuracy or the reason for its processing.

You may request that we transfer your personal data to another organization.

Exercising of your rights above may impact the form and substance of the Services we provide to you, and in some circumstances, such exercise may mean that we will not be able to continue providing the Services to you, and we may need to terminate the contract you have with us.

We may charge you a reasonable fee for the handling and processing of your requests to access your personal data. If we choose to charge a fee, we will provide you with a written estimate of the fee that we will be charging. Please note that we are not required to respond to or deal with your request for access unless you have agreed to pay the fee.

At our sole discretion, we may include or offer third-party products or services on our Site. These third-party sites maintain separate and independent privacy policies. We therefore assume no responsibility or liability for the content, privacy practices, or activities of these linked sites. Nevertheless, we endeavor to protect the integrity of our Site and welcome any feedback concerning these sites.

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce significant legal effects on you. This right is intended to ensure you are not affected by decisions made entirely by computer algorithms without human intervention.

However, this right does not apply if the decision:

• Is necessary for the purpose of entering into or performing a contract between you and us.
• Is required or authorized by law.
• Is based on your explicit consent.

Currently, we do not employ automated decision-making or profiling in the processing of personal data. Should this change, we will provide you with prior notice, including detailed information about the logic involved, as well as the significance and potential consequences of such processing.

We use technology to collect anonymous statistical data about your use of our Site. This includes logging details such as your server address, the date and time of your visit, the pages you view, and the type of browser you use. This information is collected without personally identifying you and is used exclusively for statistical purposes. It assists us in improving the content and functionality of our Site, gaining a better understanding of our clients and markets, and enhancing our services.

You are strongly advised to review our FINETIX Cookies Policy for more detail. The FINETIX Cookies Policy together with this Privacy Policy shall form the entire notice and agreement between you and us regarding privacy issues.

All our employees and authorized personnel are strictly required to adhere to confidentiality regarding any personal data they access during the course of their duties. This obligation survives the termination of their employment or contract and continues even if they change positions within the company. They are expressly prohibited from disclosing any personal data without our prior written permission, unless such information has become publicly available or is required to be disclosed by applicable laws or regulations.

This Privacy Policy will be reviewed periodically to account for changes in our operations, practices, and business environment, and to ensure its ongoing compliance with legal and technological developments. Any personal data we hold will be governed by the most current version of this Privacy Policy.

Your rights to information may be subject to certain limitations in the following circumstances:

If providing the requested information is impossible or would require a disproportionate effort, we may not provide it. In such cases, we will still take appropriate measures to protect your rights and interests, such as making the information publicly available through this Privacy Policy.

If the provision or disclosure of information is expressly restricted by Data Protection Legislation, and appropriate measures are in place to protect your interests, we may not be required to provide the information.

If the personal data is subject to professional secrecy under Lithuanian law, such as statutory obligations of secrecy, we may be prohibited from disclosing it.

We are not obligated to provide information you have already received.

You may delete your FINETIX account at any time, the consequences of account deletion include but not limited to the following:
(a) You will lose all digital assets and data contained in this account.
(b) You will not be able to recover the personal information, transaction records, business data, and historical information under the account.
(c) You will not be able to use this account to log in to FINETIX’s services.

The account cannot be recovered once it is deleted. To protect your rights, we will remind you of the risks again after you select the button to Delete Account.

The deletion of your account does not mean that all your account operations and responsibilities before account deletion are exempted or mitigated. All records and information associated with your account will be deleted. However, we may retain certain information of your account as required by applicable law and regulations.

The provisions in this Section only apply if you are a user who is located in the European Union (“EU”). These provisions take precedence over any inconsistent provisions in the remainder of this Privacy Policy.

Your personal data may be transferred outside of the EU. In such cases, we take all reasonable precautions to apply the appropriate or suitable safeguards set forth by the GDPR, for example, we implemented measures such as appropriate contractual clauses to ensure that the recipients of such transfers will protect and treat your personal data in accordance with all applicable personal data protection laws.

You are entitled to exercise the following rights in accordance with the GDPR:
(a) The right to access the personal information concerning themselves, to correct or rectify inaccurate information and, when applicable, to object to data processing;
(b) the right of erasure of those data that either have been collected solely based on your consent, or they are no longer needed to perform the purpose(s) for which they were collected for;
(c) The right of erasure of those data that either have been collected solely based on your consent, or they are no longer needed to perform the purpose(s) for which they were collected;
(d) The right to restrict processing when such data are no longer needed to perform the purpose(s) for which they were collected;
(e) The right to have personal information provided in a structured, commonly used and machine-readable format;
(f) The right to withdraw consent at any time and without any detriment, as long as the personal data processing is based exclusively on your consent.