ETZ Privacy Policy

1. Our relationship with you

The security of your personal data is important to us. We are committed to protecting the privacy of our customers. We always take our privacy protection responsibilities with the utmost seriousness.This policy applies to any individual’s personal data which is in our possession or under our control. We have put in place safeguards to protect the personal data we store. This policy describes how we may collect, use, disclose, process and protect your personal data.

In this policy, “we”, “us”, “our” means ETZ (An exchange owned by Ope Hub, digitalne tehnologije, d.o.o. , a company incorporated under the laws of Slovenia with its registration number 9469796000) .

“You”, “your” or “yours” means the persons who are customers or users of our services. In this case, we may have contractual relationships with you, including but not limited to any kinds of agreements. For those who are not a relevant customer, user or stakeholder of our services, but using our website, this Privacy Policy shall also apply to you. For those who are under the age of 18, we do not knowingly request or collect any personal data from you. And if you are suspected of being younger than the age of 18, we will require you close your account and then delete your information as soon as possible.

2. What kinds of personal data we collect and process

For the purposes of this policy, we define "personal data" as data that can be directly or indirectly related to an identifiable individual and for which access to or processing of the data is in a form that is practicable. This includes information you provide to us, information automatically collected, and information we obtain from third parties.

Some examples of data which, on its own or jointly, can be used to identify a natural person are:

1. Personal identification data. Such as full-name, contact details, residential address, utility bills, date of birth, nationality and/or education details;
2. We may collect sensitive personal data, such as facial scan data extracted from your selfie or video, only where permitted by local law and with your explicit consent. We will provide you with a clear, affirmative action to indicate your consent at the time of data collection.
3. Employment detail. Such as occupation, job title, employment history, salary and so on;
4. Financial information. Such as bank account numbers, payment card information;
5. Wallet information. Such as wallet address, wallet ID, and other information related to your wallet;
6. Government Identifiers. Such as passport, national identification number, national identity card details and so on;
7. Information from cookies;
8. Information collected automatically. Such as your Internet Protocol (“IP”) address, operator and carrier data, authentication data, security questions, click-stream data, and information relating to your activities, habits, preferences and interests arising from your use of products and services. We do not rely solely on automated tools to determine whether a transaction or customer account presents a fraud or legal risk;
9. Information we collect from our affiliates and third parties;
10. Any other data that meets the general definition of "personal data" in this policy.

3. Why we collect and process your personal data

The primary purpose of collecting personal data is to ensure the secure, efficient and smooth delivery of our services. We use your personal data to deliver, provide, operate, and improve our services. We also use it for content and advertising, as well as for loss prevention and anti-fraud purposes. Please find below a list of the usual reasons why we collect and process your personal data:

1. To maintain legal and regulatory compliance. Required by strict and specific laws in different jurisdictions, we collect, use and store certain personal data and in some cases sensitive biometric personal data to provide you with secure, efficient and smooth services. For example, to comply with our Know Your Customer (“KYC”) obligations under applicable laws and regulations, we'll ask you to provide us with some information about yourself;
2. To deal with contractual relationship between us and you. For example, we may process your personal data to take and handle orders and process payments under your instruction;
3. To provide customer services. We process your personal data when you contact us for help with questions, disputes, complaints, troubleshooting, etc. If your personal data is not processed for this purpose, we will not be able to respond to your request;
4. To promote user experience. For users, we rely on your consent to process your personal data to offer you promotions, including offers, rewards and any other incentives for using our services. We also carry out surveys to learn more about your preference in order to recommend features and services that might be of interest to you;

In addition to the above, any other reason that is legitimate and reasonable for us to provide a safe and efficient service to our customers may prompt us to collect and process your personal data.

4. How we use your personal data

We may use personal data for our core business purposes including but not limited to:

1. Developing and providing brokerage, exchange and other services related to digital assets. For example, we will execute brokerage, exchange or other transactions and requests, including processing, settling, clearing or reporting such transactions. In addition, we will conduct research, planning statistical analyses. In addition, it is our mission to develop or improve our products, services, security, quality of service and advertising strategies, including the use of algorithm-based or artificial intelligence-driven tools and services;
2. Assessing and processing your personal data under your instructions, applications or requests. In such case, accessing and processing are necessary for the performance of your transactions;
3. Communicating with you. Including providing you with updates on changes to brokerage, exchange, and other services related to digital assets, responding to your queries, issuing notices to your when any changes are made to services and their terms and conditions, addressing or investigating to any complaints, claims or disputes from you;
4. Conducting inspections, screening or due diligence as required by applicable laws, regulations or directives;
5. Meeting the needs of financial reporting, management reporting, regulatory reporting, risk management, audit and record-keeping purposes;
6. Complying with all applicable laws, ordinances, regulations, rules, directives, orders, instructions, guidance and requirements of any local or foreign authorities (including regulatory, governmental, tax and law enforcement authorities or other authorities);
7. Preventing and mitigating fraud and abuse of our services and in order to protect you against account compromise or funds loss and in order to ensure the security of our users. Processing is necessary for the purpose of the legitimate interests pursued by us and the interests of our users;
8. Administering benefits or entitlements relating to our relationship with you or arising from your participation in events, campaigns or marketing promotions organized by us or with our partners.

In addition to the above purposes, we may also use personal data for purposes set out in the terms and conditions that govern our relationship with you.

5. More about advertising

We may use your personal data to recommend products or services that we believe may be of interest to you. Marketing messages may be sent to you in various modes, including but not limited to electronic mail, direct mailers, short message service, telephone calls, and other mobile messaging services. You have a right to object at any time to processing of your personal data for direct marketing purposes. When we uses your personal data for direct marketing purposes for the first time, we will inform the person concerned that he or she may request us to cease to use the personal data for direct marketing purposes. If you wish to opt out of such communications later, please follow the instructions provided in any marketing communication.

Furthermore, we reserve the right to continue sending you messages as part of our ongoing relationship with you. This section does not affect or override the terms and conditions that govern our relationship with you.

6. Why and how we share your personal data

We may share your personal data with third parties in accordance with any contractual relationship with you, applicable law, regulation or legal process. When sharing your personal data with other entities, we will use our best endeavours to ensure that such entities are either subject to this Privacy Policy or follow practices at least as protective as those described in this Privacy Policy. For instance, depending on your location and the entity responsible for conducting KYC checks.

Generally, we may share personal data in the following circumstances:

1. With your consent. We may disclose your personal data as may be described in a notice to you at the time the information is collected or before it is shared, or in any other manner to which you consent.
2. Transfer of business. During the course of our services to you, we may sell or purchase other businesses or services. In such instances, user information is typically transferred as part of the business asset, but remains subject to the commitments outlined in any existing Privacy Policy. In the unlikely event that we are acquired by a third party, user information will be transferred as part of the acquisition. These information will continue to be protected by existing Privacy Policy.
3. Required by laws. We may share your information in order to comply with applicable laws and legal obligations, to establish, exercise, or defend a legal or equitable claim, or to respond to law enforcement and regulatory requests. For instance, we may be obliged to do so by a subpoena, court order, search or seizure warrant, or similar legal procedure, or in response to international law enforcement requests, in accordance with a mutual legal assistance treaty (MLAT) or letters of request. We may also be required to comply with one or more forms of “travel rules” that require us to transmit your information to another financial institution, regulatory authorities or other industry partners. In particular, when we believe in good faith that the disclosure of personal information is necessary to protect the rights, property or safety of our customers, or others, including to prevent imminent physical harm or material financial loss. In the unlikely event of illegal activities or security and technical problems in the course of our services, or suspected illegal activities, or to assist law enforcement authorities in investigating suspected illegal or unlawful activities, we may share your personal data with the relevant authorities for the purpose of detecting, investigating, preventing or dealing with fraud or credit risk.

Furthermore, we may share personal data with the following individuals:

1. Any member of our institution.(affiliates, branches, related corporations); Personal data that we process and collect may be transferred between our companies as a normal part of conducting business and offering our services to you;
2. Any agents, contractors, sub-contractors or associates of our institution, including our employees, officers, agents, contractors, service providers and professional advisers that we or any member engage(s) in connection with the operation or maintenance of our business and services (“Sub-Processors”);
3. Any persons under a duty of confidentiality to us or a member of our institution which have undertaken to keep such personal data confidential;
4. Any person who provides personal data on your behalf, including but not limited to authorised representatives or agents;
5. Any persons to whom we are or any member of ours is under an obligation or required or expected to make disclosure by operation of law;
6. Any actual or proposed assignee(s) of ours;
7. Any actual or proposed participant(s), sub-participant(s) or transferee(s) of our rights in respect of you;
8. Any person(s) in whose favour of our obligations with respect to you are, or are intended to be a subject of any assignment, participation, sub-participation, transfer, novation or other similar arrangement; and
9. Any other person(s) directly related to the purpose set out above.

For further details regarding the third parties with whom we share your personal data, please refer to the relevant agreement(s) and/or terms and conditions that govern our relationship with you in your capacity as our customer. Please note that when you use third-party services or our affiliate services which are not governed by this Privacy Policy, their own terms and privacy policies will govern your use of those services and products.

7. How we use cookies and other identifiers to enhance your user experience

Cookies are small blocks of data created by a web server while a user is browsing a website and placed on the user's computer or other device by the user's web browser. Cookies are placed on the device used to access a website, and more than one cookie may be placed on a user's device during a session. Cookies collect information about users and their visit to the website, such as their Internet Protocol (IP) address, how they arrived at the website (for example, through a search engine or a link from another website) and how they navigate within the website.

We use cookies and similar tracking technologies to facilitate your internet sessions, enhance your user experience by offering products and services tailored to your preferences, and to compile analytics on website usage. You can manage your cookie preferences by accessing the cookie settings in your web browser, where you can block or delete cookies. Please note that disabling cookies may affect the functionality of our website and the services offered.

Please be advised that, depending on the applicable laws in the region in which you are located, the cookie banner on your browser will inform you of the procedure for accepting or refusing cookies. You have the option of configuring your web browser to block cookies, which will disable the pixel tags from monitoring your website visits. Furthermore, you have the option of removing cookies stored on your computer or mobile device. Please be aware that if you choose to block cookies and pixel tags, this may result in certain features and functions on our websites being unavailable to you.

8. International transfer of personal data

To facilitate our global operations, we may transfer, store, and process your personal data throughout the world, including but not limited to Hong Kong, Singapore, Australia, and the United Kingdom (UK). We ensure that such transfers comply with all applicable data protection laws by implementing standard contractual clauses or ensuring that the countries have been deemed adequate by the European Commission. This ensures your data is protected to standards that comply with EU GDPR regulations. If you reside in the European Economic Area (EEA), Switzerland, or the UK, we may transfer your personal information outside of the European Economic Area (“EEA”), UK and Switzerland. The EEA includes the European Union countries as well as Iceland, Liechtenstein, and Norway. Such transfer would be regulated by the General Data Protection Regulation(GDPR).

We may transfer your personal information to our affiliates, third-party partners, and service providers based throughout the world. In cases where we intend to transfer personal information to third countries or international organisations outside of the EEA, we rely upon a variety of legal mechanisms to facilitate these transfers of your personal data to ensure that such transfer is carried out in compliance with applicable data protection rules.

We also rely on decisions from the European Commission where they recognise that certain countries and territories outside of the European Economic Area ensure an adequate level of protection for personal information.

9. How we protect your personal data

When we design our systems, your security and privacy are always our top priority. To protect against accidental loss, unauthorised use or access, tampering or disclosure, we use security procedures and technology to protect the personal data we hold. We use encryption protocols and software in an effort to protect the security of your personal data during transmission and storage. We maintain physical, electronic and procedural safeguards when collecting, storing and disclosing your personal data. In addition, we only allow relevant person, including our employees, agents, contractors and other third parties with a business need to access your personal data.

Our security procedures mean that we may ask you to verify your identity to prevent unauthorised access to your account. We recommend that you set a unique password for your account, which may not be used for other online accounts, and that you log out promptly after using a shared computer.

10. How we retain your personal data

Personal data held by us must be accurate and must not be kept longer than necessary. If we suspects that the information is inaccurate, you should update the information as soon as possible to ensure that the new information is used for communicate in the future.

Your personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, as well as to comply with legal obligations (e.g., tax, accounting, and regulatory requirements). For instance, transaction data is typically retained for a minimum of five years to comply with financial regulations. You will be notified of specific retention periods in relation to your data upon request.

11. Languages

In the event of any inconsistency between different language versions of this policy, the English version shall prevail.

12. What rights do you have

Subject to applicable law, as outlined below, you have a number of rights in relation to your privacy and the protection of your personal data. Here are some typical rights you have:

1. Right of access: you have the right to obtain confirmation that your personal data are processed and to obtain a copy of it as well as certain information related to its processing. Access to your personal data is generally free of charge, but the applicable laws of some jurisdictions permit organisations to charge a reasonable fee for complying with an access request. We may also take a reasonable period after receiving your access request to process and giving your feedback.
2. Right to rectify: you can request the rectification of your personal data which are inaccurate, and also add to it. You can also change your personal data in your account at any time. We may also take a reasonable period after receiving your access request to process and update the change.
3. Right to withdraw your consent: for processing requiring your consent, you have the right to withdraw your consent at any time. Exercising this right does not affect the lawfulness of the processing based on the consent given before the withdrawal of the latter. Where a request is made to withdraw consent, we will inform you of the likely consequences of withdrawing consent and the timeframe to effect the withdrawal. Withdrawing consent to the use, processing, or disclosure of the personal data, may adversely affect ETZ’s ability to continue our relationship with you.
4. Right to delete: you can, in some cases, have your personal data deleted. Please note that in the event of account deletion, personal data may still be retained to fulfil our legal obligations.
5. Right to object: you can object, for reasons relating to your situation, to the processing of your personal data For instance, you have the right to object where we rely on legitimate interest or where we process your data for direct marketing purposes;
6. Right to challenge decisions based solely on automated processing: we use automated tools to ensure that you are eligible to become our customer, taking into account our interests and legal obligations; if these automated tools show that you do not meet our acceptance criteria, we will not let you become our customer;

If you want to exercise any of your rights please contact us. Please noted that these rights may be limited in some situations, for example, where we can demonstrate we have a legal requirement to process your personal data.

13. Notices and Revision

In the unlikely event of a data breach, we are committed to informing affected individuals and relevant authorities in accordance with applicable legal requirements. This notification will occur without undue delay, typically no later than 72 hours after we have become aware of it, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.

If you have any concerns about this privacy policy, please contact us, and we will try to resolve it. You also keep the right to contact your local Data Protection Authority for help.

This Privacy Policy may change regularly, and we will update the latest version of Privacy Policy on our website. You should check our websites frequently to see recent changes. Your continuous use of our services after the changes to this Privacy Policy means that you understand and agree to such changes.