Privacy Policy

Depasify S.L. ("Depasify", "we", "us", "our" or "us"), with Tax ID B-67823831 and domiciled in Valencia, Spain, is committed to protecting the privacy of users of our digital asset platform. This Privacy Policy describes how we collect, use, store and protect your personal data, in compliance with Regulation (EU) 2016/679 (General Data Protection Regulation or "GDPR"), Regulation (EU) 2023/1114 of the European Parliament and of the Council of May 31, 2023, regarding cryptoasset markets ("MiCA"), Organic Law 3/2018 on Personal Data Protection and guarantee of digital rights ("LOPDGDD"), as well as the amendments introduced by Law 11/2023, of May 8, affecting inspection procedures and powers of the Spanish Data Protection Agency (AEPD), Law 34/2002 on Information Society Services and Electronic Commerce ("LSSI"), Royal Decree-Law 19/2018 and money laundering prevention regulations, including Directive (EU) 2015/849 ("AMLD5") and Directive (EU) 2018/843 ("AMLD6"), Law 10/2010, of April 28, 2010, on the prevention of money laundering and terrorist financing and Royal Decree 304/2014, of May 5, 2014, approving the Regulation of Law 10/2010, of April 28, 2010, on the prevention of money laundering and terrorist financing.

1. Data Controller

Depasify S.L. is responsible for the processing of personal data collected through our platform (https://www.depasify.com) or by other means, such as email.

Contact us:

• Address: calle Álvaro de Bazán 10, 46010 Valencia (Valencia), Spain.
• E-mail: info@depasify.com
• Contact form: https://www.depasify.com/contact

2. Data Collected

We collect the following personal data:

• Identification data: first name, last name, DNI/NIE/passport, postal address, email address, telephone number.
• Financial Data: Bank account information, cryptocurrency wallets, or payment card data (without storing full card data) to process transactions.
• KYC/AML data: Identity verification documents, proof of address and other data required to comply with anti-money laundering regulations.
• Usage data and metadata: Information about your interaction with the platform, including IP addresses, browser, operating system, cookies and other browsing metadata.
• Selection process data: Professional area, name, surname, telephone, email, CV, cover letter and other data associated with recruitment processes.
• Connection data: Name, surname, ID, contact address, email, telephone and other data necessary for the provision of platform services, including APIs, according to the specific terms.

3. Purposes of Processing

We process your personal data for the following purposes:

• Commercial contact and website forms: They are incorporated into the specific automated files of users of the services of Depasify S.L. The collection and automated processing of personal data is intended to respond to requests for information that the interested party has made by any means about the products and services offered, establish and maintain business relationships and the performance of tasks of information, training, advice and other activities of Depasify S.L. These data will only be transferred to those entities that are necessary for the sole purpose of complying with the aforementioned purpose.
• Account registration and management: create and manage your account on the platform.
• Transaction processing: Facilitate the purchase, sale or exchange of cryptoassets, including card payments through collaborating entities, which hold the relevant licenses to do so.
• Regulatory compliance: perform identity checks (KYC) and transaction monitoring to prevent money laundering and terrorist financing, in accordance with AMLD5, AMLD6, MiCA, Law 10/2010, Royal Decree 304/2014 and Law 2/2023 of February 20, regulating the protection of persons who report regulatory violations and the fight against corruption.
• Contractual counterparties: the existing legal or contractual relationship necessary for the provision of the service, as well as the legitimate interest for the development of commercial relations.
• Customer service: Respond to your inquiries and requests.
• Promotional communications: Send newsletters, invitations to events, promotions or other commercial communications, with your explicit consent, which you can revoke at any time through the cancellation link in the emails or by contacting info@depasify.com.
• Social networks: The personal data you provide or enable to social networks to become a follower of them are intended to establish and maintain business relationships organically and through advertising on different platforms.
• Service improvement: To analyze the use of the platform to improve its functionality and user experience, using navigation metadata for behavioral analysis and troubleshooting. This data will be treated in a pseudonymized manner, and the user will only be identified at the user's express request for the resolution of a failure in the platform.
• Selection processes: Evaluate candidacies and verify references for hiring.
• Complaints channel: Manage complaints received.
• API Services: Provide cryptoasset integration services through the API, in accordance with the applicable terms.

4. Legal Basis for Processing

We process your personal data on the following legal bases:

• Consent (Art. 6.1.a RGPD): for promotional communications, promotional services and certain non-essential data processing. Consent is free, specific, informed and unambiguous, accepted by a clear affirmative statement or action, such as ticking a box. If you do not provide your data or you do so incorrectly or incompletely, we will not be able to fulfill your request.
• Execution of a contract (Art. 6.1.b RGPD): To manage your account, process transactions, evaluate applications and provide API services.
• Compliance with legal obligations (Art. 6.1.c RGPD): To comply with the RGPD, with MiCA, with AMLD5, with AMLD6, with the LOPDGDD, with Law 11/2023, with the LSSI, with Royal Decree-Law 19/2018, with Law 10/2010, with Royal Decree 304/2014 and with Law 2/2023.
• Legitimate interest (Art. 6.1.f RGPD): to improve the security and functionality of the platform (for example, through navigation metadata), provided that your rights and freedoms do not prevail.

5. Data Recipients

Your personal data will not be shared with third parties, except:

• Legal obligations: with competent authorities (e.g., Tax Agency, SEPBLAC, State security forces and corps) to comply with money laundering prevention regulations or legal investigations.
• Service providers: Companies providing services (e.g. payment processors, KYC providers, reference checking companies for selection processes), under confidentiality agreements and complying with the GDPR. We are not responsible for non-compliance with the GDPR by users who include personal data on shared hosting servers.
• International transfers: In case of transfers outside the European Economic Area, we ensure GDPR-compliant mechanisms, such as standard contractual clauses, adequacy decisions and binding corporate rules, following the recommendations of the European Data Protection Board ("EDPB") and the AEPD, including the Data Privacy Framework for transfers to the USA.

6. Retention Periods

We retain your personal data only for as long as necessary to fulfill the purposes described:

• Account and Transaction Data: For the duration of your account and up to 5 years after account closure, in accordance with AMLD5/AMLD6 and MiCA.
• KYC/AML data: For 10 years after the end of the business relationship, in accordance with anti-money laundering regulations.
• Contact and promotional data: Until you revoke your consent or request deletion.
• Usage and metadata data: For 1 year, unless a longer period is required for legal or security reasons.
• Recruitment process data: Until the data subject requests deletion or during the legal deadlines for possible liabilities.
• Affiliate/referred program data: According to the specific terms of each program.
• API services data: For the duration of the service and up to 5 years after its termination, in accordance with applicable regulations.
• Legal liabilities: The data will be kept at the disposal of the public administration, judges and courts for the legal terms established to meet possible liabilities arising from the processing.

7. User Rights

According to the RGPD, you have the following rights:

• Access: Know what personal data we process and how.
• Rectification: Correct inaccurate or incomplete data.
• Deletion: Request the deletion of your data when it is no longer necessary.
• Limitation: Restrict the processing of your data in certain cases.
• Portability: Receive your data in a structured format or request its transfer to another data controller.
• Opposition: Oppose the processing of your data for reasons related to your particular situation, including promotional communications.

To exercise these rights, please contact us at info@depasify.com or by mail at calle Álvaro de Bazán 10, 46010 Valencia (Valencia), Spain. We will respond within a maximum period of one month, extendable to two months in complex cases. You may file a complaint with the Spanish Data Protection Agency ("AEPD") (www.aepd.es) if you believe your rights have been violated.

8. Data Security

We adopt technical and organizational measures to ensure the security of your personal data, including:

• Encryption: Data in transit and at rest are encrypted with SSL protocols and other cryptographic methods.
• Access controls: Restricted access through two-factor authentication (2FA) for employees and users.
• Audits: Regular audits to detect vulnerabilities, aligned with standards such as PCI DSS.
• Continuous monitoring: Detection of unauthorized access with instant notifications by email or other means. We employ machine learning algorithms to detect suspicious transactions.
• Secure storage: Digital assets and their keys are stored under cryptographic keys in distributed systems to protect them from centralized cyber attacks and ensure continuity of access to assets with Multi-Party Computation ("MPC") technology that distributes private keys among several parties, eliminating the risk of a single entity having complete control over assets, Hardware Security Module ("HSM") ensuring secure storage of cryptographic keys in specialized devices and Trusted Execution Environment ("TEE") to execute cryptographic operations in secure and isolated environments. Threshold Recovery: In the event of a key loss, the Threshold Recovery method enables the secure recovery of assets through the collaboration of several entities without compromising security.
• Custody of fiat funds: fiat funds are deposited in segregated accounts, managed by an entity licensed for payment activities in the EU, in accordance with Royal Decree-Law 19/2018, guaranteeing 100% availability.
• AEPD tools: we apply tools such as Facilita_RGPD, Gestiona_RGPD, Evalúa_Riesgo and DPIA templates to ensure proactive compliance with the RGPD.
• Data accuracy: The data collected are those strictly necessary to respond to the request, which the Interested Party voluntarily communicates, in accordance with the provisions of Organic Law 1/1982 on civil protection of the right to honor, personal and family privacy and self-image. Refusal to provide mandatory data will result in the non-provision of the service. Optional data are provided for the optimization of services. If third party data is provided, the Interested Party is responsible for obtaining an informed consent with the content of this privacy policy. We are not responsible for any information shared by Stakeholders. The user declares that the information provided is truthful and undertakes to keep it updated.
• Supervisory procedures: In accordance with Law 11/2023, we cooperate with the AEPD in remote inspections and apply proportionality criteria to minor infractions.
• Backup copies: We make backup copies of the content hosted on the servers, however, we are not responsible for the accidental loss or deletion of data by users. Similarly, we do not guarantee full replacement of data deleted by users, as such data may have been deleted and/or modified during the period of time since the last backup. The services offered, except for specific backup services, do not include the replacement of the contents kept in the backups made by Depasify, when such loss is attributable to the user; in this case, a fee will be determined according to the complexity and volume of the recovery, always with the prior acceptance by the user. The replacement of deleted data is only included in the price of the service when the loss of content is due to causes attributable to Depasify.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance the user experience and analyze platform usage, including metadata such as browser, operating system and IP. You can manage your cookie preferences in the platform settings. See our Cookie Policy at https://www.depasify.com/cookie-policy for more details.

10. MiCA and AML/KYC Compliance

As a cryptoasset service provider ("VASP"), we implement MiCA and DORA standards, in particular in Know Your Customer ("KYC") and Anti-Money Laundering ("AML") policies:

• We verify the identity of all users through official documents and transactional pattern analysis.
• We monitor transactions for suspicious activity, using data analysis and checks against blacklists (e.g. OFAC).
• We inform the relevant authorities in case of indications of money laundering or terrorist financing.
• We maintain a zero-tolerance Anti-Fraud Policy, available at https://www.depasify.com/fraud-policy, with an operational Anti-Fraud Department that investigates and protects the confidentiality of investigations.

11. Changes to Privacy Policy

We reserve the right to update this Privacy Policy to reflect changes in regulations or in our services. Updates will be posted on https://www.depasify.com/privacy-policy, and users will be notified by email or through the platform in the event of significant changes.

12. Contact

If you have any questions about this Privacy Policy or the treatment of your data, please contact us at:

• Address: calle Álvaro de Bazán 10, 46010 Valencia (Valencia), Spain.
• E-mail: info@depasify.com
• Contact form: https://www.depasify.com/contact