Last review: 20 july 2022

This Privacy Policy has been drafted according to the provisions set forth in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR), Organic Act 3/2018 of 6 December on Personal Data Protection and its implementing regulation.

Identification of the website’s owner

The owner of this website is 0xaudit blockchain S.L. (hereinafter “0xaudit”) with TIN (NIF) B10661718, registered office for this purpose at Central Street 13, 3ºA, Murcia, Spain and contact e-mail address [email protected].

Who is the data controller of the personal data we collect from this website?

The data controller of this website is 0xaudit blockchain S.L. with TIN (NIF) B10661718, registered office for this purpose at Central Street 13, 3ºA, Murcia, Spain and contact e-mail address [email protected]

What data are we going to obtain from you? And What is the purpose of such data processing?

The personal data that we obtain from you are those necessary to process the payment of our services as well as to make the requested KYC.

All the personal information that you provide us for the purpose of carrying out the KYC will be used exclusively for this purpose and under the strict legally required terms of confidentiality.

Finally, we have a contact form. If you decide to write to us, we will use your name and email address to answer your questions.

What are the legal grounds of this data processing?

The legal grounds consist of:

• the data subject has given consent to the processing of his or her personal data for one or more specific purposes. (Art. 6.1.a GDPR).
• processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; (Art 6.1.b GDPR).

How long will your data be kept?

We will keep your personal data for so long as we maintain a contractual or pre-contractual relationship with you. We will keep public information about the KYC until you request its deletion.

You can write to us at any time to seek the erasure of your data. In such case, your personal data will be blocked and will only be made available to Judges and Courts, the State Prosecution Service, the Spanish Data Protection Agency and other competent authorities and public administrations to resolve any issue or liability related to the processing of your data or with the exercising of subsequent legal actions, complaints or queries during the statute of limitations thereof.

The data’s recipient or categories of recipients

Your personal data will not be provided or ceded to any entity not connected to us. In the event that any police or judicial authority requests information about the KYC performed, this information could be provided.

International transfers of data

We do not make any kind or category of international data transfers.

What rights is the data subject entitled to?

The GDPR grants you the rights set out below, which you may exercise by sending an e-mail. You will have to send the e-mail from the same e-mail address you initially used to buy to us.

Below we proceed to explain what each of the rights recognized in the GDPR means.

Rights to access: for the right to access, data subjects will be provided a copy of personal data available together with the purpose for which they have been collected, the identity of the recipients of the data, the terms of retention provided and the criteria used to determine these, the existence of the right to request the rectification or erasure of personal data and the limitation of, or opposition to, processing, the right to lodge a complaint with the Spanish Data Protection Agency and if the data of the data subject have not been obtained, any information available regarding their origin. The right to obtain a copy of the data cannot negatively affect the rights and freedoms of the data subjects.

Right to rectification: in the right to rectification the data of the data subject that were incorrect or incomplete shall be changed in accordance with the purposes of the processing. The data subject may indicate in the request what data are referred to and the correction to be made, providing, where necessary, the supporting documentation of the inaccuracy or incomplete nature of the data processed. If the data have been communicated by the controller to other processors, they must notify them of the rectification unless it is impossible to do so or requires disproportionate effort, providing the data subject with information regarding such recipients upon request.

Right to erasure: we are obliged to erase without undue delay personal data where any of the following circumstances come about:

1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
2. the data subject withdraws consent granted for specific purposes or on which the processing is based for the processing of special data categories, such as those which reveal the data subject’s political opinions, while such processing is not based on other legal grounds;
3. the data subject objects to the processing for reasons related to his/her specific situation and there are no overriding legitimate grounds for the processing;
4. the personal data have been unlawfully processed;
5. the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.

The obligation to erase personal data shall not apply to the extent that processing is necessary:

1. for exercising the right of freedom of expression and information;
2. for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject;
3. for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in so far as the right of erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing;
5. for the establishment, exercise or defence of legal claims.

Right to opposition: in the case of the right to opposition, where the data subjects refuse to provide consent for the processing of their personal data before the controller, the controller shall cease processing them provided that no legal obligation prevents them from doing so. Where the processing is based on a mission of public interest or legitimate interest of the controller, before a request to exercise the right to opposition, the controller must cease processing the data except where overriding reasons prevail above the interests, rights and freedoms of the data subject or are necessary for their formulation, exercise or defence of the claims. If the data subject opposes the processing for the purposes of direct marketing, the personal data shall no longer be processed for these purposes.

Right to portability: in the case of right to portability, if the processing is carried out by automated means and is based on consent or is carried out within the framework of a contract, the data subject may request a copy of their personal data in a structured, commonly used and electronically readable format. Thus, they have the right to request that they are transmitted directly to a new controller whose identity must be communicated where technically possible.

Right to limitation of processing: in the case of the right to limitation of processing, the data subjects may request the suspension of processing of their data to impugn the inaccuracy while the controller carries out the necessary verifications or, in the event that the processing is carried out based on the legitimate interest of the controller or in compliance with a mission of public interest, while it is verified if these reasons prevail over the interests, rights and freedoms of the data subject. The data subject may also request the retention of the data if it is considered that the processing is illegal and, rather than suspension, request the limitation of processing or if the controller no longer needs the data for the purposes for which they were collected, the data subject needs them for the formulation, exercise or defence of complaints or claims. In the event that the processing of the data subject’s data is limited this must be clearly stated in the controller’s systems. If the data have been communicated by the controller to other processors, they must notify them of the rectification unless it is impossible to do so or requires disproportionate effort, providing the data subject with information regarding such recipients on request.

Complaints before data protection authorities

You have the right to file complaints before Spanish Data Protection Agency if you deem that your personal data are not being processed properly.

Processing of minors’ data

Our services should be used by people over 14 years of age. You should therefore refrain from using them if you are younger than said age. We may require you to provide an official document to certify your age.

RECORDS OF PROCESSING ACTIVITIES

Processing: Customers

Processing: Potential Customers