Page cover

Privacy Policy

Introduction

The UNX Exchange, operated by Cambix S s.r.o., is committed to protecting your privacy. The Cambix S s.r.o. is the data controller. This Privacy Policy (referred to as the "Policy") explains how we collect, use, disclose, share, and safeguard your information when you use the UNX Exchange website and app, collectively referred to as the "Services". This Policy applies to all visitors and users of the Services. By continuing to use our Services, you confirm that you are familiar with the collection, storage, processing, sharing, and transfer of your personal information as outlined in this Policy.

The other definitions are understood as set out in the Terms and Conditions.

Information We Collect

We collect personal information from our users in various ways, including when they register for an account, complete KYC steps, trade digital assets, or use our Services. The types of personal information we collect may include:

  • Full name, official personal document number, physical address including the name of the country, nationality, and date and place of birth, for identity verification and KYC purposes.

  • Email address and country of residency, for User Account creation.

  • Login details used to access your account and account activity log files are processed to ensure information and cybersecurity.

  • Payment and Transaction information, such as User Account information, External Account information and Digital Asset holdings.

  • User-generated Content, such as Transaction data.

  • Other details necessary to provide and improve our Services.

  • Information necessary to identify, assess, and manage risks related to money laundering and terrorist financing.

  • Name, surname, address for complaints handling.

  • Information you provide us when submitting tickets, providing Feedback or sending email requests.

  • Information related to our partners or suppliers.

Information we collect automatically: We may collect certain information automatically when you use our Services, such as your IP address, device type, browser type, and operating system.

Information we receive from third parties: We may receive information about you from third-party sources, such as social media platforms, commercial databases, population registers, credit companies or payment processors. We may also receive information from our business partners, affiliates, or service providers, as Fireblocks Inc., Chainalysis Inc., Notabene, Inc.

How We Use Your Information

We use the personal information we collect to provide and improve our Services, process deposits, withdrawals, and transactions, communicate with users, and analyse user behaviour. Specifically, we use personal information to:

  • Provide and improve our Services, including personalizing the user experience, monitoring and analysing usage, and diagnosing technical issues.

  • Process withdrawals, deposits, and trades, including verifying identity and preventing fraudulent transactions.

  • Communicate with users, including responding to inquiries and providing customer support.

  • Analyse user behaviour, including conducting market research and personalizing content and advertising.

  • Comply with legal obligations, such as responding to legal requests and monitoring suspicious activity.

Legal Basis for Using Your Information

We process your personal information in accordance with the legal basis provided by applicable data protection laws, including the General Data Protection Regulation (GDPR). The primary legal basis for processing your personal information is to fulfil our contractual obligations to you when you use our Services. This includes providing and improving our Services, processing blockchain transactions, and communicating with you. Without processing your personal information, we would not be able to provide you with the Services you have requested.

In certain cases, we may also process your personal information based on our legitimate interests. This may include analysing user behaviour to improve our Services, conducting market research, and personalizing content and advertising. When we process your personal information based on our legitimate interests, we ensure that your rights and freedoms are not overridden by our interests. We conduct a balancing test to ensure that our legitimate interests are not outweighed by any potential impact on your privacy rights.

In addition, we process your personal information to comply with legal obligations, such as responding to legal requests or preventing fraud and upholding AML and KYC compliance. In such cases, processing your personal information is necessary for compliance with a legal obligation that we are subject to, for which we may be penalized if we are non-compliant.

If you have any questions about the legal basis for how we process your personal information, please contact by raising a support ticket.

In certain situations, we may rely on your consent as the legal basis for processing your personal information. If you have provided consent for the processing of your personal information, you have the right to withdraw that consent at any time. To do so, please contact us by raising a support ticket.

Profiling and Automated Decision Making

We do not engage in profiling or automated decision-making that would have a significant impact on you or result in significant consequences for you.

How We Share Your Information

We may share personal information with third party partners, and other third parties, such as transfer processors, advertising partners, and service providers, to provide and improve our Services. The sharing of your personal information in these circumstances is essential for effective and continuous delivery of our Services. The third party partners, with whom we are under contract with, are authorized by us to collect, utilize, share, and disclose your personal information, as directed by us. Specifically, we may share personal information to:

  • With your consent: We may share your information with third parties, if you have given us your consent to do so, unless they are our processors or joint controllers or otherwise related to us in cases where consent is not required.

  • For legal purposes: We may share your information with third parties if we are required to do so by law, such as in response to a court order or a legal request from a government agency.

  • For contractual purposes: if it is necessary to execute a contract with a third party, which is held as our data processor or joint controller.

  • In case of a merger or acquisition: We may share your information in the event of a merger, acquisition, or other business transaction.

We transfer the minimum volume of personal data necessary for a specific purpose relevant to the Third Party Partner providing us with the service, and we only engage with Third Party Partners who have been vetted and can assure us that they provide an adequate level of security aligned with our own standards and compliant with GDPR global standards.

International Data Transfers

We may transfer personal data to countries outside of the European Union (EU) and the European Economic Area (EEA). When doing so, we will take appropriate measures to ensure that the data is protected and that the transfer complies with applicable data protection laws.

The transfer of personal data outside of the EU/EEA may take place in the following situations:

  • We may transfer personal data to our Third Party Partners or other third party service providers located outside of the EU/EEA in order to provide the Services you have requested, or to perform other functions on our behalf, such as hosting digital wallet services, performing KYC/KYB checks, our website, or processing transactions. These transfers are subject to appropriate safeguards, such as standard contractual clauses or certification, to ensure that the data is adequately protected. In some cases, we have adopted measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data.

  • If you are located outside of the EU/EEA and use our services, your personal data may be transferred to our servers in the EU/EEA or to third-party service providers or partners located outside of the EU/EEA. In such cases, we will ensure that appropriate safeguards are in place to ensure that the transfer is legal and that the data is adequately protected.

How We Protect Your Information

We use a variety of industry-standard security measures to protect your personal information from unauthorized access, use, disclosure, alteration, and destruction. We work with Third Party Providers who provide a suite of applications to manage digital asset operations, employing multi-layer security that eliminates a single point of compromise with and leverages secure hardware enclaves to ensure key material is isolated, protected, and resistant to unauthorized access. Additional security measures include encryption techniques and authentication procedures such as multi-factor authorization and passcode authorization.

Examples of common security measures include:

  • Encryption: We may encrypt your personal information when it is transmitted over the internet to help protect against unauthorized access.

  • Access controls: We may limit access to your personal information to authorized personnel who have a legitimate need to access the information.

  • Firewalls: We may use firewalls to help prevent unauthorized access to our systems and networks.

  • Intrusion detection/prevention systems: We may use intrusion detection/prevention systems to detect and prevent unauthorized access or attacks on our systems and networks.

  • Physical security: We may use physical security measures, such as secure facilities and access controls, to protect against unauthorized access to our premises and equipment.

You can play a role in keeping your personal data secure by maintaining the confidentiality of any passwords and accounts used in relation to our Services, websites, or materials. We recommend that you use a unique password that you do not use on any third-party websites or related services. Please do not disclose or share any passwords used in connection with our Services, websites, or materials to third parties. We are not liable for any consequential Losses for your failure to secure your own network, passwords, and other login credentials.

If you become aware of any unauthorized access to your account or other security breach, please notify us immediately so that we can take appropriate action to investigate and mitigate the incident.

Data Retention

We will retain your personal information for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

In general, we will retain your personal information for the duration you hold your account with us, and for a reasonable period of time afterwards, e.g. statutory period of limitation, in order to maintain business records for analysis and/or audit purposes, to comply with legal or regulatory requirements, and for other legitimate business purposes. Even after you deactivate your account, we will retain copies of information about you and any transactions or Services you have participated. If your account is closed, we will retain your Personal Data in our database for a period of 10 years (10) years.

Once your personal data is no longer required, we shall take appropriate steps to ensure all your personal data is destroyed or permanently deleted if it is no longer required, or in certain circumstances, if required by law.

Your Rights

You have certain rights in relation to your personal information. Subject to certain limitations on certain rights, you have the following rights in relation to your personal information:

  • Right to access: You have the right to request copies of your personal information.

  • Right to rectification: You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.

  • Right to erasure: You have the right to request that we erase your personal information, under certain conditions and following the imperative legal requirements.

  • Right to restrict processing: You have the right to request that we restrict the processing of your personal information, under certain conditions.

  • Right to object to processing: You have the right to object to our processing of your personal information, under certain conditions. The processing of the data is restricted until it is verified which interests prevail.

  • Right to data portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

  • Right to withdraw consent: You have the right to withdraw your consent at any time when we rely on your consent to process your personal information.

If you wish to exercise any of these rights, please contact us by raising a support ticket or contacting our data protection officer by email [email protected]. We recommend that you indicate that the correspondence is addressed to the data protection officer. We may need to verify your identity before processing your request. We will try to respond to your request within a reasonable period, but in no event later than within 30 (thirty) days after receiving your request.

Please note that we may need to retain certain information for record-keeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion. There may also be residual information that will remain within our databases and other records, which will not be removed.

We encourage you to keep your personal information up to date. You have a responsibility to inform us of any changes to your personal information to ensure that it remains accurate and up to date. If you suspect that your personal information has been misused or if you become aware of any unauthorized use or access of your personal information, please contact us immediately by raising a support ticket so that we can take appropriate action to investigate and address the situation.

If we fail to provide you with the necessary information and/or should you have complaints about how your personal data are processed, you can contact the supervisory authority in your country or in the country where the violation occurred by filing a complaint. The details of the supervisory authorities can be found at this link: Our Members | European Data Protection Board

Compliance with Markets in Crypto-Asset Regulation (MICA)

UNX is a product which has been developed by Cambix S s.r.o., a Crypto-Asset Service Provider (CASP) regulated under the laws of the Slovak Republic. Under the Markets in Crypto-Assets Regulation (MiCA), we are subject to additional obligations concerning personal data and transparency. Accordingly, we shall implement the following measures:

  • Record-Keeping Obligations. We maintain records of all crypto-asset services, activities, orders, and transactions for a period as required by applicable laws and regulations. These records are kept ensuring compliance with our legal obligations and to provide transparency to our users.

  • Disclosure of Conflicts of Interest. We implement and maintain policies and procedures to identify, prevent, manage, and disclose conflicts of interest. Information about the general nature and sources of conflicts of interest and the steps taken to mitigate them will be available on our website.

  • Public Disclosure of Inside Information. We will publicly disclose inside information in a manner that ensures fast access and complete, correct, and timely assessment by the public. This information will be posted and maintained on our website for a period of at least five years.

  • Awareness of Risks. We ensure that our users are aware of the risks involved in purchasing crypto-assets. Detailed information about these risks is provided in the Terms & Conditions.

Changes to This Policy

We may update this Policy from time to time to reflect changes in our services, applicable laws, or best practices. We will notify you of any material changes to the policy and provide the updated policy on our website.

Contact Us

If you have any questions or concerns about this Policy, please contact us by raising a support ticket. or contacting our data protection officer by email [email protected]. We recommend that you indicate that the correspondence is addressed to the data protection officer.

We may update its Policy from time to time. When we change the policy in a material way, a notice will be posted on our website along with the updated Policy. This Policy was last updated on 15-10-2025.

Last updated