Page cover

Privacy Policy

Introduction

The UNX Exchange, operated by Cambix S s.r.o., is committed to protecting your privacy. This Privacy Policy (referred to as the "Policy") explains how we collect, use, disclose, share, and safeguard your information when you use the UNX Exchange website and app, collectively referred to as the "Services". This Policy applies to all visitors and users of the Services. By continuing to use our Services, you consent to the collection, storage, processing, sharing, and transfer of your personal information as outlined in this Policy.

Information We Collect

We collect personal information from our users in various ways, including when they register for an account, complete KYC steps, trade digital assets, or use our services. The types of personal information we collect may include:

  • Name, official personal document number, physical address including the name of the country, nationality and date and place of birth, for KYC purposes.

  • Email address and country of residency, for User Account creation.

  • Payment and transaction information, such as user account information, External Account information and digital asset holdings.

  • User-generated content, such as transaction data.

  • Other details necessary to provide and improve our services.

  • Information necessary to identify, assess, and manage risks related to money laundering and terrorist financing.

  • Information you provide us when submitting tickets or sending email requests.

  • Information related to our partners or suppliers.

Information we collect automatically: We may collect certain information automatically when you use our Services, such as your IP address, device type, browser type, and operating system.

Information we receive from third parties: We may receive information about you from third-party sources, such as social media platforms or payment processors. We may also receive information from our business partners, affiliates, or service providers, as Fordefi Inc., Chainalysis Inc., Notabene, Inc.

How We Use Your Information

We use the personal information we collect to provide and improve our Services, process deposits, withdrawals and transactions, communicate with users, and analyze user behavior. Specifically, we use personal information to:

  • Provide and improve our services, including personalizing the user experience, monitoring and analyzing usage, and diagnosing technical issues.

  • Process withdrawals, deposits and trades, including verifying identity and preventing fraudulent transactions.

  • Communicate with users, including responding to inquiries and providing customer support.

  • Analyze user behavior, including conducting market research and personalizing content and advertising.

  • Comply with legal obligations, such as responding to legal requests and monitoring suspicious activity.

Legal Basis for Using Your Information

We process your personal information in accordance with the legal basis provided by applicable data protection laws, including the General Data Protection Regulation (GDPR). The primary legal basis for processing your personal information is to fulfill our contractual obligations to you when you use our Services. This includes providing and improving our Services, processing blockchain transactions, and communicating with you. Without processing your personal information, we would not be able to provide you with the services you have requested.

In certain cases, we may also process your personal information based on our legitimate interests. This may include analyzing user behavior to improve our Services, conducting market research, and personalizing content and advertising. When we process your personal information based on our legitimate interests, we ensure that your rights and freedoms are not overridden by our interests. We conduct a balancing test to ensure that our legitimate interests are not outweighed by any potential impact on your privacy rights.

In addition, we may process your personal information to comply with legal obligations, such as responding to legal requests or preventing fraud and upholding AML and KYC compliance. In such cases, processing your personal information is necessary for compliance with a legal obligation that we are subject to, for which we may be penalized if we are non-compliant.

If you have any questions about the legal basis for how we process your personal information, please contact by raising a support ticket.

In certain situations, we may rely on your consent as the legal basis for processing your personal information. If you have provided consent for the processing of your personal information, you have the right to withdraw that consent at any time. To do so, please contact us by raising a support ticket.

How We Share Your Information

We may share personal information with Third Party Partners, and other third parties, such as transfer processors, advertising partners, and service providers, to provide and improve our Services. The sharing of your personal information in these circumstances is essential for effective and continuous delivery of our Services. The Third Party Partners, with whom we are under contract with, are authorized by us to collect, utilize, share and disclose your personal information, as directed by us. Specifically, we may share personal information to:

  • With your consent: We may share your information with third parties, if you have given us your consent to do so, unless they are our processors or joint controllers or otherwise related to us in cases where consent is not required.

  • For legal purposes: We may share your information with third parties if we are required to do so by law, such as in response to a court order or a legal request from a government agency.

  • For contractual purposes: if it is necessary to execute a contract with a third party, which is held as our data processor or joint controller.

  • In case of a merger or acquisition: We may share your information in the event of a merger, acquisition, or other business transaction.

We transfer the minimum volume of personal data necessary for a specific purpose relevant to the Third Party Partner providing us with the service, and we only engage with Third Party Partners who have been vetted and can assure us that they provide an adequate level of security aligned with our own standards and compliant with GDPR global standards.

International Data Transfers

We may transfer personal data to countries outside of the European Union (EU) and the European Economic Area (EEA). When doing so, we will take appropriate measures to ensure that the data is protected and that the transfer complies with applicable data protection laws.

The transfer of personal data outside of the EU/EEA may take place in the following situations:

  • We may transfer personal data to our Third Party Partners or other third party service providers located outside of the EU/EEA in order to provide the Services you have requested, or to perform other functions on our behalf, such as hosting digital wallet services, performing KYC/KYB checks, our website, or processing transactions. These transfers are subject to appropriate safeguards, such as standard contractual clauses or certification, to ensure that the data is adequately protected. In some cases, we have adopted measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data.

  • If you are located outside of the EU/EEA and use our services, your personal data may be transferred to our servers in the EU/EEA or to third-party service providers or partners located outside of the EU/EEA. In such cases, we will ensure that appropriate safeguards are in place to ensure that the transfer is legal and that the data is adequately protected.

Cookies and Similar Technologies

We use cookies and similar technologies to enhance your user experience and to analyze how our website is used. Cookies are small text files that are placed on your device when you visit our website. They are used to remember your preferences, facilitate navigation, and improve our website. The cookie we have is a session cookie which the user is assigned upon logging in (it’s a cookie that keeps track of the user session / authentication).

How We Protect Your Information

We use a variety of industry-standard security measures to protect your personal information from unauthorized access, use, disclosure, alteration, and destruction. We work with Third Party Providers who provide a suite of applications to manage digital asset operations, employing multi-layer security that eliminates a single point of compromise with and leverages secure hardware enclaves to ensure key material is isolated, protected, and resistant to unauthorized access. Additional security measures include encryption techniques and authentication procedures such as multi-factor authorization and passcode authorization.

Examples of common security measures include:

  • Encryption: We may encrypt your personal information when it is transmitted over the internet to help protect against unauthorized access.

  • Access controls: We may limit access to your personal information to authorized personnel who have a legitimate need to access the information.

  • Firewalls: We may use firewalls to help prevent unauthorized access to our systems and networks.

  • Intrusion detection/prevention systems: We may use intrusion detection/prevention systems to detect and prevent unauthorized access or attacks on our systems and networks.

  • Physical security: We may use physical security measures, such as secure facilities and access controls, to protect against unauthorized access to our premises and equipment.

You can play a role in keeping your personal data secure by maintaining the confidentiality of any passwords and accounts used in relation to our Services, websites, or materials. We recommend that you use a unique password that you do not use on any third-party websites or related services. Please do not disclose or share any passwords used in connection with our Services, websites, or materials to third parties. We are not liable for any consequential Losses for your failure to secure your own network, passwords, and other login credentials.

If you become aware of any unauthorized access to your account or other security breach, please notify us immediately so that we can take appropriate action to investigate and mitigate the incident.

Data Retention

We will retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

In general, we will retain your personal information for the duration you hold your account with us, and for a reasonable period of time afterwards, e.g. statutory period of limitation, in order to maintain business records for analysis and/or audit purposes, to comply with legal or regulatory requirements, and for other legitimate business purposes.

Once your personal data is no longer required, we shall take appropriate steps to ensure all your personal data is destroyed or permanently deleted if it is no longer required, or in certain circumstances, if required by law.

Your Rights

You have certain rights in relation to your personal information. Subject to certain limitations on certain rights, you have the following rights in relation to your personal information:

  • Right to access: You have the right to request copies of your personal information.

  • Right to rectification: You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.

  • Right to erasure: You have the right to request that we erase your personal information, under certain conditions and following the imperative legal requirements.

  • Right to restrict processing: You have the right to request that we restrict the processing of your personal information, under certain conditions.

  • Right to object to processing: You have the right to object to our processing of your personal information, under certain conditions.

  • Right to data portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

  • Right to withdraw consent: You have the right to withdraw your consent at any time when we rely on your consent to process your personal information.

If you wish to exercise any of these rights, please contact us by raising a support ticket. We may need to verify your identity before processing your request. We will try to respond to your request within a reasonable timeframe.

Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion. There may also be residual information that will remain within our databases and other records, which will not be removed.

We encourage you to keep your personal information up-to-date. You have a responsibility to inform us of any changes to your personal information to ensure that it remains accurate and up-to-date. If you suspect that your personal information has been misused or if you become aware of any unauthorized use or access of your personal information, please contact us immediately by raising a support ticket so that we can take appropriate action to investigate and address the situation.

Compliance with Markets in Crypto-Assets Regulation (MICA)

UNX is a product which has been developed by Cambix S s.r.o., a Crypto-Asset Service Provider (CASP) regulated under the laws of the Slovak Republic. Under the Markets in Crypto-Assets Regulation (MiCA), we are subject to additional obligations concerning personal data and transparency. Accordingly, we shall implement the following measures:

  • Record-Keeping Obligations. We maintain records of all crypto-asset services, activities, orders, and transactions for a period as required by applicable laws and regulations. These records are kept to ensure compliance with our legal obligations and to provide transparency to our users.

  • Disclosure of Conflicts of Interest. We implement and maintain policies and procedures to identify, prevent, manage, and disclose conflicts of interest. Information about the general nature and sources of conflicts of interest and the steps taken to mitigate them will be available on our website.

  • Public Disclosure of Inside Information. We will publicly disclose inside information in a manner that ensures fast access and complete, correct, and timely assessment by the public. This information will be posted and maintained on our website for a period of at least five years.

  • Awareness of Risks. We ensure that our users are aware of the risks involved in purchasing crypto-assets. Detailed information about these risks is provided in the Terms & Conditions.

Changes to This Policy

We may update this Policy from time to time to reflect changes in our services, applicable laws, or best practices. We will notify you of any material changes to the policy and provide the updated policy on our website.

Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us by raising a support ticket.

Last updated