System operational · EU-West · Solana mainnet
Web3TrustXWeb3TrustX

Legal · v2026-04-29-v1

Privacy Policy

How Web3TrustX collects, uses, retains and protects your personal data, in accordance with GDPR and Spanish LOPDGDD.

Effective · April 29, 2026

Draft — pending final counsel review. This document is a working draft prepared in good faith for MiCA / CNMV / GDPR compliance. It is binding on Web3TrustX from the effective date above, but may be amended after final review by external counsel. For specific legal questions, contact us.

01. 1. Data controller

The data controller is Web3TrustX, S.L., with registered office in Sevilla, Spain. You may contact us in connection with the processing of your personal data at privacy@web3trustx.com.

02. 2. Data we process and purposes

Account data (email, display name) — to allow you to access the Platform. Legal basis: performance of the contract (art. 6.1.b GDPR).

KYC data (full name, date of birth, nationality, identity document, address, phone, tax ID, source of funds, PEP status) — to comply with our anti-money-laundering obligations under Regulation (EU) 2024/1624 and Spanish Law 10/2010. Legal basis: legal obligation (art. 6.1.c GDPR; art. 9.2.g GDPR for special categories where applicable).

Wallet linkage data (public address, chain) — to deliver Tokens to which you are entitled. Legal basis: performance of the contract.

Communications (transactional emails, support tickets) — legal basis: performance of the contract and our legitimate interest in providing support (art. 6.1.f GDPR).

Audit logs (IP address at the moment of accepting Terms, version of the legal documents accepted) — legal basis: legal obligation and legitimate interest in establishing proof of consent.

03. 3. Recipients and processors

Personal data may be shared with: (a) cloud and database providers acting as processors under EU Standard Contractual Clauses; (b) email service providers (e.g. Brevo) for transactional messaging; (c) KYC/identity-verification providers; (d) competent supervisory authorities (CNMV, SEPBLAC) where required by law.

We do not sell personal data and do not use it for advertising or profiling that produces legal effects on you.

04. 4. International transfers

Where data is transferred outside the EEA, we rely on adequacy decisions (where available) or on EU Standard Contractual Clauses with additional safeguards as required by Schrems II.

05. 5. Retention

Account and wallet data: for the duration of the contractual relationship and 10 years thereafter for accounting purposes (art. 30 Spanish Commercial Code).

KYC data: 10 years after the end of the business relationship, as required by art. 25 of Spanish Law 10/2010.

Audit logs and acceptance records: 10 years.

Marketing data: until you withdraw consent.

06. 6. Your rights

You have the right to access, rectify, delete, restrict and port your data, and to object to its processing, by writing to privacy@web3trustx.com. You may also lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos, www.aepd.es).

Where processing is necessary for legal obligations (KYC, AML), the rights of erasure and objection may be limited.

07. 7. Security

We implement organisational and technical measures aligned with ISO 27001 controls, including encryption at rest and in transit, role-based access control, strict logging, and regular vulnerability assessments. No system is impenetrable; in case of a personal-data breach affecting your rights and freedoms we will notify you and the authorities within 72 hours, as required by art. 33–34 GDPR.

08. 8. Cookies

The Platform uses only strictly necessary cookies for session management. See the Cookie Policy at /legal/cookies for details.

To exercise your rights or for any privacy question, contact privacy@web3trustx.com.