Privacy Policy
Version 1: Updated on 17 February 2025
This Privacy Notice sets forth the information that REXENTO SAS ("REXENTO" or the "Company") and UPSAVE ("UPSAVE" or the "Service") are required to provide under applicable data protection laws regarding the collection, processing, and storage of personal data through this website and related platforms (collectively, the "Site").
This Privacy Policy is designed to ensure transparency and compliance with data protection laws, including the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.
1. Data Controller
For the purposes of data protection laws, REXENTO is the data controller responsible for processing your personal data. We ensure that we and our third-party service providers comply with applicable data protection laws.
2. Updates to This Privacy Notice
This Privacy Notice may be updated periodically. If we make substantial changes, we will post a prominent announcement on the Site and update this document accordingly.
3. Personal Data We Collect
We may collect and process the following types of personal data, as permitted under applicable laws:
Category | Information Collected |
---|---|
Personal Identification Information |
|
Transaction Information |
|
Correspondence |
|
Automatically Collected Data(with user consent, where required) |
|
4. Legal Basis for Processing Personal Data
We process your personal data based on:
- Consent: Where you have given clear permission.
- Contractual Necessity: To provide our services and fulfill agreements.
- Legal and Regulatory Obligations: Compliance with anti-money laundering (AML), know-your-customer (KYC), and tax laws.
- Legitimate Interests: To improve our services, prevent fraud, and ensure security.
5. How We Use Your Personal Data
- Managing and maintaining your account.
- Processing transactions.
- Providing customer support.
- Conducting analytics to improve our services.
- Fulfilling legal and regulatory requirements, including KYC/AML compliance.
- Performing identity verification and fraud prevention.
- Notifying you about product updates and promotions (with your consent).
6. Automated Decision-Making & Profiling
We may use automated systems for:
- Fraud detection and security monitoring.
- Identity verification and risk assessments (e.g., KYC checks).
Users have the right to request human intervention if they believe an automated decision affects them significantly.
7. Disclosure of Your Information to Third Parties
We do not sell your personal data. However, we may share your data with:
- Affiliates and legal/regulatory authorities as required.
- Third-party service providers, including:
- Hosting providers (Vercel)
- Identity verification (Web3Auth)
- AML/KYC screening (Chainalysis)
- Data analytics (Google Analytics)
- Payment processors (Coinbase)
- Customer support (HubSpot)
- Transaction processors (Pimlico)
Third-party services are governed by their own privacy policies. We take appropriate safeguards to ensure data protection compliance.
8. International Data Transfers
Your personal data may be transferred outside the European Economic Area (EEA) or the United Kingdom (UK). When such transfers occur, we ensure compliance through:
- Adequacy decisions (where applicable).
- Standard Contractual Clauses (SCCs) with third-party providers.
You may request more details on data transfer mechanisms by contacting us.
9. Data Retention
We retain personal data based on:
- Regulatory requirements: AML/KYC laws may require retention for a minimum of 5 years.
- Operational needs: We retain transactional data for at least 7 years to comply with financial reporting laws.
- User requests: If you delete your account, we may still retain data for legal and security purposes.
10. Your Rights
You have the following rights regarding your personal data:
- Right to Access: Request a copy of your personal data.
- Right to Correction: Update inaccurate or incomplete data.
- Right to Erasure: Request deletion of your personal data (subject to legal obligations).
- Right to Restriction: Limit how we process your data.
- Right to Object: Object to processing based on legitimate interests.
- Right to Withdraw Consent: Withdraw consent where applicable.
- Right to Data Portability: Request data in a structured format.
- Right to Lodge a Complaint: File a complaint with a data protection authority.
To exercise these rights, please contact us at legal@upsave.io. We will respond within 30 days, subject to legal and identity verification requirements.
11. Security Measures
We implement strict security measures, including:
- Data encryption and secure access controls.
- Regular security audits and compliance monitoring.
- Restricted access to personal data on a need-to-know basis.
12. Data Breach Notification
In the event of a data breach affecting your personal data, we will notify affected users and relevant authorities as required by law.
13. Children's Data
Our services are not intended for individuals under 18 years of age, and we do not knowingly collect data from minors. If we become aware of such data, we will delete it promptly.
14. Contact Us
For privacy-related inquiries, contact our Privacy Officer:
- Email: legal@upsave.io
- Postal Address: UPSAVE - Délégué à la Protection des Données, Mitwit Nice Gare Thiers, 21 Av. Thiers, 06000 Nice, France