Privacy Policy

This Privacy Policy explains how Montes Auri Ltd (Company Registration No. HE428773), with its registered office at Agias Zonis 63, 1st Floor, Limassol, Cyprus ("Montes Auri", "Company", "we", "our" or "us"), collects, uses, stores and protects your personal data when you visit our website, contact us, or use our products and services. We are committed to processing personal data fairly, lawfully and transparently in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and other applicable data protection laws.

1. Who We Are – Data Controller

The data controller for your personal information is:

    Montes Auri Ltd Agias Zonis 63, 1st Floor Limassol, Cyprus
    Email: [email protected]
    Phone:+357 22 222 046

2. Purpose of This Policy

This Privacy Policy explains how we collect, use, process, and protect personal data in accordance with:

    ● GDPR (EU) 2016/679
    ● AML/CFT legislation (AMLD5/6)
    ● Applicable European Union financial services legislation, where relevant.
    ● Applicable legal and regulatory requirements.

3. Categories of Personal Data


3.1 Identification Data


     ● Full name, date of birth, nationality
     ● Government-issued ID (passport, ID card, driver’s licence)

3.2 Contact Data

    ● Email address
    ● Phone number
    ● Residential address

3.3 Financial & Transaction Data


    ● Wallet addresses
    ● Transaction history
    ● Payment methods and banking details

3.4 KYC / AML Data

    ● Source of funds
    ● Purpose of transactions
    ● Occupation and expected activity
    ● PEP and sanctions screening results
    ● Risk scoring and profiling data

3.5 Technical & Usage Data


    ● IP address
    ● Device and browser information
    ● Login activity and system logs

3.6 Blockchain Data

Transactions conducted via blockchain networks may be publicly visible and immutable, and may indirectly identify individuals when combined with other datasets.

4. How We Collect Data

We collect personal data:

    ● Directly from you (registration, onboarding, transactions)
    ● From third parties (KYC providers, payment processors, fraud detection tools)
    ● From public sources (blockchain, sanctions lists)
    ● Automatically via cookies and analytics tools

5. Legal Basis for Processing

    Purpose: Account creation & service provision
    Legal Basis: Contractual necessity
    Purpose: KYC / AML compliance
    Legal Basis: Legal obligation
    Purpose: Fraud prevention & security
    Legal Basis: Legitimate interest
    Purpose: Risk scoring & monitoring
    Legal Basis: Legal obligation + legitimate interest
    Purpose: Marketing
    Legal Basis:  Consent
    Purpose: Analytics
    Legal Basis: Consent / legitimate interest

6. How We Use Personal Data


We process personal data to:

    ● Provide crypto-asset services
    ● Perform identity verification (KYC/KYB)
    ● Conduct AML/CFT monitoring and reporting
    ● Perform risk assessment and fraud detection
    ● Comply with regulatory obligations
    ● Improve services and user experience
    ● Communicate with users

7. Automated Decision-Making & Profiling

We use automated systems for:

    ● Customer risk scoring
    ● Fraud detection
    ● Transaction monitoring

These processes may impact service access. You may request human review where applicable.

8. Sharing of Personal Data


We may share data with:

    ● Regulators (e.g. CySEC, Financial Intelligence Units)
    ● KYC/AML providers (e.g. identity verification vendors)
    ● Payment service providers
    ● Cloud and IT service providers
    ● Legal, audit, and compliance advisors

We may also disclose data:

    ● To comply with legal obligations
    ● For fraud prevention and investigations
    ● In case of corporate restructuring

All disclosures are subject to appropriate safeguards.

9. International Data Transfers


Where data is transferred outside the EEA, we ensure safeguards such as:

    ● EU Standard Contractual Clauses (SCCs)
    ● Transfers to jurisdictions with adequacy decisions

10. Data Retention


We retain personal data:

    ● Minimum 5 years after the end of the business relationship (AML requirement)
    ● Up to 10 years where required by law or regulators

Certain data (e.g. KYC, transaction records) cannot be deleted during mandatory retention periods.

11. Data Security


We implement:

    ● Encryption of data in transit and at rest
    ● Access controls and authentication mechanisms
    ● Monitoring and intrusion detection systems
    ● Secure infrastructure and storage

12. Your Rights (GDPR)


You have the right to:

    ● Access your personal data
    ● Rectify inaccuracies
    ● Request erasure (subject to legal limits)
    ● Restrict processing
    ● Object to processing
    ● Data portability
    ● Withdraw consent

Note: Some rights may be restricted due to AML/legal obligations.

13. Marketing


You will only receive marketing communications if:

    ● You have provided consent, or
    ● It is otherwise permitted by law

You may opt out at any time.

14. Cookies


We use cookies as described in our Cookie Policy, including for analytics and functionality.

15. Children


Our services are not intended for individuals under 18. We do not knowingly collect data from minors.

16. Complaints


You have the right to lodge a complaint with:

    Office of the Commissioner for Personal Data Protection (Cyprus)
    Email: [email protected]
     Website:
https://www.dataprotection.gov.cy
    Phone: +357 22818456

We recommend contacting us first at:

    ● Email: [email protected]
    ● Phone:+357 22 222 046

17. Changes to This Policy

We may update this Privacy Policy periodically. Updates will be published with a revised date.