Privacy Policy

This Privacy Policy explains how Montes Auri Ltd (Registration Number: 008/23), with its registered office at Agias Zonis 63, 1st floor, Limassol, Cyprus (referred to as “we,” “us,” “our,” or the “Company”), collects, uses, discloses, and protects your personal data when you access or use the services provided under the CASPS platform.We are committed to protecting your privacy and handling your personal data in a transparent and secure manner in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Who We Are – Data Controller
‍
The data controller for your personal information is:
Montes Auri Ltd Agias Zonis 63, 1st Floor Limassol, Cyprus
Email: [email protected] Phone +357 22 222 046

2. Purpose of This Policy
‍
This Privacy Policy explains how we collect, use, process, and protect personal data in accordance with:
● GDPR (EU) 2016/679
● AML/CFT legislation (AMLD5/6)
● MiCA regulatory framework
● CySEC requirements**3. Categories of Personal Data**
3.1 Identification Data
● Full name, date of birth, nationality
● Government-issued ID (passport, ID card, driver’s licence)
3.2 Contact Data
● Email address
● Phone number
● Residential address
3.3 Financial & Transaction Data
● Wallet addresses
● Transaction history
● Payment methods and banking details
3.4 KYC / AML Data
● Source of funds
● Purpose of transactions
● Occupation and expected activity
● PEP and sanctions screening results
● Risk scoring and profiling data
3.5 Technical & Usage Data
● IP address
● Device and browser information
● Login activity and system logs
3.6 Blockchain Data
Transactions conducted via blockchain networks may be publicly visible and immutable, and may indirectly identify individuals when combined with other datasets.**4. How We Collect Data**
We collect personal data:
● Directly from you (registration, onboarding, transactions)
● From third parties (KYC providers, payment processors, fraud detection tools)
● From public sources (blockchain, sanctions lists)
● Automatically via cookies and analytics tools**5. Legal Basis for Processing**
Purpose Legal Basis
Account creation & service provision Contractual necessity
KYC / AML compliance Legal obligation
Fraud prevention & security Legitimate interest
Risk scoring & monitoring Legal obligation + legitimate interest
Marketing Consent
Analytics Consent / legitimate interest**6. How We Use Personal Data**
We process personal data to:
● Provide crypto-asset services
● Perform identity verification (KYC/KYB)
● Conduct AML/CFT monitoring and reporting
● Perform risk assessment and fraud detection
● Comply with regulatory obligations
● Improve services and user experience
● Communicate with users**7. Automated Decision-Making & Profiling**
We use automated systems for:
● Customer risk scoring
● Fraud detection
● Transaction monitoring
These processes may impact service access. You may request human review where applicable.**8. Sharing of Personal Data**
We may share data with:
● Regulators (e.g. CySEC, Financial Intelligence Units)
● KYC/AML providers (e.g. identity verification vendors)
● Payment service providers
● Cloud and IT service providers
● Legal, audit, and compliance advisors
We may also disclose data:
● To comply with legal obligations
● For fraud prevention and investigations
● In case of corporate restructuring
All disclosures are subject to appropriate safeguards.**9. International Data Transfers**
Where data is transferred outside the EEA, we ensure safeguards such as:
● EU Standard Contractual Clauses (SCCs)
● Transfers to jurisdictions with adequacy decisions**10. Data Retention**
We retain personal data:
● Minimum 5 years after the end of the business relationship (AML requirement)
● Up to 10 years where required by law or regulators
Certain data (e.g. KYC, transaction records) cannot be deleted during mandatory retention periods.**11. Data Security**
We implement:
● Encryption of data in transit and at rest
● Access controls and authentication mechanisms
● Monitoring and intrusion detection systems
● Secure infrastructure and storage**12. Your Rights (GDPR)**
You have the right to:
● Access your personal data
● Rectify inaccuracies
● Request erasure (subject to legal limits)
● Restrict processing
● Object to processing
● Data portability
● Withdraw consent
Note: Some rights may be restricted due to AML/legal obligations.**13. Marketing**
You will only receive marketing communications if:
● You have provided consent, or
● It is otherwise permitted by law
You may opt out at any time.**14. Cookies**
We use cookies as described in our Cookie Policy, including for analytics and functionality.**15. Children**
Our services are not intended for individuals under 18. We do not knowingly collect data from minors.**16. Complaints**
You have the right to lodge a complaint with:
Office of the Commissioner for Personal Data Protection (Cyprus)
We recommend contacting us first at:Email: [email protected]
Website: https://www.dataprotection.gov.cy
Phone: +357 22818456**17. Changes to This Policy**
We may update this Privacy Policy periodically. Updates will be published with a revised date.