Privacy Policy
Introduction
This Privacy Policy explains how Montes Auri Ltd (Company Registration No. HE428773), with its registered office at Agias Zonis 63, 1st Floor, Limassol, Cyprus ("Montes Auri", "Company", "we", "our" or "us"), collects, uses, stores and protects your personal data when you visit our website, contact us, or use our products and services. We are committed to processing personal data fairly, lawfully and transparently in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and other applicable data protection laws.
1. Who We Are – Data Controller
The data controller for your personal information is:
Montes Auri Ltd Agias Zonis 63, 1st Floor Limassol, Cyprus
Email: [email protected]
Phone +357 22 222 046
2. Purpose of This Policy
This Privacy Policy explains how we collect, use, process, and protect personal data in accordance with:
● GDPR (EU) 2016/679
● AML/CFT legislation (AMLD5/6)
● Applicable European Union financial services legislation, where relevant.
● Applicable legal and regulatory requirements.
3. Categories of Personal Data
3.1 Identification Data
● Full name, date of birth, nationality
● Government-issued ID (passport, ID card, driver’s licence)
3.2 Contact Data
● Email address
● Phone number
● Residential address
3.3 Financial & Transaction Data
● Wallet addresses
● Transaction history
● Payment methods and banking details
3.4 KYC / AML Data
● Source of funds
● Purpose of transactions
● Occupation and expected activity
● PEP and sanctions screening results
● Risk scoring and profiling data
3.5 Technical & Usage Data
● IP address
● Device and browser information
● Login activity and system logs
3.6 Blockchain Data
Transactions conducted via blockchain networks may be publicly visible and immutable, and may indirectly identify individuals when combined with other datasets.
4. How We Collect Data
We collect personal data:
● Directly from you (registration, onboarding, transactions)
● From third parties (KYC providers, payment processors, fraud detection tools)
● From public sources (blockchain, sanctions lists)
● Automatically via cookies and analytics tools
5. Legal Basis for Processing
Purpose: Account creation & service provision
Legal Basis: Contractual necessity
Purpose: KYC / AML compliance
Legal Basis: Legal obligation
Purpose: Fraud prevention & security
Legal Basis: Legitimate interest
Purpose: Risk scoring & monitoring
Legal Basis: Legal obligation + legitimate interest
Purpose: Marketing
Legal Basis: Consent
Purpose: Analytics
Legal Basis: Consent / legitimate interest
6. How We Use Personal Data
We process personal data to:
● Provide our products and services.
● Perform identity verification (KYC/KYB)
● Conduct AML/CFT monitoring and reporting
● Perform risk assessment and fraud detection
● Comply with regulatory obligationsImprove services and user experience
● Communicate with users
7. Automated Decision-Making & Profiling
We use automated systems for:
● Customer risk scoring
● Fraud detectionTransaction monitoring
These processes may impact service access. You may request human review where applicable.
8. Sharing of Personal Data
We may share data with:
● Regulators (e.g. CySEC, Financial Intelligence Units)
● KYC/AML providers (e.g. identity verification vendors)
● Payment service providers
● Cloud and IT service providers
● Legal, audit, and compliance advisors
We may also disclose data:
● To comply with legal obligations
● For fraud prevention and investigations
● In case of corporate restructuring
All disclosures are subject to appropriate safeguards.
9. International Data Transfers
Where data is transferred outside the EEA, we ensure safeguards such as:
● EU Standard Contractual Clauses (SCCs)
● Transfers to jurisdictions with adequacy decisions
10. Data Retention
We retain personal data:
● Minimum 5 years after the end of the business relationship (AML requirement)
● Up to 10 years where required by law or regulators
Certain data (e.g. KYC, transaction records) cannot be deleted during mandatory retention periods.
11. Data Security
We implement:
● Encryption of data in transit and at rest
● Access controls and authentication mechanisms
● Monitoring and intrusion detection systems
● Secure infrastructure and storage
12. Your Rights (GDPR)
You have the right to:
● Access your personal data
● Rectify inaccuracies
● Request erasure (subject to legal limits)Restrict processing
● Object to processing
● Data portability
● Withdraw consent
Note: Some rights may be restricted due to AML/legal obligations.
13. Marketing
You will only receive marketing communications if:
● You have provided consent, or
● It is otherwise permitted by lawYou may opt out at any time.
14. Cookies
We use cookies as described in our Cookie Policy, including for analytics and functionality.
15. Children
Our services are not intended for individuals under 18. We do not knowingly collect data from minors.
16. Complaints
You have the right to lodge a complaint with:
Office of the Commissioner for Personal Data Protection (Cyprus)
We recommend contacting us first at:
Email:
[email protected]
Website:
https://www.dataprotection.gov.cy
Phone: +357 22818456
17. Changes to This Policy
We may update this Privacy Policy periodically. Updates will be published with a revised date.