Privacy Policy
1. Introduction & Scope
This Privacy Policy explains how APEXTRADE Spółka z ograniczoną odpowiedzialnością, trading as APEXTRADE ("APEXTRADE", "we", "us", "our"), collects, uses, discloses, and protects personal data when you visit our website, create an account, or use our digital asset exchange services (the "Services").
We process personal data in accordance with Regulation (EU) 2016/679 (the "GDPR"), the Polish Act of 10 May 2018 on the Protection of Personal Data, and other applicable data protection and financial‑crime laws, including the Polish Act of 1 March 2018 on Counteracting Money Laundering and Terrorist Financing ("AML Act").
By using our Services you acknowledge that your personal data will be processed as described in this Policy. If you do not agree, please do not use the Services.
2. Data Controller
The data controller responsible for your personal data is:
APEXTRADE Sp. z o.o.
ul. Długa 29, 00-238 Warszawa, Poland
KRS: 0001063362 · NIP: 5242986645 · REGON: 526654020
Email: info@tiontrade.com
For any question about this Policy, or to exercise the rights described in Section 12, you can contact us at the address above. Where the appointment of a formal Data Protection Officer is required by Article 37 GDPR given the scope of our processing activities, that officer can be reached at the same email address.
3. Personal Data We Collect
We collect the following categories of personal data:
- Identity data: full name, date of birth, nationality, government‑issued ID or passport details, a photograph or selfie used for identity verification, and signature.
- Contact data: residential address, email address, and telephone number.
- Financial & transaction data: bank account and SEPA transfer details, wallet addresses, deposit and withdrawal history, order and trade history, and source‑of‑funds information collected as part of due diligence.
- Verification data: outcomes of identity checks, sanctions and politically exposed person (PEP) screening results, and risk classification.
- Technical data: IP address, device identifiers, browser type, operating system, and general usage data collected via our website.
- Communications data: the content of support requests, emails, and any other correspondence with us.
We do not intentionally collect special categories of data (Article 9 GDPR) except where a photograph submitted for identity verification may incidentally reveal such data; this is processed solely to confirm your identity and prevent fraud.
4. How We Collect Your Data
We collect personal data:
- directly from you, when you register, complete identity verification (KYC), place an order, or contact support;
- automatically, through cookies and similar technologies when you use our website (see Section 7);
- from third parties, including identity‑verification and anti‑fraud providers, payment service providers and banks, and public sanctions or PEP databases used for legally required screening.
5. Legal Basis & Purposes of Processing
We rely on the following legal bases under Article 6(1) GDPR:
- Performance of a contract (Art. 6(1)(b)) — to create and administer your account, execute trades, process deposits and withdrawals, and provide customer support.
- Compliance with a legal obligation (Art. 6(1)(c)) — to carry out identity verification (KYC), monitor transactions, screen against sanctions and PEP lists, retain records, and report to competent authorities as required by AML/CTF law and tax law.
- Legitimate interests (Art. 6(1)(f)) — to prevent fraud and abuse, secure our systems, improve our Services, and enforce our Terms & Conditions. We balance these interests against your rights and freedoms before relying on them.
- Consent (Art. 6(1)(a)) — for optional activities such as marketing communications, which you may withdraw at any time without affecting the lawfulness of prior processing.
6. Automated Decision‑Making
We use automated tools to screen transactions and accounts for indicators of fraud, money laundering, or sanctions exposure, as described in our Fraud Policy. Where such screening results in a decision that produces legal effects concerning you — such as a suspended withdrawal or account restriction — you have the right, under Article 22 GDPR, to request human review, express your point of view, and contest the decision by contacting info@tiontrade.com.
9. International Data Transfers
Where a recipient described in Section 8 is located outside the European Economic Area, we ensure an adequate level of protection through the European Commission's Standard Contractual Clauses, an applicable adequacy decision, or another safeguard recognised under Chapter V GDPR. You may request a copy of the relevant safeguard by contacting us.
10. Data Retention
We retain identity‑verification, account, and transaction records for the duration of our business relationship with you and for 5 years following its end, in accordance with Article 49 of the Polish AML Act. Where a longer retention period is required by tax, accounting, or other applicable law, or is necessary to establish, exercise, or defend legal claims, we will retain the relevant data for that longer period. Data collected only on the basis of consent (e.g. marketing) is retained until you withdraw consent.
11. Data Security
We apply technical and organisational measures appropriate to the risk, including encryption of data in transit and at rest, role‑based access controls, multi‑factor authentication for internal systems, network monitoring, and regular staff training on data protection. No system is completely secure; if we become aware of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority and, where required, affected individuals, in accordance with Articles 33–34 GDPR.
12. Your Rights Under the GDPR
Subject to the conditions set out in the GDPR, you have the right to:
- request access to the personal data we hold about you (Art. 15);
- request rectification of inaccurate or incomplete data (Art. 16);
- request erasure of your data, where applicable (Art. 17) — note that AML/CTF retention obligations may limit this right while a statutory retention period applies;
- request restriction of processing (Art. 18);
- receive your data in a structured, portable format (Art. 20);
- object to processing based on legitimate interests, including profiling (Art. 21);
- withdraw consent at any time, without affecting prior processing (Art. 7(3)); and
- lodge a complaint with the Polish data protection authority, the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych, "UODO"), ul. Stawki 2, 00-193 Warszawa, uodo.gov.pl, or with the supervisory authority of your EU member state of residence.
To exercise any of these rights, contact info@tiontrade.com. We will respond within one month, as required by Article 12(3) GDPR, and may need to verify your identity before actioning a request.
13. Children's Privacy
Our Services are not directed at, and are not available to, individuals under the age of 18. We do not knowingly collect personal data from minors. If we learn that we have inadvertently collected such data, we will delete it promptly.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will post the updated version on this page with a revised "Last updated" date and, where changes are material, notify you by email or through an in‑product notice before they take effect.
15. Contact Us
Questions, requests, or complaints regarding this Privacy Policy can be sent to info@tiontrade.com or by post to APEXTRADE Sp. z o.o., ul. Długa 29, 00-238 Warszawa, Poland.
