Licensed Virtual Asset Service Provider (VASP) — Poland | KRS: 0001142506

Privacy Policy

Last updated: 2025-11-18

1. Introduction

This Privacy Policy explains how Coinexus Sp. z o.o. ("Coinexus", "we", "us", "the Company") processes and protects personal data in accordance with the General Data Protection Regulation (GDPR), Polish data-protection law, and AML/CTF regulatory requirements applicable to Virtual Asset Service Providers (VASPs).

By using our services, you acknowledge that your data is processed as described in this Policy.

2. Data Controller

Coinexus Sp. z o.o.

Juliana Tuwima 48, unit 11,
90-021 Łódź, Poland

KRS: 0001142506
NIP: 7252530538
REGON: 540348512

Email: compliance@coinexus.vip

3. Categories of Personal Data Processed

We process only the data necessary for providing regulated OTC exchange services, including:

3.1 Identification Data

  • Full name
  • Date of birth
  • Nationality
  • Government-issued ID or passport
  • Proof of address

3.2 Verification & Compliance Data

  • Source-of-Funds / Source-of-Wealth documentation
  • Sanctions & PEP screening results
  • Risk assessment results
  • Enhanced Due Diligence (EDD) documentation
  • Transaction monitoring data

3.3 Communication Data

  • Email address, phone number
  • Correspondence with our compliance team

3.4 Transaction Data

  • Bank account details (client-owned only)
  • Transaction purpose & supporting documents

We do not collect unnecessary or excessive data.

4. Legal Basis for Processing

Coinexus processes personal data based on:

  • Article 6(1)(c) GDPR – legal obligation under AML/CTF laws (EU 5AMLD/6AMLD, Polish AML Act)
  • Article 6(1)(b) GDPR – performance of a service agreement
  • Article 6(1)(f) GDPR – legitimate interest in ensuring secure and compliant operations

Certain data may also be processed under:

  • Article 9(2)(g) GDPR – substantial public interest in preventing money laundering and terrorist financing

5. Purpose of Processing

Personal data is processed strictly for:

  • Client onboarding and identity verification
  • Sanctions and PEP screening
  • Source-of-Funds / Source-of-Wealth checks
  • Ongoing monitoring of transactions
  • Fraud prevention and AML/CTF compliance
  • Regulatory reporting duties
  • Secure OTC transaction execution
  • Communication with clients

Coinexus does not use client data for marketing, advertising, or profiling unrelated to compliance.

6. Data Sharing

Data may be shared only when legally required, including:

  • Polish Financial Intelligence Unit (GIIF)
  • Law-enforcement authorities
  • Regulatory bodies
  • Banking partners for transaction execution
  • Compliance service providers (e.g., Allpass.ai for KYC/KYT)

All partners operate under strict confidentiality and GDPR-compliant agreements.

Coinexus never sells or transfers data for commercial purposes.

7. Data Storage & Security

We apply industry-standard security protocols to protect data, including:

  • Encryption at rest and in transit
  • Restricted access control
  • Secure storage of ID documents
  • Audit logs and monitoring
  • Internal policies for data governance

8. Data Retention Period

As required by EU 5AMLD / Polish AML Act, all AML/KYC data must be retained for:

5 years

after termination of the business relationship or completion of a transaction.

After this period, data is securely deleted unless further retention is required by law.

9. International Transfers

Coinexus stores data within the European Economic Area (EEA).

If transfers outside the EEA occur (e.g., compliance partners), they are conducted only under:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions
  • GDPR-compliant safeguards

10. Client Rights Under GDPR

Clients may request:

  • Access to their data
  • Correction of inaccurate data
  • Restriction of processing in specific cases
  • A copy of their data ("data portability")

Important:

Under AML regulations, Coinexus may not delete or erase compliance data during the legal retention period.

Requests may be sent to: compliance@coinexus.vip

11. Cookies

The Coinexus website uses only minimal technical cookies necessary for website functionality.

We do not use advertising, tracking, or analytics cookies.

12. Changes to This Policy

Coinexus may update this Policy when required by regulatory changes.

The latest version will always be published on our website with the updated date.

13. Contact

For any privacy-related inquiries:
compliance@coinexus.vip

© 2025 Coinexus. All rights reserved.

COINEXUS Sp. z o.o. — KRS 0001142506 | NIP 7252350358 | REGON 540348512

Registered office: Juliana Tuwima 48, unit 11, 90-021 Łódź, Poland

Licensed Virtual Asset Service Provider (VASP) — License number RDWW-1750

Supervised by the Polish Financial Intelligence Unit (GIIF)

We use only essential cookies required for site functionality. By using our site, you agree to this.

    Made with Emergent