Privacy Policy

1. Introduction & Scope

This Privacy Policy explains how APEXTRADE Spółka z ograniczoną odpowiedzialnością, trading as APEXTRADE ("APEXTRADE", "we", "us", "our"), collects, uses, discloses, and protects personal data when you visit our website, create an account, or use our digital asset exchange services (the "Services").

We process personal data in accordance with Regulation (EU) 2016/679 (the "GDPR"), the Polish Act of 10 May 2018 on the Protection of Personal Data, and other applicable data protection and financial‑crime laws, including the Polish Act of 1 March 2018 on Counteracting Money Laundering and Terrorist Financing ("AML Act").

By using our Services you acknowledge that your personal data will be processed as described in this Policy. If you do not agree, please do not use the Services.

2. Data Controller

The data controller responsible for your personal data is:

APEXTRADE Sp. z o.o.
ul. Długa 29, 00-238 Warszawa, Poland
KRS: 0001063362 · NIP: 5242986645 · REGON: 526654020
Email: info@tiontrade.com

For any question about this Policy, or to exercise the rights described in Section 12, you can contact us at the address above. Where the appointment of a formal Data Protection Officer is required by Article 37 GDPR given the scope of our processing activities, that officer can be reached at the same email address.

3. Personal Data We Collect

We collect the following categories of personal data:

  • Identity data: full name, date of birth, nationality, government‑issued ID or passport details, a photograph or selfie used for identity verification, and signature.
  • Contact data: residential address, email address, and telephone number.
  • Financial & transaction data: bank account and SEPA transfer details, wallet addresses, deposit and withdrawal history, order and trade history, and source‑of‑funds information collected as part of due diligence.
  • Verification data: outcomes of identity checks, sanctions and politically exposed person (PEP) screening results, and risk classification.
  • Technical data: IP address, device identifiers, browser type, operating system, and general usage data collected via our website.
  • Communications data: the content of support requests, emails, and any other correspondence with us.

We do not intentionally collect special categories of data (Article 9 GDPR) except where a photograph submitted for identity verification may incidentally reveal such data; this is processed solely to confirm your identity and prevent fraud.

4. How We Collect Your Data

We collect personal data:

  • directly from you, when you register, complete identity verification (KYC), place an order, or contact support;
  • automatically, through cookies and similar technologies when you use our website (see Section 7);
  • from third parties, including identity‑verification and anti‑fraud providers, payment service providers and banks, and public sanctions or PEP databases used for legally required screening.

6. Automated Decision‑Making

We use automated tools to screen transactions and accounts for indicators of fraud, money laundering, or sanctions exposure, as described in our Fraud Policy. Where such screening results in a decision that produces legal effects concerning you — such as a suspended withdrawal or account restriction — you have the right, under Article 22 GDPR, to request human review, express your point of view, and contest the decision by contacting info@tiontrade.com.

7. Cookies & Analytics

Our website uses strictly necessary cookies required for core functionality (such as keeping you logged in and remembering security preferences) and privacy‑oriented, cookieless analytics to understand general traffic patterns and improve the site. Our analytics provider does not use tracking cookies or collect data that identifies you individually, and does not sell or share data with advertising networks.

Where we introduce any non‑essential cookies or tracking technology in the future, we will request your prior consent through a cookie banner in accordance with Polish Telecommunications Law and the ePrivacy Directive, and update this section accordingly.

8. Data Sharing & Recipients

We disclose personal data only to the following categories of recipients:

  • identity‑verification, fraud‑prevention, and sanctions‑screening providers acting on our behalf;
  • banks and payment service providers necessary to process SEPA transfers and other payments;
  • cloud hosting, IT infrastructure, and customer‑support software providers, acting as our data processors under Article 28 GDPR data processing agreements;
  • professional advisers such as auditors, insurers, and legal counsel;
  • competent authorities — including the Polish Financial Intelligence Unit (GIIF), the Polish Financial Supervision Authority (KNF), tax authorities, and law enforcement — where required by law or a valid legal request; and
  • a successor entity in the event of a merger, acquisition, or reorganisation, subject to equivalent confidentiality protections.

We do not sell your personal data.

9. International Data Transfers

Where a recipient described in Section 8 is located outside the European Economic Area, we ensure an adequate level of protection through the European Commission's Standard Contractual Clauses, an applicable adequacy decision, or another safeguard recognised under Chapter V GDPR. You may request a copy of the relevant safeguard by contacting us.

10. Data Retention

We retain identity‑verification, account, and transaction records for the duration of our business relationship with you and for 5 years following its end, in accordance with Article 49 of the Polish AML Act. Where a longer retention period is required by tax, accounting, or other applicable law, or is necessary to establish, exercise, or defend legal claims, we will retain the relevant data for that longer period. Data collected only on the basis of consent (e.g. marketing) is retained until you withdraw consent.

11. Data Security

We apply technical and organisational measures appropriate to the risk, including encryption of data in transit and at rest, role‑based access controls, multi‑factor authentication for internal systems, network monitoring, and regular staff training on data protection. No system is completely secure; if we become aware of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority and, where required, affected individuals, in accordance with Articles 33–34 GDPR.

12. Your Rights Under the GDPR

Subject to the conditions set out in the GDPR, you have the right to:

  • request access to the personal data we hold about you (Art. 15);
  • request rectification of inaccurate or incomplete data (Art. 16);
  • request erasure of your data, where applicable (Art. 17) — note that AML/CTF retention obligations may limit this right while a statutory retention period applies;
  • request restriction of processing (Art. 18);
  • receive your data in a structured, portable format (Art. 20);
  • object to processing based on legitimate interests, including profiling (Art. 21);
  • withdraw consent at any time, without affecting prior processing (Art. 7(3)); and
  • lodge a complaint with the Polish data protection authority, the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych, "UODO"), ul. Stawki 2, 00-193 Warszawa, uodo.gov.pl, or with the supervisory authority of your EU member state of residence.

To exercise any of these rights, contact info@tiontrade.com. We will respond within one month, as required by Article 12(3) GDPR, and may need to verify your identity before actioning a request.

13. Children's Privacy

Our Services are not directed at, and are not available to, individuals under the age of 18. We do not knowingly collect personal data from minors. If we learn that we have inadvertently collected such data, we will delete it promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will post the updated version on this page with a revised "Last updated" date and, where changes are material, notify you by email or through an in‑product notice before they take effect.

15. Contact Us

Questions, requests, or complaints regarding this Privacy Policy can be sent to info@tiontrade.com or by post to APEXTRADE Sp. z o.o., ul. Długa 29, 00-238 Warszawa, Poland.