This Privacy Policy was last updated on 07/14/2022

Thank you for joining the GalaXia Digital Platform (the “Platform”).

The purpose of this document (“Disclosure”) is to inform the data subject (“Data Subject”) about how his/her personal data as better described below (“Personal Data”) will be collected and processed by the Data Controller as defined below in accordance with the obligations set forth in Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter the “GDPR”) and in further applicable data protection regulations.

This Policy may be amended at any time without obligation and at the sole discretion of the Data Controller, in whole or in part, by updating it. In such case, the Data Controller will give notice by posting it on the Site (as defined below), at which time the aforementioned changes will become effective and binding on the Data Subject. To the extent permitted by law, if the Interested Party continues to use the Site and its services after an amendment has become effective, his or her access and/or use of the services will be deemed to be an implied acceptance of the amended Policy and the obligations arising therefrom. The amended version supersedes all previous versions of the Policy.

This Policy has been prepared on the basis of the principle of transparency and all elements required by the GDPR.

Defined terms, if not contained in this Disclosure, refer to the General Terms and Conditions for the use of GalaXia Digital services (the “Agreement”) and shall be deemed to be directly incorporated herein.

1)Data Controller.

The data controller is GalaXia Digital S.r.l., located at Via Consiglio dei Sessanta n 99, 47891 Dogana, Rsm (the “Data Controller”). The website of the Data Controller is https://www.galaxiadigital.io (the “Site”). The data controller is Brian Bianchi and can be contacted at the e-mail address given in Section 11 below.

2)Nature of the data

The types of Personal Data relating to the Data Subject collected by the Data Controller, including through the Site, are:

1. 1. Personal and contact data such as, for example, first name, last name, e-mail address and/or cell phone number that the Data Subject provides to the Data Controller;
   2. Other personal data of the Interested Party that the Controller will collect with respect to the Interested Party for the identification of the Interested Party and the fulfillment of the legal obligations applicable to the Interested Party, including, work activity carried out by the Interested Party, the extent of the Interested Party’s assets, copy of the identification document, data relating to the status and/or family relationships of the Interested Party (e.g., with reference to the notion of politically exposed person as defined under D. Legislative Decree 231/2007), banking data such as, for example, the IBAN coordinates of a bank account in the name of the Interested Party and/or data relating to individual transactions made through the Holder and/or wallet data;
   3. Data collected automatically during the use of the Site and/or Platform by the Data Subject as a result of the use of technology necessary for the operation of the Site and/or Platform. This is information that is not collected in order to be associated with identified Data Subjects, but which, by its very nature, could, through processing and association with personal data held by third parties, make it possible to identify Data Subjects. This category includes IP addresses, or the domain names used by Interested Parties connecting to the Site, the addresses in URI (Uniform Resource Identifier) notation of the resources requested, the time of the request, the method used in submitting the request to the server, the size of the file obtained, etc;
   4. Data collected through the use of cookies and other technologies that provide for the collection of Personal Data about the pages, links activated and other actions performed to use the Site and/or the Platform. These are stored to be retransmitted on subsequent visits by the same Data Subject;
   5. Data collected in performance of services that are provided from time to time by the Data Controller and that may change over time;
   6. Data collected to take advantage of Third Party Services for which, however, the Data Controller refers to the acceptance of the relevant terms of use and privacy policies provided by the companies with which the Data Controller has entered into agreements or forms of partnership;
   7. Data collected to compile the Register of Names ex art. 13 of the Contract.

3) Purposes of processing.

The Personal Data collected may be used for the fulfillment of contractual obligations, pre-contractual obligations and any other obligation arising from a rule of law. Contractual obligations include the following activities :

1. activation and management of the Data Subject’s access profile to the Site and/or Platform or applications developed by the Controller and made available to the Data Subject;
2. management of the relationship between the Data Controller and the Data Subject;
3. fulfillment of legal obligations including, in particular, the fulfillment of know-your-customer and anti-money laundering obligations (in particular the provisions of Legislative Decree 231/2007);
4. onboarding of the Interested Party pursuant to Article 4.2 of the Contract;
5. obtaining access Credentials to the Platform;
6. compilation of the Register of Names without any obligation on the part of the Owner to obtain consent from the Recipients, this obligation being incumbent on the Platform User;
7. monitoring the proper functioning of the Site, the Platform and the services offered (including combating fraud);
8. giving feedback to a question of the Data Subject;
9. offering customer care, commercial and technical support services;
10. sending commercial communications, marketing, newsletters having to do with the services offered by the Data Controller or proposed by Third Party Service providers;
11. data management for purposes related to the protection of the Owner in judicial and extrajudicial venues;
12. conducting market research, satisfaction analysis and comments on the Site and the Platform;
13. communications of the Data Subject’s Personal Data to one or more competent authorities or processing them to comply with legal, regulatory, or EU law obligations;
14. Database management of Data Subjects: to organize, access and modify Data Subject’s data;
15. Analysis purposes: to analyze the characteristics of data traffic related to the Site and/or Platform;
16. Communication of Personal Data for periodic reporting purposes, provided for in the AML Regulations, to the OAM and/or other competent authorities.

4) Data Processing.

The processing of Personal Data will be carried out by means of analogical instruments, including computerised instruments, with organisational and logical methods strictly related to the purposes indicated in Article 3 above. The Data Controller may, if necessary, entrust third parties with the processing of Personal Data also by virtue of special appointment as data processors by the Data Controller. By way of example, the hosting service provider for the operation of the Site and/or the Platform as well as other service providers functional to the maintenance of the Site, the Platform and/or the provision of other services by the Data Controller may be called upon to process Personal Data of the Data Subject.

In particular, for certain fulfilments required by the regulations set forth in Legislative Decree 231/2007 (Concerning the prevention of the use of the financial system for the purpose of laundering the proceeds of criminal activities and the financing of terrorism) the company _____ has been appointed as external data processor The Personal Data subject to processing are: Biographical and contact data as well as other Personal Data of the Data Subject (e.g., work performed and income and asset data, bank data, etc.).

For more information, the Data Subject may contact the Controller through the references indicated in paragraph 11 below.

The Data Controller is a company specializing in the creation of applications based on DLT (distributed ledger technologies) and that is, technologies based on distributed ledgers. Several applications make use of so-called public permissionless DLTs over which the Holder does not and cannot exercise any power of control, governance or intervention. Although the Owner’s applications do not, when properly used by the Data Subject, result in the recording of readable Personal Data on the DLTs (e.g., the Data Subject’s first and last name), some data related to transactions performed in the interest of the Data Subject may be subject to recording within the DLTs (e.g., the alphanumeric sequence identifying a transaction related to the transfer of cryptocurrency). The nature of DLTs means that it is technically impossible to remove such data from the distributed ledger.

5) Legal basis of processing

The processing of Personal Data is based on the following legal bases:

1. consent given by the Data Subject for one or more purposes ;
   2. need to perform the processing to fulfill a contractual obligation undertaken by the Data Controller;
   3. the processing is necessary to fulfill a legal obligation to which the Data Controller is subject;
   need to perform the processing for a legitimate interest of the Controller or a third party.

For further information on the legal basis of each processing, the Data Subject may send an e-mail at any time to the contact addresses indicated in paragraph 11 of this Policy.

For the purposes referred to in Article 3, Paragraphs (i) to (ix) of this Notice, the legal basis is the Company’s obligation to fulfill the agreement between the Company and the Data Subject.

6) Place of storage and transfer of data abroad.

Personal Data will be stored at the operational headquarters of the Data Controller and in any other place where the parties involved, including any external data controllers, are located. Transfer outside the European Union of the Data Subject’s Personal Data is not envisaged except for the possible use of technological applications that have their own servers in countries outside the EU. The Data Subject may at any time request further information on the methods of storage of Personal Data by sending an email to the addresses indicated in paragraph 11.

7) Storage Period.

Personal Data will be kept for the period strictly necessary to fulfill the purposes for which it was collected. Personal Data will be retained for the entire duration of the contractual obligations undertaken by the Data Controller towards the Data Subject, the duration of the Data Subject’s use of the Site, for the time necessary for the fulfillment of additional purposes (e.g., the retention of the Data Subject’s contact information within the Data Controller’s database for promotional purposes related to the provision of services), for the time necessary to comply with applicable legal and regulatory obligations, as well as for own or third party defensive purposes.

If the processing of Personal Data is based on the consent of the Data Subject, the Personal Data may be retained by the Data Controller until the consent is revoked. However, Personal Data may be retained for a longer period if necessary to fulfill a legal obligation or by order of an authority. All Personal Data will be deleted or retained in a form that does not allow identification of the Data Subject (anonymization) within 30 days after the end of the retention period.

8) Automated Processing

The Personal Data collected will not be subject to any automated treatment and / or decision-making process, including profiling, which may produce legal effects for the Interested Party or which may affect it significantly. It should be noted that the Data Controller at any time, at its own discretion , may carry out profiling activities by giving immediate notice, pursuant to art. 11, to the Data Subject in order to obtain consent.

9) Rights of the Data Subject.

A Data Subject may exercise his or her rights at any time by communicating such will to the Data Controller. In particular, the Data Subject may:

1. where given, withdraw his/her consent at any time;
2. Obtain information on how and why their Personal Data is being processed;
3. object to the processing of their Personal Data;
4. access their Personal Data;
5. verify one’s Personal Data and request that it be changed or updated;
6. obtain the restriction of processing where possible given the nature of the Personal Data being processed and the purposes of the processing;
7. obtain the deletion or removal of one’s Personal Data;
8. receive their Personal Data or have it transferred to another Data Controller;
9. file a complaint.

10) Recipients of Personal Data.

Personal Data may be made accessible, for the purposes mentioned above:

• to employees and associates of the Data Controller, in their capacity as data processors, or to companies with which the Data Controller may enter into agreements;
• to third-party companies or other entities in their capacity as autonomous data controllers, or that perform outsourced activities on behalf of the Data Controller, in their capacity as external data processors;
• to third party companies that provide complementary services to those of the Controller and that do not perform outsourcing activities, with which the Controller may enter into commercial agreements, also in order to allow them to provide services to the Data Subject;
• to third parties, business partners of the Data Controller for direct marketing purposes in compliance with the requirements of the GDPR subject to obtaining his/her consent (including partners providing data analysis and enrichment services);
• to the Public Administration or law enforcement or judicial bodies for reasons of security and compliance with laws. In this regard, the Data Controller reserves the right to disclose the Data Subject’s data to third parties if it believes that disclosure is:
  required by law;
• required as part of a judicial, administrative or legal investigation, order or proceeding;
• reasonably necessary as a result of an order from judicial or law enforcement authorities;
• reasonably necessary to enforce the Contract, this Privacy Policy and other existing agreements;
• required to identify, prevent or resolve instances of fraud, account misuse, potential violation of law (or rules/regulations) and/or technical or security issues;
• reasonably necessary, in its sole discretion, to ensure protection from imminent harm to the rights, property or safety of the Platform and/or the Owner, its Users and employees and/or the Services.
• The Owner may also disclose data concerning the Data Subject to its auditors or legal advisors to assess its rights and/or disclosure obligations under this Privacy Policy.
• Recipients of the register of names within the limits and conditions set forth in Article 13 of the Agreement.

11) Contact data

For any information related to this Notice and/or the exercise of any of the rights or faculties indicated herein, the Interested Party may send an email to info@galaxiadigital.io

In the event that the Interested Party wishes to file a complaint, he/she may do so by sending an appropriate communication to the following addresses: Garante per la protezione dei dati personali, Piazza Venezia 11, 00187 Rome, PEC: protocollo@pec.gpdp.it.

12) Consequences of the acceptance of the Privacy Policy.

By accepting this policy, the Interested Party declares without reservation:

1. that he/she has read the Information Notice about the processing of his/her Personal Data in its entirety, to be accepted in all parts concerning the points referred to the purposes of processing;
2. that he/she has received from the Data Controller and/or the appointees expressly authorized to process his/her Personal Data exhaustive explanations and clarifications, where requested, regarding the purposes of his/her consent to the processing of his/her Personal Data, the modalities of the relevant processing and his/her rights related to the manifestation of consent to the processing and what follows.

Cookie Policy | Anubi Digit3) Purposes of processing.

The Personal Data collected may be used for the fulfillment of contractual obligations, pre-contractual obligations and any other obligation arising from a rule of law. Contractual obligations include the following activities :

activation and management of the Data Subject’s access profile to the Site and/or Platform or applications developed by the Controller and made available to the Data Subject;

management of the relationship between the Data Controller and the Data Subject;

fulfillment of legal obligations including, in particular, the fulfillment of know-your-customer and anti-money laundering obligations (in particular the provisions of Legislative Decree 231/2007);

onboarding of the Interested Party pursuant to Article 4.2 of the Contract;

obtaining access Credentials to the Platform;

compilation of the Register of Names without any obligation on the part of the Owner to obtain consent from the Recipients, this obligation being incumbent on the Platform User;

monitoring the proper functioning of the Site, the Platform and the services offered (including combating fraud);

giving feedback to a question of the Data Subject;

offering customer care, commercial and technical support services;

sending commercial communications, marketing, newsletters having to do with the services offered by the Data Controller or proposed by Third Party Service providers;

data management for purposes related to the protection of the Owner in judicial and extrajudicial venues;

conducting market research, satisfaction analysis and comments on the Site and the Platform;

communications of the Data Subject’s Personal Data to one or more competent authorities or processing them to comply with legal, regulatory, or EU law obligations;

Database management of Data Subjects: to organize, access and modify Data Subject’s data;

Analysis purposes: to analyze the characteristics of data traffic related to the Site and/or Platform;

Communication of Personal Data for periodic reporting purposes, provided for in the AML Regulations, to the OAM and/or other competent authorities.