Personal Data Processing and Storage Policy (Privacy Policy)
Current edition as of 20/03/2026.
By using our Service, the User consents to the collection and processing of their personal data in accordance with this Policy.
1. General Provisions
This Privacy Policy describes how Paspar.net (hereinafter referred to as the “Service”, “we”, “our”) collects, uses, stores, and protects the personal data of Users when they use our website and cryptocurrency exchange services.
We strictly adhere to international data protection standards, including the General Data Protection Regulation (GDPR), and guarantee the security of your personal information.
The legal bases for processing personal data are:
- Performance of a contract — processing is necessary to provide the requested exchange services (Art. 6(1)(b) GDPR).
- Legal obligation — compliance with AML/CFT legislation requirements (Art. 6(1)(c) GDPR).
- User consent — for the processing of technical data and cookies (Art. 6(1)(a) GDPR).
- Legitimate interests — ensuring the security of the Service and preventing fraud (Art. 6(1)(f) GDPR).
2. What Data We Collect
In the course of providing our services, we may collect the following categories of data:
- Technical data: IP address, browser type, operating systеm, access time and website usage data, including through cookies (see Section 6 for details).
- Exchange data: cryptocurrency wallet addresses, bank card or account details, transaction amounts, contact email address.
- AML/KYC procedure data: when risk factors (Risk Score) are triggered, we may request identity documents (passport, ID card), a selfie with documents, proof of residential address, and information on the source of funds (Source of Funds).
3. Purposes of Data Collection and Processing
We collect personal data exclusively for the following purposes:
- Processing digital asset exchange requests and handling transactions.
- Ensuring security and preventing fraud.
- Compliance with international anti-money laundering (AML) and counter-terrorist financing (CFT) requirements.
- Improving customer service quality and maintaining prompt communication with Users.
4. Secure Storage and Data Protection
The Service ensures the proper and secure collection, storage, and processing of personal data:
- Encryption: all information transmitted between the User and the Service is protected using modern cryptographic encryption protocols (SSL/TLS).
- Access restriction: access to personal data and KYC materials is granted exclusively to authorised AML officers and security staff bound by strict non-disclosure agreements (NDA).
- Retention periods: in accordance with AML legislation requirements, User data (including transaction history and verification materials) is stored on secure servers for 5 years from the date of the last transaction, after which it is permanently deleted.
5. Transfer of Data to Third Parties
The Service does not sell or transfer Users’ personal data to third parties for marketing purposes. Data transfer is only possible in strictly limited circumstances:
- Transaction processing partners: technical data and wallet details may be shared with trusted partners and third-party payment service providers solely for the purpose of automatic transaction routing and processing.
- Third-party AML analysers: cryptocurrency wallet addresses are automatically verified through independent certified risk assessment systems to identify connections to illegal activity and generate a Risk Score.
- Law enforcement authorities: upon detection of money laundering, terrorist financing, or other criminal activity, the Service is obliged to provide the requested information to competent authorities upon their official request.
International data transfers: where User data is transferred outside the European Economic Area (EEA), such transfer is carried out exclusively on the basis of appropriate legal mechanisms — EU Standard Contractual Clauses (SCC) or other safeguards provided for under GDPR (Chapter V).
6. Use of Cookies
Our website uses cookies to ensure the correct operation of the interface, save user preferences, and collect anonymous analytics. Users may disable cookies at any time in their browser settings; however, this may affect the availability of certain Service features.
Cookies do not directly identify the User, but in certain cases may constitute personal data under the GDPR — their processing is carried out on the basis of your consent.
7. User Rights
Under the GDPR, every User has the following rights:
| Right | Description |
|---|---|
| Right of access | Request information about which of your data is stored in the systеm. |
| Right to rectification | Request the correction of inaccurate or outdated data. |
| Right to erasure | Request the deletion of your data (“right to be forgotten”), provided this does not conflict with our legal obligations under AML/CFT. |
| Right to restriction of processing | Request the suspension of processing of your data in the cases provided for under Art. 18 GDPR. |
| Right to data portability | Receive your data in a structured, machine-readable format and transfer it to another controller (Art. 20 GDPR). |
| Right to object | Object to the processing of data based on the Service’s legitimate interests, including profiling (Art. 21 GDPR). |
| Right to withdraw consent | Withdraw previously given consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal. |
To exercise any of the above rights, please contact us at the address provided in Section 9. We will respond within 30 days of receiving your request.
If you believe that the processing of your data violates GDPR requirements, you have the right to lodge a complaint with the data protection supervisory authority in your country.
8. Amendments to the Policy
The Service reserves the right to make amendments to this Privacy Policy. The updated version takes effect from the moment of its publication on this page. Users are advised to check this section regularly for any changes. In the event of significant changes, we will notify Users by email or by posting a relevant notice on the website.
9. Contact Information
If you have any questions regarding the processing of your personal data, the exercise of User rights, or AML/KYC procedures, please contact our support team:
- Email: info@paspar.net
By using our Service, you confirm that you have read this Privacy Policy and accept its terms.
