1. Introduction
This Privacy Policy ("Policy") governs the collection, processing, use, storage, and transfer of Personal
Data by CIFDAQ BLOCKCHAIN ECOSYSTEM GLOBAL INC.(hereinafter referred to as the “Company,” “We,”
“Us,” or “Our”), a corporation duly organized and operating under the laws of the Republic of Panama.
The Policy applies to individuals (“Users” or “You”) who access or use Our website, mobile application, or
any other online services provided by the Company (collectively, the “Platforms”).
1.2 Scope and Binding Nature
By accessing, browsing, registering for an account, or using the Platforms, You confirm Your agreement
to be bound by this Policy, which constitutes a legal agreement between You and the Company. This
Policy is an integral part of the Terms of Use governing Your relationship with Us. If You do not agree with
the provisions of this Policy, You must cease using the Platforms immediately. Your continued use of the
Platforms after being notified of any amendments or updates to the Policy shall be deemed as Your
acceptance of such changes.
1.3 Updates and Modifications
We reserve the right to update, amend, or modify this Policy at any time. Any material changes to this
Policy will be communicated to You via the Platforms or email, and such changes will become effective
immediately upon being posted on the Platforms. It is Your responsibility to review this Policy
periodically to ensure You remain informed of any updates.
2. Definitions
For the purpose of this Policy, the following terms shall have the meanings ascribed to them:
2.1 Personal Data
“Personal Data” means any information relating to an identified or identifiable natural person. An
identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier
such as a name, identification number, location data, online identifier, or one or more factors specific to
the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
2.2 Sensitive Personal Data
“Sensitive Personal Data” refers to a subset of Personal Data, which includes data concerning racial or
ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data,
biometric data for the purpose of uniquely identifying a natural person, data concerning health or data
concerning a natural person’s sex life or sexual orientation. This type of data is subject to more stringent
protection under applicable data protection laws.
2.3 Data Controller
The “Data Controller” is the entity that determines the purposes and means of processing Personal
Data. The Company acts as the Data Controller concerning the Personal Data collected from Users
under this Policy.
2.4 Processing
“Processing” means any operation or set of operations which is performed on Personal Data or on sets
of Personal Data, whether by automated means or not, such as collection, recording, organization,
structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission,
dissemination, or otherwise making available, alignment, combination, restriction, erasure, or
destruction.
2.5 Data Subject
The “Data Subject” is any natural person whose Personal Data is processed by the Company.
3. Legal Basis for Processing Personal Data
We will only process Your Personal Data where We have a lawful basis to do so. The legal bases upon
which We rely for the collection, use, and processing of Your Personal Data include the following:
3.1 Contractual Necessity
We process Your Personal Data because it is necessary to perform Our contractual obligations to You,
including to provide You with the services You have requested (such as access to Your account or
facilitating a financial transaction) or to take steps at Your request prior to entering into a contract
(such as verifying Your identity).
3.2 Legal Obligation
We process Your Personal Data to comply with legal obligations to which We are subject, including
obligations under applicable data protection laws, tax laws, AML/CFT laws, and other regulatory
requirements. For example, We may be legally required to retain certain data for tax reporting,
regulatory compliance, or to respond to lawful requests by governmental authorities or law
enforcement agencies.
3.3 Legitimate Interests
We may process Your Personal Data when it is necessary for the legitimate interests of the Company,
provided that such processing does not unduly prejudice Your rights or freedoms. Examples of
legitimate interests include using Your Personal Data to improve the functionality of Our Platforms,
secure Our systems, prevent fraud, or analyze user behavior to enhance Your experience.3.4 Consent
Where We rely on Your consent to process Your Personal Data, You will be asked to explicitly agree to the
processing before We collect or use Your data. You have the right to withdraw Your consent at any time,
without affecting the lawfulness of processing based on consent before its withdrawal.
4. Categories of Personal Data Collected
The following categories of Personal Data may be collected, processed, and stored by the Company:
4.1 Personal Information Provided by You
We may collect Personal Data that You voluntarily provide to Us, including but not limited to:
● Identification Data: Full name, date of birth, gender, nationality, government-issued
identification (e.g., passport, driver’s license, national ID).
● Contact Data: Email address, telephone number, residential address.
● Financial Data: Bank account information, credit/debit card numbers, cryptocurrency wallet
addresses, tax identification numbers, and transaction history.
● KYC/AML Information: Copies of identification documents, income verification, and other
information required to comply with regulatory requirements.
● Communications Data: Any messages, queries, or feedback You provide to Us via email,
customer support, or through the Platforms.
4.2 Automatically Collected Data
Certain Personal Data may be automatically collected when You use the Platforms, including:
● Device Data: Internet Protocol (IP) address, device identifiers (IMEI, MAC address), operating
system, browser type and version, and mobile network information.
● Usage Data: Details of Your interactions with the Platforms, including page views, clicks, login
times, transaction records, and other user behaviors.
● Location Data: Geolocation data, provided that You have enabled location services on Your
device.
4.3 Data Collected from Third Parties
We may obtain information about You from third parties, such as credit reference agencies, identity
verification providers, payment processors, and other service providers. This information may be
combined with the data You provide directly to Us to enhance the accuracy of Our records.
5. Purpose of Processing Personal Data
The Personal Data We collect will be processed for the following purposes:
5.1 Provision of Services
We process Your Personal Data to create and manage Your account, facilitate the execution oftransactions,
and provide related services, including customer support, account maintenance, and
notifications of service updates.
5.2 Regulatory Compliance
We process Personal Data to comply with our obligations under Panamanian law, including AML/CFT
regulations, tax laws, and other legal requirements. This includes verifying Your identity, conducting
background checks, and reporting suspicious transactions to regulatory authorities as required by law.
5.3 Fraud Prevention and Security
We process Personal Data to detect, investigate, and prevent fraud, money laundering, unauthorized
access, and other unlawful activities. This involves monitoring transactions, reviewing user behavior,
and implementing security protocols to protect Our Platforms.
5.4 Improvement of Services and User Experience
We process Personal Data to analyze how Users interact with the Platforms, in order to improve
functionality, optimize performance, and develop new features. This includes the use of aggregated
data for statistical analysis, research, and business planning.
5.5 Marketing and Promotional Communications
Where We have obtained Your consent, We may process Your Personal Data to send You promotional
materials, offers, newsletters, and other marketing communications. You may opt out of receiving such
communications at any time by following the unsubscribe instructions provided in the communication.
6. Sharing and Disclosure of Personal Data
We may disclose Your Personal Data to the following categories of recipients under the conditions
outlined below:
6.1 Service Providers and Contractors
We may share Your Personal Data with third-party service providers who assist Us in operating the
Platforms, processing transactions, and providing related services. These service providers are
contractually obligated to protect Your data and are only authorized to use Your Personal Data as
necessary to provide their services.
6.2 Regulatory Authorities and Law Enforcement
We may disclose Your Personal Data to governmental authorities, regulatory bodies, or law enforcement
agencies if We are required to do so by applicable laws or regulations, or in response to a subpoena,
court order, or other legal processes.
6.3 Business Transfers
In the event of a merger, acquisition, restructuring, or sale of assets, Your Personal Data may be
transferred to the new entity as part of the transaction. Any such transfer will be subject to the same
privacy protections that apply under this Policy.6.4 Affiliated Entities
We may share Your Personal Data with Our affiliates or subsidiaries for purposes consistent with this
Policy, such as for internal business processes or to provide You with additional services.
6.5 With Your Consent
We may share Your Personal Data with other third parties when You have explicitly consented to such
disclosure.
7. Cross-Border Data Transfers
7.1 International Data Transfers
As a global entity, Your Personal Data may be transferred to and processed in jurisdictions outside of
Panama, including countries that may not offer the same level of data protection as Panama or the
European Union. However, We will ensure that any such transfers comply with applicable data
protection laws and provide adequate safeguards to protect Your Personal Data.
7.2 Legal Mechanisms for Data Transfers
In cases where Personal Data is transferred outside of the European Union or other jurisdictions with
stringent data protection laws, We will use legal mechanisms such as standard contractual clauses,
binding corporate rules, or reliance on adequacy decisions to ensure that Your Personal Data is
protected to the same standard as required by applicable laws.
8. Data Retention
8.1 Retention Period
We will retain Your Personal Data for as long as necessary to fulfill the purposes for which it was
collected, including maintaining Your account, facilitating transactions, complying with legal
obligations, resolving disputes, and enforcing agreements.
8.2 Extended Retention for Legal or Regulatory Obligations
In some cases, We may be required to retain certain Personal Data for an extended period if it is
necessary for regulatory compliance, legal claims, audits, or other legitimate purposes, such as
resolving potential disputes or enforcing Our policies.
9. Data Security
9.1 Security Measures
We take appropriate technical and organizational measures to safeguard Your Personal Data from
unauthorized access, disclosure, alteration, and destruction. These measures include, but are not
limited to, the use of encryption technologies, secure access controls, firewalls, and regular security
assessments.
9.2 User Responsibility for Account Security
While We employ advanced security protocols to protect Your Personal Data, You are responsible for
ensuring the security of Your account credentials. You should avoid sharing Your password and ensure
that two-factor authentication (2FA) is enabled where available.
9.3 Breach Notification
In the event of a data breach that may compromise Your Personal Data, We will notify You and any
applicable regulatory authority of the breach in accordance with Our legal obligations under applicable
data protection laws.
10. Your Rights as a Data Subject
Under applicable data protection laws, You have certain rights regarding the Personal Data We process
about You. These rights include:
10.1 Right of Access
You have the right to request a copy of the Personal Data We hold about You and to obtain information
about how that data is being processed.
10.2 Right to Rectification
You have the right to request the correction of any inaccurate or incomplete Personal Data that We hold
about You.
10.3 Right to Erasure ("Right to Be Forgotten")
You may request the deletion of Your Personal Data under certain circumstances, such as when the
data is no longer necessary for the purposes for which it was collected or when You have withdrawn
consent to its processing.
10.4 Right to Restriction of Processing
You may request that We restrict the processing of Your Personal Data in certain situations, such as
when You dispute the accuracy of the data or object to its processing.
10.5 Right to Data Portability
You have the right to receive Your Personal Data in a structured, commonly used, and
machine-readable format, and to transmit that data to another controller where technically feasible.
10.6 Right to Object
You may object to the processing of Your Personal Data for direct marketing purposes or on other
legitimate grounds relating to Your particular situation.
10.7 Right to Withdraw Consent
If We rely on Your consent for processing Personal Data, You may withdraw this consent at any time.However,
the withdrawal of consent does not affect the lawfulness of processing based on consent
before its withdrawal.
11. Cookies and Tracking Technologies
11.1 Use of Cookies
We use cookies and similar tracking technologies to enhance Your user experience, analyze user
behavior, and improve the performance of Our Platforms. Cookies are small data files that are stored on
Your device when You visit the Platforms.
11.2 Types of Cookies Used
We use both session cookies (which expire when You close Your browser) and persistent cookies (which
remain on Your device until deleted) to provide a more personalized experience. These cookies help Us
understand how You interact with the Platforms, remember Your preferences, and ensure that Our
Services function properly.
11.3 Third-Party Cookies
Our Platforms may also use cookies from third-party service providers, such as analytics providers and
advertising networks. These third parties may use cookies to collect information about Your interactions
with the Platforms, as well as other websites.
11.4 Managing Cookies
You can control or block cookies through Your browser settings. However, please note that disabling
cookies may affect the functionality of certain features on the Platforms.
12. Children’s Privacy
12.1 No Collection of Data from Minors
Our Platforms and Services are not intended for individuals under the age of 18. We do not knowingly
collect Personal Data from individuals under the age of 18 without the consent of a parent or guardian. If
We become aware that We have inadvertently collected Personal Data from a minor without such
consent, We will take steps to delete the information promptly.
13. Changes to this Policy
13.1 Right to Modify Policy
We reserve the right to modify or update this Policy at any time to reflect changes in Our business
practices, legal requirements, or regulatory obligations. Any significant changes to this Policy will be
communicated to You via email or through the Platforms.13.2 Continued Use of Platforms
Your continued use of the Platforms following any changes to this Policy constitutes Your acceptance of
the updated Policy.
14. Grievances and Contact Information
14.1 Contact Information
If You have any questions, concerns, or complaints regarding this Policy or how Your Personal Data is
handled, please contact Us at: dpo@cifdaq.com
14.2 Grievance Procedures
If You are not satisfied with Our response to any data protection-related concerns, You have the right to
lodge a complaint with the relevant supervisory authority in Your jurisdiction.
