Menu
telegram
en
English
Русский
Українська

Privacy policy

1. INTRODUCTION

1.1. Purpose

This Privacy Policy describes how 1654.exchange (“Company,” “we,” “us,” or “our”) collects, processes, and protects personal data. It is designed to ensure compliance with:

  • General Data Protection Regulation (EU) 2016/679 (GDPR)
  • Regulation (EU) 2023/1114 on Markets in Crypto-Assets (MiCA)
  • Directive (EU) 2015/849 (AMLD6) on Anti-Money Laundering
  • Applicable national and international data protection laws

This Policy applies to all users, customers, partners, and visitors (“Data Subjects”) who interact with our services, website, and products.

1.2. Scope

This Privacy Policy governs the collection, use, storage, and security of personal data within:

  1. Our website, online platform, and mobile applications
  2. Any interactions, transactions, or communications with users
  3. Data processing related to regulatory compliance (AML, KYC, sanctions screening, and transaction monitoring)

It applies to all services offered by 1654.exchange, including cryptocurrency exchange, digital asset transactions, and related financial services.

1.3. Data Controller

1654.exchange is the Data Controller responsible for determining the purposes and means of processing personal data under this Policy.

For any inquiries regarding data protection, users may contact our Data Protection Officer (DPO):

Email: compliance@1654.exchange

1.4. Legal Basis for Processing

We process personal data on the following legal bases in compliance with GDPR:

  1. Contractual Obligation (Article 6(1)(b) GDPR) — When processing is necessary for the performance of a contract.
  2. Legal Compliance (Article 6(1)(c) GDPR, MiCA Article 66, AMLD6) — For KYC, AML, and regulatory reporting.
  3. Legitimate Interest (Article 6(1)(f) GDPR) — Fraud prevention, security monitoring, and service improvement.
  4. User Consent (Article 6(1)(a) GDPR) — Marketing, personalized services, and optional profiling.

We do not process sensitive personal data (Article 9 GDPR) unless required by law.

1.5. Key Definitions

  • Personal Data — Any information that relates to an identified or identifiable natural person.
  • Processing — Any operation performed on personal data (collection, storage, use, transfer, deletion).
  • Data Subject — Any individual whose personal data is processed by 1654.exchange.
  • Data Controller — The entity determining the purposes and means of processing (1654.exchange).
  • Processor — Any third party processing data on behalf of the Controller.
  • Profiling — Automated processing used to analyze personal preferences or behavior.
  • Supervisory Authority — The competent data protection authority responsible for oversight in the applicable jurisdiction.

2. PERSONAL DATA WE COLLECT

2.1. Types of Data Collected

1654.exchange collects and processes the following categories of personal data:

2.1.1. Identification Data

  • Full name
  • Date of birth
  • Nationality and citizenship
  • Government-issued ID (passport, national ID, driver’s license)

2.1.2. Contact Information

  • Residential address
  • Email address
  • Phone number

2.1.3. Financial and Transaction Data

  • KYC & AML Data: Source of funds, proof of address, tax residency.
  • Crypto-Asset Transactions: Wallet addresses, transaction history, purchase/sale records.
  • Payment Information: Bank account details, payment receipts.

2.1.4. Security and Risk Assessment Data

  • AML Screening & Sanctions Lists: PEP status, blacklist monitoring.
  • Fraud Detection: Transaction monitoring, IP addresses, device fingerprints.

2.1.5. Behavioral & Technical Data

  • Website usage analytics (cookies, IP addresses, browser data).
  • Log files, timestamps, and session activity.

2.2. How We Collect Data

We collect personal data:

  • Directly from users (account registration, KYC onboarding).
  • Through automated tracking (website cookies, transaction logs).
  • From third parties (regulatory agencies, financial institutions, fraud prevention databases).

3. PURPOSES OF PROCESSING

3.1. Legal and Regulatory Purposes

  • AML/KYC Compliance (AMLD6, MiCA Article 66-68)
  • Fraud and financial crime prevention
  • Regulatory reporting and audits

3.2. Service Provision & Account Management

  • Identity verification for onboarding
  • Processing cryptocurrency transactions
  • Customer support and dispute resolution

3.3. Security & Risk Management

  • Preventing unauthorized access
  • Monitoring unusual transaction patterns
  • Incident response & cybersecurity

3.4. Marketing and Personalization

  • Sending promotional content (with consent)
  • Optimizing user experience based on analytics

4. DATA RETENTION POLICY

4.1. Retention Periods

We retain data based on legal and operational requirements:

  • KYC & AML Data — 5–10 years — AMLD6, MiCA Article 68
  • Crypto Transactions — 5–7 years — Regulatory compliance
  • Marketing Data — Until consent is withdrawn — GDPR Article 7
  • Website Logs — 12–24 months — Security monitoring

Once retention periods expire, data is securely deleted or anonymized.

5. DATA SECURITY MEASURES

5.1. Technical and Organizational Measures

1654.exchange ensures confidentiality, integrity, and availability of data through:

  • Encryption — TLS 1.3 encryption for data transmission.
  • Access Controls — Multi-factor authentication for account logins.
  • Fraud Detection — AI-driven transaction risk monitoring.
  • Incident Response — 24/7 security monitoring and breach notifications.

6. DATA SUBJECT RIGHTS AND REQUESTS

1654.exchange is committed to ensuring that all Data Subjects can exercise their rights under the General Data Protection Regulation (GDPR), MiCA, and other applicable regulations.

6.1. Overview of Rights

Under GDPR (Articles 12–23), MiCA (Articles 66–68), and other relevant laws, Data Subjects have the following rights:

6.1.1. Right to Access (Article 15 GDPR)

Data Subjects have the right to obtain confirmation of whether their personal data is being processed and to request a copy of their data, including:

  • The purposes of processing
  • Categories of processed data
  • Recipients of the data
  • Data retention periods

How to request: Submit a request via compliance@1654.exchange with identity verification.

6.1.2. Right to Rectification (Article 16 GDPR)

If personal data is inaccurate or incomplete, Data Subjects can request corrections.

How to request: Submit supporting documentation for updates (e.g., new ID or proof of address).

6.1.3. Right to Erasure (“Right to be Forgotten”) (Article 17 GDPR)

Users can request data deletion if:

  • The data is no longer needed for the original processing purposes.
  • The processing was based on consent and the user withdraws consent.
  • The processing is unlawful.

Exceptions: We may retain data for legal obligations under MiCA and AMLD6 (e.g., KYC/AML records must be stored for at least 5–10 years).

6.1.4. Right to Restriction of Processing (Article 18 GDPR)

Data processing may be restricted if:

  • The accuracy of the data is contested.
  • The processing is unlawful, but the Data Subject opposes deletion.
  • The data is required for legal claims.

6.1.5. Right to Data Portability (Article 20 GDPR)

Users can request their personal data in a structured, machine-readable format to transfer to another service provider.

Example: Transferring financial transaction history to another crypto exchange.

6.1.6. Right to Object (Article 21 GDPR)

Users may object to processing based on legitimate interests, including:

  • Marketing activities (opt-out option provided).
  • Profiling for risk assessment (AML screening under MiCA may be exempt from objection rights).

6.1.7. Right to Withdraw Consent (Article 7 GDPR)

If processing is based on consent, users may withdraw at any time without affecting prior lawful processing.

6.1.8. Right to Lodge a Complaint (Article 77 GDPR)

If a Data Subject believes that 1654.exchange is violating data protection laws, they can file a complaint with the competent Supervisory Authority responsible for data protection in the applicable jurisdiction.

6.2. Request Submission and Response Time

  • Requests must be submitted in writing via compliance@1654.exchange.
  • 1654.exchange will respond within one month (extendable by two months for complex cases).
  • Identity verification is required before processing requests.

7. DATA TRANSFERS & THIRD-PARTY PROCESSORS

7.1. Data Sharing with Third Parties

We share personal data only when necessary for legal and operational purposes.

Authorized recipients:

  • Regulatory Authorities (Financial Intelligence Units, ESMA, AMLD6 compliance bodies).
  • Payment and Banking Partners (for transaction processing).
  • Blockchain Analytics Providers (for fraud prevention and AML monitoring).
  • Cybersecurity & IT Providers (data security services).

NO data is sold or shared for commercial gain.

7.2. International Data Transfers

Data may be transferred outside the European Economic Area (EEA) when:

  • The recipient country has an adequate level of protection (Article 45 GDPR).
  • We implement Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs) (Article 46 GDPR).

Example: Data storage with cloud providers in the United States (AWS, Google Cloud) with SCC compliance.

7.3. Security and Accountability Measures

Before engaging third-party Processors, we ensure:

  • Contractual agreements with GDPR-compliant clauses.
  • Regular audits to verify compliance with MiCA and AMLD6 standards.
  • Data encryption in transit and at rest.

8. AUTOMATED DECISION-MAKING & PROFILING

8.1. Purpose of Automated Decision-Making

1654.exchange uses automated processing for:

  • Fraud detection & risk assessment (MiCA Article 66).
  • Transaction monitoring for suspicious activities.
  • Sanctions & AML screening (AMLD6 compliance).
  • Customer risk profiling based on transaction behavior.

No fully automated decisions are made that have legal consequences for users without human review.

8.2. User Rights & Challenges

Users can:

  • Request human intervention in automated decisions.
  • Challenge profiling outcomes if they believe a decision is incorrect.
  • Request explanations for automated assessments.

Contact: compliance@1654.exchange

9. DATA BREACH RESPONSE POLICY

9.1. Incident Reporting & Containment

In case of a data breach, 1654.exchange will:

  • Identify and contain the breach within 24 hours.
  • Assess the risk level to affected individuals.
  • Notify relevant authorities (if required under GDPR Article 33 & MiCA).

9.2. User Notification & Remediation

If the breach poses a high risk to user data:

  • Affected users will be informed within 72 hours.
  • Recommended protective actions (password changes, account security).
  • Incident resolution steps and investigation outcomes.

10. CONTACT INFORMATION

Data Protection Officer (DPO):

Email: compliance@1654.exchange

Trustpilot

SUPPORT
support@1654.exchange
VERIFICATION
compliance@1654.exchange
PARTNERSHIP
partnership@1654.exchange