Privacy Policy

1. Scope and Purpose

1.1. This Policy explains how personal data are processed in connection with the website and interfaces of eu2you (the “Platform”).
1.2. It applies to visitors, registered users, and verified clients of the Platform.
1.3. The Platform provides a front-end/marketplace interface to create orders and interact with independent exchange/payment operators/providers. Personal data processing related to these services is carried out in accordance with this Policy.

2. Data Controller and Contact Details

eu2you Platform Controller: eu2you LTD. Contact: privacy@eu2you.app.

3. Roles in Processing

3.1. eu2you acts as controller for account management, Platform navigation, order routing, security, logging, communications, and governance compliance.
3.2. Exchange/payment operators, payment service providers, banks, and other contractors are engaged under contracts; their role (independent controller/processor) is determined by law and contract.

4. Categories of Personal Data

Identification/contact; KYC/AML; operational; technical; communications; marketing preferences—depending on use and chosen services.

5. Sources of Data
Directly from you; from providers involved in fulfilling your order; KYC/AML and blockchain-analytics providers; public registers and sanctions lists.

6. Purposes and Legal Bases (Art. 6 GDPR)
Contract performance; legal obligations (AML/CTF, sanctions, Travel Rule); legitimate interests (security, fraud prevention, risk management, service improvement); consent where required (marketing, certain cookies, specific biometric elements).

7. Necessity of Providing Data
Data required for KYC/AML and executing orders are contractual and/or legal requirements; without them, services cannot be delivered.

8. Categories of Recipients
Exchange/liquidity operators; payment providers/banks; KYC/AML/sanctions screening, Travel Rule, blockchain analytics; IT vendors; auditors/legal advisers/insurers where relevant.

9. International Data Transfers
Appropriate safeguards (e.g., EU SCCs with supplementary measures; adequacy decisions). Details available upon request.

10. Retention Periods
KYC/AML and transaction data: at least 5 years after relationship/transaction ends; contractual/financial records per law; logs for reasonable security periods; marketing until consent is withdrawn or objection is raised.

11. Automated Decisions and Profiling
Automated checks and risk-scoring may affect access (e.g., manual review, suspension/refusal). You may request human intervention, express your view, and contest decisions.

12. Cookies and Similar Technologies
Strictly necessary cookies; analytical/marketing cookies with consent. See Cookie Policy.

13. Data Security
Organisational and technical measures commensurate with risk: access controls; encryption; logging; anomaly/fraud monitoring; vulnerability management/testing; vendor safeguards.

14. Age Restrictions
Services intended for individuals aged 18+.

15. Your Rights (GDPR)
Access, rectification, erasure, restriction, portability, objection, withdrawal of consent. Requests handled without undue delay and typically within 1 month.

16. Complaints to a Supervisory Authority
You may lodge a complaint with your local data-protection authority. We welcome contacting us first.

17. Updates to this Policy
The current version is published on the Platform. Material changes may be communicated through available channels.