PRIVACY POLICY
PRIVACY POLICY Last Updated: 07/03/2025 Version: [1.0]1. IntroductionThis Privacy Policy (“Policy”) is issued by Cake Alliance International s.r.o. (hereinafter referred to as “Company,” “we,” “us,” or “our”), which operates and provides the services accessible via https://cakealliance.international (the “Site”). We are committed to protecting the privacy and security of our users’ (“User” or “you”) personal data in accordance with the General Data Protection Regulation (GDPR), ePrivacy Directive, and other applicable data protection laws.• Data Controller: Cake Alliance International s.r.o., a company registered in the Czech Republic under No. 19768869, with its registered office at Chudenická 1059/30, 102 00 Prague - Hostivař, Czech Republic.• Contact Email: [email protected]• DPO / Data Protection Representative: DAVID SHAVDATUASHVILI, [email protected]
Using our Site, you acknowledge that you have read and understood this Policy. If you disagree with any provision, please discontinue using our services.
2. Scope and ApplicabilityThis Policy explains how we collect, use, disclose, and otherwise process personal data about:1. Visitors to our Site,2. Users/Customers who register, create exchange transactions, or otherwise engage with our cryptocurrency-related services,3. Any other individuals whose data we might process while operating our business.
We aim to comply with Articles 12–14 GDPR (transparency obligations) and other relevant GDPR provisions (Articles 5–11, 15–22, 24, 28, 32, 44–49, etc.). 3. Personal Data We Process3.1. Categories of Data Collected1. Identification Data• Name, username, or similar identifiers• Date of birth (where necessary to verify age/identity)2. Contact Information• Email address, telephone number3. Financial / Transaction Data• Cryptocurrency wallet addresses• Bank card or bank account details (for deposit/withdrawal)• Transaction history, amounts, timestamps, etc.4. KYC/AML Documentation (Article 6(1)(c) GDPR — legal obligation)• ID/passport scans, proof of address (utility bills), or other documents required by law (e.g., AML requirements)5. Technical Data• IP address, device type, operating system, browser type, system language• Log data (access times, pages viewed, etc.)• Cookies and similar technologies (see Section 7)3.2. Sources of Data• Directly from you when you create an account, submit documents, or initiate transactions.• Automatically through cookies, logs, or analytics tools when you use the Site.• From third parties (e.g., payment processors, KYC service providers) if this is necessary for compliance or service delivery. 4. Purposes and Lawful Bases for ProcessingIn compliance with GDPR Article 6, we only process personal data on valid legal grounds:1. Service Provision (Art. 6(1)(b) GDPR)• To register your account, facilitate crypto exchange operations, process deposits/withdrawals, and provide you with requested services.2. Compliance with Legal Obligations (Art. 6(1)(c) GDPR)• To meet AML/KYC requirements, detect and prevent fraud, comply with financial regulations, and respond to lawful requests from authorities.3. Legitimate Interests (Art. 6(1)(f) GDPR)• To safeguard our Site and services, prevent abuse, enhance user experience, conduct internal analytics for improvement, and ensure network security.4. Consent (Art. 6(1)(a) GDPR)• Where we rely on your explicit consent (e.g., for direct marketing emails or certain optional cookies). You may withdraw your consent at any time (see Section 10).We generally do not process special categories of personal data as defined in Article 9 GDPR. However, if in exceptional cases processing is required (e.g., for specific KYC checks), we will ensure full compliance with Article 9 GDPR and obtain explicit consent if necessary. 5. How We Store and Secure Your Data5.1. Data Retention (Art. 5(1)(e) GDPR)We retain personal data only as long as necessary for the purposes outlined in this Policy unless a more extended retention period is required or permitted by law. For instance:• Account information: retained while your account remains active.• Transaction records: retained to comply with AML/accounting laws (e.g., 5–7 years, depending on jurisdiction).• KYC documents: retained only for as long as mandated by financial regulations or supervisory authorities.
Once retention periods expire, we securely erase or anonymise your data.
5.2. Security Measures (Art. 32 GDPR) We implement technical and organisational measures to protect data against unauthorised access, alteration, disclosure, or destruction, including:• SSL/TLS encryption for data in transit,• Firewalls and intrusion detection systems,• Access controls limiting who can view or modify data,• Regular security assessments and updates. 6. Disclosure and International Data Transfers6.1. Data Sharing We may share your data with:1. Payment Service Providers, banks, and crypto processors for transaction execution.2. KYC/AML Service Providers must verify their identity and comply with anti-fraud or anti-money-laundering laws.3. Analytics/Hosting Providers who assist with site functionality (e.g., Google Cloud, Amazon Web Services, or similar).4. Law Enforcement or Regulators if required by law or under a legal process. We ensure that any third party is contractually obligated to process your data by GDPR and other applicable laws. 6.2. International Transfers (Art. 44–49 GDPR)
If personal data is transferred outside the European Economic Area (EEA), we rely on appropriate safeguards, such as:• Standard Contractual Clauses (SCCs) adopted by the European Commission,• Adequacy decisions, if the destination country is recognised as providing an adequate level of data protection,• Binding Corporate Rules if intra-group transfers are relevant. For more details on these safeguards, please get in touch with us (Section 12). 7. Cookies and Similar TechnologiesWe use cookies, web beacons, and similar tools to enhance user experience and analyse traffic. Detailed information is typically provided in our Cookie Policy, but key points are:1. Strictly Necessary Cookies• Required for core site functionality (e.g., security, user authentication).2. Analytics Cookies• Used to gather usage statistics and improve the Site (e.g., Google Analytics).3. Functional Cookies• Remember your settings (language, region).4. Marketing/Advertising Cookies (if applicable)• Track user behaviour across websites to deliver relevant ads. Consent Mechanism: On the first visit, you may be prompted with a cookie banner allowing you to accept or reject specific categories of cookies (except those strictly necessary). You may also opt out by adjusting your browser settings or using our preference centre (if available). 8. User Rights under GDPRUnder Articles 12–22 GDPR, you have the following rights (subject to certain legal limitations):1. Right of Access (Art. 15)• Obtain confirmation whether we process your data and request a copy.2. Right to Rectification (Art. 16)• Correct inaccurate or incomplete data.3. Right to Erasure (“Right to be Forgotten,” Art. 17)• Request deletion of data if it’s no longer needed or there is no lawful ground for processing.4. Right to Restrict Processing (Art. 18)• Temporarily limit processing under certain circumstances.5. Right to Data Portability (Art. 20)• Receive your data in a structured, commonly used format to transfer to another controller.6. Right to Object (Art. 21)• Object to processing based on legitimate interests or direct marketing.7. Right not to be subject to Automated Decision-Making (Art. 22)• Not to be subject to a decision based solely on automated processing if it produces legal or similarly significant effects. Exercising Your Rights To exercise these rights, please get in touch with us at [email address in Section 12]. We will respond within one month (extendable up to two months for complex requests) by Art. 12(3) GDP. If an extension is required, we will notify you and explain the reason. 9. MinorsOur services are not intended for individuals under 18 years old. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please get in touch with us, and we will promptly delete it. 10. Consent WithdrawalWhere our processing is based on consent (e.g., optional marketing emails or certain cookies), you can withdraw this consent anytime. This does not affect the lawfulness of any processing before the withdrawal. You can withdraw by:• Unsubscribing from marketing emails via the link provided in the email or• Adjust cookie preferences or email us at [email protected]. 11. Changes to This PolicyWe may periodically update this Policy to reflect legal or operational changes. When we do, we will revise the “Last Updated” date above and notify you prominently (e.g., via email or a notice on our Site) if required by law. Please review this page regularly to stay informed of any updates. 12. Contact Us / ComplaintsIf you have questions or concerns about how we process your data, or if you wish to exercise any of your GDPR rights, please get in touch with us:• Email: [email protected]• Postal Address: Chudenická 1059/30, 102 00 Prague - Hostivař, Czech Republic• Data Protection Officer (DPO): DAVID SHAVDATUASHVILI, [email protected], +380508700070 Suppose you believe our processing violates GDPR or other data protection laws. In that case, you can complain to your local supervisory authority (e.g., in the EU, your national Data Protection Authority). If you believe that our processing of your personal data violates GDPR or other applicable data protection laws, you have the right to file a complaint with your national Data Protection Authority (DPA) within the European Economic Area (EEA).If you request the deletion of your personal data, please note that in some cases we may be legally required to retain certain information to comply with anti-money laundering (AML) regulations, financial laws, or other legal obligations. By continuing to use our Site and services, you confirm that you have read and understood this Privacy Policy. We may periodically update this Privacy Policy to reflect legal, regulatory, or operational changes. If we make significant modifications, we will notify you through appropriate means, such as email notifications, a notice on our Site, or other reasonable methods.
Using our Site, you acknowledge that you have read and understood this Policy. If you disagree with any provision, please discontinue using our services.
2. Scope and ApplicabilityThis Policy explains how we collect, use, disclose, and otherwise process personal data about:1. Visitors to our Site,2. Users/Customers who register, create exchange transactions, or otherwise engage with our cryptocurrency-related services,3. Any other individuals whose data we might process while operating our business.
We aim to comply with Articles 12–14 GDPR (transparency obligations) and other relevant GDPR provisions (Articles 5–11, 15–22, 24, 28, 32, 44–49, etc.). 3. Personal Data We Process3.1. Categories of Data Collected1. Identification Data• Name, username, or similar identifiers• Date of birth (where necessary to verify age/identity)2. Contact Information• Email address, telephone number3. Financial / Transaction Data• Cryptocurrency wallet addresses• Bank card or bank account details (for deposit/withdrawal)• Transaction history, amounts, timestamps, etc.4. KYC/AML Documentation (Article 6(1)(c) GDPR — legal obligation)• ID/passport scans, proof of address (utility bills), or other documents required by law (e.g., AML requirements)5. Technical Data• IP address, device type, operating system, browser type, system language• Log data (access times, pages viewed, etc.)• Cookies and similar technologies (see Section 7)3.2. Sources of Data• Directly from you when you create an account, submit documents, or initiate transactions.• Automatically through cookies, logs, or analytics tools when you use the Site.• From third parties (e.g., payment processors, KYC service providers) if this is necessary for compliance or service delivery. 4. Purposes and Lawful Bases for ProcessingIn compliance with GDPR Article 6, we only process personal data on valid legal grounds:1. Service Provision (Art. 6(1)(b) GDPR)• To register your account, facilitate crypto exchange operations, process deposits/withdrawals, and provide you with requested services.2. Compliance with Legal Obligations (Art. 6(1)(c) GDPR)• To meet AML/KYC requirements, detect and prevent fraud, comply with financial regulations, and respond to lawful requests from authorities.3. Legitimate Interests (Art. 6(1)(f) GDPR)• To safeguard our Site and services, prevent abuse, enhance user experience, conduct internal analytics for improvement, and ensure network security.4. Consent (Art. 6(1)(a) GDPR)• Where we rely on your explicit consent (e.g., for direct marketing emails or certain optional cookies). You may withdraw your consent at any time (see Section 10).We generally do not process special categories of personal data as defined in Article 9 GDPR. However, if in exceptional cases processing is required (e.g., for specific KYC checks), we will ensure full compliance with Article 9 GDPR and obtain explicit consent if necessary. 5. How We Store and Secure Your Data5.1. Data Retention (Art. 5(1)(e) GDPR)We retain personal data only as long as necessary for the purposes outlined in this Policy unless a more extended retention period is required or permitted by law. For instance:• Account information: retained while your account remains active.• Transaction records: retained to comply with AML/accounting laws (e.g., 5–7 years, depending on jurisdiction).• KYC documents: retained only for as long as mandated by financial regulations or supervisory authorities.
Once retention periods expire, we securely erase or anonymise your data.
5.2. Security Measures (Art. 32 GDPR) We implement technical and organisational measures to protect data against unauthorised access, alteration, disclosure, or destruction, including:• SSL/TLS encryption for data in transit,• Firewalls and intrusion detection systems,• Access controls limiting who can view or modify data,• Regular security assessments and updates. 6. Disclosure and International Data Transfers6.1. Data Sharing We may share your data with:1. Payment Service Providers, banks, and crypto processors for transaction execution.2. KYC/AML Service Providers must verify their identity and comply with anti-fraud or anti-money-laundering laws.3. Analytics/Hosting Providers who assist with site functionality (e.g., Google Cloud, Amazon Web Services, or similar).4. Law Enforcement or Regulators if required by law or under a legal process. We ensure that any third party is contractually obligated to process your data by GDPR and other applicable laws. 6.2. International Transfers (Art. 44–49 GDPR)
If personal data is transferred outside the European Economic Area (EEA), we rely on appropriate safeguards, such as:• Standard Contractual Clauses (SCCs) adopted by the European Commission,• Adequacy decisions, if the destination country is recognised as providing an adequate level of data protection,• Binding Corporate Rules if intra-group transfers are relevant. For more details on these safeguards, please get in touch with us (Section 12). 7. Cookies and Similar TechnologiesWe use cookies, web beacons, and similar tools to enhance user experience and analyse traffic. Detailed information is typically provided in our Cookie Policy, but key points are:1. Strictly Necessary Cookies• Required for core site functionality (e.g., security, user authentication).2. Analytics Cookies• Used to gather usage statistics and improve the Site (e.g., Google Analytics).3. Functional Cookies• Remember your settings (language, region).4. Marketing/Advertising Cookies (if applicable)• Track user behaviour across websites to deliver relevant ads. Consent Mechanism: On the first visit, you may be prompted with a cookie banner allowing you to accept or reject specific categories of cookies (except those strictly necessary). You may also opt out by adjusting your browser settings or using our preference centre (if available). 8. User Rights under GDPRUnder Articles 12–22 GDPR, you have the following rights (subject to certain legal limitations):1. Right of Access (Art. 15)• Obtain confirmation whether we process your data and request a copy.2. Right to Rectification (Art. 16)• Correct inaccurate or incomplete data.3. Right to Erasure (“Right to be Forgotten,” Art. 17)• Request deletion of data if it’s no longer needed or there is no lawful ground for processing.4. Right to Restrict Processing (Art. 18)• Temporarily limit processing under certain circumstances.5. Right to Data Portability (Art. 20)• Receive your data in a structured, commonly used format to transfer to another controller.6. Right to Object (Art. 21)• Object to processing based on legitimate interests or direct marketing.7. Right not to be subject to Automated Decision-Making (Art. 22)• Not to be subject to a decision based solely on automated processing if it produces legal or similarly significant effects. Exercising Your Rights To exercise these rights, please get in touch with us at [email address in Section 12]. We will respond within one month (extendable up to two months for complex requests) by Art. 12(3) GDP. If an extension is required, we will notify you and explain the reason. 9. MinorsOur services are not intended for individuals under 18 years old. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please get in touch with us, and we will promptly delete it. 10. Consent WithdrawalWhere our processing is based on consent (e.g., optional marketing emails or certain cookies), you can withdraw this consent anytime. This does not affect the lawfulness of any processing before the withdrawal. You can withdraw by:• Unsubscribing from marketing emails via the link provided in the email or• Adjust cookie preferences or email us at [email protected]. 11. Changes to This PolicyWe may periodically update this Policy to reflect legal or operational changes. When we do, we will revise the “Last Updated” date above and notify you prominently (e.g., via email or a notice on our Site) if required by law. Please review this page regularly to stay informed of any updates. 12. Contact Us / ComplaintsIf you have questions or concerns about how we process your data, or if you wish to exercise any of your GDPR rights, please get in touch with us:• Email: [email protected]• Postal Address: Chudenická 1059/30, 102 00 Prague - Hostivař, Czech Republic• Data Protection Officer (DPO): DAVID SHAVDATUASHVILI, [email protected], +380508700070 Suppose you believe our processing violates GDPR or other data protection laws. In that case, you can complain to your local supervisory authority (e.g., in the EU, your national Data Protection Authority). If you believe that our processing of your personal data violates GDPR or other applicable data protection laws, you have the right to file a complaint with your national Data Protection Authority (DPA) within the European Economic Area (EEA).If you request the deletion of your personal data, please note that in some cases we may be legally required to retain certain information to comply with anti-money laundering (AML) regulations, financial laws, or other legal obligations. By continuing to use our Site and services, you confirm that you have read and understood this Privacy Policy. We may periodically update this Privacy Policy to reflect legal, regulatory, or operational changes. If we make significant modifications, we will notify you through appropriate means, such as email notifications, a notice on our Site, or other reasonable methods.