Privacy Policy

Personal Data Protection

General Data Protection Regulation (EU) 2016/679 ('GDPR')

J2TX Ltd (hereinafter “the Company”) is committed to handling your personal data with transparency and integrity. When processing personal data provided by you, the Company is subject to the provisions of the General Data Protection Regulation (EU) 2016/679 ('GDPR') and any applicable data protection laws or regulations of the Republic of Cyprus. The Company acts as a controller and processor of your personal data under GDPR, which means that it determines solely or jointly with others, the purposes and means of the processing of your personal data.

This Privacy Policy provides, inter alia, information on the following key areas:

  • a) the categories of personal data that are collected and processed by the Company and the purposes of that processing;
  • b) the legal basis for the processing of your personal data;
  • c) the recipients or categories of recipients of your personal data;
  • d) the principles relating to the processing of your personal data;
  • e) your rights under applicable legislation and an explanation of how those rights can be exercised.

Definitions

For the purposes of this Privacy Policy, the following definitions shall apply. These are consistent and in accordance with the General Data Protection Regulation (EU) 2016/679.

  • (1) 'personal data' means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
  • (2) 'processing' means any operation or set of operations that are performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  • (3) 'profiling' means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular, to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
  • (4) 'controller' means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
  • (5) 'processor' means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
  • (6) 'recipient' means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
  • (7) 'consent' of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

About the Company

J2TX Ltd is a regulated Crypto Asset Services Provider (CASP), registered in Cyprus under registration number HE 422703 and licensed by the Cyprus Securities and Exchange Commission ('CySEC') under license number 006/22. Our registered office address is at Magnum House, Chrysanthou Mylona 10, Limassol 3030, Cyprus. Details of our authorisation may be found at: Cyprus Securities and Exchange Commission | J2TX Ltd (cysec.gov.cy) .

If you have any questions or concerns relating to the processing of personal data by the Company, you can contact our Data Protection Officer by email at: dpo@j2tx.com or by registered post to: Magnum House, Chrysanthou Mylona 10, Limassol 3030, Cyprus.

Collection of personal data

In order to register for the provision of investment services by the Company, the following personal data is required from you:

  • a) Personal information such as your name, date and place of birth, citizenship, nationality, home address, passport/ ID number, contact details (telephone, email), bank account details, occupation and information on whether you hold/held a prominent public function (for PEPs);
  • b) Financial information about your income, source of funds and investment objectives;
  • c) Documents that verify your identity and residency such as an international passport or national ID and utility bills or bank statements or any other documentation required in order for the Company to be able to verify your identity and residency.

We may also collect and process personal data from public sources (e.g. the Department of Registrar of Companies and Official Receiver, the press, the internet) as well as from risk management suites such as the World-Check database.

Legal basis for the processing of your personal data

The protection of your privacy and personal information is of great importance to us. Your personal data is processed lawfully, fairly and in a transparent manner on the following bases:

  • a) For the performance of a contract

    The processing of your personal data is necessary for the provision of investment services in crypto-assets. In order to be able to render investment services to you and administer our relationship, we need to collect certain information about your identity, financial background and investment objectives.

  • b) For compliance with a legal obligation

    The processing of your personal data is necessary for compliance with the legal obligations emanating from antimoney laundering legislation.

  • c) For the purposes of the legitimate interests pursued by the Company

    The processing of your personal data is necessary for the purposes of the legitimate interests pursued by the Company, where those interests do not infringe your interests, fundamental rights and freedoms. These legitimate interests include business or commercial interests and examples of relevant processing activities include: preparing our defense in litigation procedures; preventing fraud and money laundering activities; managing business and further developing and marketing of products and services.

Your obligation to provide us with your personal data

The provision of your personal data is a requirement necessary to enter into a contract with the Company and as a Client you will have a statutory and contractual obligation to provide and keep up to date and accurate the personal data set out in this Privacy Policy. Failure to provide such data will not allow us to commence or continue our business relationship, as compliance with our legal obligations will be deemed impossible

Recipients or categories of recipients of your personal data

In the course of the performance of our contractual and statutory obligations and for legitimate business purposes, your personal data may be disclosed to:

  • a) Supervisory and other regulatory and public authorities, upon request or where required. Some examples are the Cyprus Securities and Exchange Commission, the Unit for Combating Money Laundering (MOKAS), criminal prosecution authorities.
  • b) Auditors, lawyers, consultants and other outside professional advisors of the Company, subject to confidentiality agreements.
  • c) Third party processors such as payment services providers, companies who assist us with the effective provision of our services to you by offering technological expertise, solutions and support, file storage and records management companies.

International transfer of personal data

Your personal data may be transferred to third countries (i.e. countries outside the European Economic Area), to recipients mentioned in the section “Recipients or categories of recipients of your personal data”, in connection with the purposes set out in this Privacy Policy. We may transfer your personal data to countries that may have different laws and data protection compliance requirements; however, processors in third countries are obliged to comply with the European data protection standards when processing your personal data. Where we transfer your personal data to third countries, we do it on the basis of standard contractual clauses adopted by the European Commission unless such country is recognised by an Adequacy Decision by the European Commission.

Principles relating to the processing of your personal data

We have implemented appropriate technical and organisational measures to ensure appropriate security of your personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage. We take reasonable steps to ensure that your personal data that we process are accurate and, where necessary, kept up to date. From time to time we may ask you to confirm the accuracy of your personal data. We take every reasonable step to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay. We also make sure that all personal data we collect are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

Period for which your personal data will be stored

We will keep your personal data for the duration of our business relationship and for five (5) years after the termination of our business relationship, unless otherwise requested by a competent authority, in line with the provisions of the applicable European and Cyprus legislation on the prevention of the use of the financial system for the purposes of preventing money laundering or terrorist financing. We may keep your data for longer if we cannot delete it for legal or regulatory reasons. In particular, the retention of data is not limited in time in the case of pending legal proceedings or an investigation initiated by a public authority, provided that in each case the Company has been informed of the pending legal proceedings or the investigation initiated by a public authority within the retention period described hereinabove.

Your rights

You have the following rights regarding your personal data we control and process:

  • a) The right to request access to, or copies of, your personal data, together with information regarding the processing of those personal data.
  • b) The right to request rectification of any inaccurate personal data concerning you.
  • c) The right to request, on legitimate grounds and where there is no good reason for us continuing to process it, erasure of your personal data and where such erasure does not contradict other legislation.
  • d) The right to object, on grounds relating to your particular situation, to the processing of your personal data which is based on a legitimate interest pursued by the Company. We shall no longer process your personal data, unless we demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedom or for the establishment, exercise or defense of legal claims. You also have the right to object where your personal data are processed for direct marketing purposes and we shall stop the processing of your personal data for such purposes.
  • e) The right to request restriction of processing of your personal data where one of the following applies: i) your personal data is not accurate and we need to stop processing it until we verify it, ii) your personal data has been used unlawfully, iii) we no longer need your personal data for the purposes of the processing, but you want us to keep it for use in possible legal claims and iv) you have already objected to the processing of your personal data and you are waiting for us to confirm if we have legitimate grounds for the processing of your data.
  • f) The right to have your personal data transferred to another controller, to the extent applicable.
  • g) The right to withdraw your consent, where we process your personal data on the basis of your consent. Please note that any withdrawal of consent shall not affect the lawfulness of processing based on consent before it was withdrawn by you.
  • h) The right to lodge a complaint regarding the processing of your personal data by us.

Any requests you may have concerning the use of your personal data by J2TX Ltd should be made to the Company's Data Protection Officer by e-mail at dpo@j2tx.com or by registered post to Magnum Business Center, Office 4A, Spyrou Kyprianou Avenue 78, Limassol 3076, Cyprus.

Requests for data erasure should be made by completing the “Data Subject Erasure Request Form” which can be found on the Company's website and/or can be obtained upon request from the Company's Data Protection Officer.

Automated decision-making and profiling

The decision to establish a business relationship with you is not based on the automated processing of your personal data and the Company does not conduct automated processing of your personal data (profiling).

Direct marketing

We may process your personal data to contact you, primarily by email, in order to provide you with information that may be of interest to you about products or services offered by the Company or third parties. Please note that in accordance with the applicable law, the processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest pursued by the Company. However, if you do not wish to receive marketing communications from us, you can opt-out at any time by contacting our Data Protection Officer email at dpo@j2tx.com. After you unsubscribe, we will not send you further promotional emails, but we will continue to contact you to the extent necessary for the purposes of any services you have requested.

Changes to this Privacy Policy

At any time, the Company may amend this Privacy Policy. You will be notified about material changes, however, you are encouraged to review this Privacy Policy periodically, so as to be always informed about how we are processing and protecting your personal data.

Data Protection and the Electronic Communications Law

The Law Regulating Electronic Communications and Postal services of 2004 (the Electronic Communications Law) has been enacted for the purpose of harmonization with certain European Directives, including Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications). The Law applies to the processing of personal data in connection with the provision of publicly available electronic communications services in communications networks in Cyprus. According to section 18 of the Law, the Commissioner of Electronic Communications has an obligation to promote the interests of the citizens of Cyprus and of the European Union by, inter alia, contributing to ensuring a high level of protection of personal data and privacy.

How we use cookies

A cookie is a small file that asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us to analyze data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our website, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Personal Information is collected when our users provide personal information to us upon registering for membership or when applying online for an account.