INVITY
Privacy Policy

How we treat your personal data…

Last updated: '1 March 2023

What is Invity?

Invity is a platform operated by our company mainly on the https://www.invity.io website, within the Invity App and also in some sections of the Trezor Suite downloadable software application and online software interface developed and operated by Trezor Company s.r.o. and available at https://suite.trezor.io/ website, whereas these sections of the Trezor Suite will always be marked “operated by Invity'' or similarly and include mainly the Trade sections of Trezor Suite, (the “Website”). Our business consists of a part that advertises third-party websites and services including, but not limited to, cryptocurrency exchange, purchase and sale services, or cryptocurrency hardware wallets sales (“Advertised Services”) and a part, in which we provide cryptocurrency purchase and sale as well as cryptocurrency custody services directly to users (Provided Services”) (Advertised Services and Provided Services also collectively as the “Services”).

Why should I read this document?

You may have heard about Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the ”Regulation”) more commonly known as GDPR. Under the Article 13 and 14 of the Regulation, we must provide our customers and other data subjects with information on the collection, handling, protection and processing of their personal data. Therefore, in this Privacy Policy you may learn more about these topics regarding the personal data that we collect when you access the Website and/or use the Services.

Who collects my personal data?

Any personal data collected in connection with the access to and use of the Website, as well as any data collected in connection with the access to and use of the Advertised Services are collected by a commercial company calledInvity.io s.r.o., incorporated and existing under the laws of the Czech Republic, Id. No. 083 88 032, with registered office at Kundratka 2359/17a, Libeň, 180 00 Prague 8, Czech Republic, registered in the commercial register kept by the Municipal Court in Prague under file No. C 318166 (“Invity.io s.r.o.”). For this personal data, Invity.io s.r.o. is the controller. Any personal data collected in connection with the access to and use of the Provided Services are collected by Invity Finance UAB, incorporated and existing under the laws of Lithuania, Id. No. 306132766, with registered office at Eišiškiu Sodu 18-oji St. 11, Vilnius, Lithuania (“Invity Finance UAB”), who is registered in the lithuanian commercial register as Cryptocurrency Exchange Operator and Cryptocurrency Wallet Operator. For this personal data, Invity Finance UAB is the controller.

What personal data do you process?

Personal data collected in connection to the use of the Website and access to and use of to the Advertised ServicesWhen you access the Website and/or use the Advertised Services, we will, as a data controller, collect, store and process your personal data. The collection of your personal data in connection to the use of the Website and access to the Services is as limited as possible. We usually collect and process only the following personal data:

  • your IP address;
  • information filled in by you in the user account area (cryptocurrency wallet address etc.);
  • other information about you and your activities on our Website accessible in the user account area (history of your activities and transactions, KYC status for some of the third-parties etc.).
In case you have created a user account, we will collect and process also the following personal data:
  • your email address;
  • your phone number;
  • a Universally Unique Identifier (UUID) generated by us, serving as a customer ID.
As we have stated above, we do not provide you the Advertised Services and we do not serve as an agent of the third parties who actually provide the Advertised Services (the “Providers”). We solely advertise the Advertised Services and sometimes allow you access to the Advertised Services through our Website. Therefore, all of your personal data related to the provision of the Advertised Services (such as your identification or details of the transaction) are collected, stored and processed solely by the Providers not by us.
Only the Providers are processing these data as data controllers. We do not process these personal data as a data controller, we do not determine the purpose or means of the processing, we do not know for how long these data are processed, we do not know and we are not responsible for how these data are processed and protected.
Processing of these personal data is governed by the privacy policy of the respective Provider. We always let you know the Provider of the particular Advertised Service on our Website so that you could acquaint yourself with their terms and conditions as well as with their privacy policy.
If you have any troubles with accessing the terms and conditions or privacy policy of a Provider, we are ready to help you via the support email address mentioned below. However, we are not able to answer your questions or objections related to this data processing since we do not control it. We are not responsible for fulfillment of the obligations imposed on the Provider as a data controller.
We may be granted access to these personal data controlled by the Provider and process them only in case the Provider provides us with such data for a particular reason. In that event we will process your personal data as a data processor pursuant to the terms agreed between us and the respective Provider. That does not change anything for you - the data processing will still be governed by the terms of the respective Provider.

Personal data collected when providing the Provided ServicesTo be able to provide you with the Provided Services based on the Invity Finance Terms of Use available on the Website, specifically to enable you to create the User Account, to manage your User Account, we collect and process the following personal data:

  • your name;
  • your email address and your phone number;
  • your transaction history and any other Invity App usage data.
We may collect this personal data directly from you, we may also collect them automatically when you use the Invity App and we may also collect them via third parties, such as the payment service provider or the custody provider.

Personal data collected in connection with our compliance with Anti-money laundering and Know Your Customer procedures

To be able to provide you with the Provided Services, we need to ask you to verify your identity and provide us with required information so that we may correctly assess risks connected with money laundering, terrorist financing and to correctly verify your identity. In connection with the procedures mentioned above, we collect and process the following personal data:

  • your name;
  • your email address and your phone number;
  • your date of birth, address of your residency, citizenship, country of tax residence, source of funds and income, copy of your identification documents and any personal data contained in them, bank details;
  • your payment data, your transaction history;
  • any other personal data required for us to comply with the applicable legislation.

Personal data collected when you request support

If you send us an email requesting support, we will try to answer your question or help you to solve any problem related to the Website and/or the access to the Services. In connection with provision of the above support, we collect and process also the following personal data:

  • your email address;
  • content of the emails you send us and other personal data related to our communication.

Personal data collected when you subscribe to our newsletter (commercial communications)

On the website, you may subscribe to our newsletter by entering your email, clicking on the subscribe box. If you subscribe to our newsletter, we will regularly inform you about the latest news from Invity, in particular about our services and products.
As a data controller, we collect, store and process the email addresses of users who subscribe to our newsletter.
In case you change your mind and you do not want to receive the newsletter anymore, you can unsubscribe any time for free. We will always indicate within the newsletter how to unsubscribe.

Payment gateways

Our Website contains links to payment gateways provided by third parties which you may use in order to make payments while using the Services. You will have to fill in your personal data related to the payment when using the payment gateways.
These data are processed by the respective provider of the payment gateway as a data controller and the data processing is governed by terms and conditions and privacy policy of the payment gateway provider. We do not process these data and we do not have any access to such data unless stated otherwise herein. We will always include the name of the payment gateway provider on the Website, so you may contact them to find all the information about how the payment gateway provider treats your personal data.

Why do you process my personal data?
Personal data collected in connection to the Website and/or the use to the Services

It is quite simple. We collect, store and process the above mentioned personal data in order to allow you the use of the Website and/or the use of the Services.
To comply with legal requirements, we must mention that we collect, store and process such personal data pursuant to Article 6 (1) (b) of the Regulation. That means that processing of such personal data is necessary for the performance of a contract which we concluded - the contract established between you and our company when you access and use the Website and/or use the Services. We may also collect, store and process such personal data pursuant to Article 6 (1) (f) of the Regulation. That means that it is in our legitimate interest to collect, store and process such personal data (even when the contract is terminated), since we have to be able to protect ourselves during the period when you or any third party may contest that we have broken any of our obligations or have violated any applicable laws in relation to the requested issue.

Personal data collected in connection with our compliance with Anti-money laundering and Know Your Customer procedures

To comply with legal requirements, we must mention that we collect, store and process such personal data pursuant to Article 6 (1) (c) of the Regulation. That means that we must collect, store and process such personal data to comply with legal requirements. If you would not provide us with this personal data, we will not be able to provide you with the Provided Services.

Personal data collected when you request support

To comply with legal requirements, we must mention that we collect, store and process such personal data pursuant to Article 6 (1) (f) of the Regulation. That means that it is in our legitimate interest to collect, store and process such personal data due to the fact that we need to be able to provide you with support connected to our Website and/or Services.

Personal data collected when you subscribe to our newsletter (commercial communications)

As we have stated above, we collect, store and process these personal data because you subscribed to our newsletter. So we are processing your email in order to send you the newsletters.
To comply with legal requirements, we must mention that we collect, store and process such personal data pursuant to Article 6 (1) (a) of the Regulation. That means that you have given us consent to the processing of your personal data for the commercial communications purpose.
In order to be able to prove that you have given us your consent to sending our newsletter (and processing your personal data for the commercial communications purposes), we may collect and store the information that you have given us this consent (e.g. the logs). We collect and store these data pursuant to Article 6 (1) (f) of the Regulation. That means that it is in our legitimate interest to collect, store and process such personal data.

For how long will you process my personal data?

We process and store your personal data only for the time necessary to meet the purposes of its processing specified above, or for the time consented by you, or for the time that is either necessary to comply with our obligations under the applicable law or set forth by the applicable law or in accordance therewith. We comply with the mandatory rules for data archiving.
Once the purpose of the personal data processing disappears, we will destroy the personal data.

Personal data collected in connection to the Website and/or the use of the Services, when you request support

We will process and store such personal data for the duration of the contract established between you and our company when you use and access the Website and/or access the Services or until an issue requested by you is solved and also for the subsequent period thereafter that is either necessary to comply with our obligations under the applicable law or set forth by the applicable law or in accordance therewith, or during which you or any third party may contest that we have broken any of our obligations or have violated any applicable laws in relation to the requested issue.

Personal data collected in connection with our compliance with Anti-money laundering and Know Your Customer procedures

We will process and store such personal data for the duration of the contract established between you and our company and for a time period of 8 years after the contract is terminated. We may be requested by a supervisory authority to store such personal data for an additional period of 2 years in exceptional cases and when required by applicable legislation.

Personal data collected when you subscribe to our newsletter (commercial communications)

We will process and store such personal data (your email) until you unsubscribe to our newsletter. You can unsubscribe any time for free. We will indicate how to unsubscribe within the newsletter.
We will process and store the information that you have given us the consent (e.g. the logs) to send you newsletter for the duration of the consent and also for the subsequent period thereafter that is either necessary to comply with our obligations under the applicable law or set forth by the applicable law or in accordance therewith, or during which you or any third party may contest that we have broken any of our obligations or have violated any applicable laws in relation to the commercial communications sent to you.

Who will have access to my personal data?

We take care of your personal data security and so we choose the partners to whom we entrust your personal data very carefully.
All our partners must be able to provide sufficient security of your personal data to prevent unauthorized or accidental access thereto or other abuse thereof and all our partners must undertake a confidentiality obligation and must not use your personal data for any purpose other than the purpose for which the data were made available to them.
The recipients that may have access to your personal data are following:

  • persons who provide us with the technological services or technology operators that we use to provide our services;
  • persons who provide our services and websites with security and integrity and who regularly test such security and integrity;
  • providers of accounting, legal and administrative services;
  • our staff.
Our aim is and always will be to ensure your personal data are as anonymous as possible and unavailable to all third parties. However, under certain specifically defined conditions we will be under some circumstances required, in accordance with the applicable law, to transfer certain personal data to public authorities.
When collecting, storing and processing personal data we sometimes may use personal data processors, which under some circumstances transmit your personal data to third countries. In such an event we always make sure such transmission is compliant with the Regulation. In particular, we specify that the personal data may be transmitted to the United States of America and in such event the transmission is compliant with the Regulation.

How is my personal data protected?

All your personal data is secured by standard procedures and technologies using the industry best practice approach. We provide data protection against unauthorized or accidental access, alteration, destruction, loss, unauthorized transmission or any other unauthorized processing, as well as against any other abuse of records containing the personal data. We are not able to guarantee the security of your personal data without your help and responsible behavior. Therefore, we ask you to help us ensure the security of your data by keeping it secret.

Do you use cookies?

On our Website we use cookies to analyze traffic and to personalize content and ads. We will, as a data controller, collect, store and process any personal data collected by such cookies (the personal data may include your IP address, information about your activity on our website, information about your advertisement preferences etc.). It is in our legitimate interest to collect, store and process such personal data for marketing purposes and for website traffic analysis, since (i) it allows us to improve our products and services and to provide you with personalized content and advertisement, (ii) we do not attempt to identify you using such personal data, (iii) there is little to no restriction of your interests, rights and freedoms, and (iv) you may at any time delete stored cookies permanently and change your cookie settings to disable or limit storage of any new cookies. Please, read our Cookie Policy available on our website to learn more about the cookies that we use.

What are my rights in relation to personal data protection?

In relation to the personal data you shall have in particular the following rights:

  • a right to withdraw your consent at any time;
  • a right to correct or make additions to the personal data;
  • a right to request restrictions to processing of your personal data;
  • a right to object or complain against processing of your personal data under certain circumstances;
  • a right to request transfer of your personal data;
  • a right to access your personal data;
  • a right to be informed of the personal data security breach under certain circumstances;
  • a right to request deletion of your personal data (a right to be „forgotten“) under certain circumstances; and
  • other rights set forth in Act No. 110/2019 Coll., on personal data processing (Personal Data Protection Act) and the Regulation.
You have a right to object, on grounds relating to your particular situation, at any time to processing your personal data which is based on Article 6 (1) (f) of Regulation (it means that we have legitimate interest to process such personal data). You have also a right to object to processing your personal data for direct marketing purposes.
Additionally, you have a right to contact the Office for Personal Data Protection with a request for remedial measures in case of any violation of the obligations set forth in the Regulation at the following addresses: Czech Republic: Office for Personal Data Protection, Pplk. Sochorova 27, 170 00 Prague 7, Czech Republic, phone number +420 234 665 111 (central telephone exchange). Lithuania: Lithuanian State Data Protection Inspectorate, L. Sapiegos str. 17, 10312 Vilnius, Lithuania, phone number +370 5 212 7532

How can I contact you?

If you have any questions regarding this Privacy Policy, please do not hesitate to contact us using the contact details below:

Contact address: Kundratka 2359/17a, Libeň, 180 00 Prague 8, Czech Republic

Email address': [email protected]