Personal data processing and storage policy
1. General Provisions
1.1. This Privacy Policy governs the collection, use, storage, and protection of personal data of users of the KZ007 service (hereinafter — the "Service"). 1.2. The Policy applies to all information the Service may receive from users when using the website, creating an exchange request, undergoing identification procedures, or contacting support. 1.3. By creating an exchange request on the Service website, the user confirms their agreement with the terms of this Policy and provides consent for the processing of personal data. 1.4. Personal data are processed exclusively for the purposes of financial monitoring, ensuring the security of transactions, and complying with legal requirements in the area of anti-money laundering and counter-terrorism financing (AML/CTF). 1.5. Personal data may only be disclosed to third parties if required by competent governmental or law enforcement authorities.2. Legal Grounds for Data Processing
2.1. Personal data are processed on the basis of:- the user's consent to data processing;
- the necessity to execute exchange operations;
- compliance with legal requirements in the field of financial monitoring;
- prevention of fraud and illegal financial activities.
3. Categories of Collected Data
3.1. Depending on the type of operation, the Service may request the following data: Contact information:- email address;
- phone number.
- cryptocurrency wallet addresses;
- blockchain transaction data;
- details required to complete the exchange operation.
- full name;
- identity document;
- selfie with the identity document;
- proof of residential address;
- proof of source of funds (SoF);
- photographic or video confirmation of identity.
4. Data Collection and Processing
4.1. Personal data are collected when:- creating an exchange request;
- contacting support;
- undergoing AML/KYC procedures;
- conducting transaction security checks.
5. Timing and Procedure for Document Verification
5.1. When financial monitoring procedures require verification, the Service may request documents to confirm the user's identity or source of funds. 5.2. Document verification is conducted in several stages:- preliminary document check — up to 24 hours;
- detailed document verification — 1 to 3 business days;
- overall review period — up to 7–10 business days.
6. Data Retention
6.1. Personal data are stored no longer than necessary to fulfill the Service's obligations to users and to comply with legal and financial monitoring requirements. 6.2. Once the purposes of data processing are achieved or the need for storage ceases, the information is deleted or anonymized.7. Data Protection
7.1. The Service implements technical and organizational measures to protect users' personal data. 7.2. Protection measures include:- modern encryption protocols;
- secure data transmission channels;
- restricted access to confidential information for employees;
- security system monitoring.
8. Disclosure to Third Parties
8.1. The Service does not disclose users' personal data to third parties, except as required by law. 8.2. Users' personal data are not shared with third-party AML providers. 8.3. Data disclosure is only possible:- upon a lawful request from law enforcement authorities;
- upon a requirement from regulatory authorities;
- as part of an investigation of suspicious financial transactions.
9. User Rights
9.1. Users have the right to:- access information about their personal data;
- request correction of inaccurate data;
- request deletion of data if storage is not required by law;
- withdraw consent for data processing within the limits provided by law.