Last Updated: 05/01/2026

PRIVACY POLICY

Last Updated: 04/01/2026 Compliance: GDPR (EU 2016/679) & MiCA Data Standards

1. DATA CONTROLLER

AURUMRWA Ltd. 123 Finance Street, Dublin, Ireland DPO Contact: dpo@aurumrwa.com

---

2. DATA WE COLLECT

2.1 Information You Provide

• Identity Data: Name, Passport/ID, Selfie, Address (for KYC).
• Contact Data: Email, Phone number.
• Financial Data: Source of funds, Tax ID, Bank account details.

2.2 Automated Collection

• Blockchain Data: Public wallet address, transaction history (on-chain data is public).
• Device Data: IP address, Browser type, Time zone.

---

3. HOW WE USE YOUR DATA

1. Service Provision: To process investments and manage token ownership.
2. Regulatory Compliance: To comply with AML/CFT (Anti-Money Laundering) directives (5AMLD/6AMLD).
3. Security: To detect fraud and unauthorized access.

Legitimate Interest: We analyze on-chain activity to prevent market abuse (MiCA Art. 87).

---

4. BLOCKCHAIN & DATA IMMUTABILITY

WARNING: Data written to the blockchain (Wallet Address, Transaction Amounts) is immutable and publicly visible.

• We cannot erase data from the blockchain.
• By using the service, you acknowledge this inherent characteristic of DLT (Distributed Ledger Technology).
• We do NOT store your name or physical address on-chain.

---

5. DATA SHARING

We share data with:

• KYC Providers: Sumsub, Onfido (for identity verification).
• Custodians: If assets are held by third-party custodians.
• Regulators: When required by law (e.g., Suspicious Activity Reports).

---

6. YOUR RIGHTS (GDPR)

• Access: Request a copy of your data.
• Rectification: Correct errors (mostly off-chain data).
• Erasure: "Right to be forgotten" (applies to off-chain databases only).
• Portability: Receive your data in JSON/CSV.

To exercise rights, utilize the Data Request Form in your dashboard settings.

---

7. SECURITY MEASURES

We use AES-256 encryption, role-based access control (RBAC), and regular penetration testing. However, no system is 100% secure.