Thalex Digital Assets Platform S.R.L., a Limited Liability Company incorporated in the Republic of Costa Rica, registered under company number 3-102-919910 and with its registered office at Provincia San José, Cantón San José, Mata Redonda, Barrio Las Vegas, dificio de dos pisos y azul, diagonal al Colegio La Salle, con rótulo Salas y Garro Abogados, Republic of Costa Rica (“Thalex”, “we”, “us” or “our”) operates a platform on which Cryptocurrency derivatives are traded (the “Platform”). In order to provide our Services to you, we need to process certain data about you, that may categorize as Personal Data. We take your privacy seriously and will always process your Personal Data in accordance with the stipulations of this Privacy Notice, our Data Protection Policy, our Cookie Policy and Applicable Law.
You can find information about us, the Platform and our legal basis to process your personal data in this Privacy Notice. Any capitalised terms not defined in this Privacy Notice have the meaning as given to them in our Terms of Use.
This Privacy Notice describes our current practices in relation to the collection, handling, processing, use and disclosure of personal information through our websites, online and offline pages and applications, features, mobile applications, API, for the provision of Services via the Platform. It also deals with how you can complain about a breach of the privacy laws, how you can access the personal information we hold about you and how to have that information corrected. We encourage you to read this Privacy Notice carefully before proceeding further as it forms part of our Terms of Use.
This Privacy Notice applies to all visitors of the Website, or users of the related APIs, that share personal information with us. Whether you are a mere visitor of the Website, contact us directly or submit personal information in another way, we will always process your personal data in accordance with this Privacy Notice.
IF YOU WANT TO ENSURE YOUR PRIVACY RIGHTS ARE NOT AFFECTED IN ANY WAY, YOU SHOULD NOT TRANSACT ON BLOCKCHAINS AS CERTAIN RIGHTS WILL NOT BE FULLY AVAILABLE OR EXERCISABLE BY YOU OR US.
IN PARTICULAR, THE BLOCKCHAIN IS AVAILABLE TO THE PUBLIC AND ANY PERSONAL DATA SHARED ON THE BLOCKCHAIN WILL BECOME PUBLICLY AVAILABLE.
The Website and the Platform are made available by Thalex. Thalex is the Data Controller for the processing of your Personal Data. As such, it must process it, this is, collect it, share it and store it in accordance with Applicable Law.
Blockchain technology, also known as distributed ledger technology (or simply ‘DLT’), is at the core of our business. Blockchains are decentralized and made up of digitally recorded data in a chain of packages called ‘blocks’. The manner in which these blocks are linked is chronological, meaning that the data is very difficult to alter once recorded. Since the ledger may be distributed all over the world (across several ‘nodes’ which usually replicate the ledger) this means there is no single person making decisions or otherwise administering the system (such as an operator of a cloud computing system), and that there is no centralized place where it is located either.
We collect and processes various categories of personal data at the start of and for the duration of our relationship with you. Some categories of personal data are kept beyond the termination of our relationship where so required by law. We limit the collection and processing of information to what is necessary to ensure compliance with our legal, regulatory and contractual obligations. When you register an Account and/or use the Website, or when you interact with us via email, social media or other means of contact, we may ask you for the information we need to verify your identity and support the Services provided on the Website in order to facilitate trading of the Admitted Contracts. This can include a broad range of information, as per below.
3.1. Personal Information
This may include full name, home address, age, signature, e-mail address, mobile number, date of birth, nationality, passport number, driver’s license details, national identity card details, photographs, employment information, utility bills, cryptographic wallet ‘public keys’ and /or financial information. We may also ask you to provide evidence of your identity such as asking for a copy of your passport or driving licence, and proof of residence and/or proof of income.
3.2. Logging Information
We may collect log information about your use of the Website, including the type of browser you use, app version, access times, pages viewed, your IP address, any other network identifiers, and the page you visited before navigating to the Website.
3.3. Device Information
We may collect information about the computer or mobile device you use to access the Website, including the hardware model, operating system and version, unique device identifiers, and mobile network information.
3.4. Activities on the Platform
We may collect records of your activities on the Website and on the Platform, including, any content you visit and/or comment, and including trades, your Account details, the time, value and Cryptocurrency of any deposit, withdrawal or transaction made.
3.5. Location Information
In accordance with your device permissions, we may collect information about the precise location of your device.
3.6. Use of Cookies and tracking technologies
We may use different technologies to collect information, including cookies and web beacons – please see Section 7 for more detail.
3.7. Sensitive information
Thalex does not collect sensitive information, albeit some sensitive information can be construed from other information you share with us.
We process your Personal Data based primarily on your consent, as per section 6. We collect Data from you based on your interactions with our Website and/or our Platform, your use of our Services, and your interactions with us via social media or via our communication channels.
4.1. Data Collection
We may collect Data (i) during your interactions with us, (ii) at onboarding as you open an account; (iii) processing any transactions for the purposes of utilizing the Services; (iv) providing support during your tenure as a Participant, and to (v) inform you, and keep you updated of any content or promotional articles we may issue from time to time. We may also collect data from publicly available sources, or from third parties, provided it has been lawfully obtained and processed.
4.2. Data Sharing
We may share Data with third parties, namely with Data Processors, as per below, to assist us providing the Services to you, and/or discharging our legal and contractual obligations. In addition, we may share your Personal Data with regulators, law enforcement agencies, government agencies, courts, tribunals and other public entities. We may, provided we have the right safeguards in place, share your data with auditors, consultants, whether internal or external, and, in the event of a corporate event such as corporate acquisition, sale or merger, we may share some or all Personal Data with third parties, for lawful purposes. In addition, we may share your data with any novating entities and entities affiliated with Thalex without limitation. We will not share your data for marketing purposes without your clear and specific consent. In addition, we may share your Data (i) with our affiliated companies and entities, (ii) with third parties for the provision of ancillary services, or support services, such as software providers and servers, and (iii) with persons who refer you to the Platform.
4.3. Data Processors
We use Data Processors to help us discharge certain obligations, such as (i) complying with our due diligence and anti money laundering legal requirements, (ii) process your requests and support, (iii) store your Personal Data (section 7), and (iv) comply with our contractual obligations. We take all reasonable steps to ensure that our Data Processors comply with the Applicable Law, or, at least, with a legal regime similar to the EU GDPR, and have effective measures and practices in place to prevent any unlawful use or access to your Data.
4.4. Transfers to Third Countries
We may, in certain circumstances where necessary (for example when we process and store your personal information using data centers located outside the European Union), transfer the personal information we collect about you to countries outside the European Union. Where no adequacy decision is made in respect of that country this means that the country to which we transfer your data is not deemed to provide an adequate level of protection for your personal information. However, to ensure that your personal information receives an adequate level of protection we have put in place appropriate measures to ensure that your personal information is treated in a way that is consistent with and which complies with EU GDPR for example by stipulating this as part of our contract with our third-party suppliers.
If you would like further information about the safeguards in place for transfers of personal information to other third parties outside of the European Union, under the applicable data protection laws, please contact us using the details below.
The Data that we collect from you may be processed and stored in a country that is different from the country in which Thalex is registered and incorporated. It may also be transferred outside of the country in which Thalex is registered and incorporated, and processed by staff operating in another country but who are nevertheless employed by us, one of our affiliates, suppliers, introducers, business partners, agents or third-party service providers.
In all cases, we will take all steps reasonably necessary to ensure that your personal information is treated securely and in accordance with our legal obligations and standards. Where this is not possible and we are required to disclose your personal information, for example because we are required by law to disclose your personal information, we will do this in accordance with applicable legal and regulatory obligations.
We process your Personal Data to:
We may, from time to time, process your Personal Data for reasons other than this section 5, provided this is done with a lawful basis and does not harm your Data Protection rights. We will notify you in the event of any material changes to this processing and give you the option to oppose such processes, in the terms of section 8 below.
In accordance with Applicable Law, Personal Data must be processed lawfully, fairly and in a transparent manner in relation to the Data Subject (‘lawfulness, fairness and transparency’). It must be collected for specific and legitimate purposes, and be processed in a manner that is consistent with those purposes.
6.1. Consent
We will very likely rely on your consent to process your Personal Data. Your consent must be freely given, and the processing of your Personal Data based on consent is limited to the matters to which you gave consent to. By accessing our Services or interacting with us, you give consent to our process your Data for the purposes of providing such Services, including any contractual and pre contractual information, with a view to service you and onboard you as a Participant.
6.2. Compliance with Laws & Regulations
We may also process your Data base on legal obligations, irrespective of your consent. We have an obligation to identify you and comply with certain rules and regulations related to money laundering, terrorist funding, proliferation funding and sanctions management, as well as undertaking identify verification, and source of funds and source of wealth confirmation, as applicable. In addition, we may flag any suspicious activities to the relevant law enforcement agencies, which don’t require consent and may be done based on legal obligation.
6.3. Performance of a Contract
As you enter into an Agreement with us, we may process your Data based on a requirement to deliver and comply with our obligations of that contract.
6.4. Legitimate Interest
We may also process your personal data where it is in our legitimate interests (or the interests of a third party) to do so, provided that those interests override your interests or fundamental rights or freedoms. There may be cases where your interests and fundamental rights could override our legitimate interests. This may happen in cases where personal data are processed in circumstances where you do not reasonably expect further processing. We will always need to (i) identify a legitimate interest (ii) show that processing is necessary to achieve it; and (iii) balance it against your interests, rights, and freedoms. Some non-exhaustive examples of situations where we may seek to pursue legitimate interests are:
We strive to maintain the relevance, reliability, accuracy, completeness and currency of the Personal Data we hold and to protect its privacy and security. We keep personal data only for as long as is reasonably necessary for the purpose for which it was collected or to comply with any applicable legal or ethical reporting or document retention requirements. We will not retain your Personal Data in a form which permits the identification of the data subject for longer than needed for the legitimate purpose or purposes for which we originally collected it, including for the purpose of satisfying any legal, accounting or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. At the end of the retention period, we will securely delete or destroy data retained, and require our Data Processors or third parties suppliers to do the same.
7.1. Data Security
Thalex will take all reasonable steps to ensure that your Personal Data is kept safe, including, but not limited to, having systems and controls in place to limit access to the Data, encrypt the Data, having regular internal and/or external audits to review the integrity of the data and the robustness of our systems. We process your personal data with the greatest possible care and scrutiny. This means we will adopt appropriate technical and organisational measures to ensure that all the information is correct, current and complete and to prevent it from being accessed by unauthorised persons inside and outside our organisation. For example, we may use the following types of measures, where appropriate: (i) encryption of personal information, (ii) back-up servers and facilities, (iii) testing, and (iv) ongoing monitoring of the effectiveness of security measures. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
You have certain rights and protections regarding the processing of your Personal Data, albeit the exercise of those rights may be restricted or not available for legal limitation or operational limitations, if due. You can exercise the following rights, free of charge, unless we deem your request repetitive and/or unfounded.
8.1. Right of Access
You are entitled to request a copy of the information we hold about you, and the third parties with whom we are processing it.
8.2. Right of ratification
You are entitled to request incomplete or incorrect information we hold about you to be corrected and updated.
8.3. Right to be forgotten (erasure)
You are entitled to have all data we hold about you deleted, and any processing halted, in case you object to the processing of data.
8.4. Right of objection
Where we are processing your data based on legitimate interest, you are entitled to request such processing to be halted, and data held to be removed or having its processing restricted.
8.5. Right of restriction
You have the right to restrict an processing of your data.
8.6. Right of transfer
You have the right to request your data to be transferred to another party
8.7. Right of objection to automated decision making
You have the right to contest any automated decision making and request human intervention.
To exercise any of the rights above, or to contact Thalex in relation to any issues related to Data protection, please use the email address:
Please note that whilst we take all reasonable steps to ensure a fair an unimpeded exercise of rights, we will always act within the boundaries of Applicable Law, meaning that you may not be able to fully exercise all the rights on this section 8, namely where such disclosure would:
Should you not be satisfied with Thalex in respect of your Personal Data handling, please see here a list of local regulators that you can contact.