This Privacy Policy describes how EX GROUP s.r.o. ("EX GROUP", "we", "our", "us") collects, processes, uses, stores, and protects personal data when you access or use our website, services, and related products (collectively referred to as the "Services"). It also explains your rights and the ways you can exercise them.
Controller
EX GROUP s.r.o.
Registered address: Školská 689/20, Nové Město, 110 00 Praha 1, Czech Republic
Registration Number: 21719420
Phone: +48 732 098 812
Email: contact@exgroup.cz
We process personal data in compliance with Regulation (EU) 2016/679 (GDPR) and Act No. 110/2019 Sb. on the Processing of Personal Data, as well as applicable AML regulations in the Czech Republic and EU (including MiCA framework where applicable).
1. Definitions
Personal Data – any information relating to an identified or identifiable individual.
Special Category Data – sensitive data such as biometric data, health information, or data revealing ethnic origin (Art. 9 GDPR).
Criminal Data – information related to criminal convictions or offences (Art. 10 GDPR).
Processing – any operation performed on personal data (collection, storage, use, etc.).
Controller – the entity determining how and why personal data is processed.
Processor – an entity processing data on behalf of the controller.
2. Data We Collect
2.1 Data provided by you
- Account registration & onboarding
Full name, date of birth, nationality, residential address, email, phone number, login credentials
- KYC / AML verification
Identification documents, selfies or video verification, biometric data, proof of address, source of funds, tax-related information
- Business clients
Company registration documents, beneficial owners (UBO), directors, company address, banking details
- Transactions
Transaction details, crypto assets, payment references
- Support communications
Emails and support requests
2.2 Automatically collected data
- Cookies & tracking technologies
Device data, language preferences, browsing behavior
- Technical logs
IP address, browser type, operating system, timestamps, activity logs
2.3 Data from third parties
Identity verification providers
Verification results, AML risk scores, sanctions screening
Payment providers
Transaction confirmations, partial payment details
Public databases
Sanctions lists, PEP registers, adverse media
3. Special Category & Criminal Data
As part of identity verification, we may process biometric data and, where required, information related to criminal records or sanctions. This processing is necessary to comply with anti-money laundering obligations and to prevent financial crime, in accordance with GDPR and Czech AML legislation (Act No. 253/2008 Sb.).
4. Purpose and Legal Basis
We process personal data for the following purposes:
- Account management – performance of a contract
- Identity verification (KYC/AML) – legal obligation
- Transaction processing – contract performance and security interests
- Fraud prevention – legitimate interest
- Marketing – based on your consent
- Regulatory compliance – legal obligation
- Service improvement – legitimate interest
5. Automated Decision-Making
We may use automated tools to assess risk and detect suspicious activity. However, no final decision that significantly affects you is made solely by automated systems — all such decisions are reviewed by a human специалист.
6. Data Sharing
We may share your data with:
- Identity verification providers (for compliance checks)
- Payment service providers (for processing payments)
- IT and hosting providers (for infrastructure and security)
- Analytics and marketing partners (based on consent)
- Authorities and regulators (where legally required)
- Business partners in case of restructuring or mergers
We do not sell your personal data.
7. International Transfers
Personal data is primarily stored within the European Economic Area (EEA). If data is transferred outside the EEA, we ensure appropriate safeguards such as:
- Adequacy decisions
- Standard Contractual Clauses (SCCs)
- Encryption and security measures
8. Data Retention
We retain personal data only as long as necessary:
- KYC data – up to 5 years after account closure
- Transaction records – up to 10 years
- Marketing data – until consent is withdrawn or inactive
- Support communications – up to 5 years
- Cookies – up to 13 months
After this period, data is deleted or anonymized.
9. Security Measures
We implement strong security controls, including:
- Encryption (TLS, AES-256)
- Secure EU-based servers
- Access control and authentication (MFA)
- Regular security testing
- Continuous monitoring and incident response
10. Your Rights
You have the following rights:
- Access your data
- Correct inaccurate data
- Request deletion
- Restrict processing
- Data portability
- Object to processing
- Withdraw consent
To exercise your rights, contact: contact@exgroup.cz
We will respond within one month.
11. Children's Privacy
Our services are not intended for individuals under 18. We do not knowingly collect personal data from minors.
12. Changes to this Policy
We may update this Privacy Policy periodically. Updates will be published on our website, and significant changes may be communicated directly.
13. Contact
If you have questions regarding this Privacy Policy or data protection:
EX GROUP s.r.o.
Školská 689/20, 110 00 Praha 1, Czech Republic
Email: contact@exgroup.cz
Phone: +48 732 098 812
© 2026 EX GROUP s.r.o. – All rights reserved.