We use your information for the following purposes:

• To verify your identity and complete KYC requirements.
• To process transactions, including crypto-to-fiat conversions and debit card payments.
• To ensure the security of your account and detect fraudulent activity.
• To comply with regulatory requirements, including those mandated by HCMC Greece.
• To improve and personalise your experience with Capital Wallet.

We do not sell or share your personal information with third parties, except as required to provide our services or comply with legal obligations. We may share information with:

• Service Providers: Including Striga Technology OÜ for crypto-backed debit card services, identity verification, and transaction processing.
• Financial Institutions & Payment Processors: To facilitate transactions, including crypto-to-fiat conversions and card payments.
• Regulatory Authorities: Including HCMC Greece when legally required.
• Third-Party Security Services: To enhance fraud detection and identity verification measures.
  
  Data Transfers and Third-Party Service Providers
  
  Capital Wallet, incorporated in Greece, may transfer personal data to trusted service providers (processors) and business partners within the European Union who support our operations. These include providers of technical infrastructure services, trading platforms, client identity verification (including checks for politically exposed persons and sanctions lists), and website management services.
  
  Capital Wallet does not transfer personal data to countries outside the European Union. All data processing activities, including cloud computing, identity verification, and access to web-based services, are strictly limited to jurisdictions within the EU in compliance with the General Data Protection Regulation (GDPR).
  
  In the event of cooperation with public entities, Capital Wallet will only disclose personal data upon lawful and necessary request and strictly within the EU jurisdiction.
  
  Our website may contain links to third-party websites. Please note that we are not responsible for the privacy practices or content of these external sites. We also maintain a strict internal policy prohibiting the sharing of client information with unauthorised third parties under any circumstances.

We implement reasonable security measures to protect your information from unauthorised access, loss, misuse, or alteration, including:

• Encryption of sensitive data.
• Secure storage and processing measures in compliance with GDPR and HCMC Greece regulations.
• Regular security audits and compliance checks.

However, no data transmission over the internet can be guaranteed to be completely secure. Users are encouraged to secure their accounts by safeguarding their login credentials.

We retain your information only for as long as necessary to provide our services and meet legal, regulatory, and operational obligations. The type of data and its purpose determine how long we keep it.

Below are the typical retention periods we follow:

Client Identification and Verification Data (KYC/AML):
Retained for at least 5 years after the end of the business relationship or from the date of a one-time transaction, in accordance with anti-money laundering regulations and requirements from the Hellenic Capital Market Commission (HCMC).

Transaction Data (including crypto-backed debit card transactions processed by Striga Technology OÜ):
Retained for at least 5 years to comply with financial regulations and ensure accurate record-keeping.

Contracts and Business Correspondence:
Retained for up to 6 years following the end of the relationship to protect our legal rights and comply with applicable laws.

Marketing Preferences and Website Usage Data (such as cookies and analytics):
Retained for up to 2 years, unless you withdraw your consent earlier.

Where a specific retention period is not defined, we determine the appropriate duration based on:

- The purpose for which the data was collected
- The nature and sensitivity of the data
- Legal, regulatory, or contractual requirements
- The potential risk of harm from unauthorised use or disclosure

After the relevant retention period ends, your data is securely deleted or anonymised.

The Client has the following rights with respect to their information:

• To access and review their information - The Client has the right to request that the Company provides them a copy of their information.
• To request the correction of any inaccurate or incomplete information - The Client has the right to request the Company to correct, amend or update any information they believe is inaccurate or incomplete.
• To request the deletion of their information, subject to legal and regulatory requirements - The Client has the right to request that the Company erases or destroys their personal information in certain circumstances, including where the Client withdraws their consent, where the data is no longer required for collection purposes or where the data has been unlawfully processed.
• To restrict processing - The Client has the right to request that the Company restricts the processing of their information under certain conditions, including where processing is inconsistent with the reason for which the personal information was collected.
• To object processing - The Client has the right to object to the Company processing their information under certain circumstances, including the right to object to profiling, automation and direct marketing.
• To transfer data - The Client has the right to request the Company transfers the data the last has collected to another organization or directly to the Client, under certain circumstances.
• To Lodge Complaint- If th Client believes that your personal data is being processed in a way that violates the General Data Protection Regulation (GDPR), you have the right to lodge a complaint with a competent supervisory authority. In Greece, this is the Hellenic Data Protection Authority (HDPA). You can find more information at www.dpa.gr.

To the extent that the Company relies on its legitimate interests to use the Client’s information, the Client also has the right to object to such use (unless the Company can either demonstrate compelling legitimate grounds for the use that override the Client’s interests, rights and freedoms or where the Company needs to process the information for the establishment, exercise or defense of legal claims).

To exercise these rights, contact us at [email protected]

Given the global nature of our services, your information may be transferred and processed in countries in EU other than your country of residence, including Estonia (Striga Technology OÜ) and Greece (HCMC regulations). We ensure such transfers comply with applicable data protection laws.

We reserve the right to update this Privacy Policy to reflect changes in our practices or for legal and regulatory reasons. Significant changes will be communicated through our website and application.

For any questions or concerns about this Privacy Policy, contact us at:
Capital Wallet

Email: [email protected]

Website: https://capitalwallet.com

By using Capital Wallet, you acknowledge that you have read and understood this Privacy Policy and consent to our data practices as described herein.

• Account: Includes all wallets and accounts the client holds with the company.
• Capital Wallet Platform (or Platform): The website, subdomains, and web and mobile applications are owned and operated by the company.
• Crypto-Backed Debit Card: A virtual debit card linked to cryptocurrency holdings, enabling fiat transactions.
• Device: Any device, including computers, mobile phones, tablets, or consoles, used to access our services.
• Personal Data or Information: Any information relating to an identified or identifiable individual.
• Services: Includes but is not limited to:
  • Digital Currency to Digital Currency Exchange Services;
  • Digital Currency to Fiat Exchange Services;
  • Fiat to Digital Currency Exchange Services;
  • Crypto-backed Debit Card Services;
  • Digital Currency Payment Processing.
• Website: The Company’s website: https://capitalwallet.com including all its sub-domains.
• Portal / Dashboard: The platform authorised by the company for account monitoring: https://cp.capitalwallet.com.
• GDPR means the EU General Data Protection Regulation

Note: This Privacy Policy complies with the data protection laws and regulations of HCMC Greece and GDPR, as required by our service provider Striga Technology OÜ.