TOKERO Exchange Privacy Policy

This Privacy Policy explains how TOKERO Exchange processes the personal data of users and other individuals who interact with TOKERO Exchange services, in accordance with applicable data protection and privacy laws.

I. Identity of the Data Controller

The personal data controller is HORIZON MOTION INC, with its registered office at Torre Advanced Building, Str. Ricardo Arias, Panama.

For personal data protection enquiries, including requests to exercise rights regarding personal data, you may contact us at [email protected].

II. Scope

This Policy applies to TOKERO Exchange services provided by HORIZON MOTION INC, including the website, applications, user accounts, exchange services, crypto-asset features, support services, operational and commercial communications, campaigns, events, surveys, referral programmes and promotions.

Certain TOKERO Exchange services may require identity verification, compliance, security or risk assessments, depending on the service and the applicable terms.

This Policy does not govern processing conducted independently by third parties, such as banks, payment service providers, external digital wallet providers, third-party platforms, social networks or websites that may be linked from the platform.

III. Categories of Personal Data Processed

Depending on the services used, the type of account, the level of verification, the transactions carried out and applicable compliance requirements, TOKERO Exchange may process the following categories of personal data: identification and contact data; account, authentication and security data; data required for KYC/AML, sanctions, anti-fraud and other compliance assessments; banking, financial and transaction data; data relating to crypto-asset services; technical data and platform usage data; data contained in communications, support requests and complaints; data relating to marketing, campaigns, competitions, surveys and referral programmes; data required for tax compliance and reporting, where such obligations apply.

TOKERO Exchange does not intentionally collect special categories of personal data. If documents or information submitted by users incidentally contain such data, it will be processed only to the extent necessary for the purpose for which it was provided and subject to appropriate safeguards.

IV. Purposes, Grounds for Processing and Retention Periods

Purpose and categories of data Grounds for processing Retention period*
Purpose: Creation and management of a TOKERO Exchange account.
Categories of data: account type, first name, last name, email address, telephone number, copy of an identification document, document confirming the IBAN used for deposits or withdrawals, the user`s image where necessary for identity verification, authentication and security data, account settings and access logs.
Performance of the contract or steps taken before entering into a contract. Legitimate interests in securing accounts, preventing misuse and managing relationships with individual and corporate users. For as long as the account remains active and thereafter for the period necessary to meet applicable compliance, security, tax, accounting and AML/KYC requirements, resolve disputes and protect TOKERO Exchange`s rights, including for up to 10 years where applicable.
Purpose: Providing TOKERO Exchange services, including exchange and trading services provided through the platform or with the involvement of operational partners, as well as deposits, withdrawals, conversions, transaction history and account balance management.
Categories of data: first name, last name, account type, email address, telephone number, IBAN, source-of-funds evidence where necessary, transaction data, deposit and withdrawal addresses, payment methods and technical data.
Performance of the contract. Legal obligations, where applicable. Legitimate interests in service continuity, security and integrity. For the duration of the contractual relationship and thereafter in accordance with applicable legal, accounting, tax, AML, record-keeping or audit periods.
Purpose: KYC, AML, sanctions and anti-fraud assessments.
Categories of data: identification data, identity documents, the user`s image where necessary for identity verification, IBAN or other bank account details, source-of-funds information, occupation, PEP status, beneficial ownership information, information about legal representatives, shareholders or controlling persons for entity accounts, sanctions screening results, transaction data, risk alerts and supporting documents.
Legal obligations, where applicable. Legitimate interests in maintaining a secure and compliant platform. Performance of the contract, to the extent that the assessments are necessary to provide the service. For the duration of the relationship with the user and thereafter for as long as required or justified by applicable law, compliance, audit or reporting requirements, or the need to protect or defend legal rights, including for up to 10 years where applicable.
Purpose: Tax compliance and reporting requirements applicable to crypto-asset services.
Categories of data: first name, last name, residential address, email address, country or countries of tax residence, TIN/NIF, date and place of birth where necessary, tax residency declarations, information concerning controlling persons in the case of entity accounts, and relevant transaction data.
Legal obligations, where applicable; legitimate interests in tax compliance and reporting; and performance of the contract where the information is necessary to provide the service. Depending on the circumstances, applicable requirements may include DAC8, CARF or equivalent reporting frameworks, where applicable. For the duration of the relationship with the user and thereafter for the period required or justified by tax, reporting, audit or archiving requirements, or for the protection or defence of legal rights, including up to 10 years where applicable.
Purpose: Protecting and enforcing legal rights, conducting audits and internal controls, meeting reporting requirements and cooperating with authorities.
Categories of data: information relevant to audits, litigation, investigations, complaints, transactions, communications and supporting documents.
Legitimate interests. Legal obligations. Establishment, exercise or defence of legal claims. For as long as necessary for the relevant purpose and thereafter for any applicable statutory limitation, archiving, audit or reporting period.
Purpose: Security, fraud prevention and protection of the platform.
Categories of data: IP address, device data, sessions, logs, security events, risk indicators, transaction data, alerts and incident history.
Legitimate interests in maintaining the security and integrity of TOKERO Exchange services. Legal obligations relating to security, reporting or cooperation with authorities, where applicable. For as long as necessary for security, audits, incident investigations and the protection of legal rights, in accordance with internal policies and applicable retention periods.
Purpose: Customer support, complaints and correspondence.
Categories of data: name, email address, telephone number, account data, transaction data, the content of the request, documents provided voluntarily and communication history.
Performance of the contract. Legitimate interests in responding to requests and documenting interactions. Legal obligations, where applicable. For as long as necessary to resolve the request and thereafter for any applicable limitation, audit or legal claims period, generally three years or such other period as may be required by applicable law.
Purpose: Operational communications concerning accounts, security, assessments, transactions, changes to terms or policies, and incidents.
Categories of data: contact data, account data, transaction information and status updates, alerts and notifications.
Performance of the contract. Legal obligations. Legitimate interests in security, keeping users informed and ensuring service continuity. For the duration of the relationship with the user and thereafter for as long as necessary to document relevant communications.
Purpose: Analysis, measurement, development and improvement of services.
Categories of data: technical data, logs, aggregated or pseudonymised data, errors, statistics and interactions with platform features.
Legitimate interest in developing, securing and optimising the platform. Consent for analytics or tracking technologies where required. For as long as necessary for analysis and service improvement, taking into account applicable retention rules and user preferences.
Purpose: Marketing, news, campaigns, promotions and commercial communications.
Categories of data: first name, last name, email address, telephone number, communication preferences, consent records, interactions with communications and campaign participation.
Consent, where required, or legitimate interests in sending communications to existing users about similar services, to the extent permitted by applicable law. Users may unsubscribe from commercial communications or object to receiving them at any time. Until withdrawal of consent, unsubscription or objection, as applicable.
Purpose: Events, webinars, surveys, competitions and promotions.
Categories of data: first name, last name, email address, telephone number, account type, photographs and audio or video recordings, survey responses and participation information.
Consent, performance of the applicable campaign or event terms and conditions, or legitimate interests in organisation and communication. Legal obligations, where applicable. For the duration of the activity and thereafter for as long as necessary to document participation, award prizes, comply with tax obligations or defend legal rights.
Purpose: Operating the Customer Referral Reward Programme, under which users may be rewarded for referring new users to the platform and for their initial transactions.
Categories of data: first and last names of programme participants, referral link, transaction data and country. The referring user does not have access to the full names of newly referred users but may see in their account the number and country of users who used the referral link.
Performance of the agreement governing the programme, including its terms and conditions. For the duration of the programme and for as long thereafter as necessary to administer rewards, resolve disputes and meet applicable legal or accounting requirements. Data relating to referred users will subsequently be retained in accordance with the periods applicable to their user accounts and use of the services.
Purpose and categories of data Grounds for processing Retention period*

*Retention periods may vary depending on the category of data, the type of service, applicable legal or contractual requirements, associated risks, the existence of requests, investigations or disputes, and the need to protect the rights of TOKERO Exchange, users or third parties.

V. Platform Use and Cookies

When you visit TOKERO Exchange, we may use cookies, pixels, local identifiers and similar technologies to collect technical information automatically, such as your IP address, browser type, operating system, device type, pages visited, session duration, how the platform is accessed and interactions with certain platform features.

Cookies are used to ensure the proper functioning of the platform, improve the browsing experience, enable certain features and remember user actions or preferences over time. Cookies other than those strictly necessary will be used only where the user has consented to their use.

For more information about the categories of cookies used, their purposes, lifespan and available choices, please refer to the Cookie Policy available on the TOKERO Exchange platform.

VI. Data Recipients

To provide, secure and administer TOKERO Exchange services, HORIZON MOTION INC may disclose personal data to recipients or categories of recipients strictly to the extent necessary for the purposes described in this Policy.

Categories of recipients may include IT infrastructure, hosting and platform maintenance providers; software providers supporting contract management, financial operations and accounting; electronic communications and email providers, such as SendGrid (Twilio Inc.) or Sendinblue SAS; providers of KYC, identity verification, sanctions screening, AML, PEP screening and anti-fraud services; banks, payment processors and financial institutions; Crypto Spots and other partners involved in executing transactions; crypto-asset trading or exchange platforms, such as Payward Ltd, Binance or Ascendex; video communications platform providers, such as Zoom Video Communications; consultants, lawyers, auditors, accountants, insurers and other professionals subject to confidentiality obligations; affiliated entities or operational partners involved in providing the services; and public authorities, courts, law enforcement bodies, tax authorities or supervisory authorities where disclosure is required by law or supported by a valid request.

Recipients are given access only to the personal data necessary for the relevant purpose. TOKERO Exchange seeks to ensure that its partners maintain confidentiality, implement appropriate security measures and process personal data only for authorised purposes and in accordance with applicable contractual or legal obligations.

VII. International Transfers

TOKERO Exchange services may involve the processing of personal data across multiple jurisdictions. Personal data may therefore be accessed, stored or processed outside the country in which the user is located, including in Panama, the European Union, the European Economic Area or other countries where relevant technical infrastructure, providers, partners or entities involved in delivering the services are located.

International transfers may take place in connection with exchange and crypto-asset-related services, payment processing, identity and compliance assessments, operational communications, technical support, platform security, audits, reporting, or the fulfilment of applicable legal and contractual obligations.

TOKERO Exchange applies reasonable and appropriate measures to ensure that personal data transferred internationally is afforded an appropriate level of protection, taking into account the nature of the data, the purpose of the transfer, the destination country, the category of recipient and the risks associated with the processing.

These measures may include contractual arrangements with recipients, confidentiality obligations, security requirements, restrictions on access to personal data, transfer assessments and other safeguards available under applicable data protection laws.

Where applicable law requires specific safeguards for certain international transfers, TOKERO Exchange will use the appropriate mechanisms available under applicable law.

Additional information about international data transfers may be requested at [email protected].

VIII. User Rights

Depending on the law applicable in the user`s country or region, users may have certain rights in relation to their personal data, including the right of access, rectification, erasure, restriction of processing, data portability, objection, withdrawal of consent, the right not to be subject to a decision based solely on automated processing that produces legal effects or otherwise significantly affects them, and the right to lodge a complaint with a competent authority.

These rights are not absolute. In certain circumstances, TOKERO Exchange may refuse or limit a request where data must be retained by law or where retaining or using the personal data is necessary to perform the contract, prevent fraud, comply with KYC/AML or tax requirements, ensure security, conduct investigations or audits, establish, exercise or defend legal claims, or protect the rights of others.

To exercise your rights, you may contact us at [email protected]. To protect users and their accounts, TOKERO Exchange may request additional information to verify the requester`s identity before responding. Requests will be handled within the time limits required by applicable law.

IX. Minors

TOKERO Exchange services are available only to individuals who have reached the applicable minimum age.

TOKERO Exchange does not knowingly collect or process personal data relating to individuals who do not meet the applicable age requirements. If TOKERO Exchange becomes aware that an account has been created in breach of those requirements, it may restrict, suspend or close the account, subject to any applicable legal obligations to retain certain data.

X. Personal Data Security

TOKERO Exchange implements and periodically reviews appropriate technical and organisational measures designed to protect personal data against unauthorised access, misuse, disclosure, loss, alteration or destruction.

These measures may include access controls, encryption in transit using SSL/TLS protocols, secure password storage, logging, monitoring, backups, security testing and confidentiality obligations for authorised personnel.

Account security also depends on users taking appropriate precautions. We recommend using strong, unique passwords, keeping devices secure and never sharing passwords or other access credentials.

TOKERO Exchange will never ask for your password or other sensitive information by email, telephone or through other unsecured channels.

XI. Changes to This Privacy Policy

This Privacy Policy may be updated from time to time to reflect changes to TOKERO Exchange services, operational structure, applicable laws, compliance requirements, technologies or processing practices.

The version of this Privacy Policy published on the Platform and in force at the time the services are used will apply. Where changes are significant, TOKERO Exchange may provide additional notices by email, through the application, via the user account or through other appropriate channels.

XII. Contact

[email protected] | [email protected] | [email protected]