Privacy policy

Users’ personal data will be collected and processed in the context of the Venga Services offered through the Venga Website, the Venga Platform, and/or the Venga Apps for the following purposes:

1. (i). To execute, manage, and control Users’ contractual relationship in accordance with the Terms and Conditions of Use. The foregoing shall include, for illustrative purposes only: (a) the creation and management of a User account; (b) the provision and control of any  Venga Services, including the processing of Users’ orders; (c) the provision of assistance with regards to any questions, disputes, complaints or inquiries that Users may submit in connection with the Venga Website, the Venga Platform, the Venga Apps or the Venga Services; or (d) the sending of any necessary communications regarding services and transactions related matters. The legal basis of the processing is either the application of pre-contractual measures (when the query is raised before contracting any Services) or the performance of the terms and conditions of use and the corresponding contractual relationship binding upon the User.
2. (ii). To respond to law enforcement requests, court orders, or governmental regulations, as well as in order to fulfill any legal obligations to which we are subject, including but not limited to legal obligations (e.g. KYC obligations) deriving from the applicable tax and anti-money laundering and terrorism financing laws (“AML regulations”). Please note that, indeed, most of the digital asset trading services that we provide are subject to strict and specific laws, regulations, and obligations. The legal basis in this case is complying with the applicable legal obligations.
3. (iii). To provide Users with promotions, including offers and other incentives that we may deem appropriate as rewards for using the Venga Services. The legal basis is our legitimate interest in rewarding and enhancing customer loyalty.
4. (iv). To promote the security and integrity of the Venga Services and, in this regard, to ensure the prevention and detection of fraud and credit risks and thus the security of our Users and the business. For the abovementioned purposes we may also assess and manage credit risks. The legal basis of the processing is our legitimate interest in ensuring the security of the Venga Services, the Users and of the company.
5. (v). For the conduction of surveys regarding experiences using the Venga Website, the Venga Platform, the Venga Apps, and/or the Venga Services and in order to be able to develop, improve, and boost the Venga Services. The processing is necessary to satisfy the company’s legitimate interest in improving the Venga Services and the tools through which they are provided, as well as in enhancing User experience.
6. (vi). For any other business purpose stated when collecting Users’ personal data or as otherwise set forth in applicable laws.

Furthermore, and only with the consent of the User in each case, the User’s personal data would be processed for the following additional purposes:

1. (vii). In order to be able to recommend features and services that may be of Users’ interest, identifying their preferences and personalizing their experience within the Venga Services.
2. (viii). For the sending of advertising or commercial information, including by electronic means, about Venga digital asset trading and custody products and services that may be of interest to Users.
3. (ix). To manage Users’ participation in competitions and specific promotions.

3.1. For the abovementioned purposes, the following categories of personal information will be processed:

1. a. Identification and contact information: including, in particular, name, surname, ID or passport number and relevant documents, date of birth, postal address, e-mail, telephone number, gender, nationality, ID credentials, password, and profile picture and image.
2. Under Users’ express consent or under any applicable law, in certain instances, Users’ biometric data may also be processed (e.g. for identification purposes or as a chosen method of access to the Platform or the Apps).
3. In the event that a User is a company or legal entity, certain information would be also processed in order for us to determine the final beneficiary of the corresponding account or trust account (such as corporate documentation, which might include personal data, the identity documents of the directors and major shareholders of the company as well as of the authorized signatory for the company's account, or the company’s business address and email address - which could correspond to those of an individual -).
4. b. Financial and payment information, including card and bank account details, trading activity and information on transactions and, where applicable, source of funds, source of wealth, and information regarding trade sanctions lists.
5. c. Other personal information: any other personal information that might be needed or communicated as a consequence and/or for the provision of the Services, for instance, (a) personal data contained on User’s communications and request; (b) additional personal data (e.g. profession or professional sector, voice or additional identification data such as Social Security Number) that may be necessary for the formal identification of a User; or (c) information regarding Users’ communications with other users and the use they make of our Website, the Platform and the Apps, to the extent permitted by and in accordance with the legislation in force.
6. d. Communications. Communications with our Customer Service team. Surveys responses, and information contained in the survey.
7. e. Navigation information: Such as log data (e.g., access times, hardware, software information), usage information, browsing history, browser information, screen recording of service interaction and usage, location data (e.g., IP address, zip code), device identification, “cookie” information, page view statistics, the type of browser and/or device you’re using to access our Services, and the page or feature you requested. For more information on our use of cookies, please visit our Cookies Policy.

Users may update the information held by us through the settings available in their account, or by writing to [email protected]. It should be borne in mind that in order for us to be able to adequately provide the Venga Services, Users are responsible for keeping their information up to date, and accordingly, undertake to regularly check the information provided to ensure it is accurate.

As established in the Terms and Conditions of Use, we do not knowingly collect or solicit personal data from individuals under eighteen (18) years old; if you are a child under eighteen (18), please do not attempt to register for or otherwise use the Venga Services or send us any personal data. If we learn we have collected personal data from a child under eighteen (18), we will delete that information as quickly as possible. If you believe that a child under eighteen (18) may have provided us with personal data, please contact us at [email protected].

Users’ personal data will only be disclosed when so required by the applicable laws for defending our legitimate rights and interests and to business partners and service providers engaged in the provision of any ancillary services (e.g. providers of services such as data hosting or information technology and related infrastructure services). For the use of certain Services, and with the acceptance of the corresponding Terms and Conditions of Use, Users’ identification personal data that need to be processed in order to comply with the applicable AML regulations may be also communicated to other affiliates for the aforementioned purposes.

We may also share the User´s information with legal authorities (Courts, law enforcement authorities, regulators, attorneys, and other third parties) to comply with laws and legal obligations; to respond to law enforcement and regulatory requests; to comply with any forms of “travel rules” which require the transmission of User´s information to other financial institution, regulatory authorities or other industry partners; to investigate possible violation of our Terms and Conditions of use or other applicable Policy; to detect, prevent, investigate and report or to assist law enforcement in the investigation of suspected fraud or other illegal activity.

The abovementioned service providers, who might have access to personal data as a consequence of the provision of certain services, will be subject to the strictest duty of confidentiality through the relevant data processing agreements that will be executed. In the event that any of these service providers are located outside the European Economic Area and/or that, for any other reason, Users’ personal data needs to be internationally transferred, we undertake to perform the corresponding international data transfers only in accordance with the safeguards and requirements laid down in the applicable laws.

Likewise, Users’ personal data could be also communicated to third parties, for marketing purposes and/or for the provision of additional services and functionalities, whenever Users have granted their express consent to such communications.

Users’ personal data will be kept while they remain registered customers or users of the Venga Website, the Venga Platform, and/or the Venga Apps, and the personal data will be retained after the termination of the corresponding contractual relationship, duly blocked, for the time necessary to answer for any liabilities that may be derived from the relationship. For illustrative purposes only, personal data being processed in order to comply with anti-money laundering obligations should be kept after the termination of the contractual relationship for ten (10) years.

In some cases, personal data may be kept for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation.

We are concerned about the security and protection of personal data and are committed to complying with applicable data protection laws, and work hard to prevent any security breaches that may occur within the company.

In this regard, appropriate technical and organisational measures have been implemented which are necessary to maintain and guarantee the confidentiality, integrity, and security of personal data and to prevent these personal data from any loss, misuse, alteration, unauthorized access, taking into account the state of the art and the nature of the personal data to be protected. Likewise, we perform periodic controls over our systems, being audited regularly internally and by third parties in order to detect possible vulnerabilities and attacks, and we also maintain certifications and provide industry-standard contractual protections.

Users may, in the terms envisaged by the applicable laws, exercise their rights of access to personal data, rectification or deletion, opposition, restriction of the processing, portability, as well as to revoke the consent given at any time and without affecting the provision of the Venga Services, by sending a written communication to: [email protected]. When exercising any of the aforementioned rights, Users must duly identify themselves and expressly indicate which right is being exercised.

Additionally, Users are entitled to submit a complaint before the competent supervising authority in Spain, the Spanish Data Protection Agency (at www.aepd.es).

This Privacy Policy supersedes all previous Venga or Saptain applicable data protection policies to the extent they address the same issues and are not consistent with this Policy or impose less restrictive requirements.

We reserve the right to modify this Privacy Policy, as may be required from time to time as a consequence of the development of our business or the Venga Services or of any regulatory update. In the event that significant changes are implemented, we will duly notify users at their email addresses to offer all Users the option to review the changes and, if necessary, accept them before they take effect.