Privacy Policy

This Privacy Policy is effective as of March 30, 2024.

1. INTRODUCTION

Skyrexio OÜ (“Skyrexio OÜ”, “Skyrex”, “our”, “we” or “us” as applicable) provides tools that allow managing cryptocurrency holdings, including application program interface(s) (“Software”). Your privacy is important to us and therefore, it is our policy to respect your privacy and take appropriate measures to protect your personal data.

This privacy Policy (“Policy”) explains how we process, including how we use, store and disclose your personal data when: (i) you visit or otherwise interact with our website at https://skyrex.io (“Website”), our desktop application at https://app.skyrex.io and / or our mobile application(s) (available via Apple App Store or Google Play Store) (jointly “App”); (ii) you access or interact with our Skyrexio OÜ application programming interface (“Skyrexio OÜ API”); (iii) you (or the legal entity you represent) wish to register or have registered a user account, including agreeing to our Terms of Use, and using the Software; (iv) you subscribe to our newsletter and/or receive other direct marketing; (v) communicate with us through our Website, App or other communication channels (e.g., by email or our official social media accounts); or (vi) take any other actions on our Website, App, or Skyrexio OÜ API, which entails us receiving and processing your personal data. The data we process may differ based on your interactions with us, so if anything here only applies to one specific use case, we’ll point this out to you.

We process your personal data as described in this Policy and in accordance with applicable legislation, including the European Union’s General Data Protection Regulation (2016/679) (“GDPR”) and other relevant laws and regulations, as applicable towards the controller stated in Section 2 of this Policy.

In case you disclose any personal data regarding any third person(s) (e.g., your employee, management board member, co-worker, etc.) to us, you are obligated to refer them to this Policy.

We do not knowingly allow children (under the age of 18) to sign up for a Skyrexio OÜ account, and therefore, do not knowingly process children’s personal data. Should we discover that an individual below the age of 18 has registered for a Skyrexio OÜ account, we will take appropriate measures to promptly remove their personal data from our database. If you believe an underage person has signed up for a user account or is in any way using the Software, please reach out to us at info@skyrex.io.

2. CONTROLLER

For the personal data processing purposes set out in Section 4 of this Policy, the controller of your personal data is Skyrexio OÜ, registry code 16747563, address Harju maakond, Lääne-Harju vald, Ämari alevik, Lennu tn 24-47, 76102, with email address info@skyrex.io.

In case of personal data protection related inquiries, including questions or comments about this Policy or if you wish to exercise your data subject’s rights, please contact us by writing to info@skyrex.io.

3. CATEGORIES AND SOURCES OF PERSONAL DATA

Personal data is any information that can be used to directly or indirectly uniquely identify you as a private individual. Anonymous data is not personal data, as it cannot be linked back to you. We may obtain and process the following categories of your personal data:

4. PURPOSES OF PROCESSING AND LEGAL BASES

We process your personal data lawfully and in a transparent manner, including only where we have a legal basis for doing so. The legal basis for processing your personal data depends on the objective and context in which we collect personal data. The following depicts a descriptive list of processing purposes that are linked to the specific data categories and legal bases for processing:

We may process your personal data for other purposes, provided that we disclose the purposes and use to you at the relevant time, and that you either consent to the proposed use of the personal data, other legal grounds exist for the new processing purposes, or the new purpose is compatible with the original purpose brought out above.

5. RECIPIENTS OF PERSONAL DATA AND DATA TRANSFERS

We may disclose your personal data to separate controllers, who process your personal data for their own purposes, and processors, who process your personal data on our behalf to help us to provide the Website, App and Software. These data recipients belong to the following categories:

The personal data that we collect from you is primarily processed within the European Economic Area (“EEA”), but we may transfer your data to and store it in countries outside of the EEA, which do not offer an equivalent level of protection. In such cases we use safeguards (e.g., standard contractual clauses approved by the European Commission) to ensure that a level of protection of personal data comparable to that applicable in the EEA is applied to your personal data. Upon your request to the contact details specified in Section 2 of the Policy, we can make available further information, including a copy of the safeguards applied.

6. SECURITY OF YOUR PERSONAL DATA

We take reasonable technical and organisational security measures designed to protect your personal data against accidental or unlawful destruction, loss or alteration, unauthorised disclosure, abuse or other processing in violation of applicable law. These measures vary based on the sensitivity of the personal data we process and the current state of technology.

However, please be advised that no security measure can be 100% effective, and we cannot guarantee the security of your data, including against unauthorised acts, access, hacking or data breaches by third parties.

We also encourage you to take measures to ensure the safety of your personal data, including protecting your account. In particular, we strongly recommend you to enable two-factor authentication for your account and keep your password, API key and API secret confidential and stored in a secure location. In addition, we advise you to make sure of your device security and avoid using public unencrypted internet connection spots.

7. PERSONAL DATA RETENTION PERIODS

We retain your personal data for the duration necessary to fulfil the objectives outlined in Section 4 of this Policy or for as long as we have a legal obligation to do so. In deciding the appropriate retention period for personal data, we consider the quantity, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the processing purposes and whether we can achieve these purposes through other means, and applicable statutory obligations. Whilst retaining your personal data, we take into account the viable need to resolve disputes and enforce the contract between us, or anonymise your personal data and retain this anonymised information indefinitely. The specific retention periods are the following:

Following the retention period or if we no longer need the personal data for the purposes specified in Section 4 of the Policy, we shall destroy the respective personal data within a reasonable time, unless the retention of personal data is required to perform duties or requirements arising from the applicable law or to protect against ongoing or threatened disputes, in which case we retain the personal data as long as the dispute is solved.

After the expiry of the retention period determined above or the termination of the legal basis for processing purpose, we may retain the materials containing the personal data in our backup systems, from which the respective materials will be deleted after the end of the backup cycle. We ensure that during the backup period appropriate safeguards are applied and the backed-up materials are put beyond use. Access to these backups is strictly limited to essential personnel on a need-to-know basis.

8. AUTOMATED DECISION MAKING

We incorporate Artificial Intelligence technologies such as the Generative Pre-training Transformer technology (“GPT”) into our services, including but not limited to, our FAQ Chatbot. While we do not actively process your personal data within these services, any personal data you input may be subject to automated decision making. This activity will not result in any legal consequences for you. We prioritise the protection of your personal data and take all necessary precautions to ensure its security. Should you believe that your personal data has been processed in this regard, you may reach out to us for further actions regarding your data protection rights at info@skyrex.io. For more detailed information about this use case, please also contact us at the aforementioned email address.

9. YOUR RIGHTS AS A DATA SUBJECT

You may, at any time, exercise the following rights with respect to our processing of your personal data:

Right to access: you have the right to request access, including receive a copy, of your personal data. This includes the right to be informed on whether we process your personal data, what personal data categories are being processed by us, and the purpose of the data processing.

Right to rectification: you have the right to request that we correct any of your personal data if you believe that we are processing incorrect, inaccurate or incomplete personal data.

Right to object: you are entitled to object to certain processing of your personal data, for example when we process your personal data based on our legitimate interest or for direct marketing purposes;

Right to restriction: you have the right to request that we restrict the processing of your personal data, for example if you wish to dispute the accuracy of certain personal data we are processing or if we no longer need the personal data for the purposes of the processing, but you require the personal data to establish, exercise or defend legal claims;

Right to erasure: you have the right to request that we erase your personal data for example if the personal data is no longer necessary for the purposes for which it was collected or if you consider that the processing is unlawful.

- You can initiate the deletion procedure of your Software’s Client Account in the App’s settings. Please note that an extended authentication procedure may be required before we proceed with the account deletion.

Right to data portability: you have the right to receive your personal data in a structured, commonly used and machine-readable format if the processing is carried out by automated means and is based on your consent or a mutual contractual relationship. Moreover, you may request that the personal data is transmitted to another controller. Bear in mind that the latter can only be done if that is technically feasible.

Right to withdraw your consent: in cases where the processing is based on your consent, you have the right to withdraw your consent to such processing at any time.

- To stop receiving our direct marketing messages, either reach out to us directly or click the ‘unsubscribe’ link provided in the message. Using this link will remove you from future messages of that type. For preferences regarding all categories of direct marketing, visit the Account Settings page. Please note however that essential service emails like password resets, billing information, or updates to our terms, will continue unless you deactivate your account.

Right not to be subject to a decision based solely on automated processing, including profiling: Our use of automated decision-making is limited, and should not result in any legal impact to you. You may read more about our use of automated decision-making in Section 8.

Complaints: If you wish to make a complaint, please contact us. We will promptly investigate your complaint and respond to you. If you are not satisfied with our response to your request in relation to personal data processing or believe we are processing your personal data not in accordance with the applicable law, you can submit your claim to the data protection authority, e.g., in Estonia to the Estonian Data Protection Inspectorate (in Estonian: Andmekaitse Inspektsioon) at info@aki.ee or).

To exercise the data subject’s rights please contact us as specified in Section 2 of this Policy. Please note that you should supply us with adequate information for us to respond to your requests concerning your rights. Prior to answering your request, we may ask you to provide additional information for the purposes of authenticating you and evaluating your request (e.g., if you seek to exercise the rights on behalf of someone else as a legal representative).

We will respond to your request promptly and in any case within one month from the date we receive it. If necessary, due to the complexity and number of the requests, this period may be extended by up to two additional months. We will inform you of any such extension within one month of receiving your request, along with the reasons for the delay.

10. OTHER JURISDICTIONS

You may also have certain additional rights regarding the information we hold about you under other data protection and privacy laws. Please contact us at info@skyrex.io about your specific situation for more information.

11. LINKS TO OTHER WEBSITES, APPS OR SERVICES

Our Website and App may link to external sites that are not operated by us, or offer access to apps and services not under our operation or control. Therefore, this Policy applies solely to the personal data we may collect or receive from these third-party sources but does not apply to data processing conducted by such third parties. Please be aware that we neither endorse nor have any control over the content and policies of those sites, apps or services, and thus cannot accept responsibility or liability for their respective practices. To find out more about how such third parties process your personal data, please refer to the respective privacy policies on the other websites you visit, or apps and services you use.

12. CHANGES TO THIS POLICY

We regularly review and revise this Policy as necessary to reflect the changes in the way we process personal data, and in such cases, we publish any updates directly on this page.

Please check back periodically, and especially before you provide any new personal data. In case of material changes, we will send a direct notification to the email address you’ve registered with us.