Privacy Policy
Your privacy matters to us. This policy explains how we collect, use, and protect your personal information in accordance with Nordic values of transparency and trust.
Last Updated: January 2025
Effective Date: January 2025
Privacy at a Glance
Data Protection
End-to-end encryption and secure storage of all personal data
Transparency
Clear disclosure of what data we collect and how we use it
Your Rights
Full control over your personal data with easy access and deletion
1. Information We Collect
Personal Information
When you create an account or use our services, we may collect:
- Full name and contact information (email address, phone number)
- Government-issued identification for KYC/AML compliance
- Financial information necessary for transaction processing
- Address and residency verification documents
- Employment and income information for regulatory compliance
Usage Information
We automatically collect information about how you use our platform:
- Login times, IP addresses, and device information
- Trading activity and transaction history
- Platform usage patterns and preferences
- Browser type, operating system, and referring websites
- Cookies and similar tracking technologies
Communication Data
When you contact us, we may collect:
- Support ticket content and correspondence
- Recorded phone calls for quality assurance
- Chat logs and email communications
- Feedback and survey responses
2. How We Use Your Information
Service Provision
- Create and maintain your NotDAX account
- Process cryptocurrency transactions and trades
- Provide customer support and respond to inquiries
- Send important account and security notifications
- Maintain platform security and prevent fraud
Legal Compliance
- Comply with KYC (Know Your Customer) regulations
- Meet AML (Anti-Money Laundering) requirements
- Report suspicious activities to relevant authorities
- Respond to legal requests and court orders
- Maintain records as required by financial regulations
Platform Improvement
- Analyze usage patterns to improve our services
- Develop new features and functionality
- Conduct security audits and risk assessments
- Optimize platform performance and user experience
Marketing Communications (Optional)
Only with your explicit consent, we may use your information to:
- Send newsletters and product updates
- Inform you about new features and services
- Share educational content about digital assets
- Invite you to webinars and community events
You can opt out of marketing communications at any time through your account settings or by contacting us.
3. Information Sharing and Disclosure
When We Share Information
We may share your information only in the following limited circumstances:
Service Providers
We work with trusted third-party service providers who help us operate our platform, such as cloud hosting, payment processing, and security services. These providers are contractually bound to protect your information.
Legal Requirements
We may disclose information when required by law, such as in response to court orders, regulatory requests, or to comply with financial crime prevention obligations.
Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity, subject to the same privacy protections.
Security and Fraud Prevention
We may share information to prevent fraud, protect our platform's security, or respond to emergencies that threaten user safety.
4. Data Security
We implement industry-leading security measures to protect your personal information:
Technical Safeguards
- End-to-end encryption for all data transmission
- AES-256 encryption for data at rest
- Multi-factor authentication requirements
- Regular security audits and penetration testing
- Secure, ISO 27001 certified data centers
Operational Safeguards
- Limited access to personal data on a need-to-know basis
- Employee background checks and security training
- Incident response procedures and breach notifications
- Regular backup and disaster recovery testing
- 24/7 security monitoring and threat detection
5. Your Privacy Rights
Under GDPR and Swedish data protection laws, you have the following rights regarding your personal information:
Access
Request a copy of the personal information we hold about you
Rectification
Request correction of inaccurate or incomplete information
Erasure
Request deletion of your personal information (subject to legal requirements)
Portability
Request transfer of your data in a machine-readable format
Restriction
Request limitation of how we process your information
Objection
Object to certain types of processing, including marketing
Withdraw Consent
Withdraw consent for processing where consent is the legal basis
Complaint
Lodge a complaint with the Swedish Data Protection Authority
How to Exercise Your Rights
To exercise any of these rights, please contact us at:
Email: privacy@setoelkahfi.se
Subject Line: "Privacy Rights Request"
Response Time: We will respond within 30 days
6. Data Retention
We retain your personal information only as long as necessary for the purposes outlined in this policy:
Account Information
Retained for the duration of your account plus 7 years after closure for regulatory compliance
Transaction Records
Retained for 10 years as required by financial regulations and tax authorities
Communication Records
Support tickets and correspondence retained for 3 years for quality assurance
Marketing Data
Retained until you withdraw consent or unsubscribe from communications
7. International Data Transfers
As a Swedish company, we primarily process your data within the European Economic Area (EEA). However, some of our service providers may be located outside the EEA.
When we transfer your data outside the EEA, we ensure adequate protection through:
- European Commission adequacy decisions for certain countries
- Standard Contractual Clauses (SCCs) with service providers
- Binding Corporate Rules for multinational organizations
- Certification schemes and codes of conduct
You can request more information about the safeguards we use for international transfers by contacting our privacy team.
8. Cookies and Tracking Technologies
We use cookies and similar technologies to enhance your experience and improve our services:
Essential Cookies
Required for basic platform functionality:
- Session management and authentication
- Security and fraud prevention
- Load balancing and performance
Optional Cookies
With your consent, we may use:
- Analytics cookies to understand usage patterns
- Preference cookies to remember your settings
- Marketing cookies for relevant communications
Cookie Control
You can control cookies through your browser settings or our cookie preference center. Note that disabling essential cookies may affect platform functionality.
9. Children's Privacy
NotDAX is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18.
If you believe we have inadvertently collected information from a child under 18, please contact us immediately at privacy@setoelkahfi.se and we will take steps to delete such information.
10. Updates to This Policy
We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
When we make material changes, we will:
- Update the "Last Updated" date at the top of this policy
- Notify you via email or platform notification
- Provide a summary of key changes
- Request new consent where required by law
We encourage you to review this policy periodically to stay informed about how we protect your privacy.
Questions About This Policy?
If you have questions about this privacy policy or our data practices, we're here to help.
Data Protection Officer
Email: privacy@setoelkahfi.se
Postal Address
NotDAX AB
Attn: Privacy Office
Stockholm, Sweden
Supervisory Authority
Swedish Authority for Privacy Protection (IMY)
www.imy.se