EEA/UK (GDPR) Privacy Notice

Last Updated: May 2024

1. APPLICABILITY OF THE GDPR PRIVACY NOTICE

This Privacy Notice (“Notice”) applies to Individuals that are located within the European Economic Area (EEA) and the United Kingdom (UK), and supplements the Website Privacy Notice, the Unhosted Wallet Privacy Policy, and pertains to your use of an unhosted Digital Asset software wallet, offered by Anchorage Innovations, LLC (collectively, “Provider,” “we,” “us,” or “our”). that allows users independently to store and control their own Digital Assets (the “Wallet”). We adopt this Notice to comply with the General Data Protection Regulation (“GDPR”). The GDPR defines Personal Data as any information relating to an identified or identifiable natural person (“Data Subject”).

2. LEGAL BASIS FOR PROCESSING PERSONAL DATA

If you are located in the EEA or the UK, we only process your Personal Data for specific reasons and when we have a valid legal basis for processing under applicable data protection laws.

The legal bases on which we rely on to process your Personal Data, as appropriate, are set out below:

Necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract;
Necessary for compliance with a legal obligation or regulatory obligation;

Necessary for us to realize a justified and legitimate interest considering your privacy and other fundamental rights and interests. This may include:
- running an effective operation of the Provider services and administering related services,
- operating our services,
- protecting the security of our systems, detecting or preventing fraud,
- marketing, market research, business development, and providing you with information regarding other Provider or Affiliate products and services,
- internal group administrative purposes;
With your consent.

Where applicable, wherever we rely on the consent legal basis, you may withdraw such consent at any time, without affecting the lawfulness of processing based on consent before such withdrawal.

3. PERSONAL DATA WE COLLECT

Personal Data is data relating to an identified or identifiable Individual. Sensitive Personal Data (or “Sensitive Personal Information”) is data that reveals a person's racial or ethnic origin, political opinions, religious or philosophical beliefs, membership in trade unions, genetic data, biometric data, and data concerning health, sex life or sexual orientation. We collect Personal and Sensitive Personal Data from you in several ways when you use our services as described below. For more information, please see our Unhosted Wallet Privacy Policy (available on our Privacy Center page).

Directly from Individuals: We collect information when Individuals use our website or mobile application or register with us and use our Wallet service. We will also collect information when Individuals subscribe to our marketing activities or respond to a survey. This information may include names, email addresses, phone numbers, and other demographic and contact information.

From Third Parties: We collect information from third parties ( e.g. from third parties who validate identity). Examples of these collection methods include referrals from other Provider users, integration of cryptocurrency service providers, and third-party sign-in credentials. (e.g., Google).

From Individuals Passively: We use third party tools to collect information from Individuals when visiting our website and mobile application. Using cookies and other tracking technologies, we may automatically collect:

unique device identification numbers
device type
operating system version
browser type and version
pages viewed
links clicked
IP address
date and time of visit
number of times you return to our website
geolocation data (GPS-based information)
motion tracking (e.g., number of steps taken, heart rate)
Wi-Fi connectivity

For information on how to manage your cookies preferences, please see our Website Privacy Notice (available on our Privacy Center page).

Security and Authentication: We collect certain information to protect our users’ information. This may involve collecting biometric data, such as voiceprints, video and photographic footage, geolocation data, and motion tracking information (see above). These are the only type of Sensitive Personal Data we collect, and we will not collect this information without obtaining your consent first.

Combining Information: We combine information received from third parties with information already stored. We will also combine information from an Individual’s profile with information submitted from surveys.

4. HOW WE USE YOUR PERSONAL DATA

We use the Personal Data we have about you for the purpose for which it was collected or provided to us (as stated at the point of collection). Your Personal Data will be used to: provide the Wallet service, communicate with you, market and improve our services, conduct surveys, comply with the GDPR and other applicable laws, protect our assets, perform other purposes with your consent, and create de-identified or aggregate information. For more information about how we use your Personal Data, please see our Unhosted Wallet Privacy Policy (available on our Privacy Center page).

5. PERSONAL DATA RETENTION & STORAGE

Provider only keeps or processes Personal Data for as long as necessary to carry out its business and legal purposes. Personal Data is deleted or anonymized when no longer required for the purposes for which it was collected. The specific periods for which we keep information about you vary depending on the nature of the information, why we need it, and whether the Personal Data is de-identified. We also consider the minimum necessary retention period prescribed by applicable laws, recommended by industry standards, and stated in contracts and other legal obligations. Additionally, you may request deletion of your Personal Data consistent with Section 7 “Individual Rights” below.

We may be legally required to retain your Personal Data to:

comply with legal obligations;
resolve disputes; and
enforce rights.

Storage: We may use data hosting service providers in the U.S., Portugal, and Singapore to store information we have about you, and we use reasonable technical measures to secure your information.

6. PERSONAL DATA SHARED WITH THIRD PARTIES

We share information we have about you with third parties, service providers, and Provider affiliates who assist us with administering our Wallet, advertising, and providing you with information regarding Provider or Affiliate products and services on Provider or third party platforms. We may, at times, partner with other companies to offer products or services jointly; we may share your Personal Data in order to facilitate that offering.

Any third parties that we share your Personal Data with are limited by law and by contract in their ability to use your Personal Data. Provider requires third party service providers acting on our behalf or with whom we share your information to provide appropriate security measures in accordance with industry standards and in compliance with this Policy, their privacy and security obligations, and any other appropriate confidentiality and security measures. However, we are not responsible for the privacy and data security practices of third parties outside of Personal Data we receive from or transfer to them. For additional information, please see our Unhosted Wallet Privacy Policy (available on our Privacy Center page)

7. INDIVIDUAL RIGHTS

Provider would like to make sure you are fully aware of all of your data protection rights. Every user in the EEA or UK is entitled to the following:

The right to access: You have the right to request copies of your Personal Data from Provider.

The right to be informed: You have a right to be informed about the collection and use of your Personal Data.

The right to rectification: You have the right to request that Provider corrects any information you believe is inaccurate. You also have the right to request that we complete any information you believe is incomplete.

The right to erasure: You have the right to request that Provider erases your Personal Data, under certain circumstances.

The right to restrict processing: You have the right to request that Provider restricts the processing of your Personal Data, under certain circumstances.

The right to object to processing: You have the right to object to Provider’s processing of your Personal Data, under certain circumstances.

The right to data portability: You have the right to request that Provider transfer its data on you to another organization, or directly to you, under certain conditions.

The right not to be subject to a decision based solely on automated processing: You have a right not to be subject to a decision when it is based on automated processing and it produces an adverse legal effect (or a similarly significant effect).

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email: privacy@anchorage.com.

8. COOKIES AND OTHER TRACKING TECHNOLOGIES

Cookies are small text files that are stored through the browser on your computer or mobile device. Cookies and other trackers serve a variety of functions; they help you navigate between website pages efficiently and may improve the user experience on a website. Cookies vary in duration (they can be “persistent” or “session-based”), and by whom they are served (“first party” cookies are directly from us; “third party” cookies are from other parties on our behalf).

Provider and our service providers use cookies and similar technologies on our website and mobile application to collect information about your browsing activities over time and across different website pages. At Provider, we use these tools to:

Administer our services
Analyze services usage and trends
Track how you were referred to our website
Improve the services functionality
Perform analytics and marketing integration
Deliver advertisements and other marketing offers

We will require you to opt in to each type of tracking device (categorized by their purpose) before they collect your Personal Data.

For further information please review Provider’s Cookie Notice (available at Section 4 of the Website Privacy Notice, on our Privacy Center page).

9. DATA TRANSFER

Provider is a company based in the United States (U.S.). We use data hosting service providers in the U.S. to host the information we collect from or about you. If we transfer your Personal Data outside of the EEA or the UK, we will do so in accordance with the GDPR using a valid cross-border transfer mechanism. To the extent required by applicable law, we will protect the cross-border transfer of your Personal Data through the use of applicable legal adequacy mechanisms. We generally use approved Standard Contractual Clauses to ensure the Personal Data is adequately protected when it is transferred outside the EEA or the UK to countries without an adequate level of data protection.

Please contact us via email at privacyl@anchorage.com if you would like more information about cross-border transfers or to obtain a copy of the Standard Contractual Clauses. We also transfer your Personal Data to third parties as described above in Section 6, “Personal Data Shared with Third Parties”.

10. PRIVACY POLICIES OF OTHER WEBSITES

The Provider website and mobile application contain links to other websites. Our privacy notice applies only to our website and mobile application, so if you click on a link to another website, you should review their privacy notice.

11. CHANGES TO THIS NOTICE

We may change or update this Notice in the future. When we do, we will post the revised version on our website. This notice was last updated and became effective on the date posted at the top of this page.

12. CONTACTING SUPERVISORY AUTHORITY

Should you wish to report a complaint or if you feel that Provider has not addressed your concerns to your satisfaction or you have other concerns regarding our processing of your Personal Data, you may contact our EU supervisory authority, the Comissão Nacional de Protecção de Dados (“CNPD”).

Email: geral@cnpd.pt

Address: CNPD - Comissão Nacional de Protecção de Dados Av. D. Carlos I, 134, 1º 1200-651 Lisboa

13. CONTACT US

If you have any questions about this policy or our privacy practices please contact us. You can write to us at privacy@anchorage.com.

Products and software are provided by Anchorage Innovations, LLC (“Anchorage Innovations”). Anchorage Innovations is not a custodian, is not registered with the SEC or any other government authority as a broker or dealer and is not authorized to engage in the business of the offer, sale or trading of securities. Anchorage Innovations does not provide legal, tax, or investment advice.

Holdings of cryptocurrencies and other crypto assets are speculative and involve a substantial degree of risk, including the risk of complete loss of monetary value. Anchorage Innovations does not own or control, and is not responsible for any blockchain protocols, and you are solely responsible for any transactions that you engage in with blockchain protocols, including but not limited to staking, governance, or any other on-chain activities.

*The Stablecoin Rewards Program (the "Program") is offered by Anchorage Digital Neo, Ltd. Stablecoins must be held with custody or wallet platforms offered by Anchorage Digital Bank National Association, Anchorage Digital Singapore Pte, Ltd., or Anchorage Innovations, LLC, in order to be eligible for rewards. This program is not offered by any of the aforementioned custody or wallet service providers. Please refer to the Stablecoin Rewards Program Terms & Conditions for all applicable terms and risks. By participating in the Program, participants acknowledge that they have read, understood, and agreed to be bound by this disclaimer and any other terms and conditions governing the Program. Information in this document is for general educational purposes only and eligibility limitations apply. This document is not intended to constitute an offer, solicitation, recommendation, investment, or any other advice on financial products. Availability is subject to jurisdictional limitations. The Program is not subject to regulatory oversight in the Cayman Islands or any other jurisdiction. Participants in the Program acknowledge and understand that the Program is not regulated by any governmental authority or regulatory body in the Cayman Islands or elsewhere. As such, there are no guarantees regarding the stability, security, or reliability of the Program. Participation in the Program carries inherent risks, including but not limited to the risk of loss of funds, lack of recourse in case of disputes, and potential volatility of a stablecoin's value. Participants are responsible for understanding and complying with all applicable laws, regulations, and requirements in their respective jurisdictions regarding the use, possession, and transfer of digital assets, including stablecoins. Nothing in the Program constitutes investment advice, financial advice, or any other form of professional advice. Participants should conduct their own research and seek appropriate professional advice before participating in the Program. Anchorage Digital Neo, Ltd. and its affiliates, officers, directors, employees, agents, and representatives shall not be liable for any losses, damages, liabilities, costs, or expenses arising out of or related to participation in the Program, regardless of the cause of action or legal theory asserted.