Effective Date: 28 June 2025

This Privacy Policy describes how HashNode Finance s.r.o., company ID: 21875413, with its registered office at Chudenická 1059/30, Hostivař, 102 00 Praha, Czech Republic ("HashNode Finance", "we", "us", or "our"), collects, uses, stores, protects, and discloses your personal data when you visit our website, interact with us, or use our services, including those related to cryptocurrency and blockchain technologies.

We are committed to protecting your privacy and complying with our obligations under the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable Czech privacy laws, including the Act No. 110/2019 Coll., on the Processing of Personal Data.

 

  1. Who We Are

HashNode Finance s.r.o. is a Czech-based technology company operating in the field of blockchain, cryptocurrency services, and decentralized finance (DeFi). We offer secure and compliant digital financial solutions, including wallet integrations, crypto investment platforms, and tokenized services for clients across the European Union and internationally.

As a data controller, we determine the purposes and means of processing your personal data. Our data protection practices are designed to ensure transparency, accountability, and your fundamental rights under the GDPR.

If you have questions, concerns, or requests related to your personal data, you can contact us:

Email: privacy@hashnode.finance
Address: HashNode Finance s.r.o., Chudenická 1059/30, Hostivař, 102 00 Praha, Czech Republic

 

  1. What Data We Collect

We collect different categories of personal data depending on how you interact with us, including:

  1. a) Personal Identification Information
  • Full name
  • Date of birth
  • Nationality
  • Residential address
  • Government-issued identification documents (passport, ID card)
  • Photographic or biometric identification (for KYC/AML)
  1. b) Contact Information
  • Email address
  • Mobile phone number
  • Billing and mailing address
  • Emergency contact details (if applicable)
  1. c) Financial and Transactional Data
  • Cryptocurrency wallet addresses
  • Fiat bank account details
  • Transaction history, including trading, deposits, and withdrawals
  • Payment method details (e.g., credit card metadata, not full numbers)
  1. d) Technical and Usage Data
  • IP address
  • Browser type and version
  • Device information (OS, hardware model)
  • Pages visited, session duration, and interaction patterns
  • Referral sources (how you arrived at our website)
  1. e) Cookies and Similar Technologies
  • Session cookies
  • Preference cookies
  • Tracking cookies for analytics and advertising (subject to consent)
  1. f) Marketing and Communication Preferences
  • Consent status for newsletters and promotional messages
  • Your interaction with our emails (e.g., open rate, click-through)

 

  1. Legal Basis for Processing

We only process your personal data when we have a clear and valid legal basis as outlined in Article 6 and, where applicable, Articles 9 and 10 of the General Data Protection Regulation (EU) 2016/679 ("GDPR"). Depending on the nature of your interaction with us, one or more of the following legal bases may apply:

 

  1. a) Contractual Necessity (Article 6(1)(b) GDPR)

We process your personal data when it is necessary to enter into or perform a contract to which you are a party. This includes:

  • Creating and administering your user account on our platform
  • Verifying your identity through our KYC (Know Your Customer) process
  • Facilitating transactions involving cryptocurrency, fiat currency, or tokenized assets
  • Processing deposits, withdrawals, and wallet linkages
  • Providing technical support and account management services
  • Enabling you to use our blockchain-based or DeFi services
  • Responding to your service-related inquiries

Without this data, we would be unable to fulfill our contractual obligations and provide services you request.

 

  1. b) Compliance with Legal Obligations (Article 6(1)(c) GDPR)

We are legally required to process certain types of personal data to comply with Czech, EU, and international laws and regulatory frameworks, including but not limited to:

  • Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) laws, such as the EU’s 5th and 6th AML Directives and Czech AML regulations (e.g., Act No. 253/2008 Coll.)
  • Know Your Customer (KYC) and customer due diligence requirements
  • Tax compliance and reporting obligations, such as under DAC6 or CRS
  • Sanctions screening and politically exposed persons (PEP) monitoring
  • Record-keeping obligations, such as transaction history and identification logs
  • Responding to binding requests from law enforcement or regulators

These obligations apply not only during the onboarding process but throughout the lifecycle of your account, especially when conducting high-value or suspicious transactions.

  1. c) Legitimate Interests (Article 6(1)(f) GDPR)

We may process your personal data where it is necessary to pursue our legitimate interests or those of a third party, provided these interests are not overridden by your fundamental rights and freedoms. Our legitimate interests include:

  • Ensuring security and integrity of our platform, systems, and users
  • Detecting, investigating, and preventing fraudulent or malicious activities
  • Maintaining service quality and developing new features and enhancements
  • Analyzing usage trends and customer behavior to optimize performance
  • Sending important account-related communications, such as service alerts or policy updates
  • Internal audits and business continuity planning

When we rely on this legal basis, we always balance our interests with your privacy rights, and you have the right to object to such processing (see Section 9: Your Rights).

 

  1. d) Consent (Article 6(1)(a) GDPR)

In certain cases, we will ask for your freely given, specific, informed, and unambiguous consent before processing your personal data. This applies to:

  • Sending marketing emails or promotional offers
  • Using non-essential cookies and trackers (e.g., for behavioral advertising)
  • Participating in surveys, user feedback programs, or beta testing

You may withdraw your consent at any time, and doing so will not affect the lawfulness of processing based on consent before its withdrawal. Consent can be withdrawn by adjusting your settings or contacting us directly at privacy@hashnode.finance.

 

  1. e) Vital Interests (Article 6(1)(d) GDPR)

Although rare in practice, we may process your data to protect your or another person’s vital interests, such as in emergency situations where your health, safety, or security is at risk (e.g., to prevent financial loss, identity theft, or physical harm due to a data breach or cyberattack).

 

  1. f) Public Interest or Official Authority (Article 6(1)(e) GDPR)

If we are legally authorized to process data in the public interest (e.g., for the detection or prevention of financial crime or safeguarding the financial system), we will do so in accordance with applicable Czech and EU law. While this is uncommon for private sector crypto firms, we may cooperate with regulatory authorities where such processing is justified.

 

  1. g) Processing of Special Categories of Data (Article 9 GDPR)

We do not generally collect special categories of personal data (e.g., health data, biometric data beyond ID verification, or data revealing religious or political views). However, in the context of KYC/AML, we may process limited biometric or document data (e.g., selfie verification or ID scans) to fulfill legal requirements. Where necessary, we will obtain your explicit consent or rely on substantial public interest or legal obligation grounds permitted by GDPR and national law.

 

  1. h) Processing of Criminal Convictions Data (Article 10 GDPR)

If required by AML/CTF obligations or to protect against fraud, we may process limited information relating to criminal convictions or offenses, strictly in line with Article 10 GDPR and only when authorized by Czech or EU law and subject to appropriate safeguards.

 

  1. b) Legal Obligation

To comply with applicable laws, such as:

  • AML (Anti-Money Laundering) directives
  • KYC (Know Your Customer) regulations
  • Tax reporting obligations under Czech and EU legislation
  1. c) Legitimate Interest

To pursue our legitimate business interests, such as:

  • Enhancing cybersecurity and fraud prevention
  • Improving platform functionality and user experience
  • Conducting internal analytics and reporting
  1. d) Consent

Where required, we obtain your explicit consent to process personal data:

  • For sending marketing communications
  • For the use of optional cookies or trackers

You may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

 

  1. How We Use Your Data

Your personal data may be used for the following purposes:

  1. a) To Provide Services
  • Account registration and user authentication
  • Executing crypto or fiat transactions
  • Wallet linking and smart contract execution
  • Technical support and troubleshooting
  1. b) Compliance and Risk Management
  • Identity verification and sanctions screening
  • Fraud detection and prevention
  • Legal audits and law enforcement cooperation
  1. c) Service Improvement
  • Collecting feedback and user behavior data
  • Testing new features and services
  • Aggregated statistical analysis
  1. d) Marketing and Communication
  • Sending newsletters, product updates, and promotions
  • Personalized content and advertising
  • Market research and user surveys

We do not sell, rent, or trade your personal data to third parties for commercial purposes.

 

  1. How We Share Your Data

Your personal data may be shared only when necessary, and only with trusted recipients:

  1. a) Third-Party Processors
  • Cloud service providers (e.g., Amazon Web Services)
  • Payment and cryptocurrency transaction processors
  • KYC/AML verification platforms (e.g., Sumsub, Onfido)
  • Email marketing platforms (e.g., Mailchimp)

All processors are bound by data processing agreements and adhere to strict confidentiality and security obligations.

  1. b) Legal and Regulatory Authorities
  • Czech Financial Analytical Office (FAÚ)
  • European and Czech financial regulatory bodies
  • Law enforcement and judiciary, upon valid request
  1. c) Professional Advisors
  • Legal, accounting, and compliance consultants, where necessary for legitimate interests or legal requirements

 

  1. International Data Transfers

Some of our service providers may be located outside the European Economic Area (EEA). When we transfer data internationally, we ensure:

  • Transfers are made only to countries with an adequacy decision by the European Commission
    or
  • We use Standard Contractual Clauses (SCCs) approved by the Commission
  • Additional technical and organizational safeguards are implemented where appropriate

You may request a copy of such safeguards by contacting us.

 

  1. Data Security

We take appropriate measures to ensure that your personal data is protected from loss, misuse, unauthorized access, disclosure, alteration, or destruction. These include:

  • End-to-end encryption of sensitive data (AES-256, SSL/TLS)
  • Secure access protocols and role-based access control
  • Biometric and multi-factor authentication
  • Regular system audits and penetration testing
  • Data pseudonymization and minimization practices
  • Continuous staff training and compliance reviews

Despite our best efforts, no method of data transmission or storage is completely secure. You also play a role in securing your account by using strong passwords and safeguarding your credentials.

 

  1. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy, including:

  • For service delivery: As long as your account is active
  • For legal compliance: Typically 5–10 years under AML/finance laws
  • For marketing (if consented): Until you unsubscribe or withdraw consent
  • For dispute resolution: As long as needed to defend legal claims

Upon expiration of these retention periods, we securely delete or anonymize your data.

 

  1. Your Data Protection Rights

Under the GDPR, you have the following rights:

  1. a) Right of Access

To obtain confirmation and a copy of the personal data we hold about you.

  1. b) Right to Rectification

To request correction of inaccurate or incomplete data.

  1. c) Right to Erasure

To request deletion of your data, also known as the "right to be forgotten", where legally applicable.

  1. d) Right to Restriction

To request temporary restriction of processing in certain circumstances.

  1. e) Right to Data Portability

To receive your data in a structured, commonly used, and machine-readable format and transfer it to another provider.

  1. f) Right to Object

To object to processing based on legitimate interests or direct marketing.

  1. g) Right to Withdraw Consent

Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at privacy@hashnode-finance. You also have the right to file a complaint with the Czech Office for Personal Data Protection (ÚOOÚ) at www.uoou.cz.

 

  1. Cookies and Tracking Technologies

We use cookies and other tracking technologies to personalize content, analyze traffic, and improve user experience.

Types of Cookies We Use:

  • Essential cookies: Required for core functionality
  • Analytics cookies: Help us understand user behavior (e.g., Google Analytics)
  • Functionality cookies: Remember your preferences
  • Marketing cookies: Tailor ads and promotions (used only with your consent)

Upon your first visit to our site, we present a cookie banner where you can set or withdraw your preferences.

For more detailed information, please see our [Cookie Policy] (link to be inserted).

 

  1. Automated Decision-Making and Profiling

We may use automated tools to assess risks (e.g., fraud scoring) and to personalize services. These do not produce legal or similarly significant effects without human review.

You have the right to request human intervention and to contest any automated decision affecting you.

 

  1. Third-Party Links

Our website may contain links to third-party websites or platforms. We are not responsible for the privacy practices or content of those websites. We recommend reviewing the privacy policies of any external sites you visit.

 

  1. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. Any material changes will be notified via:

  • A prominent notice on our website
  • An email (if you’ve registered an account with us)

The updated policy will include a new effective date. Your continued use of our website or services constitutes acceptance of the updated policy.

 

Contact Us

HashNode Finance s.r.o.
Chudenická 1059/30
Hostivař, 102 00 Praha
Czech Republic
Company ID: 21875413
📧 privacy@hashnode-finance