1. Consent to Personal Data Processing
1.1. By creating an order on the website https://grumbot.net
, the User provides informed and voluntary consent to the collection, processing, storage, and use of their personal data.
1.2. Personal data is processed in accordance with applicable laws and the internal regulations of the Service.
1.3. The data provided by the User is used solely for:
— providing exchange services;
— ensuring transaction security;
— performing AML/KYC/SoF procedures;
— preventing fraudulent activities;
— handling user inquiries and support requests.
2. Categories of Processed Data
2.1. The Service may process the following categories of personal data:
— Full name (if required);
— Contact details: email address, phone number;
— Payment data: bank account details, cryptocurrency wallet addresses;
— Transaction data: TXID, transaction history;
— Technical data: IP address, user-agent, cookies, timestamps, and user activity on the website;
— KYC/SoF data: identity documents, photographs, proof of source of funds, transaction confirmations, and other supporting materials.
2.2. The Service does not collect excessive data and limits processing to what is necessary for fulfilling its obligations.
3. Legal Grounds and Purposes of Processing
3.1. Personal data is processed on the following legal grounds:
— the User’s consent;
— the necessity to perform the user agreement;
— the legitimate interests of the Service in ensuring security and preventing fraud.
3.2. Personal data is processed for the following purposes:
— processing orders and performing exchange operations;
— identification and verification of the User (KYC);
— AML/KYC/SoF checks and transaction analysis;
— prevention of fraud, illegal activities, and financial risks;
— handling user requests, complaints, and disputes;
— compliance with legal and regulatory requirements.
4. Transfer of Personal Data to Third Parties
4.1. The Service may transfer personal data to third parties only to the extent necessary for achieving the purposes of processing, including:
— AML analytics providers (limited to wallet addresses, TXID, and technical verification parameters);
— payment providers and financial partners, if required for processing or investigating a transaction;
— authorized government authorities, where required by law.
4.2. The Service does not sell or transfer personal data to third parties for commercial purposes.
5. Data Storage and Access
5.1. Personal data is stored for as long as necessary to fulfill the Service’s obligations, resolve disputes, and comply with applicable legal requirements.
5.2. Access to personal data is granted only to authorized personnel who require such access to perform their duties.
5.3. Access is provided based on the principle of minimum necessity (need-to-know basis).
6. Personal Data Security
6.1. The Service implements appropriate technical and organizational measures to protect personal data.
6.2. Data transmission is carried out through secure communication channels (HTTPS/TLS).
6.3. Security measures inсlude:
— restricted access to data;
— logging and monitoring of systеm activities;
— protection against unauthorized access, loss, alteration, or disclosure of data;
— regular updates and improvements of security systems.
7. User Rights
7.1. The User has the right to:
— obtain information about their personal data and its processing;
— request correction, updating, or clarification of their data;
— request deletion of data where retention is no longer necessary and does not conflict with legal obligations;
— withdraw consent to data processing within the limits permitted by law.
7.2. Withdrawal of consent may result in the inability to use certain functions of the Service or to complete an order.
8. Policy Changes
8.1. The Service reserves the right to amend this Policy at any time.
8.2. The current version of the Policy is always available on https://grumbot.net .
8.3. Continued use of the website after updates are published constitutes acceptance of the revised Policy.
