Privacy Policy

Users' personal data will be collected and processed within the context of the Venga Services offered through the Venga Website, the Venga Platform, and/or the Venga Applications for the following purposes:

1. To execute, manage, and monitor the contractual relationship of the Users in accordance with the General Terms and Conditions of Service. This includes: (a) the creation and management of a User account; (b) the provision and monitoring of any Venga Service; (c) assistance regarding any questions, disputes, complaints, or queries that Users may submit in relation to the Venga Website, the Venga Platform, the Venga Application, or the Venga Services; or (d) the sending of any necessary communications regarding service and operational matters. The legal basis for processing is the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract (Art. 6.1.b of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016).

2. To comply with our legal obligations: Responding to requests from competent authorities, law enforcement agencies, court orders, or government regulations, as well as complying with any legal obligation to which we are subject, including, but not limited to, obligations arising from tax laws and anti-money laundering and terrorist financing regulations. Please note that, in fact, most of the crypto-asset related services we offer are subject to strict and specific laws, regulations, and obligations. Regarding the data protection associated with these services, the legal basis is compliance with a legal obligation applicable to the Controller (Art. 6.1.c of the GDPR).

3. In order to comply with Anti-Money Laundering regulations, Venga uses an external specialized provider that will capture your image and video. In the case of the processing of biometric data, the legal basis is explicit consent, in accordance with Article 9.2(a) of the GDPR. Express consent is required prior to initiating the process for the capture, recording, and processing of biometric data and the video session. Furthermore, and in accordance with Article 9(2)(g) of the GDPR, such processing of biometric data is also based on grounds of substantial public interest for the prevention of fraud and compliance with the formal identification obligations under anti-money laundering regulations.

4. To offer Users promotions, including offers and other incentives we deem appropriate as a reward for using Venga Services. The legal basis is our legitimate interest in rewarding and retaining our customers.

5. For purposes of security and integrity of the Venga Services and, in this regard, to ensure the prevention and detection of fraud and credit risks, and consequently, the security of our Users and the company. For the aforementioned purposes, we may also assess and manage credit risks. The legal basis for the processing is our legitimate interest in ensuring the security of the Venga Services, the Users, and the company.

6. To conduct surveys on the user experience of the website, platform, apps, and/or Venga services, and to develop, improve, and optimize Venga services. The processing is necessary for the purposes of the legitimate interests pursued by the company in improving Venga services and the tools through which they are provided, as well as optimizing the user experience.

7. In the event that data processing is required for any other commercial purpose distinct from those indicated, prior to collecting Users' personal data, their express consent will be required, in compliance with applicable laws.

8. Furthermore, and only with the User's consent in each case, the User's personal data will be processed for the following additional purposes: In order to be able to recommend features and services that may be of interest to Users, identifying their preferences and personalizing their experience within Venga Services.

9. To send advertising or commercial information, including by electronic means, regarding Venga's digital asset buying, selling, and custody products and services that may be of interest to Users.

10. To manage the participation of Users in specific contests and promotions.

For the aforementioned purposes, the following categories of personal data will be processed:

1. Identification and contact data: Name, surname, DNI, NIE, or passport number and relevant documents, date of birth, postal address, email address, telephone number, gender, nationality, access credentials, Tax Identification Number (NIF), password, and profile picture/image.
2. Audio and video data: Full, sequential, and uninterrupted recording of the real-time video-identification session.
3. Biometric data: Facial patterns and characteristics extracted from the photograph (selfie) and the live recording for comparison with the document photograph and to execute liveness detection checks during the identification process.
4. The Venga application may allow you to use the biometric identification features of your mobile device (such as facial recognition or fingerprint reading) as a convenient and secure method to access your account. We inform you that this processing is carried out on your own terminal through the native APIs of your operating system (for example, Face ID, Touch ID, or equivalent Android systems). Venga does not collect, store, access, or process on its servers any biometric data or template of your face or fingerprint.
5. In the event that a User is a company or legal entity, certain information will also be processed so that we can determine the ultimate beneficial owner (UBO) of the corresponding account or fiduciary account (such as corporate documentation, which may include personal data, the identity documents of the directors and majority shareholders of the company, as well as the authorized signatory for the company account, or the business address and email address of the company - which may correspond to those of a natural person -).
6. Financial and payment information, including credit card and bank account details, trading activity, and transaction information and, where applicable, source of funds, source of wealth, and information on commercial sanctions lists.
7. Personal information that may be necessary or communicated as a consequence of and/or for the provision of the Services, for example, (a) personal data contained in communications and requests from the User; (b) additional personal data (for example, profession or professional sector, voice, or additional identification data) that may be necessary for the formal identification of a User; or (c) information regarding Users' communications with other users and their use of our Website, Platform, and Applications, to the extent permitted and in accordance with current legislation.
8. Communications: Communications with, among others, our Customer Service, Product, and Marketing teams. Responses to surveys and information collected therein, whether in writing or orally.
9. Navigation information: Such as log data (e.g., access times, hardware and software information), usage information, browsing history, browser information, location data (e.g., IP address, zip code), device identification, cookie information, page view statistics, the type of browser or device you use to access our Services, and the page or feature requested. For more information on the use of cookies, please visit our Cookie Policy.

Users can update the information we hold through their account settings or by contacting our support team here. Please note that, in order for us to properly provide Venga Services, users are responsible for keeping their information up to date and, therefore, undertake to review it periodically to ensure its accuracy.

As established in the General Terms and Conditions of Service, we do not knowingly collect or solicit personal data from minors under eighteen (18) years of age. If you are under eighteen (18) years of age, please do not attempt to register for or use Venga Services or send us any personal data. If we discover that we have collected personal data from a minor under eighteen (18) years of age, we will delete that information as soon as possible. If you believe that a minor under eighteen (18) years of age has provided us with personal data, please contact us here.

Users’ personal data will only be disclosed where required by applicable law to defend our rights and legitimate interests, as well as to service providers offering ancillary services (for example, providers of data hosting or information technology services and related infrastructure services), subject to prior acceptance of the relevant General Terms and Conditions of Service.

We may also share User information with legal authorities (courts, law enforcement agencies, regulators, lawyers and other third parties) to comply with laws and legal obligations, including to comply with anti-money laundering and counter-terrorist financing regulations; to respond to law enforcement and regulatory requests; to comply with any form of the so-called “Travel Rule” (Funds Transfer Regulation) requiring the transmission of information regarding the User, the payer and the payee of transactions to other crypto-asset service providers, financial institutions, regulatory authorities or other industry partners; to investigate potential breaches of our General Terms and Conditions of Service or other applicable policies; to detect, prevent, investigate and report, or to assist law enforcement authorities in investigating suspected fraud or other illegal activity.

The aforementioned service providers, who may have access to personal data as a consequence of providing certain services, will be subject to the strictest duty of confidentiality through the corresponding data processing agreements to be executed. In the event that any of these service providers are located outside the European Economic Area or that, for any other reason, it is necessary to internationally transfer Users' personal data, we undertake to carry out the corresponding international data transfers only in accordance with the guarantees and requirements established by applicable law.

Likewise, Users' personal data may also be communicated to third parties for marketing purposes and/or for the provision of additional services and features, provided that Users have granted their express consent to such communications.

Users' personal data will be kept for as long as they remain clients or registered users of the Website, Platform, and/or Venga Applications, and will be kept, duly blocked, after the termination of the corresponding contractual relationship for the time necessary to answer for any liability derived from said relationship. By way of illustration only, personal data processed to comply with anti-money laundering obligations must be kept for ten (10) years after the termination of the contractual relationship.

In some cases, personal data may be kept longer if doing so is necessary to comply with our legal obligations, resolve disputes, or collect fees owed, or if otherwise permitted or required by applicable law, rule, or regulation.

We care about the security and protection of personal data and are committed to complying with applicable data protection laws, and we work hard to prevent any security breaches that may occur within the company.

In this regard, the necessary technical and organizational measures have been implemented to maintain and guarantee the confidentiality, integrity, and security of personal data, as well as to prevent its loss, misuse, alteration, or unauthorized access, taking into account the state of technology and the nature of the personal data to be protected. Likewise, we perform periodic reviews of our systems, which are regularly audited, both internally and by third parties, to detect potential vulnerabilities and attacks. In addition, we maintain audited cybersecurity systems and offer industry-standard contractual protections.

Users may, under the terms provided by applicable legislation, exercise their rights of access to their personal data, rectification or erasure, objection, restriction of processing, portability, as well as revoke the consent granted at any time and without affecting the provision of Venga Services, by sending a written communication to: [email protected]. When exercising any of the aforementioned rights, users must duly identify themselves and expressly indicate the right they are exercising.

Additionally, Users have the right to lodge a complaint with the competent supervisory authority in Spain, the Spanish Data Protection Agency (Agencia Española de Protección de Datos at www.aepd.es).

This Privacy Policy replaces all previous applicable data protection policies of Venga to the extent that they address the same matters and are inconsistent with this Policy or impose less restrictive requirements.

We reserve the right to modify this Privacy Policy to adapt it to new legislation, regulatory requirements, or as a consequence of the evolution of our Venga Services. In the event that significant changes are implemented, we will duly notify Users at their email addresses and/or through the Platform so that they can review the changes and, if necessary, accept them before they come into effect.

If the new conditions require your consent according to applicable regulations, we will request it expressly and unequivocally before applying the new processing. In case of disagreement with the modifications, you will have the right to exercise your rights of erasure and to close your account.