Data and privacy policy

1. Objective

This policy outlines how Eurasia Digital Asset Exchange (“EDX”) collects, processes, stores, and protects your personal data. By using EDX’s services, users consent to the collection and processing of their data in accordance with this policy and applicable data protection regulations.

Users must provide required personal data to access and use the platform. Optional data submitted by users will be handled at their discretion under the same privacy standards.

2. Definitions

• Personal Data: Any data that identifies or can identify an individual.

• Sensitive Data: Includes biometric, financial, genetic, and criminal record information.

• Processing: Any operation performed on data including collection, storage, use, and deletion.

• User: An individual who registers and uses EDX services.

• Data Controller: [Insert internal role/title responsible for determining the purposes of data use]

• Third-Party Service Providers: External vendors or partners engaged to support platform operations (e.g., KYC, cloud hosting).

3. Data Collection and Usage

3.1 Required Information

• Full legal name

• Date of birth

• Government-issued identification

• Contact information (email and active phone number)

• Address and nationality

3.2 KYC/AML Verification

To comply with legal and anti-money laundering requirements, EDX collects identity documentation and verifies users through regulated third-party KYC providers.
[Specify providers and their jurisdictions if known]

Users confirm the accuracy and legitimacy of all submitted data. EDX is not liable for unauthorized disclosure caused by third parties unless it results from EDX’s gross negligence.

3.3 Technical and Behavioral Data

• IP address and browser information

• Device and session metadata

• Login and transaction history

• User behavior for fraud monitoring and analytics

 4. Data Storage and Protection

4.1 Storage Location

User data is securely stored on encrypted servers through two locations:

• Cloud-hosted infrastructure: Powered by Amazon Web Services (AWS), with servers located in Singapore.

• On-premises infrastructure: Hosted at the EDX Data Centre, located at No. 51, 5th Floor, Corner of Street 93 and Street 128, Phum 3, Phsar Thmei 2, Daun Penh, Phnom Penh.

4.2 Security Measures

EDX employs:

• SSL encryption and PCI-compliant infrastructure

• Firewall and threat detection

• Access restrictions and user authentication (e.g., 2FA)

• Secure session timeout management

• Daily encrypted data backups

4.3 Incident Response

In the event of a breach, EDX will notify affected users and regulatory authorities within required timeframes and take corrective action.

5. Retention period

Data is retained as long as necessary to fulfill operational, legal, and regulatory obligations.

6. User rights

Users may:

• Request access to personal data

• Correct or update inaccurate information

• Request deletion of personal data (subject to legal constraints)

• Object to or restrict specific processing activities

• Request data transfer (portability)

All requests should be sent to: [email protected]
Responses will be issued within the timeframe specified in our Complaint Handling Schedule, depending on the nature and urgency of the issue.

7. Use of email and communication

EDX may contact users to:

• Confirm transactions or account activity

• Provide service updates or security alerts

• Share promotional content (only if opted in)

Users can unsubscribe from marketing emails via the provided link.

8. Cookies

EDX uses cookies to enhance site functionality, analyze platform performance, and improve user experience. For more details, refer to our Cookie Policy.

9. Children’s data

EDX does not knowingly collect data from individuals under the age of 18. Users must confirm their age as part of the onboarding process.

10. Changes to the Policy

EDX may amend this policy from time to time. Significant changes will be communicated to users via email or platform notifications at least 7 days in advance.

11. Contact

For any privacy-related inquiries, requests, or complaints, contact: [email protected]