CS EN
← Back to homepage
IP wBTCb solutions, s.r.o.

Information on the processing of Client Personal Data

This information describes the basic principles according to which IP wBTCb solutions, s.r.o., Národní 973/41, 110 00 Prague 1, ID No. 03058417, registered at the Municipal Court in Prague, Section C 291104 (hereinafter referred to as "IP wBTCb solutions, s.r.o."), processes the personal data of natural persons who are Clients of IP wBTCb solutions, s.r.o. or authorized persons of Clients – legal entities (hereinafter also referred to as the "Client" or "data subject"), and further informs about the rights of data subjects in connection with the processing of their personal data within IP wBTCb solutions, s.r.o.

The processing of personal data is carried out in accordance with:

  • Regulation (EU) 2016/679 (GDPR),
  • Act No. 110/2019 Coll.,
  • Regulation (EU) 2023/1114 (MiCA) as regards data protection in the provision of crypto-asset services,
  • Regulation (EU) 2022/2554 (DORA) as regards cybersecurity, ICT risk management and incident notification.

This document will be regularly updated with regard to changes in legal regulations and adopted technical and organizational measures in the field of personal data protection and operational security.

1 Introduction

IP wBTCb solutions, s.r.o. is a personal data controller within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council ("GDPR") and Act No. 110/2019 Coll., on the processing of personal data. As the controller, it determines the purposes and means of processing personal data of natural persons who are Clients or authorized persons of Clients – legal entities (hereinafter referred to as the "Client" or "data subject").

IP wBTCb solutions, s.r.o. processes personal data in particular in connection with the provision of services in the field of financial markets and technology, including the possible provision of services related to crypto-assets within the meaning of Regulation (EU) 2023/1114 (MiCA). Personal data are also processed as part of communication with Clients, in the administration of client accounts, in the fulfilment of legal obligations and in ensuring operational security.

IP wBTCb solutions, s.r.o. has appointed a Data Protection Officer (hereinafter referred to as the "DPO") who supervises compliance with the relevant rules in the field of personal data protection. The DPO is available via email dpo@wbtcb.com.

2 What categories of data do we process

We process only such personal data that are necessary for the provision of our services, compliance with legal obligations and protection of the legitimate interests of IP wBTCb solutions, s.r.o. Personal data is processed in accordance with the GDPR, Act No. 110/2019 Coll., Regulation (EU) 2023/1114 (MiCA) and Regulation (EU) 2022/2554 (DORA).

IP wBTCb solutions, s.r.o. collects, processes and stores in particular the following categories of personal data of Clients:

  • Identification personal data – in particular name, surname, date of birth, personal identification number, address of residence, ID card number (passport, identity card), photograph from an identity card, state nationality, country of birth, image of the Client's signature; if the entrepreneur, also an ID number and address of the registered office;
  • Biometric data – data that are processed for the purpose of uniquely identifying a natural person, e.g. data derived from the recording of an identified person's image, in order to verify the correspondence of his/her appearance with the data obtained from photographs on provided copies of identity documents (e.g. as part of online onboarding processes); processing takes place only on the basis of a legal reason or explicit consent;
  • Contact personal data – in particular telephone number, email and data enabling electronic communication between IP wBTCb solutions, s.r.o. and the Client (e.g. login names, passwords, PIN and other security elements used for secure authentication of the Client);
  • Data on products and services provided to the Client – data of the entity related to the agenda being addressed, contract number, scope of products/services used, geolocation or transaction data, data on preferences, communication history, previous requests, including data related to trading in crypto-assets according to MiCA;
  • Data from mutual communication – information about contact via the website, e-mail, telephone or other channels, including data from the handling of complaints, requests and submissions of Clients in accordance with the recommendations EBA/GL/2019/02;
  • Records of communications – including recordings of telephone calls, electronic interactions, audit trails and system logs, maintained in accordance with DORA's transparency, security and operational resilience requirements;
  • Other data – e.g. CCTV footage from surveillance areas, login records to systems, data from security checks or internal investigations.

When concluding a contractual relationship, IP wBTCb solutions, s.r.o. is obliged to obtain the birth number of a natural person or a member of the statutory body of a legal entity, and to store it for the statutory period for the purpose of fulfilling legal obligations and proper provision of services.

Personal data may be made available:

  • Authorized employees of IP wBTCb solutions, s.r.o.,
  • state and supervisory authorities (e.g. CNB, FAÚ, ÚOOÚ, PČR),
  • other entities authorised by law,
  • External service providers (e.g. IT support, cloud services, audit, compliance, incident handling) who act as processors under data processing agreements.

The processing of personal data is always carried out with the provision of appropriate technical and organizational measures, including in the field of cyber security and business continuity according to the standards required by DORA.

3 Purpose of processing the personal data of the Clients

Clients' personal data must be collected only for specific, explicit and legitimate purposes and are not further processed in a manner that is incompatible with these purposes. Clients are transparently informed about the purpose of processing.

Processing of personal data without the Client's consent

The personal data of the Clients are processed without their consent in particular for the purpose of:

  • processing of Client Documentation in connection with negotiating, executing and settling transactions, including:
    • verification of the Client's identity;
    • preparation and modification of contractual documentation;
    • compliance with financial supervision and prudential obligations;
    • providing extracts and information to authorized persons.
    Without the provision of this data, it is not possible to conclude or continue the contractual relationship.
  • Making and storing a copy of the Clients' personal documents – for the purpose of identification in accordance with Act No. 253/2008 Coll., on Certain Measures Against Money Laundering and Terrorist Financing (AML/CFT). IP wBTCb solutions, s.r.o. is entitled to make and store photocopies of submitted documents (e.g. identity card, passport, extract from the register).
  • Enabling the use of IP wBTCb solutions, s.r.o. products and services, including data from contractual documentation and data on the use of the online environment (mobile application).
  • Fulfilment of legal obligations of IP wBTCb solutions, s.r.o. resulting from the legislation, in particular:
    • Act No. 253/2008 Coll. (AML);
    • Act No. 110/2019 Coll. (processing of personal data);
    • Regulation (EU) 2016/679 (GDPR);
    • Regulation (EU) 2023/1114 (MiCA) – e.g. identification of clients, monitoring of transactions and compliance with information obligations;
    • storing and archiving data in accordance with legal requirements.
  • Protection of rights and legitimate interests of IP wBTCb solutions, s.r.o.:
    • evaluating data for the purposes of optimizing services and preventing fraud;
    • resolving legal disputes and claims;
    • registering and resolving complaints and requests, including rights under the GDPR and EBA/GL/2019/02;
    • direct marketing of IP wBTCb solutions, s.r.o. products and services on the basis of a legitimate interest, with the possibility of raising an objection.

Processing of personal data when transferring crypto-assets (Travel Rule)

In accordance with legal obligations arising from Act No. 253/2008 Coll., on Certain Measures against Money Laundering and Terrorist Financing (AML Act), and Regulation (EU) 2023/1114 (MiCA), IP wBTCb solutions, s.r.o. is obliged to process, transmit and store certain information about the sender and recipient of the transaction when transferring crypto-assets. This information is referred to as the so-called Travel Rule data.

For this purpose, IP wBTCb solutions, s.r.o.:

  • processes personal data about the sender and/or receiver of a crypto-asset transaction (e.g. name, address, name of the beneficiary's service provider);
  • transmits this data to other crypto-asset service providers (e.g. exchanges or custody solutions) if the destination address is maintained with another licensed entity;
  • stores the transmitted and received data for at least 5 years for the purpose of compliance with legal obligations, internal control and audit.

The transfer of data takes place exclusively to the extent stipulated by legal regulations and only by secure technical means.

In the event that IP wBTCb solutions, s.r.o. receives a transfer of crypto-assets without mandatory information about the originator or recipient, such transfer may be delayed, rejected or reported as suspicious in accordance with the internal anti-money laundering policy.

Processing of personal data with the Client's consent

The processing of personal data that is not supported by the above legal grounds may only take place on the basis of the Client's consent. The provision of such consent is entirely at the discretion of the Client and may be revoked at any time.

Processing based on consent includes in particular:

  • Processing and storage of biometric data – for the purpose of uniquely identifying a natural person. These are data derived from the recording of the Client's likeness, in order to verify the Client's likeness with the data obtained from photographs on the provided copies of documents.
  • Marketing communication beyond the scope of the legitimate interest of IP wBTCb solutions, s.r.o. – e.g. sending individually targeted offers of products and services or other communications based on the Client's consent.

4 Method of processing and storage of personal data and the period of their storage at IP wBTCb solutions, s.r.o.

IP wBTCb solutions, s.r.o. stores personal data only for the necessary period of time in accordance with legal regulations and internal policies. The standard archiving period is 10 years from the end of the calendar year in which the contractual relationship with the Client was terminated, unless otherwise required by law or legitimate interest. IP wBTCb solutions, s.r.o. has strict internal archiving rules in place to ensure that it does not keep Clients' data longer than it is authorized to hold.

Data that are processed on the basis of the Client's consent are stored for the duration of the consent. For the avoidance of doubt, the consent itself and the change or withdrawal of consent are kept by IP wBTCb solutions, s.r.o. for the entire period of validity of the consent and for 10 years after it has ceased to exist.

IP wBTCb solutions, s.r.o. processes personal data both manually and by automated means, both in paper and electronic form. All personal data are kept in secure systems within the IP wBTCb solutions, s.r.o. Client Information System.

In accordance with Regulation (EU) 2022/2554 (DORA), IP wBTCb solutions, s.r.o. applies technical and organizational measures to ensure the continuity of processing, data security, system integrity and audit traceability. These measures include, in particular, multi-level access control, encryption, regular resilience testing and incident management.

IP wBTCb solutions, s.r.o. does not use automated decision-making within the meaning of Article 22 of the GDPR when processing personal data, nor does it carry out profiling that would have legal effects or similarly significantly affect the rights of the data subject. Nor are the personal aspects of subjects evaluated exclusively by automated means (e.g. economic situation, behaviour, preferences or location tracking).

5 Recipients of the Client's personal data

The Client's personal data are primarily processed within IP wBTCb solutions, s.r.o. The transfer of personal data to third parties takes place only on the basis of the Client's legal authorization or consent, in accordance with the applicable legal regulations.

IP wBTCb solutions, s.r.o. may transfer the Client's personal data to:

  • public authorities and regulatory authorities, if required by law (e.g. FAÚ, ÚOOÚ, courts, police);
  • service providers who act as processors of personal data on the basis of a processing agreement, in particular:
    • IT and cloud service providers,
    • providers of archiving and documentation services,
    • law firms and debt collectors,
    • providers of marketing, communication and analytical services,
    • auditors, tax advisors and consultants in the field of compliance and risk management.

The processing of personal data by processors always takes place on the basis of a contractual arrangement and under the conditions set out in the GDPR and other legal regulations. All processors are contractually bound by confidentiality and the obligation to take appropriate technical and organizational measures.

With the Client's consent, their personal data may also be transferred to other entities for specific purposes, e.g. for targeted marketing or identification through digital tools.

Personal data are processed exclusively in the territory of the Czech Republic. IP wBTCb solutions, s.r.o. does not transfer personal data to third countries outside the EU/EEA or to any international organization.

If the Client uses online identification of a person within the web interface for onboarding the Client (e.g. when entering into a contractual relationship), selected personal data may be processed by the following entities, exclusively with the Client's consent:

  • Banking Identity a.s., Company ID: 09513817, with its registered office at Smrčkova 2485/4, 180 00 Prague 8 – Libeň;
  • SUMSUB TECH LTD, company number HE 424752, registered office at Agiou Andreou 153, 3036, Limassol, Cyprus.

6 Sources of personal data

IP wBTCb solutions, s.r.o. obtains the personal data of Clients exclusively from trusted and authorized sources, in accordance with Articles 13 and 14 of Regulation (EU) 2016/679 (GDPR) and other relevant legal regulations.

Personal data is collected in particular:

  • from the Clients themselves – directly when concluding contracts for the provision of products and services, as part of the identification process or indirectly when using the services provided;
  • when making information available – e.g. when visiting websites, filling in contact forms via mobile applications;
  • from publicly available sources – e.g. public registers or public lists, including verification of AML/CFT requirements data;
  • from potential customers interested in IP wBTCb solutions, s.r.o. services – e.g. via inquiry forms, e-mail or telephone communication;
  • from IP wBTCb solutions, s.r.o. – including data derived from the use of services, records of communications, access logs and security logs.

In the event that the Client uses electronic identification tools (e.g. bank identity), the data is obtained through these providers exclusively with the Client's consent and to the extent necessary to carry out identification in accordance with applicable legislation (including AML and MiCA).

7 Rights of Clients as Personal Data Subjects

When processing the Client's personal data, IP wBTCb solutions, s.r.o. respects and ensures all rights of subjects in accordance with Regulation (EU) 2016/679 (GDPR) and other relevant legal regulations.

In connection with the processing of personal data, the Clients, as data subjects, have the following rights:

  • Right of access to personal data – The Client may request confirmation as to whether their personal data is being processed, and if so, they have the right to access such data and other information pursuant to Article 15 of the GDPR. In the event of repeated, manifestly unfounded or disproportionate requests, IP wBTCb solutions, s.r.o. reserves the right to demand a reasonable fee or to refuse the request.
  • Right to data portability – The Client may receive their personal data in a structured, commonly used and machine-readable format and transmit them to another controller, provided that the processing is based on consent or a contract and is carried out automatically.
  • Right to rectification – The Client has the right to rectify inaccurate data or complete data concerning him/her.
  • The right to erasure ('right to be forgotten') – in particular if:
    • the data is no longer necessary for the purposes for which it was collected;
    • the Client withdraws consent and there is no other legal reason for the processing;
    • the Client successfully objected to the processing;
    • the processing is unlawful or the erasure is required by law.
  • Right to restriction of processing – e.g. if the Client denies the accuracy of the data or the processing is unlawful and requests the restriction of their use instead of erasure.
  • Right to object – to the processing of personal data on the basis of the legitimate interest of IP wBTCb solutions, s.r.o., including processing for direct marketing purposes.
  • The right to withdraw consent at any time if the processing is based on consent. The withdrawal of consent shall not affect the lawfulness of the processing based on the consent given before its withdrawal. Consent can be withdrawn via e-mail or in writing to the contact address below.
  • The right to lodge a complaint against the processing of personal data with a supervisory authority, which is:
    Office for Personal Data Protection, Pplk. Sochora 27, postal code 170 00, Prague 7, www.uoou.cz.

In connection with the exercise of their rights or in the event of any questions or information regarding the processing of personal data, Clients may contact IP wBTCb solutions, s.r.o.: