Privacy policy.

Last updated: 10/12/2025

This Privacy Policy explains how Cryptorium s.r.o. (“Cryptorium”, “we”, “our”, or “us”), with registered office at Betliarska 22, 851 07 Bratislava – mestská časť Petržalka, Slovakia, registration number 56 684 258, collects and processes personal data in connection with:

• your access to or interaction with our website (https://www.cryptorium.org) (“Website”), and

• our legally required anti-money-laundering (AML) due-diligence activities involving counterparties on third-party P2P platforms.

This policy complies with the EU General Data Protection Regulation (GDPR).

If you have any questions about this Privacy Policy or your personal data, you may contact us at:

contact@cryptorium.org

1. Definitions

1.1 Personal Data

“Personal Data” means any information that identifies or can identify a natural person.

1.2 Controller

Cryptorium s.r.o. is the Controller of personal data processed through the Website and through AML/KYC due-diligence performed on counterparties to trades on third-party platforms.

1.3 Counterparty

A person or entity engaging in a specific transaction with Cryptorium on an external P2P platform. Counterparties are not customers, and Cryptorium does not provide services to them.

1.4 KYC (Know-Your-Counterparty)

Information that Cryptorium may be legally required to request from a counterparty solely for AML/CFT compliance.

1.5 Data Processors

External vendors who process certain data on our behalf (see Section 7).

2. Information We Collect

Cryptorium operates only as a proprietary trader and does not onboard users or collect customer data through the Website.

We collect only the following categories of data:

2.1 Information Provided Voluntarily via the Website

If you choose to contact us (email, contact form, Telegram), we may collect:

• name,

• email address,

• telephone number,

• contents of your message.

Cryptorium does not request identity documents, financial information, or sensitive personal data from Website visitors.

2.2 AML/KYC Information from Counterparties on P2P Platforms

Cryptorium is legally required to comply with Slovak and EU AML/CFT laws.

During a P2P transaction, Cryptorium may collect:

• full name,

• date of birth,

• address,

• identity document details,

• proof of address,

• information on the purpose of the transaction,

• source-of-funds/source-of-wealth documentation,

• any other information required by law.

This information is requested only during a specific transaction and does not create a customer relationship.

We do not collect sensitive personal data (racial or ethnic origin, political opinions, etc.).

2.3 Cookies (Website Only)

We use cookies to:

• maintain basic Website functionality,

• analyze traffic,

• ensure security.

Users may disable cookies through their browser.

We do not use cookies to track users across websites or for advertising.

2.4 Log Files (Website Only)

We automatically collect minimal technical logs, including:

• IP address,

• browser type,

• operating system,

• referring/exit pages,

• time stamps.

Logs are used exclusively for Website security and performance.

3. How We Use Your Information

Cryptorium uses collected personal data only for the following lawful purposes:

3.1 AML/CFT Compliance (Counterparties Only)

To meet obligations under Slovak Act No. 297/2008 Coll. and EU AML regulations, including:

• verifying identity,

• assessing transaction purpose,

• confirming origin of funds,

• screening against sanctions lists,

• filing suspicious-activity reports when required.

3.2 Communication

We use contact information you voluntarily provide to respond to inquiries.

3.3 Website Operation and Security

We use cookies and logs to ensure:

• Website functionality,

• cybersecurity monitoring,

• prevention of abuse or attacks.

4. Sharing Your Information

Cryptorium may share personal data only under the following conditions:

4.1 AML Compliance

With:

• law-enforcement authorities,

• the Slovak Financial Intelligence Unit (Finančná jednotka P PZ),

• regulators,

• courts,

when we are legally obliged to do so.

4.2 Service Providers (Data Processors)

These may include:

• cloud hosting providers,

• IT and security service providers,

• identity verification services (used only for AML counterparty checks).

All processors operate under GDPR-compliant contracts.

4.3 Corporate Restructuring

In case of a merger, acquisition, or corporate reorganization, data may be transferred to a successor entity under strict confidentiality and GDPR safeguards.

5. Security Measures

We apply appropriate technical and organisational measures, including:

• TLS encryption (1.3 or higher),

• secure storage of AML data,

• restricted employee access,

• monitoring for unauthorized access,

• encryption and hashed storage where applicable.

However, no system is 100% secure, and users should exercise caution when sharing information.

If you suspect unauthorized access, notify us at: contact@cryptorium.org.

6. Data Retention

Cryptorium retains data only for lawful purposes:

6.1 AML/KYC Counterparty Data

Retained for the duration required by law: 5 years from the completion of the relevant transaction (or longer where legally required).

6.2 Website Logs and Cookies

Retained for up to 1 year, unless needed for security investigations.

6.3 Email Communications

Retained for as long as necessary to respond to your inquiry, then deleted or archived according to our retention schedule.

7. International Data Transfers

If personal data is transferred outside the European Economic Area (EEA), we ensure compliance through:

• EU adequacy decisions,

• Standard Contractual Clauses, or

• other lawful GDPR mechanisms.

8. Your Rights Under GDPR

You have the right to:

• access your personal data;

• request correction or deletion;

• request restriction of processing;

• object to processing;

• request data portability;

• withdraw consent (where processing is based on consent);

• lodge a complaint with your local Data Protection Authority.

To exercise these rights, contact: contact@cryptorium.org

Note: AML laws may restrict our ability to delete certain data during the statutory retention period.

9. Automated Decision-Making

Cryptorium does not use automated decision-making that produces legal or significant effects on individuals.

All AML decisions include human oversight.

10. Children’s Privacy

This Website is not intended for minors under the age of 13.

If you believe we have collected data from a minor, notify us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time.

The latest version will always be posted on the Website.

12. Contact Information

Cryptorium s.r.o.

Betliarska 22, 851 07 Bratislava – mestská časť Petržalka, Slovakia

Email: contact@cryptorium.org