Privacy Policy

1. Introduction

Hyphe Markets GmbH ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal and financial information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website hyphe.it.com, use our financial services, or interact with us through any other means.

As a financial services provider operating in Germany, we are subject to strict data protection regulations, including the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and financial sector-specific regulations including the Payment Services Directive (PSD2) and Anti-Money Laundering (AML) directives.

This policy applies to all information collected through our website, mobile applications, financial products and services, customer support channels, and any other related services we offer. By using our services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

2. Information We Collect

2.1 Information You Provide Directly

When you use our financial services, we collect information that you voluntarily provide to us, including:

• Personal identification information: full legal name, date of birth, nationality, government-issued identification numbers (passport, ID card, tax identification number)
• Contact information: email address, phone number, residential address, mailing address
• Account credentials: username, password (stored in encrypted format), security questions and answers
• Financial information: bank account details, credit card information (encrypted and PCI DSS compliant), income and employment details, investment objectives and risk tolerance
• KYC (Know Your Customer) documentation: copies of identification documents, proof of address, source of funds documentation
• Communication records: customer service inquiries, feedback, complaints, and reviews
• Marketing preferences: newsletter subscriptions, communication preferences, and consent records

2.2 Automatically Collected Information

When you access our website or use our services, we automatically collect certain technical and usage information:

• Device information: IP address, browser type and version, operating system, device identifiers, screen resolution
• Usage data: pages visited, time spent on each page, click patterns, navigation paths, features used
• Transaction data: transaction history, trading patterns, investment activities, payment records
• Cookie data: session identifiers, user preferences, authentication tokens, analytics data
• Location data: approximate geographic location derived from IP address, timezone information

2.3 Information from Third Parties

We may receive information about you from third-party sources, including:

• Credit reference agencies: credit scores, credit history, financial behavior indicators
• Identity verification services: document verification results, biometric verification data
• Payment processors: transaction confirmations, payment status, fraud indicators
• Social media platforms: if you connect your social accounts, we may receive profile information you've authorized
• Regulatory databases: sanctions lists, politically exposed persons (PEP) databases for AML compliance

3. How We Use Your Information

3.1 Service Provision

We use your information to provide, maintain, and improve our financial services:

• Processing transactions: executing trades, processing payments, managing transfers
• Account management: creating and maintaining your account, authentication, password recovery
• Customer support: responding to inquiries, resolving issues, providing technical assistance
• Investment services: portfolio management, investment recommendations, performance reporting
• Service optimization: analyzing usage patterns to improve user experience and platform functionality

3.2 Communication

We communicate with you for various purposes related to your account and our services:

• Transaction notifications: confirmations, alerts, and updates about your financial activities
• Account alerts: security notifications, suspicious activity warnings, important account changes
• Service updates: policy changes, terms updates, new features announcements
• Regulatory communications: required disclosures, tax documents, compliance notices
• Marketing communications: promotional offers, newsletters, market insights (only with your explicit consent)

3.3 Marketing and Analytics

With your consent, we may use your information for marketing and analytical purposes:

• Personalized content: tailoring our services and communications to your interests and financial goals
• Traffic analysis: understanding how users interact with our platform to improve design and functionality
• Campaign measurement: evaluating the effectiveness of our marketing efforts
• Market research: developing new products and services based on customer needs and trends

3.4 Legal Compliance and Security

We process your information to comply with legal obligations and protect our business:

• KYC compliance: verifying your identity as required by financial regulations
• AML monitoring: detecting and preventing money laundering and terrorist financing
• Fraud prevention: identifying and preventing fraudulent transactions and account access
• Tax reporting: providing required information to tax authorities as mandated by law
• Legal proceedings: responding to court orders, subpoenas, and regulatory inquiries
• Dispute resolution: resolving complaints and handling legal claims

4. Information Sharing and Disclosure

4.1 Service Providers

We share information with trusted third-party service providers who assist in operating our business:

• Payment processors: for secure transaction processing (PCI DSS compliant)
• Banking partners: for fund transfers, account services, and custody services
• Cloud service providers: for secure data storage and backup (AWS, Google Cloud with EU data centers)
• Identity verification services: for KYC compliance and document verification
• Communication platforms: for email delivery, SMS notifications, and customer support
• Analytics providers: for website analytics and performance monitoring

4.2 Legal Requirements

We may disclose your information when required by law or in response to valid legal requests:

• Court orders and subpoenas: responding to legally binding requests from courts and legal authorities
• Regulatory compliance: providing information to financial regulators (BaFin, ECB) as required
• Tax authorities: sharing required information for tax reporting purposes
• Law enforcement: cooperating with investigations into financial crimes, fraud, or other illegal activities
• Protection of rights: defending against legal claims or protecting our rights, property, and safety

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of the business assets. In such cases:

• We will notify you before your information is transferred and becomes subject to a different privacy policy
• The new entity will be required to honor the commitments made in this Privacy Policy
• You will have the opportunity to delete your account before the transfer if you prefer

4.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so. You can withdraw this consent at any time by contacting us.

5. Data Security

5.1 Technical Security Measures

We implement industry-leading technical security measures to protect your financial and personal data:

• Encryption: All data transmitted between your device and our servers is encrypted using TLS 1.3. Sensitive data at rest is encrypted using AES-256 encryption
• PCI DSS Compliance: Our payment processing systems meet the Payment Card Industry Data Security Standard requirements
• Firewall systems: Advanced firewall protection and intrusion detection systems monitor all network traffic
• Access controls: Role-based access control ensures only authorized personnel can access sensitive data on a need-to-know basis
• 24/7 Monitoring: Continuous security monitoring and threat detection systems operate around the clock
• Regular backups: Automated encrypted backups with geographically distributed storage
• Multi-factor authentication: Required for account access and sensitive operations

5.2 Organizational Security Measures

We maintain comprehensive organizational security practices:

• Employee training: Regular mandatory security awareness training for all staff members
• Background checks: Comprehensive background verification for employees with data access
• Data handling procedures: Documented procedures for handling, storing, and disposing of personal data
• Confidentiality agreements: All employees and contractors sign binding confidentiality agreements
• Incident response plan: Comprehensive plan for responding to security incidents and data breaches
• Regular audits: Annual third-party security audits and penetration testing

5.3 Your Security Responsibilities

You also play an important role in protecting your information:

• Use strong, unique passwords and change them regularly
• Never share your account credentials with anyone
• Enable multi-factor authentication on your account
• Log out of your account when using shared or public computers
• Be vigilant about phishing attempts and suspicious communications
• Report any unauthorized access or suspicious activity immediately

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website. The following table explains the types of cookies we use:

Tracking Technologies We Use

• Google Analytics: For website traffic analysis and user behavior insights
• Facebook Pixel: For advertising measurement and optimization (with your consent)
• Web beacons: Small graphics in emails to track open rates and engagement
• Local storage: Browser-based storage for session data and preferences

Managing Your Cookie Preferences

You can manage your cookie preferences through our cookie consent banner or by adjusting your browser settings. Please note that disabling certain cookies may affect the functionality of our website and services. For detailed instructions on managing cookies in different browsers, please visit the help section of your browser.

7. Your Rights (GDPR/CCPA Compliance)

Under the General Data Protection Regulation (GDPR) and other applicable privacy laws, you have the following rights regarding your personal data:

7.1 Right of Access

You have the right to request a copy of the personal data we hold about you. We will provide this information in a commonly used, machine-readable format within 30 days of your request.

7.2 Right to Rectification

You have the right to request correction of any inaccurate or incomplete personal data we hold about you. You can update most information directly through your account settings, or contact us for assistance.

7.3 Right to Erasure (Right to be Forgotten)

You have the right to request deletion of your personal data in certain circumstances. Please note that we may need to retain certain information for legal, regulatory, or legitimate business purposes, such as compliance with anti-money laundering regulations or tax reporting requirements.

7.4 Right to Restrict Processing

You have the right to request that we limit how we use your personal data in certain circumstances, such as when you contest the accuracy of your data or object to our processing.

7.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format (such as CSV or JSON) and to transmit that data to another controller.

7.6 Right to Object

You have the right to object to the processing of your personal data for direct marketing purposes. You also have the right to object to processing based on legitimate interests, unless we can demonstrate compelling legitimate grounds for the processing.

7.7 Right Against Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects concerning you or similarly significantly affect you. Where automated decisions are necessary, you have the right to obtain human intervention, express your point of view, and contest the decision.

8. Children's Privacy

Our financial services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately.

If we discover that we have collected personal information from a child under 18 without parental consent, we will take steps to promptly delete that information from our systems.

9. International Data Transfers

9.1 Protection Measures

When we transfer your personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:

• EU adequacy decisions: Transfers to countries with adequate data protection levels as recognized by the European Commission
• Standard Contractual Clauses (SCCs): Legally binding contracts that require the recipient to protect your data to EU standards
• Data processing agreements: Comprehensive agreements with all data processors specifying security requirements
• Regular compliance audits: Ongoing monitoring of third-party compliance with data protection obligations

9.2 Transfer Destinations

Your data may be transferred to and processed in the following locations:

• European Union: Primary data processing and storage in EU data centers
• United States: Cloud infrastructure services (with SCCs and additional safeguards)
• Other countries: Only as necessary with appropriate protection measures in place

10. Data Retention Periods

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, and resolve disputes. The following table outlines our standard retention periods:

Secure Data Disposal

When data reaches the end of its retention period, we ensure secure disposal through:

• Secure electronic deletion using industry-standard methods that make recovery impossible
• Physical destruction of any paper records containing personal information
• Deletion of backup copies according to backup rotation schedules
• Maintenance of disposal records for audit purposes

11. Third-Party Links

Our website may contain links to third-party websites, applications, or services that are not operated by us. These links are provided for your convenience and informational purposes only.

We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party sites you visit before providing any personal information. Your interactions with third-party websites are governed by their own terms and policies.

12. Policy Changes

12.1 Change Notification

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make changes:

• We will post the updated policy on our website with a new "Last Updated" date
• For significant changes, we will send an email notification to registered users
• We may display a prominent notice on our website or show a pop-up upon login
• For material changes affecting your rights, we will request your explicit consent

12.2 Staying Informed

We encourage you to periodically review this Privacy Policy to stay informed about how we protect your information. The latest version will always be available on our website. Your continued use of our services after any changes indicates your acceptance of the updated policy. If you disagree with any changes, you may close your account and stop using our services.

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We are committed to responding to all privacy-related inquiries within 3 business days.

13.1 Complaints

We encourage you to contact us first if you have any concerns about our data practices. We will work to resolve your concerns promptly. However, if you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority:

14. Withdrawal of Consent

14.1 Marketing Consent Withdrawal

You can withdraw your consent for marketing communications at any time through:

• Clicking the "Unsubscribe" link in any marketing email
• Updating your communication preferences in your account settings
• Contacting our customer support team

14.2 Account Deletion Process

If you wish to delete your account and associated data:

1. Log into your account and navigate to Settings > Privacy > Delete Account
2. Review the information about what will be deleted and what must be retained
3. Confirm your identity through our verification process
4. Submit your deletion request
5. Your account will be deactivated immediately and data deleted within 30 days

Please note that certain information may be retained as required by financial regulations and legal obligations, as outlined in Section 10.

15. Conclusion

At Hyphe Markets GmbH, protecting your privacy is fundamental to everything we do. As a financial services provider, we understand that you entrust us with sensitive personal and financial information, and we take this responsibility seriously.

We are committed to maintaining transparency about our data practices, implementing robust security measures, and empowering you with control over your personal information. Your trust is essential to our relationship, and we continuously work to earn and maintain it.

If you have any questions or concerns about this Privacy Policy or how we handle your data, please do not hesitate to contact us. We are here to help and are committed to addressing your concerns promptly and thoroughly.

Thank you for choosing Hyphe Markets GmbH for your financial needs. We value your trust and are dedicated to protecting your privacy.