This Privacy Policy explains how Fanex (“we”, “us”, or “our”) collects, uses, and protects your personal data when you access our website (the “Website”) or interact with our services. This Policy is issued in accordance with Articles 13 and 14 of the General Data Protection Regulation (EU) 2016/679 (“GDPR”).
1. Data Controller
The data controller is Fanex srl, headquartered at Via Gaetano de Castillia, 23, 20124 Milano MI, Italy. For any privacy-related questions, you may contact our Data Protection Officer (DPO) at help@fanex.market.
2. Purposes and Legal Basis for Data Processing
We process your personal data on the following legal bases:
2.1 Consent (Art. 6(1)(a) GDPR)
When you voluntarily provide your data (e.g., via cookies or marketing opt-ins), we process it based on your explicit consent. You may withdraw your consent at any time without affecting the legality of prior processing.
2.2 Contractual Necessity (Art. 6(1)(b) GDPR)
We process data to fulfill our contractual obligations to you, such as facilitating access to your user account or executing investment-related services.
2.3 Legal Obligations (Art. 6(1)(c) GDPR)
Certain data must be processed to comply with Italian and EU regulatory obligations, including tax laws, anti-money laundering regulations, and financial reporting requirements.
2.4 Legitimate Interests (Art. 6(1)(f) GDPR)
Where necessary, we process data to pursue our legitimate business interests, such as fraud prevention, platform improvement, service analytics, and communication management, without unduly infringing your rights.
3. Categories of Data Processed
We process the following categories of personal data:
- Contact and identification data (e.g., name, email, phone number)
- Access credentials (e.g., login timestamps, IP address)
- Device and browser information (e.g., OS, language settings)
- Navigation data (e.g., pages visited, session duration)
- Data related to investments or financial operations
- Communication history (e.g., support messages, feedback)
5. Data Sharing and Recipients
We may share your data with:
- IT and hosting service providers
- Payment processors and financial institutions
- Regulatory or supervisory authorities (as required by law)
- Customer support and analytics providers
- Marketing platforms and email service providers
We ensure all data processors operate under contractual obligations consistent with this Policy and GDPR.
6. Data Transfers Outside the EEA
If personal data is transferred outside the European Economic Area (EEA), such transfer will occur only:
- To countries with an adequacy decision by the EU Commission
- Subject to Standard Contractual Clauses (SCCs)
- With your explicit consent
7. Data Retention
We retain personal data only as long as necessary for the purposes for which it was collected, including legal retention periods. Session and cookie data may be retained for limited durations as outlined in our Cookie Policy.
8. Your Rights Under GDPR
You have the following rights with respect to your personal data:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object (Art. 21 GDPR)
- Right to withdraw consent (Art. 7(3) GDPR)
To exercise your rights, contact us at help@fanex.market. You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali).
9. Security Measures
We implement appropriate technical and organizational security measures, including:
- SSL/TLS encryption
- Role-based access controls
- Regular vulnerability assessments
- Data minimization practices
10. Changes to This Privacy Policy
We may update this Policy from time to time. Material changes will be communicated via the Website. Continued use of our services constitutes acceptance of the updated Policy.
Please also review our Terms and Conditions for additional information about the use of our services.