UAB Iron Network is a company incorporated in Lithuania, with its registered address at Upės g. 23-1, LT-08128 Vilnius, Lithuania, and with Registration Code 307039012. UAB Iron Network and affiliates collect and use certain Personal Data from you.
Contact information
Website: iron.xyz
Address: Upės g. 23-1, LT-08128 Vilnius, Lithuania
Email: compliance@iron.xyz
Acceptance of Privacy Policy
By accessing or using our Services, or by creating an account, you agree that you have read, understand, and agree to all of the terms and conditions contained in this Privacy Policy. If you do not agree with or are not comfortable with any aspect of this Privacy Policy, you should immediately discontinue access or use of Iron Services.
Changes to this Privacy Policy
We reserve the right to alter, amend or modify this Privacy Policy from time to time, in our sole discretion. We will provide you with notice of such changes by sending you an email, providing notice on the homepage of the Website and/or by posting the amended Privacy Policy on the Website and updating the “Last Updated” date at the top of the Privacy Policy. The amended Privacy Policy will be deemed effective immediately upon posting on the Website. Your continued use of Iron Services constitutes your agreement to be bound by any such changes to this Privacy Policy.
Definitions
“Customer” refers to any end-user or business partner of the Partner who accesses, uses, or interacts with the Services provided by the Partner through the Partner’s integration with Iron.
"Iron Services" means the suite of virtual asset services provided by Iron, including but not limited to: (i) the exchange of virtual assets for other virtual or fiat assets, (ii) the provision of custodial virtual currency wallets, and (ii) the transfer of digital assets between accounts.
“Services” refers to the combined offerings of the: (i) the Iron Services; and (ii) services provided by Third Party Providers or affiliates.
“Third Party Providers” Refers to external entities engaged by Iron to facilitate specific ancillary services necessary to support and deliver the foregoing, acting under the direction and responsibility of Iron, such as payment processing, stablecoin liquidity providers, and compliance tools.
Overview
This Privacy Policy outlines important information about who we are, as well as how and why we collect, store, use, and share your personal information (referred to as "Personal Data") in connection with your use of our Services. Additionally, it explains your rights regarding your Personal Data and provides details on how to contact us or the relevant regulatory authority should you have any concerns or wish to lodge a complaint.
We are the Controller of your Personal Data which we obtain via your use of our Services. When you use our Services, you may encounter services, links, or other platforms provided by our trusted Third-Party-Providers. These links are included to assist with tasks such as identity verification or to offer ancillary products and services. Please note that these third-party websites may collect information about you in accordance with their own independent privacy policies. We encourage you to review the privacy policies of those third-party websites to understand how your information is handled.
Personal Data We Collect
Iron processes your Personal Data because you use our Services. Below is an overview of the personal data we process:
First and last name
Job role
Country
Payment details (for example your bank account number, wallet address, etc.)
National ID
Proof of Address
Gender
Date of birth
Phone number
Email address
Biometric data including KYC liveness
Data from cookie tracking
We may also collect and process the following information from you:
Third-party data, used to identity verification details and records, and
Combined data, used from third parties and merged with data collected through our Services, governed by this Privacy Policy unless stated otherwise.
Purpose for Processing Personal Data
Iron processes your personal data for the following purposes:
Handling a transaction or transaction instruction
Sending newsletters and/or promotional materials
Contacting you via phone or email as needed for service delivery
Informing you about changes to our services and products
Allowing you to create an account
Meeting legal obligations
To perform our obligations towards you
To enable and provide our Services to you
To verify Customer identities and grant secure access to our Services
To offer assistance and support when needed.
To enhance, personalize, and refine the Services and user experience, tailored to individual or shared preferences, feedback, and challenges.
To uphold our Terms of Service and other agreements established with Customers and Partners
To adhere to applicable legal and regulatory obligations
Iron processes your personal data based on the following legal grounds in accordance to GDPR:
To fulfill our contract with you, including enabling account creation, processing transactions and delivering services
To comply with applicable legal and regulatory requirements, such as anti-money laundering and counter-terrorist financing obligations
Where you have provided explicit consent, such as receiving marketing communications. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before withdrawal
To enhance and improve our Services, ensure platform security, prevent fraud and develop new features. It is ensured that such processing does not override your privacy rights
Data Retention
The duration for which Iron will retain your Personal Data depends on the following cumulative factors:
We will retain your Personal Data for as long as necessary to fulfill the purpose for which it was collected.
Personal Data will be kept as required to address potential or ongoing legal claims, complaints, litigation, or regulatory proceedings.
Applicable laws or regulations may specify a minimum retention period for your Personal Data.
We may need to maintain records for a significant period of time after you cease being our client for legal or regulatory reasons, for example, when we need to retain information to help manage a dispute or legal claim. Additionally, we are subject to certain anti-money laundering laws which may require us to retain your personal data for a period of time after our business relationship with you has ended.
Sharing Personal Data with Third Parties
Iron does not sell your personal data to third parties. Data is only shared when necessary to execute our agreement with you or to comply with legal obligations. For companies processing your data on our behalf, we sign processing agreements to ensure the same level of data security and confidentiality. Iron remains responsible for these processes. Additionally, Iron shares data with other third parties only with your explicit consent. Specifically,
We may share some of your Personal Data with the Third-Party-Providers with which you are transacting in order to process your transaction.
We may share your Personal Data with external service providers to verify your identity, confirm your eligibility, conducting check in business and public registers and comply with AML/CFT requirements
If you access our platform through the website or other form of integration of one of our Partners, then we may share your Personal Data with that Partner.
We engage selected Third-Party-Providers to perform services ancillary to our Services and may provide them access to your Personal Data.
We may share your Personal Data with our affiliated companies.
Transfer of Personal Data Outside the EEA
Iron may transfer your Personal Data to countries outside the European Economic Area (EEA) as part of its operations. When we do so, we ensure that appropriate safeguards are in place to protect your data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR).
Such transfers may occur in the following circumstances:
To our trusted third-party service providers or partners who assist in delivering our Services, including those located outside the EEA.
When it is necessary to fulfill legal obligations or respond to lawful requests from public authorities, including for national security or law enforcement requirements.
In the absence of an adequacy decision by the European Commission for the country receiving the data, we rely on legally recognized safeguards, including:
The use of Standard Contractual Clauses (SCCs) approved by the European Commission.
Binding Corporate Rules (BCRs) implemented by our partners where applicable.
Other appropriate legal and technical safeguards.
You may request further information about the safeguards we use when transferring your data outside the EEA by contacting us at compliance@iron.xyz.
Cookies and Similar Technologies
Iron uses technical and functional cookies and analytical cookies that do not infringe on your privacy. Cookies are small text files stored on your device when you visit our website. These cookies are necessary for the website's technical functionality and user experience. They ensure the website works properly and can remember your preferences. You can disable cookies through your browser settings and delete previously stored information.
Transfer of Personal Data Outside the EEA
You have several rights concerning your Personal Data that you can exercise without cost.
These rights include:
Right of access: You can request a copy of your personal data.
Right to rectification: You can request that inaccurate data be corrected.
Right to erasure: You can request that your personal data be deleted, within certain limits.
Right to restrict processing: You can request that your personal data be restricted in certain circumstances.
Right to data portability: You can request a copy of your personal data in a machine-readable format so that you can transfer it to another organization.
Right to object: You can request that your personal data not be used in certain circumstances, or that automated decision-making based on your data be stopped.
Right not to be subject to automated decision-making: You can request that your personal data not be used in automated decision-making, including profiling.
Lastly, you have a right to lodge a complaint with a competent supervisory authority.
If you wish to exercise any of your rights, you should contact us at compliance@iron.xyz.
Further information about your rights may be obtained by contacting the supervisory data protection authority located in your jurisdiction. For a list of EEA data protection supervisory authorities and their contact details see this page.
How We Secure Personal Data
Iron takes the protection of your data seriously and implements appropriate measures to prevent misuse, loss, unauthorized access, unwanted disclosure, and unauthorized modification. If you suspect that your data is not secure or have concerns about potential misuse, contact our customer service or email compliance@iron.xyz.
Automated Decision-Making
Iron does not engage in automated decision-making processes. All decisions involving your Personal Data are reviewed and made by authorized personnel to ensure fairness and compliance with applicable laws and regulations.
Contact Us
If you believe your rights have been violated, or have any concerns about your Personal Data, please contact us by mail at Upės g. 23-1, LT-08128 Vilnius, Lithuania, or by email at compliance@iron.xyz.