Legal

Privacy policy

Preamble

This Privacy Notice applies to the processing of personal data by emoni group of companies and its affiliated (collectively referred to as "emoni", "emoni group", "we", "us", or "our"), including:

  • iLedgends B.V. (Netherlands) — Electronic Money Institution (EMI)
  • iLedgends s.r.o. (Czech Republic) — Crypto-asset service provider (CASP)
  • Ledgends Inc (Canada) — Money Services Business (MSB)

emoni Group provides a range of financial and related services across different jurisdictions. Depending on the nature of the services provided to you, and your relationship with iLedgends, one or more of these entities may process your personal data.

Who is your data controller?

The entity within the emoni Group that determines the purposes and means of processing your personal data in connection with the services provided to you will act as the data controller for those specific processing activities.

In practice, this means that:

  • the entity with which you enter into a contractual relationship is typically your primary data controller;
  • where services are provided across multiple emoni Group entities, each relevant entity may act as a separate and independent data controller for the personal data it processes in connection with its own legal, regulatory, and operational obligations.

Processing within the emoni Group

To provide integrated services, and to comply with legal and regulatory requirements, personal data may be shared between entities within the emoni Group. This includes, for example:

  • compliance with anti-money laundering, counter-terrorism financing, and sanctions regulations;
  • risk management, fraud prevention, and transaction monitoring;
  • operational support and service delivery across jurisdictions.

Such sharing of personal data does not change the allocation of responsibilities between the entities. Each emoni entity remains responsible for its own processing activities and complies with applicable data protection laws as an independent data controller, unless explicitly stated otherwise.

All data sharing within the emoni Group is governed by appropriate safeguards, including:

  • intra-group data sharing arrangements;
  • contractual protections; and
  • appropriate technical and organisational security measures.

Where another emoni Group entity acts as a controller in relation to your personal data, its own privacy notice may apply in addition to this Privacy Notice.

For further information on the processing of your personal data within the emoni Group, you may contact us using the details provided in Section 10.

1. Purpose and scope of this Privacy Statement

This Privacy Notice applies to:

  • Current, former, and potential individual customers, including sole proprietors and representatives of corporate entities.
  • Non-customers who interact with us, such as visitors to our websites, participants in transactions, beneficiaries or payers, guarantors, and company representatives.

2. How do we collect your personal data

We obtain your personal data in the following ways:

  • Directly from you, when you open an account, complete forms, contact us, or use our services.
  • Indirectly, from other individuals acting on behalf of you, like an authorized representative.
  • From external sources, including public registers, commercial registers, registers of association, the online or traditional media, cookies and comparable technologies via our websites and apps, publicly available sources or other third parties such as payment or transaction processors, credit agencies, other financial institutions, commercial companies, or public authorities. online and offline media.

Please consult our cookie statement as published on the emoni website for more information about the use of cookies on our website.

3. Processing of personal data

We process personal data for the following purposes:

1. Client Onboarding

Description of purpose:

  • Identity verification — to verify the identity, as a pre-requisite of start of any service rendering under applicable law.

Categories of personal data:

  • Identification & Contact Data: Name, address, date of birth, nationality, identification numbers, phone numbers, email.
  • Personal Data on Ultimate Beneficial Owners, including their name, financial data (e.g. details on their capital and/or voting rights and interests), contact details, ID copies, and citizen identification numbers issued by government bodies or agencies — in case of a Corporate Client;
  • Socio-demographic Data: Gender, marital status, education, employment.
  • Communication & Interaction Data: Customer support interactions.
  • Regulatory Compliance Data: KYC information, anti-fraud, and anti-money laundering data.

Legal basis: a legal obligation under the Dutch Act on Anti-Money Laundering and Terrorism Finance (Wet ter voorkoming van witwassen en financieren van terrorisme, "Wwft") and other applicable legislations in EU and Canada;

2. Client Relationship Management

Description of purpose:

  • Communicating with you about the products and services you receive from us or our partners.
  • Responding to your customer service inquiries and resolving complaints.
  • Verifying your identity and location for security purposes.

Categories of personal data:

  • Contact Data: Name, phone numbers, email addresses, and contents of our correspondence.
  • Communication & Interaction Data: Customer support interactions, survey responses.
  • Location Data: Transactional location tracking (e.g., where you log in to our payment platform from).

Legal basis: we process this personal data, because we have a legitimate interest to maintain our professional relationship and resolve matters in relation to the provision of our services. We also have a legal obligation to ensure the security of our services under the underlying regulations, for which we use your location data and identifying information.

3. Product implementation and execution

Description of purpose:

  • Contractual Necessity: To provide services, manage accounts, facilitate transactions, or perform obligations under contracts, in accordance with your instructions and the terms of emoni.
  • Closing dormant accounts: in accordance with applicable laws, if we are unable to reach you after a certain period of time.

Categories of personal data:

  • Financial & Transaction Data: Account details, payment records, transaction history, and information relating to your assets (including fixed properties), financial statements, liabilities, taxes, revenues, earnings, and investments.
  • Tax domicile and other tax-related documents and information.
  • Online Activity & Technical Data: IP addresses, device identifiers, browsing behaviour.

Legal basis: this processing of personal data is necessary for the performance of our contract, specifically the service agreement for the provision of our (financial) services. We also have a legal obligation to ensure the security of our services under the underlying regulations, for which we use your transaction data and online activity & technical data.

Please note: Before we commence the provision of our (financial) services, we ask your explicit consent to collect and process your personal data necessary for the provision of our services, in accordance with instructions of the EU and Canada regulators. From a GDPR perspective, however, this consent is not the legal basis for the processing of personal data for the provision of our (financial) services.

4. Business development and / or development of the emoni brand

Description of purpose:

  • Assess whether and how emoni, or our business partners can offer you products, services, or events that may be of interest.
  • Match and personalise offers for you.
  • Contact you directly for marketing purposes about products and services we believe may interest you and to support related competitions and promotions.

Categories of personal data:

  • Contact Data: Name, address, date of birth, nationality, phone numbers, email addresses, and contents of our correspondence. Data relating to your employment, marital status, earnings, taxes, and other personal data used to assess the Source of Wealth and Source of Funds.

Legal basis: We may process this personal data, because we have a legitimate interest to develop our business and be in contact with potential clients. When we contact you for direct marketing purposes, this contact is based on your consent to receive such communication.

5. Compliance, Risk Management and / or Crime Prevention, Detection, and Investigation

Description of purpose:

  • Integrity checks — to consult available incident registers and warning systems and national and international sanctions lists.
  • Handle Complaints — requests or reports from you or third parties made to emoni.
  • Prevent and detect crime — including fraud or criminal activity, misuses of our products or services as well as the security of our IT systems, architecture, and networks. We may also be obligated to make reports to supervisory authorities.

Categories of personal data:

  • Identification & Contact Data: Name, address, date of birth, nationality, identification numbers, phone numbers, email, contents of our correspondence.
  • Financial & Transaction Data: Account details, payment records, transaction history, and information relating to your assets (including fixed properties), financial statements, liabilities, taxes, revenues, earnings, and investments.
  • Tax domicile and other tax-related documents and information.
  • Personal Data on Ultimate Beneficial Owners, including their name, financial data (e.g. details on their capital and/or voting rights and interests), contact details, ID copies, and citizen identification numbers issued by government bodies or agencies — in case of a Corporate Client;
  • Regulatory Compliance Data: KYC information, anti-fraud, and anti-money laundering data, such as public sanction lists.
  • Online Activity & Technical Data: IP addresses, device identifiers, browsing behaviour.

Legal basis: We have a legal obligation to ensure the security of our services and monitor suspicious transactions under the applicable underlying regulations, as well as to prevent fraud and misuse under the applicable regulation of the emoni entities.

6. Supporting, Enhancing and Maintaining emoni technology

Description of purpose:

  • Improving our products and services — testing and upgrading of systems and processes and conducting market research to understand how to improve our existing products.
  • To better understand you as a client — we may process your Personal Data to understand your preferences regarding our products and services. This may include profiling based on your use of our applications, platforms, and services. Said data may be collected through tracking technologies, as detailed in our cookie policy.

Categories of personal data:

  • Online Activity & Technical Data: IP addresses, device identifiers, how you interact with our website/services.
  • Communication & Interaction Data: Customer support interactions, survey responses.

Legal basis: We may process this personal data, because we have a legitimate interest to develop our business. When we create a profile based on your use of our website and online services, this processing is based on your consent.

4. Automated Decision-Making and Profiling

Automated decision-making is when decisions are made by technological means without significant human involvement. We may use technology to automate decisions and create profiles, particularly for:

  • Fraud and financial crime detection.
  • Risk assessments.
  • Transaction monitoring.

These processes are monitored to ensure fairness and transparency. You may request human intervention in automated decisions that affect you significantly.

We currently do not make decisions based on automated processing that have a legal or similar effect within the meaning of article 22 GDPR.

5. Sharing your personal data / who receives my data

There are situations in which we need to provide your personal data to other parties involved in the provision of our services.

  • Public, Regulatory and Judicial Authorities: Including tax authorities, courts, law enforcement. Authorities that might receive data are:
    • Dutch Central Bank
    • Czech Central Bank
    • Bank of Canada
    • Fintrac
    • European Central Bank.
    • The Netherlands Authority for the Financial Markets
    • Judicial authorities.
    • Any third-party public entity entitled to exercise its right of access and communication provided by tax law and regulation;
    • Data Protection Supervisory Authority
  • Financial Institutions: Payment processors, card networks (e.g., VISA, Mastercard).
  • Payment Recipients, beneficiaries, account nominees, intermediaries, correspondent, and agent banks involved in the transactions.
  • Clearing Houses, and clearing or settlement systems and specialised payment companies or institutions such as SWIFT;
  • Third-Party Service Providers: IT providers, marketing firms, auditors, legal advisors. These third-party service providers are contractually bound to confidentiality. These providers support emoni with activities such as:
    • Advertisements.
    • IT service providers, both applications based, and infrastructure based.
    • Reporting, statistics, and other reports.
    • Legal services.
    • Identification, investigation, or prevention of fraud.
  • Business Partners: Brokers, agents, co-branded service providers.

6. International Data Transfer

Data will only be transferred to countries outside the EU or the EEA (so-called third countries) if this is required for the execution of your orders (e. g. Payments order) or prescribed by law (e. g., reporting obligations under tax law), if you have given us your consent for data processing. If service providers in a third country are used, they are obligated to comply with the data protection level in Europe in addition to written instructions by agreement of the EU standard contractual clauses. Data transferred outside the EEA is protected using:

  • Standard Contractual Clauses (SCCs).
  • Data protection impact assessments.
  • Technical and contractual safeguards such as encryption and access controls

You can request a copy of these safeguards here.

7. Your rights and how we respect them

If your personal data is processed, you have the following rights:

  • Access: View your personal data.
  • Correction: Fix inaccurate or incomplete data.
  • Erasure: Request deletion of data no longer needed.
  • Restriction: Limit processing in certain circumstances.
  • Objection: Decline data use based on legitimate interest.
  • Portability: Transfer your data to another provider.
  • Withdraw Consent: Revoke prior permissions.
  • Lodge a Complaint: File a complaint with us or your local authority.

8. Retention

By default, we process and store your personal data as long as it is necessary for the performance of our contractual obligations and for seven years afterwards.

This period does not apply for:

  • An application that does not result in an executed agreement, which is retained for 14 months.
  • Transactions and bank statements of you are stored for 10 years after our contractual relationship.
  • Commercial offers and communication are stored for 5 years after the communication.

Once the data is not needed, for any of the purposes above, we delete or anonymise the personal data - in accordance with regulatory provisions, relevant guidance, and applicable law.

If the data are no longer required for the performance of our contractual obligations, they are regularly deleted, unless their further processing is instructed by the regulator or any other authority, or if based on your complaint. In such a case we could be obligated to store the data for a longer period.

9. Changes to this Privacy Statement

We may amend this Privacy Statement to remain compliant with any changes in law and/or to reflect how our business processes personal data. This version was created in July 2025.

10. Contact and questions

To learn more about how we protect and use your personal data, or if you wish to exercise your rights as a data subject, please send an email to support@emoni.io

support@emoni.io