Privacy Policy

1. Introduction

Chainsett ("we," "us," "our") is committed to protecting the privacy and personal data of our clients, website visitors, and anyone who interacts with us. This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and all applicable EU data protection laws.

By using our website at chainsett.com or engaging our services, you acknowledge that you have read and understood this Privacy Policy.

If you have any questions about how we handle your data, contact us at info@chainsett.com at any time.

2. Who We Are

Chainsett is a digital asset payment infrastructure firm registered in Latvia, European Union. We provide crypto payment integration, KYT compliance monitoring, and cryptocurrency accounting services to businesses.

For the purposes of GDPR, Chainsett is the data controller of personal data collected through our website and services.

Contact details: Chainsett Riga, Latvia, European Union info@chainsett.com chainsett.com

3. What Data We Collect

We collect and process the following categories of personal data:

3.1 Data you provide directly — Full name — Business name and registration details — Email address — Phone number — Website URL — Business activity description — Payment and billing information — Identification documents submitted for compliance purposes — Source of funds documentation — Any other information you provide via our contact forms, consultation booking, or during onboarding

3.2 Data collected automatically — IP address — Browser type and version — Device type and operating system — Pages visited and time spent on our website — Referring website or source — Cookies and similar tracking technologies

3.3 Data from third parties — Information from compliance and KYT screening tools used to verify transactions and business identities — Publicly available information about your business for due diligence purposes — Information from blockchain analytics tools used as part of our compliance services

4. How We Use Your Data

We process your personal data for the following purposes:

4.1 Providing our services To set up and deliver crypto payment integration, KYT compliance monitoring, and accounting services as agreed in your service engagement.

4.2 Client onboarding and compliance To conduct know your customer (KYC) and anti-money laundering (AML) checks as required under EU MiCA regulation and applicable AML/CFT frameworks. This is a legal obligation we cannot waive.

4.3 Communication To respond to enquiries, send consultation confirmations, deliver service updates, and provide ongoing client support.

4.4 Invoicing and payments To issue invoices, process payments, and maintain accurate financial records.

4.5 Legal compliance To meet our obligations under applicable laws and regulations including GDPR, MiCA, AML directives, and tax legislation.

4.6 Website analytics To understand how visitors use our website, improve user experience, and measure the effectiveness of our content.

4.7 Marketing communications Where you have given consent, to send relevant updates, insights, or information about our services. You can withdraw consent at any time by emailing info@chainsett.com.

5. Legal Basis for Processing

We process your personal data on the following legal bases under GDPR:

Contract performance — Processing necessary to deliver services you have engaged us for or to take steps prior to entering a contract.

Legal obligation — Processing required to comply with EU AML directives, MiCA regulation, tax obligations, and other applicable laws.

Legitimate interests — Processing for purposes of website analytics, business development, fraud prevention, and service improvement, where these interests are not overridden by your rights.

Consent — Where we rely on consent, such as for marketing communications, you have the right to withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal.

6. How Long We Keep Your Data

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law.

— Client records and compliance documentation: Minimum 5 years from the end of the client relationship, as required by EU AML regulations — Transaction and accounting records: Minimum 7 years in accordance with EU tax and accounting requirements — Website analytics data: Up to 26 months — Marketing consent records: Until consent is withdrawn plus 1 year — Enquiry and contact data: 2 years from last contact if no engagement follows

After applicable retention periods, data is securely deleted or anonymised.

7. Who We Share Your Data With

We do not sell, rent, or trade your personal data. We may share your data with the following categories of third parties where necessary:

7.1 Service providers Third-party tools and platforms used to deliver our services, including: — KYT and blockchain analytics providers — Accounting and bookkeeping software — Payment processing platforms — Email and communication tools — Website hosting and analytics providers

All service providers are contractually required to process data only on our instructions and in compliance with GDPR.

7.2 Legal and regulatory authorities Where required by law, we may disclose personal data to regulatory bodies, law enforcement agencies, or tax authorities. This includes mandatory reporting obligations under AML/CFT legislation. We are prohibited by law from notifying you of certain disclosures.

7.3 Professional advisors Lawyers, accountants, and auditors where necessary for the operation of our business, subject to confidentiality obligations.

7.4 Business transfers In the event of a merger, acquisition, or sale of business assets, personal data may be transferred to the relevant third party. We will notify affected individuals in advance where possible.

We do not transfer personal data outside the European Economic Area (EEA) except where adequate safeguards are in place as required by GDPR.

8. Cookies

Our website uses cookies and similar tracking technologies to improve your browsing experience and analyse website traffic.

Types of cookies we use:

Essential cookies — Required for the website to function correctly. Cannot be disabled.

Analytics cookies — Used to understand how visitors interact with our website. Data is aggregated and anonymised where possible.

Preference cookies — Used to remember your settings and preferences across visits.

You can manage your cookie preferences through your browser settings at any time. Disabling certain cookies may affect the functionality of our website.

For full details on the cookies we use, refer to our Cookie Policy available on our website.

9. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

Right of access — You have the right to request a copy of the personal data we hold about you.

Right to rectification — You have the right to request correction of inaccurate or incomplete personal data.

Right to erasure — You have the right to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to legal retention obligations.

Right to restriction of processing — You have the right to request that we restrict processing of your personal data in certain circumstances.

Right to data portability — You have the right to receive your personal data in a structured, commonly used, and machine-readable format where processing is based on consent or contract.

Right to object — You have the right to object to processing of your personal data based on legitimate interests, including for direct marketing purposes.

Right to withdraw consent — Where processing is based on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of prior processing.

Right to lodge a complaint — You have the right to lodge a complaint with the Latvian Data State Inspectorate (Datu valsts inspekcija) or any other EU supervisory authority if you believe we have not handled your data in accordance with GDPR.

To exercise any of these rights, contact us at hello@chainsett.com. We will respond within 30 days. We may request proof of identity before processing your request.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These measures include:

— Encryption of data in transit and at rest — Access controls and authentication requirements — Regular security assessments and reviews — Staff training on data protection obligations — Secure disposal of data when retention periods expire

While we take all reasonable steps to protect your data, no method of transmission over the internet is completely secure. We cannot guarantee absolute security but commit to notifying you and relevant authorities promptly in the event of a data breach as required by GDPR.

11. Children's Privacy

Our services are intended exclusively for businesses and business representatives. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently collected data from a minor, contact us immediately at hello@chainsett.com and we will delete it promptly.

12. Links to Third-Party Websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of those websites. We encourage you to review the privacy policies of any third-party sites you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. The updated policy will be posted on our website with a revised effective date.

Material changes will be communicated to existing clients via email with reasonable notice before taking effect. Continued use of our website or services following any update constitutes acceptance of the revised policy.

14. Contact Us

For any questions, requests, or complaints regarding this Privacy Policy or how we handle your personal data, contact us at:

Chainsett Riga, Latvia, European Union hello@chainsett.com chainsett.com

We aim to respond to all data protection enquiries within 30 days.

Supervisory Authority

If you are not satisfied with our response, you have the right to contact the Latvian supervisory authority:

Datu valsts inspekcija (Data State Inspectorate) Blaumaņa iela 11/13-11, Riga, LV-1011, Latvia www.dvi.gov.lv pasts@dvi.gov.lv