This Privacy Policy describes how SCANDIC COIN processes personal data when you purchase and use our utility token. As part of the SCANDIC GROUP, we act in accordance with the EU General Data Protection Regulation (GDPR), the Bahrain Personal Data Protection Law (PDPL), and other relevant laws. Protecting your privacy and data security is our highest priority.
SCANDIC ASSETS FZCO
Dubai Silicon Oasis DDP
Building A1/A2
Dubai — 342001
United Arab Emirates
Tel: +97 14 3465-949
Mail: Info@ScandicAssets.dev
Commercial Register: Verify certificate
Represented by: SCANDIC TRUST GROUP LLC (hereinafter referred to as “SCANDIC GROUP”)
IQ Business Centre
Bolsunovska Street 13-15
Kyiv — 01014, Ukraine
Tel: +38 09 71 880-110
Mail: Info@ScandicTrust.com
Commercial Register: View extract
In cooperation with: LEGIER Beteiligungs mbH
Kurfürstendamm 14
10719 Berlin
Federal Republic of Germany
Commercial Register: HRB 57837, Local Court Berlin-Charlottenburg
VAT ID: DE 413445833
Tel: +49 (0) 30 99211-3469
E-Mail: Office@LegierGroup.com German Commercial Register
Legal Notice: SCANDIC ASSETS FZCO and LEGIER Beteiligungs mbH act as non-operational service providers. All operational activities of SCANDIC DATA are carried out by SCANDIC TRUST GROUP LLC. SCANDIC ASSETS FZCO is the holding company and owner of the trademarks; operational and all responsible activities are performed by SCANDIC TRUST GROUP LLC.
1. Controller
The controller responsible for data processing within the meaning of data protection laws is SCANDIC TRUST GROUP LLC (SCANDIC COIN). Further information can be found in the imprint. For certain processes, such as payment processing or media services, other companies of the SCANDIC GROUP may act as joint controllers or processors. In such cases, we conclude the appropriate agreements and inform you separately.
2. Categories of Personal Data
Depending on the respective service and legal necessity, we process the following categories of data:
Master and contact data: Name, address, e-mail address, telephone number, company affiliation and position.
Contract and usage data: Customer number, token balance, number of units purchased, durations, selected tariffs and service-level agreements.
Access and authentication data: User IDs, passwords (encrypted), API keys, two-factor tokens, wallet addresses.
Technical log and metadata: IP address, browser and device specifications, access times, log files, authentication logs, system events, audit trails.
Billing and payment data: Billing address, payment method, bank account or wallet address, VAT ID, payment status.
Customer support and communication data: Contents of support tickets, emails, chats, feedback surveys, recorded phone calls (only with consent).
Content and usage data: Data, files and applications that customers store and process on our platform. We do not systematically collect these contents, but may access them as required by law or to investigate misuse.
Security and compliance data: Information from sanctions screenings, KYC processes, audit reports, certifications, and whistleblower system notifications.
Sensitive data categories: In exceptional cases, special categories of personal data (e.g., health information) may be processed if required for the operation of vital applications and explicit consent has been given.
3. Purposes and Legal Bases of Processing
We process personal data for the following purposes and rely on the legal bases stated below:
Performance of contracts (Art. 6 para. 1 lit. b GDPR): To provide and manage the utility token and accompanying services, for billing, technical support, and contractual communication.
Fulfillment of legal obligations (Art. 6 para. 1 lit. c GDPR): For example, to comply with tax and commercial law regulations, reporting obligations under anti-money laundering law, supply chain laws, or requests from authorities and courts.
Legitimate interests (Art. 6 para. 1 lit. f GDPR): Improvement of our services, ensuring IT and network security, prevention of fraud and abuse, direct marketing to existing customers, enforcement of legal claims and defense in legal disputes. In balancing interests, we take your rights and expectations into account.
Consent (Art. 6 para. 1 lit. a GDPR): For optional processing such as sending newsletters, using tracking and marketing cookies, or processing special categories of personal data, we obtain your explicit consent. You may withdraw this consent at any time with effect for the future.
4. Recipients of the Data
Within the SCANDIC GROUP, only those entities that require your data to fulfill the purposes mentioned above will have access to it. External recipients may include:
Technology and infrastructure providers: Operators of data centers and blockchain infrastructure, cloud service providers, network carriers, hardware suppliers, and maintenance service providers.
Payment service providers and banks: For processing payments and complying with anti-money laundering regulations.
Advisors and auditors: Lawyers, auditors, certification bodies that assist us in meeting legal requirements.
Authorities: Law enforcement, customs, tax, and data protection authorities, where we are legally required to do so or necessary to enforce rights.
Cooperation partners: Other SCANDIC GROUP brands (e.g., SCANDIC PAY for payment services) if you use them. In such cases, we will inform you in advance.
5. International Data Transfers
SCANDIC COIN operates infrastructure in Bahrain and other countries outside the European Economic Area (EEA). When transferring data to third countries, we ensure that adequate safeguards are in place, in particular by concluding EU Commission Standard Contractual Clauses, conducting transfer impact assessments, and implementing additional technical and organizational measures (e.g., encryption, pseudonymization). If a country-specific authorization is required, we obtain it. Transfers within the SCANDIC GROUP are based on internal data protection agreements.
6. Storage Period and Deletion
We store personal data only as long as necessary to fulfill the stated purposes or as long as legal retention periods apply. After the purpose ceases to apply or legal periods expire, your data will be deleted or anonymized. Specifically, the following periods apply:
Contract documents and invoices: Ten years (Tax Code, Commercial Code).
Log and security data: Twelve months, unless longer storage is required due to legal obligations, ongoing investigations, or the defense of legal claims.
Application and support data: Six months after completion of the process, unless longer storage is required.
Consent-based data: Until withdrawal of your consent or cessation of purpose.
7. Rights of Data Subjects
You have the following rights under the legal provisions:
Access: You may request information about the data stored about you and its processing.
Rectification: You may request the correction of inaccurate or incomplete data.
Erasure: You may request the deletion of your data, provided that no statutory retention obligations prevent this.
Restriction of processing: You may request the restriction of processing, for example, if the accuracy of the data is disputed.
Data portability: You may request to receive the data that we process automatically on the basis of your consent or a contract in a structured, commonly used, and machine-readable format or have it transmitted to another controller.
Objection: You may object to the processing of your data for reasons arising from your particular situation, insofar as we base the processing on legitimate interests. You may object to direct marketing at any time.
Withdrawal of consent: You may withdraw any consent you have given at any time with effect for the future.
Complaint: You may lodge a complaint with a supervisory authority if you believe that we are unlawfully processing your data. The competent authority is, for example, the Berlin Commissioner for Data Protection and Freedom of Information or the authority responsible for your place of residence.
8. Cookies and Tracking
Our website and platforms use cookies and similar technologies to ensure functionality and improve the user experience. We distinguish between:
Technically necessary cookies: They ensure that basic functions such as login, shopping cart, or language settings work. They cannot be deactivated.
Preference cookies: They store settings (e.g., dark mode, language) and improve user-friendliness.
Analytics cookies: With your consent, we use tools such as web analytics to anonymously analyze user behavior and optimize our service.
Marketing cookies: These are only used if you agree. They allow us to display advertising relevant to our services.
When you first visit our service, you can decide via a consent tool which cookie categories you allow. You can change your settings at any time. Further information can be found in our Cookie Policy.
9. Data Security
SCANDIC COIN implements extensive technical and organizational measures to protect your data from loss, misuse, and unauthorized access. These include:
Encryption: Data is encrypted both during transmission (TLS/HTTPS, VPN) and at rest.
Zero-trust architecture: Access is granted strictly according to the least-privilege principle; all connections are authenticated and authorized.
Multi-level authentication: Access to administrative and customer systems requires multi-factor procedures.
Network segmentation: Critical systems and customer data are strictly separated. Firewalls and intrusion-detection systems monitor data traffic.
Continuous monitoring: SIEM/SOAR platforms, Darktrace modules, and automated incident-response processes detect and remediate security events in real time.
Physical security: Access to data centers is protected by biometric controls, CCTV, and security personnel. Redundant power and cooling supply ensure 99.999 % availability.
10. Minors
Our services are aimed at business customers and organizations. We do not offer services for children and do not knowingly collect personal data from minors under 16 years of age. If we become aware of such processing, we will delete the corresponding data unless there is a legal obligation to retain it.
11. Changes to this Privacy Policy
This Privacy Policy is reviewed regularly and updated as necessary to reflect legal, technical, or business changes. The current version is available on our website. In the event of significant changes, we will inform you through appropriate channels (for example by email or via the user interface).
12. Contact
If you have questions about the processing of your personal data, wish to exercise your rights, or have data-protection concerns regarding SCANDIC COIN, you can contact our data-protection officer:
SCANDIC COIN
Data Protection
IQ Business Centre
Bolsunovska Street 13-15
Kyiv — 01014, Ukraine
E-mail: Privacy@ScandicTrust.com
Tel: +38 09 71 880-110
