Privacy Policy

Consult the comprehensive privacy policy of Velavevodetto. Details on the processing of your data, cybersecurity, GDPR compliance, and your inalienable rights in Paris. Privacy and Data Protection Policy Version 3.0 – Revision Date: April 8, 2026 Article 1: Identification of the Data Controller and DPO The company Velavevodetto (hereinafter "the Platform" or "We"), whose administrative headquarters are located at 14 Avenue de l'Opéra, 75001 Paris, France, acts as Data Controller within the meaning of Regulation (EU) 2016/679 (GDPR) and the Data Protection Act. To ensure absolute and continuous protection of your personal data, a Data Protection Officer (DPO) has been appointed and can be reached at the secure contact address: [email protected]. Article 2: Categories of Data Collected (Minimization Principle) In the context of providing its market analysis services, predictive tools, and account management, Velavevodetto fairly collects the following data categories: Identity and Civil Status Data: Name, first names, date of birth, nationality, and certified copies of identity documents (exclusively within the strict framework of KYC verifications). Contact Data: Authenticated email address, active mobile phone number, residential address, and recent proof of address. Technical and Telemetry Data: IP addresses, unique device identifiers, browsing data, connection logs, operating system, and interaction metadata with our secure interfaces. Financial and Usage Data: Information on the origin of funds (if required by law), digital wallet addresses, transaction histories, and algorithmic configuration preferences. Article 3: Legal Bases and Strict Processing Purposes The processing of your data is carried out on the legal bases provided by Article 6 of the GDPR: Performance of the Contract: Processing necessary for account opening, infrastructure management, and uninterrupted access to the Platform's tools. Compliance with Legal Obligations: Essential to comply with French and European regulations, particularly directives to combat money laundering and terrorist financing (AML/CFT). Legitimate Interest: Required to ensure platform cybersecurity, prevent fraud, conduct security audits, and optimize technological infrastructure. Express Consent: For receiving market communications, promotional offers, and the deployment of non-essential trackers/cookies. Article 4: System Security and Encryption Protocols Velavevodetto deploys institutional-grade security measures, subject to regular audits: Encryption at Rest: Use of the AES-256 cryptographic algorithm for all sensitive databases. Secure Transport: Systematic end-to-end encryption of data flows via the TLS 1. protocol.

3. Sovereign Hosting: Data is stored in a

redundant manner on highly resilient servers located exclusively within the European Economic Area (EEA). Article 5: Retention and Archiving Policy Velavevodetto undertakes not to retain data beyond the strictly necessary duration: Active Data: Maintained throughout the duration of the contractual relationship between the User and the Platform. Regulatory Archives: Securely kept for a period of five (5) years after account closure, in order to meet the prescription obligations of the French Monetary and Financial Code. Trackers (Cookies): The lifespan of cookies subject to consent is strictly capped at 13 months. Article 6: Exercise of Your Inalienable Rights The European GDPR framework grants you sovereign rights over your information: right of access, right of rectification, right to erasure ("right to be forgotten"), right to restriction of processing, right to data portability, and right to object. Any request concerning the exercise of these rights must be sent in writing to our DPO ([email protected]). In the event of an unresolved dispute or disagreement, you have the right to file a formal complaint with the CNIL (National Commission for Information Technology and Liberties - www.cnil.fr).