Privacy Statement of MB Aurion

MB Aurion, a legal entity registered in Lithuania, operating through www.bit-aurum.com, is committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR) and the Lithuanian Law on the Protection of Personal Data. This Privacy Statement explains how we collect, use, store, and protect your personal data when you interact with our services, including the purchase and sale of precious metals, safe storage services, and related transactions.

We collect the following personal data when you engage with our services:

• Identity and Contact Information: Name, address, email address, phone number, and government-issued identification documents (e.g., passport, driver’s license) for transactions or customer due diligence as required by anti-money laundering regulations.

• Financial Information: Bank account details for payments in EUR when MB Aurion purchases gold from you, and cryptocurrency wallet details for processing payments or refunds.

• Transaction Data: Details of your orders, including the type and quantity of precious metals, payment amounts, dates, and storage preferences.

• Communication Data: Information provided through inquiries, complaints, or correspondence with us, including via email or our website.

• Technical Data: IP address, browser type, device information, and website usage data collected when you visit www.bit-aurum.com, including through cookies (see Section 8).

We process your personal data for the following purposes and legal bases under GDPR:

• Contract Fulfillment (Article 6(1)(b) GDPR): To process your orders for purchasing or selling precious metals, provide safe storage services, and manage payments in cryptocurrencies or EUR bank transfers.

• Legal Obligations (Article 6(1)(c) GDPR): To comply with the Lithuanian Law on the Prevention of Money Laundering and Terrorist Financing, including customer due diligence for transactions of €15,000 or more, which requires collecting and verifying identification documents.

• Legitimate Interests (Article 6(1)(f) GDPR): To improve our website and services, respond to inquiries, manage complaints, and ensure the security of our operations, provided your rights and freedoms are not overridden.

• Consent (Article 6(1)(a) GDPR): For optional uses, such as marketing communications, where you have explicitly consented (e.g., via newsletter sign-up).

We collect personal data:

• Directly from you when you place an order, request storage services, sell gold back to us, or contact us.

• Through our website (www.bit-aurum.com) when you interact with our checkout process, submit forms, or browse our site.

• As required for AML compliance, such as identification documents for transactions exceeding €15,000.

We may share your personal data with:

• Third-Party Storage Providers: To facilitate the safe storage of your gold in secure facilities with 24/7 security, as described in our Terms and Conditions (Article 29). These providers are bound by data protection agreements to ensure GDPR compliance.

• Authorities: With Lithuanian authorities, such as the Financial Crime Investigation Service (FCIS), when required for AML compliance or legal investigations, as mandated by the Lithuanian Law on the Prevention of Money Laundering and Terrorist Financing.

• Service Providers: IT and website hosting providers, analytics services, or other technical support providers, all of whom are GDPR-compliant and process data only on our instructions.

We do not share your personal data with third parties for marketing purposes without your explicit consent.

6.1. The price is exclusive of VAT and all other costs incurred in the context of the contract.

• Transaction and Contract Data: Retained for 8 years after the transaction or contract ends, as required by Lithuanian tax and AML laws.

• AML Identification Documents: Retained for 8 years, as mandated by the Lithuanian Law on the Prevention of Money Laundering and Terrorist Financing.

• Communication Data: Retained for 2 years or as needed to resolve inquiries or complaints.

• Technical Data: Retained for up to 1 year for analytics and security purposes, unless otherwise required by law.

Data is securely deleted or anonymized after the retention period, unless further retention is legally required.

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data transmitted via www.bit-aurum.com.

• Secure storage of identification documents and transaction data.

• Access controls to limit data access to authorized personnel only.

• Regular security assessments of our systems and third-party providers.

Despite these measures, no system is completely secure, and we cannot guarantee absolute security of your data.

Our website uses cookies to enhance user experience, analyze site performance, and ensure security. Cookies may collect technical data such as IP addresses and browsing behavior. You can manage cookie preferences through your browser settings or our website’s cookie consent tool. For more details, please refer to our Cookie Policy [insert link to Cookie Policy, if applicable].

As a data subject, you have the following rights:

• Access: Request a copy of your personal data.

• Rectification: Correct inaccurate or incomplete data.

• Erasure: Request deletion of your data, subject to legal retention requirements (e.g., AML obligations).

• Restriction: Request restriction of data processing in certain cases.

• Data Portability: Receive your data in a structured, commonly used format.

• Objection: Object to processing based on legitimate interests, including marketing.

• Withdraw Consent: Withdraw consent at any time for processing based on consent, without affecting prior processing.

To exercise these rights, contact us at [insert contact email, e.g., info@bit-aurum.com]. We will respond within one month, as required by GDPR. You may also lodge a complaint with the Lithuanian State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija) if you believe your rights have been violated.

If you are a non-EU customer, your personal data may be transferred to third-party storage providers or processed in jurisdictions outside the EU for AML compliance or service provision. We ensure such transfers comply with GDPR through appropriate safeguards, such as Standard Contractual Clauses or adequacy decisions.

We may update this Privacy Statement to reflect changes in our practices or legal requirements. The latest version will be posted on www.bit-aurum.com with the updated date. Significant changes will be communicated to you via email or a website notice.

For questions, concerns, or to exercise your data protection rights, please contact:

MB Aurion
Email: info@bit-aurum.com
Website: www.bit-aurum.com

By using our services or website, you acknowledge that you have read and understood this Privacy Statement.