Article 1: Identification of the Data Controller
This privacy policy defines the rigorous data processing protocols maintained by NextGen ("the Platform", "we", or "our"), headquartered at Tour Part-Dieu, 129 Rue Servient, 69003 Lyon, France. We act as the data controller in accordance with the General Data Protection Regulation (GDPR) and the French Data Protection Act. To ensure absolute data integrity, we have appointed a Data Protection Officer (DPO) reachable at [email protected].
Article 2: Categories of Personal Information Collected
In accordance with the data minimization principle, we collect:
Identity Metrics: Full legal name, date of birth, nationality, and official identification document for mandatory KYC/AML verification.
Contact Details: Authenticated email address, active mobile phone number, and verified residential address.
Financial Telemetry: Source of funds, digital asset wallet addresses (public keys), and transaction history.
Digital Footprint: IP addresses, device hardware specifications, and detailed interaction logs with our predictive interfaces.
Article 3: Legal Basis for Processing
Our collection and use of information are based on:
Contractual Necessity: Essential for managing your account and providing our services.
Statutory Obligations: Compliance with the Monetary and Financial Code (anti-money laundering and counter-terrorist financing).
Legitimate Business Interests: Proactive fraud prevention and network security enhancement.
Explicit Consent: For personalized market analytics and non-essential analytical cookies.
Article 4: Advanced Security and Sovereignty
Encryption: All data at rest is stored using AES-256 cryptographic protocols.
Transmission: Secured via TLS 1.3 end-to-end encryption.
Hosting: Data is exclusively hosted on redundant, highly secure servers within the European Economic Area (EEA), ensuring full protection under EU data sovereignty laws.
Article 5: Retention and your rights
We retain identity and financial records for a minimum period of five (5) to seven (7) years after account closure to satisfy French tax administration and anti-money laundering requirements. Under GDPR, you have the right to access, rectify, erase, and port your data. Requests can be sent to [email protected]. You also have the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL).