ElenPAY Logo

Privacy Policy

1. Identity of the Data Controller

You are hereby informed that the personal data you provide through this website will be processed under the responsibility of:

Personal data will be processed in a lawful, fair, and transparent manner, at all times in accordance with the principles and safeguards provided under applicable data protection law.

2. Personal Data Processed

Personal data that ElenPAY may collect through the Website https://elenpay.tech, as well as through forms, tools, or enabled functionalities, is limited to what is strictly necessary for the purposes described in this policy and may include the following categories:

a) Identification and contact data

b) Technical and browsing data

c) Data derived from use of the site

d) Data provided during pre-registration or contact phases

The Website does not request or process special categories of personal data (such as health data, ideology, trade union membership, religion, sexual orientation, or biometric data), nor financial data or data relating to active crypto-assets, unless necessary and specifically disclosed with a sufficient legal basis.

The User warrants that the data provided is truthful, accurate, complete, and up to date, and undertakes to notify ElenPAY of any relevant changes in order to keep it current.

3. Purposes of Processing

Personal data provided by the User through the Website https://elenpay.tech, or through any enabled forms or channels, may be processed by ElenPAY for the following legitimate purposes:

a) Managing inquiries and information requests

To attend to and respond to inquiries, suggestions, questions, or requests that the User may submit through contact forms or enabled email addresses.

b) Managing registrations, waitlists, or pre-registration forms

To allow the User to express interest in the services offered by ElenPAY once it begins operating as a regulated provider, and to communicate updates, invitations to participate in validation studies, beta phases, or pilot programs.

c) Non-intrusive informational and commercial communications

To send information about the ElenPAY project, regulatory updates, planned features, or changes to legal policies. Such communications will only be carried out if the User has given their consent or if there is a duly balanced legitimate interest.

d) Statistical and technical analysis of Website use

To collect browsing and behavioral data for statistical purposes, improving User experience, usability, and Website performance, always using anonymization or pseudonymization techniques where applicable.

e) Compliance with legal or regulatory obligations

ElenPAY does not use collected data to create automated profiles with legal effects, nor for exclusively automated decision-making.

In all cases, the User will be informed at each data collection form or point whether the provision of data is mandatory or voluntary, as well as the consequences of not providing it.

4. Legal Basis for Processing

The processing of personal data collected through the ElenPAY Website is based on one or more of the following legal grounds, in accordance with Article 6 of Regulation (EU) 2016/679 (GDPR):

a) Consent of the data subject (Art. 6.1.a GDPR)

The legal basis for processing personal data will be the User's consent when they:

This consent may be withdrawn at any time, without affecting the lawfulness of processing based on consent prior to its withdrawal.

b) Pre-contractual measures (Art. 6.1.b GDPR)

Where the User provides data to participate in pre-registration, validation, or service testing phases for services to be provided by ElenPAY once authorized as a crypto-asset service provider, the processing is based on the need to take pre-contractual measures at the request of the data subject.

c) Compliance with legal obligations (Art. 6.1.c GDPR)

Processing may be necessary to comply with legal obligations applicable to ElenPAY, such as compliance with anti-money laundering legislation, data protection law, or defense of rights before competent authorities.

d) Legitimate interest (Art. 6.1.f GDPR)

ElenPAY may process certain data based on its legitimate interest, duly balanced against the User's rights and freedoms, in order to:

In such cases, the User may always object to processing based on legitimate interest, in accordance with Article 21 of the GDPR.

5. Data Retention Periods

ElenPAY will retain personal data provided by the User only for the time strictly necessary to fulfill the purposes for which it was collected, without prejudice to its retention during the legal or contractual periods applicable to each type of processing.

a) Data collected through contact or pre-registration forms

Will be retained while the request, inquiry, or contact is being processed, and subsequently for a maximum period of 12 months, unless the User requests deletion earlier or a contractual relationship is established.

b) Data relating to informational or commercial communications

Will be retained until the User withdraws consent, unsubscribes, or objects to the processing. Each communication will include a clear and effective means to exercise this right.

c) Data needed to comply with legal obligations

Will be retained for the periods established by applicable law, including those arising from tax, commercial, data protection, or anti-money laundering obligations, where applicable.

d) Data obtained through cookies or similar technologies

Will be processed in accordance with the periods defined in the Cookies Policy and may be deleted in accordance with browser settings or the User's preferences.

Upon expiration of the applicable retention period, data will be blocked and retained exclusively for the purpose of complying with legal obligations or defending against claims, during the applicable limitation periods. After that period, data will be securely deleted.

6. Recipients and Data Processors

ElenPAY does not disclose personal data to third parties, except where there is a legal obligation, a request from competent authorities, or where necessary to fulfill the legitimate purposes described in this policy.

However, certain processing activities may require access to personal data by external providers acting as data processors, in accordance with Article 28 of the GDPR. These third parties provide technical support, infrastructure, analytics, communication, or development services, and operate under the following conditions:

Types of data processors that may access data include, without limitation:

If, in the future, data is to be disclosed to other group entities or third parties on a sufficient legal basis, ElenPAY will expressly notify the User and, where required, obtain the corresponding consent.

7. International Data Transfers

As a general rule, ElenPAY does not carry out international transfers of personal data to third countries or international organizations located outside the European Economic Area (EEA).

However, certain services provided by trusted technology providers may involve processing of data from locations outside the EEA, in which case ElenPAY ensures that appropriate safeguards required by the GDPR are applied to protect the rights and freedoms of data subjects.

In particular, transfers will be carried out in accordance with one of the following legal mechanisms:

In any event, ElenPAY will ensure that its providers guarantee a level of protection equivalent to that required by European law and adopt adequate technical and organizational security measures.

The User may at any time request additional information about the mechanisms used for international data transfers, as well as a copy of the standard contractual clauses or other safeguards, by contacting info@paidlyinteractive.com.

8. User Rights

The User, as the owner of the personal data processed by ElenPAY, has the right to exercise at any time the rights recognized under applicable data protection law, and in particular the following:

a) Right of access

To find out what personal data ElenPAY processes, for what purposes, where it originated, whether it has been disclosed to third parties, and how long it will be retained.

b) Right of rectification

To request the correction of inaccurate or incomplete personal data.

c) Right of erasure (right to be forgotten)

To request the deletion of personal data when it is no longer necessary for the purposes for which it was collected, when consent has been withdrawn, or when the User has objected to the processing.

d) Right to restriction of processing

To obtain restriction of the processing of personal data in certain circumstances provided for by applicable law, for example while the accuracy of the data or the lawfulness of the processing is being verified.

e) Right to object

To object to the processing of personal data on grounds relating to the User's particular situation, where the legal basis for processing is legitimate interest or the performance of a task in the public interest.

f) Right to data portability

To receive personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller where the processing is based on consent or a contract and is carried out by automated means.

g) Right not to be subject to automated individual decisions

Including profiling, when such decisions produce legal effects or significantly affect the User, unless there is a legal basis for such processing and the User is duly informed.

How to Exercise Your Rights

The User may exercise their rights at any time and free of charge by submitting a written, signed request accompanied by a copy of their identity document, through any of the following means:

9. Applicable Security Measures

ElenPAY is committed to ensuring the security, confidentiality, and integrity of the personal data processed, and has adopted appropriate technical and organizational measures in accordance with the risk level associated with each type of processing, as required by Article 32 of the GDPR.

These measures are designed to:

Among others, ElenPAY has implemented the following security measures:

ElenPAY applies a proactive security-by-design and by-default approach, ensuring that only strictly necessary data is processed, with the minimum possible exposure and always under technical and legal supervision.

In the event of a security breach affecting personal data, ElenPAY undertakes to notify the relevant supervisory authority and, where appropriate, the affected individuals, within the timeframes and under the conditions established by applicable law.

10. Minors

The services offered through the ElenPAY Website are not directed to individuals under 18 years of age, and their use by persons who have not reached legal age is expressly prohibited, particularly with regard to participation in features, contact forms, or pre-registration processes.

ElenPAY does not knowingly collect or process personal data from minors. If a minor has provided personal data without the consent of their legal representatives, such data will be deleted immediately upon becoming aware of this.

Furthermore, access to products and services related to crypto-assets involves financial and technological risks that require full legal capacity and informed understanding, which reinforces the exclusion of minors from the scope of this processing.

ElenPAY recommends that parents, guardians, and legal representatives actively monitor minors' use of the Internet and implement parental controls if there is a possibility that they may access sites of this nature.

For any questions or communications related to this matter, please contact info@paidlyinteractive.com.

11. Use of Cookies and Similar Technologies

The ElenPAY Website uses cookies and similar technologies (such as tracking tags, pixels, or local storage) to facilitate browsing, improve the User experience, and obtain analytical information about site usage.

Cookies may be first-party or third-party, technical, personalization, analytics, or advertising cookies. In no case will they be used to obtain sensitive personal information or be transferred to third parties without an adequate legal basis.

Non-strictly necessary cookies will only be installed with the User's express consent, which may be managed through the Cookie Settings Panel enabled on the Website. The User may also configure their browser to reject or delete cookies at any time, although this may affect the functionality of the site.

For detailed information about the cookies used, their purpose, owner, duration, and opt-out mechanisms, please consult our Cookies Policy.

Use of the Website constitutes informed acceptance of this policy to the extent that the User has consented to the use of cookies in accordance with their preferences.

12. Amendments to the Privacy Policy

ElenPAY reserves the right to modify, update, or revise the content of this Privacy Policy at any time and without prior notice, in order to adapt it to legislative or jurisprudential developments, guidance from supervisory authorities, changes in the processing activities carried out, or the evolution of the services offered.

If material changes are introduced that affect Users' rights or freedoms, ElenPAY will communicate such changes clearly and prominently through the Website or by equivalent means, requesting the User's consent where legally required.

The User is bound by the version of the Privacy Policy in force at the time of accessing the Website, and is therefore encouraged to review it periodically.

This policy was last updated in: July 2025.

13. Contact and Exercise of Rights

The User may at any time exercise their rights of access, rectification, erasure, restriction of processing, portability, and objection, as well as withdraw consent where processing is based on this legal ground, by submitting a written request to ElenPAY through any of the following means:

The request must include the data subject's full name, a copy of a valid identity document (national ID/NIE/passport), a specific description of the right they wish to exercise, and, where applicable, supporting documentation.