ElenPAY Logo

Privacy Policy

This policy was last updated in: July 2025.

1. Identity of the Data Controller

In compliance with Article 13 of Regulation (EU) 2016/679, General Data Protection Regulation (GDPR), and Article 11 of Organic Law 3/2018 (LOPDGDD), the User is informed that the personal data provided through this website will be processed under the responsibility of:

  • Data Controller: Clovr Labs, S.L.
  • Tax ID: B67306894
  • Registered office: Camino Can Minguet, No. 72, 08173, Sant Cugat del Vallès (Barcelona), Spain
  • Contact email: info@elenpay.tech
  • Main activity: Development of technological solutions for the management and use of crypto assets.
  • Regulatory status: Clovr Labs, S.L. is currently in the process of authorization as a crypto asset service provider, in accordance with Regulation (EU) 2023/1114 (MiCA).

The processing of personal data will be carried out lawfully, fairly and transparently, at all times in accordance with the principles and guarantees provided for in the applicable data protection regulations.

2. Personal Data Subject to Processing

The personal data that ElenPay may collect through the Website https://elenpay.tech, as well as through forms, tools or enabled functionalities, are limited to those strictly necessary for the purposes described in this policy and may include the following categories:

a) Identification and contact data

  • Name and surname
  • Email address
  • Country of residence
  • Phone number (in case of direct contact)

b) Technical and navigation data

  • IP address
  • Browser type and operating system
  • Date and time of access
  • Origin references (URL)
  • Data collected through cookies or similar technologies (see our Cookie Policy)

c) Data derived from site usage

  • Information about preferences, interests or user behavior during navigation
  • Aggregated data for non-identifying analytical or statistical purposes

d) Data provided in pre-registration or contact phases

  • Information that the User voluntarily provides when registering, joining waiting lists, completing forms or participating in studies prior to the launch of services
  • Comments or observations sent in forms or emails

The Website does not request or process special categories of personal data (such as health data, ideology, union affiliation, religion, sexual orientation or biometric data), nor financial data or data relating to crypto assets in active phase, unless this is necessary and specific information is provided with sufficient legal basis.

The User guarantees that the data provided is true, accurate, complete and up-to-date, and undertakes to communicate any relevant modifications to ElenPay in order to keep them up-to-date.

3. Processing Purposes

Personal data provided by the User through the Website https://elenpay.tech, or through any of the enabled forms or channels, may be processed by ElenPay for the following legitimate purposes:

a) Management of queries and information requests

To attend and respond to queries, suggestions, questions or requests that the User may make through contact forms or enabled email addresses.

b) Management of registrations, waiting lists or pre-registration forms

To allow the User to express their interest in the services offered by ElenPay once it begins operating as a regulated provider, as well as to communicate news, invitations to participate in validation studies, beta phases or pilot programs.

c) Non-intrusive informative and commercial communication

To send information about the ElenPay project, regulatory updates (such as obtaining MiCA authorization), planned functionalities or changes in legal policies. These communications will only be made if the User has given their consent or if there is a properly balanced legitimate interest.

d) Statistical and technical analysis of website usage

To collect browsing and User behavior data for statistical purposes, to improve experience, usability and performance of the Website, always through anonymization or pseudonymization techniques, when applicable.

e) Compliance with legal or regulatory obligations

Where appropriate, to process data to comply with applicable regulatory requirements, including those derived from Regulation (EU) 2023/1114 (MiCA) once ElenPay obtains the status of authorized provider, as well as requirements from administrative or judicial authorities.

ElenPay does not use the data collected to create automated profiles with legal effects or for exclusively automated decision-making, in accordance with Article 22 of the GDPR.

In any case, the User will be informed in each form or data collection point whether the provision of this data is mandatory or voluntary, as well as the consequences of not providing it.

4. Legal Basis for Processing

The processing of personal data collected through the ElenPay Website is based on one or more of the following legal bases, as provided for in Article 6 of Regulation (EU) 2016/679 (GDPR):

a) Consent of the data subject (art. 6.1.a GDPR)

The legal basis for the processing of personal data will be the User's consent when they voluntarily fill out contact or pre-registration forms, expressly accept the sending of informative or commercial communications, or authorize the use of cookies or similar technologies (when applicable). This consent may be withdrawn at any time, without affecting the lawfulness of processing based on consent prior to its withdrawal.

b) Performance of pre-contractual measures (art. 6.1.b GDPR)

When the User provides their data to participate in pre-registration, validation or testing phases of services that will be provided by ElenPay once authorized as a crypto asset service provider, the processing of their data is based on the need to adopt pre-contractual measures at the request of the data subject.

c) Compliance with legal obligations (art. 6.1.c GDPR)

Processing may be necessary to comply with legal obligations applicable to ElenPay, such as compliance with regulatory requirements derived from the MiCA Regulation, legislation on the prevention of money laundering (Law 10/2010), data protection or defense of rights before competent authorities.

d) Legitimate interest (art. 6.1.f GDPR)

ElenPay may process certain data based on its legitimate interest, duly balanced against the rights and freedoms of the User, to improve the functionality and security of the Website, prevent fraud or misuse, perform non-identifying statistical analyses, and communicate project advances to already registered users who have shown prior interest. In these cases, the User may always object to processing based on legitimate interest, in accordance with the provisions of Article 21 of the GDPR.

5. Data Retention Period

ElenPay will retain the personal data provided by the User only for the time strictly necessary to fulfill the purposes for which they were collected, without prejudice to their retention during the legal or contractual periods that may be required depending on the type of processing. As a guide, the following criteria will apply:

a) Data collected through contact or pre-registration forms

Will be retained while the request, query or contact is being processed, and subsequently for a maximum period of 12 months, unless the User requests their deletion earlier or a contractual relationship is established.

b) Data related to informative or commercial communications

Will be retained as long as the User does not revoke their consent, unsubscribe or object to processing. Each communication will offer a clear and effective means to exercise this right.

c) Data necessary to comply with legal obligations

Will be retained for the periods established by applicable regulations, including those derived from tax, commercial, data protection or money laundering prevention obligations, when applicable.

d) Data obtained through cookies or similar technologies

Will be processed according to the periods defined in the Cookie Policy, and may be deleted according to browser settings or User preferences.

After the corresponding period, the data will be blocked and retained exclusively for purposes of compliance with legal obligations or defense against claims, during the limitation periods established by applicable regulations. After this period, the data will be deleted securely.

6. Recipients and Data Processors

ElenPay does not communicate personal data to third parties, except in cases where there is a legal obligation, a requirement from competent authorities or it is necessary for the fulfillment of the legitimate purposes described in this policy.

However, certain processing may require access to personal data by external providers who act as data processors, as provided for in Article 28 of the GDPR. These third parties provide technical support, infrastructure, analytics, communication or development services, and act under the following conditions: Processing is carried out on behalf of ElenPay and under its documented instructions; there is a data processing agreement in accordance with current regulations; adequate security, confidentiality and regulatory compliance measures are guaranteed.

The types of data processors that may have access to data include, among others: Hosting and cloud storage providers; Email management and CRM platforms; Website usage analysis tools (anonymized or pseudonymized); Legal, technical or regulatory services contracted by Clovr Labs, S.L.

In the event that, in the future, the communication of data to other entities of the business group or other third parties with sufficient legal basis is foreseen, ElenPay will expressly notify the User and, where appropriate, request the corresponding consent.

7. International Data Transfers

In general, ElenPay does not carry out international transfers of personal data to third countries or international organizations located outside the European Economic Area (EEA).

However, certain services provided by trusted technology providers could involve data processing from locations outside the EEA, in which case ElenPay guarantees that appropriate safeguards required by the GDPR will be applied to protect the rights and freedoms of data subjects.

In particular, possible transfers will be made in accordance with one of the following legal mechanisms: Adequacy decision by the European Commission regarding the destination country (art. 45 GDPR); Contracts signed with standard contractual clauses approved by the Commission (art. 46.2.c GDPR); Application of duly approved binding corporate rules (art. 47 GDPR); Explicit consent of the data subject (art. 49.1.a GDPR), in specific situations and duly informed.

In any case, ElenPay will ensure that its providers guarantee a level of protection equivalent to that required by European legislation and adopt appropriate technical and organizational security measures.

The User may request at any time additional information about the mechanisms used for international data transfer, as well as a copy of the standard contractual clauses or other guarantees, by contacting info@elenpay.tech.

8. User Rights

The User, as the holder of the personal data processed by ElenPay, has the right to exercise at any time the rights recognized by current data protection legislation, and in particular the following:

a) Right of access

To know what personal data ElenPay processes, for what purposes, its origin, whether it has been communicated to third parties and how long it will be retained.

b) Right of rectification

To request the correction of inaccurate or incomplete personal data concerning them.

c) Right to erasure (right to be forgotten)

To request the deletion of their personal data when it is no longer necessary for the purposes that motivated its collection, they have withdrawn consent or have objected to processing.

d) Right to restriction of processing

To obtain the restriction of processing of their data in certain cases provided for by regulations, for example, while the accuracy of the data or the legitimacy of processing is being verified.

e) Right to object

To object to the processing of their data for reasons related to their particular situation, when the legal basis for processing is legitimate interest or the performance of a task in the public interest.

f) Right to data portability

To receive their personal data in a structured, commonly used and machine-readable format, and to transmit it to another controller when processing is based on consent or a contract and is carried out by automated means.

g) Right not to be subject to individualized automated decisions

Including profiling, when such decisions produce legal effects or significantly affect them, unless there is a legal basis for this and they are duly informed.

Exercise of rights: The User may exercise their rights at any time and free of charge, by submitting a written request, signed and accompanied by a copy of their identification document, via email to info@elenpay.tech or postal address: Clovr Labs, S.L. – Camino Can Minguet, No. 72, 08173, Sant Cugat del Vallès (Barcelona).

If the User considers that their rights have not been adequately addressed, they have the right to file a complaint with the Spanish Data Protection Agency (AEPD), through its electronic headquarters: www.aepd.es

9. Applicable Security Measures

ElenPay is committed to ensuring the security, confidentiality and integrity of the personal data processed, and for this purpose has adopted appropriate technical and organizational measures according to the level of risk associated with each type of processing, in accordance with Article 32 of the General Data Protection Regulation (GDPR).

These measures aim to: Prevent unauthorized access, alteration, loss or destruction of personal data; Guarantee the permanent confidentiality, integrity, availability and resilience of processing systems and services; Restore the availability and access to personal data quickly in case of physical or technical incident; Verify, evaluate and regularly assess the effectiveness of the implemented technical and organizational measures.

Among others, ElenPay has implemented the following security measures: Encryption of communications through HTTPS/TLS protocol; Access control and reinforced authentication in systems containing personal information; Intrusion detection and prevention systems (IDS/IPS); Encrypted backups with restricted access; Periodic audits and security tests on technological infrastructure; Internal confidentiality policies and staff training on data processing.

ElenPay applies a proactive security approach by design and by default, so that only strictly necessary data is processed, with the lowest possible degree of exposure and always under technical and legal supervision.

In the event of a security breach affecting personal data, ElenPay undertakes to notify the Spanish Data Protection Agency (AEPD) and, where appropriate, the data subjects, within the terms and deadlines established by current regulations.

10. Minors

The services offered through the ElenPay Website are not aimed at persons under 18 years of age, and their use by persons who have not reached the legal age of majority is expressly prohibited, especially regarding participation in functionalities, contact forms or pre-registration processes.

ElenPay does not knowingly collect or process personal data from minors. In the event that a minor has provided personal data without the consent of their legal representatives, it will be deleted immediately as soon as knowledge of this is obtained.

Likewise, it should be noted that access to products and services linked to crypto assets involves financial and technological risks that require full legal capacity and informed understanding, which reinforces the exclusion of minors from the scope of this processing.

ElenPay recommends that parents, mothers, guardians and legal representatives actively monitor the use that minors make of the Internet, and adopt parental control measures if there is a possibility that they may access sites of this nature.

For any questions or communications related to this aspect, you can contact info@elenpay.tech.

11. Use of Cookies and Similar Technologies

The ElenPay Website uses cookies and similar technologies (such as tracking tags, pixels or local storage) in order to facilitate navigation, improve the User experience and obtain analytical information about site usage.

Cookies may be own or third-party, technical, personalization, analysis or, where appropriate, advertising. In no case will they be used to obtain sensitive personal information nor will they be transferred to third parties without adequate legal basis.

The installation of non-strictly necessary cookies will only be carried out with the express consent of the User, which may be managed through the Cookie Settings Panel enabled on the Website. Likewise, the User can configure their browser to reject or delete cookies at any time, although this could affect the functionality of the site.

For detailed information about the cookies used, their purpose, ownership, duration and deactivation mechanisms, the User should consult our Cookie Policy.

The use of the Website implies informed acceptance of this policy to the extent that the User has consented to the use of cookies according to their preferences.

12. Modifications to the Privacy Policy

ElenPay reserves the right to modify, update or revise at any time and without prior notice the content of this Privacy Policy, in order to adapt it to legislative, jurisprudential novelties, criteria of supervisory authorities (such as the AEPD), changes in processing carried out or evolution of services offered.

In the event that significant changes are introduced that affect the rights or freedoms of Users, ElenPay will notify such modifications clearly and prominently through the Website or by equivalent means, requesting User consent when legally required.

The User is bound by the current version of the Privacy Policy at the time they access the Website, so periodic review is recommended.

This policy was last updated in: July 2025.

13. Contact and Exercise of Rights

The User may exercise at any time their rights of access, rectification, erasure, restriction of processing, portability and objection, as well as withdraw their consent when processing is based on this legitimacy, through a written request addressed to ElenPay through any of the following means:

Email: info@elenpay.tech

Postal address: Clovr Labs, S.L., Camino Can Minguet, No. 72, 08173 – Sant Cugat del Vallès (Barcelona), Spain

The request must contain the name and surname of the data subject, a copy of a valid identification document (ID card/residence permit/passport), a specific description of the right they wish to exercise and, where appropriate, supporting documentation.

If ElenPay does not adequately address the exercise of their rights, the User has the right to file a complaint with the Spanish Data Protection Agency (AEPD), through its electronic headquarters: www.aepd.es

ElenPAY is a brand developed by Clovr Labs