What information we collect

Personal Information: When you register on our platform, we collect the following personal information: full name, email address, phone number, date of birth, country of residence, and address. This information is necessary to create your account, carry out the identity verification (KYC) process, and ensure the security of your investments.

Financial Information: To provide investment services, we collect information about your financial transactions, including deposit and withdrawal amounts, cryptocurrency wallet addresses, transaction history, and income data. We may also request documents verifying the source of funds in accordance with Anti-Money Laundering (AML) requirements.

Technical Information: Automatically collected information includes your IP address, device and browser type, operating system, visit times, pages viewed, and actions taken on the platform. We use cookies and similar technologies to improve site functionality and personalize your user experience. Verification Information: As part of the KYC procedure, we collect copies of identity documents (e.g., passport, driver's license), proof of address documents, and a selfie to confirm your identity. This information is processed using advanced recognition technologies and stored in encrypted form.

How we use your information

Provision of Services: The main purpose of collecting personal data is to provide high-quality investment services. We use your information to create and manage your account, process deposits and withdrawals, accrue interest, provide access to investment plans, and operate our affiliate program.

Security and Compliance: Your data is used to conduct identity verification, monitor for suspicious activity, prevent fraud, and ensure compliance with international AML and KYC standards. We analyze behavioral patterns to identify potential security threats and protect user funds.

Communication and Support: We use your contact information to send important notifications about your account status, changes to our terms of service, technical updates, and to respond to your support inquiries. We may also send educational materials and information about new platform features.

Service Improvement: Analyzing user behavior and feedback helps us improve the platform's functionality, develop new products, and optimize the user interface. We use aggregated and anonymized data for research and analytics.

Legal Basis for Data Processing

Performance of a Contract: The processing of your personal data is necessary to fulfill the investment services agreement between you and our company. Without this processing, we cannot provide you with access to our services.

Compliance with Legal Obligations: We are required to process certain personal data to comply with legal requirements in the financial services sector, including KYC, AML, and tax regulations in various jurisdictions.

Legitimate Interests: In some cases, we process data based on our legitimate interests, such as ensuring platform security, preventing fraud, improving our services, and conducting marketing research. In doing so, we always balance our interests against your privacy rights.

Consent: For certain types of processing, such as marketing communications or the use of additional analytical tools, we will request your explicit consent. You can withdraw your consent at any time through your account settings.

Sharing Information with Third Parties

Service Providers: We may share your personal data with trusted service providers who assist us in delivering our services. This includes cloud hosting providers, identity verification services, payment processors, and analytics providers. All service providers are bound by strict contractual confidentiality obligations.

Regulatory Authorities: We may disclose personal data to authorized government bodies, courts, or regulatory organizations if required by applicable law. We strive to notify users of such requests unless prohibited by law.

Security Partners: To ensure platform security and prevent fraud, we may share information with specialized security firms and financial fraud databases.

Corporate Transactions: In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the new owner. We will notify users of any such changes and ensure that the level of data protection is maintained.

International Data Transfers

Global Infrastructure: Our platform uses a global IT infrastructure, which may require transferring personal data to countries outside the European Union. We ensure an adequate level of data protection for all international transfers.

Safeguard Mechanisms: For international data transfers, we use Standard Contractual Clauses approved by the European Commission, Privacy Shield certification (where applicable), and other recognized protection mechanisms. We regularly assess the adequacy of data protection in recipient countries.

Servers and Storage: Our main servers containing personal data are located in jurisdictions with high data protection standards. Backups may be stored in other regions, but always with encryption and other security measures.

Security Measures

Technical Protection: We employ modern technical security measures, including data encryption in transit and at rest (AES-256), multi-factor authentication, regular security system updates, and real-time threat monitoring. Access to personal data is restricted and controlled by an access control system.

Organizational Measures: All employees with access to personal data undergo privacy training and sign non-disclosure agreements. We conduct regular security audits and penetration testing to identify and remediate vulnerabilities.

Physical Security: Our servers and equipment are located in certified data centers with access control, video surveillance, fire suppression systems, and backup power. Physical access to the equipment is strictly limited and logged.

Incident Response: We have a security incident response plan that includes procedures for detecting, containing, investigating, and reporting data breaches. In the event of a serious incident, we will notify affected users and regulatory authorities as required by law.

Your Rights Regarding Personal Data

Right to Access: You have the right to obtain information about what personal data we process, for what purposes, to whom we disclose it, and how long we store it. You can request a copy of your personal data in a structured, commonly used, and machine-readable format.

Right to Rectification: If your personal data is inaccurate or incomplete, you have the right to request its correction or completion. We will make the corrections within a reasonable timeframe and notify any third parties to whom the inaccurate data was disclosed.

Right to Erasure ('Right to be Forgotten'): In certain circumstances, you can request the deletion of your personal data. However, this right may be limited by legal requirements for financial record-keeping and the need to prevent fraud.

Right to Restrict Processing: You can request the restriction of your personal data processing if you contest the data's accuracy, believe the processing is unlawful, or if we no longer need the data but you require it for legal claims.

Right to Data Portability: You have the right to receive the personal data you have provided to us in a structured format and to transmit it to another data controller. This right applies to data processed based on consent or a contract.

Right to Object: You can object to the processing of your personal data based on our legitimate interests, including profiling. We will cease processing unless we can demonstrate compelling legitimate grounds.

Data Retention Periods

Active Accounts: Personal data of active users is stored as long as the account remains active and we continue to provide services. Data essential for account functionality is retained for the entire period of platform usage.

Inactive Accounts: After an account is closed or services are terminated, we retain personal data for the period necessary to comply with legal obligations, resolve disputes, and prevent fraud. This period is typically 7 years from the last activity.

Financial Records: Data on financial transactions is retained in accordance with financial legislation, typically for at least 5-7 years. This includes information on deposits, withdrawals, interest accruals, and affiliate payouts.

Verification Documents: Documents provided during the KYC process are stored for the period mandated by anti-money laundering regulations, typically 5 years after account closure.

Contacts and Policy Updates

Contact Information: For any questions regarding the processing of your personal data, you can contact our Data Protection Officer at privacy@orvin.com. We commit to responding to your inquiry within 30 days.

Filing a Complaint: If you believe your data protection rights have been violated, you can file a complaint with the data protection authority in your country. We encourage you to contact us first so we can try to resolve the issue directly.

Policy Changes: We may periodically update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. We will notify you of significant changes via email or through platform notifications.

Effective Date: This Privacy Policy is effective as of June 15, 2025, and supersedes all previous versions. Your continued use of our services after this date constitutes your acceptance of the updated policy.