Privacy Policy
Effective Date: 28 January 2026
Last Updated: 28 January 2026
MorganMeridian Ltd (“we”, “us”, “our”) respects your privacy and is committed to protecting your personal data in compliance with the **General Data Protection Regulation (GDPR)** (Regulation (EU) 2016/679), the **ePrivacy Directive** (as implemented in Poland), the **UK GDPR**, the **Data (Use and Access) Act 2025**, and applicable anti-money laundering (AML) regulations. This Privacy Policy explains how we collect, use, disclose, transfer, and protect your personal data when you use our website, mobile application, trading platform, wallets, and related services (the “Platform”).
This Policy forms part of our Terms of Service and Cookie Policy.
1. Who We Are (Data Controller)
MorganMeridian Ltd is the data controller responsible for your personal data.
Registered in England and Wales.
Data Protection Officer (DPO): [email protected]
For users in Poland / EEA: We are subject to the supervisory authority of the Polish Urząd Ochrony Danych Osobowych (UODO) and other relevant EU authorities.
2. Personal Data We Collect
We collect the following categories of personal data:
- Identity & Contact Data: name, email, phone, date of birth, nationality, residential address
- KYC/AML Data: ID/passport, proof of address, selfie, source of funds/wealth documentation (required for compliance with AML/CTF laws)
- Financial Data: wallet addresses, transaction history, deposit/withdrawal details (on-chain and off-chain)
- Technical & Usage Data: IP address, browser type, device info, OS, cookies & trackers, login times, pages visited
- Communication Data: support tickets, chat logs, emails
- Marketing & Preferences Data: consent choices, marketing preferences
We do **not** collect sensitive data (e.g., racial/ethnic origin, political opinions) unless strictly required for AML screening.
3. How We Collect Your Data
- Directly from you (registration, KYC, support requests, deposits/withdrawals)
- Automatically (cookies, analytics tools, server logs)
- From third parties (blockchain explorers for on-chain verification, credit/reference agencies for AML, payment processors)
4. Purposes & Lawful Basis for Processing
| Purpose | Lawful Basis (GDPR Art. 6) |
|---|
| Account creation & authentication | Contract (Art. 6(1)(b)) |
| KYC/AML compliance & fraud prevention | Legal obligation (Art. 6(1)(c)) + substantial public interest (Art. 9(2)(g)) |
| Providing Platform services (trading, wallet, staking) | Contract (Art. 6(1)(b)) |
| Analytics & service improvement | Legitimate interests (Art. 6(1)(f)) or Consent (Art. 6(1)(a)) |
| Marketing communications | Consent (Art. 6(1)(a)) or Legitimate interests (soft opt-in) |
| Security & platform integrity | Legitimate interests (Art. 6(1)(f)) |
5. Third Parties & International Transfers
We share data with:
- Service providers: Google (Analytics/Ads – Consent Mode v2 applied), cloud providers (AWS/Azure), payment processors
- AML/KYC tools: Chainalysis, Elliptic, Sumsub
- Regulators & authorities: FCA (UK), UODO (PL), law enforcement (if required)
Data may be transferred outside the EEA (e.g., USA). We use **Standard Contractual Clauses (SCC)** + supplementary measures (encryption, access controls) to ensure adequate protection.
6. Cookies & Tracking Technologies
We use cookies and similar technologies as described in our Cookie Policy. You can manage preferences via our consent banner. Google acts as a third-party processor for analytics and advertising.
7. Data Retention
We retain personal data only as long as necessary:
- KYC/AML data: 5 years after account closure (AML legal requirement)
- Transaction data: 5–10 years (regulatory)
- Marketing data: until consent withdrawn
- Technical logs: up to 2 years
8. Your Rights (GDPR/UK GDPR)
You have the right to:
- Access your data
- Rectify inaccurate data
- Erase data (subject to legal retention obligations)
- Restrict processing
- Data portability
- Object to processing (including profiling)
- Withdraw consent (where applicable)
- Lodge a complaint with UODO (Poland) or ICO (UK)
To exercise rights: [email protected]
9. Security
We implement technical and organisational measures (encryption, 2FA, multi-sig wallets, regular audits) to protect your data. However, no system is 100% secure — you are responsible for securing your credentials and devices.
10. Changes to This Policy
We may update this Policy. Changes will be posted here with the updated date. Significant changes will be notified via email or in-app notice.