Data Protection Policy

Policy

Last updated: 31-12-25

 

  1. Purpose of This Policy

This Data Protection Policy outlines how PixelPai ApS ensures compliance with data protection laws, including the EU General Data Protection Regulation (GDPR), when processing personal data in connection with its Platform, Services, and compliance infrastructure.

This policy applies to PixelPai employees, contractors, Users, Clients, partners, and service providers.

 

  1. Legal Framework

PixelPai processes personal data in accordance with:

  • GDPR (EU 2016/679)
  • Danish Data Protection Act
  • MiCA-related operational requirements
  • AML/KYC obligations
  • FATF recommendations
  • Applicable international data protection standards

 

  1. Data Protection Principles

PixelPai adheres to the following principles:

  • Lawfulness, fairness, and transparency
  • Purpose limitation
  • Data minimization
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality
  • Accountability

 

  1. Categories of Personal Data

PixelPai may process the following categories of data:

  • Identification data (name, email, user ID)
  • Authentication data (login credentials, wallet signatures)
  • Blockchain-related data (public wallet addresses, transaction metadata)
  • Compliance data (screening results, risk flags, audit logs)
  • Technical data (IP address, device information, logs)
  • Business and contractual data

Where blockchain data can be linked to an identifiable individual, it is treated as personal data under GDPR.

 

  1. Lawful Bases for Processing

PixelPai processes personal data based on one or more of the following legal bases:

  • Performance of a contract
  • Compliance with legal obligations
  • Legitimate interests
  • User consent (where required)

 

  1. Onchain Data and Immutability

Blockchain data is inherently immutable and publicly accessible. PixelPai does not control or modify onchain records.

Where offchain personal data is linked to onchain identifiers for compliance or service delivery purposes, such linkages are:

  • Minimized
  • Access-controlled
  • Retained only for legally required periods

 

  1. Custodial Wallets and Asset Handling

PixelPai may generate and maintain custodial wallets linked to user profiles for operational and compliance purposes.

Data associated with custodial wallets includes:

  • Wallet identifiers
  • Balance metadata
  • Transaction logs
  • Compliance screening results

Withdrawals to external wallets may require identity verification depending on regulatory requirements.

 

  1. Data Sharing and Sub-Processors

PixelPai may share personal data with trusted sub-processors for:

  • Identity verification
  • Custody and settlement infrastructure
  • Cloud hosting
  • Analytics and monitoring
  • Security and fraud prevention

All sub-processors are subject to data processing agreements ensuring GDPR-equivalent protections.

 

  1. International Data Transfers

Where data is transferred outside the EEA, PixelPai relies on:

  • Standard Contractual Clauses (SCCs), or
  • Other lawful transfer mechanisms recognized under GDPR

 

  1. Data Security Measures

PixelPai implements appropriate technical and organizational measures, including:

  • Encryption at rest and in transit
  • Role-based access control
  • Multi-factor authentication
  • Segregation of duties
  • Monitoring and logging
  • Incident response procedures

 

  1. Data Retention

Personal data is retained only for as long as necessary to fulfill legal and contractual obligations, including:

  • AML/KYC retention requirements
  • Accounting and audit obligations
  • Regulatory reporting

Data retention schedules are reviewed regularly.

 

  1. Data Subject Rights

Data subjects have the right to:

  • Access personal data
  • Rectify inaccuracies
  • Request erasure (subject to legal retention obligations)
  • Restrict processing
  • Data portability
  • Object to processing

Requests may be sent to data@pixelpai.com.

 

  1. Data Breach Management

PixelPai maintains an incident response plan. In the event of a personal data breach:

  • Containment and investigation procedures are initiated
  • Notifications are made to authorities and affected individuals as required by GDPR

 

  1. Training and Awareness

PixelPai ensures that employees and contractors receive regular training on data protection, security, and compliance obligations.

 

  1. Policy Review and Updates

This Data Protection Policy is reviewed periodically and updated to reflect changes in law, technology, or operational practices.

 

  1. Contact

For data protection inquiries:

Email: data@pixelpai.com
Address: Applebys Plads 7, 2, 1411 Copenhagen K, Denmark

 

© 2025 PixelPai. All rights reserved.
Privacy Policy Terms of Service Cookie Policy Data Protection FAQ