Privacy Policy

Responsible handling of your personal data is of the highest importance to Cairn Phundholm. We process information transparently, for defined purposes and in accordance with applicable law – in particular the GDPR. This policy explains what data we collect, why we use it, how long we retain it and how we protect it.

1. Data Controller

The data controller for your personal data under the GDPR is the operator of the Cairn Phundholm website and platform. Relevant contact details and further information can be found in this site's imprint. For privacy questions you can contact our Data Protection Officer.

2. Collected Data

We collect and process only the data necessary to provide our services, meet legal obligations and operate the platform securely. These include in particular:

  • Identity data: first and last name, date of birth (for age and identity verification).
  • Contact details: email address, phone number (optional), country of residence and, where applicable, address.
  • Account and transaction information: payment details, deposits and withdrawals, transaction history.
  • Technical and usage data: IP address, browser type, device information, access times, log data.
  • Verification documents: identity documents, proof of address or other documents for KYC/AML checks (only when legally required).

Special categories of personal data (e.g. health data or religious beliefs) are generally not collected unless expressly required by law or given with your explicit consent.

3. Collection Methods

Your data is collected via various secure channels:

  • Directly from you: for example during registration, profile updates, submission of verification documents or use of the contact form.
  • Automatically: e.g. via cookies, server log files, analytics tools and device information while using the platform.
  • From third parties: such as payment providers (for deposits and withdrawals), identity verification services (KYC/AML) or – with your consent – social login services.

4. Purposes of Processing

We process your personal data only for clear and legitimate purposes:

  • Setting up, managing and providing your user account and platform features.
  • Processing and securing payment transactions (deposits and withdrawals).
  • Personal customer support and handling your enquiries.
  • Complying with legal and regulatory obligations (e.g. KYC, AML and tax requirements).
  • Ensuring IT security and protection against fraud, misuse and attacks.
  • Optimising the user experience and developing the platform further.
  • Marketing and informational purposes – only based on your explicit consent.

5. Legal Bases for Processing

  • Performance of a contract or pre-contractual measures (Art. 6(1)(b) GDPR).
  • Compliance with legal obligations (Art. 6(1)(c) GDPR), e.g. related to anti-money laundering.
  • Protection of legitimate interests (Art. 6(1)(f) GDPR), e.g. to ensure platform stability and security.
  • Your explicit consent (Art. 6(1)(a) GDPR), for example for marketing or optional additional features.

6. Data Sharing

Your data is only shared when necessary and exclusively with carefully selected partners:

  • Payment service providers and banks to process deposits and withdrawals.
  • Specialised providers for conducting KYC/AML checks.
  • IT and cloud providers with whom we have data processing agreements.
  • Analytics and security tools that – where possible – work with anonymised or pseudonymised data.
  • External advisors (e.g. lawyers, tax advisors) in the context of legal obligations.
  • Authorities or courts when there is a legal obligation or to enforce rights.

Your personal data will not be transferred or sold to third parties for commercial purposes.

7. International Data Transfers

In some cases we use providers (e.g. cloud or analytics services) outside the European Economic Area. In such cases we implement appropriate safeguards such as EU standard contractual clauses, binding corporate rules or adequacy decisions by the European Commission to ensure an adequate level of data protection.

8. Data Security

To protect your data we take extensive technical and organisational measures:

  • Encrypted data transmission using up-to-date protocols (e.g. TLS 1.3+).
  • Strong encryption of sensitive data at rest (e.g. AES-256).
  • Regular security reviews, penetration tests and audits by independent specialists.
  • Continuous monitoring of systems for suspicious activity and attack attempts.
  • Strict access controls and role-based permissions within the team.
  • Holding client funds in segregated accounts with regulated partner institutions.

Absolute protection against all risks cannot be technically guaranteed, but our measures reduce such risks to a very low level.

9. Data Retention

We retain your data only for as long as required for the stated purposes or as legally required:

  • For the duration of the active use of your account and the contractual relationship.
  • After account closure for the legally required period (e.g. 5–10 years for tax and regulatory purposes).
  • For consent-based processing (e.g. marketing) until you withdraw your consent.

When data is no longer needed we delete it securely or anonymise it.

10. Your Rights as a Data Subject

You have extensive rights regarding your personal data. In particular, you can:

  • Request information about what data we hold about you.
  • Request correction of inaccurate or completion of incomplete data.
  • Request deletion of your data where no legal retention obligations exist.
  • Request restriction of processing in certain cases.
  • Receive your data in a structured, commonly used and machine-readable format (data portability).
  • Withdraw consents given at any time with future effect.
  • Lodge a complaint with a competent data protection supervisory authority.

11. Cookies and Similar Technologies

We use cookies and similar technologies to ensure platform functionality, analyse usage and optimise the experience. Essential cookies are always active, while analytical and marketing cookies require your prior consent. More details can be found in our Cookie Policy.

12. Changes to this Privacy Policy

We may update this policy from time to time – for example due to legal changes, regulatory requirements or new features. The updated version is always available on the website. We will inform you of relevant changes by email or directly on the platform.

13. Contact for Data Protection Matters

If you have questions about data protection, this policy or exercising your rights, contact us by email at [email protected] or via the site's contact form. Our Data Protection Officer will review your request and respond promptly.

visa mastercard paypal ssl security

By using Cairn Phundholm you confirm that you have read this Privacy Policy and accept its content.

Thank you for your trust. Protecting your data and privacy remains a central priority for us.

Pagina Principale ¿Por qué empezar a invertir? ¿Cómo comenzar a invertir? ¿Quién está detrás de Cairn Phundholm? Riesgos asociados a la inversión Ventajas FAQ Contact Pravila privatnosti Terms and conditions