At LopeNexus.com ("we", "us", or "our"), protecting your personal data is a fundamental responsibility. This Privacy Statement explains how we handle your personal information in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679.

---

1. Data Controller and Data Processor Roles

We operate as a Data Controller in determining the purpose and means of processing personal data, and we rely on third-party processors for storing and managing all Personally Identifiable Information (PII).

These third-party service providers are contractually bound by Data Processing Agreements (DPAs) to ensure GDPR compliance and implement robust data protection measures.

---

2. What Personal Data We Process

We do not directly store or process customer PII. Instead, such data is handled by third-party infrastructure providers (e.g., identity verification, analytics, or customer support tools).

Depending on the third-party services you use, the following categories of data may be processed:

• Identification data (e.g., name, email address)
• Financial and transaction data
• Technical data (e.g., device ID, IP address)
• Communication metadata

We do not collect or retain any sensitive data (e.g., biometric data) beyond what is strictly necessary for the operation of our service.

---

3. Lawful Basis for Processing

We process personal data based on:

• Contractual necessity: to provide you with crypto swap services.
• Legal obligation: for compliance with Anti-Money Laundering (AML) and Know Your Customer (KYC) regulations.
• Legitimate interest: to ensure platform security and fraud prevention.
• Consent: where required (e.g., for marketing or analytics).

---

4. Data Security

We prioritize the security and confidentiality of your data:

• End-to-end encryption: All data is encrypted in transit (TLS) and at rest (AES-256 or equivalent).
• Zero direct access: We do not directly access or store your personal data on our systems.
• Vendor oversight: All processors undergo periodic security audits and due diligence reviews.

---

5. International Data Transfers

Where third-party processors are located outside the European Economic Area (EEA), data transfers are protected by:

• EU Standard Contractual Clauses (SCCs)
• Adequacy decisions by the European Commission
• Other legally valid transfer mechanisms

---

6. Data Retention

We ensure that personal data is retained only as long as necessary for:

• Contract fulfillment
• Legal and regulatory compliance
• Security and operational integrity

You may request information on specific retention periods applicable to third-party providers.

---

7. Your Rights Under GDPR

You have the following rights under GDPR:

• Right of access — Know what data is processed and why.
• Right to rectification — Correct inaccurate data.
• Right to erasure ("right to be forgotten") — Request deletion, subject to regulatory exceptions.
• Right to restrict processing — Limit how your data is used.
• Right to data portability
• Right to object
• Right to lodge a complaint with a supervisory authority.

To exercise any of these rights, contact us at: info@lopenexus.com

---

8. Contact & Questions

If you have any concerns or questions about your privacy, reach out to:

Data Protection Officer (DPO)
Email: info@lopenexus.com

---

9. Updates to this Policy

We may update this Privacy Statement as needed to reflect changes in our practices or regulatory obligations. The latest version will always be available at Privacy Policy.