4IRE Real Tokenization

How we collect, use, and protect your personal data

Last updated: May 13, 2026

GDPR Compliant

Data Controller: 4IRE Labs Ltd

1. Introduction

4IRE Labs Ltd ("we", "our", "us") is the data controller responsible for your personal data when you use the 4IRE Real Tokenization platform. This Privacy Policy explains what data we collect, why we collect it, how we use it, and what rights you have under the General Data Protection Regulation (GDPR) and applicable data protection laws.

We are committed to processing your data lawfully, fairly, and transparently. We will never sell your personal data to third parties.

2. Data We Collect

We collect the following categories of personal data:

Identity Data

Full name, date of birth, government-issued ID, selfie photos collected during KYC.

Contact Data

Email address, phone number, postal address.

Financial Data

Wallet addresses, transaction history, portfolio holdings.

Technical Data

IP address, browser type, device identifiers, cookies, and usage logs.

Verification Data

Documents provided for AML/KYC compliance screening.

Communications

Messages sent to our support team, feedback, and survey responses.

3. How We Use Your Data

To create and manage your account and verify your identity (KYC/AML).

To process transactions, asset purchases, and redemptions on the platform.

To comply with applicable financial regulations, anti-money laundering laws, and tax reporting obligations.

To send important account notifications, security alerts, and transaction confirmations.

To improve platform performance, fix bugs, and develop new features.

To respond to your inquiries and provide customer support.

To send marketing communications where you have given explicit consent (you may withdraw at any time).

4. Legal Basis for Processing

Contract performance — processing necessary to provide the platform services you requested.

Legal obligation — KYC, AML, and tax reporting required by law.

Legitimate interests — fraud prevention, security monitoring, and product improvement.

Consent — marketing emails and optional analytics cookies (you may withdraw at any time).

5. Data Sharing

We do not sell your personal data. We may share it only in the following circumstances:

KYC / identity verification providers (e.g., Sumsub, Onfido) to fulfil compliance obligations.

Blockchain infrastructure providers for transaction processing.

Cloud hosting and infrastructure providers (data processed under GDPR-compliant Data Processing Agreements).

Regulatory authorities, law enforcement, or courts when legally required.

Professional advisors (lawyers, accountants) under confidentiality obligations.

6. Cookies

We use cookies and similar tracking technologies to operate the platform. Essential cookies are required for core functionality and cannot be disabled. Analytics and preference cookies are optional and require your consent via the cookie banner. You can manage cookie preferences at any time through your browser settings or our cookie preference centre.

7. Data Security

We implement industry-standard security measures including AES-256 encryption at rest, TLS 1.3 in transit, multi-factor authentication, and regular third-party security audits. We maintain an incident response plan and will notify you of any data breach affecting your rights within 72 hours of discovery, as required by GDPR.

8. Your Rights

Under GDPR and applicable data protection law, you have the following rights:

👁️

Right of Access

Request a copy of all personal data we hold about you.

✏️

Right to Rectification

Ask us to correct inaccurate or incomplete data.

🗑️

Right to Erasure

Request deletion of your data subject to legal retention obligations.

📦

Data Portability

Receive your data in a machine-readable format.

🚫

Right to Object

Object to processing based on legitimate interests or direct marketing.

⏸️

Right to Restrict

Ask us to pause processing while a dispute is resolved.

To exercise any of these rights, email us at hello@4irelabs.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

9. International Data Transfers

Your data may be processed in countries outside the European Economic Area (EEA) by our service providers. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission or transfers to countries with an adequacy decision.

10. Data Retention

We retain your personal data for as long as necessary to provide services and meet legal obligations. KYC and AML records are retained for a minimum of 5 years after account closure as required by financial regulations. Transaction records are kept for 7 years for tax purposes. Marketing consent records are kept until you withdraw consent.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes via email or an in-platform notification at least 14 days before the changes take effect. The date at the top of this page indicates when the policy was last revised.

Questions or Requests?

For any privacy-related questions, data subject requests, or to reach our Data Protection Officer:

hello@4irelabs.com

4IRE Labs Ltd · Lisbon, Portugal · Data Controller