Article 62(2)(i) MiCA, Article 12 of 2025/305
Document submitted to the Czech National Bank (CNB) as part of an application for authorisation to provide services related to crypto-assets under Regulation (EU) 2023/1114 (MiCA)
Name: Walleexer s.r.o.
Identification number: 17989124
Registered office: Na Perštýně 342/1, Old Town, 110 00, Prague, Czech Republic
Website: https://walleexer.com, https://walleexer.com/en, https://app.holders.io
Contact person: Dr Eugen Marinoff
Phone: +447598989849
Email: eugen.marinoff@walleexer.com
operated by the company Walleexer s.r.o ,
(GDPR & Complaints Handling Procedures under Regulation (EU) 2023/1114 – MiCA )
| Channel | Complaints | GDPR | ||
|---|---|---|---|---|
| Address / link | Availability | Address / link | Availability | |
| Online form | complaints@walleexer.com | 24/7 | gdpr@modernipravnik.cz | 24/7 |
| Telegram | @welcomecards | 24/7 | @welcomecards | 24/7 |
| holders@support.io | 24/7 | holders@support.io | 24/7 | |
| Post | Data box: 5m7gczx | according to operating hours | Mánesova 1175/48, Vinohrady, 120 00 Praha 2 | according to operating hours |
| Personal submission | Na Perštýně 342/1, Old Town, 110 00, Prague, Czech Republic | Mon–Fri, 9 h– 18h | privacy@walleexer.com | Mon–Fri, 9 h– 18h |
These websites https://walleexer.com, https://walleexer.com/en, https://app.holders.io (the "website") are operated by the company Walleexer s.r.o., Identification number: 17989124, Registered office: Na Perštýně 342/1, Old Town, 110 00, Prague, Czech Republic, registered at the Municipal Court in Prague under file number C 379759, represented by Eugen Marinoff, executive director (hereinafter referred to as "We" or the "Company").
You can contact us by email above. Our contact address for delivery is in the table above ("Contact Address").
These GDPR principles and complaint handling procedures define and specify our and your rights and obligations in the area of protection of your personal data as Visitors and rights and obligations in other matters when using our websites, whether you are a Visitor or a Customer, in particular on the website your or your use of third-party owned web interfaces (meaning in particular internal facility management systems owned by another provider, etc.) and in our internal systems (collectively, the "websites").
By visiting the website, providing your consent by checking the appropriate button, providing us with such consent, or possibly sending an inquiry or question through or outside the website, using the website or our other services, you confirm that you have read, agree to and wish to be bound by these GDPR principles and complaint handling procedures.
This policy also includes procedures for submitting, recording and handling complaints related to the provision of our services. These procedures set out how you can submit a complaint, how your complaint will be recorded and handled, including information on deadlines, remedies and how the outcome will be communicated. Complaints can be submitted free of charge and will be handled effectively, transparently, fairly and within a reasonable time in accordance with applicable legislation, in particular Regulation (EU) 2023/1114 (MiCA) and its implementing regulations.
ALL TERMS NOT DEFINED HEREIN HAVE THE MEANING SET FORTH IN THE GENERAL TERMS AND CONDITIONS ("GTC"), WHICH CAN BE FOUND HERE https://walleexer.com.
Personal data controller: Walleexer s.r.o.
Contact details of the Administrator - see table above
Purpose of the document:
This document provides:
For the purposes of this document, the terms below have the following meanings:
| Term | Importance |
|---|---|
| Company / Administrator / We | Walleexer s.r.o. operator of the crypto asset exchange service. Wherever in these policies we refer to "us", we mean our Company technically ensuring the operation of the website www.finaram.cz, where the category of "us" also includes our employees and cooperating third parties. |
| Websites | The online interface operated by the Administrator at [URL] and other digital interfaces of the Administrator. Website is an umbrella term for our web interfaces, in particular the website and web interfaces used by us owned by a third party (meaning in particular internal facility management systems owned by another provider, etc.). |
| Customer | A customer is any legal entity or individual who has filled out the relevant form on our website or concluded any Contract with us, regardless of the form. A customer also includes persons who perform activities as employees. |
| Complaint | Any manifestation of dissatisfaction by a customer or potential customer, in particular regarding the processing of personal data or a transaction with crypto assets, |
| Complainant | The customer, their representative or a consumer organization filing a complaint. |
| Admissibility | Assessment of whether the complaint meets the fair and proportionate conditions of admissibility pursuant to Article 1(2)(a) of RTS EU 2025/294 |
| GDPR request | Request by the data subject to exercise rights under Articles 15–22 of the GDPR. This is a request based on this document, the template of which is attached, by online form and is meant to be applied exclusively via the internet. |
| Complaint | A complaint regarding a specific transaction, product or service under the GTC. |
| Visitor | A Visitor is any natural or legal person who visits our website or contacts us in any other way. By completing the relevant form on the website, you become a Customer from a Visitor. |
| Contact address | The contact address is our address for delivering documents and other communications from you, such as requests for information about the handling of personal data. You can find it in the introduction to these policies. |
Outsourcing companies to supplement?
Please contact for GDPR related question www.modernipravnik.cz/gdpr/
The information and any obligations set forth herein apply to both the Visitor and the Customer.
Please note that when using the website you are obliged to provide all information correctly and truthfully. If you submit a question, request or make any other contact with us, you are obliged to provide true personal information, to indicate whether you are a person acting on behalf of or on behalf of another person, or to notify that there has been a change in personal information, in which case you are obliged to update this immediately. We consider the information you provide to be correct and up-to-date.
Please also note that the website may not be available continuously, in particular with regard to the necessary maintenance of our hardware and software equipment, or the necessary maintenance of the hardware and software equipment of third parties.
Please understand that we are not responsible for any loss you incur directly or indirectly related to the loss or damage of your data, whether you are a Visitor, Customer, individual or legal entity.
In this section of the GDPR policy, you will learn how we handle your personal data or the personal data of any other person whose personal data you have provided to us or have otherwise provided to us, until you fill out the relevant forms on our website and thus enter into a Website Use Agreement with us.
You declare that the personal data you have provided is accurate and that you have been informed that the provision of personal data is voluntary.
Personal data protection is provided to you as individuals by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 EC (GDPR), Act No. 101/2000 Coll., on the protection of personal data, as amended, and other legal regulations and our internal security.
We collect and process your personal data to the following extent, if it meets the definition of personal data and the data subject can be identified:
During the process of visiting the website, you are expected to leave other data, but these are not personal data within the meaning of current legislation and are therefore not listed. The list is not exhaustive and provided that you provide us with other personal data, you give us permission to use and process this personal data in accordance with these terms.
If, in exceptional circumstances, you provide us with personal data that is classified as particularly sensitive under GDPR legal standards (e.g. ethnic origin, religion or health status), we are obliged to process such sensitive personal data only in accordance with applicable legislation and these terms and conditions.
If we have obtained such personal data from you about a person other than yourself, e.g. your customer, employee or collaborator (who are natural persons), you expressly declare that you have obtained and have valid consent from such persons to process such personal data, including particularly sensitive personal data. If the consent granted by such person expires, you are obliged to inform us of this fact no later than 7 days from its origin.
Your personal data specified in point 3.2. will be processed only for the period strictly necessary and in compliance with all other legal obligations and with regard to ensuring the quality of our services, for a maximum period of 5 years for marketing purposes and for a maximum period of 10 years for accounting, tax and registration purposes. Personal data will be processed in electronic form in an automated manner, exceptionally in printed form in a non-automated manner.
To protect your personal data, we use internal regulations, physical, hardware and software security, and the protection of personal data is part of the employment obligations of employees and persons cooperating with us.
You have the following rights in relation to our processing of your personal data:
Right to access personal data
This right means that you can request information from us at any time about whether or not we are processing personal data concerning you. If we are processing such data, you have the right to request information about the purposes, scope and manner in which we process such personal data, and you can request a copy of such data.
The right to correct inaccurate and complete incomplete personal data
This right means that you can ask us to correct or supplement your personal data at any time. We will carry out such a request without undue delay, but taking into account our current technical capabilities.
Right to erasure
This right means that, if you request it, we will erase your personal data if: (i) it is no longer necessary for the purposes for which it was collected or otherwise processed, (ii) the processing is unlawful, (iii) you object to the processing and there are no overriding legitimate grounds for the processing of your personal data, (iv) there is no longer a legal obligation to process it under European Union or national law, (v) you withdraw your consent to the processing of your personal data and there are no longer any other grounds for the processing.
Right to restriction of processing of personal data
This right means that you can ask us to restrict the processing of your personal data. In such a case, we will make the personal data inaccessible, temporarily delete or store it, or perform other processing operations that ensure the proper exercise of this right.
Right to data portability
This right means that you can ask us at any time to transfer your personal data, which is processed automatically, to a third party based on your consent or contract. If exercising this right would adversely affect the rights of other persons, we may not be able to comply with such a request.
Right to object
This right means that you can object to the processing of your personal data for legitimate interest or for marketing purposes. If you object to the processing for marketing purposes, we will stop processing your personal data. If you object to the processing for legitimate interest, we will first assess such an objection and inform you of its resolution. If the objection is upheld, we will stop processing your personal data, but it may also be the case that we will not be able to comply with such an objection.
Right to file a complaint about the processing of personal data
If you are dissatisfied with the processing of your request and the exercise of your right, you have the right to file a complaint with the supervisory authority - the Office for Personal Data Protection, website: www.uoou.cz, tel.: 234 665 111.
The right to withdraw consent to the processing of personal data to the extent it was provided
You can withdraw your consent at any time without giving a reason, in writing to our contact address or via our email address listed in the introduction to these GDPR policies.
Please note that our activities are subject to legal regulations that impose many obligations on us. Please note that we may significantly limit or refuse the exercise of any of the above rights based on legal obligations.
In the case of manifestly unfounded, unreasonable or repeated requests, we may, in accordance with legal regulations, charge a reasonable administrative fee for the exercise of the given right or refuse such a request.
We process your personal data for the following purposes:
Fulfilling our legal obligations
You expressly agree that we process and transfer your personal data, in particular in connection with the obligation to fulfill our contractual relationship with the companies listed at the end of the document General terms and conditions. Usually, the entered data, documents and personal data are transferred via the website to cooperative person especially KYC provider SumSub and Tonhub non-custodial wallet provider for the purpose of negotiating with you and enabling you to conclude a contract for services. We also process information for the purposes of accounting and tax legislation, regulations governing archiving and record keeping, or in connection with other legal regulations.
Providing news, tips and marketing offers
We process your personal data for the purpose of sending you news, tips and marketing communications about the products and services we provide based on your consent.
After granting such consent, we will be able to contact you via email, telephone or other means of distance communication, and you will receive valuable information about new services, products and other interesting things.
If you grant us this consent, you acknowledge that providing this consent is voluntary and that consent can be revoked at any time, in writing to the contact address or via email listed in the introduction to the GDPR.
Protecting our legitimate interest
Based on legitimate interest, we may also process your personal data for the purposes of resolving disputes or enforcing our legal claims.
The exercise of all your rights under the GDPR is subject to submitting a request via the Request form, which can be found in the table above.
Please note that our activities are subject to legal regulations that impose many obligations on us, in particular accounting and tax obligations. With reference to legal obligations, we may refuse or refuse to exercise your rights.
Please submit your requests and objections electronically by e-mail to our e-mail address or by post to the contact address and mark it GDPR. We will process your request without undue delay, within 1 month at the most. In exceptional cases, especially due to the complexity of your request, we are authorized to extend this period by another 2 months. We will inform you of any such extension and its justification.
To register Visitors and other persons and individualize website content, we use a service that enables data analysis, in particular Google Analytics, Google Search Console, Microsoft Clarity and cookies.
By giving your consent by checking the appropriate button on our website, you agree to the storage of cookies and their analysis. You can withdraw your consent at any time by following the procedure for withdrawing consent to the processing of personal data (sections 4.4.8. and 4.6. of this GDPR policy). However, please note that some functions of our website may not function properly in such a case and you will be deprived of the perfect experience that we have prepared for you.
You agree to our prohibition of automatic scanning and/or downloading of data from our website, in particular crawling. In the event that you engage in automatic scanning and/or downloading of data from our website, you agree to pay us a fine of CZK 20,000 for each such violation. Please note that by paying the fine, we still retain the right to claim damages from you for such violation.
The content of our website, texts and all available materials (texts, photographs, images, logos and others) including those in related printed media (promotional flyers, advertisements, etc.), and the content of the website software are protected by our copyrights and may be protected by other rights of other persons.
Please note that the content may not be modified, copied, reproduced, distributed or used by any third party for any purpose without our written consent.
Pursuant to Regulation (EU) 2025/294 supplementing Article 71(5) of Regulation (EU) 2023/1114 (MiCA) with regard to regulatory technical standards on the handling of complaints by crypto-asset service providers, the Company adopts this Complaints Handling Policy (the "Policy").
We have implemented effective, transparent and consistent procedures for the prompt, fair and equitable handling of all complaints we receive from our customers. These procedures are designed to ensure that all legitimate complaints are resolved promptly and fairly, while maintaining the highest standards of customer service.
We accept and handle complaints completely free of charge, with no fees or costs charged to the customer for any stage of the complaint handling process. This principle of free service applies to all communication channels and forms of complaint submission.
All procedures are publicly available on our website in all languages we use to communicate with customers. At the same time, we ensure regular training of our employees and continuous process improvement based on the analysis of complaint data.
Our company's governing body approves and regularly reviews the effectiveness of our complaints handling procedures at least annually or when there are significant changes in legislation or our processes. Regular reports on the activities of the complaints team and recommendations for improvement are submitted to the company's management.
Our team of qualified staff, led by a Complaints Management Officer (CMO), who reports directly to the company's management body, is responsible for managing complaints and implementing this policy. This team has access to all relevant information and systems necessary for the effective handling of complaints.
The policy is distributed to all relevant employees via the intranet; new staff receive it upon joining.
We use a secure electronic system to record and track complaints, ensuring full auditability of all steps and adherence to deadlines. The system automatically generates notifications of upcoming deadlines and allows for continuous monitoring of the status of all complaints.
All Company employees authorized to handle complaints have the right to access all internal systems necessary to investigate complaints.
We inform customers about the possibility of filing a complaint through several channels. We publish an up-to-date description of the complaint handling procedures, together with a standard complaint form, in a prominent place on our website. This information is available in all languages used for customer communication.
Our terms and conditions and contractual documents provide information about the right to file a complaint, including contact details and how to file. We regularly remind you of the existence of a complaints mechanism when providing services and communicating with customers.
Information on complaint handling procedures includes a description of all communication channels for submitting a complaint, the expected timeframe for handling it, information on the free nature of the proceedings and the available remedies in case of dissatisfaction with our decision.
You can file a complaint in several ways, depending on your preferences. You can file a complaint electronically via the online form on our website, by sending an email to, or through our customer portal. You can send a written complaint by post to or in person at our branch during office hours.
You can submit a complaint in any language we use to offer our services or communicate with customers, as well as in the official languages of the home and host Member States of the European Union, i.e. in the following languages: Czech, English. To facilitate the submission of a complaint, we provide a standard form, the use of which is not mandatory.
When submitting a complaint, we recommend that you provide all relevant information, including a description of the problem, identification of the transaction or service, time details, and the requested resolution. If any information is incomplete, we will contact you to complete it.
When handling a complaint, we will communicate with you in clear and simple language that is easy to understand. All our communications regarding the complaint will be in the language in which you made the complaint, provided that this is one of the languages we use to communicate with customers, offer our services, as well as an official language of the home and host Member State of the European Union.
All communication is in writing via electronic means, or at your request in printed form sent by post. Electronic communication takes place via e-mail or our customer portal, and all documents are secured and archived.
We ensure that our communication is always professional, polite and contains all the necessary information. In case of more complex technical issues, we provide additional explanations.
Upon receipt of your complaint, we will register it in our electronic system within 1 business day and assign it a unique reference number. We will send you an acknowledgement of receipt of your complaint without undue delay, no later than five calendar days from receipt, it may be generated automatically.
The acknowledgement includes the complaint reference number, date of receipt, name and contact details of the person responsible for handling your complaint, an estimated timeline for handling it, a description of the complaint handling procedures and, if submitted electronically, a copy of your complaint.
At the same time as the confirmation, we will assess whether the complaint meets the admissibility conditions according to 7.4.2. If the complaint does not meet the formal requirements or is inadmissible, we will inform you of the reasons for the rejection and provide a clear explanation of how to proceed further, if necessary.
Who. After receiving the complaint and registering it in the CMO system, an authorized person or authorized employee from the complaints management department will assess the fulfillment of all formal requirements. If he finds that the complaint is incomplete or unclear, he will request its completion. To ensure the completeness of all necessary information, the customer can use the standard complaint template provided in the appendix to this document (Appendix A).
Admissibility conditions. A complaint will be considered admissible if:
Deadlines. When requesting additional information to the complaint, the deadlines for handling the complaint are suspended until the requested information is received. We may request additional information to the complaint repeatedly, if necessary for proper handling. If the complaint is not complete within sixty days of its initial receipt, we will be forced to formally reject it.
Once we have received all the necessary information, we will proceed to a thorough investigation of the complaint. We will collect and review all relevant information, documents and records related to the subject of the complaint. We do not request information from the customer that we already have or that we are required to have by law.
During the investigation, we will keep you informed about the progress of your complaint and respond to your reasonable inquiries without undue delay. If longer than originally expected is required, we will inform you of the reasons for the delay and a new estimated completion date.
Our decision on your complaint will address all the points you raised in your complaint and will include a clear rationale for the outcome of our investigation. We will ensure that our decision is consistent with any previous decisions we have made on similar complaints. If our decision deviates from previous decisions, we will clearly state why we have reached a different conclusion.
We will inform you of the decision on your complaint without undue delay, as soon as possible, but in any case no later than two months from the date on which we received your complaint. If, in exceptional circumstances, it is not possible to provide a decision within this period, we will inform you of the reasons for the delay and provide a new date for the decision.
If our decision does not satisfy your request or satisfies it only partially, we will clearly state the reasons for our decision and provide information about the available remedies that you may pursue.
We maintain a complete record of all complaints and the actions taken in response to them through our secure electronic system. This system ensures complete auditability of all steps and allows for quick retrieval and analysis of historical data.
We retain records of complaints for a minimum of five years from their closure in accordance with the requirements of the MiCA regulation. Archiving takes place in a secure environment with appropriate access rights and regular data backups.
The record system contains complete information about the complainant, timestamps of all handling steps, copies of all documents and correspondence, results of the investigation and actions taken. This information is available to authorized employees and, if necessary, to supervisory authorities.
We continuously analyze complaint handling data to identify potential improvements to our processes and services. This analysis includes monitoring the average processing time for each step of the complaint handling process, the number of complaints received, and instances of non-compliance with established deadlines.
We analyze the subject categories covered by complaints and the results of our investigations to identify systemic issues or trends. Based on these analyses, we take corrective action and update our procedures and employee training.
The results of the analyses are regularly presented to the company's management body, together with recommendations for improvement. At least once a year, we conduct a comprehensive review of the effectiveness of our complaints handling procedures and update them as necessary.
The Company ensures continuous monitoring and evaluation of complaint data in order to ensure compliance with legislative requirements and to provide statistical information to the relevant supervisory authorities. Statistics on complaint handling are submitted to the Czech National Bank and the European Securities and Markets Authority (ESMA) upon their request in the format and structure defined by the regulatory technical standards under Regulation (EU) 2025/294 and the joint guidelines issued by the ESMA/EBA Joint Committee.
The reported data includes the average processing time for each step of the complaint handling process, the total number of complaints received during the relevant period, the number of cases of non-compliance with the established deadlines, the categories of complaint topics and the results of their investigation. This information is used by supervisors to assess the effectiveness of our procedures and to identify possible systemic problems in the area of customer protection.
In the event of the identification of serious system incidents or security issues that have or may have a significant impact on the handling of complaints, the provision of crypto-asset-related services or the security of client assets, the company is obliged to notify the relevant supervisory authority without undue delay. The notification must be made no later than three business days from the detection of the incident and must include a detailed description of the event, its impact on clients, immediate measures taken and planned remedial actions.
In addition to notifying regulators, the company is required to inform affected customers of the incident and its impact on their services or crypto assets in accordance with the transparency and reporting requirements set out in the MiCA Regulation. All incident reports are documented and archived for the purposes of further investigation and potential liability.
If you are not satisfied with our decision regarding your complaint, you have the right to several remedies. You can contact the Financial Arbitrator of the Czech Republic, which is responsible for resolving disputes between consumers and providers of financial services. Proceedings before the Financial Arbitrator are free of charge for consumers and are conducted in accordance with Act No. 229/2002 Coll., on the Financial Arbitrator.
For cross-border disputes, you can use the ODR (Online Dispute Resolution) platform of the European Union available at the official ODR website. This platform facilitates the out-of-court resolution of disputes arising from online transactions between consumers and traders.
You also always have the right to appeal to the competent court in accordance with general procedural rules. This right is not limited by the use of extrajudicial remedies and you can exercise it independently of the outcome of our internal complaint handling procedure.
All employees involved in handling complaints receive regular training focused on MiCA legal requirements, communication skills and de-escalation techniques. Newly hired employees receive mandatory induction training within thirty days of joining.
Training is provided at least once a year and includes regulatory updates, customer service best practices, and practical case studies. Attendance is mandatory and attendance is recorded.
In addition to regular training, we organize ad hoc training events when there are significant changes in legislation or our procedures. Employees also have access to ongoing information through our internal information system.
When handling complaints, we process personal data only to the extent necessary to resolve the complaint and in accordance with the principles of the GDPR. The legal basis for processing is the fulfillment of a legal obligation set out in the MiCA Regulation and our legitimate interest in the effective handling of complaints and the protection of our rights.
Personal data processed in the context of a complaint is protected by the same security measures as other customer data. Only authorized employees have access to this data as part of their job duties.
Customers have all rights under the GDPR in relation to personal data processed in the handling of complaints, which they can exercise according to the procedures described in the personal data protection section of this document.
In accordance with Article 12 of Commission Delegated Regulation (EU) 2025/305, Walleexer s.r.o. ensures that its GDPR and complaint handling policy: Provides a clear legal basis for all personal data processing (Art. 12(1)(a)); Implements technical and organizational measures to safeguard personal data (Art. 12(1)(b)); Ensures transparency and accessibility of procedures for clients (Art. 12(1)(c)); Includes appropriate internal governance and employee training (Art. 12(1)(d)).
Walleexer s.r.o. does not request or require sensitive data for service access, and that if such data is received, it is immediately deleted or flagged for limited processing with explicit consent.
Please note that we may unilaterally amend or supplement the wording of these GDPR principles and complaint handling procedures at any time. Our mutual rights and obligations are always governed by the wording of the GDPR principles and complaint handling procedures under which they were created. The GDPR principles enter into force and effect on the date of publication on our website.
Please note that if you violate the rights of third parties when using the service or information from the website, we are not responsible for this, but you. If we are thus claimed for compensation for damages or other harm, or other similar performance, we have the full right to subsequently recover this performance from the person who committed the violation of the right, including all related claims, in particular the costs of legal representation.
We strongly advise against any interference with the technical or substantive nature of the website. We ask you to report any failure of the website's functionality or any external attack, which is manifested in particular by the display of content unrelated to the essence of our services, in particular the display of pornographic content.
Please note that we are not responsible for any advertising or other form of promotion carried out by any third party through the Website and we are not responsible for the content of the communications that you exchange with other Visitors and Customers in some parts of the Website, social networks or within the Customer's systems, and we reserve the right to remove any communication that contains any information that may be considered unlawful, offensive or otherwise unacceptable, solely based on our own discretion.
We also reserve the right to change or remove any part of the website at any time without prior notice.
If you did not find what you wanted to know here or in the related legal regulations, please do not hesitate to contact us directly via the email provided in the introduction to these GDPR policies and complaint handling procedures, we will be happy to answer everything.
These GDPR principles come into force and effect on 30 July 2025.
In Prague 30. 7. 2025