Privacy Policy
1. General Provisions
1.1. This Privacy Policy (hereinafter – the “Policy”) defines the procedure for processing personal data by the charitable organization 2xEnergy MTÜ, incorporated under the laws of the Republic of Estonia, with its registered address at: Harju maakond, Tallinn, Põhja-Tallinna linnaosa, Telliskivi tn 57, 10412 (hereinafter – the “Foundation” or the “Controller”).
1.2. This Policy is developed in accordance with GDPR (Regulation (EU) 2016/679) and applies to all information that the Foundation may obtain from users of the website: https://2x.energy/ .
1.3. The Foundation places particular emphasis on:
- protection of personal data;
- transparency of processing;
- compliance with AML/KYC and financial monitoring requirements.
2. Definitions
Personal Data – any information that directly or indirectly identifies a natural person.
Processing of Personal Data – any operation performed on data (collection, recording, storage, use, transfer, deletion, etc.).
Data Subject – a natural person whose personal data is processed.
User / Donor – any individual who uses the website or makes a donation.
AML/KYC – procedures for customer identification and verification of source of funds in accordance with applicable law.
3. Legal Basis for Processing
The Foundation processes personal data based on:
- consent of the data subject;
- compliance with legal obligations (including AML/KYC);
- legitimate interests of the Foundation (e.g., fraud prevention);
- performance of obligations towards donors (e.g., donation accounting);
- protection of vital interests.
4. Categories of Personal Data
The Foundation may collect the following categories of data:
4.1 Identification Data
- name;
- email address;
- phone number;
- residential address;
- IP address.
4.2 Transaction Data
- donation history;
- amounts, dates, and payment methods;
- banking details (within the scope accessible via payment providers);
- cryptocurrency addresses and transaction hashes.
4.3 AML/KYC Data (where required)
- copies of identification documents;
- proof of address;
- Source of Funds information;
- beneficial ownership information (for legal entities).
4.4 Technical Data
- cookies;
- website interaction data;
- browser and device information.
5. Purposes of Processing
The Foundation processes personal data for the purposes of:
- receiving and accounting for charitable donations;
- complying with AML/KYC and financial monitoring requirements;
- transaction verification and fraud prevention;
- communication with donors;
- ensuring proper website functionality;
- internal reporting;
- compliance with legal obligations;
- interaction with banks, payment institutions, and regulators.
6. AML / KYC and Financial Monitoring
6.1. The Foundation may carry out:
- donor identification (KYC);
- screening against sanctions lists (EU, UN, OFAC);
- transaction analysis (including blockchain analytics);
- risk assessment (risk-based approach);
- verification of Source of Funds.
6.2. In this regard, the Foundation may:
- request additional documents;
- restrict or refuse donations;
- disclose information to authorized authorities.
7. Processing of Cryptocurrency Transactions
In case of cryptocurrency donations:
- transactions are publicly available on the blockchain;
- the Foundation may analyze them using third-party AML services;
- crypto addresses may be considered personal data;
- such data may be linked to individual identification within AML procedures.
8. Transfer of Personal Data to Third Parties
8.1. The Foundation may transfer data to:
- banks and payment institutions;
- payment service providers;
- cryptocurrency service providers;
- AML/KYC service providers;
- auditors and legal advisors;
- public authorities (where required by law).
8.2. Transfers are carried out only:
- to the extent necessary;
- on a lawful basis;
- with appropriate safeguards.
9. Cross-Border Data Transfers
Personal data may be transferred outside the European Economic Area provided that:
- an adequacy decision exists; or
- Standard Contractual Clauses (SCC) are applied; or
- other safeguards under GDPR are implemented.
10. Data Retention Period
Personal data is retained:
- for as long as necessary to achieve processing purposes;
- no less than required by law (including AML – up to 5 years or longer);
- until consent is withdrawn, where applicable.
11. Data Protection Measures
11.1. The Foundation implements:
- technical measures (encryption, access control);
- organizational measures (policies, restricted access);
- security monitoring.
11.2. In case of a data breach, the Foundation notifies the regulator within 72 hours where required.
12. Rights of Data Subjects
12.1. You have the right to:
- access your data;
- request correction;
- request deletion (subject to AML restrictions);
- restrict processing;
- object to processing;
- withdraw consent;
- lodge a complaint with a supervisory authority.
12.2. Certain rights may be limited where processing is required to comply with legal obligations (e.g., AML/KYC).
13. User Obligations
Users must:
- provide accurate information;
- not use third parties to circumvent AML/KYC requirements;
- comply with applicable laws.
14. Cookies and Analytics
14.1. The Foundation may use cookies for:
- website functionality;
- analytics;
- improving user experience.
14.2. Users may manage cookies via browser settings.
15. Amendments to the Policy
15.1. The Foundation may amend this Policy.
15.2. The current version is always available on the website.
16. Governing Law
16.1. This Policy is governed by and construed in accordance with the laws of the Republic of Estonia.
16.2. Any disputes shall be resolved by competent courts of Estonia, including courts located in Tallinn.
17. Contact Information
If you have any questions regarding this Policy, you may contact the Foundation:
Email: info@2x.energy
Address: Harju maakond, Tallinn, Põhja-Tallinna linnaosa, Telliskivi tn 57, 10412