Last updated: 26/11/2025

1. Data Controller

The controller responsible for the processing of your personal data in connection with CDG Project and CDG Devices is:

Codego Group LTD
[Registered address]
E-mail: support@cdgproject.com

Depending on the specific service (IBAN account, card issuing, crypto services), other Codego entities and licensed financial institutions may act as independent controllers or joint controllers. Details are provided in the relevant contracts and service terms.

2. Scope of this Policy

This Privacy Policy applies to:

  • the CDG Project website and landing pages;
  • the CDG Project / CodegoPay mobile application;
  • CDG Devices and their management interfaces;
  • the CDG token ecosystem, including CDG rewards (“Get CDG”);
  • our social media channels, communication and support.

3. Categories of Personal Data We Process

We may process the following categories of personal data:

  • Identification data: name, surname, date of birth, nationality, ID or passport data, tax ID.
  • Contact details: e-mail address, phone number, postal address.
  • Account data: login credentials, wallet addresses, user IDs, KYC verification status.
  • Financial data: IBAN details, transaction history, card usage data, top-ups and withdrawals.
  • Device data: serial number of CDG Devices, uptime, performance metrics, bandwidth usage, IP address and technical telemetry required to operate the decentralized network.
  • Usage data: interaction with the app, website analytics, pages visited, referral sources.
  • Support data: content of support requests, recordings of calls or chats where permitted by law.

4. Purposes and Legal Bases

We process your personal data for the following purposes and legal bases:

  • Provision of services and performance of contract – to create and manage your account, operate CDG Devices, process payments, provide IBAN and card services, calculate and credit Get CDG rewards, and provide access to the CDG token ecosystem.
  • Legal and regulatory obligations – to comply with AML/KYC requirements, anti-fraud and sanctions screening, accounting and tax regulations, and other applicable financial services laws.
  • Legitimate interests – to secure our systems and network, prevent misuse, improve our products and services, run analytics at an aggregated level, and communicate relevant updates about the CDG ecosystem.
  • Consent – where required by law, for example for certain types of marketing communications, optional cookies, or specific processing not strictly necessary for the service.

5. How We Collect Your Data

We collect personal data from:

  • information you provide to us directly during onboarding and KYC;
  • data generated when you use the app, the website or CDG Devices;
  • our financial partners and service providers (e.g. issuing banks, payment institutions);
  • public and third-party sources where allowed by law (e.g. sanctions lists, fraud databases).

6. Data Sharing and Recipients

We share personal data only where necessary and on a need-to-know basis with:

  • other Codego entities involved in the provision of the CDG Project infrastructure;
  • licensed banks, electronic money institutions and payment service providers;
  • cloud hosting providers, IT and security service providers;
  • compliance, KYC/AML and fraud-prevention providers;
  • professional advisers (lawyers, auditors) where necessary;
  • competent authorities and regulators where required by law.

We do not sell your personal data. We may transfer aggregated and anonymised data that does not allow you to be identified.

7. International Data Transfers

Some recipients may be located outside your country, including outside the European Economic Area (EEA). In such cases we take appropriate safeguards, such as:

  • using countries recognised by the European Commission as providing an adequate level of protection; or
  • entering into standard contractual clauses and implementing additional safeguards, where appropriate.

8. Data Retention

We keep your personal data only for as long as necessary for the purposes for which it was collected, including for the fulfilment of legal, accounting and reporting obligations. In particular:

  • KYC and AML-related records are generally kept for the minimum period required by applicable law;
  • contract and transaction records are stored for the applicable limitation periods;
  • marketing consents are kept until you withdraw your consent or object to processing;
  • technical logs are stored for a limited period for security and troubleshooting purposes.

9. Your Rights

Subject to applicable law and certain limitations, you may have the following rights in relation to your personal data:

  • Right of access – to obtain confirmation and a copy of the personal data we hold about you;
  • Right to rectification – to correct inaccurate or incomplete data;
  • Right to erasure – to request deletion of your data in specific situations;
  • Right to restriction of processing – to limit how we process your data in certain cases;
  • Right to data portability – to receive your data in a structured, commonly used format where applicable;
  • Right to object – to object to processing based on legitimate interests or to direct marketing;
  • Right to withdraw consent – where processing is based on your consent, you can withdraw it at any time.

To exercise your rights, please contact us at support@cdgproject.com. We may need to verify your identity before responding. You may also have the right to lodge a complaint with your supervisory authority.

10. Cookies and Similar Technologies

We use cookies and similar tracking technologies on our website and app. For more details, including the types of cookies we use and how you can manage your preferences, please refer to our Cookie Policy.

11. Security of Personal Data

We implement appropriate technical and organisational measures designed to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. No system is completely secure, but we continuously work to improve the security of our infrastructure.

12. Children’s Privacy

Our services are not intended for use by children under the age required to enter into a binding contract in their country of residence. We do not knowingly collect personal data from minors without appropriate parental or guardian consent where required by law.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time, for example to reflect changes in our services or applicable laws. We will post the updated version on this page and, where appropriate, notify you through the app or by e-mail.

14. Contact

If you have any questions about this Privacy Policy or our data protection practices, please contact us at:
support@cdgproject.com