AUCTA

PRIVACY BY INFRASTRUCTURE

Privacy
Policy

Effective Date: January 2025

Entity: AUCTA Protocol SARL (France)

Regulated under:

EU Regulation 2016/679 (GDPR)

Loi Informatique et Libertés (French Data Protection Act)

Processing Purposes & Legal Basis

Purpose	Legal Basis (GDPR)
KYC & AML compliance	Legal obligation (Art. 6.1.c)
Secure access to vault & services	Contractual necessity (Art. 6.1.b)
Ownership verification & traceability	Legitimate interest (Art. 6.1.f)
Biometric verification (optional)	Explicit consent (Art. 9.2.a)
Product activation & resale tracking	Contractual necessity
Appraisal, custody, and insurance referrals	Legitimate interest
Marketing (minimal)	Consent (if applicable)

Data Sharing & Access

Your data may be shared with:

Recipient	Reason
Internal Security Teams	Fraud detection, internal audit
Certified Authenticators	Item verification or valuation
Conciergerie Partners	Deliveries, client contact
Auction Houses / Brands	On request and with consent
Legal authorities	Upon valid French or EU court orders
Payment Providers	For cashback and rewards distribution

We never share data for commercial profiling or advertising.

Storage Location

Main servers:

France & Luxembourg (EU legal jurisdiction)

Backup vaults:

Encrypted cold storage, EU-only

Biometric data:

Apple Secure Enclave (local) or EU-region AWS

Retention Period

Identification10 years (AML compliance)

Product & OwnershipIndefinitely (traceability requirement)

Communication Logs5 years

Biometric (opt-in)30 days after deactivation

Blockchain DataIndefinite, anonymised

Your Rights (under GDPR)

You may request at any time:

Access to your data

Rectification of incorrect information

Erasure ("Right to be Forgotten")

Restriction of processing

Portability (in machine-readable format)

Withdrawal of consent (where applicable)

Human review of automated decisions

Objection to specific processing

Send all requests to: privacy@aucta.io
Or by mail: AUCTA Protocol SARL – Data Protection Officer

10. Cookies & Tracking

Our website uses minimal cookies, only to:

Maintain session

Track fraud attempts

Enable dark/light theme

No third-party analytics or ads. We do not use Google Analytics, Facebook Pixel, or similar tools.

A cookie banner is displayed upon entry as per ePrivacy Directive.

11. Minors

AUCTA is not available to minors. We do not knowingly process data of individuals under 18. If you believe a minor has accessed our platform, please contact security@aucta.io.

12. Policy Updates

This Privacy Policy may evolve. Users will be notified 30 days before material changes. All previous versions are archived and timestamped.

13. Supervisory Authority

You may file a complaint with:

CNIL – Commission Nationale de l'Informatique et des Libertés

https://www.cnil.fr/

3 Place de Fontenoy, 75007 Paris, France

Privacy
Policy

1. Introduction

2. Who We Are

3. What Data We Collect

4. Why We Process Your Data

5. Biometric & Sensitive Data

6. Blockchain & Data Immutability

Processing Purposes & Legal Basis

Data Sharing & Access

Storage Location

Retention Period

Your Rights (under GDPR)

10. Cookies & Tracking

11. Minors

12. Policy Updates

13. Supervisory Authority

PrivacyPolicy

1. Introduction

2. Who We Are

3. What Data We Collect

4. Why We Process Your Data

5. Biometric & Sensitive Data

6. Blockchain & Data Immutability

Processing Purposes & Legal Basis

Data Sharing & Access

Storage Location

Retention Period

Your Rights (under GDPR)

10. Cookies & Tracking

11. Minors

12. Policy Updates

13. Supervisory Authority

Privacy
Policy