Legal

Privacy Policy

Last updated: January 2026

Data Controller and General Information

Data Controller: Solvum GmbH, Kärntner Ring 5-7/7 A-1010 Vienna, Email: privacy@solvum.at

The protection of your personal data is of particular concern to us. We process personal data exclusively on the basis of applicable legal provisions (in particular GDPR, DSG and TKG 2021). In this privacy policy, we inform you about all aspects of data processing in connection with our website and our services.

Solvum GmbH has implemented appropriate technical and organizational security measures to protect your data from unauthorized access, loss or misuse. We do not carry out automated decisions or profiling within the meaning of Art. 22 GDPR.

Data Processing When Using Our Website

Server Logfiles

When you visit our website, certain technical data is automatically collected and stored in so-called server logfiles. This includes in particular:

  • Browser type and version
  • Operating system used
  • Referrer URL (previously visited page)
  • IP address of the requesting device
  • Date and time of server request

This information is not attributable to specific persons and is not merged with other data sources. Processing is carried out exclusively to ensure the operation and security of the website (e.g., for error analysis, protection against attacks) and is based on our legitimate interests in accordance with Art. 6(1)(f) GDPR (ensuring IT security and functionality). Server logfiles are only stored temporarily and automatically deleted after 14 days at the latest.

Cookies

Our website currently does not use cookies or similar technologies that require consent. Any cookies that are currently in use are purely technically necessary cookies (e.g., for a session) and serve the proper operation of the website.

Contact Form and Inquiries

If you contact us via the contact form on our website or by email, we will process the personal data you provide (e.g., name, email address, company affiliation and the content of your inquiry) to process your request. We use this data exclusively to respond to your inquiry and any follow-up questions. Without your express consent, we will not share this data with third parties.

We store inquiry-related data only as long as is necessary to process your request, typically up to six months after completion of communication in case of follow-up questions. The legal basis for this processing is our legitimate interest (Art. 6(1)(f) GDPR) in responding to your contact and ensuring smooth communication. If your inquiry aims to conclude a contract or is related to an existing customer relationship, we additionally base the processing on Art. 6(1)(b) GDPR (execution of pre-contractual measures or contract fulfillment).

Data Processing in the Context of Our Services

Solvum GmbH provides technical services for the structured processing of crypto transaction data on behalf of the customer. This means we take the data provided by our customers regarding digital assets and process it – for example, to make this information subsequently available to a tax advisor for tax purposes.

In the context of providing our services, we process various categories of personal data depending on the assignment and requirements. These include in particular:

  • Customer data: Identification and contact data of the customer (e.g., name, address, email) as required for contract processing.
  • Transaction data: Details of crypto transaction data provided to us by the customer for processing (e.g., transaction IDs, timestamps, transaction amount/value, cryptocurrencies used, wallet addresses or account IDs, name of the exchange/platform used, etc.).
  • Accompanying information: Other information that the customer provides in connection with the transaction data and that is relevant for processing (e.g., categories or comments for classifying certain transactions).

Data processing in this context is carried out for the purpose of providing you with the agreed service – namely, creating a structured, evaluable dataset from unstructured crypto transaction data. Depending on the type of customer relationship, Solvum GmbH assumes different data protection roles:

Processing as Controller (Direct Customers)

If you use our services as an individual customer (B2C & B2B) directly for yourself (i.e., not on behalf of third parties), Solvum GmbH acts as the controller with regard to the personal data processed. We determine the means and purposes of processing to fulfill the contract with you. Your data (especially the above-mentioned transaction and customer data) is used exclusively to provide the contractually agreed service – that is, we process your crypto transaction data and make the result available to you. Further processing for other purposes does not take place without your express consent.

The legal basis for this data processing is contract fulfillment pursuant to Art. 6(1)(b) GDPR. The provision of your transaction data is necessary for the conclusion and execution of the service – without this data, we cannot perform the service. It is voluntary, but use of our services is not possible without the required data.

Processing as Processor

If Solvum GmbH is commissioned by a business customer (e.g., a tax advisory firm or a company) to process personal data from crypto transactions on behalf of that customer (for instance, when the transaction data belongs to third parties, such as clients of the tax advisory), we act as a processor under data protection law in accordance with Art. 28 GDPR. In this case, the business customer remains the controller for the data, and Solvum GmbH processes the personal data exclusively according to the customer's instructions.

We conclude a data processing agreement with our business customers that defines the subject and duration of processing, the type and purpose, the categories of data, and the obligations of Solvum GmbH as a processor. As a processor, we use the data only for the execution of the commissioned service and not for our own purposes. We ensure confidentiality by obligating our employees to data secrecy and implementing appropriate security measures.

After completion of the processing, we delete or return the data provided to us in accordance with the customer's instructions and contractual agreements. Please note that in this constellation, the respective business customer is responsible for informing the data subjects (e.g., the clients of the tax advisory) about the data processing and having a valid legal basis for processing. Should a data subject contact Solvum GmbH directly regarding data that we process on behalf of a customer, we can only process the request within the framework of contractual possibilities – as a rule, we will forward it to our customer as the actual controller.

Disclosure of Data to Third Parties and Service Providers

We treat your personal data confidentially and do not share it with third parties, except as described in this statement, if you have given us your consent, or if we are legally obliged to do so. In certain cases, however, it is necessary for the provision of our services or for legal reasons to pass on selected data to third parties or to involve external service providers. Recipients or categories of recipients of personal data may in particular include the following:

  • IT and hosting service providers: To provide our website and services, we use external technical service providers (e.g., data center operators, hosting providers, email services). These process data on our behalf and are contractually obliged under Art. 28 GDPR to process your data only according to our instructions and to maintain appropriate security measures.
  • Payment service providers and banks: If you make use of paid services of Solvum GmbH and make a payment, we transmit payment data (e.g., invoice amount, IBAN or transaction reference) to the payment services and banking institutions involved, insofar as this is necessary for payment processing.
  • Tax advisors and legal advisors: If necessary, we may pass on customer data (e.g., invoice information) to our tax advisor or auditor to fulfill our own tax and legal obligations. These recipients are also bound by confidentiality.
  • Recipients designated by the customer: At your express request or with your consent, we may transmit data to other third parties. For example, we will pass on the transaction data we have processed directly to your tax advisor or to another person/company designated by you if you instruct us to do so.
  • Authorities and public bodies: In certain cases, we are legally obliged to disclose data to government agencies. This only takes place if there is a corresponding legal basis, e.g., a court order, requests for information from law enforcement authorities, or within the framework of statutory reporting obligations.

We ensure that an adequate level of data protection is guaranteed for every external data transfer. External service providers who process personal data on our behalf are carefully selected and contractually bound to data protection and confidentiality. We do not pass on data to third parties for advertising or marketing purposes.

Data Transfer to Third Countries

Solvum GmbH processes personal data primarily within the European Union or the European Economic Area (EEA). Should a data transfer to a third country (i.e., a country outside the EEA) be necessary in exceptional cases – for example, because we use an external service provider based outside the EEA, or because you expressly request such a recipient – we ensure that an adequate level of data protection is guaranteed in accordance with Chapter V GDPR.

If there is no adequacy decision by the EU Commission (pursuant to Art. 45 GDPR) for the respective third country, we use appropriate safeguards, such as concluding EU standard contractual clauses with the recipient or comparable contractual agreements that ensure data protection. In the case of data transfers to the USA, we will – if the relevant recipient participates in the EU-US Data Privacy Framework and is certified – use this certification as a basis; otherwise, we will use standard contractual clauses and, if necessary, additional protective measures.

You can obtain more detailed information about the specific measures taken for third country transfers from us at any time. Please feel free to contact us using the contact details provided above.

Storage Period

We do not store personal data for longer than necessary. Specifically, the following deletion periods or criteria apply depending on the type of data and purpose of processing:

  • Server logfiles: The technical data logged in server logfiles (see above) is stored for a maximum of 14 days and then automatically deleted, unless a security-relevant incident (e.g., an attack) requires longer retention in individual cases.
  • Contact inquiries: Data that you provide to us in the context of inquiries (via contact form or email) is stored for up to 6 months after the inquiry has been processed. Longer storage only takes place if this is necessary in individual cases for documentation or follow-up questions.
  • Service data (crypto transactions): Personal data that you provide to us for processing is generally only stored for as long as is necessary for the provision of our services and the delivery of results. After completion of the assignment and provision of the processed data, the processed transaction data is usually deleted from our operational systems within a few weeks (at the latest 30 days).
  • Business documents (contract and billing data): Order data, contracts, invoices and similar business documents are retained in accordance with legal requirements. In Austria, for example, there is a tax retention period of 7 years (§ 132 BAO) for accounting documents. Such data is therefore stored until the expiration of the respective period (legal basis: Art. 6(1)(c) GDPR, fulfillment of a legal obligation).

After the expiration of the specified periods, the corresponding data is routinely deleted, unless it is still required for contract execution or due to other legitimate interests. In cases where deletion is only possible with disproportionate effort for technical reasons, anonymization takes place instead of deletion.

Data Subject Rights

As a data subject within the meaning of the GDPR, you have the following rights with regard to your personal data processed by us:

  • Access: You have the right to obtain information about your personal data processed by us (Art. 15 GDPR). This includes information on processing purposes, data categories, recipients and the planned storage period.
  • Rectification: You can request the rectification of inaccurate or completion of incomplete personal data (Art. 16 GDPR).
  • Erasure: You have the right to request the erasure of your personal data (Art. 17 GDPR) if the legal requirements are met. This includes the "right to be forgotten".
  • Restriction of processing: Under certain conditions, you can request the restriction of the processing of your data (Art. 18 GDPR), e.g., if you dispute the accuracy of the data or the processing is unlawful.
  • Data portability: You have the right to receive the personal data concerning you, which you have provided to us, in a common, machine-readable format, and to transmit this data to another controller (Art. 20 GDPR), where technically feasible.
  • Objection: You have the right, for reasons arising from your particular situation, to object at any time to the processing of data concerning you, provided we process it on the basis of a legitimate interest (Art. 21 GDPR). If you object, we will cease processing your data concerned, unless we can demonstrate compelling legitimate grounds that override your interests. The right to object also includes the right to object to processing for direct marketing at any time.
  • Withdrawal of consent: If we process your personal data on the basis of your consent, you can withdraw consent once given at any time with effect for the future (Art. 7 GDPR). The withdrawal does not affect the lawfulness of processing carried out until then.

To exercise your rights, you can contact us at any time without formalities, e.g., by email to privacy@solvum.at. Please indicate as far as possible which right and which data it specifically concerns, so that we can process your request efficiently. We will comply with your request without delay, but at the latest within the statutory period of one month, and inform you of the measures taken.

Note: In cases where Solvum GmbH acts as a processor for a third party (see above), we can only process requests to exercise your rights within the framework of our agreement with the controller. If necessary, we will forward your request to the relevant business customer who is responsible as controller for data processing. We will of course support you to the best of our ability.

In addition, you have the right to lodge a complaint with a data protection supervisory authority. In particular, you can contact the Austrian Data Protection Authority as the supervisory authority responsible for Solvum GmbH:

Austrian Data Protection Authority

Barichgasse 40-42, 1030 Vienna, Austria

Email: dsb@dsb.gv.at

Phone: +43 1 521 52-0

Web: www.dsb.gv.at

Changes to This Privacy Policy

We will update this privacy policy as necessary to adapt it to changed legal situations or new services.

Last updated: January 22, 2026