TREZOR Privacy Policy

Last updated: 1 April 2023 (“Privacy Policy”)

We are committed to protecting your privacy. The following document outlines our policy concerning your personal data.

By accessing and using our websites and services, such as the Trezor Shop, Trezor Suite and Trezor Suite Lite, you accept the practices described in this Privacy Policy.

What is Trezor?

Trezor is an ecosystem operated by our company mainly on the https://www.trezor.io/ website and its subdomains (the “Website”) on which we sell Trezor Devices and also operate several software interfaces that allow you, amongst other things, to access the Devices and manage, receive and send cryptocurrencies, purchase, sell and exchange cryptocurrencies, such as the Trezor Suite and the Trezor Suite Lite and use our other services, such as the Trezor Password Manager (the “Services”).

Why should I read this document?

You may have heard about Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the ”Regulation”) more commonly known as GDPR. Under the Article 13 and 14 of the Regulation, we must provide our customers and other data subjects with information on the collection, handling, protection and processing of their personal data.

Therefore, in this Privacy Policy you may learn more about these topics regarding the personal data that we collect when you access the Website and/or access and use the Services.

Who collects my personal data?

We are a commercial company called Trezor Company s.r.o., incorporated and existing under the laws of the Czech Republic, Id. No. 024 40 032, with registered office at Kundratka 2359/17a, Libeň, 180 00 Prague 8, Czech Republic, registered in the commercial register kept by the Metropolitan Court in Prague under file No. C 219483.

What personal data do you process?

Personal data collected in connection to the use of the Website and access to and use of to the Services

When you access the Website and/or access to and use of the Services, we will, as a data controller, collect, store and process your personal data.

The collection of your personal data in connection to the use of the Website and access to and use of the Services is as limited as possible. We usually collect and process only the following personal data:

When you send us an email requesting customer support, or when you start a chat with Hal, our virtual support agent, we will try to answer your question or help you solve any problem related to the Website and/or the access to and use of the Services. In connection with provision of the above support, we collect and process also the following personal data:

Personal data collected when you subscribe to our newsletter (commercial communications)

On the website, you may subscribe to our newsletter by entering your email, clicking on the subscribe box. If you subscribe to our newsletter, we will regularly inform you about the latest news from Trezor, in particular about our services and products. As a data controller, we collect, store and process the email addresses of users who subscribe to our newsletter.

In case you change your mind and you do not want to receive the newsletter anymore, you can unsubscribe any time for free. We will always indicate within the newsletter how to unsubscribe.

Personal data collected when you order goods from the Trezor Shop

On the respective part of the Website, you may order products from the Trezor Shop. To ensure a smooth experience and fulfill our legal obligations, we collect and process the following personal data:

Payment gateways

Our Website contains links to payment gateways provided by third parties which you may use in order to make payments while using the Services. You will have to fill in your personal data related to the payment when using the payment gateways.

These data are processed by the respective provider of the payment gateway as a data controller and the data processing is governed by terms and conditions and privacy policy of the payment gateway provider. We do not process these data and we do not have any access to such data unless stated otherwise herein. We will always include the name of the payment gateway provider on the Website, so you may contact them to find all the information about how the payment gateway provider treats your personal data.

Why do you process my personal data?

Personal data collected in connection to the Website and/or the access to the Services

It is quite simple. We collect, store and process the above mentioned personal data in order to allow you an use of the Website and/or the access to the Services, as well as to provide you with customer support.

To comply with legal requirements, we must mention that we collect, store and process such personal data pursuant to Article 6 (1) (b) of the Regulation. That means that processing of such personal data is necessary for the performance of a contract which we concluded - the contract established between you and our company when you access and use the Website and/or attempt to access the Services.

We may collect, store and process such personal data pursuant to Article 6 (1) (f) of the Regulation. That means that it is in our legitimate interest to collect, store and process such personal data (even when the contract is terminated), since we have to be able to protect ourselves during the period when you or any third party may contest that we have broken any of our obligations or have violated any applicable laws in relation to the requested issue.

Personal data collected when you subscribe to our newsletter (commercial communications):

As we have stated above, we collect, store and process these personal data because you subscribed to our newsletter. So we are processing your email in order to send you the newsletters. To comply with legal requirements, we must mention that we collect, store and process such personal data pursuant to Article 6 (1) (a) of the Regulation. That means that you have given us consent to the processing of your personal data for the commercial communications purpose.

In order to be able to prove that you have given us your consent to sending our newsletter (and processing your personal data for the commercial communications purposes), we may collect and store the information that you have given us this consent (e.g. the logs). We collect and store these data pursuant to Article 6 (1) (f) of the Regulation. That means that it is in our legitimate interest to collect, store and process such personal data.

Personal data collected when you order goods from the Trezor Shop:

We collect, store and process these personal data because you order products from the Trezor Shop. To comply with legal requirements, we must mention that we collect, store and process such personal data pursuant to Article 6 (1) (b) of the Regulation. That means that processing of such personal data is necessary for the performance of a contract which we concluded - the contract established between you and our company when you order products from the Trezor Shop.

In order to fulfill our legal obligations such as those arising out of accounting laws, we may store certain parts of your personal data for various time periods as stated in those laws. We collect and store these data pursuant to Article 6 (1) (f) of the Regulation. That means that it is in our legitimate interest to collect, store and process such personal data.

For how long will you process my personal data?

We process and store your personal data only for the time necessary to meet the purposes of its processing specified above, or for the time consented by you, or for the time that is either necessary to comply with our obligations under the applicable law or set forth by the applicable law or in accordance therewith. We comply with the mandatory rules for data archiving. Once the purpose of the personal data processing disappears, we will destroy the personal data.

Personal data collected in connection to the Website and/or the access to the Services:

We will process and store such personal data for the duration of the contract established between you and our company when you use and access the Website and/or access the Services or until an issue requested by you is solved and also for the subsequent period thereafter that is either necessary to comply with our obligations under the applicable law or set forth by the applicable law or in accordance therewith, or during which you or any third party may contest that we have broken any of our obligations or have violated any applicable laws in relation to the requested issue.

Personal data collected when you subscribe to our newsletter (commercial communications):

We will process and store such personal data (your email) until you unsubscribe to our newsletter. You can unsubscribe any time for free. We will indicate how to unsubscribe within the newsletter. We will process and store the information that you have given us the consent (e.g. the logs) to send you newsletter for the duration of the consent and also for the subsequent period thereafter that is either necessary to comply with our obligations under the applicable law or set forth by the applicable law or in accordance therewith, or during which you or any third party may contest that we have broken any of our obligations or have violated any applicable laws in relation to the commercial communications sent to you.

Personal data collected when you order goods from the Trezor Shop:

We will process such personal data only for such a period of time that allows us to deliver you the products and fulfill our other legal obligations connected to the sale of the products. We anonymize this data no later than 3 months after the sale of the product to the fullest possible extent and store them only in this anonymized form in case you contact us with an issue so we can verify that the data you provide us with, after anonymization, match the anonymized database inputs. After the expiry of the warranty period, we delete the data altogether.

Who will have access to my personal data?

We take care of your personal data security and so we choose the partners to whom we entrust your personal data very carefully. All our partners must be able to provide sufficient security of your personal data to prevent unauthorized or accidental access thereto or other abuse thereof and all our partners must undertake a confidentiality obligation and must not use your personal data for any purpose other than the purpose for which the data were made available to them.

The recipients that may have access to your personal data are following:

Another possible recipient of your personal data, who may receive your personal data from us mainly in connection with the cryptocurrency buy, sell and exchange services is a member company of the SatoshiLabs Group group of companies, the commercial company Invity.io s.r.o., Id. No. 083 88 032, with its registered office at Kundratka 2359/17a, Libeň, 180 00 Prague 8, the Czech Republic, registered by the Municipal Court in Prague, Section C, Insert 318166.

Our aim is and always will be to ensure your personal data are as anonymous as possible and unavailable to all third parties. However, under certain specifically defined conditions we will be under some circumstances required, in accordance with the applicable law, to transfer certain personal data to public authorities.

When collecting, storing and processing personal data we sometimes may use personal data processors such as Google, which under some circumstances transmit your personal data to third countries. In such an event we always make sure such transmission is compliant with the Regulation. In particular, we specify that the personal data may be transmitted to the United States of America and in such event the transmission is compliant with the “Privacy Shield” program.

How is my personal data protected?

All your personal data is secured by standard procedures and technologies using the industry best practice approach. We provide data protection against unauthorized or accidental access, alteration, destruction, loss, unauthorized transmission or any other unauthorized processing, as well as against any other abuse of records containing the personal data. We are not able to guarantee the security of your personal data without your help and responsible behavior. Therefore, we ask you to help us ensure the security of your data by keeping it secret.

Do you use cookies?

On our Website we use cookies to analyze traffic and to personalize content and ads. We also use cookies for other purposes, such as to enable us to simplify the logging on process for registered users, to help ensure the security and authenticity of registered users, to provide mechanisms for online shopping and to enable traffic monitoring under our Affiliate Program. We will, as a data controller, collect, store and process any personal data collected by such cookies (the personal data may include your IP address, information about your activity on our website, information about your advertisement preferences etc.). It is in our legitimate interest to collect, store and process such personal data for marketing purposes and for website traffic analysis, since (i) it allows us to improve our products and services and to provide you with personalized content and advertisement, (ii) we do not attempt to identify you using such personal data, (iii) there is little to no restriction of your interests, rights and freedoms, and (iv) you may at any time delete stored cookies permanently and change your cookie settings to disable or limit storage of any new cookies. Please, read our Cookie Policy available on our website to learn more about the cookies that we use.

What are my rights in relation to personal data protection?

In relation to the personal data you shall have in particular the following rights: • a right to withdraw your consent at any time; • a right to correct or make additions to the personal data; • a right to request restrictions to processing of your personal data; • a right to object or complain against processing of your personal data under certain circumstances; • a right to request transfer of your personal data ; • a right to access your personal data; • a right to be informed of the personal data security breach under certain circumstances; • a right to request deletion of your personal data (a right to be „forgotten“) under certain circumstances; and • other rights set forth in Act No. 110/2019 Coll., on personal data processing (Personal Data Protection Act) and the Regulation. You have a right to object, on grounds relating to your particular situation, at any time to processing your personal data which is based on Article 6 (1) (f) of Regulation (it means that we have legitimate interest to process such personal data). You have also a right to object to processing your personal data for direct marketing purposes.

Additionally, you have a right to contact the Office for Personal Data Protection with a request for remedial measures in case of any violation of the obligations set forth in the Regulation at the following address: Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Prague 7, Czech Republic, phone number +420 234 665 111 (central telephone exchange).

How can I contact you?

If you have any questions regarding this Privacy Policy, please do not hesitate to contact us using the contact details below:
Contact address: Kundratka 2359/17a, Libeň, 180 00 Prague 8, Czech Republic
Email address: support@satoshilabs.com