Grid image

Privacy Policy

Last updated: July 2025

1. Identity of the Data Controller

In compliance with Article 13 of Regulation (EU) 2016/679, General Data Protection Regulation (GDPR), and Article 11 of Organic Law 3/2018 (LOPDGDD), the User is informed that the personal data provided through this website will be processed under the responsibility of:

  • Data Controller: Clovr Labs, S.L.
  • Tax ID: B67306894
  • Registered office: Camino Can Minguet, nº 72, 08173, Sant Cugat del Vallès (Barcelona), Spain
  • Contact email: hello@clovrlabs.com
  • Main activity: Development of technological solutions for the management and use of crypto-assets.
  • Regulatory status: Clovr Labs, S.L. is currently in the process of authorization as a crypto-asset service provider, in accordance with Regulation (EU) 2023/1114 (MiCA).

The processing of personal data will be carried out lawfully, fairly and transparently, at all times in accordance with the principles and guarantees provided for in the applicable data protection regulations.

2. Personal Data Subject to Processing

The personal data that Clovr Labs may collect through the Website https://www.clovrlabs.com, as well as through forms, tools or enabled functionalities, is limited to that strictly necessary for the purposes described in this policy and may include the following categories:

a) Identification and contact data

  • Name and surname
  • Email address
  • Country of residence
  • Phone number (in case of direct contact)

b) Technical and navigation data

  • IP address
  • Browser type and operating system
  • Access date and time
  • Referral URLs
  • Data collected through cookies or similar technologies (see our Cookie Policy)

c) Data derived from site usage

  • Information about user preferences, interests or behavior during navigation
  • Aggregated data for non-identifying analytical or statistical purposes

d) Data provided in pre-registration or contact phases

  • Information that the User voluntarily provides when registering, joining waiting lists, completing forms or participating in studies prior to the launch of services
  • Comments or observations sent in forms or emails

The Website does not request or process special categories of personal data (such as health data, ideology, union affiliation, religion, sexual orientation or biometric data), nor financial data or data relating to crypto-assets in active phase, unless this is necessary and is specifically informed with sufficient legal basis. The User guarantees that the data provided is true, accurate, complete and up-to-date, and undertakes to communicate any relevant modification to Clovr Labs in order to keep them up-to-date.

3. Processing Purposes

The personal data provided by the User through the Website https://www.clovrlabs.com, or through any of the forms or enabled channels, may be processed by Clovr Labs for the following legitimate purposes:

a) Management of inquiries and information requests

To attend to and respond to inquiries, suggestions, questions or requests that the User may make through the contact forms or enabled email addresses.

b) Management of registrations, waiting lists or pre-registration forms

To allow the User to express their interest in the services offered by Clovr Labs once it begins operations as a regulated provider, as well as to communicate news, invitations to participate in validation studies, beta phases or pilot programs.

c) Non-intrusive informative and commercial communication

To send information about the Clovr Labs project, regulatory updates (such as obtaining MiCA authorization), planned functionalities or changes in legal policies. These communications will only be made if the User has given their consent or if there is an adequately weighted legitimate interest.

d) Statistical and technical analysis of website usage

To collect navigation and User behavior data for statistical purposes, to improve the experience, usability and performance of the Website, always through anonymization or pseudonymization techniques, where appropriate.

e) Compliance with legal or regulatory obligations

Where appropriate, to process data to comply with applicable regulatory requirements, including those derived from Regulation (EU) 2023/1114 (MiCA) once Clovr Labs obtains authorized provider status, as well as requirements from administrative or judicial authorities.

Clovr Labs does not use the data collected to create automated profiles with legal effects or for exclusively automated decision-making, in accordance with Article 22 of the GDPR. In any case, the User will be informed in each form or data collection point whether the provision of this data is mandatory or voluntary, as well as the consequences of not providing it.

4. Legal Basis for Processing

The processing of personal data collected through the Clovr Labs Website is based on one or more of the following legal bases, in accordance with Article 6 of Regulation (EU) 2016/679 (GDPR):

a) Consent of the data subject (art. 6.1.a GDPR)

The legal basis for the processing of personal data will be the User's consent when: • Voluntarily fills out contact or pre-registration forms, • Expressly accepts the sending of informative or commercial communications, • Authorizes the use of cookies or similar technologies (where applicable). This consent may be withdrawn at any time, without affecting the lawfulness of processing based on consent prior to its withdrawal.

b) Performance of pre-contractual measures (art. 6.1.b GDPR)

When the User provides their data to participate in pre-registration, validation or testing phases of services that will be provided by Clovr Labs once authorized as a crypto-asset service provider, the processing of their data is based on the need to take pre-contractual measures at the request of the data subject.

c) Compliance with legal obligations (art. 6.1.c GDPR)

Processing may be necessary to comply with legal obligations applicable to Clovr Labs, such as compliance with regulatory requirements derived from the MiCA Regulation, legislation on the prevention of money laundering (Law 10/2010), data protection or defense of rights before competent authorities.

d) Legitimate interest (art. 6.1.f GDPR)

Clovr Labs may process certain data based on its legitimate interest, duly weighed against the rights and freedoms of the User, to: • Improve the functionality and security of the Website, • Prevent fraud or misuse, • Perform non-identifying statistical analyses, • Communicate project progress to already registered users who have shown prior interest. In these cases, the User may always object to processing based on legitimate interest, in accordance with Article 21 of the GDPR.

5. Data Retention Period

Clovr Labs will retain the personal data provided by the User only for the time strictly necessary to fulfill the purposes for which they were collected, without prejudice to their retention during the legal or contractual periods that may be required depending on the type of processing. For guidance purposes, the following criteria will be applied:

a) Data collected through contact or pre-registration forms

Will be retained while the request, query or contact is being processed, and subsequently for a maximum period of 12 months, unless the User requests their deletion earlier or a contractual relationship is established.

b) Data related to informative or commercial communications

Will be retained as long as the User does not revoke their consent, unsubscribe or object to processing. Each communication will offer a clear and effective means to exercise this right.

c) Data necessary to comply with legal obligations

Will be retained for the periods established by applicable regulations, including those derived from tax, commercial, data protection or anti-money laundering obligations, where appropriate.

d) Data obtained through cookies or similar technologies

Will be processed according to the periods defined in the Cookie Policy, and may be deleted according to browser settings or User preferences.

After the corresponding period, the data will be blocked and retained exclusively for the purposes of compliance with legal obligations or defense against claims, during the limitation periods established by applicable regulations. After this period, the data will be securely deleted.

6. Recipients and Data Processors

Clovr Labs does not communicate personal data to third parties, except in cases where there is a legal obligation, a requirement from competent authorities or it is necessary for the fulfillment of the legitimate purposes described in this policy. However, certain processing may require access to personal data by external providers acting as data processors, in accordance with Article 28 of the GDPR. These third parties provide technical support, infrastructure, analytics, communication or development services, and act under the following conditions: • Processing is carried out on behalf of Clovr Labs and under its documented instructions. • There is a data processing agreement in accordance with current regulations. • Adequate security, confidentiality and regulatory compliance measures are guaranteed.

Types of data processors that may have access to data include, among others: • Hosting and cloud storage providers. • Email management and CRM platforms. • Website usage analysis tools (anonymized or pseudonymized). • Legal, technical or regulatory services contracted by Clovr Labs, S.L.

In the event that, in the future, data communication to other entities of the business group or other third parties with sufficient legal basis is foreseen, Clovr Labs will expressly notify the User and, where appropriate, request the corresponding consent.

7. International Data Transfers

In general, Clovr Labs does not carry out international transfers of personal data to third countries or international organizations located outside the European Economic Area (EEA). However, certain services provided by trusted technology providers may involve data processing from locations outside the EEA, in which case Clovr Labs guarantees that appropriate safeguards required by the GDPR will be applied to protect the rights and freedoms of data subjects.

In particular, possible transfers will be carried out in accordance with one of the following legal mechanisms: • European Commission adequacy decision regarding the destination country (art. 45 GDPR); • Contracts with standard contractual clauses approved by the Commission (art. 46.2.c GDPR); • Application of duly approved binding corporate rules (art. 47 GDPR); • Explicit consent of the data subject (art. 49.1.a GDPR), in specific and duly informed situations.

In any case, Clovr Labs will ensure that its suppliers guarantee a level of protection equivalent to that required by European legislation and adopt appropriate technical and organizational security measures. The User may request at any time additional information about the mechanisms used for international data transfer, as well as a copy of the standard contractual clauses or other safeguards, by contacting hello@clovrlabs.com

8. User Rights

The User, as the owner of the personal data processed by Clovr Labs, has the right to exercise at any time the rights recognized by current data protection legislation, and in particular the following:

a) Right of accessTo know what personal data Clovr Labs processes, for what purposes, their origin, whether they have been communicated to third parties and for how long they will be retained.
b) Right of rectificationTo request the correction of inaccurate or incomplete personal data concerning them.
c) Right to erasure (right to be forgotten)To request the deletion of their personal data when they are no longer necessary for the purposes that motivated their collection, consent has been withdrawn or they have objected to processing.
d) Right to restriction of processingTo obtain restriction of processing of their data in certain cases provided for by regulations, for example, while the accuracy of the data or the legitimacy of processing is verified.
e) Right to objectTo object to the processing of their data for reasons related to their particular situation, when the legal basis for processing is legitimate interest or the performance of a task in the public interest.
f) Right to data portabilityTo receive their personal data in a structured, commonly used and machine-readable format, and to transmit it to another controller when processing is based on consent or a contract and is carried out by automated means.
g) Right not to be subject to individualized automated decisionsIncluding profiling, when such decisions produce legal effects or significantly affect them, unless there is a legal basis for this and they are duly informed.

Exercise of Rights

The User may exercise their rights at any time and free of charge, by submitting a written request, signed and accompanied by a copy of their identification document, through any of the following means: • Email: hello@clovrlabs.com • Postal address: Clovr Labs, S.L. – Camino Can Minguet, nº 72, 08173, Sant Cugat del Vallès (Barcelona)

If the User considers that their rights have not been adequately addressed, they have the right to file a complaint with the Spanish Data Protection Agency (AEPD), through its electronic headquarters: www.aepd.es

9. Applicable Security Measures

Clovr Labs is committed to guaranteeing the security, confidentiality and integrity of the personal data processed, and for this purpose has adopted appropriate technical and organizational measures according to the level of risk associated with each type of processing, in accordance with Article 32 of the General Data Protection Regulation (GDPR).

These measures aim to: • Prevent unauthorized access, alteration, loss or destruction of personal data; • Guarantee the permanent confidentiality, integrity, availability and resilience of processing systems and services; • Restore availability and access to personal data quickly in the event of a physical or technical incident; • Regularly verify, evaluate and assess the effectiveness of the technical and organizational measures implemented.

Among others, Clovr Labs has implemented the following security measures: • Encryption of communications through HTTPS/TLS protocol; • Access controls and reinforced authentication in systems containing personal information; • Intrusion detection and prevention systems (IDS/IPS); • Encrypted backups with restricted access; • Periodic audits and security tests on technological infrastructure; • Internal confidentiality policies and staff training on data processing.

Clovr Labs applies a proactive security approach by design and by default, so that only strictly necessary data is processed, with the least possible degree of exposure and always under technical and legal supervision. In the event of a security breach affecting personal data, Clovr Labs undertakes to notify the Spanish Data Protection Agency (AEPD) and, where appropriate, the data subjects, within the terms and deadlines established by current regulations.

10. Minors

The services offered through the Clovr Labs Website are not directed at persons under 18 years of age, and their use by persons who have not reached legal age is expressly prohibited, especially with regard to participation in functionalities, contact forms or pre-registration processes. Clovr Labs does not knowingly collect or process personal data of minors. If a minor has provided personal data without the consent of their legal representatives, it will be deleted immediately as soon as knowledge of this is obtained. Likewise, it is recalled that access to products and services linked to crypto-assets entails financial and technological risks that require full legal capacity and informed understanding, which reinforces the exclusion of minors from the scope of this processing. Clovr Labs recommends that parents, guardians and legal representatives actively monitor minors' use of the Internet, and adopt parental control measures if there is the possibility that they may access sites of this nature. For any questions or communications related to this aspect, you can contact hello@clovrlabs.com

11. Use of Cookies and Similar Technologies

The Clovr Labs Website uses cookies and similar technologies (such as tracking tags, pixels or local storage) in order to facilitate navigation, improve the User experience and obtain analytical information about site usage. Cookies may be first-party or third-party, technical, personalization, analytical or, where appropriate, advertising. Under no circumstances will they be used to obtain sensitive personal information or transferred to third parties without adequate legal basis. The installation of cookies that are not strictly necessary will only be carried out with the express consent of the User, which can be managed through the Cookie Settings Panel enabled on the Website. Likewise, the User can configure their browser to reject or delete cookies at any time, although this could affect site functionality. For detailed information about the cookies used, their purpose, ownership, duration and deactivation mechanisms, the User should consult our Cookie Policy. Use of the Website implies informed acceptance of this policy to the extent that the User has consented to the use of cookies according to their preferences.

12. Modifications to the Privacy Policy

Clovr Labs reserves the right to modify, update or revise at any time and without prior notice the content of this Privacy Policy, in order to adapt it to legislative and jurisprudential developments, criteria of control authorities (such as the AEPD), changes in processing carried out or evolution of services offered. In the event that significant changes are introduced that affect the rights or freedoms of Users, Clovr Labs will notify such modifications clearly and prominently through the Website or by equivalent means, requesting the User's consent when legally required. The User is bound by the current version of the Privacy Policy at the time they access the Website, so its periodic review is recommended. This policy was last updated in: July 2025.

13. Contact and Exercise of Rights

The User may exercise at any time their rights of access, rectification, erasure, restriction of processing, portability and objection, as well as withdraw their consent when processing is based on this legitimacy, by written request addressed to Clovr Labs through any of the following means:

  • Email: hello@clovrlabs.com
  • Postal address: Clovr Labs, S.L. Camino Can Minguet, nº 72 08173 – Sant Cugat del Vallès (Barcelona) Spain

The request must contain the name and surname of the data subject, copy of a valid identification document (DNI/NIE/passport), specific description of the right they wish to exercise and, where appropriate, supporting documentation.

If Clovr Labs does not adequately address the exercise of their rights, the User has the right to file a complaint with the Spanish Data Protection Agency (AEPD), through its electronic headquarters: www.aepd.es