Privacy Policy

Your privacy and data security are fundamental to our mission

Last updated: March 15, 2024

Introduction and Scope

Elecsafe ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, process, and safeguard your information when you visit our website, purchase our products, or interact with our services.

As a manufacturer of ultra-secure hardware wallets based in Iceland, we adhere to the highest standards of data protection, including compliance with the General Data Protection Regulation (GDPR), Iceland's Data Protection Act, and other applicable privacy laws worldwide.

This policy applies to all interactions with Elecsafe, including our website, customer support services, product registration, warranty claims, and any other touchpoints where personal information may be collected or processed.

Information We Collect

Personal Information Categories

We collect personal information only when necessary to provide our services and fulfill our business obligations. The categories of personal information we may collect include:

  • Identity and Contact Information: Full name, email address, phone number, postal address, and preferred communication methods
  • Order and Transaction Information: Purchase history, product preferences, delivery details, payment method information (processed securely through third-party payment processors), and order status
  • Customer Support Records: Support ticket history, communication logs, technical issues reported, and resolution details
  • Technical and Device Information: IP address, browser type and version, operating system, device identifiers, and website usage patterns
  • Marketing and Communication Preferences: Newsletter subscriptions, communication preferences, and marketing consent status
  • Professional Information: Company name, job title, and business contact details (for enterprise customers)
  • Warranty and Service Information: Product serial numbers, warranty registration details, and service history

Information We Explicitly Do NOT Collect

Consistent with our security-first approach and commitment to user privacy, we explicitly do not collect:

  • Private keys, seed phrases, recovery phrases, or any cryptographic material
  • Wallet contents, cryptocurrency balances, or portfolio information
  • Transaction data, blockchain activity, or cryptocurrency usage patterns
  • Biometric data, fingerprints, or other sensitive authentication information
  • Location tracking data beyond general geographic region for shipping
  • Social media profiles or third-party account information
  • Financial account details (handled securely by payment processors)
  • Sensitive personal data such as health information, political opinions, or religious beliefs

How We Collect Information

We collect information through various legitimate channels, always with appropriate legal basis and user awareness:

Direct Collection

Information you provide directly when creating accounts, placing orders, contacting support, subscribing to newsletters, or registering products for warranty coverage.

Automated Collection

Technical information collected automatically through cookies, web beacons, and similar technologies when you visit our website or use our services.

Third-Party Sources

Limited information from trusted partners such as payment processors, shipping companies, and authorized distributors, always with appropriate data sharing agreements.

Public Sources

Publicly available information for business verification, fraud prevention, and compliance purposes, processed in accordance with applicable laws.

How We Use Your Information

We use your personal information for specific, legitimate purposes with appropriate legal basis. Our primary uses include:

Order Processing and Fulfillment

Processing and fulfilling hardware wallet orders, managing inventory, coordinating shipping and delivery, and handling returns or exchanges.

Customer Support and Service

Providing technical support, answering product questions, resolving issues, processing warranty claims, and maintaining customer service records.

Product Updates and Security Notifications

Notifying customers of firmware updates, security patches, product recalls, and other critical product information affecting device security or functionality.

Legal and Regulatory Compliance

Complying with applicable laws, regulations, legal processes, and regulatory requirements including tax obligations, export controls, and anti-money laundering requirements.

Fraud Prevention and Security

Detecting and preventing fraudulent activities, protecting against security threats, and maintaining the integrity of our systems and services.

Business Operations and Analytics

Analyzing website usage patterns, improving our products and services, conducting market research, and optimizing business operations (using anonymized data where possible).

Marketing Communications

Sending newsletters, product announcements, and marketing communications to users who have provided explicit consent (with easy opt-out options).

Quality Assurance and Improvement

Monitoring and improving the quality of our products and services, conducting customer satisfaction surveys, and implementing feedback.

Legal Basis for Processing

Under GDPR and other applicable privacy laws, we process personal information based on the following legal grounds:

  • Contract Performance: Processing necessary to fulfill our contractual obligations when you purchase our products or services
  • Legitimate Interests: Processing for our legitimate business interests, such as fraud prevention, security, and business analytics, balanced against your privacy rights
  • Legal Compliance: Processing required to comply with legal obligations, including tax laws, export regulations, and regulatory requirements
  • Consent: Processing based on your explicit consent, such as for marketing communications or optional services
  • Vital Interests: Processing necessary to protect vital interests in emergency situations or critical security matters

Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. We may share your information only in the following limited circumstances:

Data Protection and Security Measures

We implement comprehensive technical, administrative, and physical security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction:

  • Encryption in Transit and at Rest: All data is encrypted using industry-standard protocols during transmission and storage, with regular key rotation and management
  • Access Controls and Authentication: Strict access controls limit data access to authorized personnel only, with multi-factor authentication and regular access reviews
  • Network Security: Firewalls, intrusion detection systems, and network monitoring protect against unauthorized access and cyber threats
  • Regular Security Audits: Comprehensive security assessments, penetration testing, and vulnerability scanning ensure ongoing protection
  • Data Minimization: We collect and retain only the minimum data necessary for our legitimate business purposes
  • Secure Infrastructure: Our systems are hosted in certified, secure data centers with appropriate physical and environmental controls
  • Employee Training: Regular privacy and security training for all employees handling personal information
  • Incident Response: Comprehensive incident response procedures to address any potential data breaches or security incidents
  • Data Loss Prevention: Advanced systems to prevent unauthorized data exfiltration or loss

International Data Transfers

As an Iceland-based company, we primarily process data within the European Economic Area (EEA). When we transfer personal information outside the EEA, we ensure appropriate safeguards are in place:

  • Adequacy decisions by the European Commission for countries with adequate data protection
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Binding Corporate Rules for intra-group transfers
  • Certification schemes and codes of conduct where applicable
  • Explicit consent for specific transfer purposes where appropriate

Your Privacy Rights

Under GDPR and other applicable privacy laws, you have comprehensive rights regarding your personal information:

Right to Access

Request access to your personal data and information about how we process it, including the purposes, categories, recipients, and retention periods.

Right to Rectification

Request correction of inaccurate or incomplete personal data, and have supplementary information added where necessary.

Right to Erasure (Right to be Forgotten)

Request deletion of your personal data under certain circumstances, such as when it's no longer necessary for the original purpose or consent is withdrawn.

Right to Data Portability

Request transfer of your data to another service provider in a structured, commonly used, and machine-readable format.

Right to Object

Object to processing of your personal data for direct marketing, legitimate interests, or public interest purposes.

Right to Restrict Processing

Request limitation of processing under certain circumstances, such as when accuracy is contested or processing is unlawful.

Right to Withdraw Consent

Withdraw consent at any time for processing based on consent, without affecting the lawfulness of processing before withdrawal.

Right to Lodge a Complaint

File a complaint with the relevant data protection authority if you believe your privacy rights have been violated.

To exercise any of these rights, please contact us using the information provided in the Contact section. We will respond to your request within the timeframes required by applicable law (typically 30 days).

Data Retention Policies

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy, comply with legal obligations, and protect our legitimate interests:

  • Order and Transaction Information: Retained for 7 years for warranty support, tax compliance, and legal requirements
  • Customer Support Records: Retained for 5 years to provide ongoing support and maintain service quality
  • Marketing Communications: Retained until you unsubscribe or withdraw consent, with periodic consent renewal
  • Website Analytics Data: Anonymized data retained for 3 years for service improvement and business analytics
  • Security and Fraud Prevention Data: Retained for 3 years or as required by law for security and fraud prevention purposes
  • Legal and Compliance Records: Retained as required by applicable laws and regulations
  • Account Information: Retained for the duration of the customer relationship plus 2 years for business continuity

When personal information is no longer needed, we securely delete or anonymize it in accordance with our data retention and disposal procedures.

Cookies and Similar Technologies

We use cookies and similar technologies to enhance your browsing experience and improve our services. For detailed information about our cookie practices, please refer to our separate Cookie Policy. Key points include:

  • Essential cookies for website functionality and security
  • Performance cookies for analytics and optimization (with consent)
  • Functional cookies for user preferences and settings
  • No advertising or tracking cookies for behavioral targeting
  • Clear opt-out mechanisms and browser controls

Children's Privacy Protection

Our services are not directed to children under the age of 16, and we do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16 without appropriate parental consent, we will take steps to delete such information promptly.

Parents and guardians who believe their child has provided personal information to us should contact us immediately so we can take appropriate action.

Policy Updates and Changes

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. When we make material changes, we will:

  • Update the "Last updated" date at the top of this policy
  • Notify affected users through email or prominent website notices
  • Provide a summary of key changes for easy understanding
  • Maintain previous versions for reference and transparency
  • Obtain new consent where required by law

We encourage you to review this policy periodically to stay informed about our privacy practices and your rights.

Contact Information and Data Protection Officer

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or need to report a privacy concern, please contact us:

Privacy Officer Email: privacy@elecsafe.is

General Contact Email: contact@elecsafe.is

Phone: +354 639 5274

Postal Address: Njálsgata 65, 101 Reykjavík, Iceland

We will respond to your inquiry within 30 days as required by applicable law. For urgent privacy matters, please indicate "URGENT PRIVACY MATTER" in your subject line.

You also have the right to lodge a complaint with the Icelandic Data Protection Authority (Persónuvernd) or your local data protection authority if you believe your privacy rights have been violated.