1. Data Controller

The Data Controller of personal data is:

Carlo Corradi – Director
DUE C Limited – Company Registration No. C108294
Registered Office: Malta

Independent Digital Asset Advisory

Website: www.ccrypto.capital
Email: [email protected]
Phone: +39 375 788 2921

The Data Controller processes personal data in compliance with Regulation (EU) 2016/679 (GDPR) and applicable data protection laws.

2. Types of Data Collected

a) Data Provided Voluntarily by the User

The website may collect personal data voluntarily provided by users, including:

• first and last name

• email address

• phone number

• content of messages sent via contact forms, email, or direct communications

b) Browsing Data

The website’s IT systems and software procedures acquire certain personal data whose transmission is implicit in the use of Internet protocols, such as:

• IP address

• browser and device type

• pages visited

• date and time of access

• approximate geographic location

c) Cookies and Similar Technologies

The website uses technical cookies and, where applicable, third-party cookies to improve the browsing experience and analyze traffic. More information is available in the Cookie Policy.

3. Purposes of Processing

Personal data are processed for the following purposes:

• responding to contact and support requests

• providing independent advisory and research services on digital assets

• supporting clients in understanding digital asset markets

• sending updates and informational communications (subject to consent)

• conducting statistical analysis and improving the website

• fulfilling legal obligations

4. Legal Basis for Processing

The processing of personal data is based on:

• the user’s consent

• performance of requested services

• legal obligations

• the legitimate interest of the Data Controller (security and abuse prevention)

5. Processing Methods and Security

Data processing is carried out using IT and organizational tools appropriate to ensure the security, integrity, and confidentiality of personal data.

Technical and organizational measures are adopted to prevent unauthorized access, loss, or disclosure of data.

6. Data Retention

Personal data are retained for the time necessary to achieve the purposes for which they were collected:

• contact data → maximum 24 months

• contractual/administrative data → in accordance with legal obligations

• marketing data → until consent is withdrawn

7. Data Disclosure

Personal data may be disclosed to:

• technical service providers (hosting, email, cloud services)

• legal, tax, and administrative advisors

• competent authorities where required by law

Data are neither sold nor publicly disclosed.

8. Transfers Outside the EU

If third-party services with servers located outside the European Economic Area are used, transfers will be carried out in compliance with the safeguards provided by the GDPR.

9. Data Subject Rights

Users may exercise the rights provided under Articles 15–22 of the GDPR, including:

• right of access

• rectification

• erasure

• restriction of processing

• objection

• data portability

• withdrawal of consent

Requests may be sent to: [email protected]

Users also have the right to lodge a complaint with the competent Data Protection Authority.

10. Minors

The website is not intended for children under 14 years of age, and the Data Controller does not knowingly collect personal data from minors.

11. Changes to This Privacy Policy

This Privacy Policy may be updated at any time. Any changes will be published on this page.

Last updated: February 27, 2026