The Penguin Coin
LoginRegister

Privacy Policy

v1.0.0 · 15 March 2026

1. Introduction

1.1. General Purpose

The purpose of this Privacy Policy ("Privacy Policy") is to inform the User in a transparent and clear manner about how the Service Provider processes the User's personal data during the use of the Service.

The Service includes The Penguin Coin crypto-asset project, the website, the token pre-sale (Pre-sale), the Giveaway program, the Vesting mechanism, the Smart Contracts, as well as the related digital and technical functions.

The purpose of the Privacy Policy is to ensure that the User is aware of the manner of collection, processing, and retention of data, as well as of the rights available to them.

1.2. Identification of the Data Controller

The Service Provider may be identified by the following details:

  • Name: The Penguin Coin / AURIS Technologies Kft.
  • Company form: Limited liability company (Kft.)
  • Registered office: 2093 Budajenő, Pátyi utca 49., Hungary
  • Company registration number: 13-09-245633
  • Tax number: 32997457-1-13
  • Contact email: info@thepenguincoin.com
  • Official website: https://thepenguincoin.com

The Service Provider acts as an independent legal entity and bears exclusive responsibility for the processing of personal data.

1.3. Scope of Data Subjects

The Privacy Policy applies to all Users of the Service, in particular:

  • participants in the token Pre-sale;
  • participants in the Giveaway promotion;
  • registered Users in the Governance mechanism;
  • users of other digital functions of the Service.

1.4. Scope and Updates

  • The Privacy Policy enters into force upon the commencement of use of the Service.
  • The Service Provider is entitled to amend the Privacy Policy at any time.
  • The Service Provider shall inform Users of any amendment by publishing an updated version on the website.
  • The "Last updated" date of the document shall always reflect the date of the most recent amendment.

1.5. Principles

In the course of processing personal data, the Service Provider observes the principles of transparency, data minimization, purpose limitation, limited storage, and security. Accordingly, the Service Provider processes only the data that are necessary, retains them only for specified purposes and for the necessary period, and protects them by appropriate technical and organizational measures.

2. Legal Bases and Purposes of Data Processing

2.1. Legal Bases of Data Processing

The Service Provider processes personal data in accordance with the applicable data protection laws. Depending on the nature and purpose of the given processing operation, the legal basis for data processing may in particular be one of the following:

  • performance of a contract, where the processing is necessary for the provision of the Service, the management of the User Account, participation in the Pre-sale, wallet connections, or the provision of other related functions;
  • compliance with a legal obligation, where the processing is required by financial, accounting, compliance, customer identification, or other legal requirements;
  • the User's consent, where the processing is necessary for the fulfilment of a purpose based on a declaration, acceptance, marketing communication, or other purpose based on voluntary consent;
  • the legitimate interest of the Service Provider, where the processing is necessary to ensure the operation of the website, the security of the Service, the prevention of abuse, the protection of systems, or the analysis of operations.

In all cases, the Service Provider seeks to ensure that personal data are processed on an appropriate legal basis, for specified purposes, and in accordance with the principle of data minimization.

2.2. Main Categories of Data Processed and Purposes of Data Processing

In the course of providing the Service, the Service Provider may in particular process the following categories of personal data:

  • data necessary for the identification of the User and the operation of the User Account;
  • data necessary for contact and customer communication;
  • data related to invoicing, payments, and transactions;
  • data necessary for participation in the Pre-sale, consent declarations, and the recording of related entitlements;
  • data necessary for compliance, security, and fraud prevention purposes;
  • technical data related to the operation, performance, and use of the website.

Personal data may in particular be processed for the following purposes:

  • creation, maintenance, and management of the User Account;
  • operation of the Service and provision of related functions;
  • conduct of the Pre-sale, processing of payments, and recording of related entitlements;
  • communication with the User, including transactional and customer relationship notifications;
  • fulfilment of legal, financial, accounting, and compliance obligations;
  • maintenance of the security of the website and related systems;
  • prevention of abuse, unauthorized access, and fraudulent conduct;
  • improvement of the operation, performance, and user experience of the Service.

3. User Rights and Their Exercise

3.1. Rights Granted to the User

In relation to the processing of their personal data, the User is entitled to the rights set out in the applicable data protection laws, in particular under the GDPR. The Service Provider ensures that the User may exercise these rights in a transparent, reasonable, and lawful manner.

The User is entitled to request information as to whether the Service Provider processes personal data concerning them, and if so, is entitled to learn the scope of the data processed, the purpose, legal basis, and duration of the processing, as well as with whom the Service Provider shares the data. The User is also entitled to request a copy of the personal data concerning them.

The User may request the rectification of inaccurate, incomplete, or outdated personal data. This may relate in particular to data provided in the User Account, contact details, billing details, as well as data related to the Pre-sale that may be modified based on the User's declaration or request.

The User may request the erasure of their personal data if the purpose of the processing has ceased, they have withdrawn their consent, the processing is unlawful, or other legal conditions for erasure are met. The right to erasure, however, is not absolute: the Service Provider may retain certain data despite the erasure request if this is justified by law, compliance obligations, accounting or financial requirements, or the establishment, exercise, or defense of legal claims.

The User may also request the restriction of processing. This means that, in certain cases, the Service Provider will temporarily not use the data for purposes other than storage. This may occur in particular if the User disputes the accuracy of the data, if the lawfulness of the processing is contested, or if the User requests that the data be retained by the Service Provider for the establishment of a possible legal claim.

The User may object to the processing of their personal data where the legal basis for the processing is the legitimate interest of the Service Provider. In such a case, the Service Provider shall examine whether the interests, rights, and freedoms of the User override the reasons of the Service Provider for the processing. If the objection is justified, the Service Provider shall terminate the relevant processing, unless there are compelling legitimate grounds for continuing it that override the User's interests, or if the processing is necessary for the establishment, exercise, or defense of legal claims.

The User is also entitled to exercise the right to data portability in cases where the processing is based on consent or on the performance of a contract and is carried out by automated means. In this context, the User may request that the data provided by them be made available by the Service Provider in a structured, commonly used, machine-readable format, or—if technically feasible—that such data be transmitted directly to another controller.

3.2. Subject Matter and Scope of the Exercise of Rights

The exercise of the rights set out in this Chapter may in particular extend to data related to the User Account, contact and billing details, data related to participation in the Pre-sale, consent declarations, as well as data related to refund requests.

The exercise of User rights does not, however, affect cases where the Service Provider is obliged or entitled to continue processing or retaining certain data on the basis of law, compliance obligations, financial or accounting requirements, or for the establishment, exercise, or defense of legal claims.

The detailed rules of data retention are set out in Chapter 5 of this Privacy Policy.

3.3. Manner of Exercising Rights

The User may exercise the rights set out in this Chapter by sending a request to the Service Provider at the following email address: info@thepenguincoin.com

The Service Provider shall examine and respond to requests without undue delay, but no later than within 30 days. In its response, the Service Provider shall inform the User of the measures taken, or, if it is unable to comply with the request in whole or in part, of that fact and the reasons therefor.

In order to ensure that the request has indeed been submitted by the data subject concerned, the Service Provider may be entitled to request additional information necessary for identification. The Service Provider shall use such a request only to the extent necessary for lawful and secure administration.

The Service Provider reserves the right to handle requests that are manifestly unfounded, excessive, or repetitive in accordance with the applicable laws.

3.4. Remedies

If the User believes that the processing of their personal data by the Service Provider infringes the applicable data protection laws, they are entitled to lodge a complaint with the competent data protection supervisory authority, in particular the authority of their habitual residence, place of work, or the place of the alleged infringement, and are also entitled to bring the matter before a court.

At the same time, the Service Provider recommends that the User first contact the Service Provider directly so that any questions, observations, or complaints may be resolved quickly and efficiently.

4. Third-Party Processors

4.1. General Provisions

In the course of operating the Service, the Service Provider may engage third-party service providers and data processors for certain data processing operations. These partners perform tasks necessary for the provision of the service on behalf of the Service Provider and in accordance with its instructions.

The engagement of data processors may take place in particular for the purposes of user authentication, payment processing, email communication, operation of the website, security and compliance checks, as well as the provision of wallet connections.

The involvement of a third-party service provider does not in itself create a direct contractual relationship between the User and the given service provider, unless the User separately accepts that service provider's own terms.

4.2. Processors Engaged

The Service Provider may in particular engage the following data processors:

  • Auth0: services related to user authentication and login;
  • CoinGate: services related to payment processing;
  • Brevo (Sendinblue) or SMTP provider: email communication, in particular the sending of transactional notifications and customer communication messages;
  • Cloudflare: website hosting, security, and performance optimization services;
  • WalletConnect: provision of wallet connections and integration;
  • Scorechain: performance of sanctions and compliance checks;
  • Base / RPC providers: technical support and validation of blockchain-based operations.

The above service providers may process personal data to the extent necessary for the performance of their tasks, in particular identification, contact, transaction, wallet, and technical data.

Depending on the given data processing operation, the legal basis for the transfer of personal data to such processors may in particular be the performance of a contract, compliance with a legal obligation, consent, or the legitimate interest of the Service Provider.

4.3. International Data Transfers

The Service Provider draws Users' attention to the fact that certain processors, or their sub-processors, may also carry out data processing operations outside the European Economic Area.

In such cases, the Service Provider shall ensure, by applying appropriate safeguards, that the protection of personal data is ensured in accordance with the applicable data protection laws. For this purpose, the Service Provider may in particular rely on data processing agreements, Standard Contractual Clauses adopted by the European Commission, as well as other lawful data transfer mechanisms.

5. Data Retention

5.1. General Rules

The Service Provider retains personal data related to the User Account only for as long as this is necessary for the achievement of the purpose of the processing, or for compliance with applicable legal, financial, accounting, or compliance obligations.

When determining the retention period, the Service Provider takes into account in particular the purpose of the processing, the nature of the service, as well as the period necessary for the establishment, exercise, or defense of possible legal claims.

5.2. Account Data

The Service Provider processes personal data related to the User Account for the duration of the existence of the account.

Following the closure of the account or the fulfilment of a request for deletion, the personal data shall be deleted, except for data the further retention of which is justified by law, legitimate interest, or technical-security reasons.

5.3. Transaction and Compliance Data

Transaction data related to the Pre-sale, consent declarations, as well as data related to refund requests are retained in accordance with the relevant legal, financial, accounting, and compliance requirements. Where the retention of the given data is required by law, the Service Provider shall retain them at least for the prescribed period, and in the case of certain transaction and accounting data typically for up to 8 years.

The purpose of retaining such data is in particular to evidence the performance of the contract, fulfil legal and financial obligations, handle disputes, and ensure auditability.

5.4. Technical Data Stored for a Short Period

The Service Provider processes certain technical data only on a temporary basis where this is necessary for the operation of the system, the maintenance of security, or the prevention of abuse.

Such data—including in particular technical information related to sessions, login protection, or password reset—shall be automatically deleted once the purpose has been achieved.

5.5. Limited Retention of Data Related to Deleted Accounts

In relation to deleted accounts, the Service Provider may retain, to a limited extent, the User's email address, the technical identifier used by the authentication provider, and the date of deletion for the purpose of preventing abusive re-registration and ensuring the integrity of the system.

Data retained in this manner serve exclusively technical and security purposes, may not be used for marketing or other business purposes, and do not enable access to the former account.

5.6. Session Data

Data related to User sessions remain valid for a maximum of 7 days. Following the expiry of the session, or in the event of logout, the related data shall be deleted in accordance with the operational logic of the system.

6. Cookies and Client-Side Storage

6.1. General Provisions

For the proper operation of the website, secure login, ensuring user experience, and the operation of certain technical functions, the Service Provider may use cookies and other client-side storage solutions.

A cookie is a small data file stored on the User's device, while other forms of client-side storage—such as the browser's local storage solution—support the operation of certain functions of the website.

6.2. Strictly Necessary Cookies

On the Service Provider's website, a strictly necessary cookie may be used for the purposes of secure authentication and maintaining the session.

Such a cookie may in particular include tpeng_session, which serves to identify the User's session. This cookie is necessary exclusively for the basic operation of the website, typically remains in place for no more than 7 days, and is used with appropriate security settings.

6.3. Client-Side Storage in the Case of Technical Solutions Provided by Third Parties

Certain functions of the website may also use technical solutions provided by third parties, which may apply their own cookies or other client-side storage mechanisms.

This may occur in particular in connection with the handling of wallet connections, where the given solution may store data related to previously used wallet connections or technical settings in the User's browser in order to make connection and use smoother.

The processing of data by third-party service providers and their own technical solutions shall be governed by the relevant provider's own privacy notice.

The Service Provider seeks to ensure that the use of such technical solutions is limited to the extent necessary and does not result in unjustified data processing.

6.4. Analytics and Performance Monitoring Solutions

For the purpose of monitoring the operation, performance, and security of the website, the Service Provider may also use analytics solutions that do not necessarily use traditional cookies.

These solutions typically collect statistical or technical information about the use of the website in order to enable the Service Provider to improve the operation, performance, and security of the Service.

6.5. Browser Settings and the Management of Cookies

The User may regulate, restrict, or delete the use of cookies and certain forms of client-side storage in the settings of their own browser.

The Service Provider draws attention to the fact that disabling certain cookies or storage solutions may result in the limited functioning of certain features of the website, in particular those related to login, maintaining the session, or the use of wallet connections.

7. Pre-sale-Specific Data Processing

7.1. General Provisions

In the course of conducting the Pre-sale, the Service Provider performs, in addition to the general rules of this Privacy Policy, data processing operations that are specifically related to the token pre-sale, the related payments, the recording of entitlements, and the proof of performance.

7.2. Purpose of Data Processing

The purpose of data processing carried out during the Pre-sale is in particular:

  • to ensure participation in the Pre-sale;
  • to process and record payments;
  • to manage records related to entitlements connected to the Tokens, in particular records related to vesting;
  • to ensure transactional and customer communication to the User;
  • to record consents, declarations, and acceptances;
  • to fulfil the relevant legal, financial, accounting, and compliance obligations.

7.3. Legal Basis

Depending on the nature of the data processing, the legal basis for data processing related to the Pre-sale may in particular be:

  • performance of a contract, where the data processing is necessary for the User's participation in the Pre-sale, the payment, or the provision of related services;
  • compliance with a legal obligation, where the data processing is justified by financial, accounting, compliance, or other legal requirements;
  • the User's consent, where the data processing relates to the recording of a declaration, acceptance, or consent.

8. Data Security

8.1. General Provisions

The Service Provider applies appropriate technical and organizational measures in order to protect personal data against unauthorized access, alteration, disclosure, loss, destruction, or any other unauthorized processing.

The purpose of the measures applied is to ensure that the security of the data processing is proportionate to the nature of the data processed, the circumstances of the processing, and the potential risks.

8.2. Technical and Organizational Measures

In order to ensure the security of personal data, the Service Provider applies in particular secure communication solutions, access control measures, and protective mechanisms serving the security of the system.

During the operation of the website and the related systems, the Service Provider seeks to ensure that personal data are accessible only to persons and service providers authorized thereto, and only to the extent necessary.

The Service Provider may also apply measures aimed at the prevention, detection, and handling of unauthorized access attempts, abuse, or system security incidents.

8.3. Protection of Payment Data

Payments made during the Pre-sale are processed with the involvement of an external, certified payment service provider. The Service Provider does not process or store sensitive financial data related to payment operations that are handled by the payment service provider in its own systems.

The payment service provider, acting in accordance with its own data processing and security rules, is also responsible for the security of the payment process.

8.4. Blockchain-Based Records

Certain data related to the Tokens and vesting may be recorded or maintained on blockchain-based infrastructure. Due to the characteristics of blockchain, the processing of such data takes place partly in a decentralized environment.

The Service Provider draws Users' attention to the fact that the processing of data recorded on the blockchain may differ from the operation of traditional IT systems; therefore, the User must act with particular care when using the wallet and providing related data.