Effective as of 01/10/2024
“Data controllers” are the people or organisations that determine the purposes for which, and the manner in which, any Personal Data is processed, and make independent decisions in relation to the Personal Data and/or who/which otherwise control that Personal Data.
For the purposes of the EU GDPR (the ‘’GDPR’’), The company is the data controller with regard to the Personal Data described in this Privacy Policy. The company’s mission is to empower compliance professionals and businesses to navigate global regulations with ease, offering intelligent, adaptive solutions that turn compliance into a strategic advantage. It specializes in automating Anti-Money Laundering (AML) processes, Know-Your-Customer (KYC), Know-Your-Business (KYB), and Know-Your-Transaction (KYT) checks. ComPilot's platform integrates tools like wallet screening, fraud detection, and customizable compliance workflows, designed to ensure regulatory compliance within the cryptocurrency ecosystem. With privacy-preserving KYC solutions and real-time analytics, ComPilot helps businesses streamline compliance tasks, reduce manual effort, and adapt to evolving regulations.
The company has outsourced the function of the Data Protection Officer to XpertDPO Ltd.
Our Data Protection Officer can be contacted as follows:
The purpose of this Privacy Policy is to provide you, as our data subject, with a statement regarding the Data Protection and Privacy practices and obligations of the Company and an explanation of your rights under applicable data protection laws.
This Privacy Policy applies to our business practices, including the use of our website, accessible at https://copilot.ai, and the services we provide. While the Company is established in France and falls under the jurisdiction of Commission Nationale de l’Informatique et des Libertés (CNIL), this policy also addresses our obligations under the EU GDPR.
We may collect and process Personal Data related to your use of our services and platform. Please note that external websites linked from our platform have independent privacy policies, for which we are not responsible.
The Company complies with the following data protection and privacy laws:
This ensures our services adhere to EU data protection requirements.
Data protection and privacy laws grant individuals rights concerning the use of their Personal Data. As an organisation, the Company is legally bound by the EU GDPR to comply with these laws when collecting, storing, and using Personal Data.
Beyond legal obligations, we ensure compliance to maintain your trust and protect our reputation. We demonstrate accountability through written policies, privacy-by-design principles in our systems, regular internal audits, and prompt action when non-compliance is identified. We also keep detailed records of our data processing activities to ensure transparency and control.
We adhere to the following principles outlined in data protection law:
Personal Data is any information that can directly or indirectly identify you, such as your name, email address, or IP address, collected by the Company. It does not include anonymised data where your identity has been completely removed.
Any Personal Data you provide is handled with strict security measures, including encryption and access controls, in accordance with the French Act No. 2018-493 of 20 June 2018, EU GDPR. This ensures your data is treated with the highest levels of confidentiality and protection.
We may collect and process the following categories of Personal Data:
We do not collect or process Special Category Data as defined under the EU GDPR. This includes data concerning health, racial or ethnic origin, political opinions, religious beliefs, or data regarding a person’s sex life or sexual orientation.
Our services are not directed at children under the age of 18. We do not knowingly collect data from children or provide services to them.
The Company may process information related to criminal convictions and offences as part of its regulatory compliance services, including Anti-Money Laundering (AML) and Know-Your-Customer (KYC) checks. This data is processed in accordance with applicable laws and is strictly limited to ensuring compliance with regulatory obligations.
We collect statistical and analytical information, such as demographic and usage data, on an aggregated basis from all visitors to our website. This information is not considered personal data because it does not directly or indirectly identify you. However, if we combine Aggregated Data with any of your personal data in a way that could identify you, we treat the combined data as personal data and apply the same protections outlined in this Privacy Policy.
Below is a consolidated table of activities detailing how and why we use your personal data, as well as the legal bases for processing it. This table provides an overview of our data processing practices. If you require more specific information or have any queries regarding the use of your personal data, please contact our Data Protection Officer (DPO) at the details provided in this Privacy Policy.
This statement ensures transparency while providing a point of contact for any further details or inquiries.
We use your personal data for the purposes outlined above. In doing so we rely on a number of separate and overlapping legal bases to lawfully process your personal data. These may include:
Where necessary to perform our contract with you
We will retain your personal data only as long as necessary to fulfill the purposes for which it was collected, including to meet legal, accounting, or reporting obligations. To determine retention periods, we consider the type and sensitivity of the data, the risk of harm from unauthorised use, and any applicable legal requirements.
We have a Retention Policy and Schedule in place to ensure data is securely destroyed when no longer needed. In some cases, by law, we are required to retain basic information (e.g., contact, identity, and transaction data) for up to six years for tax purposes.
You may also request deletion of your data under certain circumstances. In cases where data is anonymized, it may be used indefinitely for research or statistical purposes. If you have any questions about our retention periods, please contact us at DPO@nexera.id.
Third Parties and Disclosures of your Personal Data
We require all third parties to respect the security of your personal data and comply with data protection laws. Third-party service providers are not permitted to use your personal data for their own purposes and may only process it for specified purposes under our instructions.
When you provide us with your personal data, we will also request your consent to share it with relevant third parties.
The Company conducts due diligence and maintains contracts with all suppliers and third parties. Any payment transactions are encrypted using secure encryption technology to protect your data.
We may share your personal data with the following categories of third parties:
In compliance with the GDPR, any transfers of personal data outside the European Economic Area (EEA) are subject to strict safeguards. When personal data is transferred internationally, we ensure that appropriate transfer mechanisms are in place, such as the use of Standard Contractual Clauses (SCCs), adequacy decisions like the EU-US Data Privacy Framework (DPF), or binding corporate rules to guarantee that data remains protected to GDPR standards.
Currently, all data is hosted within the EU. However, we use Google Analytics, which may involve data transfers to the US. These transfers are covered by the EU-US DPF and appropriate safeguards.
The Company uses strict procedures and security measures, including encryption and access controls, to protect your personal data from unauthorized access, loss, or misuse. Our data is stored within the EU. If we engage a data processor or controller outside these regions, we ensure that Standard Contractual Clauses (SCCs) and Transfer Impact Assessments (TIAs) are in place to safeguard your data.
We have procedures to respond to data breaches and will notify you and the relevant authorities if required. Access to your data is restricted to authorized personnel, contractors, and third parties on a need-to-know basis, strictly under contract.
Where consent is identified as the lawful basis for processing your Personal Data, you are giving us permission to process your data for the specific purposes outlined in this Privacy Policy.
You have the right to withdraw your consent at any time by clearly indicating your decision, either through a statement or affirmative action. To withdraw consent or if you have any questions, contact our Data Protection Officer using the details provided below.
Please note, withdrawal of consent does not affect the lawfulness of processing prior to withdrawal.
We have appointed a Data Protection Officer to monitor compliance with our data protection obligations and with this policy and our related policies. If you have any questions about this policy or about our data protection compliance, please contact the Data Protection Officer.
If you wish to exercise your rights please contact our Data Protection Officer who will respond to the request within one calendar month.
Our Data Protection Officer can be contacted as follows:
XpertDPO
Telephone: + 353 1 678 8997
Email: DPO@nexera.id
Post: 20 Harcourt St, Saint Kevin's, Dublin, D02 H364, Ireland
You as the Data Subject have the right to complain at any time to a supervisory authority in relation to any issues related to our processing of your Personal Data. We would like to hear from you first if you have a complaint about how we use your data so that we may rectify the issue.
As our organisation is located in France, and since we conduct our data processing here, we are regulated for data protection purposes by La Commission Nationale de l'Informatique et des Libertés (CNIL).
You can contact La Commission Nationale de l'Informatique et des Libertés (CNIL) regarding complaints or data protection issues, the usual contact details are:
Mailing address: CNIL, 3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07, France
Phone: +33 (0)1 53 73 22 22
Website contact form: CNIL Contact Form
These details are used for filing complaints or inquiries regarding data privacy and GDPR-related issues.
Our practices as described in this Privacy Policy may be changed, but any changes will be posted, and changes will only apply to activities and information on a going forward, not retroactive basis.
You are encouraged to review this Privacy Policy periodically to make sure that you understand how any personal information you provide will be used.
We may also email you in certain circumstances to let you know if and when we update this Privacy Policy to ensure you are informed.
Any changes to this Privacy Policy will be posted on this website so you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any time we decide to use Personal Data in a manner significantly different from that stated in this Privacy Policy, or otherwise disclosed to you at the time it was collected, we will notify you by email, and you will have a choice as to whether or not we use your Personal Data in the new manner.