Privacy Policy

  1. Introduction

Morini Limited Company (hereinafter also “our Company”, “the Platform, “we” and “us”) recognizes the importance of protecting the privacy of your personal data.

This Privacy Policy aims to explain how we collect, use, store, share, dispose of and protect your personal data when you access our platforms bearing Piku owned and/or operated by us or whenever we otherwise connect with you.

You can feel safe while using our website. However, please remember that no system is entirely secure. Even if we take all necessary steps to protect your data, there is always the possibility of being out of security. For this reason, please be very careful with your personal data. We strongly advise you not to share your voice, photos, or other personally identifiable information through email, message, or any other communication channel unless expressly requested by us.

This privacy policy may be updated if necessary.

Last Updated: August 30, 2025

  1. Our Collection and Use of Your Personal Data

​When you access or use the Site Services, we may collect (directly or through third-party providers) certain categories of information about you from a variety of sources, which comprises: ​

  • Information provided during “Know Your Customer” (“KYC”) and Anti-Money Laundering (“AML”) processes, which includes personal identifying information. This may include:

  • Basic Information: Name, Nicknames, Usernames and Other Identifiers, Address, Date of Birth, Nationality, Address of Residence, Phone Number, Email Address.

  • Identification Information: Utility bills (or other proof of address), photographs, Government-issued identification (such as identification cards, passports, driver’s licenses, etc.), tax ID number, employment information, proof of residency, visa information, organizational documents, and information regarding ultimate beneficial owners.

  • Financial Information: Income/net assets/wealth verification statements, virtual wallet addresses and data or assets stored in virtual walletss.

We process the data provided and collected to provide the Site Services, personalize your experience with the Services, and improve the Services. Specifically, we use your data to:

  • identify you as a user in our system;

  • identify your location of residence, or registered office;

  • provide you with our Site Services and special benefits;

  • improve the administration of our Service and quality of experience when you interact with our Service;

  • provide customer support and respond to your requests and inquiries;

  • investigate and address conduct that may violate our Terms of Use;

  • detect, prevent, and address fraud, violations of our terms or policies, and/or other harmful or unlawful activity;

  • send you administrative notifications, such as security, support, and maintenance advisories;

  • send you newsletters, promotional materials, and other notices related to our Services or third parties' goods and services;

  • comply with applicable laws, cooperate with courts, law enforcement agencies or other governmental authorities of suspected violations of law or any other matter, and/or to pursue or defend against legal threats and/or claims.

  1. Our Processing of Your Personal Data

​In certain circumstances, our Company may process or share your information with third parties for legitimate purposes subject to this Privacy Policy. Such circumstances comprise of: ​

  • Blockchain analysis service providers

  • Data analytics vendors, including Google Analytics ​

  • Courts, law enforcement agencies or other governmental authorities In connection with an asset sale, merger, bankruptcy, or other business transaction ​

  • With any parent companies, subsidiaries, joint ventures, or other companies under common control with us, affiliates otherwise, or Piku DAO, in which case we will require such entities to honor this Privacy Policy

  • In connection with or during negotiation of any merger, financing, acquisition, or dissolution transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets. In the event of an insolvency, bankruptcy, or receivership, data may also be transferred as a business asset.

  • When you request us to share certain information with third parties, such as through your use of login integrations ​

  • With professional advisors, such as auditors, law firms, accounting firms, or KYC service providers

  1. Legal Basis Under the European Union’s GDPR

The legal bases for the processing of personal data of natural persons in the European Economic Area (EEA) are detailed in the General Data Protection Regulation No. 2016/679 (GDPR). The legal bases for processing your personal data are:

  • In the case of the initiation of a contract or an ongoing contractual relationship, the legal basis follows from Art. 6 (1) lit. b GDPR;

  • We are obliged by law to process Your data, e.g. by Financial Regulations (such as MiCAR Markets in Crypto Assets Regulation), Anti Money Laundering Laws, Tax Laws etc; the legal basis for such processing is Art. 6 (1) lit. c GDPR;

  • Our legitimate interests under Art. 6 (1) lit. f GDPR; our legitimate interests are e.g. to safeguard the security and stability of our Services; to monitor the use of our Services in order to comply with all applicable laws; to detect, prevent, and address fraud, violations of our terms or policies, and/or other harmful or unlawful activity; to improve our Services; and for certain limited promotional purposes.

  • If You have given Your consent to process Your data, the legal basis is Art. 6 (1) lit. a GDPR.

  1. Data Access and Control

You can view, access, edit, or delete your data for certain aspects of the Service via your Settings page. You may also have certain additional rights:

  • If you are a user in the European Economic Area, you have certain rights under the GDPR. These include the right to

  • (i) request access and obtain a copy of your personal data;

  • (ii) request rectification or erasure;

  • (iii) object to or restrict the processing of your personal data; and

  • (iv) request portability of your personal data. Additionally, if we have collected and processed your personal data with your consent, you have the right to withdraw your consent at any time.

If you wish to exercise your rights under the GDPR or other applicable data protection or privacy laws, please contact us at the address provided herein, specify your request, and reference the applicable law. We may ask you to verify your identity, or ask for more information about your request. We will consider and act upon any above request in accordance with applicable law. We will not discriminate against you for exercising any of these rights.

Notwithstanding the above, we cannot edit or delete any information that is stored on a blockchain, for example the Ethereum blockchain, as we do not have custody or control over any blockchains.

  1. Data Retention

We may retain your data as long as you continue to use the Services, have an account with us, or for as long as is necessary to fulfill the purposes outlined in this Privacy Policy, in accordance with the applicable law. We may continue to retain your data even after you deactivate your account and/or cease to use the Service if such retention is reasonably necessary to comply with our legal obligations, to resolve disputes, prevent fraud and abuse, enforce our Terms or other agreements, and/or protect our legitimate interests. Where your data is no longer required for these purposes, we will delete it.

  1. Data Security

We use appropriate technical and organizational measures to prevent accidental or intentional manipulation, partial or total loss, destruction or unauthorized access to your data by third parties. Our security measures are continuously improved in line with technological developments. Furthermore, all service providers commissioned by us are obliged by means of appropriate contractual agreements to take appropriate measures in accordance with the current state of the art to prevent the aforementioned risks.

Please be aware that, despite our reasonable efforts to protect your information, no security measures are perfect or impenetrable, and we cannot guarantee "perfect security." Please further note that any information you send to us electronically, while using the Services or otherwise interacting with us, may not be secure while in transit. We recommend that you do not use unsecure channels to communicate sensitive or confidential information to us. ​You are responsible for the security of your digital wallet(s), and urge you to take steps to ensure it is and remains secure.

In the event that any information under our custody and control is compromised as a result of a breach of security, we will take steps to investigate and remediate the situation and, in accordance with applicable laws and regulations, notify those individuals whose information may have been compromised.

  1. Children’s Privacy

Children under the age of 18 are not permitted to use the Services, and we do not seek or knowingly collect any personal information about children under 13 years of age. If we become aware that we have unknowingly collected information about a child under 13 years of age, we will make commercially reasonable efforts to delete such information from our database. ​ If you are the parent or guardian of a child under 13 years of age who has provided us with their personal information, you may contact us using the below information to request that it be deleted.

  1. Rights of Data Subjects under GDPR

This section applies to you if you are able to avail yourself of certain rights under GDPR.

a) Right to information, rectification, deletion as well as rights to restriction of processing or transfer of your data to another body: You have the right to request information (Art. 15 GDPR) about your personal data and related information. In addition, you can request the correction (Art. 16 GDPR) and the deletion (Art. 17 para. 1 GDPR) of your personal data. You can also request that the processing of your personal data be restricted (Art. 18 GDPR). Furthermore, you have the right to receive your personal data from the body responsible or to have it transmitted to another responsible body (Art. 20 GDPR).

b) Revocation of consent to data processing: You can revoke your consent in accordance with Art. 6 (1) sentence 1 (a) GDPR at any time with immediate effect in accordance with Art. 7 (3) sentence 1 GDPR. Please note that data processing that took place before the revocation is not affected by the revocation and is therefore lawful despite the revocation. If you would like to make use of your right of objection, a simple notification to the person listed under no. 1.

c) Objection to profiling and direct marketing: In certain cases, you also have the right to object (Art. 21 GDPR) to the data processing. In particular, you have the right to object at any time to the processing of your data (in particular in the case of so-called profiling) based on Art. 6 (1) sentence 1 (f) GDPR (data processing on the basis of a balancing of interests) or Art. 6 (1) sentence 1 (i) GDPR (data processing in the public interest) in accordance with Art. 21 (1) GDPR. We will then no longer process your personal data for these purposes, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves to establish, exercise or defend legal claims. If your personal data is processed for direct marketing, you can also object to the processing of your data for the purpose of direct marketing at any time in accordance with Art. 21 para. 2 GDPR, including profiling, insofar as it is related to such direct marketing. If you object, your personal data will no longer be used for these direct marketing purposes.

d) Right to lodge a complaint with the competent data protection supervisory authority: If you believe that we have not complied with data protection regulations when processing your data, you can submit a complaint to the supervisory authority responsible for us. The indication of the supervisory authority is not a mandatory part of the privacy policy.

  1. Third Party Service Providers

​Certain Site Services will require you to use third-party service providers, such as without limitation connecting a Virtual Wallet to the Site. By using such third-party service providers, you agree that your interactions with such third parties are governed by the privacy policy of the respective parties. We expressly disclaim any and all liability for actions arising from your use of third party services, including but without limitation, to actions relating to the use and/or disclosure of personal information by such Virtual Wallets.

  1. Contact Us

​Should you have any requests or questions about our privacy practices or this Privacy Policy, please email us at [email protected]

Last updated