DNX Network Privacy Policy

Introduction

At DNX Network, we are committed to protecting your privacy. This Privacy Policy explains how DNX Network (“DNX Network”, “we”, “us”) collects, uses, and safeguards your personal data when you use our website and services (the “Platform”). It also describes your rights regarding your personal data and how you can exercise them. We adhere to all applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and Luxembourg’s laws on privacy protection.

By using the DNX Network Platform, you agree to the collection and use of information in accordance with this Privacy Policy. We may update this policy from time to time (see Changes to This Policy below), and we will notify you of any significant changes.

Data Controller: The data controller responsible for your personal data is DNX Network S.à r.l., located at 42 Rue de Hollerich, L-1740 Luxembourg, Luxembourg. You can contact us using the details provided in the Contact Us section of this Policy.

Personal Data We Collect

We collect various types of personal data from you when you visit our site, create an account, or use our services. This includes:

• Identity and Contact Information: Such as your nickname, email address, phone number and username. This information is collected when you register an account or otherwise provide it to us. We only collect identity details that you choose to provide or that are necessary for service.
• Account Credentials: When you register, we collect a username and password. Your password is stored in a protected form (e.g. hashed) and not in plain text for security. Please choose a strong password and keep it confidential. (See also the section on “Security of Your Password” below.)
• Profile Information: If you create a profile on our Platform or provide additional details (such as profile descriptions, preferences, or demographic information), we will collect that information as part of your account profile.
• Financial and Payment Information: If you make purchases on our Platform, we (or our payment processors on our behalf) collect payment details. This may include your credit or debit card number, bank account information, or other payment method details in tokenized or encrypted form. Note: For security, DNX Network itself does not store full payment card numbers or security codes. We use accredited payment service providers who handle your card information. We may retain non-sensitive payment identifiers (e.g., a payment token, card type, expiration date, or an internal transaction ID) to enable transactions and for billing records.
• One-Click Payment Data: If you enable our “one-click” payment feature (see One-Click Payment Feature below), we will store a token or reference for your payment method (provided by our payment partner) to allow quick future payments.
• Communication Data: Any correspondence you send to us, such as emails, support tickets, or reports of problems, will include personal data like your email address and the content of your communication. If you use chat rooms or other interactive features on the Platform, the content you share (messages, posts, interactions) may be stored by us as part of your account history.
• Usage Data: We collect technical data about how you access and use our Platform. This includes information such as your IP address, browser type and version, device identifiers, time and date of visits, pages viewed, clicks and actions on our site, and the referring website. We also log when you last logged in and other relevant activity to help secure your account and improve our services.
• Cookies and Tracking Information: When you visit our website, we may place cookies and similar tracking technologies on your device. These technologies collect data about your browsing actions and preferences on our site (see Cookies and Tracking Technologies below for details). For example, we might collect information on which pages you visit and what links you click on our site, or whether you have seen a particular advertisement.
• Third-Party Data: If you choose to connect or log in to our Platform through a third-party service (for example, using Google Single Sign-On), we may receive certain information from that service, such as your name and email address, as permitted by your privacy settings with that service. We treat this information in line with this Privacy Policy.
• Sensitive Data: We do not intentionally collect any special categories of personal data about you (such as information on health, political opinions, biometric data, etc.) as part of our standard services. Please avoid sharing such sensitive data on the Platform. Note that in the context of webcam services, any personal data you volunteer (for example, in chat messages) will be processed in line with this Policy, but remember that personal information you disclose in public areas can be viewed by others.

Provision of Data: Some personal data is required to create an account and use the Platform (for example, an email address, a username, and payment information for purchasing services). If you choose not to provide mandatory information, you may not be able to register or use certain features. Optional fields are indicated as such and are provided at your discretion.

Purposes of Processing and Legal Bases

We process your personal data for the following purposes, and each processing activity is supported by a legal basis under GDPR:

1. Providing and Managing the Service: We use your personal data to create and manage your account, to allow you to access our Platform and use our webcam services, and to facilitate your overall user experience. This includes displaying content, maintaining your profile, and enabling you to interact with third-party webcam service providers through our Platform. Legal basis: Contractual necessity – We need to process your data to fulfill our Terms of Service with you (i.e., to provide the services you request).
2. Payment Processing and Purchases: We process your financial information and personal details as needed to process payments for services you purchase, to provide you with payment options (such as credit card or other payment methods), and to maintain records of those transactions. Legal basis: Contractual necessity – to carry out payment transactions you initiate; and Legal obligation – to comply with financial and accounting regulations (for example, maintaining transaction records for tax and audit purposes).
3. One-Click Payment Feature: If you opt to use our one-click payment functionality, we will set up a pre-authorized payment method through our payment provider (for example, by storing a tokenized version of your credit card or establishing a billing agreement). This allows you to make subsequent purchases more conveniently without re-entering your payment details. Legal basis: Contractual necessity (to perform the quick payment service at your request) and consent – by opting in and using the feature, you consent to this use of your payment data.
4. Communications and Customer Support: We use your contact information (like your email address) to send service-related communications, such as transaction confirmations, account notifications, updates about our Platform or terms, or technical notices. If you contact us with a question, feedback, or to report a problem, we will use your data to communicate with you and resolve the issue. Legal basis: Contractual necessity – we need to communicate with you to perform our services and support; and Legitimate interests – it is in our legitimate interest to ensure customer satisfaction and properly address user inquiries.
5. Sending Newsletters and Information Bulletins: With your consent or as otherwise permitted by law, we may use your email to send newsletters, updates on new features, promotions, and other information about our services (for example, “information bulletins” about new webcam content or special offers). Legal basis: Consent – where you have opted in; and in some cases, Legitimate interests – if you are an existing customer, we may inform you about similar services you have used, but we will always provide an easy opt-out option for such communications (see Your Rights below regarding direct marketing).
6. Direct Marketing and Personalized Offers: We may analyze your usage of the Platform, preferences, and transaction history to present you with tailored content or promotions, such as suggesting webcam content you might like or special offers you might benefit from. Legal basis: Legitimate interests – we have a legitimate interest in promoting our services in a relevant way to our users. Where required by law, we will obtain your consent for certain marketing activities (for instance, cookie-based advertising targeting). You can object to direct marketing at any time, as detailed in the Your Rights section.
7. Automatically Generating User Profiles: We may automatically compile certain information (like the categories of content you view or your activity patterns) to create a user profile that helps us understand your interests. This profile is used to optimize your experience — for example, by customizing the content shown to you, improving our services, or providing features that align with your usage. Legal basis: Legitimate interests – it’s important for us to improve and personalize our services for our users. (Where such profiling involves non-essential cookies or similar tracking technologies, we will obtain your consent via our cookie banner or preferences.)
8. Service Optimization and Platform Management: We process data to analyze how our Platform is used so we can improve functionality, fix bugs, and make informed decisions about new features and services. This includes conducting statistical analyses, measuring audience and traffic, and monitoring usage trends. Legal basis: Legitimate interests – we have a legitimate interest in ensuring our Platform is user-friendly, relevant, and efficient. (Note: Analytics that rely on cookies or tracking will be subject to user consent in compliance with ePrivacy rules — see Cookies and Tracking Technologies.)
9. Loyalty and Promotional Activities: We may use personal data to run loyalty programs, contests, lotteries, or other promotional activities (excluding any form of online gambling that is not permitted without regulatory approval). Each such activity will have its own terms. Legal basis: Legitimate interests – to reward and engage our users; or contract – if you agree to specific contest terms; or consent – where required by law for certain promotional participation.
10. Fraud Prevention and Security: We process personal data (such as monitoring IP addresses, account activities, and usage patterns) to detect and prevent fraud, abuse, security incidents, and other malicious or unauthorized activities on our Platform. This includes enforcing our rules and terms (for example, detecting violations or preventing unauthorized account access). Legal basis: Legitimate interests – we have a legitimate interest in protecting our business and users from fraud and security threats; and in some cases Legal obligation – we are legally required to safeguard data and ensure secure processing.
11. Compliance with Legal Obligations: We will process personal data where necessary to comply with our legal obligations under Luxembourgish and EU law. This includes retaining certain records to comply with tax laws, accounting requirements, or responding to lawful requests from authorities (e.g., court orders or government requests). Legal basis: Legal obligation – processing is necessary for us to comply with laws and regulations.
12. Other Legitimate Business Purposes: We may process data as needed for other internal administrative purposes, such as auditing, internal reporting, or in the context of business transactions (e.g., mergers or acquisitions). Legal basis: Legitimate interests – for efficient business administration, provided such interests are not overridden by your rights and interests.

We will not use your personal data for purposes that are incompatible with those listed above without first obtaining your consent or unless otherwise permitted or required by law. If we need to process your data for a new purpose, we will update this Privacy Policy and notify you as necessary.

One-Click Payment Feature

We offer an optional “one-click” payment feature to make repeat purchases more convenient for you. This feature allows you to authorize future payments without having to re-enter your payment details each time. Here’s how it works and what it means for your data and privacy:

• How One-Click Payment Works: When you make a purchase on our Platform and opt in to one-click payments, we work with our payment service provider to set up a pre-authorized payment method. This may involve creating a billing agreement (for example, with a provider like PayPal) or securely storing your card details in tokenized form using a PCI-compliant vault. In either case, the full payment information (such as your credit card number) is not stored on our servers; instead, a secure token or reference is stored. We can use this token to charge your card via the payment provider for future transactions, without you needing to re-enter the card details.
• Your Authorization: By using the one-click payment feature (for instance, by selecting a “remember my card” option and completing a purchase), you explicitly authorize DNX Network and our payment partners to maintain your payment method on file and to charge that payment method for future services on a one-click basis. In practice, your initial action of saving the payment method, combined with using one-click for a purchase, serves as your consent for us to rebill the same method for subsequent purchases that you choose to make.
• Future Payments: Any new purchase you initiate by clicking the one-click payment button will be processed immediately using your saved payment method. By initiating a one-click purchase, you confirm your intent to make that purchase and your approval for us to charge your saved method for the corresponding amount. We will clearly indicate when a payment will be processed using one-click and the amount, so you are always aware when a charge is made. Each time you use one-click to buy something, that action confirms your agreement to pay using the stored method.
• Opt-Out and Management: Using one-click payments is entirely optional. If you no longer wish to use the one-click feature or if you want to change the payment method used, you can do so at any time. You may remove or update your saved payment methods through your account settings or by contacting our support team for assistance. If you remove a saved card or disable one-click payments, future purchases will require you to enter payment details manually again, and we will not attempt to charge the removed method.
• Security of Payment Data: We and our payment partners treat your payment data with high security. Card data is handled in compliance with the Payment Card Industry Data Security Standard (PCI-DSS). As noted, DNX Network itself does not store sensitive card details; we rely on secure tokenization by our payment processor. This means that the convenience of one-click payments is achieved without compromising the security of your card information. The payment provider stores your actual card details safely and provides us a reference token that is useless to anyone except for making authorized charges through that provider.
• Transparent Billing: Even with one-click enabled, we will provide you with a receipt or confirmation for each transaction charged to your saved method. You will be able to see details of one-click transactions in your account purchase history (e.g., date, amount, and what was purchased). If you ever notice a charge that you do not recognize or have any concerns about billing, please contact us immediately so we can investigate and rectify any potential issues.

By using our site and opting in to one-click payments, you acknowledge that you authorize these pre-authorized charges as explained above. This feature is designed to enhance your experience by simplifying the checkout process. You retain control and can withdraw from the one-click arrangement at any time by disabling it or removing your saved payment method, as described. Using one-click is not required to use our Platform – it’s provided for your convenience.

Data Sharing and Disclosure

We treat your personal data with care and confidentiality. We do not sell or rent your personal information to third parties for their own marketing use. However, in order to provide our services and comply with legal requirements, we may share your personal data with certain trusted third parties, as detailed below:

• Affiliated Entities and Partners: DNX Network may share data with affiliated companies or partner organizations that are involved in providing the webcam services you access. For example, if our Platform allows you to view webcam content provided by third-party performers or studios (our “DNX Network partners”), we may need to share certain information with those partners to enable the service – such as confirming your subscription or access rights to a show, or providing your username so a performer knows who is in their session. These partners are only allowed to use your data for the purpose of providing the services and must handle the data securely and in accordance with applicable data protection law.
• Service Providers (Processors): We use third-party companies to help us operate the Platform and deliver our services on our behalf. These third parties act as “data processors” under our instructions and include:
  • Payment Processors: External payment processing companies handle transactions for us. They receive the necessary personal and financial data to process your payments (for example, your card details, name, billing address, and the purchase amount). Our primary payment providers are PCI-compliant and may be located in the EU (for instance, some payment infrastructure may operate via providers in Malta or other EU countries) or outside of it. They are contractually obligated to safeguard your information and use it only for payment processing.
  • Data Hosting and Storage Providers: We host our Platform and databases on secure servers provided by reputable companies. For example, our Platform’s data may be stored in a data center in EU which offers a secure environment with measures like access control, surveillance, and data backup. Our hosting providers act on our instructions, and all appropriate measures are taken to prevent unauthorized access to your data.
  • Analytics and Traffic Analysis Services: We use analytics services (like Google Analytics) to understand how users use our site. These services may set their own cookies or use similar technologies (with your consent) to collect usage information. For instance, Google Analytics (based in the EU through Google Ireland) helps us track website traffic and user interactions. Information shared with analytics providers is generally aggregated or pseudonymous (for example, we do not provide your name, but they might process your IP address and activity on our site). Google Analytics data is subject to Google’s stringent privacy and security commitments and is stored for a limited time (e.g., 24 months) for analysis purposes. All analytics providers we engage are bound by data protection agreements to handle data in compliance with GDPR.
  • Customer Support and CRM Tools: We may use third-party customer relationship management (CRM) software or support ticket platforms to manage customer inquiries and support requests. For example, we might use a cloud-based helpdesk system to track support tickets or a CRM database to organize user feedback. These tools may store data like your name, email, and support history. Some support or CRM providers are located outside Luxembourg (potentially in the United States or other countries), so if they process personal data, we ensure appropriate safeguards are in place (see “International Data Transfers” below). These providers only access your data to help us manage customer support and are contractually obligated to keep it confidential.
  • Marketing and Advertising Partners: If we conduct marketing campaigns or display advertising, we may work with partners or networks that assist in delivering relevant ads or promotional communications. For instance, we might use an email delivery service to send newsletters, or partner with advertising networks to show banners on their sites or third-party sites. If you have consented to advertising cookies, those cookies may share information about your browsing with our advertising partners to serve personalized ads. All such partners are required to comply with privacy laws, and where needed, we will obtain your consent before sharing data for these purposes.
• Law Enforcement and Legal Obligations: We may disclose personal data to law enforcement agencies, government authorities, or other third parties when we believe disclosure is necessary to comply with a legal obligation. This can include responding to subpoenas, court orders, or other legal process. We may also disclose your data if we believe it's necessary to investigate or enforce our terms and conditions, to protect our rights and property, to protect you or others from harm or illegal activities, or as evidence in litigation in which we are involved. For example, if law enforcement provides a lawful subpoena requesting information about users involved in suspected illegal activities, we are required to comply and will share the requested data (such as account information or chat logs relevant to the inquiry). In all cases, we will only share what is legally required and will object to overly broad requests to protect our users' privacy.
• Business Transfers: If DNX Network is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your personal data may be disclosed to our successors or potential buyers (and their advisors), as part of such a transaction. In any such event, we will ensure that your personal data remains subject to confidentiality protections, and if any changes to this Privacy Policy are needed post-transfer, you will be notified and, if applicable, asked for consent.

International Data Transfers: Whenever we transfer your personal data outside of the European Union/EEA, we will ensure that an adequate level of protection is in place as required by GDPR. Some of our service providers or partners are located in countries that do not have the same data protection laws as your country or the EU. In particular:

• Data stored in Switzerland (for example, if we use a Swiss data center or service provider for analytics or storage) is protected under Swiss law. The European Commission has recognized Switzerland as providing an adequate level of data protection, which means your personal data receives similar protection as under EU law.
• Data transferred to the United States or other countries outside the EU/EEA may not have been deemed “adequate” by the European Commission. In such cases, we rely on approved legal mechanisms to ensure protection of your data:
  • We may use the European Commission’s Standard Contractual Clauses (SCCs) in our contracts with the service provider. SCCs are standardized terms that legally bind the recipient to protect your data to EU standards.
  • In some cases, the provider might be certified under schemes like the EU-US Privacy Shield (note: the Privacy Shield was invalidated in 2020, so currently SCCs or similar safeguards are used instead).
  • We may also rely on other mechanisms allowed by GDPR, such as Binding Corporate Rules (for transfers within a corporate group) or, where applicable, your consent or the necessity of the transfer for contract performance (though we try to avoid relying on these except when other safeguards are not workable).

In all instances, we will take steps to ensure that any international transfer of personal data is carefully managed to protect your rights and interests. You can contact us for more information about the safeguards we have put in place for transfers of personal data outside the EEA or to obtain a copy of them.

No Commercial Sharing without Consent: We want to reiterate that we do not share your personal data with any third parties for their own marketing or advertising purposes unless you have given us your explicit consent to do so. Your trust is important to us, and we do not engage in selling or renting your personal information.

Data Storage and Security Measures

We understand the importance of keeping your personal data secure. We take appropriate technical and organizational measures to protect your data against unauthorized or unlawful processing and against accidental loss, destruction, or damage. These measures include:

• Secure Hosting: Your data is stored on secure servers. For example, our Platform is hosted in professional data centers in EU that implement high security standards. These facilities typically feature 24/7 monitoring, controlled physical access, fire protection systems, and redundant power and network systems to prevent outages. All personal data is stored in an environment designed to be secure, with safeguards to prevent unauthorized access.
• Encryption in Transit: We use encryption to protect data transmitted to and from our Platform. When you access our website, your browser connects via Secure Socket Layer (SSL) or Transport Layer Security (TLS), indicated by the “https://” in the URL and a padlock icon. This means any data you send to us (such as login credentials or payment information) is encrypted while it travels over the internet, so it cannot be easily intercepted by third parties.
• Payment Security: As described earlier, we do not store your full credit card details on our systems. When you enter payment information, it is handled by our external payment partners on their secure infrastructure. Our payment forms are designed so that sensitive data is sent directly to the payment processor. The processor then provides us with a token or reference for the transaction. We implement this to comply with PCI-DSS requirements and to minimize the sensitive data that resides in our own databases. Additionally, any communication between our Platform and the payment gateway is encrypted for safety.
• Access Controls and Confidentiality: Within DNX Network, access to personal data is restricted to employees and contractors who need that information to process it for us (on a need-to-know basis) and who are subject to strict contractual confidentiality obligations. For example, a customer support agent may have access to your account info to assist you, but not to your payment details which we do not store. Our staff are trained on data protection principles and we regularly review who has access to what data.
• Password Protection: Your account password is stored securely. We use one-way encryption (hashing, and additional salting and iterations where appropriate) so that the actual password cannot be read from our database. Even our own administrators cannot retrieve your plaintext password. We only use it to verify your login by comparing the hash. It’s important that you choose a strong, unique password for your DNX Network account to prevent unauthorized access. We also encourage you not to share your password with anyone. If you suspect any unauthorized access to your account, change your password immediately and contact support.
• Account Security Features: To further protect your account, we may employ security features such as CAPTCHAs (to prevent automated login attempts) and login attempt limiting. For example, if there are several incorrect password attempts, the account might be temporarily locked or additional verification might be required (such as solving a CAPTCHA or receiving an email verification) before further attempts. This helps to deter brute-force attacks.
• Monitoring and Testing: We monitor our systems for potential vulnerabilities and attacks. Our technical team regularly updates the Platform’s software and applies security patches promptly when vulnerabilities are reported. We also use firewall and intrusion detection systems to guard our network. Additionally, we may perform periodic security audits, vulnerability scans, or penetration testing (sometimes using external specialized firms) to identify and fix potential weaknesses.
• Data Minimization and Pseudonymization: We follow the principle of data minimization – we only collect and retain the personal data that is necessary for the purposes described in this Policy. Whenever feasible, we use pseudonymized or aggregated data instead of directly identifiable data. For example, for analytics we might use data that is aggregated or anonymized so it cannot be linked back to individual users, or we might replace identifiers with codes in certain internal processes.
• Secure Data Deletion: When personal data is no longer needed (or upon your request, if applicable), we delete or anonymize it using secure methods. For digital data, deletion involves removing the data from our active databases, and our archival and backup systems are configured to eventually overwrite or securely purge obsolete data as well. Physical documents (if any) containing personal data are shredded or incinerated securely.
• Third-Party Security Measures: In cases where your information is handled by third-party service providers (as discussed in the Data Sharing section), we ensure through contracts that those providers also implement appropriate security measures. For example, our payment processors and hosting providers must maintain high levels of security (often evidenced by certifications like PCI compliance for payments or ISO 27001 for data centers).
• Incident Response: We have a data breach response plan in place. Despite best efforts, no system can be 100% secure, so if a security breach were to occur, we will act promptly to mitigate the issue. In the event a data breach is likely to result in a high risk to your rights and freedoms (for example, a breach that could lead to financial loss or identity theft), we will notify you and the relevant supervisory authority (such as Luxembourg’s CNPD) as required by GDPR. We would also inform you of steps to protect yourself, if applicable.

While we strive to protect your personal data, it’s important to note that no method of transmission over the Internet, and no method of electronic storage, is completely secure. You should also play a part in safeguarding your information. Always log out of your account when using a shared device, and avoid sending sensitive information via email or other insecure channels.

Cookies and Tracking Technologies

Our Platform uses cookies and similar tracking technologies to ensure the website functions properly, to enhance your user experience, to analyze traffic, and to support our marketing efforts. This section explains what cookies are, which types we use, and what choices you have in relation to them.

What Are Cookies? Cookies are small text files placed on your device (computer, smartphone, etc.) by websites that you visit. They are widely used to make websites work, or work more efficiently, as well as to provide information to the site owners. Cookies allow the website to recognize your device and remember information about your visit (e.g., your preferred language or login status). Other tracking technologies similar to cookies include web beacons (small graphic images also known as “pixel tags” or “clear GIFs”), scripts, or device identifiers – but for simplicity, we refer to all of these as “cookies” in this Policy.

Cookies We Use: DNX Network uses both first-party and third-party cookies for various purposes:

• Essential Cookies (First-Party): These cookies are set by us (DNX Network) and are necessary for the website to function correctly. They enable core features such as user login and account management, session identification, security, and network management. Without these cookies, services you have asked for (like remembering your login or items in your cart) cannot be provided, and the site might not perform as expected. For example, when you log in, our server sets a session cookie to keep you logged in as you navigate between pages. We also use cookies to record your cookie consent preferences so that the site knows which optional cookies you have allowed or declined. Essential cookies are generally stored only for the duration of your session or for a limited time (for instance, an essential cookie might expire after a few hours or when you close your browser). Some preference cookies may last longer (e.g., a cookie remembering your language or volume settings might persist for several months so you don’t have to set it every time).
• Analytics Cookies (Third-Party): We use analytics and performance cookies to collect information about how users interact with our site. This helps us improve the way our website works. For example, we use Google Analytics, which sets cookies to collect information about traffic and usage patterns. These cookies might track things like how many users visited a page, how long they stayed, how they navigated through the site, and what actions they took. The data collected is aggregated and anonymized; it does not identify you personally. For instance, Google Analytics provides reports that might tell us “X number of users visited the signup page this week” or “the average time on site is Y minutes”. We use this information to understand which pages are popular, to spot trends in usage, and to improve the site’s structure and content. Google Analytics cookies typically remain on your device for a set period (e.g., the cookie “_ga” may persist for 2 years unless you delete it, whereas “_gid” might persist for 24 hours) – these durations are controlled by Google. We have configured Google Analytics to anonymize IP addresses where applicable, and we do not send Google any personally identifiable information through their analytics platform.
• Advertising Cookies (Third-Party): With your consent, we and our advertising partners may use advertising cookies and similar trackers to deliver relevant ads to you. These cookies record information about your visit to our site and elsewhere, such as pages you’ve viewed, links you’ve clicked, and things you’ve shown interest in. The goal is to tailor advertisements that might be of interest to you (both on our Platform and on other websites or apps). For example, if you visit our Platform and browse certain webcam categories, we or our ad partners might show you ads related to similar content on our site or remind you of services you viewed. Advertising cookies also help ensure that you don’t see the same ad too many times and help us measure the effectiveness of advertising campaigns. These cookies are usually placed by third-party advertising networks with our permission. They may collect data about your online activities over time and across different websites. The information collected through these cookies is used to create a profile of your interests, so that advertising can be made more relevant. If you do not allow these cookies, you will experience less targeted advertising (but you may still see generic ads).
• Social Media Cookies: Our Platform may integrate certain social media features like sharing buttons or login via social accounts. If you interact with these features, the companies behind them (such as Facebook, Twitter, or Google) may set cookies on your device. These cookies can recognize you as a user of that social network and may link the content you’ve interacted with on our site to your profile on their platform. This can be used (subject to your settings on those platforms) to, for example, provide you with content via the social network or to serve targeted advertising. Social media cookies are typically set by the social media provider even while you’re on our site, and they may continue to track your browsing on other sites that embed their content. We do not control these cookies; please refer to the privacy policies of the respective social platforms for details on what they collect and how they use it. We will only integrate such features if it’s useful to users, and you will have the choice whether to use them or not.

Cookie Consent and Choices: When you first visit our site, you will see a cookie banner or notice that informs you about our use of cookies and asks for your preferences. Except for essential cookies that are strictly necessary for the site to function, we will not set cookies on your device without your consent. You can choose to accept all cookies, reject non-essential cookies, or customize your preferences via informing us of your choice.

If you accept certain categories of cookies (like analytics or advertising), those will be enabled; if you decline them, we will either not set them or will disable them. You can change your cookie preferences at any time by contacting us.

Additionally, most web browsers allow you to control cookies through their settings. You can usually set your browser to notify you when cookies are being set or updated, or to block cookies altogether. However, please note that if you block or delete all cookies (including essential cookies) via your browser, some features of our site might not function properly. For instance, you might not be able to log in or remember your preferences.

To manage cookies via your browser, you can typically find the settings in the “Options” or “Preferences” menu of the browser. Here are some useful links for major browsers:

• Google Chrome – See Chrome’s instructions for managing cookies.
• Mozilla Firefox – See Firefox’s instructions for cookies and site data settings.
• Safari (Desktop) – See Apple’s guide on how to manage cookies in Safari.
• Safari (iOS) – See instructions for blocking cookies on iPhone and iPad.
• Microsoft Edge – See how to clear and control cookies in Edge.
• Internet Explorer – See Microsoft’s guide (for older IE versions).
• Opera – See Opera’s help on managing cookies.

“Do Not Track” Signals: Some browsers have a “Do Not Track” (DNT) feature that lets you tell websites you do not want to be tracked. At present, no uniform standard has been adopted to interpret DNT signals. However, our site honors your cookie preferences set through our cookie banner and browser settings. If you have disabled analytics and advertising cookies through our consent tool, those will remain disabled regardless of DNT. You can use these tools to fine-tune your tracking preferences. We will continue to monitor developments around DNT browser technology and standards and will adjust our practices as appropriate.

Cookie Policy Updates: For more detailed information about our use of cookies and a list of specific cookies in use, please refer to our Cookie Policy page (if available) or the cookie consent tool details. We will update information about cookies as our usage changes, so you can always find the latest information there.

Remember, you have the right to decide whether to accept cookies (aside from those strictly necessary for the service). Your experience may change depending on your choices, but we respect each user’s decision and provide the above options to support your privacy preferences.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements. This section outlines how long we typically keep different types of data:

• Account Information: We keep the personal data associated with your account for as long as your account is active. This includes information like your registration details, profile information, and account settings. If you decide to delete your account or if your account becomes inactive over time, we will initiate the deletion or archiving process for your personal data. Generally, if an account has been completely inactive (no logins or activity) for about eight (8) years, we will designate it as inactive. At that point, we may archive the account data for an additional period before final deletion. Archiving means the data is removed from the active user database but is stored in a secure, restricted-access archive (see next point) for a certain time in case it’s needed for legal or operational reasons.
• Archived Data: When we archive account data (for example, after eight years of inactivity or upon your account deletion request), the data is moved to a separate storage with limited access. Archived data is retained for a period to meet legal requirements or to resolve disputes. In many cases, this archiving period is an additional two (2) years beyond the active retention, making a total of ten years from last user activity. This period aligns with common statutes of limitation (the timeframe in which legal claims can be brought) in Luxembourg and many EU countries. During the archive period, your data is not readily accessible on the Platform but may be retrieved internally if needed for legal reasons, security, or to process an account reactivation if you return. After the archive period expires, the data is permanently deleted or anonymized (unless further retention is required by law).
• Payment and Transaction Records: We are required by law to retain certain financial and transaction records for a longer period. Transaction data (such as records of purchases, amounts, dates, and payment methods used) will be kept for at least ten (10) years, as mandated by Luxembourg accounting and tax regulations. This ten-year retention period may extend beyond the closure of your account, but this data is kept in secure storage and is only used for purposes of audit, tax compliance, and addressing any later questions about those transactions. After this period, such records will be deleted or anonymized, provided they are no longer needed for ongoing legal proceedings or audits.
• Communications and Support: If you contact customer support or otherwise communicate with us (via email, support ticket, or chat), we retain those communications and our responses for a reasonable period. Typically, support correspondence is kept for around 3 to 5 years after your inquiry is resolved. We keep this information to have context if you reach out again, to train our support team (anonymously, where possible), and to monitor and improve our customer service. If a particular communication might have legal significance (for example, a complaint that leads to an account action, or evidence of harassment), we might retain it as long as needed to protect legal rights (which could be up to the statute of limitations or longer if related to an ongoing legal case).
• Usage Logs: Our server logs and system logs (which can include IP addresses, login timestamps, pages accessed, and other usage details) are generally retained for a short duration for performance tuning and security monitoring – often a few months. However, certain logs that are tied to user accounts (like login history, IP logs associated with your account activity) may be retained for a longer period, typically up to 8 years, similar to account data. This helps us investigate security incidents or fraud even after some time has passed. After that point, these logs may be either deleted or anonymized (e.g., we might keep general statistics but remove identifying IP addresses).
• Chat and Content Data: If our Platform provides chat rooms, messaging, or user-generated content (UGC) features and you participate in those, the data (messages, posts, images, etc.) might be stored for the benefit of participants and for community safety. Generally, public UGC remains available as long as the context is relevant (for example, chat messages in a group might remain for members to see history). If you delete your account, we typically either delete or anonymize content you have posted (for instance, your username might be removed from past messages, or the messages might be deleted, depending on the feature). Private communications (like direct messages) are usually accessible to the communicating parties and stored for a limited time for their reference and in case of disputes. We have policies to routinely cleanse older chat logs or messages that are no longer needed. Specific retention for these can vary: for example, we might keep chat logs for the needed period for safety moderation and then purge them, unless flagged for review.
• Cookies: Cookies on your device remain until they expire or you delete them. As mentioned earlier, some cookies persist for months or years (unless cleared), while session cookies expire when you close your browser. On our side, any data derived from cookies (like analytics reports) is kept according to those respective purposes. For example, Google Analytics data is kept for 26 months in Google’s systems (per our settings) before being automatically deleted by Google.

Once the applicable retention period has elapsed, we will either delete your personal data or anonymize it (so that it can no longer be associated with you). For example, we might aggregate data for statistical purposes, at which point it ceases to be personal data.

In some cases, if you request it, we may delete data earlier. For instance, if you exercise your right to erasure (right to be forgotten) and no exceptions apply, we will remove the data as requested even if our typical retention period wouldn’t yet be over. (See Your Rights below for more information on deletion requests.)

Retention for Legal Compliance and Protection: Please note that sometimes we may need to retain information for longer than the periods stated above if required to comply with legal obligations or to protect our legal interests. For example, if we receive a legal hold notice related to your account (perhaps because of a dispute or investigation), we will preserve relevant information until the issue is resolved and we are cleared to delete it. Similarly, if we believe that you were involved in wrongdoing (like fraud or violation of our terms), we might retain certain data as evidence, even after account deletion, to cooperate with law enforcement or pursue or defend against legal claims.

We always assess data retention on a case-by-case basis, considering the context and purpose of each piece of data, the sensitivity of the data, the potential risk of harm from unauthorized use or disclosure, and the applicable legal requirements. Our goal is to not hold data in identifiable form for longer than necessary.

Your Rights as a Data Subject

As a user of our Platform, and as a data subject under applicable data protection law, you have certain rights regarding your personal data. Below is an overview of those rights and how you can exercise them. Please note that these rights are subject to certain conditions and exceptions under the GDPR and local laws.

• Right to Access: You have the right to obtain confirmation as to whether or not we are processing personal data about you, and if so, to request access to that personal data. This is often called a “Data Subject Access Request.” It entitles you to receive a copy of the personal data we hold about you and information on how we use it, including: the purposes of processing, the categories of data, the categories of recipients with whom we have shared the data, the retention period (or criteria to determine it), and the safeguards in place if we transfer it internationally. Most of your basic account data is available by logging into your account (for example, you can see your profile info, preferences, and transaction history on our site). For anything not readily available or for a complete export, you can contact us (see Contact Us below) to make an access request. We will provide the information in a commonly used electronic form unless you request otherwise. Please note we may need to verify your identity (for instance, by confirming you have access to the email associated with your account) before providing a detailed response to ensure we don’t give your data to an unauthorized person.
• Right to Rectification: You have the right to have inaccurate personal data corrected and incomplete data completed. If you find that any of your information with DNX Network is incorrect (for example, you’ve changed your email or you notice a typo in your name or address), you can typically update it yourself via your account settings. If for some reason you cannot change it (say, you can’t change your username or you need assistance updating something), you can contact us and we will correct it promptly. We want to ensure we have accurate data about you, so please let us know if any of your details change during your relationship with us.
• Right to Erasure (Right to be “Forgotten”): You have the right to request the deletion of your personal data in certain circumstances. This isn’t an absolute right, but we will honor it if:
  • The personal data is no longer necessary for the purposes for which it was collected or processed.
  • You withdraw consent for a specific processing (and we have no other lawful basis to continue processing).
  • You have exercised your right to object (see below) to processing that we conduct based on legitimate interests, and we have no overriding legitimate grounds to continue.
  • We have processed your personal data unlawfully (in breach of GDPR).
  • The data must be erased to comply with a legal obligation to which DNX Network is subject.

  In practice, this means if you want to delete your account and all associated personal data, you can make such a request. The easiest way might be using any “Delete my Account” feature on our site in the Account section, which will guide you through the process. Alternatively, you can contact us directly to request erasure. We will then remove or anonymize the personal data we have about you (and instruct our processors to do the same) unless an exception applies. Common exceptions include situations where we need to keep the data to comply with a legal obligation (e.g., we cannot delete your transaction records earlier than the law requires), or to establish, exercise, or defend legal claims. If that’s the case, we will let you know what we can delete vs. what we must retain and why.

• Right to Restrict Processing: You have the right to request that we limit the processing of your personal data under certain circumstances. This means that we would mark the data so that it is only used for certain purposes. You can request restriction if:
  • You contest the accuracy of the personal data – for a period enabling us to verify the accuracy of the data and correct it if needed.
  • The processing is unlawful, and you oppose erasure and request restriction instead (for example, you want us to just store the data but not otherwise use it).
  • We no longer need the personal data for the purposes of processing, but you need it for the establishment, exercise, or defense of legal claims (for instance, you are in a dispute with us or another user and you want us to retain data as evidence).
  • You have objected to processing (see the next point) and we are in the process of verifying whether our legitimate grounds override yours.

  When processing is restricted, we will store your data but not use it (other than to keep it safe, and, if necessary, to inform any processor not to use it as well) unless you consent or further use is required for legal reasons. We will inform you before lifting any such restriction. For example, if you disputed the accuracy of some data and we restricted processing, once we verify the data (or correct it) we would let you know and then resume normal processing.

• Right to Object: You have the right to object to our processing of your personal data when that processing is based on legitimate interests (or performed in the public interest or in exercise of official authority). You need to give reasons relating to your particular situation to justify the objection, unless the objection is to direct marketing (see below). If you make such an objection, we will stop processing the personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or unless we need to continue processing for the establishment, exercise, or defense of legal claims.
• Right to Object to Direct Marketing: This is an absolute right. If you no longer wish to receive direct marketing communications from us (such as promotional emails, newsletters, or SMS messages), you can object at any time and we will stop using your data for that purpose. You can exercise this most easily by using the “unsubscribe” link in any marketing email, by adjusting your account communication preferences (e.g., unchecking certain communication options in your account settings), or by contacting us to opt out. Once you object or unsubscribe, we will promptly remove you from our marketing lists. Please note that even if you opt out of marketing, we may still send you transactional or service messages (like payment receipts, account alerts, or responses to your inquiries), as those are not marketing communications.
• Right to Data Portability: You have the right to receive certain personal data in a structured, commonly used, machine-readable format and to have that data transmitted to another controller, where technically feasible. This right applies to personal data that you have provided to us, when the processing is based on your consent or on a contract, and when the processing is carried out by automated means. In simpler terms, this right allows you to take your data that we have and re-use it elsewhere. For example, if you wanted to switch to a different service that offers similar features, this right might let you move your own data over to the new provider. To exercise data portability, you can contact us and specify which data you would like to port. We will provide it in a machine-readable format (likely a CSV, JSON, or XML file). Note that this right does not apply to data that is inferred by us or derived through our analysis (for instance, internal risk scores or profiles we generate may not be covered), and it also doesn’t apply when it would adversely affect the rights of others (e.g., we wouldn’t include someone else’s personal data in the file without their consent).
• Right to Withdraw Consent: Where we rely on your consent to process personal data, you have the right to withdraw that consent at any time. For example, if you gave consent for receiving marketing emails, you can withdraw by unsubscribing. If you consented to optional cookies, you can withdraw by changing your cookie settings and clearing cookies. Withdrawing consent will not affect the lawfulness of processing that was based on consent before its withdrawal. Also, if you withdraw consent for a service or feature that requires it, you may not be able to continue using that service or feature (for instance, if you withdraw consent for one-click payment token storage, we will remove your stored tokens and you’d need to enter payment details manually for transactions). We will inform you if this is the case at the time of withdrawal so you can make an informed decision.
• Right to Set Post-Mortem Instructions: Under certain jurisdictions (for example, France’s data protection law), individuals may set instructions for what should be done with their personal data after their death. While GDPR does not govern personal data of deceased persons, DNX Network will honor such instructions to the extent applicable. You may have the option to let us know (in writing) how you’d like your account and data handled in the event of your death – whether you want it deleted, transferred to someone, or if you want certain content to be passed on to specific people. We will securely keep these instructions on file (you might also register them with a trusted third party or in a will). If we learn of a user’s passing, and we have no instructions, we will handle their data in accordance with local laws and our internal policies (typically, we would close the account and delete personal data after verifying the report of death, unless legally required to retain it). For example, Luxembourg law may permit next of kin to request deletion or access to data under certain conditions, and we would comply with such laws.

To exercise any of the rights above, please contact us using the information in the Contact Us section. We will need to verify your identity adequately before fulfilling your request (this is to protect your data from unauthorized access or deletion by someone else). Typically, if you are making the request via the email associated with your account, that is sufficient verification. In some cases, we might ask for additional proof of identity, especially for sensitive or extensive requests. We will respond to your request as soon as we can and at the latest within one month of receiving it. If your request is complex or if we have received many requests, we may extend this period by up to two additional months, but we will inform you about the delay within the first month and explain why it’s necessary.

There is normally no fee for exercising your rights. However, if a request is clearly unfounded or excessive (for example, repetitive requests), we may either charge a reasonable fee (based on the administrative cost of providing the information or taking the action requested) or we may refuse to act on the request. If we refuse, we will provide you with a clear explanation of our reasons and inform you of any further recourse you may have (such as contacting the supervisory authority).

Right to Lodge a Complaint: In addition to the rights above, if you believe we have not complied with data protection laws, you have the right to lodge a complaint with a supervisory authority. In Luxembourg, that is the National Commission for Data Protection (CNPD). You can find their contact details on their official website (for example, at the time of this writing, the CNPD’s site is cnpd.public.lu). The CNPD’s address is 15, Boulevard du Jazz, L-4370 Belvaux, Luxembourg. If you reside or work in another country, you may contact your local data protection authority instead, and they can coordinate with CNPD. We would appreciate the opportunity to address your concerns directly before you reach out to a regulator, so please feel free to contact us with any complaint and we will do our best to resolve it promptly and transparently.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please do not hesitate to contact us. We are here to help.

DNX Network S.à r.l. (Privacy Team)
42 Rue de Hollerich, L-1740 Luxembourg, Luxembourg
Email: data @ dnxnetwork . lu

This email is dedicated for privacy and data protection inquiries – such as questions about your data, requests to exercise your rights (access, deletion, etc.), or any concerns about privacy on our Platform. You can also write to us at the postal address above (please mark the letter “Attn: Privacy” so it gets to the right team).

For general support issues unrelated to privacy (like technical assistance, billing questions, or content inquiries), you can contact our customer support at support @ dnxnetwork.lu.

We will endeavor to respond to all legitimate requests within a reasonable timeframe. For data access or deletion requests, as mentioned in Your Rights, this will typically be within one month. If you have a question about this Privacy Policy or our practices, we will try to get back to you as quickly as possible.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. If we make changes, we will post the updated policy on this page and change the “Last Updated” date at the end of this policy. If the changes are significant, we will provide a more prominent notice (such as a notification on our website or an email notification, where appropriate) to inform you of such changes.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your personal data. It’s important that you understand our current practices and your rights.

In cases where we need your consent for a change (for example, if we plan to use your personal data for a new purpose that wasn’t covered by this policy and isn’t otherwise legally permitted), we will obtain your consent. For other changes, continuing to use the Platform after we update the policy will signify acceptance (to the extent permitted by law).

If you disagree with any changes to this Privacy Policy, you should stop using our services and, if you wish, delete your account and/or inform us of your concerns. We will of course assist you with any questions or issues relating to a proposed change.

Last Updated: June 5, 2025