Marketing Consent

by

1. Objective

This policy defines how PIL collects, manages, and uses customer data for marketing purposes. Our goal is to ensure all marketing activities are conducted with explicit user consent, maintaining transparency and regulatory compliance across the EEA.

2. General Principles (MiCAR & GDPR Alignment)

All marketing communications must be:

  • Identifiable: Clearly marked as “Marketing” or “Commercial Communication.”
  • Fair and Non-Misleading: Information must be consistent with the White Papers and Terms of Use.
  • Consent-Based: Based on a freely given, specific, informed, and unambiguous indication of the user’s wishes.

3. Consent Collection (The “Opt-In” Rule)

PIL will not send marketing materials unless the user has actively opted in.

  • No Pre-ticked Boxes: Marketing consent checkboxes on the registration page must be unchecked by default.
  • Granular Consent: Users should be able to choose between different channels (e.g., Email, SMS, Push Notifications) and types of content (e.g., Newsletters, Product Updates, Third-party Promos).
  • Separation of Terms: Marketing consent must not be bundled with the acceptance of the Terms and Conditions or the Privacy Policy.

4. Content Requirements (MiCAR Art. 7)

All marketing materials directed at users in Ireland, Germany, France, and Lithuania must include:

  • Risk Warning: A prominent statement: “Investing in crypto-assets involves significant risks and may result in the loss of your invested capital.”
  • Consistency: Marketing content must not contradict information provided in our regulated filings (e.g., the Custody Framework).

5. The Right to Withdraw (Opt-Out)

  • Easy Revocation: Users must be able to withdraw consent at any time as easily as they gave it.
  • “One-Click” Unsubscribe: Every marketing email must contain a functional “Unsubscribe” link.
  • Preference Center: A dedicated section in the End User Portal where users can manage their marketing settings.

6. Records of Consent

PIL shall maintain a Consent Ledger to prove compliance in the event of an audit by the Data Protection Commission (DPC) or CBI. This ledger will record:

  • Who consented;
  • When they consented;
  • What they were told at the time (version of the policy);
  • How they consented (e.g., timestamp and IP address).