This Policy sets out how Hazelbit SRL protects personal and business data collected through its Services and how we respond to data breaches in line with GDPR (EU 2016/679) and international best practices (ISO 27001 principles).
This Policy applies to:
All personal data processed by Hazelbit (customers, partners, employees)
All Hazelbit systems (website, mobile apps, hosted wallets, blockchain integrations)
All third-party processors and sub-processors handling Hazelbit data
Hazelbit implements the following technical and organizational safeguards:
All data in transit (TLS 1.3) and at rest (AES-256)
Role-based access, MFA for staff, least-privilege principle
Continuous logging of system access and suspicious activities
Encrypted daily backups, stored in EU data centers
Customer data logically separated per system
Redundant infrastructure with disaster recovery plan
Annual security and GDPR awareness training
Security due diligence on all sub-processors
Acceptable Use Policy, AML/KYC Policy, and Internal IT guidelines
Dedicated DPO & Security Officer
β’ Only necessary data is collected (identity, wallet info, contact, billing).
β’ Data is kept for the minimum period required by law or service needs.
β’ Blockchain records (TxIDs, wallet addresses) are permanent and immutable; Hazelbit discloses this at registration.
A data breach means any accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data.
Examples:
β’ Unauthorized access to customer database
β’ Loss/theft of devices with unencrypted data
β’ Successful cyberattack (malware, ransomware, phishing)
β’ Human error causing public disclosure
Hazelbit follows a structured 4-step response:
Detect and confirm breach
Isolate affected systems, limit damage
Analyze scope, type of data, number of data subjects
Inform stakeholders and fix vulnerabilities
In line with Art. 33 GDPR:
Hazelbit will notify the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) within 72 hours of becoming aware of a breach, unless unlikely to pose a risk.
If the breach poses a high risk to individuals, Hazelbit will also notify affected data subjects without undue delay via email.
β’ Nature of breach
β’ Categories and number of data subjects affected
β’ Likely consequences
β’ Measures taken or proposed to mitigate
Hazelbit requires all sub-processors (e.g., hosting, payments, blockchain partners) to:
Maintain industry-standard security
Report breaches to Hazelbit immediately (within 24h)
Cooperate fully in incident investigations
β’ Keep their account credentials secure
β’ Report suspected account breaches to Hazelbit at info@hazelbit.ro
β’ Avoid phishing and social engineering risks
Hazelbit reviews its security policies annually or after any significant incident. Independent audits or penetration tests may be conducted periodically.
For security or breach concerns:
Hazelbit SRL β Data Protection & Security
Str. FΓ’ntΓ’nilor 43, Bl. B14, Ap. B39, IaΘi, Romania
Email:info@hazelbit.ro