Choose your appropriate geographic jurisdiction.
THIS IS AN IMPORTANT DOCUMENT.
PLEASE READ IT CAREFULLY AND KEEP IT FOR FUTURE REFERENCE.
The terms and conditions contain important information which apply to your dealings with us in relation to the Services (as defined in this document). You should read this document carefully and keep it for future reference. Different terms and conditions may apply in relation to specific services offered by us. Any such terms and conditions are additional to the terms set out in this document.
Certain risks relating to the Services are described in this document; however, this document does not disclose or discuss all of the risks, or other significant aspects, of conducting transactions or of the transactions conducted. You should not construe these or any other statements as legal, tax or financial advice.
We are not acting as your financial advisor and you must not regard it as acting in that capacity. You should consult your own independent professional advisors before entering into any transaction and only enter into a transaction if you have fully understood its nature, the contractual relationship into which you are entering, all relevant terms and conditions and the nature and extent of your exposure to loss.
If you have any questions about this document, or in the event of any service difficulties or interruptions, please contact us using the details below.
Effective Date: September 2025 (Version 1.0)
ENTERING INTO ANY DIGITAL ASSET RELATED TRANSACTIONS INVOLVES A HIGH DEGREE OF RISK. THE VALUE OF DIGITAL ASSETS MAY NOT BE BACKED OR SUPPORTED BY ANY GOVERNMENT. DIGITAL ASSETS MAY SUFFER SIGNIFICANT VOLATILITY IN VALUE. IN PARTICULAR, THE PROVIDER DOES NOT GUARANTEE THAT THE VALUE OF ONE WRAPPED TOKEN WILL ALWAYS EQUAL ONE WRAPPABLE NATIVE TOKEN ON ANY EXCHANGE OR OTHER PLATFORM. DUE TO A VARIETY OF FACTORS OUTSIDE OF THE PROVIDER’S CONTROL, THE VALUE OF WRAPPED TOKENS ON ANY PARTICULAR EXCHANGE OR OTHER PLATFORM COULD FLUCTUATE ABOVE OR BELOW ONE WRAPPABLE NATIVE TOKEN. ALTHOUGH A WRAPPED TOKEN WILL BE REDEEMABLE IN ACCORDANCE WITH THIS AGREEMENT FOR ONE WRAPPABLE NATIVE TOKEN LESS ANY APPLICABLE FEES, THE PROVIDER CANNOT CONTROL HOW THIRD PARTIES QUOTE OR VALUE WRAPPED TOKENS, AND THE PROVIDER IS NOT RESPONSIBLE FOR ANY LOSSES OR OTHER ISSUES THAT MAY RESULT FROM FLUCTUATIONS IN THE VALUE OF WRAPPED TOKENS. YOU ARE ADVISED TO CAREFULLY CONSIDER THE RISK EXPOSURE AND ACT CAUTIOUSLY. YOU MUST HAVE THE FINANCIAL ABILITY, SOPHISTICATION, EXPERIENCE, TOLERANCE AND WILLINGNESS TO BEAR THE RISKS OF ANY DIGITAL ASSET RELATED PRODUCTS OR SERVICES, AND A POTENTIAL TOTAL LOSS OF THE UNDERLYING ASSETS. A DIGITAL ASSET RELATED PRODUCT OR SERVICE IS NOT SUITABLE FOR EVERY PERSON. PLEASE CAREFULLY REVIEW YOUR FINANCIAL SITUATION AND OBJECTIVES TO DETERMINE WHETHER SUCH PRODUCT OR SERVICES IS SUITABLE FOR YOU. YOU ARE RECOMMENDED TO SEEK INDEPENDENT LEGAL AND FINANCIAL ADVICE BEFORE TAKING ANY INITIATIVE IN CONNECTION WITH THE INFORMATION SET OUT HEREIN.
YOU ARE RESPONSIBLE FOR DETERMINING WHETHER THE TRANSACTIONS CONTEMPLATED BY THIS AGREEMENT ARE LEGAL IN YOUR JURISDICTION AND YOU SHALL NOT ENTER INTO ANY SUCH TRANSACTIONS IF ANY ASPECT OF SUCH TRANSACTIONS IS ILLEGAL IN YOUR JURISDICTION. IF YOU ARE UNCERTAIN, PLEASE SEEK INDEPENDENT LEGAL ADVICE.
“Applicable Law” means, in respect of any person, asset or activity, any and all laws, statutes, ordinances, treaties, regulations, rules, judgments, orders, decrees, rulings, charges, guidelines and requirements of any government or quasi-government (including supranational organisations), any agency, authority, regulatory body or other instrumentality of any government or quasi-government, any court or any exchange or listing organisation that are, in each case, in effect from time to time and applicable to that person, asset or activity.
“Blockchain” means, with respect to any Digital Asset, a digital ledger in which transactions made with that Digital Asset are recorded.
“Digital Asset” means any digital representation of value or rights which may be transferred and stored electronically, using distributed ledger technology or other technologies.
“Event of Default” means:
“Fees” has the meaning given to it in Clause 4.
“Fee Supplement” means the fee supplement in such form as the Provider may determine;
“Hex Trust Custodian” means Hex Trust Limited, HEX TRUST MENA FZE or any of their affiliate(s) that provides custody services;
“Hex Trust Wallet” means the “Wallet” as defined in the terms and conditions relating to the custody services provided to you by a Hex Trust Custodian;
“Inbound Transfer” means the sending by you of Digital Assets to a Hex Trust Wallet from an external wallet not hosted by any Hex Trust Custodian;
“Indemnified Parties” means Indemnified Parties under Clause 9.1.
“Outbound Transfer” means a transfer of Digital Assets from your Hex Trust Wallet to an external wallet;
“Parties” means the Counterparty and the Provider and “Party” means either one of them.
“Services” means the wrapping and unwrapping services provided by the Provider in accordance with this Agreement;
“Travel Rule” has the meaning given to it in the Financial Action Task Force’s Updated Guidance for a Risk-Based Approach for Virtual Assets and Virtual Asset Service Providers issued October 2021, as amended, updated, supplemented, restated or replaced from time to time.
“Wrappable Native Tokens” has the meaning given to it in Clause 3.1.
“Wrapped Token” has the meaning given to it in Clause 3.2.
For the Services, you shall pay all fees, charges, costs and other amounts to the Provider set out in the Fee Supplement (the “Fees”). The Fee Supplement shall be delivered by the Provider to you on or promptly after your onboarding to the Platform, and may be amended from time to time by the Provider on written notice to you. All Fees are non-refundable, regardless of whether this Agreement is terminated (with or without cause). Fees may be deducted directly from Wrapped Tokens or Wrappable Native Tokens in connection with any wrapping or unwrapping transaction.
The Counterparty represents and warrants to the Provider that:
The Counterparty understands and acknowledges that:
Each Party shall comply, at its own expense, with all Applicable Laws with respect to this Agreement. If the Counterparty receives any notice or becomes aware of any violation of any Applicable Law with respect to this Agreement, the Counterparty shall promptly notify the Provider of such notice or violation.
Notwithstanding any provision of this Agreement to the contrary, but subject to the provisions of Clause 24, where the Provider is for the time being subject to any regulatory requirements under any Applicable Law in relation to its dealings with the Counterparty under this Agreement, the rights and obligations of the Provider under the provisions of this Agreement shall be read and construed to the greatest extent permitted by, and in accordance with such regulatory requirements.
The Counterparty acknowledges and agrees that the Provider has not acted and is not acting as a fiduciary or a professional advisor of the Counterparty and has not provided (or held itself out as providing) to the Counterparty recommendations or advice with respect to any particular financial or investment decisions or advice (including legal, tax or investment advice) of any other nature. Nothing in this Agreement shall be deemed or is intended to be deemed, nor shall it cause, the Counterparty and the Service Provider to be treated as partners, joint ventures, or otherwise as joint associates for profit.
Except as otherwise provided in this Agreement, all requests, demands, notices or other communications (“Notices”) between the Parties, shall be delivered by email and/or such other means of communication as may be agreed between the Parties. Notices to the Provider shall be sent to the email address or other contact details as the Provider may specify to the Counterparty from time to time. Notices to the Counterparty shall be sent to the email address or other contact details on file with the Provider provided by the Counterparty or by posting to a page accessible by the Counterparty on the Platform. The Counterparty shall at all times ensure that correct and operational contact details for Notices to the Counterparty is on file with the Provider. Notices sent by email or other electronic method shall be deemed to be received immediately after transmission.
If any provision of this Agreement or part-provision of this Agreement is or becomes invalid, unenforceable or illegal, it shall be deemed modified to the minimum extent necessary to make it valid, legal and enforceable. If such modification is not possible, the relevant provision or part-provision shall be deemed deleted. Any modification to or deletion of a provision or part-provision under this Clause 21 shall not affect the validity and enforceability of the rest of this Agreement.
Except for an Indemnified Party or an affiliate or related party of the Provider as contemplated in Clause 18.1, a person who is not a party to this Agreement shall not have any rights under the Contracts (Rights of Third Parties) Act 1999 to enforce any term of this Agreement. Notwithstanding any term of this Agreement, the consent of any third person who is not a Party is not required to rescind or vary this Agreement at any time.
If this Agreement is translated into any language other than English, the English language text shall prevail.
This Agreement and any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with this Agreement or its subject matter or formation shall be governed by and construed in accordance with the law of England and Wales.
Your privacy is important to us. At Hex Trust (“we”, “us” or “our”), we are committed to protecting the privacy, confidentiality and security of the personal information we collect and hold by complying with the requirements under the Hong Kong Privacy (Data Protection) Ordinance (Chapter 486 of the Laws of Hong Kong) (“PDPO”). We are equally committed to ensuring that all our employees and agents uphold these obligations.
This policy explains how we manage personal information within our organisation. It applies to us and all of our related companies, affiliates and associates.
We collect personal information from you in the following circumstances: when you register an account with us; order products or services from us; subscribe to our newsletter; or complete any application form to us or submit a query or request to us. In some cases, we may be required by law to collect personal information about you. The personal information will generally be acquired through our channels, but we may however obtain information through a third party, such as representatives, agents or contractors who provide services to us, or third parties whom may refer you to us as they think you may be interested in our products or services.
The kinds of personal information that we collect and hold about you may include:
Without this information, we may not be able to provide you with our products or services (or with all of the features and functionality offered by our products or services) or to respond to queries or requests that you submit to us.
We use personal data that we collect about you for the following purposes:
EEA Residents: For individuals who reside in the European Economic Area (including the United Kingdom) or Switzerland (collectively “EEA Residents”), pursuant to Article 6 of the EU General Data Protection Regulation (GDPR) or any equivalent legislation (collectively “EEA Data Protection Law”), we process this personal information based on our contract with you to comply with our legal obligations, to satisfy our legitimate interests as described above and to satisfy on your consent.
We may share personal information about you with:
Under this privacy policy, you consent to your personal information being disclosed in such circumstances.
In some cases, the people to whom we disclose your personal information may be located overseas. There may not be in place data protection laws which are substantially similar to, or serve the same purposes as Hong Kong. As such, your personal information may not be protected to the same or similar extent as in Hong Kong.
We implement a variety of security measures to maintain the safety of your personal information when you place an order or enter, submit, or access your personal information.We offer the use of a secure server. All personal information provided to us is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our database, which can only be accessed by those with special access rights to our systems, and are required to keep the information confidential. We update these physical and technical security processes and procedures from time to time to address new and emerging security threats that you become aware of.
Yes, however your personal data will not be kept longer than required.
We may retain your personal information for a period of at least seven (7) years from the date on which we collect the information until the last transaction is completed with you or our relationship ends (whichever occurs last). At our discretion, we may retain personal data for longer than this period if we consider it necessary or desirable to do so to meet our legal or regulatory obligations.
Yes. If you want to access any of the personal information that we hold about you or to correct some aspect of it (e.g. because you think it is incomplete or incorrect), please contact us using the contact details set out below. To protect the integrity and security of the information we hold, we may ask that you follow a defined access procedure, which may include steps to verify your identity. In certain cases we may charge you an administration fee for providing you with access to the information you have asked for, but we will inform you of this before proceeding. There may be cases where we are unable to provide the information you request, such as where it would interfere with the privacy of others or result in a breach of confidentiality. In these cases we will let you know why we cannot comply with your request.
Even if you do not request access to and/or correct your personal data held by us, if we are satisfied that, having regard to the reasons for which we hold your personal data, that personal data is inaccurate, incomplete, out-of-date, irrelevant or misleading, we may take reasonable steps to correct that data.
Yes, we use cookies on our website/platform to monitor and observe your use of our websites, compile aggregate data about that use, and provide you with more effective service (which may include customising parts of our websites based on your preferences and past activities on those websites). “Cookies” are small text files created and stored on your hard drive by your internet browser software, in order to hold relevant information and the webpage you are currently viewing. Most internet browsers have a facility that will allow you to disable cookies altogether – please refer to your browser’s help menu to find out how to do this. While you will still be able to browse our websites with cookies disabled on your internet browser, some website functionality may not be available or may not function correctly.
Occasionally, at our discretion, we may include links to third party products or services on our website. These third-party sites have separate and independent privacy policies. Further, we do not verify their content. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.
By using our site, providing personal information and/or using any of our products or services, you agree that you consent to our privacy policy, as updated from time to time.
We may make changes to this policy from time to time, to take into account changes to our standard practices and procedures or where necessary to comply with new laws and regulations. The latest version of this policy will be available at kyc.hexcustody.com/privacy-policy.html
If you are a resident of the European Economic Area (the “EEA”), we are the controller with respect to your personal information. We determine the means and purposes of processing data in relation to e-wallet and cryptocurrency transactions.
Our legal bases for processing under General Data Protection Regulation are described above in the sections entitled “What do we use your personal information for?”. We may process your personal information if you consent to the processing, to satisfy our legal obligations, if it is necessary to carry out our obligations arising from any contracts we entered with you, or to take steps at your request prior to entering into a contract with you, or for our legitimate interests to protect our property, our rights or safety and our customers or others.
If you are a current customer residing in the EEA, we will only contact you by electronic means (email) with information about our services that are similar to those which were the subject of a previous sale or negotiations of a sale to you.
If you are a new customer and located in the EEA, we will contact you if you are located in the EU by electronic means for marketing purposes only if you have consented to such communication. If you do not want us to use your personal information in this way, or to pass your personal information on to third parties for marketing purposes, please contact us to opt-out immediately. You may raise such objection with regard to initial or further processing for purposes of direct marketing, at any time and free of charge. Direct marketing includes any communications to you that are only based on advertising or promoting products and services
EEA users have the following rights, which can be exercised by contacting us:
We try to meet the highest standards in order to protect your privacy. However, if you are concerned about the way in which we are managing your personal data and think we may have breached any applicable privacy laws, or any other relevant obligation, please contact us by using the contact details set out below. We will make a record of your complaint and refer it to our internal complaint resolution department for further investigation. We will deal with the matter as soon as we can, and keep you informed of the progress of our investigation.
If we have not responded to you within a reasonable time or if you feel that your complaint has not been resolved to your satisfaction, you are entitled to make a complaint to the Hong Kong Privacy Commissioner for Personal Data.
If you want any further information from us on privacy matters, please contact us at: ops@hexcustody.com
Hex Trust cannot guarantee the value of Virtual Assets and does not provide such assurance. You acknowledge and agree that the value of Virtual Assets is highly volatile, and trading or holding them involves a significant risk of loss. The value of virtual assets can fluctuate rapidly and may even decline to zero. Additionally, virtual assets may not be transferable or liquid, and there may be instances of fraud, manipulation, theft, or loss. Please note that Hex Trust never requests users to disclose their account passwords, online banking or ATM passwords, debit/credit card CVV numbers, or to make payments in person or via cash deposits or money transfers (Western Union, MoneyGram, etc.).
Hex Trust is concerned to ensure that all personal data submitted through Hex Trust website www.hextrust.com (“Hex Trust Website”) are handled in strict adherence to the internal Privacy policy.
Hex Trust will record the visits to Hex Trust Website by using cookies and page tagging without collecting any personal identifiable information of users.
A cookie is a small amount of data created in a computer when a person visits a website. It often includes an anonymous unique identifier. A cookie can be used to identify a device. It, however, is not used to collect any personal information. In other words, it does not have the function of identifying an individual user of the website. Cookies are used by Hex Trust to collect statistics about the number of visits of users to Hex Trust Website and the users’ preference of websites and online services offered on Hex Trust. Cookies are also used as set out below under the caption “Google Analytics”. You may choose to accept or reject cookies. If you reject the cookies, you will not be able to use some of the functions of Hex Trust , such as saving your preferences in using Hex Trust Website and accessing some online services on Hex Trust Website.
Hex Trust uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses cookies to help the website analyse how you use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and Internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
Download Google Analytics Opt-out Browser Add-on
Javascript and pixel tags are used to collect statistics on customer usage patterns of Hex Trust Website and Hex Trust online services offered on Hex Trust Website; and for tracking the performance of our online advertisements. A pixel tag is a transparent image placed on certain webpages to collect data on user activities. The collected data are aggregated and analysed for measuring the effectiveness, improving the usability of Hex Trust Website and the services provided on GovHK. No personal or identifiable information about a visitor would be collected. You may disable JavaScript on your device. Disabling JavaScript should not affect your access to Hex Trust Website, but you will not be able to use some of Hex Trust Website functions, such as changing text size and accessing Hex Trust online services offered through Hex Trust Website.
For different purposes and at different times you may be invited to provide personal data to Hex Trust through Hex Trust Website on a voluntary basis. Personal information may include your name, company name, telephone number or e-mail address. Hex Trust will specify the collection purpose and intended usage of your data when it invites you to provide such information. Unless permitted or required by law, Hex Trust will not disclose your personal data to any third parties without your prior consent. Hex Trust Website uses SSL protocol to encrypt data during network transmission to protect your personal data. All personal data you provide to Hex Trust via Hex Trust Website are secured, and access to them is restricted to authorised personnel only.
Reach out to us at privacy@hextrust.com for any general privacy related enquiries.
Reach out to us at privacy.italy@hextrust.com for any Italy privacy related enquiries.
Our e-mail message (including any attachments) is intended only for the named recipient(s). It may contain confidential information that is privileged or that constitutes attorney work product. We do not waive confidentiality if you have received this communication in error. Email from and to this address may be subject to monitoring and archiving procedures by Hex Trust. If you are not the intended recipient or you have received this e-mail in error, you are hereby notified that any use, dissemination, distribution, copying or any action taken in reliance of the content of this e-mail and any attachment(s) is STRICTLY PROHIBITED. In addition, please immediately notify the sender by replying to this e-mail and delete the message and any attachment(s) from your system.
All content in our email messages has been obtained from sources deemed to be reliable, but is subject to unintentional errors, omissions and changes without notice, and is not warranted by Hex Trust as to its accuracy or completeness and Hex Trust does not accept liability for any errors or omissions in the contents of its emails that arise as a result of email transmission. It is the responsibility of the recipients to independently confirm its accuracy and completeness. The sender undertakes no obligation to update or correct the information in any of its emails.
Any views or opinions presented are solely those of the author and do not necessarily represent those of Hex Trust. This message is for general information purposes only, and it is not and does not constitute any investment advice, offer to perform investment advisory services, any solicitation or offer to buy or sell any assets or financial product or instrument or an official confirmation of any transaction in any jurisdiction. You should not rely on the information contained herein, and should rely solely on, and carefully read, the appropriate offering and related subscription materials relating to any specific investment product before making any investment decision. To the extent the contents hereof contain performance data, please be advised that past performance is not indicative of future results. Any investment in digital asset involve significant risks (including but not limited to digital assets may decrease in value over time and/or lose all monetary value), all of which you should fully acknowledge and assume before making any investment.
The instruments that Hex Trust invests in, finances, intermediates or risk-transfers are not suitable for all investors and trading in these instruments is considered risky and is appropriate only for institutional investors. All offering of services will be subject to Hex Trust policies and procedures, including ongoing credit and risk approvals and subject to change at any time. Any information contained herein or attached about Hex Trust products or services is for use by institutional investors only.
VL/23/08/002
Virtual Assets Custody Services - Authorised to serve Institutional Investors and Qualified Investors.
Office 426, Level 4, Convention Tower, Dubai World Trade Centre, Dubai, UAE.
Responsible Individuals: Alessio Quaglini, Filippo Buzzi
Compliance Officer and Money Laundering Officer: Miles Corney
View our Knowledge Base here.
View Our VA Standards here.
This Risk Disclosure Statement provides Clients with critical information regarding the risks associated with Virtual Assets. Clients are strongly encouraged to carefully read and fully understand this statement before engaging in any products or services offered by Hex Trust.
This statement does not purport to disclose all risks associated with Virtual Assets but offers a high-level overview of material risks to assist Clients in making informed decisions. Clients should conduct their own due diligence, seek independent professional advice where appropriate, and carefully consider their financial situation, objectives, experience, and risk tolerance before engaging in Virtual Asset activities.
Engaging in Virtual Asset activities involves significant risks, including but not limited to the following:
Virtual Assets are subject to high levels of price volatility and market uncertainty. Unlike traditional fiat currencies or regulated financial instruments, Virtual Assets often lack intrinsic value foundations, making their valuations susceptible to speculation, sentiment, and market dynamics.
Historically, Virtual Assets have demonstrated extreme price fluctuations over short periods, sometimes driven by limited liquidity, speculative trading, regulatory announcements, technological developments, or broader economic factors. As a result, Clients should be prepared to sustain substantial losses, including the possibility of a total loss of value.
Virtual Asset transfers may not always be possible or may encounter restrictions. Some Virtual Assets may have compatibility issues between different blockchain protocols, wallet formats, or platform requirements. Additionally, once a transaction is broadcast and confirmed on a blockchain network, it is typically irreversible.
Errors in inputting wallet addresses, incorrect transfer details, or fraud by malicious actors may result in a permanent loss of Virtual Assets without recourse or recovery options.
Liquidity risk refers to the difficulty in selling, exchanging, or realizing value for Virtual Assets at desirable prices. Not all Virtual Assets have active or deep secondary markets. In times of market stress or for niche or emerging Virtual Assets, liquidity may evaporate quickly, resulting in difficulty executing trades or converting assets to cash.
Limited liquidity can exacerbate price volatility, widen bid-ask spreads, and delay trade execution.
Transactions involving Virtual Assets are typically recorded on public Distributed Ledger Technologies (DLTs), such as blockchains, which are transparent and immutable. While public blockchains often do not record personal identifying information directly, wallet addresses and transaction histories are publicly visible and may be linked to individuals or organizations through blockchain analytics or regulatory reporting measures.
This transparency may conflict with Clients’ expectations of privacy and could expose transactional histories to regulatory authorities, cyber attackers, competitors, or other third parties.
The digital and decentralized nature of Virtual Assets exposes them to heightened risks of fraud, market manipulation, theft, hacking, and cybercrime. Unlike traditional financial systems, the Virtual Asset ecosystem often lacks the robust consumer protections and regulatory safeguards that protect investors in fiat or securities markets.
Holders of Virtual Assets rely heavily on the security of private keys and wallet integrity. Loss of private keys due to negligence, theft, hacking, or fraud can result in permanent loss of access to Virtual Assets. Moreover, in many cases, there are no legal mechanisms for reversing unauthorized transactions or recovering stolen Virtual Assets.
Client Virtual Assets ("Client VAs") held by Hex Trust MENA FZE benefit from any form of deposit protection or guarantee scheme offered by the Virtual Assets Regulatory Authority or any other component authority in the United Arab Emirates.
If you have any questions regarding this Risk Disclosure Statement or wish to seek further clarification about Virtual Asset risks, please contact us at hello@hextrust.com.
At Hex Trust MENA FZE, we are committed to ensuring a fair, transparent, and responsive process for addressing client complaints in accordance with regulatory requirements. We value client feedback and view it as an essential part of maintaining trust and continuously improving our services.
We have made it easy for you to submit a complaint. You may:
We accept complaints through multiple channels and formats to ensure accessibility. You are not required to use a specific form for your complaint to be recognized.
If your complaint involves a third-party service provider linked to our Virtual Asset Activities, we will work directly with the third party to address your concerns. However, we will remain responsible for ensuring your complaint is fully resolved.
We do not impose any fees or charges for submitting or handling complaints.
At Hex Trust MENA FZE, client satisfaction and regulatory compliance are of utmost importance. We are committed to addressing all concerns promptly, fairly, and professionally.
For any queries regarding our complaints handling process, please contact us at complaints.mena@hextrust.com.
At Hex Trust MENA FZE, we are committed to conducting our business with the highest standards of integrity, transparency, and ethical conduct. We recognise that maintaining the trust and confidence of our clients, partners, employees, and stakeholders is critical to our success. As part of this commitment, we have implemented a robust Anti-Bribery and Corruption Policy that reflects our strict zero-tolerance approach to any form of bribery or corruption.
The Company, its Board of Directors, and all Staff must act professionally, fairly, and with integrity in all business dealings and relationships, both internally and externally. We expect the same high standards from all third parties acting on our behalf.
Failure to comply with our Anti-Bribery and Corruption Policy will result in immediate disciplinary action, including the potential termination of employment without notice. In addition, any instances of non-compliance must be immediately reported to the Virtual Asset Regulatory Authority (VARA) for evaluation, in line with our regulatory obligations.
We remain fully committed to upholding a culture of integrity and ensuring that bribery and corruption have no place in any aspect of our operations.
At Hex Trust MENA FZE, we are committed to upholding the highest standards of integrity, transparency, and ethical conduct across all areas of our operations. We foster a culture of accountability and compliance, encouraging all employees, stakeholders, and business partners to adhere to the principles that define our organization.
Maintaining an open and ethical environment is vital to our success and to maintaining the trust of our clients, employees, regulators, and partners. To support this, we have implemented a comprehensive Whistleblowing Policy that enables the reporting of any suspected misconduct, unethical behaviour, or regulatory violations.
Hex Trust MENA FZE actively encourages all employees, contractors, vendors, clients, and other stakeholders to report concerns or suspected wrongdoing, including but not limited to:
Reports may be made openly, confidentially, or anonymously. While we encourage open or confidential reporting to facilitate effective investigation and remediation, we also recognize that some individuals may prefer to report anonymously. In such cases, whistleblowers are asked to provide sufficient detail or supporting evidence to allow a responsible investigation to proceed.
Hex Trust MENA FZE has a strict zero-tolerance policy against retaliation. Any individual who reports a concern in good faith will be fully protected from any form of adverse action, discrimination, harassment, or retribution. Protection extends not only to the identity of the whistleblower but also to any identifying information that could indirectly reveal their identity, recognising that certain facts may act as a "signature."
All concerns reported will be treated with the highest degree of confidentiality and sensitivity. Investigations will be conducted thoroughly, fairly, and impartially, and where misconduct is substantiated, appropriate corrective and disciplinary actions will be taken.
No final finding of misconduct will be made solely based on anonymous allegations unless they are independently corroborated through investigation.
Hex Trust MENA FZE provides secure and confidential channels for whistleblowers to raise concerns safely.
If you suspect wrongdoing, unethical behaviour, or regulatory non-compliance, you can report your concerns securely via:
Email: whistleblowing@hextrust.com
All concerns will be escalated appropriately and handled by designated Compliance and Risk Officers to ensure a professional and impartial review.
At Hex Trust MENA FZE, we value and appreciate the essential role whistleblowers play in safeguarding our organisation’s ethical foundation. Your voice helps protect our integrity, ensure regulatory compliance, and build a stronger, more transparent future.
At Hex Trust MENA FZE ("Hex Trust MENA"), we are committed to maintaining the highest standards of integrity, transparency, and regulatory compliance. As a regulated entity authorised by the Virtual Assets Regulatory Authority (VARA) in the Emirates of Dubai to provide Custody Services, we recognise the critical importance of identifying, managing, and mitigating any actual, potential, or perceived conflicts of interest that may arise in the course of our operations.
Hex Trust MENA has established a comprehensive Conflicts of Interest Policy designed to:
We are committed to acting honestly, fairly, and professionally in accordance with the best interests of our clients at all times.
We have implemented the following key measures to ensure transparency, fairness, and client protection:
Client assets are held in segregated custody accounts, separate from the firm's own assets, ensuring clear asset ownership and eliminating risk of misuse.
Our risk and compliance frameworks provide for independent oversight by senior management and committees, ensuring objective decision-making and escalation procedures.
Hex Trust MENA does not provide preferential treatment to any client. All clients are treated fairly and equitably under consistent operational standards.
Hex Trust MENA does not engage in proprietary trading of Virtual Assets. Our sole focus is on safeguarding client assets in a neutral and conflict-free manner.
Employees are required to comply with a Code of Conduct that mandates disclosure of external interests, prohibits personal trading that could give rise to conflicts, and requires immediate reporting of any potential conflict situations.
Staff undergo regular training on conflicts of interest, ethical behaviour, and regulatory obligations to reinforce a culture of compliance and client-first responsibility.
Where an unavoidable conflict of interest is identified that cannot be fully eliminated, Hex Trust MENA will:
In all cases, we prioritise client protection, fairness, and regulatory compliance in line with VARA expectations and principles.
At the time of this statement, Hex Trust MENA FZE confirms that it has no known actual or material conflicts of interest arising from its custodial activities.
We remain committed to operating with full transparency and integrity, upholding the trust placed in us by our clients, regulators, and stakeholders.
Hex Trust MENA FZE ("Hex Trust MENA") confirms that it does not maintain any client accounts, funds, or Virtual Assets with third parties.
All client assets are held directly under Hex Trust MENA’s custody, fully segregated from the firm's own assets, and maintained in accordance with our regulatory obligations.
We ensure full control, transparency, and protection of client assets through robust custody operations, comprehensive internal controls, and adherence to the highest standards of security, governance, and regulatory compliance.
VL/23/08/003
Broker-Dealer Services and Management and Investment Services - Authorised to serve Institutional Investors and Qualified Investors.
Office 425, Level 4, Convention Tower, Dubai World Trade Centre, Dubai, UAE.
Responsible Individuals: Alessio Quaglini, Filippo Buzzi
Compliance Officer and Money Laundering Officer: Miles Corney
View our Knowledge Base here.
View Our VA Standards here.
HT Markets MENA FZE determines the prices of Virtual Assets quoted to clients using a combination of real-time data from multiple Tier-1 liquidity providers, market makers, and exchanges. Pricing is derived algorithmically by aggregating bid/ask spreads and order book depth to ensure fair market value, with applied spreads disclosed to clients where relevant.
HT Markets MENA FZE routes client orders to a network of liquidity providers and OTC counterparties based on best execution principles, which consider price, speed, reliability, and settlement risk. As of the date of this disclosure, no single liquidity source accounts for 20% or more of routed client orders on a sustained basis.
HT Markets MENA FZE does not currently hold or maintain client funds or Virtual Assets, nor does it provide clearing or settlement services on behalf of other VASPs offering Broker-Dealer Services.
HT Markets MENA FZE does not hold client Virtual Assets or fiat funds directly. All client assets are held in segregated accounts under the custody of Hex Trust MENA FZE, an affiliated and regulated entity licensed to provide Virtual Asset Custody Services under the VARA framework. These arrangements are structured to ensure that client ownership is fully protected, with legal title and beneficial ownership remaining with the client at all times.
HT Markets MENA FZE does not maintain any accounts, funds, or Virtual Assets with third-party custodians or intermediaries. All client asset arrangements are conducted through internal group infrastructure and regulated counterparties, including Hex Trust MENA FZE, in accordance with applicable regulatory obligations.
This Risk Disclosure Statement provides Clients with critical information regarding the risks associated with Virtual Assets. Clients are strongly encouraged to carefully read and fully understand this statement before engaging in any products or services offered by Hex Trust.
This statement does not purport to disclose all risks associated with Virtual Assets but offers a high-level overview of material risks to assist Clients in making informed decisions. Clients should conduct their own due diligence, seek independent professional advice where appropriate, and carefully consider their financial situation, objectives, experience, and risk tolerance before engaging in Virtual Asset activities.
Engaging in Virtual Asset activities involves significant risks, including but not limited to the following:
Virtual Assets are subject to high levels of price volatility and market uncertainty. Unlike traditional fiat currencies or regulated financial instruments, Virtual Assets often lack intrinsic value foundations, making their valuations susceptible to speculation, sentiment, and market dynamics.
Historically, Virtual Assets have demonstrated extreme price fluctuations over short periods, sometimes driven by limited liquidity, speculative trading, regulatory announcements, technological developments, or broader economic factors. As a result, Clients should be prepared to sustain substantial losses, including the possibility of a total loss of value.
Virtual Asset transfers may not always be possible or may encounter restrictions. Some Virtual Assets may have compatibility issues between different blockchain protocols, wallet formats, or platform requirements. Additionally, once a transaction is broadcast and confirmed on a blockchain network, it is typically irreversible.
Errors in inputting wallet addresses, incorrect transfer details, or fraud by malicious actors may result in a permanent loss of Virtual Assets without recourse or recovery options.
Liquidity risk refers to the difficulty in selling, exchanging, or realizing value for Virtual Assets at desirable prices. Not all Virtual Assets have active or deep secondary markets. In times of market stress or for niche or emerging Virtual Assets, liquidity may evaporate quickly, resulting in difficulty executing trades or converting assets to cash.
Limited liquidity can exacerbate price volatility, widen bid-ask spreads, and delay trade execution.
Transactions involving Virtual Assets are typically recorded on public Distributed Ledger Technologies (DLTs), such as blockchains, which are transparent and immutable. While public blockchains often do not record personal identifying information directly, wallet addresses and transaction histories are publicly visible and may be linked to individuals or organizations through blockchain analytics or regulatory reporting measures.
This transparency may conflict with Clients’ expectations of privacy and could expose transactional histories to regulatory authorities, cyber attackers, competitors, or other third parties.
The digital and decentralized nature of Virtual Assets exposes them to heightened risks of fraud, market manipulation, theft, hacking, and cybercrime. Unlike traditional financial systems, the Virtual Asset ecosystem often lacks the robust consumer protections and regulatory safeguards that protect investors in fiat or securities markets.
Holders of Virtual Assets rely heavily on the security of private keys and wallet integrity. Loss of private keys due to negligence, theft, hacking, or fraud can result in permanent loss of access to Virtual Assets. Moreover, in many cases, there are no legal mechanisms for reversing unauthorized transactions or recovering stolen Virtual Assets.
Client Virtual Assets ("Client VAs") held by Hex Trust MENA FZE benefit from any form of deposit protection or guarantee scheme offered by the Virtual Assets Regulatory Authority or any other component authority in the United Arab Emirates.
If you have any questions regarding this Risk Disclosure Statement or wish to seek further clarification about Virtual Asset risks, please contact us at hello@hextrust.com.
At Hex Trust MENA FZE, we are committed to ensuring a fair, transparent, and responsive process for addressing client complaints in accordance with regulatory requirements. We value client feedback and view it as an essential part of maintaining trust and continuously improving our services.
We have made it easy for you to submit a complaint. You may:
We accept complaints through multiple channels and formats to ensure accessibility. You are not required to use a specific form for your complaint to be recognized.
If your complaint involves a third-party service provider linked to our Virtual Asset Activities, we will work directly with the third party to address your concerns. However, we will remain responsible for ensuring your complaint is fully resolved.
We do not impose any fees or charges for submitting or handling complaints.
At Hex Trust MENA FZE, client satisfaction and regulatory compliance are of utmost importance. We are committed to addressing all concerns promptly, fairly, and professionally.
For any queries regarding our complaints handling process, please contact us at complaints.mena@hextrust.com.
At Hex Trust MENA FZE, we are committed to conducting our business with the highest standards of integrity, transparency, and ethical conduct. We recognise that maintaining the trust and confidence of our clients, partners, employees, and stakeholders is critical to our success. As part of this commitment, we have implemented a robust Anti-Bribery and Corruption Policy that reflects our strict zero-tolerance approach to any form of bribery or corruption.
The Company, its Board of Directors, and all Staff must act professionally, fairly, and with integrity in all business dealings and relationships, both internally and externally. We expect the same high standards from all third parties acting on our behalf.
Failure to comply with our Anti-Bribery and Corruption Policy will result in immediate disciplinary action, including the potential termination of employment without notice. In addition, any instances of non-compliance must be immediately reported to the Virtual Asset Regulatory Authority (VARA) for evaluation, in line with our regulatory obligations.
We remain fully committed to upholding a culture of integrity and ensuring that bribery and corruption have no place in any aspect of our operations.
At Hex Trust MENA FZE, we are committed to upholding the highest standards of integrity, transparency, and ethical conduct across all areas of our operations. We foster a culture of accountability and compliance, encouraging all employees, stakeholders, and business partners to adhere to the principles that define our organization.
Maintaining an open and ethical environment is vital to our success and to maintaining the trust of our clients, employees, regulators, and partners. To support this, we have implemented a comprehensive Whistleblowing Policy that enables the reporting of any suspected misconduct, unethical behaviour, or regulatory violations.
Hex Trust MENA FZE actively encourages all employees, contractors, vendors, clients, and other stakeholders to report concerns or suspected wrongdoing, including but not limited to:
Reports may be made openly, confidentially, or anonymously. While we encourage open or confidential reporting to facilitate effective investigation and remediation, we also recognize that some individuals may prefer to report anonymously. In such cases, whistleblowers are asked to provide sufficient detail or supporting evidence to allow a responsible investigation to proceed.
Hex Trust MENA FZE has a strict zero-tolerance policy against retaliation. Any individual who reports a concern in good faith will be fully protected from any form of adverse action, discrimination, harassment, or retribution. Protection extends not only to the identity of the whistleblower but also to any identifying information that could indirectly reveal their identity, recognising that certain facts may act as a "signature."
All concerns reported will be treated with the highest degree of confidentiality and sensitivity. Investigations will be conducted thoroughly, fairly, and impartially, and where misconduct is substantiated, appropriate corrective and disciplinary actions will be taken.
No final finding of misconduct will be made solely based on anonymous allegations unless they are independently corroborated through investigation.
Hex Trust MENA FZE provides secure and confidential channels for whistleblowers to raise concerns safely.
If you suspect wrongdoing, unethical behaviour, or regulatory non-compliance, you can report your concerns securely via:
Email: whistleblowing@hextrust.com
Internal Reporting Form
All concerns will be escalated appropriately and handled by designated Compliance and Risk Officers to ensure a professional and impartial review.
At Hex Trust MENA FZE, we value and appreciate the essential role whistleblowers play in safeguarding our organisation’s ethical foundation. Your voice helps protect our integrity, ensure regulatory compliance, and build a stronger, more transparent future.
At Hex Trust MENA FZE ("Hex Trust MENA"), we are committed to maintaining the highest standards of integrity, transparency, and regulatory compliance. As a regulated entity authorised by the Virtual Assets Regulatory Authority (VARA) in the Emirates of Dubai to provide Custody Services, we recognise the critical importance of identifying, managing, and mitigating any actual, potential, or perceived conflicts of interest that may arise in the course of our operations.
Hex Trust MENA has established a comprehensive Conflicts of Interest Policy designed to:
We are committed to acting honestly, fairly, and professionally in accordance with the best interests of our clients at all times.
We have implemented the following key measures to ensure transparency, fairness, and client protection:
Client assets are held in segregated custody accounts, separate from the firm's own assets, ensuring clear asset ownership and eliminating risk of misuse.
Our risk and compliance frameworks provide for independent oversight by senior management and committees, ensuring objective decision-making and escalation procedures.
Hex Trust MENA does not provide preferential treatment to any client. All clients are treated fairly and equitably under consistent operational standards.
Hex Trust MENA does not engage in proprietary trading of Virtual Assets. Our sole focus is on safeguarding client assets in a neutral and conflict-free manner.
Employees are required to comply with a Code of Conduct that mandates disclosure of external interests, prohibits personal trading that could give rise to conflicts, and requires immediate reporting of any potential conflict situations.
Staff undergo regular training on conflicts of interest, ethical behaviour, and regulatory obligations to reinforce a culture of compliance and client-first responsibility.
Where an unavoidable conflict of interest is identified that cannot be fully eliminated, Hex Trust MENA will:
In all cases, we prioritise client protection, fairness, and regulatory compliance in line with VARA expectations and principles.
At the time of this statement, Hex Trust MENA FZE confirms that it has no known actual or material conflicts of interest arising from its custodial activities.
We remain committed to operating with full transparency and integrity, upholding the trust placed in us by our clients, regulators, and stakeholders.
Hex Trust MENA FZE ("Hex Trust MENA") confirms that it does not maintain any client accounts, funds, or Virtual Assets with third parties.
All client assets are held directly under Hex Trust MENA’s custody, fully segregated from the firm's own assets, and maintained in accordance with our regulatory obligations.
We ensure full control, transparency, and protection of client assets through robust custody operations, comprehensive internal controls, and adherence to the highest standards of security, governance, and regulatory compliance.
Hex Trust MENA FZE undertakes comprehensive due diligence to guarantee the adherence of all supported Virtual Assets to our VA Standards. The considerations we take into account for each virtual asset are those listed in the following list. In the best interest of our valued Clients, we recommend familiarising themselves with the available standards pertaining to all supported virtual assets.
For each Virtual Asset we take into consideration:
Hex Trust Italia Srl, pursuant to the Article 45, paragraph 5 of Legislative Decree no. 129 of 05/09/2024, informs its customers that it will provide them with detailed information regarding the plans and measures it intends to adopt in relation to the decision to submit, by 31 December 2025, the possible Application for Authorization to carry out Crypto Asset Service Provider (CASP) activities, pursuant to Regulation (EU) 2023/1114 ("MiCAR"), or in relation to the orderly termination of existing relationships, as soon as such measures have been defined.
Hex Trust Italia Srl, ai sensi e per gli effetti dell'articolo 45, comma 5 del Decreto Legislativo n. 129 del 05/09/2024, comunica ai propri clienti che provvedera' a fornire loro dettagliata illustrazione in merito ai piani ed alle misure che la stessa intendera' adottare in relazione alla decisione di presentare, entro il 31 Dicembre 2025, l'eventuale Istanza di Autorizzazione all'esercizio delle attività di Crypto Asset Service Provider (CASP), ai sensi del Regolamento (EU) 2023/1114 ("MiCAR"), ovvero in relazione all'ordinata chiusura dei rapporti in essere, non appena tali misure saranno state definite.
Nel caso in cui sorga una controversia tra il Cliente e la Società riguardo ai servizi offerti, il Cliente può inviare una comunicazione alla Società tramite il seguente indirizzo email:
Il Cliente può utilizzare l'email sopra indicata per inviare il Modulo di Reclamo.
Continuando ad accettare, il Cliente acconsente che i dati personali forniti siano trattati da Hex Trust in qualità di Titolare del trattamento per rispondere alla sua richiesta attraverso processi parzialmente automatizzati, che prevedono anche l'intervento umano. Si prega di fare riferimento alla Politica sulla Privacy pubblicata su questo sito.
Per ulteriori dettagli o per consultare la versione originale, visita la pagina ufficiale: https://www.hextrust.com/legal-privacy/italy-legal-claims.
I dati forniti dall’Interessato per lo svolgimento del rapporto contrattuale (di seguito congiuntamente “dati personali”) vengono trattati da Hex Trust Italia Srl (di seguito, “la Società”), con sede legale in via Corso Magenta 74, 20123 a Milano, in qualità di Titolare del trattamento. L’Interessato è informato da Hex Trust Italia Srl sul trattamento dei suoi dati che verrà posto in essere, nel rispetto del principio di prudenza e responsabilità (“accountability”). Hex Trust Italia Srl fornisce, a tal fine, l’informativa prevista dall’art. 13 paragrafo 1 e dall’art. 14 paragrafo 1 del Regolamento UE n. 2016/679 (in seguito, “GDPR”), informando l’Interessato che i suoi dati saranno oggetto di trattamento secondo le specifiche nel prosieguo indicate. Parimenti, si precisa che, ai sensi della citata normativa, l’Interessato sarà destinatario di opportuno aggiornamento in merito all’eventuale modifica delle finalità di un nuovo trattamento prima di procedere con lo stesso.
Il Titolare del trattamento tratta i dati personali (nel prosieguo, anche “dati”) dell’Interessato (a titolo esemplificativo e non esaustivo: nome, cognome, indirizzo, telefono, e-mail, riferimenti bancari e di pagamento) per un interesse legittimo che costituisce la base giuridica del trattamento stesso in quanto riconducibile ad un rapporto contrattuale.
L’Informativa non è obbligatoria se:
I dati personali forniti dall’Interessato sono trattati da Hex Trust Italia Srl per le seguenti finalità:
A. Senza consenso espresso – ex art. 6 lett. b), e) del GDPR) - per le seguenti finalità di servizio:
B. Con consenso preventivo specifico (art. 7 del GDPR) per le seguenti finalità commerciali:
Qualora presso l’Interessato i dati personali siano raccolti:
Il trattamento dei dati è realizzato mediante le operazioni indicate all’art. 4 n. 2) del GDPR, in particolare: raccolta, registrazione, organizzazione, conservazione, consultazione, elaborazione, modificazione, selezione, estrazione, raffronto, utilizzo, interconnessione, blocco, comunicazione, cancellazione e distruzione dei dati. Ciò con esclusione della
diffusione. Il trattamento dei dati personali non comporta, allo stato, processi decisionali automatizzati: all’occorrenza, il Titolare provvederà a specificarlo e ad indicare la logica di tali processi decisionali e le conseguenze previste per l'Interessato. I dati personali sono sottoposti a trattamento cartaceo ed elettronico.
Non risulta necessario specificare le categorie dei dati personali oggetto di trattamento allorquando la loro raccolta sia effettuata senza il tramite di soggetti terzi all’uopo delegati dal Titolare.
Il Titolare tratterà i dati personali per il tempo necessario all’adempimento delle finalità di cui sopra e comunque per un periodo non superiore ai 10 anni dalla cessazione del rapporto e non oltre 2 anni dalla raccolta dei dati per le finalità di cui al punto 2.B.
Il Titolare del trattamento può comunicare i dati personali - anche all’estero - a dipendenti e collaboratori di Hex Trust Italia Srl (in qualità di incaricati e/o responsabili interni del trattamento e/o amministratori di sistema) ovvero a soggetti terzi (in qualità di autonomi titolari o responsabili esterni del trattamento) per:
I nominativi dei soggetti Terzi a cui i dati possano essere comunicati sono riportati in uno specifico elenco aggiornato dal Titolare del trattamento e disponibile presso la sede di Hex Trust Italia Srl.
I dati personali sono conservati su server ubicati esternamente all’Unione Europea. Il Titolare, qualora necessario, si riserva la facoltà di spostare i server anche all’interno dell’Unione Europea. Cio’ posto, il Titolare assicura sin d’ora che il trasferimento dei dati extra-UE risulta conforme alle disposizioni di legge applicabili alla luce delle clausole contrattuali standard previste dalla Commissione Europea. In particolare, alla luce dell’art. 49 del GDPR, il Titolare del Trattamento informa il Soggetto Interessato al Trattamento che un trasferimento di dati personali verso un paese terzo o un'organizzazione internazionale può essere effettuato in assenza di una decisione di adeguatezza ai sensi dell'articolo 45, paragrafo 3, o di garanzie adeguate ai sensi dell'articolo 46, comprese norme vincolanti d'impresa, a condizione che l'Interessato abbia esplicitamente acconsentito al trasferimento proposto, dopo essere stato informato dei possibili rischi di tali trasferimenti per l'interessato a causa dell'assenza di una decisione di adeguatezza, conformemente agli Orientamenti n. 2/2018 sulle deroghe all'articolo 49 a norma del regolamento (UE) 2016/679 definiti dal Comitato Europeo sulla Protezione dei Dati.
Il Titolare del trattamento può comunicare i dati, senza necessità di espresso consenso (art. 6 lett. b) e c) del GDPR), per gli scopi di cui all’art. 2.A), in quanto obbligatori. In assenza di ciò, il Titolare non potrà garantire i servizi di cui al citato art. 2.A). Il conferimento dei dati per le finalità di cui all’art. 2.B) è, invece, facoltativo. L’Interessato può, quindi, decidere di non conferire alcun dato o di negare successivamente la possibilità di trattare dati già forniti: in tal caso, non potrà ricevere newsletter, comunicazioni commerciali e materiale pubblicitario inerenti i Servizi offerti dal Titolare, pur continuando ad avere diritto ai Servizi di cui all’art. 2.A).
Non è presente alcun processo decisionale automatizzato.
L’Interessato, ai sensi e per gli effetti dell’art. 15 del GDPR, ha il diritto di:
Il Titolare del trattamento si impegna a comunicare, tempestivamente, all’Interessato ogni caso di violazione dei propri dati personali che possa presentare rischi elevati connessi ai suoi diritti e libertà.
L’Interessato potrà, in qualsiasi momento, esercitare i diritti inviando anche in modalità alternativa:
Il Titolare del trattamento dei dati personali è Hex Trust Italia Srl (di seguito, “la Società”), Hex Trust Italia Srl, Corso Magenta 74 – 20123 Milano.
In the event that a dispute arises between the Client and the Company regarding the services offered, the Client may submit a communication to the Company through the below account:
claims.eu@hextrust.com
The Customer can use the above indicated email to send the Claim Form.
By continuing to accept, the Client agrees that his/ her personal data provided will be processed by Hex Trust as Data Controller to respond to his/ her request through partially automated processes, which also involve human intervention. Please refer to Privacy Policy published on this site.
The data provided by the interested party for the performance of the employment relationship (hereinafter jointly "personal data") are processed by Hex Trust Italia Srl (hereinafter, "the Company"), with registered office in Corso Magenta 74, 20123 in Milan, as Data Controller. The interested party is informed by Hex Trust Italia Srl on the processing of his data that will be carried out, in compliance with the principle of prudence and responsibility ("accountability"). To this end, Hex Trust Italia Srl provides the information required by art. 13 paragraph 1 and art. 14 paragraph 1 of EU Regulation no. 2016/679 (hereinafter, “GDPR”), informing the interested party that his/her data will be processed according to the specifications indicated below. Likewise, it is specified that, pursuant to the aforementioned legislation, the interested party will be the recipient of an update regarding any change in the purposes of a new processing before proceeding with the same.
The Data Controller processes the personal data (hereinafter also "data") of the interested party (by way of example and not limited to: name, surname, address, telephone, e-mail, bank and payment details) for a legitimate interest. which constitutes the legal basis of the processing itself as it is attributable to a contractual relationship.
The information is not mandatory if:
Your personal data is processed by Hex Trust for the following purposes:
A. Without your express consent – pursuant to art. 6 lett. b), e) GDPR) - for the following Service Purposes:
fulfilment of obligations established by law; by regulations; by community legislation (e.g. anti-money laundering law, which provides for customer profiling and various other obligations); by the Decree of the Ministry of Economy and Finance of 02/17/2022 (also "VASP Decree") which introduced the "Italian Register of Virtual Asset Suppliers" ("VASP Register") in relation to which it specified content, methods and frequency of transmission of information relating to the operations carried out as regulated by the Body of Agents and Mediators ("O.A.M."); execution of the activities necessary and strictly connected and instrumental to the management of contractual relationships (e.g., prevention of fraud also through tools identity verification).
B. Only subject to your specific and distinct consent (art. 7 GDPR) for the following Marketing Purposes:
If personal data is collected from the interested party:
The data processing is carried out through the operations indicated in the art. 4 no. 2) of the GDPR, in particular: collection, recording, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. This excludes diffusion. The processing of personal data does not currently involve automated decision-making processes: if necessary, the Data Controller will specify this and indicate the logic of such decision-making processes and the expected consequences for the interested party. Personal data is subjected to paper and electronic processing.
It is not necessary to specify the categories of personal data being processed when their collection is carried out without the intermediary of third parties delegated for this purpose by the Data Controller.
The Data Controller will process personal data for the time necessary to fulfil the aforementioned purposes and in any case for a period not exceeding 10 years from the termination of the relationship and no later than 2 years from the collection of data for the purposes referred to in point 2.B.
The Data Controller may communicate personal data - even abroad - to employees and collaborators of Hex Trust Italia Srl (as persons in charge and/or internal data processors and/or system administrators) or to third parties (as of independent data controllers or external data processors) for:
The names of third parties to whom the data may be communicated are reported in a specific list updated by the Data Controller and available at the headquarters of Hex Trust Italia Srl.
Personal data is stored on servers located outside the European Union. The Owner, if necessary, reserves the right to move the servers within the European Union. Having said this, the Data Controller hereby ensures that the transfer of non-EU data complies with the applicable legal provisions in light of the standard contractual clauses envisaged by the European Commission. In particular, in light of art. 49 of the GDPR, the Data Controller informs the Subject Interested in the Processing that a transfer of personal data to a third country or an international organization may be carried out in the absence of an adequacy decision pursuant to Article 45, paragraph 3, or of adequate guarantees pursuant to Article 46, including binding corporate rules, provided that the interested party has explicitly consented to the proposed transfer, after having been informed of the possible risks of such transfers for the interested party due to the absence of an adequacy decision, in accordance with Guidelines no. 2/2018 on derogations from Article 49 pursuant to Regulation (EU) 2016/679 defined by the European Data Protection Board.
The Data Controller may communicate the data, without the need for express consent (art. 6 letter b) and c) of the GDPR), for the purposes referred to in the art. 2.A), as they are mandatory. In the absence of this, the Owner will not be able to guarantee the services referred to in the aforementioned art. 2.A). The provision of data for the purposes referred to in art. 2.B) is, however, optional. The interested party may, therefore, decide not to provide any data or to subsequently deny the possibility of processing data already provided: in this case, he/she will not be able to receive newsletters, commercial communications and advertising material relating to the Services offered by the Data Controller, while continuing to have right to the Services referred to in the art. 2.A).
There is no automated decision making.
The interested party, pursuant to and for the purposes of art. 15 of the GDPR, you have the right to:
The Data Controller undertakes to promptly communicate to the interested party any case of violation of their personal data which may present high risks connected to their rights and freedoms.
The interested party may, at any time, exercise the rights by also sending in an alternative way:
The Data Controller of personal data is Hex Trust Italia Srl, Corso Magenta 74 – 20123 Milan.
The Monetary Authority of Singapore requires Hex Technologies Pte. Ltd. (“Hex Trust Singapore”) to provide specific disclosures to customers engaging with Digital Payment Token (“DPT”) services. Please review the following information carefully before using Hex Trust Singapore’s DPT services.
These disclosures apply exclusively to the DPT services provided by Hex Trust Singapore under the terms set out in your Master Trading Agreement or Custodian Agreement (an “Agreement”). Any capitalised terms used but not defined herein shall carry the meanings assigned to them in the relevant Agreement.
Please note that these disclosures do not apply to services provided by other entities within the Hex Trust Group under separate terms and conditions.
In accordance with the MAS Notice PSN08, the Monetary Authority of Singapore (MAS) requires us to provide this risk warning to you as a customer of a digital payment token (DPT) service provider.
Before you:
(a) pay Hex Trust Singapore any money or DPT; or
(b) pay a third party any money or DPT under an arrangement by Hex Trust Singapore,
You should be aware of the following.
1. Hex Trust Singapore is licensed by MAS to provide DPT services. Please note that this does not mean you will be able to recover all the money or DPTs you paid to Hex Trust Singapore or any other third party referred to above, if Hex Trust Singapore’s or the third party’s business fails.
1A. You should be aware that MAS does not supervise or regulate Hex Trust Singapore for the provision of unregulated services. This includes any service of trading digital payment token derivatives such as futures.
2. You should not transact in the DPT if you are not familiar with this DPT. This includes how the DPT is created, and how the DPT you intend to transact is transferred or held by Hex Trust Singapore.
3. You should be aware that the value of DPTs may fluctuate greatly. You should buy DPTs only if you are prepared to accept the risk of losing all of the money you put into such tokens.
4. You should be aware that Hex Trust Singapore, as part of its licence to provide DPT services, may offer services related to DPTs which are promoted as having a stable value, commonly known as “stablecoin”.
Hex Trust’s asset storage arrangement utilizes advanced hardware and software infrastructure with strong security controls. The central component is the Hardware Security Module (HSM), which securely stores and manages cryptographic keys, ensuring they are always wrapped (encrypted) and never exposed in clear text. Both Safe Plus and Safe Vaults operate in an air-gapped environment, isolated from the internet, with data diodes ensuring one-way communication to prevent unauthorized access.
Key generation occurs within the HSM using a True Random Generator, and physical security is enhanced by storing encrypted keys in multiple vaults across different locations, requiring multiple approvals for access. Transaction signing involves client-initiated transactions that go through several approval stages before being securely signed within the HSM through the Key Management System (KMS).
Singaporean clients are onboarded under the Singapore custodian entity, with the Hardware Security Module (HSM) in Singapore serving as their primary operational HSM. To ensure resilience, a secondary HSM located in Hong Kong acts as a geographically redundant backup, ready to take over in the event of hardware failure or disruption to the primary instance. This architecture provides operational continuity and robust disaster recovery for cryptographic asset management.
Clients of Hex Trust Singapore retain beneficial ownership of digital assets safeguarded on their behalf. However, clients may hold rights only to the financial value of the DPTs and do not automatically receive rights to protocol derived features such as governance participation, airdrops or new tokens created from hard forks.
Clients may be entitled to new tokens resulting from hard forks or airdrops subject to certain conditions as set out in the Custodian Agreement. Hex Trust Singapore may, at its sole discretion, decide whether to support any fork or airdrop, and clients have no such entitlement to such benefits unless explicitly provided. Additional fees may apply for the processing or distribution of such assets.
If you suspect any loss of assets due to fraud or negligence by Hex Trust Singapore, please contact our client service team immediately. You may escalate unresolved matters through our Complaints Handling and Resolution process, in accordance with the timelines and procedures as described in this disclosure and your agreement.
Any compensation offered will be capped at your direct losses and may be adjusted based on contributory negligence, if applicable.
Hex Trust Singapore will not be liable for losses resulting from client fraud, gross negligence or wilful misconduct (among other things).
Clients may provide instructions through Hex Trust Singapore’s official channels as outlined in your Agreement.
The client shall provide a list of all persons authorised to act on its behalf in giving such instructions, clearly specifying the scope, limitations, or role of each individual’s authority. Hex Trust Singapore will only act on clients assets in accordance with the instructions received from the client’s duly authorized representatives.
All authorisations are subject to our verification and risk assessment procedures. It is the client’s responsibility to ensure the list of authorised persons remains accurate and up to date, and to ensure security and confidentiality of all access credentials. Hex Trust Singapore may refuse any instruction from a person who is not duly authorised or has not satisfied our verification process.
Hex Trust Singapore does not use client assets as collateral and will not sell, loan, or otherwise encumber assets without explicit client instruction or legal requirement. Where required, we may debit your account to complete transactions in accordance with agreed payment terms.
For further details, please contact our Client Services team or refer to the applicable service agreement.
All fees associated with the safeguarding of clients’ assets are fully disclosed in the Fee Schedule attached to the Custodian Agreement and are communicated during relevant service interactions.
By using Hex Trust Singapore’s services, clients acknowledge and consent to these fees, which are necessary to maintain secure and compliant asset safeguarding procedures.
Clients will have ongoing access to account-related information, including digital asset balances and transaction history through a secure and dedicated client portal provided by Hex Trust Singapore. Additionally, periodic reports and/or monthly statements of accounts relating to the assets of the clients shall be delivered via email or other agreed communication channels. The frequency, timing, and level of details of these reports will be expressly agreed between Hex Trust Singapore and the client from time to time.
Hex Trust Singapore conducts a comprehensive evaluation of digital assets through a multi-layered review framework that includes both global due diligence and localised legal and compliance assessment to ensure alignment with applicable regulatory standards and internal risk policies.
The evaluation process for supporting new DPT involves a comprehensive assessment based on several key criteria including but not limited to:
Technology and Security Assessment:
Assessment of the asset’s underlying infrastructure, including whether it operates on a proprietary blockchain or leverages an existing blockchain. This also includes review of the asset’s security measures and evaluation of the infrastructure required to support the asset.
Risk Assessment:
Assessment of the issuer and its development team’s technological experience, track record, and reputation to identify potential operational and reputational risks. This also includes a review of the asset’s tokenomics (supply and release schedule), funding status and key investors, and market presence through its exchange listings, trading pairs, and liquidity profile.
Compliance Assessment:
Assessment focusing on AML/CFT name screening to ensure the asset and associated parties are not on sanctions watchlists, alongside negative news searches to identify any adverse media or controversies related to the project.
Upon successful completion of the fundamentals assessment, the DPT will be integrated and supported on Hex Trust Singapore’s platform for deposit and transfer. Only DPTs that comply with internal standards and relevant regulatory requirements will be supported.
To ensure asset integrity, the platform will maintain ongoing oversight of the performance, security, and regulatory compliance of every supported asset. The platform may suspend or discontinue support for a DPT if it determines that the asset no longer meets requirements, poses substantial risk, or if any concerns arise from ongoing monitoring.
In most cases, clients will receive advance notice of approximately two weeks prior to a suspension or discontinuation of asset support. During this period, clients will be able to trade or withdraw the affected asset. On the date support is discontinued, trading will be suspended, but withdrawals will remain available unless otherwise specified.
In exceptional circumstances (e.g., immediate legal or regulatory concerns, smart contract vulnerabilities), Hex Trust Singapore may suspend all support without advance notice. In such cases, the Hex Trust team will notify affected clients and outline the next steps, which may include enforced liquidation or a pre-defined conversion to a supported asset such as USDC.
Hex Trust Singapore does not accept fees or incentives in exchange for supporting digital assets.
However, other entities within the Hex Trust Group may, from time to time, engage in commercial arrangements with asset issuers, node providers, other parties or affiliates. Where such relationships exist, potential conflicts of interest are managed under Hex Trust’s Group-wide Conflicts of Interest Policy. More information can be made available upon request.
Hex Trust Singapore is committed to providing fair, timely, and transparent resolution of customer complaints. Hex Trust Singapore recognises that client feedback is essential for improving its services and enhancing the overall customer experience.
All complaints are properly assessed and documented, including relevant details and correspondence, by a dedicated team. Staff handling complaints operate independently and are not involved in the subject of the complaint.
Complaints may be raised by clients or members of the public through various channels such as in person, writing, phone, or via Hex Trust Singapore’s Helpdesk:
Email: clients@hextrust.com | WhatsApp: +852 6460 8565
Hex Trust Singapore aims to resolve complaints promptly upon receipt. Where immediate resolution is not possible, complainants are advised to submit their complaint in writing (e.g., via email or WhatsApp) for proper review and documentation. Complaints are assessed fairly to determine whether they should be upheld. Should the complaint be dismissed, written reasons will be provided. If the matter cannot be resolved promptly or it involves significant issues, it will be escalated to senior management within 24 hours, followed by an official acknowledgement to the complainant.
The outcome of the assessment will be clearly communicated. All complaints will be resolved within 10 calendar days from the date of receipt. If additional time is required due to complexity, an interim update will be issued with the status and, where possible, the expected resolution date.
A conflict of interest arises when competing obligations or interests may impair the ability of Hex Trust Singapore to act solely in the best interests of its clients. This can occur when Hex Trust Singapore or its affiliates have commercial, financial, or strategic incentives that may diverge from those of the client, potentially resulting in an advantage to Hex Trust Singapore or the Hex Trust Group, while disadvantageing the client.
Hex Trust Singapore is committed to the highest standards of ethical conduct and transparency. We believe it is important for clients to understand where actual or potential conflicts of interest may exist, so they can make informed decisions when engaging our services.
Outlined below are key areas of actual or potential conflicts of interest and how we mitigate them.
Hex Trust Singapore is part of the wider Hex Trust Group, which provides a range of digital asset services and products (e.g. custody, staking, tokenisation, and trading solutions). Certain related party services may be accessible through the same platform or interface that hosts services offered by Hex Trust Singapore. In such cases, there may be a perception that Hex Trust Singapore could be motivated to prioritise the broader commercial interests of the Hex Trust Group over those of its clients, particularly if clients are not clearly informed that the service is being provided by an affiliate or related entity.
To mitigate such perceived conflicts of interest, Hex Trust Singapore maintains an independent governance and management structure.
While we believe potential conflicts of interest arising from affiliate or related party services are adequately managed, we acknowledge that residual risks, such as user perceptions of bias or unconscious internal bias may remain. To maintain transparency and safeguard client trust, Hex Trust Singapore will inform clients of the identity of the Hex Trust Group entity providing such related party services, thereby enabling clients to make an informed decision on whether to engage with those services.
Hex Trust Singapore is committed to proactively identifying, managing, and disclosing conflicts of interest, ensuring these are appropriately governed and resolved in a fair and transparent manner.
Clients are encouraged to contact us should they have any questions or concerns regarding potential conflicts of interest or wish to receive further information about how these matters are addressed.
Hex Trust Singapore’s standard business days are Monday to Friday, from 9:00 AM to 5:00 PM (local time). Our customer support team is available 24/7/365 to help with any service support or inquiries. Please note that our business hours may be subject to change due to operational adjustments. Any changes will be communicated promptly through our website and other official channels.
For any inquiries or assistance, please contact our Hex Trust Singapore’s support team 24/7/365:
Email: clients@hextrust.com
WhatsApp: +852 6460 8565
Our support team is available to assist you with general questions, service support, and guidance. For complaints or disputes, please refer to our dedicated Complaints Handling and Resolution section.
This Data Protection Notice (“Notice”) sets out the basis which Hex Technologies Pte. Ltd., Hex Trust Pte. Ltd. (including their related entities) (“we”, “us”, or “our”) may collect, use, disclose or otherwise process personal data of our customers in accordance with the Personal Data Protection Act (“PDPA”). This Notice applies to personal data in our possession or under our control, including personal data in the possession of organisations which we have engaged to collect, use, disclose or process personal data for our purposes.
1. As used in this Notice:“customer” means an individual who (a) has contacted us through any means to find out more about any goods or services we provide, or (b) may, or has, entered into a contract with us for the supply of any goods or services by us; and“personal data” means data, whether true or not, about a customer who can be identified:(a) from that data; or (b) from that data and other information to which we have or are likely to have access.
2. Depending on the nature of your interaction with us, some examples of personal data which we may collect from you include your name and identification information such as your NRIC number, contact information such as your address, email address or telephone number, nationality, gender, date of birth, marital status, photographs and other audio-visual information, employment information and financial information such as credit card numbers, debit card numbers or bank account information.
3. Other terms used in this Notice shall have the meanings given to them in the PDPA (where the context so permits).
4. We generally do not collect your personal data unless (a) it is provided to us voluntarily by you directly or via a third party who has been duly authorised by you to disclose your personal data to us (your “authorised representative”) after (i) you (or your authorised representative) have been notified of the purposes for which the data is collected, and (ii) you (or your authorised representative) have provided written consent to the collection and usage of your personal data for those purposes, or (b) collection and use of personal data without consent is permitted or required by the PDPA or other laws. We shall seek your consent before collecting any additional personal data and before using your personal data for a purpose which has not been notified to you (except where permitted or authorised by law).
5. We may collect and use your personal data for any or all of the following purposes:(a) performing obligations in the course of or in connection with our provision of the goods and/or services requested by you;(b) verifying your identity;(c) responding to, handling, and processing queries, requests, applications, complaints, and feedback from you; (d) managing your relationship with us;(e) processing payment or credit transactions;(f) sending your marketing information about our goods or services including notifying you of our marketing events, initiatives and promotions, lucky draws, membership and rewards schemes and other promotions;(g) complying with any applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority;(h) any other purposes for which you have provided the information;(i) transmitting to any unaffiliated third parties including our third party service providers and agents, and relevant governmental and/or regulatory authorities, whether in Singapore or abroad, for the aforementioned purposes; and(j) any other incidental business purposes related to or in connection with the above.
6. We may disclose your personal data:(a) where such disclosure is required for performing obligations in the course of or in connection with our provision of the goods or services requested by you; or(b) to third party service providers, agents and other organisations we have engaged to perform any of the functions listed in clause 5 above for us.
7. The purposes listed in the above clauses may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any contract with you).
8. The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop using and/or disclosing your personal data for any or all of the purposes listed above by submitting your request in writing or via email to our Data Protection Officer at the contact details provided below.
9. Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within ten (10) business days of receiving It.
10. Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing our goods or services to you and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing in the manner described in clause 8 above.
11. Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws.
12. If you wish to make (a) an access request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or (b) a correction request to correct or update any of your personal data which we hold about you, you may submit your request in writing or via email to our Data Protection Officer at the contact details provided below.
13. Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.
14. We will respond to your request as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).
15. To safeguard your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical and technical measures such as up-to-date antivirus protection, encryption and the use of privacy filters to secure all storage and transmission of personal data by us, and disclosing personal data both internally and to our authorised third party service providers and agents only on a need-to-know basis.
16. You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.
17. We generally rely on personal data provided by you (or your authorised representative). In order to ensure that your personal data is current, complete and accurate, please update us if there are changes to your personal data by informing our Data Protection Officer in writing or via email at the contact details provided below.
18. We may retain your personal data for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws.
19. We will cease to retain your personal data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected, and is no longer necessary for legal or business purposes.
20. We generally do not transfer your personal data to countries outside of Singapore (but please see clause 21 below). If we do so, we will obtain your consent for the transfer to be made and we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.
21. We use Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses cookies, which are small amounts of data created in a computer when a person visits a website, to help the website analyse how you use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and Internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
Download Google Analytics Opt-out Browser Add-on
22. You may contact our Data Protection Officer if you have any enquiries or feedback on our personal data protection policies and procedures, or if you wish to make any request, you may contact us at dpo.sg@hextrust.com.
EFFECT OF NOTICE AND CHANGES TO NOTICE
23. This Notice applies in conjunction with any other notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your personal data by us.
24. We may revise this Notice from time to time without any prior notice. You may determine if any such revision has taken place by referring to the date on which this Notice was last updated. Your continued use of our services constitutes your acknowledgement and acceptance of such changes.