UAB “AB Exchange”


 Date: 26.07.2022

If you have any questions about this Privacy Policy, please feel free to contact us by email at [email protected] or chatbot, operating within the Telegram cloud messenger 


UAB “AB Exchange” (hereafter referred to as “Company”, “We”, “Us”) respects the privacy of users  to our Websites and our products, services or applications (collectively referred to as the “Services”) and understands how protection of personal data is important, therefore the Company have adopted this Privacy Policy (hereafter referred to as Privacy Policy”).  

Privacy Policy applies to the personal data (hereafter referred to as Personal Data”) processed by UAB “AB Exchange”.

This Privacy Policy applies to the processing of personal data provided by the User, or that is otherwise became known to the Company, as a result of:

  • use of any of our Services by the users;


This Privacy Policy lays out what kind of information relating to an identified or identifiable natural person we collect  (hereafter referred to as “Personal Data”), the purpose of such data collection, how we use and disclose it, the users’ rights in relation to personal data, and how you can contact us about our privacy practices.

Please note that we process the personal data in accordance with the EU General Data Protection Regulation No 2016/679 (hereafter referred to as “GDPR”) and other applicable EU legislation and regulations on data protection.

By continuing to use our Websites and/or Services, you confirm that you agree to Privacy Policy.   

Please note that our Services, Websites and Chatbot are not intended for minors below the age of 18 years and we do not knowingly collect data relating to minors.

The English language version of this Privacy Policy constitutes an original, and therefore shall prevail in case of any inconsistencies with translated versions if any. 





1.1. For the purpose of the GDPR, in relation to our Websites and/or Services and users the Company determines the purposes and means of the processing of personal data (therefore acts as the “personal data controller” under the definition given in GDPR). 

The table below details the data controller of your personal data:


Table #1

Provider of activities of a virtual asset exchange operator and a deposit virtual asset operatorUAB “AB Exchange”Lithuania, Eišiškių Sodų 18-oji g. 11, LT-02194 Vilnius


1.2. If you are dissatisfied with the way we process your personal data, you have the right to file a complaint with the supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority for data protection issues.

1.3. If you are a resident of an EEA State, you may find the information about supervisory authority in your jurisdiction here.

1.4. This Privacy Policy shall be revised to stay compliant with applicable privacy legislation. You can find the date of the last update to the Privacy Policy in the Version Control Table (Annex 1). Whenever we update this Privacy Policy, we will take appropriate measures to inform you via publications on the Websites, of all of the changes we make.  We will obtain your consent to any material changes if and where so required by applicable data protection laws.

1.5. On the Website(s) “buttons” and/or hyperlinks are included to promote or share web pages on social (media) networks or third-party websites and/or services such as Twitter, Instagram, Facebook or YouTube. We do not supervise these networks and websites and are therefore not responsible for the processing of your personal data by and through the parties behind those networks and websites. The use of these media is therefore at your own risk. Before you make use of these third-party services, we recommend you to read the privacy statements of respective third parties.

1.6. You have the right to withdraw your consent to the collection and processing of your personal data at any time, but this withdrawal will not affect our right to process personal data, based on the consent given before withdrawal thereof, in part related to personal data received before such withdrawal.


2.1. Depending on whether and how you use our Services, Website(s) or Chatbot, we may collect, use, store and transfer different categories of personal data about you which are lied out below:

  • Identity Data: first name, last name, username or similar identifier, date of birth and gender, biometric information, including a visual image of your face, national identity cards, passports, driving licenses or other forms of identification documents. 

Please note: we are subject to EU Anti-Money Laundering Directives and the relevant EU Member States’ law implementing them which require us to process for instance information from your ID documents including a photographic picture of you and a visual image of your face or video (the so-called “liveness check”).

  • Contact Data: residence details, billing address, home address, work address, email address and telephone numbers, proof of address documentation.
  • Financial Data: bank account, payment card details, virtual currency accounts, stored value accounts, amounts associated with accounts, external account details, source of funds and related documentation.
  • Social Identity Data: political background, close connections, information on referrals related to you.
  • Transactional Data: details about payments to and from you, other details of any transactions you enter into using the Services, Website or App (contractor, type, date/time, details, amount, status), general balance.
  • Technical Data: sign-in history (date, OS, sign-in status, IP address, browser), internet connectivity data, internet protocol (IP) address, operator and carrier data, login data, browser type and version, device type, category and model, time zone setting and location data, language data, browser plug-in types and versions, operating system and platform, diagnostics data such as crash logs and any other data, and other information, stored on or available relating to the devices, you allow us to gather when you access the Websites or use the Services or Chatbot.
  • Profile Data: your username and password, your profile picture, “about me” information, your ID, phone number, email associated with your accounts, your interests, preferences and feedback, other information generated by you when you communicate with us, for example when you address a request to our customer support.
  • Usage Data: information relating to your usage of the Website, the Services, Chatbot and other offerings made available by us, including:
    • device download time,
    • install time,
    • registration time,
    • interaction type and time,
    • event time, name and source.
  • Marketing Data: your preferences in receiving marketing material from us or third parties.

2.2. Certain types of sensitive personal data are subject to additional protection under the GDPR (hereafter referred to as “Special categories of personal data”). The special categories of personal data are: 

  • Personal data revealing racial or ethnic origin.
  • Political opinions.
  • Religious or philosophical beliefs.
  • Trade union membership.
  • Genetic data and biometric data, processed for the purpose of uniquely identifying a natural person.
  • Data concerning health.
  • Data concerning a natural person’s sex life or sexual orientation.

We will only use special categories of personal data for a specific purpose and if we are able to satisfy the data protection requirements set out in this Privacy Policy, as well as meet at least one of the following conditions:

  • You have given explicit consent.
  • Processing relates to personal data which are manifestly made public by you.
  • Processing is necessary for the establishment, and exercise of defence of legal claims.
  • Processing is necessary for reasons of substantial public interest based on EU or EU Member State law. 


3.1. We use different methods to collect personal data about our users and visitors. You provide us with your data by directly interacting with us, when you: 

  • access our Website(s) or Chatbot;
  • make an application for our Services to be provided to you;
  • create an account;
  • use any of our Services;
  • request marketing materials to be sent to you, (i.e. subscribing to our newsletters);
  • engage in a competition, promotion or survey, including through social media channels;
  • give us the feedback or contact us.

3.2. As you interact with us via our Website(s) or Chatbot, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. We will also collect Transactional Data and Usage Data. We may also receive Technical Data and Marketing Data about you if you visit other websites employing our cookies. You may find more information about how we use cookies through the Cookie Policy.

3.3. We may also use third parties and/or publicly available sources to obtain data related to you. We may use the following sources:

  • fraud and crime prevention agencies;
  • publicly available information on the Internet;
  • public blockchain.

3.4.  We will use your personal data exclusively in accordance with clause 6 of the GDPR, only in case one of the conditions listed below is met: 

  • you have given explicit consent to the processing; 
  • it is necessary for the performance of a contract, that you have entered with the Company; 
  • it is necessary for compliance with a legal obligation to which we may be or are subject(ed); 
  • it is necessary for ​​the performance of a task carried out in the public interest
  • it is necessary for the purposes of the legitimate interests pursued by us.

3.5. We will use your personal data for the purposes, laid out in Table #2:


Table #2

To manage risk and crime prevention including performing anti-money laundering, counter terrorism, sanction screening, fraud and other background checks, detect, investigate, report and prevent financial crime in the broad sense, obey laws and regulations which apply to us and response to complaints and resolving them
  • Identity Data
  • Social Identity Data
  • Contact Data
  • Financial Data
  • Technical Data
  • Transactional Data; and
  • data which might be revealed by KYC or other background checks

Article 6 (1)(b)(c)(f) of the GDPR 

To register you as a new user
  • Identity Data
  • Contact Data
Article 6 (1)(a)(b) of the GDPR 
To process and deliver our Services to you
  • Identity Data
  • Contact Data
  • Financial Data
  • Transactional Data
  • Technical Data
  • Marketing Data

Article 6 (1)(a)(b) of the GDPR

To manage, process, collect and transfer payments, fees and charges and to ensure good management of our payments, fees and charges
  • Identity Data
  • Contact Data
  • Financial Data

Article 6 (1)(b)(f) of the GDPR

To keep our records updated and to study how customers use our products/services
  • Identity Data
  • Contact Data
  • Profile Data
  • Transactional Data
  • Marketing Data

Article 6 (1)(a)(f) of the GDPR

To gather market data for studying customers’ behavior including their preference, interest and how they use our products/services, determining our marketing campaigns and growing our business
  • Identity Data
  • Contact Data
  • Profile Data
  • Usage Data
  • Marketing Data

Article 6 (1)(f) of the GDPR

To deliver relevant website content and advertisements to you
  • Identity Data
  • Contact Data
  • Profile Data
  • Usage Data
  • Technical Data
  • Marketing Data

Article 6 (1)(a)(f) of the GDPR

To improve our Websites, products/services, marketing, your user experience
  • Usage Data
  • Technical Data
Article 6 (1)(a)(f) of the GDPR
To use the services of financial institutions, crime and fraud prevention companies, risk measuring companies, which will use the personal data they receive for their own purposes in their capacity of independent controllers
  • Identity Data
  • Social Identity Data
  • Contact Data
  • Financial Data
  • Transactional Data
  • Technical Data
  • Usage Data

Article 6 (1)(f) of the GDPR

To use the services of social media platforms or advertising platforms some of which will use the personal data they receive for their own purposes, including marketing purposes
  • Usage Data
  • Technical Data

Article 6 (1)(a) of the GDPR

To administer and protect our Websites and Chatbot in order to provide network security and prevention of the fraud
  • Identity Data
  • Contact Data
  • Financial Data
  • Technical Data
  • Transactional Data

Article 6 (1)(f) of the GDPR


4.1. You have the following rights: 

  • to receive confirmation as to whether or not personal data concerning you is being processed, and access your stored personal data, together with supplementary information; 
  • to receive a copy of personal data you provided to us in a structured, commonly used and machine-readable format; 
  • to request rectification of your personal data that is in our control;
  • to request the erasure of your personal data; 
  • to object to the processing of personal data by us; 
  • to request to restrict processing of your personal data by us; 
  • to lodge a complaint with a supervisory authority.

4.2. However, please note that these rights are not absolute, and may be subject to our own legitimate interests under this Privacy Policy and regulatory requirements. If you wish to exercise any of the aforementioned rights or receive more information, please contact us by email at [email protected] or chatbot, operating within the Telegram messenger.

4.3. The statutory period under GDPR for us to reply to a legitimate request is one month. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests.

4.4. Please note that we may request that you provide some details necessary to verify your identity when you request to exercise a legal right regarding your personal data.


5.1. We share your personal data with our third-party service providers, agents, subcontractors and other associated organizations, our group companies, and affiliates (as described below) in order to complete tasks and provide the Services to you on our behalf. 

5.2. We may share your personal data with: 

  • companies that we plan to merge with or be acquired by (if such an event occurs, we will notify you and will require that the newly combined entity follow this Privacy Policy with respect to your personal data);
  • law enforcement, government officials, or other third parties when we are compelled to do so by a subpoena, court order, or similar legal procedure; or we believe in good faith that the disclosure of Personal Data is necessary to prevent physical harm or financial loss, to report suspected illegal activity or to investigate violations of any of our policies;
  • identity verification agencies to undertake required verification checks;
  • fraud or crime prevention agencies to help fight against crimes including fraud, money-laundering and terrorist financing;
  • our vendors and agents, hired by us to provide you with the Services;
  • transaction processors (for the purpose of ensuring transaction performance and their operation).

5.3. Our Websites may contain links to and from the websites or services of our partner networks, advertisers, transaction processors, etc. If you follow a link to any of these websites or services, please note that these websites and any services that may be accessible through them have their own privacy policies and that we are neither responsible nor liable for any of these policies or for any information, including personal data that may be collected through these websites or services, such as contact and location data. Please check these policies before you submit any information or personal data to these websites or use these services.


6.1. Many of our third parties are based outside the European Economic Area (“EEA”) so their processing of your personal data will involve a transfer of data outside the EEA.

6.2. Whenever we transfer your personal data out of the EEA, we guarantee that a similar degree of protection is afforded to it, which ensures the implementation of at least one of the following safeguards:

  • the country to which we transfer your personal data has been deemed to provide an adequate level of protection for personal data by the European Commission;
  • a specific contract signed with such third party, which includes “Standard data protection clauses” (as defined in GDPR) approved by the European Commission which gives safeguards to the processing of personal data


7.1. We implemented a number of security measures to ensure that your data is not lost, abused, or altered, including, but not limited to: firewalls and data encryption, physical access controls to our premises, and information access authorization controls. We also authorize access to your data only for those employees or contractors who require it to fulfil their job or service responsibilities.

7.2. Please note that the transmission of data (including communications by email) over the Internet or other publicly accessible networks is not completely secure. We are not liable for the security of any data you are transmitting over the Internet. We are not responsible for the distribution and use of your personal data that you have made visible to other users. 


8.1. We consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, or other requirements when determining the appropriate retention period for personal data.

8.2. The following factors will be considered while determining how long we need to retain your personal data:

  • if we reasonably believe there is a prospect of litigation in respect to our relationship with you or if we consider that we need to keep information to defend possible future legal claims, personal data will be kept up to 10 years following the end of our relationship (e.g., email addresses and content, chats, letters);
  • to comply with any applicable legal and/or regulatory requirements with respect to certain types of personal data:
    • under the Lithuanian AML Regulations, we are obliged to retain your personal data for a period of 8 years after the termination of the business relationship between Company and You as a customer; this period may be extended, if prescribed by law.
  • if the data is needed for audit purposes;
  • in accordance with relevant industry standards or guidelines.

8.3. We will erase your personal data without undue delay where one of the following grounds applies unless prescribed otherwise by law:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • you withdraw consent on which the processing is based and where there is no other legal ground for the processing;
  • you object to the processing and there are no overriding legitimate grounds for the processing (for example where personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing);
  • the personal data has been unlawfully processed;
  • the personal data has to be erased for compliance with a legal obligation in European Union or Member State law to which we are subjected.


Documents lied out below shall constitute an integral part of this Privacy Policy: 

  1. Version Control Table
  2. Cookie Policy



Version Control Table



Modified clauses