UAB “AB Exchange”
- use of any of our Services by the users;
- use of our Websites located at http://abex.pro and https://alice-bob.io/ (hereafter referred to as “Websites”) or chatbot, operating within the Telegram cloud messenger (https://t.me/alicebobbot) (hereafter referred to as “Chatbot”) by the users;
Please note that we process the personal data in accordance with the EU General Data Protection Regulation No 2016/679 (hereafter referred to as “GDPR”) and other applicable EU legislation and regulations on data protection.
Please note that our Services, Websites and Chatbot are not intended for minors below the age of 18 years and we do not knowingly collect data relating to minors.
1. GENERAL PROVISIONS
1.1. For the purpose of the GDPR, in relation to our Websites and/or Services and users the Company determines the purposes and means of the processing of personal data (therefore acts as the “personal data controller” under the definition given in GDPR).
The table below details the data controller of your personal data:
|OUR SERVICES||DATA CONTROLLER||CONTACT DETAILS|
|Provider of activities of a virtual asset exchange operator and a deposit virtual asset operator||UAB “AB Exchange”||Lithuania, Eišiškių Sodų 18-oji g. 11, LT-02194 Vilnius|
1.2. If you are dissatisfied with the way we process your personal data, you have the right to file a complaint with the supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority for data protection issues.
1.3. If you are a resident of an EEA State, you may find the information about supervisory authority in your jurisdiction here.
1.5. On the Website(s) “buttons” and/or hyperlinks are included to promote or share web pages on social (media) networks or third-party websites and/or services such as Twitter, Instagram, Facebook or YouTube. We do not supervise these networks and websites and are therefore not responsible for the processing of your personal data by and through the parties behind those networks and websites. The use of these media is therefore at your own risk. Before you make use of these third-party services, we recommend you to read the privacy statements of respective third parties.
1.6. You have the right to withdraw your consent to the collection and processing of your personal data at any time, but this withdrawal will not affect our right to process personal data, based on the consent given before withdrawal thereof, in part related to personal data received before such withdrawal.
2. THE DATA WE COLLECT
2.1. Depending on whether and how you use our Services, Website(s) or Chatbot, we may collect, use, store and transfer different categories of personal data about you which are lied out below:
- Identity Data: first name, last name, username or similar identifier, date of birth and gender, biometric information, including a visual image of your face, national identity cards, passports, driving licenses or other forms of identification documents.
Please note: we are subject to EU Anti-Money Laundering Directives and the relevant EU Member States’ law implementing them which require us to process for instance information from your ID documents including a photographic picture of you and a visual image of your face or video (the so-called “liveness check”).
- Contact Data: residence details, billing address, home address, work address, email address and telephone numbers, proof of address documentation.
- Financial Data: bank account, payment card details, virtual currency accounts, stored value accounts, amounts associated with accounts, external account details, source of funds and related documentation.
- Social Identity Data: political background, close connections, information on referrals related to you.
- Transactional Data: details about payments to and from you, other details of any transactions you enter into using the Services, Website or App (contractor, type, date/time, details, amount, status), general balance.
- Technical Data: sign-in history (date, OS, sign-in status, IP address, browser), internet connectivity data, internet protocol (IP) address, operator and carrier data, login data, browser type and version, device type, category and model, time zone setting and location data, language data, browser plug-in types and versions, operating system and platform, diagnostics data such as crash logs and any other data, and other information, stored on or available relating to the devices, you allow us to gather when you access the Websites or use the Services or Chatbot.
- Profile Data: your username and password, your profile picture, “about me” information, your ID, phone number, email associated with your accounts, your interests, preferences and feedback, other information generated by you when you communicate with us, for example when you address a request to our customer support.
- Usage Data: information relating to your usage of the Website, the Services, Chatbot and other offerings made available by us, including:
- device download time,
- install time,
- registration time,
- interaction type and time,
- event time, name and source.
- Marketing Data: your preferences in receiving marketing material from us or third parties.
2.2. Certain types of sensitive personal data are subject to additional protection under the GDPR (hereafter referred to as “Special categories of personal data”). The special categories of personal data are:
- Personal data revealing racial or ethnic origin.
- Political opinions.
- Religious or philosophical beliefs.
- Trade union membership.
- Genetic data and biometric data, processed for the purpose of uniquely identifying a natural person.
- Data concerning health.
- Data concerning a natural person’s sex life or sexual orientation.
- You have given explicit consent.
- Processing relates to personal data which are manifestly made public by you.
- Processing is necessary for the establishment, and exercise of defence of legal claims.
- Processing is necessary for reasons of substantial public interest based on EU or EU Member State law.
3. COLLECTION AND USAGE OF PERSONAL DATA (PURPOSES AND LEGAL BASIS)
3.1. We use different methods to collect personal data about our users and visitors. You provide us with your data by directly interacting with us, when you:
- access our Website(s) or Chatbot;
- make an application for our Services to be provided to you;
- create an account;
- use any of our Services;
- request marketing materials to be sent to you, (i.e. subscribing to our newsletters);
- engage in a competition, promotion or survey, including through social media channels;
- give us the feedback or contact us.
3.3. We may also use third parties and/or publicly available sources to obtain data related to you. We may use the following sources:
- fraud and crime prevention agencies;
- publicly available information on the Internet;
- public blockchain.
3.4. We will use your personal data exclusively in accordance with clause 6 of the GDPR, only in case one of the conditions listed below is met:
- you have given explicit consent to the processing;
- it is necessary for the performance of a contract, that you have entered with the Company;
- it is necessary for compliance with a legal obligation to which we may be or are subject(ed);
- it is necessary for the performance of a task carried out in the public interest
- it is necessary for the purposes of the legitimate interests pursued by us.
3.5. We will use your personal data for the purposes, laid out in Table #2:
|To manage risk and crime prevention including performing anti-money laundering, counter terrorism, sanction screening, fraud and other background checks, detect, investigate, report and prevent financial crime in the broad sense, obey laws and regulations which apply to us and response to complaints and resolving them|
Article 6 (1)(b)(c)(f) of the GDPR
|To register you as a new user||Article 6 (1)(a)(b) of the GDPR|
|To process and deliver our Services to you|
Article 6 (1)(a)(b) of the GDPR
|To manage, process, collect and transfer payments, fees and charges and to ensure good management of our payments, fees and charges|
Article 6 (1)(b)(f) of the GDPR
|To keep our records updated and to study how customers use our products/services|
Article 6 (1)(a)(f) of the GDPR
|To gather market data for studying customers’ behavior including their preference, interest and how they use our products/services, determining our marketing campaigns and growing our business|
Article 6 (1)(f) of the GDPR
|To deliver relevant website content and advertisements to you|
Article 6 (1)(a)(f) of the GDPR
|To improve our Websites, products/services, marketing, your user experience||Article 6 (1)(a)(f) of the GDPR|
|To use the services of financial institutions, crime and fraud prevention companies, risk measuring companies, which will use the personal data they receive for their own purposes in their capacity of independent controllers|
Article 6 (1)(f) of the GDPR
|To use the services of social media platforms or advertising platforms some of which will use the personal data they receive for their own purposes, including marketing purposes|
Article 6 (1)(a) of the GDPR
|To administer and protect our Websites and Chatbot in order to provide network security and prevention of the fraud|
Article 6 (1)(f) of the GDPR
4. RIGHTS OF USERS
4.1. You have the following rights:
- to receive confirmation as to whether or not personal data concerning you is being processed, and access your stored personal data, together with supplementary information;
- to receive a copy of personal data you provided to us in a structured, commonly used and machine-readable format;
- to request rectification of your personal data that is in our control;
- to request the erasure of your personal data;
- to object to the processing of personal data by us;
- to request to restrict processing of your personal data by us;
- to lodge a complaint with a supervisory authority.
4.3. The statutory period under GDPR for us to reply to a legitimate request is one month. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests.
4.4. Please note that we may request that you provide some details necessary to verify your identity when you request to exercise a legal right regarding your personal data.
5. DISCLOSURE OF PERSONAL DATA
5.1. We share your personal data with our third-party service providers, agents, subcontractors and other associated organizations, our group companies, and affiliates (as described below) in order to complete tasks and provide the Services to you on our behalf.
5.2. We may share your personal data with:
- law enforcement, government officials, or other third parties when we are compelled to do so by a subpoena, court order, or similar legal procedure; or we believe in good faith that the disclosure of Personal Data is necessary to prevent physical harm or financial loss, to report suspected illegal activity or to investigate violations of any of our policies;
- identity verification agencies to undertake required verification checks;
- fraud or crime prevention agencies to help fight against crimes including fraud, money-laundering and terrorist financing;
- our vendors and agents, hired by us to provide you with the Services;
- transaction processors (for the purpose of ensuring transaction performance and their operation).
5.3. Our Websites may contain links to and from the websites or services of our partner networks, advertisers, transaction processors, etc. If you follow a link to any of these websites or services, please note that these websites and any services that may be accessible through them have their own privacy policies and that we are neither responsible nor liable for any of these policies or for any information, including personal data that may be collected through these websites or services, such as contact and location data. Please check these policies before you submit any information or personal data to these websites or use these services.
6. INTERNATIONAL TRANSFER
6.1. Many of our third parties are based outside the European Economic Area (“EEA”) so their processing of your personal data will involve a transfer of data outside the EEA.
6.2. Whenever we transfer your personal data out of the EEA, we guarantee that a similar degree of protection is afforded to it, which ensures the implementation of at least one of the following safeguards:
- the country to which we transfer your personal data has been deemed to provide an adequate level of protection for personal data by the European Commission;
- a specific contract signed with such third party, which includes “Standard data protection clauses” (as defined in GDPR) approved by the European Commission which gives safeguards to the processing of personal data
7. SECURITY OF PERSONAL DATA
7.1. We implemented a number of security measures to ensure that your data is not lost, abused, or altered, including, but not limited to: firewalls and data encryption, physical access controls to our premises, and information access authorization controls. We also authorize access to your data only for those employees or contractors who require it to fulfil their job or service responsibilities.
7.2. Please note that the transmission of data (including communications by email) over the Internet or other publicly accessible networks is not completely secure. We are not liable for the security of any data you are transmitting over the Internet. We are not responsible for the distribution and use of your personal data that you have made visible to other users.
8. DATA RETENTION
8.1. We consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, or other requirements when determining the appropriate retention period for personal data.
8.2. The following factors will be considered while determining how long we need to retain your personal data:
- if we reasonably believe there is a prospect of litigation in respect to our relationship with you or if we consider that we need to keep information to defend possible future legal claims, personal data will be kept up to 10 years following the end of our relationship (e.g., email addresses and content, chats, letters);
- to comply with any applicable legal and/or regulatory requirements with respect to certain types of personal data:
- under the Lithuanian AML Regulations, we are obliged to retain your personal data for a period of 8 years after the termination of the business relationship between Company and You as a customer; this period may be extended, if prescribed by law.
- if the data is needed for audit purposes;
- in accordance with relevant industry standards or guidelines.
8.3. We will erase your personal data without undue delay where one of the following grounds applies unless prescribed otherwise by law:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- you withdraw consent on which the processing is based and where there is no other legal ground for the processing;
- you object to the processing and there are no overriding legitimate grounds for the processing (for example where personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing);
- the personal data has been unlawfully processed;
- the personal data has to be erased for compliance with a legal obligation in European Union or Member State law to which we are subjected.
- Version Control Table
Version Control Table