COINPAL, UAB

PRIVACY POLICY

Last updated: September 11, 2024

1. Introduction

 

COINPAL, UAB (hereafter also referred to as “the Company”, “we”, “us”, or “our”) is authorized as a virtual currency exchange operator. The Company is incorporated under the laws of Lithuania, with legal entity code 306106732 and registered address at 2nd Floor, T.Narbuto str. 5, Vilnius LT 08105, Lithuania. The Company owns and operates the domain https://coinon.io/ (hereafter the “Website”).

CoinOn is the brand name for our onramp service, operated by CoinPal, UAB. Throughout this privacy policy, any reference to 'CoinOn' or 'we' refers to CoinPal, UAB, the legal entity responsible for operating the CoinOn service.

UAB Coinpal operates two distinct modes of onramp service: Referral Mode, where third-party partners such as Simplex and Transak manage all data and KYC processes, and Self-operated Mode, where UAB Coinpal directly collects and processes personal data, including KYC and transaction information.

In Self-operated mode, UAB Coinpal acts as the data controller, responsible for the collection, processing, and storage of your personal data as described herein. In contrast, for Referral mode, third-party providers such as Simplex and Transak handle data processing and are the controllers of personal data, as described under their respective privacy policies.

Privacy Policy of Simplex:https://www.simplex.com/privacy-policy

Privacy Policy of transak:https://transak.com/privacy-policy

This policy is based on the practices and procedures applicable in the Self-operated mode. In Referral mode, data processing is managed by third-party providers, and their respective privacy policies apply.

The Company is the controller of your personal data collected via the means described herein and any process of your personal data is performed in accordance with this Privacy Policy (hereafter “the Policy”) and the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27^th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereafter “GDPR”), Law on the Legal Protection of Personal Data of the Republic of Lithuania and other applicable legal acts.  

 

Data Subject (hereinafter “you” or “your”) stands for an identified or identifiable natural person, whose personal data the Company processes in course of conducting business, regardless the personal data were obtained from this person directly or from third parties. At the Company, we treat all former, existing, or prospective clients, individual visitors that enter our Website, all private individuals that represent our corporate clients (i.e. authorized representatives, proxies, etc.), and all our private individual clients as Data Subjects in the sense of the GDPR.

 

Personal data means any information relating to an identifiable natural person (i.e. using information and data in order to directly or indirectly identify a specific person).

 

Processing means any operation(s) which is performed on personal data (or on sets of personal data) whether or not by automated means such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, restriction, erasure or destruction.

 

2. Scope and Applicability

 

As part of the Company’s daily operations, it is necessary for us to collect personal data from you to be able to provide you with our products and services. This Policy describes how the Company processes your personal data. 

 

Any personal data the Company collects about you will only be used for the purposes we have collected it for, or as allowed under the applicable legislation, and to perform our contractual obligations concerning the products and services offered. This Policy covers the Company’s Website https://coinon.io all its related sub-domains that are registered and operated by the Company, as well as the payment gateways and any other software solutions used by the Company.

 

This Policy applies to the processing of personal data regardless of the form/environment in which the personal data is provided (e.g. on paper, electronically, by phone or otherwise) and whether or not the Company process it by automated means or manually.

 

The Company strives to protect the privacy, confidentiality and security of all personal data obtained from you during the course of your business relationship and dealings with the Company, including information obtained during your visits to our Website.

 

3. Our Commitment to You

The Company fully understands the importance of maintaining the confidentiality and privacy of your personal data. We respect your privacy, and to this end, we are committed to taking all reasonable steps to protect and safeguard the privacy, confidentiality, security, and integrity of your personal data.

 4. How do we collect your Personal Data?

The Company may collect personal data in several ways, including but not limited to the following:

 

• Through the provision and use of our products and services;
• Through the use of the Company’s Website, mobile apps;
• Through the completion of any forms;
• By subscribing to our blogs, newsletters and/or news updates;
• By taking part in online discussions, surveys or promotions;
• By participating in any offers or campaigns or by entering a competition;
• By communicating with the Company, both online and offline;
• During the provision of customer service or support in any form;
• From third parties such as our business partners, agents, outsourcers, sub-contractors, service providers, intermediaries, payment service providers (i.e. Visa, Mastercard), credit reference agencies, fraud prevention agencies, banks, other financial or credit institutions, public registers and official databases, third-party authentication service providers, associations (i.e. lawyer’s association) etc. to be able to enter into a contract with you and carry out our obligations arising from the contracts entered between you and us;
• From persons connected with the above-mentioned third parties such as representatives, proxies, authorized representatives, trustors, beneficial owners, family members, spouses, partners, heirs, guarantors, etc);
• Through publicly available sources and social media (i.e. Register of Legal Entities, Government Gazette, online directories, newspapers, social media websites etc.);
• When you contact us for any other reason.

 

The Company may occasionally request further information from you to help us improve our services & products under the Client Agreement or to comply with the applicable laws and regulations.

 

 5. What Personal Data do we collect?

 

The list of personal data that we may collect from you is not exhaustive. The list below specifies the main categories of personal data, which the Company collects and processes:

 

• Personal details (i.e. name, surname);

 

• Contact details (i.e. actual place of residence, registered place of residence, email address, mobile number);

 

•      Economic profile (i.e. annual income,source of funds, assets, liabilities, evidence of beneficial ownership, number of shares held, voting rights or part of share capital, or any other necessary financial information, and whether you are a politically exposed person);

 

•      Identification information necessary to:

(a) verify your identity (i.e. passport or national identity card copy and its details (e.g. type, number, issuance place and date, expiry date, MRZ code, signature), national identification number, date of birth, country of birth, citizenship, gender);

(b) verify your permanent residence (i.e. utility bills, banks statements, address).

 

• Your image (i.e. photo and/or video derived from your KYC identification documents, or a photo uploaded to your customer account, or a video call with any of our employees);

 

• Account information (i.e. username, password, account number, account balance, trading activity and history, charges, fees and commissions charged etc.);

 

• Transactional information (i.e. payments in and out of your account, including date, time, amount, currencies used, exchange rate, beneficiary details, merchant details and location, IP address of sender and receiver as well as their name & registration details, messages sent and received in relation to the payment, payment methods used, device information used to facilitate the payment and payment instrument used,Wallet address which is used for the Service etc.);

 

• Communication details (i.e. email correspondence or any other form of communication with the Company). These forms of correspondence are recorded, and the recordings are retained for such periods as may be necessary or required by law.

 

• Technical information (i.e. internet protocol (IP) address used, unique device identifier, your location, login information, browser type and version, time-zone setting, operating system and platforms, type of device or browser used, network information server logs, the full Uniform Resource Locators (URL) clickstream to, through and from the Website (including date and time), referrer URL, products and services you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page, any phone number used to call our customer service number etc.);

 

• Special category data (i.e. biometric data);

 

• Regulatory data (i.e. data that the Company is required to provide to public authorities, such as state tax inspectorate, courts, including data on payments and personal data held by the Company).

 

Please note: At this stage, when you use fiat to purchase Virtual Currency on the Company website, your transaction will be processed by the actual service provider Simplex (owned by an electronic money institution UAB “Nuvei”). During this process, Simplex may ask you to provide personal data based on regulatory and legal requirements. The Company will not access, store or process this data.

 

6. How do we process your Personal Data?

 

The Company will only process your personal based on one or more of the following purposes:

 

Purpose	Legal basis	Categories of personal data
To conclude a contract or to take steps at your request prior to entering a contract (to complete the client on-boarding and identification procedures).	Taking necessary steps prior to entering a contract; Legal obligation (to take measures to identify and verify the identity of the client prior to the start of the business relationship pursuant to Article 9, 14 of the Law on Prevention of Money Laundering and Terrorist Financing of the Republic of Lithuania).	Personal details; Economic profile; Identification information; Your image; Communication details; Contact details.
To create and operate a customer account / profile, as well as to provide you with technical or customer support.	Your consent.	Personal details; Contact details; Account information; Communication details.
To fulfil the contract (including, but not limited to, performance of our contractual obligations and provision of services & products, information regarding our services & products).	Contract performance.	Personal details; Transactional information; Technical information; Communication details; Contact details.
To prevent, discover, investigate, and report potential money laundering, terrorism financing, international sanctions, and other related violations, including potentially suspicious transactions and abuse of our services.	Legal obligation (to take measures to identify and verify the identity of the client, report suspicious transactions pursuant to Article 9, 14, 16 of the Law on Prevention of Money Laundering and Terrorist Financing of the Republic of Lithuania); Public interest (to implement measures for the prevention of money laundering and/or terrorist financing).	Personal details; Economic profile; Identification information; Your image; Transactional information; Technical information; Communication details; Contact details.
To comply with other applicable laws & regulations.	Legal obligations (to provide information upon request from the Financial Crimes Investigation Service in accordance with Article 11 of the Law on the Financial Crime Investigation Service of the Republic of Lithuania, to provide information upon request from police officers in accordance with Article 24 of the Law on Police of the Republic of Lithuania, as well as provide information upon request from prosecutors in accordance with Article 19 of the Law on the Prosecutor's Office of the Republic of Lithuania, etc.)	Personal details; Economic profile; Identification information; Transactional information; Technical information; Communication detail; Contact details; Regulatory data.
To identify you remotely.	Your consent.	Special category data.
To investigate any grievances or complaints and settle any disputes.	Legitimate interest (to be able to defend our rights and interests); Legal obligation (to provide the court with the information it needs to initiate legal proceedings in accordance with Article 111 of the Civil Procedure Code of the Republic of Lithuania).	Personal details; Economic profile; Identification information; Your image; Transactional information; Technical information; Communication detail; Contact details; Account information; Regulatory data.
To improve, administer and protect our Website, devices, and payment gateways.	Legitimate interest (to ensure our ability to provide our products and services adequately).	Personal details; Technical information; Communication details; Contact details.
To perform research or to conduct data analysis which will help us to improve our products & services.	Legitimate interest (to improve the quality of our products and services).	Personal details; Technical information; Account information; Communication details; Contact details.
To send you marketing communications and/or promotional material.	Your consent.	Personal details; Communication details; Contact details.
To enable you to participate in surveys, competitions, campaigns.	Your consent.	Personal details; Communication details; Contact details.
To provide an answer when you contact us through our Website or other communication means.	Your consent.	Basic personal data; Communication details; Contact details; Other personal data you provided.

 

If it is necessary to use your personal data and data for any other reason which is not outlined above and if there are any additional terms and conditions which will apply, then you will be duly informed (i.e. via a pop-up message, push notification, email or otherwise). You will be asked to confirm whether you agree to these additional terms and conditions before we can proceed. 

 

7. Contacting You

 

The Company or its affiliates, business partners, associates or other agents may, from time to time, contact you by telephone,  email, or otherwise, for the purposes of offering you further information about the Company’s products and services, or to inform you of promotional offerings, or for marketing purposes, or to conduct market research, with your prior consent.

 

In case you do not agree to receive these marketing messages or calls, this will not have any impact on the provision of our services to you.

 

If you wish to opt-out of any further contact at any time and for whatever reason, you are entitled to do so by contacting the Company’s back-office department via email [email protected] and requesting in writing that you wish no further contact in relation to the above reasons.

 

8. Disclosure and Transfer of your Personal Data

 

Any personal data or other confidential information (including recordings, documents of a confidential nature, payment details and personal details) that you provide to the Company will be treated as confidential and it will not be disclosed to any third parties, except when necessary to provide you with our services & products, fulfil our contractual obligations and conduct our business operations as described herein. 

Below are the cases under which we may disclose your personal data and why:

 

1.       Group Companies: to any member of our group, meaning any branch, subsidiary company, sister company, parent / holding company, and its respective employees in order to provide the services & products requested by you, to fulfil our contractual obligations under the Client Agreement and to provide technical & customer support. It should be noted that all the group entities and our employees are required to follow our privacy and security protocols when handling personal data;

 

2.       Third party service providers: including but not limited to legal advisors, professional or expert advisors, internal auditors, external auditors, service providers who have been contracted to provide us with software and hardware systems; payment gateways; platforms; support; administrative; financial; legal; accounting; auditing; taxation; compliance; record-keeping; website; cloud-hosting; IT; research; marketing; advertising; email transmission or messaging services; data storage; or other services which are necessary to be able to execute client transactions, instructions, order or payments, or to complete our contractual obligations, or to provide the services & products requested by you, or for purposes which are ancillary to the provision of our services & products to you as our client. It should be noted that our third-party providers are permitted to use your personal data only for the provision of services and may not use or otherwise share your personal data.

 

3.        Credit reference agencies, fraud prevention agencies, third authentication service providers, banks, payment service providers, other financial institutions: to conduct credit checking, anti-money laundering checks, identity verification checks, sanction checks, fraud & fraud prevention checks, risk assessment, payments processing or customer due diligence checks. In order to do so, these organizations will check the client’s details supplied against any details held on any database (public or otherwise) to which they have access to. These organizations may store your information in order to comply with their legal and regulatory obligations. A record of the search conducted by these organizations will be retained by us ;

 

4.       Our affiliates, business partners, agents, associates and business introducers: with whom we have a mutual business relationship and they have directed you to us;

 

5.       Police, courts, regulatory authorities, governmental agencies, public authorities, and law enforcement authorities: having control or jurisdiction over the Company or companies of the group, our clients, our associates or in whose territory we have clients or providers, as applicable. In such a case, we will share your personal data only when it is required to comply with the applicable laws, rules, and regulations, or to comply with a court order of a competent court, or to comply with investigations, administrative, judicial, or legal proceedings and/or to respond to official requests from these authorities. This may include authorities outside your country of residence or the Company’s country of operations;

 

6.         Other third parties: we may share personal data in the event of a merger, sale, restructure, acquisition, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including bankruptcy/liquidation proceedings or equivalent);

 

7.        Where necessary to secure the Company’s legitimate business interests and to defend, protect and/or exercise its legal rights in front of any court, tribunal, arbitrator, or any other regulatory or governmental authority, as the case may be;

 

8.       at your request or with your consent;

 

9.         to any person(s) authorised by you.

 

Entities and employees within the Group, third-party service providers, business partners, associates, affiliates, agents and business introducers are duly informed about the confidential nature of such information and we require that organizations to acknowledge and commit to the confidentiality of your personal data by means of contractual clauses, undertake to respect your right to privacy, safeguard your personal data and to comply with all the relevant data protections laws and this Policy. 

 

 9. Safeguard Measures

 

The Company has implemented physical, technical & organizational measures to secure and protect your personal data from unauthorized access, use or disclosure, unlawful breach or from accidental destruction, loss, or damage. The personal data you provide to us is protected in many ways as follows:

 

1.              Your personal data are stored in secure distributed cloud servers.
2.             Access to your personal data is limited only to those employees or partners that need to know the information in order to enable the carrying out of the Client Agreement and have access via a username and password.
3.              The Company uses encryption, tokenization and takes all reasonable technical security measures to prevent unauthorized parties from processing any such information. This information is accessible only to authorized personnel.
4.             Our payment card environment is Payment Card Industry Data Security Standard (PCI DSS) compliant by the external assessor.
5.             We train our employees regularly regarding the importance of maintaining, safeguarding, and respecting your personal data and security.
6.               Potential breaches of individuals’ privacy are taken very seriously. The Company will impose appropriate disciplinary measures to its employees in such a case and it could even involve a dismissal from employment.
7.              Our business partners, affiliates, agents, associates, service providers and employees sign a confidentiality and non-disclosure agreement in order to maintain the confidentiality of your personal data.
8.             The Company tests and monitors the effectiveness of security measures frequently.
9.               We have appointed a Data Protection Officer (DPO) to ensure that the Company obtains, manages, processes and discloses your personal data in accordance with this Policy and the applicable legislative and regulatory framework.
10.               In the unlikely event of a data breach, as soon as the Company become aware of a personal data breach, and without undue delay, the Company notifies the regulatory body in accordance with the provisions of the GDPR. In case a personal data breach will pose a high risk to your rights and interest, without undue delay, the Company will notify you about the personal data breach.

 

While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the transmission of information via the internet is not entirely secure and for this reason we cannot ensure or guarantee the confidentiality, security or integrity of any personal data transferred from you to us, or from us to you via the internet.

 

This Company shall not be responsible or liable (whether in civil, criminal or otherwise) under any circumstances for any amount or kind of loss or damage (including without limitation, any direct, indirect, punitive or consequential loss or damages, or any anticipated loss of profit, loss of profit, loss of opportunity, loss of data, costs and fines and/or any special or incidental damages of any kind) that may result to you or arising from or connected in any way to cyber-attacks, computer viruses, system failures or malfunctions which may occur in connection with your use of the Company’s products, services, websites, devices, mobile applications, payment channels or any other method.

 

10. Our identification tools

 

In order to perform your identity verification, we use the services provided by our partner ”Finchekcer,SIA” (hereinafter “Finchecker”). The service provider takes the photo images or video recordings of your face and your ID document that you provide through a mobile application or a dedicated website using the camera. For more information on “Finchecker” please visit their official website:https://finchecker.eu/.

 

“Finchecker” solution is used for comparing live photographic data or video record of you and your ID document, to comply with legal obligations (e.g., implementation of the obligations under the Law on Prevention of Money Laundering and Terrorist Financing of the Republic of Lithuania and other fraud and crime prevention purposes) and risk management obligations.

 

The result of the face similarity (match or mismatch) will be retained for as long as it is necessary to carry out verification and for the period required by anti-money laundering laws.

 

We ensure that your face similarity check is a process of comparing data acquired at the time of verification, i.e., this is a one-time user authorization by comparing person's photos to each other. Your facial template is not created, recorded, or stored. It is not possible to regenerate the raw data from retained information.

 

Using “Finchecker” services, personal data is used for your identification, since “insert” verifies the identity of the person in the identity document and the person captured in the photo. This process shall allow us to verify your identity more precisely and make the process quicker and easier to execute. If you do not feel comfortable with this identification method, you may contact us by e-mail at [email protected] for an alternative way to identify you.

 

11. Automated decision making

 

In some cases, we may use automated decision-making which refers to a decision taken solely based on automated processing of your personal data.

 

Automated decision-making refers to the processing using, for example, a software code or an algorithm, which does not require human intervention.

 

We may use forms of automated decision making on processing your personal data for some services and products. You can request a manual review of the accuracy of an automated decision in case you are not satisfied with it.

 

For more information about your rights please see the section Your Rights regarding your Personal Data.

 

 12. Storage and Retention Period of your Personal Data

 

Retention periods will be determined taking into account the type of information that is collected and the purpose for which it is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable time. When personal data is no longer necessary for the purpose for which it was collected, we will securely destroy the records. This means that we store your data for as long as it is necessary for provision of our services and as required by the retention requirements in laws and regulations. If the legislation of the Republic of Lithuania does not provide any applicable data retention period, it shall be determined by us, taking into account the legitimate purpose of the data retention, the legal basis and the principles of lawful processing of personal data.

 

The terms of data retention of the personal data for the purposes of the processing of the personal data as specified in this Policy are as follows:

1.              as long as your consent remains in force, if there are no other legal requirements which shall be fulfilled with regard to the personal data processing. We reserve the right to retain records of any consent given and withdrawn for a period of time necessary to protect our rights;
2.             in case of the conclusion and execution of contracts – until the contract concluded between you and us remains in force and up to 8 years after the relationship between you and us has ended;
3.              the personal data collected for the implementation of the obligations under the Law on the Prevention of Money Laundering and Terrorist Financing shall be stored up to 8 (eight) years as provided in the Law on Prevention of Money Laundering and Terrorist Financing of the Republic of Lithuania. The retention period may be extended for a period not exceeding 2 (two) years, provided there is a reasoned request from a competent authority;
4.             the personal data submitted by you through our website or via e-mail is kept for an extent necessary for the fulfilment of your request and to maintain further cooperation, but no longer than 6 months after the last day of the communication, if there are no legal requirements to keep them longer.

 

In the cases when the terms of data keeping are indicated in the legislative regulations, the legislative regulations are applied.

 

We may retain your personal data for a longer period when:

1.              it is necessary in order for us to defend ourselves against existing or threatened claims, or to exercise our rights, or for the proper resolution of dispute, complaint or claim;
2.             there is a reasonable suspicion of illegal activity;
3.              it is required by applicable laws.

 

Upon expiration of the retention period, we will delete and/or reliably and irrevocably depersonalize your data as soon as possible, within a reasonable time required to perform such action.

 

13. Transfer of Personal Data outside the EEA

 

European Union (EU) data protection rules apply to the European Economic Area (EEA) which includes all the EU countries and non-EU countries: Iceland, Liechtenstein and Norway. If necessary, the Company may transfer your personal data to a country outside the EEA, for storage and/or for processing by staff operating outside the EEA who work for the Company and/or to our suppliers, business partners, associates, affiliates, agents, business introducers or service providers who are engaged on our behalf to fulfil our contractual obligations under the Client Agreement. Moreover, personal data we collect from you may be stored or processed in a jurisdiction that is different to the country in which the specific entity of the group you are dealing with is registered and established. Therefore, by entering into the Client Agreement with the Company and submitting your personal data, you agree to the transmittal, storing and processing of your personal data outside the EEA.

 

Nonetheless, when your personal data is transferred outside the EEA, the Company will take all steps reasonably necessary to ensure that the transfer is lawful, that the organization to whom your data are send provides data protection at an adequate level, or provided that receiving Company undertakes sufficient guarantees in accordance with the provisions of the GDPR to ensure that your personal data are treated securely.

 

Where this is not possible and we are required to disclose your personal data (i.e. because we are required by law or by virtue of a court order in place) we will do this as per the applicable legal and regulatory obligations.

The Company will only send personal data outside the EU/EEA to a country, in relation to which the European Commission has not made a decision regarding the adequacy of its security level and which does not provide the corresponding guarantees, if:

1.       The person has clearly agreed to the proposed transfer, having received information from the Company about the potential risks that such a transfer could pose to the person;
2.       Transfer is necessary in order to fulfil the contract between the client and Company or to implement measures after the conclusion of the contract, which were approved at the client’s request;
3.        Transfer is necessary for conclusion of an agreement between the Company and another private individual or legal entity, in the interests of the client or for the fulfilment of such a contract;
4.       Transfer is necessary if there are important reasons of public interest;
5.       Transfer is necessary in order to raise, fulfil or defend legal requirements, or
6.         Transfer is necessary in order to protect the vitally important interests of persons if the client is physically or legally incapable of giving its consent.

 

14. Cookies and Links

 

The Company’s data collection procedures include the placement of cookies for the purpose of gathering information and data about the manner in which you interact with the Company’s Website in order to provide you with a better experience and present our services and products according to your needs and preferences. Cookies are small pieces of data files send from our Website to your browser that is stored on your computer when using our Website and may include a unique identification number. A cookie in no way gives us access to your computer or any other information about you, other than the information you choose to share with us.

 

The Company uses cookies on its Website. The Company does not link the information that it stores in cookies to any personally identifiable information that you submit while on the Company’s Website. You can choose if and how a cookie will be accepted by changing your preferences and options in the browser. If you choose to disable the cookies, you may still use the Company’s Website, but you will not be able to access some parts of the Company’s Website or fully use your customer account. We strongly advise you to read our Cookies Policy in order to fully understand how we use cookies and other web tracking technology via our Website.

 

Moreover, it should be noted that some of the Company’s business partners, agents, associates, business introducers or affiliates also use cookies on the Company’s Website. The Company has no access to, or control over these cookies therefore it will not be liable for misuse of loss of personal data resulting from these cookies. When you use the Company’s Website you may be able to link to other websites. This Policy does not apply to those other sites. The Company encourages you to read and understand the privacy policies on these other sites.

 

 

15. Your Rights regarding your Personal Data

 

In line with the provisions and requirements of the GDPR, you have the following rights in relation to your personal data:

 

1.       Access to your Personal Data: you have the right to access your personal data, to review all the personal data that is related to you, and which was collected for the duration of the business relationship, update your file and to check the accuracy of your personal data at any time, which is related to you individually.

 

2.       Rectification: if the personal data we hold about you is inaccurate or incomplete, you are entitled to make rectifications, amendments and update it with your current personal circumstances. In such a case, the Company may request supporting documents or evidence to justify the correction of the data.

 

3.        Changes: you may inform the Company at any time regarding any changes to your personal data by emailing us at [email protected]. The Company will change your personal data according to your instructions. Please note that in order to proceed with such requests, the Company may require supporting documents from you as proof.

 

4.       Deletion:  you have the right to request us to delete your personal data (partly or wholly) when there is no good reason for us to continue processing it, except to the extent that we are required to hold it for legal or regulatory purposes as well as to maintain adequate records in accordance with anti-money laundering requirements. Please note that if you request to delete your personal data, this will lead to the automatic closure of your customer account.

 

5.       Information on use and processing: you have the right to obtain information on the use and purpose of processing your personal data as well as obtain information about what information we process and you have the right to request a copy of the personal data we hold about you.

 

6.         Processing Restrictions: you have the right to request us to limit the processing or to stop the processing altogether of your personal data for one of the following reasons:

 

• You dispute the accuracy of the data. In this case, the duration of the restriction cannot be longer than the period during which the Company is checking the accuracy of the data;
• Data processing is unlawful, and you object the erasure of data, requesting the restriction of the use of data instead. In this case, the processing of personal data will be restricted for the period that the person has requested;
• The Company no longer requires the data for processing, but they are required by you, in order to raise, fulfil or defend lawful requirements. In this case, the restriction will be set for the period that you have requested and justified;
• You have objected to processing that is justified by the Company’s legitimate interests. In this case, the duration of restriction will be set for the period during which a check is conducted as to whether the Company’s legitimate interest is more important than your legitimate interest.

 

This will not stop us however from storing your personal data and may have an effect on the provision of our services rendered to you and/or may result in account closure.

 

7.        Portability: you have the right, under certain circumstances, to receive and retain your personal data in order to save it or to re-use it elsewhere, or to ask us to transfer them to another data controller or third party nominated by you. After the fulfilment of the data transfer application, the Company would no longer be responsible for its subsequent processing by the third party. The data transfer is free of charge.

 

8.       Withdrawal: you may withdraw your previously given explicit consent with regards to the collection, use and processing of your personal data at any time by contacting our DPO. In that case subsequent data processing will no longer be carried out however, personal data processing carried out before the withdrawal will remain valid. Withdrawal of consent cannot result in the suspension of personal data processing which is carried out on legal grounds.

 

9.         The right to file a complaint with a supervisory authority: You have the right to file a complaint directly the State Data Protection Inspectorate of Lithuania if you believe that the personal data is processed in a way that violates your rights and legitimate interests stipulated by applicable legislation. You may apply in accordance with the procedures for handling complaints that are established by the State Data Protection Inspectorate and which may be found by this link: https://vdai.lrv.lt/lt/veiklos-sritys-1/skundu-nagrinejimas

 

You can submit your request to make use of the above rights to your personal data by contacting our Data Protection Officer (DPO) through email at the following address: [email protected] . Your request shall be fulfilled, or fulfilment of your requests shall be refused by specifying the reasons for such refusal, within thirty (30) days from the date of your request free of charge. Taking into account the complexity or number of requests, the Company may extend the response time to two (2) months. If you require additional copies, we may charge a reasonable administrative fee based on actual costs incurred. The Company may decline your request if it is clearly unjustified or excessive, particularly because of their repetition on a regular basis.

 

16.  Legal Disclaimer

 

The Company is not liable for the use, misuse, or loss of personal data (or otherwise) on the Company’s Website or from the content of websites to which the Company’s Website links to and the Company has no access or control over the use or protection of information provided by you or collected by those sites. Whenever you elect to link to a co-branded website or to a linked website, you may be asked to provide registration or other personal data. Please note that such information is recorded by the third party and will be governed by the Privacy Policy of that third party.

 

You are responsible for keeping their login credential confidential and not to disclose it to any unauthorized third party. If any person gains access to your account and/or personal data, the Company will not be held responsible or liable for any damage that occurs, or any unlawful or unauthorized use of your personal data due to misuse or misplacement of your login credentials, negligent or malicious intervention (or otherwise) by you or due to your acts or omissions or by a person authorized by you (whether or to that authorization is permitted by the terms of our legal relationship with you).

 

17. Consent

 

The collection, use and storage of your personal data is based on your consent. By entering into an agreement with the Company, establishing a customer account and accessing the Company’s Website, portals or payment gateways, you agree and consent to the collection, use and storage of all the personal data that you supply to the Company by the means described herein. In addition, please note that by downloading the Company’s platform(s) and allowing cookie settings in your web browser also constitutes consent of this Policy. You may revoke your consent at any time however, any personal data processed before the receipt of your revocation will not be affected.

 

18. Data Protection Officer (DPO)

 

If you have any questions regarding this Policy, wish to make a complaint or exercise any of your rights in relation to your personal data you may contact our DPO as follows:

 

Via email at: dpo@coinon.io

With registered post at: 2nd Floor, T.Narbuto str. 5, Vilnius LT 08105, Lithuania

 

19. Amendments to this Policy

 

The Company will review this Policy at least annually, or whenever a material change occurs in the law, or in the Company’s internal procedures/arrangements, or whenever the Company deems it necessary for any reason and will duly notify you of such changes by posting an updated version of this Policy on its Website. If, however, we make material changes or significant we will notify you promptly by other means.

 

You hereby accept that the posting of an updated Policy on the Company’s Website will serve as the actual notice of the Company to you. The Company encourages you to periodically review this Policy so that you are always aware of what information the Company collects, how it uses it and to whom it may disclose it, in accordance with the provisions of this Policy.