EXBI Cash UAB (“Company,” “we”) respects your privacy and complies with the General Data Protection Regulation (Regulation (EU) 2016/679). This Privacy Policy (“Policy”) explains the types of personal data we may collect on you, how we store and handle that data, and your rights in that regard. This Policy regulates privacy practices (collection, use, and disclosure) as to your personal information during your use of the Company services.
The Company undertakes to make maximum efforts in order to protect your privacy. The Company uses the collected information about you to fulfill its contractual obligations and improve customer service.
Please read this document carefully in order to understand our approach and policy regarding your personal data and how we will use your personal data.
This Privacy Policy should be read in conjunction with our Terms of Use and Cookies Policy.
DATA COLLECT COLLECTED BY THE COMPANY ABOUT THE CLIENTS
The Company may collect and process Client data received directly from the Client, as well as automatically when the Client uses Company services.
Client data received directly from the Client:
Last name and first name;
Photos and videos that you may send to us for AML/CTF Policy for verification purposes;
Residential address and citizenship;
Gender;
Passport, ID, driver’s licence, or any identity document collected for verification purposes;
Phone number and email address;
Login information;
Date and place of birth;
PEP (politically exposed person) status;
Sources of funds;
Inquiries with the support team;
Account balances and activity;
Location and log data information that is generated by your use of the Company Website;
Financial and transaction data, such as credit or debit card number, and bank account information; the name of the recipient and provider (where applicable);
Other personal information that may be required by our AML/CTF Policy.
The Company does not collect or process sensitive personal Client data, such as race or ethnic origin, political opinions, religious or philosophical beliefs, genetic or biometric data, health, sex life, or sexual orientation information.
The Client may provide us with personal information by filling in the relevant forms on the Website or by providing us with such information by email or any other manner. This information includes Personal Data which was specified when registering on the Website, when subscribing to Company service, opening an Account, and verifying the identity of the Account holder or persons authorized to use it.
Client data received automatically when the Client uses Company services:
Technical information, including the IP address used to connect your computer to the internet, your Account login information, time zone setting, etc.
Information about your visit, including date and time, products and services you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information, etc.
Information about geo-location.
Financial data and information on the use of services provided by our Website, including information on implemented transactions, including on transactions, information on the status of Accounts and cash flow on them, accrued fees, transactional account history, including account balance, payment records, and credit card usage.
Other data the use of which is necessary for the operation of Company services and its improvement.
PURPOSE OF USAGE PERSONAL DATA
The purpose of the collected data/information use and processing is to:
Provide Company services;
Verify an identity for compliance purposes (AML/CTF procedures, checks, etc.);
Monitor, detect, and prevent fraud and other harmful activity (if any);
Process the payments, as well as communication regarding the payments;
Promote, analyze and improve Company services;
Personalise your access to our website and Company services;
Provide customer support;
Notify you of the usage of our Website and Company services;
Analyse errors to improve the operation of the Website;
Comply with statutory obligations;
Send marketing communications, etc.
CLIENTS’ DATA PROTECTION RIGHTS
Clients have the following data protection rights:
The right to delete Personal Data;
The right to change or correct Personal Data, in particular when it is incorrectly stated;
The right to object to or restrict the processing of Personal Data;
The right to access Personal Data and/or copy of Personal Data, which the Client has provided to the Company, in a readable format.
The right to lodge a complaint – the Client can contact the Company for a complain if the Client is not satisfied with our handling of Personal Data.
The right to prohibit the use of your Data for marketing purposes. Before requesting Personal Data, the Company usually requests consent to disclose it to third parties for marketing purposes. The Client can use the right to prohibit the processing of Personal Data for marketing purposes.
Implementation of some of the Clients rights may be limited, complicated, or completely exclude the possibility of further cooperation with us, depending on the situation.
DISCLOSURE OF INFORMATION
The Company will not disclose any of your personally identifiable information except when we have your permission or under special circumstances, such as when we believe in good faith that the law requires it or under the circumstances described below.
We may also disclose your Personal Data in the following cases:
Service Providers. The Company hires other companies to provide limited services on our behalf, including Website development and operation, sending postal mail or email, analyzing website use, processing payments, providing investor information and processing data. We will only provide those companies the information they need to deliver the service, and they are contractually prohibited from using that information for any other reason.
Data in the Aggregate. We may disclose aggregated data that does not identify an individual person to prospective partners and other third parties.
We may disclose your information in exceptional cases, for example, when we believe that we must disclose information to identify, contact, or bring legal action against someone who may be violating our Terms of Use or may be causing injury to or interference with our rights or property, other website users or customers, or anyone else who may be harmed by such activities. We may disclose or access account information when we believe in good faith that the law requires it and for administrative and other purposes that we deem necessary to maintain, service, and improve our products and services.
The Company may buy or sell businesses or assets. In such transactions, confidential customer information generally is one of the transferred business assets. Personal Data of Clients may be disclosed to a potential buyer or seller.
We may share your personal information with our marketing partners for the purposes of targeting, modeling, and/or analytics, as well as marketing and advertising. You may opt out of receiving directly from the emails you receive.
SECURITY AND STORAGE OF PERSONAL DATA
The Company has implemented security measures to ensure the confidentiality of your Personal Data and to protect it from loss, misuse, alteration, or destruction. Only authorized persons of the Company have access to Clients’ Personal Data, and these persons are required to treat the information as confidential.
The Company has implemented the following measures to protect Personal Data:
2-factor authentication;
Logging of activities performed in the platform;
Access controls and other measures to mitigate risks identified during the risk assessment process;
All data processing systems operate in complete confidentiality;
Password-protected directories and databases;
All data can be restored in case of technical difficulties.
In case the Client has reasons to think that interaction with the Company might be no longer secure, the Client has to contact the Company immediately. When appropriate, the Company shall notify those whose data may have been compromised and take other steps in accordance with the applicable law.
BASIS FOR PERSONAL DATA PROCESSING
The legal basis for Personal Data collection and processing shall be as follows:
Your consent;
An agreement where processing is necessary to fulfill the terms and conditions of the agreement between the Clients and the Company;
Compliance with legal obligations, where the Company is required to request/receive and process, as well as store your Personal Data in order to comply with the requirements of applicable laws, e.g., AML/CTF laws;
Usage of legitimate interest, for example, when processing is necessary to protect the Client from specific threats, such as fraud, security threats, etc.;
Compliance with the provisions of applicable laws in order to conduct our business in line with regulatory requirements.
GOVERNING LAW
This Privacy Policy and other relationships between the parties are governed by the Law of Lithuania.
We keep your personal information to enable your continued use of EXBI Services for as long as it is required in order to fulfill the relevant purposes described in this Privacy Policy, as may be required by law, such as for tax and accounting purposes, or as otherwise communicated to you. Additionally, identity information and Sensitive Personal Data may be retained for eight years to comply with Anti-Money Laundering laws.
CHANGES TO THIS PRIVACY POLICY
Any changes we may make to our Privacy Policy in the future will be posted on this page, and where appropriate, a notification will be sent to you by email. We encourage you to check this page frequently to be aware of any updates or changes to the Privacy Policy.
The Client agrees to such updates by continuing to access or use the services. If you do not agree to any updates to this Policy, you must stop using the services.
CONTACT INFORMATION
If the Client has any questions or uncertainties regarding this Policy, the Client may contact the Company's support team by emailing to [email protected]