Last revised: 7 February, 2022
ECNG Digital UAB and/or parent company EstChange OU (both companies, jointly and severally, shall be referred to as "us", "we", “our/s”) respect the privacy of our customers (each, "you" or "Customer") and are committed to protecting the privacy of Customers who access, visit, use or engage with our website or any other online services we provide (collectively the "Services").
|Why do you collect |
information about me?
|Which information do you collect |
|Why are you legally allowed to collect |
|How long do you keep |
information about me?
|1.1 To provide you with virtual currency exchange services, payment processing in virtual currencies services, when you are our customer||E-mail address, password, country, IP address, name and surname, sex, place of birth, address, telephone number, cryptocurrency address, bank account number, transaction amount, transaction currency, transaction time, address of the sender of the transaction, address of the payee of the transaction, ID number, ID copy, photo of you, power of attorney, data provided in business registration certificate, data provided in the document of business address proof, other information provided by you||We conclude and execute service agreement with you (Art. 6 (1) (b) of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as “GDPR”)||10 years after termination of your account|
|1.2 To implement measures of anti-money laundering (AML) and combating the financing of terrorism, including, but not limited to the proper identification of sources of funds||Name and surname, personal (identity) code, date of birth, nationality, country of residence for tax purposes, country, postal code, address, telephone number, e-mail address, position, workplace city and state, sources of funds, jurisdictions from which funds are received and transferred, planned turnover of services, services you use or plan to use, signature, risk level, the basis of representation |
Participation in political activities, application of international financial sanctions and other restrictive measures
|We have legitimate interest (to prevent money laundering and terrorist financing) (Art. 6 (1) (f) of the GDPR) |
We must collect information according to the law for reasons of substantial public interest (Art. 9 (2) (g) of GDPR)
|10 years after the termination of business relations|
|1.3 To inform you about our products and services that may be relevant to you||Name and surname, e-mail address||You agree that we will use information about you (Art. 6 (1) (a), Art. 69 (1) of Lithuanian Law on Electronic Communications) or you purchased items or services from us (Art. 69 (2) of Lithuanian Law on Electronic Communications) We have a legitimate interest (to send direct marketing communications) (Art. 6 (1) (f) of GDPR)||10 years after the end of the customer relationship, unless you withdraw your consent|
|1.4 To handle queries, requests and complaints submitted by you||E-mail address, subject of your inquiry, date of your inquiry, content of your inquiry, attachments to your inquiry, your name and (or) surname provided in your inquiry, reply to your inquiry, information provided by you||We have a legitimate interest to do that (to handle your queries) (Art. 6 (1) (f) of the GDPR)||10 years after the receipt of the last inquiry|
|1.5 To comply with legal requirements in the field of accounting when you are our client, partner or provider||Name, surname, e-mail address, telephone number, bank account number, address, signature, invoices, reports, accounting documents, payments, paid amounts, company you represent||We have a legal obligation (we must collect information in accordance with the law) (Art. 6 (1) (c) of the GDPR)||Within the time limits laid down by law|
|1.6 To ensure security of our website and continuously improve it for you||Internet protocol address (IP), referrer URL, date and time of website visiting||We have a legitimate interest (to ensure security of our website) (Art. 6 (1) (f) of the GDPR)||10 years after your last visit of our website|
|1.7 To engage in legal proceedings related to you||All information mentioned above, documents and attachments sent to you, documents and attachments submitted by you, procedural documents, court rulings, resolutions, decisions Information about criminal offenses and convictions||We have a legitimate interest (to defend our rights in legal proceedings) (Art. 6 (1) (f) of the GDPR) The data processing is necessary for the establishment, exercise or defence of legal claims (Art. 9 (2) (f) of the GDPR)||10 years|
We may share your personal information with the following recipients: (i) our subsidiaries; (ii) affiliated companies; (iii) subcontractors and other third party service providers; (iv) auditors or advisers of our business processes; and (v) any potential purchasers or investors in the Company.
We may also disclose your personal information or any information you submitted via the Services if we have a good faith belief that disclosure of such information is helpful or reasonably necessary to: (i) comply with any applicable law, regulation, legal process or governmental request; (ii) enforce our policies, including investigations of potential violations thereof; (iii) investigate, detect, prevent, or take action regarding illegal activities or other wrongdoing, suspected fraud or security issues; (iv) to establish or exercise our rights to defend against legal claims; (v) prevent harm to the rights, property or safety of us, our affiliates, our Customers, yourself or any third party; (vi) for the purpose of collaborating with law enforcement agencies; and (vii) in case we find it necessary in order to enforce intellectual property or other legal rights.
You acknowledge that third party service providers may use your Personal Information or any information you submitted via the Services for analytics purposes, while ensuring that their processing of such information only results in anonymized and aggregated data.
Our policy only addresses the use and disclosure of information we collect from you. To the extent that you disclose your information to other parties via the Services (e.g., by clicking on a link to any other website or location) or via other sites throughout the Internet, different rules may apply to their use or disclosure of the information you disclose to them.
In most cases, personal data are processed and transferred in the territory of the European Union and the European Economic Area, but when necessary for the provision of certain services, the data may be transferred and processed beyond those territories and countries which are considered by European Commission as safe in terms of data protection or where data are protected in accordance with Privacy shield program (USA).
You may download a copy of the EU-U.S. Privacy Shield Framework at: https://www.privacyshield.gov/EU-US-Framework.
GDPR and other laws provide you with certain rights, procedures for implementation of and exceptions to these rights. When allowed by law, you can:
If you have any questions or objection as to how we collect and process your personal information, please contact firstname.lastname@example.org. All of the requests will be fulfilled regarding GDPR 2016/679 clauses and will be answered within 30 days.
You may exercise you right to access your information, including account creating date, client ID, your name, e-mail, phone, other profile information and transaction history in the " Profile" section of the platform. Using “Profile” section you can also exercise your right to revoke personal data or request personal data by clicking corresponding buttons.
We retain the information we collect for as long as needed to provide the Services (including aspects of risk management) and to comply with our legal and regulatory obligations, resolve disputes, and enforce our agreements (unless we are instructed otherwise). Retention periods will be determined taking into account the type of information that is collected and the purpose for which it is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable time. Under applicable regulations, we will keep records containing account opening documents, communications, and anything else as required by applicable laws and regulations.
We may rectify, replenish, or remove incomplete or inaccurate information at any time and at our own discretion.
We take great care of implementing and maintaining the security of the Services and your information. We aspire to continuously employ industry standard procedures and policies to ensure the safety of your information and prevent unauthorized use of any such information. Although we take reasonable steps to safeguard information, we cannot be responsible for the acts of those who gain unauthorized access or abuse the Services, and we make no warranty, express, implied, or otherwise, that we will manage to prevent such access.
If you feel that your privacy was treated in discordance with our policy, or if any person attempted to abuse the Services or acted in an inappropriate manner, please contact us directly at email@example.com.
Your personal information, such as your full name, email address, etc., may be used by us, or by our third party subcontractors to provide you with promotional materials, concerning our Services.
Out of respect to your right to privacy, within such marketing materials, we provide you with means to decline receiving further marketing offers from us. In addition, at any time, you may request to unsubscribe and discontinue receiving marketing offers by sending us a blank message with the word "remove" to firstname.lastname@example.org.
Please note that even if you unsubscribe from our marketing mailing list, we may continue to send you service-related updates and notifications.
The Services are not designated to individuals under the age of 18 or under legal age to form a binding contract under applicable laws. If you are under 18 years old or under legal age to form a binding contract under applicable laws, you should not use the Services or provide any personal information to us.
We reserve the right to access and verify any information collected from you. In the event that we become aware that an individual under the age of 18 or under legal age to form a binding contract under applicable laws has shared any of their information, we will discard such information. If you have any reason to believe that a minor has shared any information with us, please contact us at email@example.com.
If you have any general questions regarding the Services or the information that we collect about you and how we use it, please contact us at firstname.lastname@example.org.
Our details are as follows:
EstChange OÜ, registry code 14438674 – Vaksali tn 6-1, Tartu 50409, Estonia;
ECNG Digital UAB, registry code 305940403 – Eišiškių Sodų 18-oji g. 11, Vilnius LT-02194, Lithuania.