Taking care of the protection of your privacy and personal data at Alteway UAB, pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, hereinafter – the Regulation, and to other legal requirements of the European Union and the Republic of Lithuania, recommendations of the financial sector and guidelines of good practice, we have developed these Privacy Protection Policy.
In the Privacy Protection Policy, we provide you with information relating to the processing of your personal data, i.e., any information that relates directly or indirectly to you, your right to privacy and its protection.
Data subject – a natural person whose personal data is processed;
Controller – a natural or legal person, public institution, agency or other body that alone or jointly with others determines the purposes and means of personal data processing; Limited Liability Company Alteway, registration number No. 305744301, Vytenio str. 9, Vilnius, Lithuania, LT-03113 (Vytenio g. 9, Vilnius, Lietuva, LT-03113); email address: firstname.lastname@example.org.
Personal data – any information that is or may be relevant to the Data Subject, such as name, surname, personal identification number or identification number, address, telephone number, e-mail address, video surveillance, economic and other actions specific to the Data Subject.
Processing of Personal Data – any activities we perform with the Data Subject’s Personal Data, such as collecting, registering, organizing, structuring, storing, adapting or modifying, retrieving, viewing, using, disclosing, transmitting, distributing or otherwise making available, coordinating or combining, limiting, deleting or destroying;
Terms – these Privacy Protection Policy.
Consent – any consent freely and knowingly provided by the Data Subject by which the Data Subject consents to the Processing of his or her Personal Data for a specific purpose.
Profiling – The use of the Data Subject’s Personal Data to assess the Data Subject’s personal conduct, in particular, by analysing or predicting conduct relating to the Data Subject’s economic situation, personal preferences, interests, reliability, behaviour, location.
Data State Inspectorate – an institution that supervises the application of the Regulation in the Republic of Lithuania.
Processor – a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Third party is a natural or legal person, public authority, agency or body other than the Data subject, Controller, Processor or persons who, under the direct authority of the Controller or Processor, are authorised to process Personal data;
PRINCIPLES OF PERSONAL DATA PROCESSING
Alteway UAB and the Processor / s process the personal data of the Data Subject in accordance with the Regulation, observing the following principles:
Legality, integrity and transparency – Personal data is processed lawfully, in good faith and in a way that is transparent to the Data Subject;
Purpose limitation – Personal data is collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes;
Data minimization – Personal data is adequate, relevant and includes only the information necessary for the purposes of processing;
Accuracy – Personal data is accurate and, where necessary, kept up to date. All reasonable steps must be taken to ensure that personal data which is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay;
Restriction on storage – Personal data is stored in a way that allows the identification of Data Subjects for no longer than is necessary for the purposes for which the relevant Personal Data is processed;
Integrity and Confidentiality – Personal data is processed in such a way as to ensure adequate security of Personal Data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage through appropriate technical or organizational measures.
WHAT PERSONAL DATA IS PROCESSED?
In accordance with the purposes specified in the Terms and to the extent necessary, Alteway UAB processes Personal Data:
1) Your identification data: name, surname, personal identification number, date of birth, information specified in the personal identification document (passport or identity card);
2) Your contact information: Information to contact you, address of residence, address for receiving correspondence, telephone number, e-mail address;
3) Information related to your tax residence: Country where you were born, live, taxpayer number, citizenship, place of tax residence;
4) The information we receive from your letters, e-mails, telephone calls (with audio, without audio recording) when you contact Us, as well as information about the devices and technologies you use to communicate;
5) Information about you that is stored in physically and electronically accessible documents;
6) Information about your Investment Portfolio and Virtual Currency Wallet: cryptocurrency balance, cryptographic asset flow – incoming and outgoing cryptographic transfers, commissions and other Virtual Currency fees provided for in the agreement.
7) data on your knowledge in finances, such as education, knowledge and experience in the field of investment;
8) data on your transactions within Alteway UAB, this is data related to the services you have received, requests, complaints, information on the performance of the agreement and similar data;
9) financial data such as the origin of funds and assets, country of registered tax residence, accounts, payment documents, financial liabilities, payment discipline, types and value of assets (including financial instruments and transactions with them), your expenses and income, and similar data;
10) data related to your economic activity – information about your job, employment, your economic or commercial activity (agriculture, self-employment, etc.), business partners, income stability, as well as information about other sources of your profit;
11) audio and video data, such as visual surveillance, video and audio recordings, when you visit our customer service points or contact our staff.
ON WHAT BASIS ARE WE PROCESSING YOUR PERSONAL DATA?
Before we start processing your Personal Data, we always evaluate in advance the purposes for which your Personal Data will need to be processed. The processing of your Personal Data is lawful if we do so on at least one of the following grounds, i.e. we process your Personal Data:
– for concluding and performing an agreement to provide you with a relevant service or,
– to fulfill the obligations specified by law or;
– based on your consent or;
– In order to pursue the legitimate interests of the Controller or a third party to provide you with the service specified in the agreement, ensure the legitimate interests of the Controller or third parties arising from the law, assessing whether the Controller’s interests in processing your Personal Data are proportionate to your right to privacy.
Based on this, We will continue to process your Personal Data as long as you receive our services. Depending on the services provided, this basis may be combined with other grounds for processing Personal Data.
In some cases, the processing of your Personal Data is required or permitted by certain laws and regulations, so we process Personal Data if it is our duty or right under the laws and regulations, for example, to comply with anti-money laundering requirements.
We process Personal Data based on our legitimate interests, which justifies our desire to provide you with appropriate and modern services, to maintain and use unified internal information technology systems and customer databases, as well as to provide efficient and competitive services.
FOR WHAT PURPOSES DO WE PROCESS YOUR DATA?
– Provision of contract services;
– for identification of risks, assessment, documentation and provision in transactions with customers;
– for protection of our clients’ Cryptographic Assets;
– for the performance of our economic and administrative activities.
In addition to the main purposes, we process your Personal Data for the following sub-purposes, such as:
1) In order to be able to identify you, we process your name, surname, personal identification number, date of birth, personal identification document data (including making and storing a copy of your personal identification document).
2) We process your general personal and identifying data in order to provide you with services (including to evaluate your applications for services) and to properly fulfill our contractual obligations and obligations under applicable law.
3) In order to assess the suitability and relevance of our products to your interests, as well as to advise you on digital payment issues, we collect Personal Data about your knowledge and experience in finance, about your income, financial goals and plans, as well as other information you provide to us at meetings or within remote consultation.
4) In order to ensure the safety of our employees and visitors, including your property, as well as to prevent and detect violations of the law, we perform video surveillance and process your image data when you visit our customer service points.
5) In order to improve the quality of our service and to manage customer relationships, we collect and use Personal Data related to our services, including inquiries, complaints and other similar information.
6) For most marketing activities, such as providing information about our services, we process your Personal Data based on your consent, if required by law.
7) In order to meet the requirements of anti-money laundering legislation and to evaluate you as our potential customer, we process Personal Data about your employer, your position, citizenship, business, business and cooperation partners, the origin of funds, as well as information, whether you are a politically exposed person, as well as other information necessary for customer research and system maintenance to detect unusual and suspicious transactions.
8) In order to comply with our legal obligations, we process your Personal Data for reporting to public authorities, investigative bodies and other law enforcement authorities to the extent and in the situations specified in the applicable laws and regulations.
We also process your Personal Data for various solvency, accounting and auditing requirements.
HOW DO WE COLLECT YOUR PERSONAL DATA?
We collect your Personal Data:
1) when you provide it to us:
– by applying for services;
– by contacting us by post, e-mail or in person, by phone;
2) when you use our services, incl. visiting our office, visiting our website;
3) when provided to us by third parties:
– our cooperation partners, who provide you with information about us, conduct market research, provide services within the framework of loyalty programs;
– maintainers of databases specified in legal acts, registers;
– state institutions and law enforcement institutions and their officials;
Camera surveillance With the purpose of conducting surveillance as part of Alteway UAB safety work, Alteway UAB is using camera surveillance of Alteway UAB office premises. The camera surveilled areas are marked with signs.
The Personal Data Processed when Alteway UAB conducts camera surveillance are mainly images and video of the Client when the Client is inside and outside Alteway UAB office premises.
Alteway UAB will also record sound in Alteway UAB office premises. Alteway UAB Processing of Personal Data via camera surveillance is carried out with the legal basis of our legitimate interest of ensuring security of our employees, Clients and Alteway UAB asset, which Alteway UAB have considered outweigh the Client’s interest of protection of the Personal Data.
With respect to the purpose of Alteway UAB camera surveillance, camera recordings will be retained no longer than necessary, with a maximum retention time of 60 days from the moment of recording.
Recipients of Personal Data?
We transfer your Personal Data:
1) to other service intermediaries and third parties involved in the execution of transactions;
2) Authorities such as tax authorities, supervisory authorities and law enforcement agencies to supervisory authorities (State Consumer Rights Protection Authority (SCRPA), State Tax Inspectorate Under the Ministry of Finance, etc.) on the basis of written requests or binding obligations specified in legal acts;
3) in certain cases, to the competent state institutions;
4) to maintainers of databases established in accordance with the procedures specified in legal acts;
5) in cases specified by legal acts, to the state / law enforcement institutions, investigative institutions, courts, sworn bailiffs, sworn notaries;
As part of the Processing of your Personal Data, access to your Personal Data is restricted to authorized employees of us and our partners who need it for the performance of their duties and who process your Personal Data only in accordance with the purposes and grounds of Personal Data processing specified in these Terms observing personal data protection law.
DO WE CONDUCT AUTOMATED DECISION MAKING AND PROFILING?
When we start cooperating or to provide services to you as an existing customer, we can make automated individual decisions in connection to you. Within the framework of such automated individual decision-making, Profiling may be performed, which takes the form of processing of your Personal Data in order to evaluate and forecast your personal wishes, interests, reliability and behaviour.
We perform Profiling in connection with direct marketing, so that, for example, we do not bother you by sending offers that are not suitable for you, but instead, by analysing various types of information available to us, we automatically forecast the most suitable and relevant offers for your needs.
We perform Profiling to assess whether the appropriate service is right for your wishes and needs, assess the risks and provide you with advice on Cryptographic Management Services.
DO WE TRANSFER YOUR PERSONAL DATA OUTSIDE THE EU / EEA?
Your personal data is stored within the territory of the European Union and European Economic Area.
HOW LONG DO WE STORE YOUR PERSONAL DATA?
How long we store your Personal Data depends on the purposes for which we process it and the criteria by which we evaluate the retention periods of your Personal Data.
When determining the terms of storage of your Personal Data, we evaluate:
1) The need to store your Personal Data to ensure the performance of a valid service agreement;
2) The need for the storage of your Personal Data for the fulfillment of legal obligations, for example, in accordance with the term of 5 years specified in the “Law on the Prevention of Money Laundering and Terrorist and Proliferation Financing” and within the time limits for storage of various documents specified in other legal acts;
3) Retention of your Personal Data to protect our interests in the event of various claims after the termination of the business relationship with you, for example, for 10 years in accordance with the general limitation period for liability rights;
4) our or a third party’s legitimate interests that could be harmed in the event of the deletion of your Personal Data, for example with regard to your right to restrict the processing of data;
5) The need to store your Personal Data in order to provide evidence of lawful processing of Personal Data during the previous period, such as the existence of your consent to previous processing operations;
6) If the processing of your Personal Data is carried out on the basis of the Consent, as long as your Consent for the relevant purpose of the processing of Personal Data is valid, in the absence of another basis for the processing of your Personal Data.
If, during the evaluation, we find different reasonable retention periods for your Personal Data, such as between the statutory retention period and the period required to protect our interests, this will be a sufficient basis for storing your Personal Data longer.
If one or more of the following criteria are met, we will ensure that your Personal Data is deleted or anonymised.
WHAT ARE YOUR RIGHTS TO THE PROCESSING OF PERSONAL DATA, WHAT DO WE DO?
As part of our compliance with privacy and Personal Data protection laws, we act in accordance with your rights, if you submit a written request to us:
1) revoke the given consent to the processing of your Personal Data at any time (in case of issuing the Consent), informing us about it by e-mail in the form of an application using an e-signature.
2) access your Personal Data and receive from us:
– confirmation or rejection of whether or not we process your Personal Data; – information about your Personal Data that we process;
– additional information about the processing of your Personal Data in order to verify the accuracy of your Personal Data and whether we process your Personal Data in accordance with legal requirements.
3) to correct your Personal Data if you reasonably believe that your Personal Data is inaccurate, as well as, taking into account the purposes of processing your Personal Data, to supplement incomplete Personal Data.
In the event that your Personal Data has changed, as well as if you have identified that we process inaccurate or incomplete Personal Data, please inform us about the need to correct it. In this case, we have the right to request you to present documents supporting the correction.
4) delete your Personal Data if:
– consider that it is no longer necessary or usable for the original purposes of the processing of Personal Data;
– You have reasonable grounds to believe that your Personal Data is being processed unlawfully;
– The deletion of your Personal Data is determined by the data retention periods specified by law.
We will ensure the deletion of your Personal Data in our possession, including deletion from our cooperation partners, if the Personal Data is no longer necessary for the purposes for which we processed it. We will not be able to ensure the deletion of your Personal Data if we are required to provide for such processing in cases required by law, ensuring the retention periods for information or documents set out, for example, in the “Law on the Prevention of Money Laundering and the Financing of Terrorism and Proliferation“. We also have the right to refuse to delete your Personal Data if it requires a disproportionate effort.
5) restrict the processing of your Personal Data if:
– You dispute the accuracy of your Personal Data; the restriction will apply only for the time during which we will be able to verify the accuracy of your Personal Data;
– You consider that the processing of your Personal Data is illegal and you object to the deletion of the Personal Data by requesting instead a restriction on the use of the Personal Data; the restriction will apply only to the term reasonably specified by you;
– we no longer need your Personal Data, but it is necessary for you to exercise or defend legal rights and interests, make claims, etc.; the restriction will apply only to the term reasonably specified by you;
– You object to the processing of your Personal Data by us on the basis of our legitimate interests, but the restriction only applies for as long as we re-evaluate such legitimate interests.
However, in exercising this right, we will have the right to process your Personal Data, for example to exercise or defend legal rights and interests, to bring claims, the rights of another natural or legal person. We will ensure that your Personal Data held by us and our partners is restricted, if a disproportionate effort is not required.
5) transfer your Personal Data, which we have received from you on the basis of the Consent and the established contractual obligations and which we process by automated means, for personal use or transfer to another service provider, if there are no obstacles to such a transfer of Personal Data. We would like to inform you that the information subject to the portability of your Personal Data may also contain the data of third parties, therefore we will assess the impact of the transfer of this Personal Data on the rights and freedoms of third parties.
6) object to the processing of your Personal Data based on Our legitimate interests. We will have the right to process Personal Data if it is necessary to exercise or defend legitimate rights and interests, to bring claims (for example, for the purpose of legal proceedings).
You will not be able to exercise this right if you have given your Consent to the Processing of your Personal Data or if the Processing of Your Personal Data by us is necessary for the conclusion or performance of the agreement.
7) abandon automated individual decision making, incl. Profiling
With regard to automated individual decision-making, incl., Profiling, which may have legal consequences for you, negative consequences, you have the right to waive such automated individual decisions, incl. Profiling. You will be able to exercise these rights in cases where we need it to enter into or perform an agreement with you, in the cases specified by law, as well as when you have given your explicit Consent to such processing of your Personal Data.
SUBMISSION OF A REQUEST
You can submit your request: by email, by signing the request with a secure electronic signature to email@example.com ;
We will respond to your request without undue delay no later than one month from the date of receipt of your request, if necessary, taking into account the scope of your request, we have the right to extend the deadline for execution of the request by two months. In this case, we will inform you of the reasons for the extension and delay within one month of receiving the request.
We will provide you with information on your requests by encrypted e-mail.
Processing of your request is provided free of charge.
However, if we find that your requests are recurring on a regular basis, are manifestly unfounded or excessive, we will, taking into account the administrative costs associated with providing the information or communication or performing the requested action (incl., staff resource costs),
SECURITY OF PROCESSING
Alteway UAB applies the necessary organizational, physical and technological measures to protect personal data in accordance with the risk.
Alteway UAB has provided appropriate training to all employees who process personal data.
Alteway UAB may use processors to process Personal Data. We ensure that all our processors process personal data in accordance with our instructions, applicable law and take all appropriate organizational and technological security measures.
These terms may be unilaterally changed or supplemented in connection with amendments to regulatory enactments or as part of changes to our operations. We will notify you 60 days in advance about changes in the terms that are not related to the requirements of regulatory enactments.
Information on changes to the terms are available on our website alteway.com.