x Mastercard: A new era of Finance for blockbank unveiled 🚀

Privacy Policy

Edition: 25.09.2022

The structure of this document (You can navigate through the document using active links and search for the information
you need in the text):

This document is divided into 2 parts: a detailed text version (on the right) and a summary of the sections (on the
left), which briefly and more clearly explain the content of the section.

About us and our contacts

Summary

In detail

This document explains what data is processed in connection with your use of the Blockbank / Fideum service. It also explains how we receive and use your data, where we store it and how we protect it. We want the use of our service to be as secure as possible for your personal data, so your privacy is a priority for us. By Blockbank / Fideum service (hereinafter referred to as the “Service”) are understood any of its components:

  • Mobile app blockbank / Fideum
  • Web application blockbank / Fideum.

It explains how and why we process your personal data, as well as how you can control it and stop it from being processed.

This Privacy notice applies to all personal data that we receive when you are using the Service.

Please carefully read this document. This is because using the Service implies that you fully understand and accept the terms of use of your personal data without any conditions, exceptions, or reservations. If you do not accept the terms of this document (in general and / or in part) or do not agree with the terms of use of personal data, we ask you not to use the Service. If you disagree with the terms of the Privacy notice, further use of the Service and its components is not allowed.

Some terms

Some terms that can be seen in this document:

  • Fideum
  • Automated decision-making is a decision
  • Processor (vendor)
  • Group Companies

Some terms that can be seen in this document:

Fideum shall refer to both UAB HODL Services and the Group Companies in the context of the Personal data and the Services.

Automated decision-making is a decision that our system makes automatically due to its specific algorithm and without human participation.

We don’t use any algorithms to make any decision that would significantly affect you.

Processor (vendor) – a third party company that we attract to perform on our behalf certain actions necessary for the operation of the Service and related to the processing of your personal data (for example, a payment system, a message sending service, etc.)

Group Companies – are the Fideum Group companies, as listed in the “About Us” section below.

Definitions

The terms listed below have the meanings assigned to them in the Data privacy regulation and the accompanying Policy:

  • Personal data means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
  • Activity and usage data means any personal data which is generated, collected and processed during the usage of New Sphere’s services;
  • Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  • Controller means any natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;.
  • Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller;
  • Data subject is an identified or identifiable natural person who can be identified, directly or indirectly, based on particular information representing personal data;

About us and Our Contacts

Our company, which is responsible for processing your personal data using the Service, is called UAB HODL SERVICES and is located in Lithuania at the address: Naugarduko 68BJ. Savickio g. 4-7, Vilnius, 01108, Republic of Lithuania.

Contacts of our Data protection officer:

1) e-mail: [email protected]
2) Postal address: Naugarduko 68B, VilniusJ. Savickio g. 4-7, Vilnius, 01108, Republic of LithuaniaLT.

UAB HODL SERVICES is the administrator of the Service and the controller of personal data processed in accordance with this notice.
Our address: Naugarduko 68B, , Vilnius, 01108, Republic of Lithuania.If you have any questions about this Notice or questions about our processing of your personal data, we hope that you contact us and we will be able to resolve your issue. You can contact our Data protection officer using:1) email: [email protected] or
2) by writing us to: Naugarduko 68B, Vilnius, 03203, Republic of Lithuania.We will send responses to your requests to the e-mail address specified by you during registration in the Service or in any other form, at your wish. You can also contact the Lithuanian Supervisory Authority.
Group Companies may as well participate in the Service. The following Group Companies may take some part in processing of personal data under substantial agreements with UAB HODL Services:

AiDLT Global LTD: has its business address at Sovereign place 117 Main Street, GX11 1AA, Gibraltar, registered in the Registrar of Companies of Gibraltar under No 121171 and is involved in building technology solution for the Service.

Genblock Financial INC: has its nosiness address at … Victoria, British Columbia Canada, registered in the Registrar of Companies of Province of British Columbia Canada under No BC1328020 and is involved in building technology solutions for the Service.

Age restriction

You can use the Service only when you reach a certain age. The minimum age for using the Service is 18 years.

We will delete the data of a user whose age does not meet our age requirements as soon as we become aware of this.

The Service can only be used by users who are minimum 18 years old If you are under the minimum age, please do not use the Service and do not provide us with your personal data.

If we become aware that personal data of users who have not reached the minimum age has been obtained through the service, we will immediately take all possible measures to delete such personal data and account.

If you are aware that the App is being used by a person under the age of consent, please contact us using any of the methods described in Section About us and our contacts, and we will take the necessary steps to delete the corresponding information and / or account.

Personal Data

While using the Services various types of your Personal Data may be processed by Fideum:

  • Contact and general account creation data;
  • Verification data;
  • Financial data for facilitation of transactions;
  • Log data on the website;
  • Mobile app data;
  • Company details in case of business accounts;
  • Business onboarding data;
  • Details to and proof of funds, if necessary;
  • Personal data provided by you in requests to our Support or other employee;
  • Marketing data;
  • Research data;
  • Photo, video and audio data from events or fairs or interviews;
  • Recordings of telephone conversations and electronic communication;
    Blockchain data.
While using the Services various types of your Personal Data may be processed by Fideum.
Data types:

  • Contact and general account creation data: when creating a new User account or communicating with Fideum, we might process for example: name, address, telephone number, email, date of birth, photo for the account, etc.;
  • Verification data: when an account is verified, we might process for example: screenshots/photos of national identity documents (e.g.:passport, driving licence, ID card) and identification data from these documents, utility bill details for residence verification, data about status of politically exposed persons, video data from the video authentication process, biometric data for verification (see point 7), etc.;
  • Financial data for facilitation of transactions: e.g.: bank details (IBAN, BIC), payment service provider information, payment details, transaction-ID, and other sensitive payment data. In addition, data relating to the placing of orders for financial instruments (number of units purchased, amount, time of acquisition/termination and similar) will be processed.
  • Log data on the website: e.g.: IP-address, transaction data, deposit and withdrawal address, computer or mobile device information, frequency, time, operating system, browser type, device type, unique device identification number, identification cookies, optionally form data, crash reports, performance data, interactive chat (for Fideum Custody), third-party cookies, etc.;
  • Mobile app data: e.g.:IP-address, transaction data, deposit and withdrawal address, mobile device information, frequency, time, operating system, browser type, device type, unique device identification number, optionally form data, crash reports, performance data and only with your explicit consent, data from: camera, microphone, storage, telephone (read SMS confirmation);
  • Company details in case of business accounts: commercial register reports, data of/or concerning beneficial owners, records or additional information on recent, past or planned business activities, other data necessary to determine/validate the structure, the beneficial ownership or any power of attorney of the company.
  • Business onboarding data: e.g.: KYC company data, ultimate beneficial ownership (UBO), legal entity type, PEP status of UBOs, Country of Incorporation, VAT and registration Number, Financial Statement Data, Shareholder data, Authorised individual data (which might include personal data of an individual such as name, ID number, ID type, issuing authority, email address, phone number).
  • Details to and proof of funds, if necessary: e.g.: banking statements or any other details provided by banks or financial institutions, contracts of sales or contracts in general, or any other suitable data to prove or determine the origin of funds;
  • Personal data provided by you in requests to our Support or other employee; if you contact our support, we might process for example: data provided in your request to the support team.
  • Marketing data: if you visit our website or social media sites or during the usage of the Mobile App, we might process statistical and marketing data for example: number of visitors, frequency, clicks, time, places, target groups, data from cookies and similar technologies, consumer’s behaviour, interests and preferences, data about market research and target groups surveys, etc.;
  • Research data: if you, inter alia, participate in any discussion boards, panels, etc. provided by Fideum or take part in one of our research initiatives and provide data via forms (which you might receive separate information about if you voluntarily agree to participate);
  • Photo, video and audio data from events or fairs or interviews: e.g.: photo, video and audio data.
  • Recordings of telephone conversations and electronic communication: when applicable by the laws. We will inform you of this in advance.
  • Further User identification information in the sense of applicable Anti-Money Laundering laws obtained during the initial registration process.
  • Blockchain data: your private blockchain key that will be managed and used to verify and carry out transactions you make online through the App/site;

Purposes and legal basis

All processing is performed in accordance with applicable data protection legislation. This includes, inter alia, the EU General Data Protection Regulation (GDPR), the E-Privacy Directive and the national implementing acts (e.g. the Lithuanian Data Protection Act). Generally, we process your personal data based on one of the legal bases listed below:

  • For the performance of contractual obligations (Art 6 para 1 lit b GDPR);
  • For compliance with legal obligations (Art 6 para 1 lit c GDPR);
  • To protect legitimate interests (Art 6 para 1 lit f GDPR);
  • Based on your consent (Art 6 para 1 lit a GDPR);
For the performance of contractual obligations (Art 6 para 1 lit b GDPR):

Processing of personal data might be necessary for the performance of the contract with you or in order to take steps at your request prior to entering into a contract. The following data processing operations, for example, are covered by such contractual obligations:

  • general performance of our services, all tasks necessary for the operation, performance and administration of Fideum and its platform;
  • video authentication process if you register for an account (validation of identity);
  • account management (e.g. continuous updating of User data);
  • execution of your orders (e.g. payment processing, chargebacks, proof of purchase and selling);
  • data processing and data transmission to precious metals vendors for the transferral of ownership of precious metals to you in accordance with your order;
  • Users service and support request;
  • application processing and data transmission for the Fideum prepaid Debit Card.
  • analysis and improvement of the platform’s quality and the general User experience (e.g. performance tracking on the platform);

For compliance with legal obligations (Art 6 para 1 lit c GDPR):

Processing of personal data might also be necessary for complying with various legal obligations. The following data processing operations, for example, are covered by such legal obligations:

  • contract management, accounting and invoicing;
  • compliance and risk management;
  • Know-Your-Customer measures like video authentication process (validation of identity) and proof of funds;
  • monitoring for prevention of fraud, misuse (e.g. for illegal purposes), money laundering and terrorist financing;
  • providing information to fiscal criminal authorities in the context of fiscal criminal proceedings or to prosecution in accordance with official orders;
  • consultation of credit agencies to determine creditworthiness and default risks.
  • appropriateness test.
  • transaction information; such as sender’s name, account number, location information, recipient’s name and account number in order to prevent money laundering and terrorist financing within the means of complying with FATF Travel Rule ;
  • recordings of telephone conversations and electronic communication.
  • appropriateness test.

To protect legitimate interests (Art 6 para 1 lit f GDPR):

Where necessary, data processing might take place beyond the performance of the contract in order to maintain the legitimate interests of Fideum or a third party. The following data processing operations are covered by such a legitimate interest:

  • prevention of fraud, misuse (e.g. for illegal purposes), money laundering and terrorist financing;
  • processing inquiries from authorities, lawyers, collection agencies in the course of legal prosecution and enforcement of legal claims in the context of legal proceedings;
  • risk management and risk minimisation e.g. through enquiries to credit agencies, debtor directories or providers of business analysis;
  • data transmission within the Fideum Group for internal administrative purposes;
  • account management and handling general User requests and inquiries;
  • testing and optimisation of procedures and models for analysing requirements, business management, product development and direct User engagement;
  • process and quality management measures;
  • analysis and improvement of the platform’s quality and the general User experience (e.g. performance tracking on the platform);
  • market research, business management and continuing development of services and products;
  • processing statistical data, performance data and market research data via the website, the Mobile App or social media platforms;
  • direct marketing and advertising (e.g. performance of marketing strategies, targeting of Users, dispatch of vouchers, advertisement from Fideum and its partner companies);
  • use of audio, video and photo data from public spaces (e.g. public events, fairs, etc.) for marketing and other representation purposes on our social media channels or our website;
  • processing User preferences (e.g. language, region) via cookies on our website;
  • identification and examination of potentially defective or suspicious business cases and accesses to our websites (e.g. website analysis);
  • Payment services (e.g. transfers from your Account to Account or a third party, initiating payment initiation services at a third party, etc.)
  • measures for protecting our Users and Partners, as well as safeguarding network and information security; also measures to protect our employees, Users and property of Fideum;
  • data security and IT-security on our website and safeguarding our network (e.g. prevention of identity theft and defective or suspicious accesses to our websites).

Based on your consent (Art 6 para 1 lit a GDPR):

If you have given us your consent to process your personal data, processing will only take place in accordance with the defined purposes and to the extent agreed in the declaration of consent. Given consent may be withdrawn at any time without giving reasons and with future effect, if you no longer agree to the processing. For example, with your consent we are processing data for the following purposes:

  • for the use of all functions of the Mobile App (e.g. telephone permission to read SMS confirmation, camera to scan barcodes, microphone for commands, etc.);
  • direct marketing and advertising (e.g. User satisfaction surveys, newsletters, sweepstakes and other advertising communications);
  • website analysis and tracking for advertising purposes;
  • certain uses of audio, video and photo data (e.g. commercials, interviews, etc.) for marketing and other representational purposes via various channels;
  • auto-ident procedures for verifying your account (validation of identity).

Please note that the withdrawal of the consent does not affect the lawfulness of processing based on consent before its withdrawal.

Processing for other purposes:

As a general principle of Fideum, we only process personal data for the purposes for which they were collected. In exceptional cases, however, we might process your personal data which we have collected for one specific purpose for another purpose. In this case, we will inform you before the intended processing about this purpose, the period for which your personal data will be stored, the exercise of data subject rights, the option to withdraw consent, the existence of the right to file a complaint with the data protection authority, whether provision of the data was necessary on legal or contractual grounds and what the consequences would be if it were not provided, and whether automated decision-making or profiling is carried out.

Your rights and how to exercise them

You have a number of rights in relation to your personal data:

a) to access them (Right of access, Art 15 GDPR)
b) make amendments and additions to them (Right to rectification, Art 16 GDPR)
c) require us to erasure them (Right to erasure, Art 17 GDPR)
d) request a restriction on their processing (Right to restriction of processing, Art 18 GDPR)
e) object to a particular data processing (Right to object, Art 21 GDPR)
f) receive your data from us in electronic format, so that you can then transfer it to another person or ask us to do so (Right to data portability, Art 20 GDPR).
g) not to be subjected to automated decision-making (i.e., a decision that our system makes
automatically due to its specific algorithm and without human participation) (Right to not be subject to automated decision-making, Art 22 GDPR)
h) to withdraw consent to their processing (Right to withdraw consent, Art 7(3) GDPR).

In any case, you can always ask us via email [email protected] or by writing us to: Naugarduko 68B, Vilnius, 03203, Lithuania, how we process your data and how you can exercise your rights.If we suspect that someone is impersonating you, we will check whether it is really you who made the request to us.

Your rights in relation to your personal data:

a) The right to access personal data We provide you with the opportunity to access your personal data that is processed by the service. You can request information about what your personal data is processed by us and to what extent by sending us a request *.

b) Right to rectification You can independently change (clarify / supplement) certain personal data in your profile, and you can also contact us with a request to clarify your personal data*. We may ask you for documents confirming
the need for changes, if such changes are related to the receipt of paid services of the service.

c) The right to erasure (the “right to be forgotten”) In certain cases, you can request * the deletion of your personal data and the termination of their processing, for example, when the personal data is no longer needed for the purposes of specific processing, or when you withdraw your consent or object to the processing of your personal data, or when in your opinion the processing of personal data does not comply with the law.

d) The right to restrict processing You may request* that we temporarily or permanently stop processing all or some of your personal dataif:

dispute the accuracy of your personal data,

  • if you believe that the processing is illegal and, instead of deleting personal data, you want to restrict their use by us,
  • you believe that they are necessary for you to declare, implement or challenge legal claims and claims.

e) The right to object to processing Taking into account your specific situation, you can at any time object to the processing of your personal data if the basis for their processing was our legitimate interest or the processing is necessary to perform a task in the public interest or within the framework of the exercise of state power entrusted to us (the grounds for processing are described in the Appendix List of treatments. You can also object to profiling based on these grounds. Also, in cases where we process data for the purposes of direct marketing, you have the right at any time to object to the processing of your personal data for the purposes of such marketing, including profiling, to the extent that the processing of your personal data relates to this direct marketing.

f) The right to data portability You have the right to receive your personal data available to us, which we received with your consent or they were provided to us for the performance of the contract, from us in electronic format and then you can transfer such data to another person. We may, at your direction, transfer such data directly to another person, if this is technically feasible.

g) The right not to be subjected to automated decision-making You have the right not to be subjected to a decision that is based solely on the automated processing of your personal data, including profiling, if such actions entail legal consequences (for example, some of your legal rights will be infringed, limited) or in a similar way significantly affect you.

In certain cases, automated decision-making may take place, but we will take measures to protect your rights, freedoms and interests of the data subject. In this situation, you can request* the intervention of our specialist to make a decision, and also have the right to express your position, challenge such a decision.

h) The right to withdraw consent to the processing of personal data If we process your personal information based on your consent, you can revoke your consent to the processing of personal data at any time by changing the settings in your profile or by sending us a request* indicating the revoked consent. Please note that the fact of revocation of consent does not affect the legality of data processing actions performed before the revocation. If you have any questions about your privacy rights or how you can exercise them, or if you want to exercise any of these rights, you can send us a request*. We will try to respond to your request as soon as possible, but in any case we will do it within a month from the date of receipt of the request. In some cases, it may take up to 3 months to fulfill your request, which we will definitely notify you about and explain
the reasons for the delay.

Please keep in mind that if the request is unclear, we can contact you to better understand the content of the request. We may also refuse to satisfy a request if it is clearly unfounded or excessive (repetitive).

If we have doubts whether you have really contacted us (and not someone impersonating you), we have the right to ask you to confirm your identity (for example, to confirm some data known to you and us or to provide a copy of your identity card). This will allow us to make sure that the satisfaction of your request does not violate the rights of third parties.

If you are not completely satisfied with our response, you can also complain about our processing of your personal data to the appropriate data protection authority.

How we receive your personal data

Where do we get your data from:

1) we receive from you (for example, when you enter data during registration or write a request to our
mail);
2) we automatically collect data from your device (phone, computer) from which you use the Service;
3) we receive it from other services and persons (for example, from Facebook, Google, Apple);
4) we create it ourselves (for example, by collecting the history of your use of the service).

We may receive your personal data:

  • directly from you when you enter this data when registering or using the service or in connection with its use (for example, when you enter data during registration or write a request to our email);
  • automatically received by us when you use the service (for example, technical data of the device);
  • received by us from third-party resources and services (for example, from Sum and Substance Ltd (UK) that provides KYC for us);
  • generated by our service when you use it (payment history). When you register or log in to our service via Facebook, Google, Apple, you give us permission to receive certain information from these services. The specific types of information that we may receive depend on your settings for this service and will be governed by their privacy policy.

When we ask you to provide your personal data for the provision of the services, we strive to collect only those whose collection is the minimum necessary for the provision of services of the service. If you do not provide us with complete and accurate data, we will not be able to provide you with the services.

If for some functionality (for example, sending news to the mail) or for some of our needs (for example, sending advertising to you), your consent to the processing of personal data is required, such processing will be carried out at your discretion and only after receiving your consent.

How long do we store your personal data?

As a rule, we store your personal data as long as it is necessary to provide you with services in the Service and to provide access to the Service and for no less than 5 years or for the period after termination of business relationship or for other term established by applicable laws for the storage of certain data. As a rule, we store your personal data as long as it is necessary to provide you with services in the Service and to provide access to the Service and for no less than 5 years or for the period after termination of business relationship or for other term established by applicable laws for the storage of certain data.

We will store the necessary personal data after deleting your account, only if it is necessary for:

  • fulfillment of our tax and legal obligations,
  • compliance with the requirements of the legislation,
  • to resolve claims or disputes,
  • ensuring security,
  • prevention of fraud and money laundering,
  • ensuring the safety of our users.

Please note that if you delete some personal data of users from the Service, this deletion may affect the ability to use the Service and its functionality for the user.

Who we can share your data with

Your data may be processed by other companies engaged by us. Your data may sometimes be transferred for processing outside the EU, including to countries where the level of personal data protection is not adequate to the European level. However, in such cases, we undertake to monitor such processing.

  • Data transfer within the Fideum Group;
  • Data transfer to Processors;
  • Data transfer to public bodies and institutions;
  • Data transfer to other third parties;
For the operation, development, promotion of the service, we cooperate with other service providers who may have access to or receive from us or directly some of your personal data to provide relevant services. Such suppliers may be located outside the European Union and in countries that do not provide an adequate level of personal data protection (for example, the United Kingdom, etc.).

We allow these companies to process your data in accordance with our instructions and exactly to the extent that they need it to provide their services and products. As a tool for transferring data to countries that do not provide a level of protection adequate to the European one, we use such as Standard Contractual Clauses (approved by the EU Commission), which describe the conditions for processing data by recipients and mechanisms for their protection (including various technical, organizational and legal protection measures).

Data transfer within the Fideum Group:

Within the Fideum Group, your personal data will be shared between companies: if there is a legal basis as described above. This happens for internal administrative purposes to conduct internal administrative activities efficiently. Our employees treat your data with the highest security standards and also only have access on a need-to-know basis. In all these cases only those offices or employees will receive your personal data who need it to fulfil the contractual and legal obligations and legitimate interests.

Data transfer to Processors:

To a limited extent, we also transmit personal information to Processors. Such include, inter alia, service providers for video authentication services, IT services, User support, improvement of our website, monitoring of defective business cases, application management. Processors may only use or disclose this data to the extent necessary to perform services for us or to comply with legal requirements. We contractually oblige these Processors to ensure the confidentiality and security of your personal data that they process on our behalf.

Data transfer to public bodies and institutions:

We might also transfer your personal data might be disclosed to public bodies and institutions (i) if we are required to do so by law or in the context of legal proceedings, (ii) if we believe that disclosure is necessary to prevent damages or financial loss, or (iii) in connection with an investigation into suspected or actual fraudulent or illegal activities.

Data transfer to other third parties:

Fideum will only share your personal data with other third parties if a legal basis applies. This may be due to our contract with you, our legitimate interests, a legal obligation or your prior consent (withdrawable at any time).

We want to especially highlight five types of third parties that we might have to share data with:

  • Card Provider: if you use the Fideum prepaid debit card, we will send your personal data as required to our partner providing the card, technology and gateway;
  • Content managing system, e.g. the Fideum Custody provider.
  • Data storage provider (servers located in the EU). Amazon Web Services (AWS)
    https://aws.amazon.com/compliance/data-privacy-faq/
  • KYC provider: Sum and Substance Ltd (UK) https://sumsub.com/privacy-notice/
  • Other third parties: Fideum Group might transfer your personal data to any other person with your consent to the disclosure or the purpose of performing a contract or in order to take steps at the request of the data subject prior to entering into a contract, especially for the performance of payment services to credit institutions and other payment service providers as far as the disclosure is necessary for the performance of transactions of cryptocurrencies, digital assets.

How does the service ensure the security of your data?

The security of your data is important to us. To do this, we use certain common measures to protect them, and also make sure that our partners provide an appropriate level of protection of your data. We strive to protect the personal data of our users and take all reasonable and appropriate measures to protect the personal data of users from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction.

To protect your personal data, we:

  • have designed and have developed the Service in such a way as to minimize the risks of data breach;
  • have chosen reliable partners who comply with the requirements of the laws on personal data protection. Our partners with whom we share your personal data are required to comply with all applicable data privacy requirements and ensure an appropriate level of data protection;
  • have restricted access and differentiated the levels of access to your personal data for our employees and third parties, and we also monitor who accesses, uses and transmits your personal data;
  • conduct vulnerability scanning of the Service to prevent data breach;
  • store personal data on servers located in the European Union;
  • encrypt personal data for safe transmission and storage.

If you have any questions about the security of our Service, please contact our Data protection officer
at dpo@blockbank .ai.

Personal data breach

No service is 100% secure. If your data is suddenly leaked in our Service, we will do everything to eliminate such a leak and its consequences for you. It is important for you to restrict the access of others to your device and its contents, since we cannot ensure the security of your data in the event of such access. Please note that no security system is perfect, and therefore we cannot fully guarantee the absolute security of the service or unauthorized access to personal data by third parties. In case of occurrence of such circumstances (events) we will take all reasonable measures to eliminate these circumstances (events) and their consequences.

We recommend that you restrict access to the device from which you use the service and log out after using the Service.

If necessary, we will notify you of any violations related to your personal data breach and report such breach to the relevant authority for the supervision of compliance with the legislation on the protection of personal data.

Tracking data

We use “Cookies”, which are text files placed on your computer, to help us analyze how users use our services, and similar technologies (e.g. web beacons, pixels, ad tags and device identifiers) to recognize you and/or your device(s) on, off and across different devices and our services, as well as to improve the services we are offering, to improve marketing, analytics or website functionality. The use of Cookies is standard on the internet. Although most web browsers automatically accept cookies, the decision of whether to accept or not is yours. You may adjust your browser settings to prevent the reception of cookies, or to provide notification whenever a cookie is sent to you. You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to access the full functionality of our websites.

Google Analytics:

The UAB HODL SERVICES website uses Google Analytics, a web analytics service from Google, Inc. (“Google”). Google Analytics uses cookies-text files hosted on visitor computers that help website operators analyze how visitors use the site. Information about the use of the website by visitors, created using cookies, is usually transmitted and stored on Google’s servers in the United States.

On behalf of the website operator, Google will use this information for the purpose of evaluating the website for its users, in order to compile reports on website activity, and to provide other services relating to website activity and internet usage for website operators.

Google will not associate the IP address transferred in the context of Google Analytics with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that in this case you may not be able to use the full functionality of this website.

Furthermore, users can prevent the collection of data about their use of the website (including their IP address) generated by the cookie, and the processing of data by Google, by downloading and installing the browser plug-in through the following link: http://tools.google.com/dlpage/gaoptout?hl=en .

Facebook Tracking Pixel service:

Facebook Tracking Pixel with Remarketing is used by UAB HODL SERVICES to display targeted ads to visitors to this website, depending on how they are used when visiting the Facebook social network (hereinafter referred to as Facebook Advertising). With Facebook Tracking Pixel, a direct link to Facebook servers is used when visitors use this website. He sends information to the Facebook server about the user visiting this website, and Facebook processes this information and can link it to a Facebook user account. For more information about how Facebook collects, processes data, and protects their privacy, see Facebook Privacy Policy at https://www.facebook.com/about/privacy.

You may at any time object to using your information for such remarketing. You can disable Facebook Tracking Pixel in your Facebook account settings or in the following cookie tracking settings at any time.

Content recommendation

In accordance with your individual consent or in cases where this is expressly permitted by applicable e-mailing laws, UAB HODL SERVICES may send you marketing messages on your email address about products and services offered by UAB HODL SERVICES. In this case, we can also use your collected information to set up such marketing messages, and collect information about whether you opened the message and what link in the text you clicked on).

You can opt out or withdraw your consent to receive marketing emails at any time by either withdrawing the consent clicking the “unsubscribe” link provided in every marketing email.

Changes to the Privacy notice

This document may change periodically. We will notify you about important changes in the service itself or by email. We may periodically make changes to this Privacy notice and, if necessary, we will notify you about it (for example, by posting a notification in the Service or sending you an email and / or notification to your device). Your continued access to or use of the Service after the effective date of such changes will be governed by the revised Privacy notice. If you do not agree with the changes made to Privacy notice (in general and / or in part), please do not use the Service and delete your profile (if you want us to stop processing your personal data).

In any case, you can get acquainted with the current version of Privacy notice and all its previous versions on our website (blockbank.ai) . We recommend that you periodically review our website or Service applications to get the latest information about our privacy policies regarding your personal data.

You bear the risks associated with untimely familiarization with the Privacy Notice, changes and (or) additions made to the Privacy Notice before using the blockbank service.

The invalidation of certain provisions of the Privacy notice for any reason does not entail the invalidity of the Privacy notice as a whole and its other provisions.

Cookies

Cookies are small text files sent by us to your computer or mobile device. They are unique to your account or your browser. Session-based cookies last only while your browser is open and are automatically deleted when you close your browser. Persistent cookies last until you or your browser delete them or until they expire. To find out more about cookies, visit http://www.allaboutcookies.org/

Some cookies are associated with your account and personal information in order to remember that you are logged in and which workspaces you are logged into. Other cookies are not tied to your account but are unique and allow us to carry out analytics and customization, among other similar things.

Cookies can be used to recognize you when you visit a Site or use our Services, remember your preferences, and give you a personalized experience that’s consistent with your settings. Cookies also make your interactions faster and more secure.

Cookies also help provide us with aggregated auditing, research, and reporting, and know when content has been shown to you.

Some people prefer not to allow cookies, which is why most browsers give you the ability to manage cookies to suit you. In some browsers you can set up rules to manage cookies on a site-by-site basis, giving you more fine-grained control over your privacy. What this means is that you can disallow cookies from all sites except those that you trust.

Lithuanian Supervisoryauthority

Contacts of the authority that controls the use of your personal data by us:

State Data Protection Inspectorate
L. Sapiegos str. 17, LT-10312 Vilnius
Phones: +370 5 271 2804 / 279 1445
Consultations by phone +370 5 212 7532
E-mail [email protected]
Website: https://vdai.lrv.lt/en/

The entire list of supervisory authorities can be found at the link
https://edpb.europa.eu/about-edpb/about-edpb/members_en

Table 1: List of Processing

Processing Category of processing data Base for processing
Creating an account and providing access to the service data about a person, identifiers, location performance of contract
Application functionality data about a person, confidential information, location our legitimate interest in preventing fraud or other financial crime, and complying with statutory and regulatory requirements in relation to anti-money laundering and terrorist financing investigation and prevention
Payments and invoicing data about a person, identifiers, financial information performance of contract
Creating an account and providing access to the service Creating an account and providing access to the service performance of contract
Card data storage data about a person, financial information consent
Elimination and prevention of failures and errors, protection the service data performance of contract
Providing technical support data about a person, identifiers, location, usage data / app activity, app info and performance, financial information performance of contract
Fulfill our tax obligations data about a person, financial information legal obligation
Fulfill our accounting obligations data about a person, financial information our legitimate interest in performing accounting

Table 2: Category of Data

What’s included in processing data categories Data
Data about a person full name, address, date of birth, email address, citizenship, residency, language, password, phone number
Identifiers IP address, user ID, other online identifiers, social security number, driver’s license number, passport number, or other similar identifiers
Location precise or coarse / approximate location or the location of your device, time zone, country
Financial information payments, income, funds, bank card data, cryptographic keys, transactions, or any other financial information
Usage data / app activity interaction with the Service, for example, launching applications, touches, clicks, scrolling information, or other information about how the user interacts with the application, any other data about user activity in the application
App info and performance сrash, data information about hardware and software, information about Internet connection, other diagnostic data, performance data

Table 3: Service providers

Supplier categories The supplier and its product or service / country of service provided Services Links to the supplier’s privacy information, documents describing the relevant measures and guarantees of confidentiality
Technical providers

Amazon Web Services EMEA SARL (EU, Luxembourg)

Amazon Web Services (AWS)

Data storage on servers located in the European Union. AWS prohibits, and its systems are designed to prevent, remote access by AWS personnel to customer data for any purpose, including service maintenance, unless access is requested by us, is required to prevent fraud and abuse, or to comply with law.
https://aws.amazon.com/blogs/security/aws-and-the-general-data-protection-regulation/
https://aws.amazon.com/security/
Privacy policy: https://aws.amazon.com/compliance/data-privacy-faq/
KYC provider

Sum and Substance Ltd (UK)

Sumsub

Know-Your-Customer (KYC) procedure https://sumsub.com/privacy-notice/