1. GLOSSARY
1.1. All capitalised terms used in this Privacy Policy (the Policy) shall have the following meaning:
1.1.1. Applicable Law - means laws, rules, and regulations applicable to the Company and/or the Client and their activities, including the provision and use of Services, both at the European Union (the EU) and national level.
1.1.2. Account - means a unique user profile at the Client Portal assigned to the Client, enabling the Client to access the Services.
1.1.3. Company - means Fincryptou, UAB, a private limited liability company, legal entity code: 306068445, registered office address: Lvivo st. 21A, LT-09309 Vilnius, Lithuania. The Company is a registered Crypto-Asset Service Provider, supervised by the Financial Crimes Investigation Service (FCIS) under the Ministry of Internal Affairs of the Republic of Lithuania, and complies with Applicable Laws, including the Markets in Crypto-Assets Regulation (MiCA).
1.1.4. Client - means any legal or natural person who is a party to the Terms and Conditions and has either requested or is currently using the Services provided by the Company.
1.1.5. Client Portal - means a secure web-based platform operated by the Company, through which the Client accesses and utilizes the Services.
1.1.6. GDPR - means the General Data Protection Regulation (EU) 2016/679, which governs data protection and privacy within the EU and European Economic Area (the EEA), establishing rules for the collection, processing, and storage of Personal Data.
1.1.7. Personal Data - means any information related to an identified or identifiable natural person (the Data Subject), as defined by the GDPR; this includes, but is not limited to, name, email, address, phone number, government-issued identification, financial data, transaction details, and online identifiers.
1.1.8. Services - means the services provided by the Company to the Client through its platform in accordance with the Terms and Conditions, and other agreements, if any.
1.1.9. Terms and Conditions - means the Terms and Conditions of the Company available at the Website.
1.1.10. Website - means the Company’s website, located here.
1.2. Other terms shall have the meaning given to them in the body of this Policy and Terms and Conditions.
1.3. The section headings are provided for convenience only and shall not influence the interpretation of this Privacy Policy. The words “include” and “including” shall be interpreted to mean “without limitation.” Any references to singular terms shall also apply to their plural forms and vice versa.
2. INTRODUCTION
2.1. The Company (hereinafter also referred to as we, us, or our) is committed to protecting your (hereinafter also referred to as you, your, user) privacy, the confidentiality of your Personal Data, and ensuring compliance with Applicable Laws, including data protection laws. This Privacy Policy applies to all visitors who access our Website and/or Client Portal and Clients who utilize our Services, including any related functionalities, tools, or integrations owned or operated by the Company.
2.2. We encourage you to read this Privacy Policy carefully, as it forms an integral part of our Terms and Conditions. By accessing the Website, Client Portal, or using our Services, you confirm that you have read and agreed to this Privacy Policy. If you do not agree with any provisions in this Privacy Policy, you must immediately cease using the Website, Client Portal, and discontinue access to our Services.
2.3. This Privacy Policy provides a transparent explanation of how we collect, process, store, protect, and disclose your Personal Data and covers:
2.3.1. The types of Personal Data we collect;
2.3.2. The purposes for which your Personal Data is collected and used;
2.3.3. How we store and protect your Personal Data;
2.3.4. How long we retain your Personal Data;
2.3.5. Circumstances under which we share your Personal Data with third parties;
2.3.6. Your rights under the GDPR and other Applicable Law.
2.4. We continuously improve our Website, Client Portal, and Services, and may develop or offer new features, functionalities, or services. If any new feature, functionality, or services materially change how we collect or process your Personal Data, we will notify you in advance. Unless stated otherwise, new features, functionalities or additional services will be subject to this Privacy Policy.
2.5. The Company is the data controller, meaning we determine the purposes and means of processing your Personal Data. In certain cases, we may share your Personal Data with affiliates or third-party service providers in compliance with this Privacy Policy and Applicable Law.
2.6. This Policy is prepared in accordance with the following laws and regulations:
2.6.1. GDPR;
2.6.2. Law on the Legal Protection of Personal Data of the Republic of Lithuania;
2.6.3. Guidelines issued by the State Data Protection Inspectorate.
2.7. If any discrepancies between this Policy and the Applicable Laws, indicated in Clause 2.6 above, are identified, the legal acts must be followed until such discrepancies are properly eliminated. If you notice any discrepancies between this Policy and the specified legal acts, please contact us immediately by email at info@fincryptou.com.
3. PERSONAL DATA COLLECTION
3.1. The categories of Personal Data we collect, along with details on how we collect and process it, are as provided below.
(A) Personal Data provided by you:
3.2. We collect Personal Data that you voluntarily provide to us when you:
3.2.1. Register an Account on the Client Portal;
3.2.2. Use our Services;
3.2.3. Contact our customer support team or otherwise communicate with us;
3.2.4. Submit identity verification documents as required by AML/KYC laws and regulations.
3.3. Such Personal Data may include, but is not limited to:
3.3.1. Full name, email address, phone number;
3.3.2. Date of birth, gender, nationality, country of residence;
3.3.3. Home address, postal code, city, and country;
3.3.4. Photograph, signature, government-issued identification (passport, driver’s license, ID card);
3.3.5. Payment details, credit/debit card information, bank account details;
3.3.6. Company registration details (for legal entities) (name, legal form, registration number, head office, ownership structure, shareholder and representative details, licence details if applicable, AML/CTF documentation if applicable, sample client documentation if applicable);
3.3.7. Tax identification number;
3.3.8. Proof of address (utility bills, rental agreements, employer declaration, etc.);
3.3.9. Financial transactions history, transaction recipients, and transaction confirmations;
3.3.10. Crypto wallet addresses;
3.3.11. Source of wealth information (could include dividend statements, copies of sale contract of tangible/intangible assets, payslips, employment agreements, agreements and invoices with third parties).
(B) Personal Data collected automatically:
3.4. When accessing the Website and/or the Client Portal, we automatically collect:
3.4.1. Device type and unique identification numbers;
3.4.2. Browser type, version, and language settings;
3.4.3. Date and time of site visits and requests;
3.4.4. Online identifiers, including cookies and IP addresses;
3.4.5. Interaction history, such as clicked links, visited pages, and session duration;
3.4.6. Geographic location (non-precise, based on IP address);
3.4.7. Operating system version and technical logs.
(C) Personal Data from third-party sources:
3.5. We may collect the Personal Data from external sources, including:
3.5.1. Public databases (e.g., regulatory compliance databases);
3.5.2. Payment service providers (e.g., transaction verification);
3.5.3. Identity verification partners (e.g., KYC/AML compliance);
3.5.4. Technical service partners (e.g., cybersecurity firms monitoring fraud and suspicious activity);
3.5.5. Advertising and marketing partners (e.g., analytics and targeted advertising).
(D) Personal Data that we do not knowingly collect:
3.6. We do not knowingly collect sensitive Personal Data, such as:
3.6.1. Racial or ethnic origin;
3.6.2. Religious or philosophical beliefs;
3.6.3. Biometric data (only if required for identity verification under KYC/AML regulations).
3.7. If we receive any sensitive Personal Data unintentionally, it will be deleted unless required to be kept for regulatory compliance.
3.8. To verify your identity, we engage a third-party service provider Ondato UAB (https://ondato.com/authentication-solutions/biometric-authentication/)(hereinafter also referred to as Ondato). This provider captures images or video footage of your face and your identification document via your device’s camera, either through a mobile app or a secure web platform. More details about how Ondato processes personal data can be found in their Privacy Policy: Privacy Policy | Ondato.
Ondato’s technology is used to compare the live images or video of you with your ID document. This comparison helps us meet legal requirements, such as those imposed by the Law on the Prevention of Money Laundering and Terrorist Financing of the Republic of Lithuania, as well as to support broader fraud prevention and risk management obligations. The outcome of the face comparison (whether a match or not) is stored only for as long as needed for verification and in line with applicable anti-money laundering laws, currently up to 8 years following the end of business relationship.
When using Ondato’s services, certain personal data is collected and shared with us to confirm that the individual shown in the ID matches the person in the submitted photo. If you prefer not to use this identification process, you can reach out to us at info@fincryptou.com to request an alternative means of verification.
4. LEGAL BASIS AND PURPOSE FOR PROCESSING
4.1. We process your Personal Data based on one or more legal bases as outlined under Article 6 of the GDPR. Below are the primary legal grounds we rely upon and the associated purposes for which we use your Personal Data.
(A) Contractual obligations and agreements:
4.2. We collect, process, and store your Personal Data where necessary to:
4.2.1. Provide you with access to the Client Portal and our Services;
4.2.2. Register, verify, and manage your Account;
4.2.3. Process orders and transactions;
4.2.4. Ensure compliance with contractual obligations under agreements concluded.
4.3. The legal basis for the processing is Article 6(1)(b) of GDPR – processing is necessary for the performance of a contract to which you are a party.
(B) Compliance with legal and regulatory requirements:
4.4. We are subject to strict regulatory obligations under the anti-money laundering (the AML) and counter financing of terrorism (the CFT) laws, data protection laws, and other Applicable Laws, and to comply with these laws and regulations, we may:
4.4.1. Identify and verify the Client under the know-your-customer (the KYC) and AML procedures;
4.4.2. Monitor and report suspicious transactions to relevant regulatory authorities;
4.4.3. Retain transaction records in compliance with financial and crypto regulations;
4.4.4. Ensure compliance with taxation, anti-fraud, and risk management regulations.
4.5. The legal basis for the processing is Article 6(1)(c) of GDPR – processing is necessary to comply with a legal obligation applicable to the Company. Legal obligations - Law on Prevention of Money Laundering and Terrorist Financing of the Republic of Lithuania; and Order of the Financial Investigations Unit No V-314.
(C) Legitimate interests for security, fraud prevention, and risk management:
4.6. We may process your Personal Data based on our legitimate interest in maintaining the integrity, availability, and confidentiality of our systems, Services, and financial operations. This includes measures to:
4.6.1. Detect, investigate, and prevent fraudulent activities, unauthorized access or policy violations;
4.6.2. Monitor system integrity, respond to cyber threats, and enforce our Terms and Conditions;
4.6.3. Protect our users, infrastructure, and reputation from misuse, abuse, or criminal activity;
4.6.4. Assess and manage operational, legal, and reputational risks arising from service delivery.
4.7. Given the nature of our business as a crypto-asset service provider, we apply cryptocurrency-specific security protocols in addition to standard safeguards. The majority of customer funds are held in cold wallets, fully offline and inaccessible via the internet, while a limited portion is maintained in hot wallets under continuous monitoring. Multi-signature authorization is required for all wallet transactions to prevent unilateral access.
4.8. We employ blockchain analytics tools to monitor transaction behavior in real time, detect fraud, and identify interactions with high-risk addresses (e.g., mixers or obfuscation services). Private cryptographic keys are stored in encrypted hardware security modules (HSMs) with access restricted to authorized personnel under strict procedural controls.
4.9. The legal basis for processing is Article 6(1)(f) of GDPR – processing is necessary for our legitimate interests, provided that such interests do not override your rights and freedoms.
(D) Marketing, promotion, and advertising:
4.10. We may use Personal Data to:
4.10.1. Send you promotional offers, newsletters, and product updates via email or notifications;
4.10.2. Provide personalized content and recommendations based on your usage;
4.10.3. Analyze marketing effectiveness and user engagement trends;
4.10.4. Collect feedback to improve customer service quality.
4.11. The legal basis for processing is:
4.11.1. Article 6(1)(a) of GDPR – we process your Personal Data for direct marketing purposes only with your explicit consent.
4.11.2. Article 6(1)(f) of GDPR – we may process Personal Data for direct marketing based on our legitimate interests, where applicable (in the presence of the conditions established in Paragraph 2 of).
4.12. For direct marketing purposes, the collected Personal Data can be processed for 2 (two) years following the receipt of your consent.
4.13. You may opt out of marketing communications at any time by adjusting your communication preferences. Also, the person who has given consent always has the right to unsubscribe from all or part of the direct marketing offers at any time. This can be done by clicking on the link in the newsletter/offer received, which allows you to opt out of receiving all or part of the direct marketing offers. It is also possible to unsubscribe from direct marketing offers by writing an email to info@fincryptou.com. Declining direct marketing offers does not have negative consequences; only that the relevant offers, news, or other direct marketing information will no longer be provided in the future.
(E) Exercising or defending legal claims:
4.14. We may use Personal Data in legal proceedings to:
4.14.1. Investigate, resolve, and respond to disputes;
4.14.2. Establish, enforce, or defend legal claims;
4.14.3. Cooperate with law enforcement, courts, or regulatory agencies as required by law.
4.15. The legal basis for processing is Article 6(1)(f) of GDPR – processing is necessary for our legitimate interest in exercising or defending legal claims.
(F) Research and service development:
4.16. To improve our Website, Client Portal, and Services, we may:
4.16.1. Analyze usage trends and user behavior to optimize platform functionality;
4.16.2. Conduct research, statistical analysis, and product development;
4.16.3. Test and deploy new features and enhance customer experience.
4.17. The legal basis for processing is Article 6(1)(f) of GDPR – processing is necessary for our legitimate interests in improving and developing our Services.
(G) Communication and customer support:
4.18. We use Personal Data to:
4.18.1. Send emails, system updates, and Service notifications;
4.18.2. Respond to inquiries, complaints, and customer support requests.
4.19. The legal basis for processing is Article 6(1)(b) of GDPR – processing is necessary for the performance of a contract (e.g., responding to support requests).
(H) Get in touch:
4.20. When you submit an inquiry via the Website or the Client Portal, we will contact you using the contact details you provide to deliver the requested information.
4.21. Personal data processed for the purpose of responding to your inquiry includes name, surname, email address, subject, and message content.
4.22. The legal basis for processing is Article 6(1)(a) of GDPR – the legal basis for processing personal data is the consent you provide when submitting an inquiry via the Website or Client Portal for the purpose of receiving information.
4.23. The Personal Data provided will be processed and stored for 12 (twelve) months from the date of inquiry submission.
(I) The candidates’ data processing:
4.24. When you submit your CV via the Website, we may contact you using the contact details you provide if your candidacy is suitable for the positions we are seeking to fill.
4.25. The legal basis for processing is Article 6(1)(a) of GDPR – the legal basis for processing Personal Data is the consent you provide when submitting your CV via the Website for the purpose of applying for the job positions being offered.
4.26. The Personal Data provided will be processed and stored for 12 (twelve) months from the date of your CV submission.
(J) No processing beyond stated purposes:
4.27. We will not process your Personal Data for any purpose not mentioned above unless:
4.27.1. You have provided explicit consent for such processing;
4.27.2. Processing is required by the Applicable Law;
4.27.3. Processing is necessary to protect vital interests (e.g., preventing harm).
5. SHARING PERSONAL DATA
5.1. We only share your Personal Data when necessary for:
5.1.1. Providing our Services;
5.1.2. Fulfilling legal obligations;
5.1.3. Protecting our security and business interests.
5.2. We will never sell your Personal Data to third parties. However, we may disclose your Personal Data under the circumstances provided below.
(A) Financial institutions and payment processors:
5.3. We may share your Personal Data with banks, financial institutions, and payment processors to:
5.3.1. Facilitate payments, withdrawals, and transactions;
5.3.2. Verify your identity and comply with AML regulations;
5.3.3. Detect fraudulent activities and unauthorized transactions.
(B) Legal and regulatory authorities:
5.4. We may share Personal Data if required by:
5.4.1. A court order, arbitration ruling, or government directive;
5.4.2. Regulatory authorities for AML/KYC compliance;
5.4.3. Law enforcement agencies that are investigating fraud, cybercrime, or illegal activity.
(C) Business transfers such as mergers and acquisitions:
5.5. In case of a merger, acquisition, restructuring, or asset sale, we may transfer your Personal Data to the acquiring entity; however, before such transfer:
5.5.1. We will ensure data protection safeguards are in place;
5.5.2. We will notify you before your data becomes subject to a different privacy policy.
(D) Service providers and business partners:
5.6. We work with trusted third-party providers who support our operations, including:
5.6.1. Cloud storage and IT service providers;
5.6.2. Fraud prevention and cybersecurity firms;
5.6.3. Identity verification and authentication services;
5.6.4. Marketing and analytics platforms;
5.6.5. Blockchain analytics tools to monitor transaction behavior in real time, detect fraud, and identify interactions with high-risk addresses (e.g., mixers or obfuscation services).
5.7. All third-party service providers are contractually bound to:
5.7.1. Use your Personal Data only for specified purposes;
5.7.2. Implement security measures to protect your Personal Data;
5.7.3. Comply with applicable data protection laws.
(E) Legal, banking, and compliance advisors:
5.8. We may share Personal Data with law firms, auditors, tax consultants, and regulatory compliance advisors to:
5.8.1. Ensure legal and financial compliance;
5.8.2. Conduct internal audits and regulatory reporting;
5.8.3. Assess risks and maintain business continuity.
6. INTERNATIONAL TRANSFERS
6.1. We may share, transfer, or process your Personal Data outside of your country of residence, including to jurisdictions that may not have the same data protection laws as those within the EEA, Switzerland, or the United Kingdom (the UK). Such transfers may occur when we:
6.1.1. Engage third-party service providers, affiliates, or business partners to support our operations and provide our Services;
6.1.2. Store data on cloud servers or IT infrastructure providers located in different jurisdictions;
6.1.3. Facilitate international payments and financial transactions through banks, payment processors, or financial institutions operating globally;
6.1.4. Comply with legal obligations, including law enforcement requests and regulatory reporting in jurisdictions where we operate.
6.2. When transferring your Personal Data outside the EEA, Switzerland, or the UK, we ensure adequate protection by implementing one or more of the following safeguards:
6.2.1. Adequacy decisions – if the country has been deemed by the European Commission to offer an adequate level of data protection, we may transfer Personal Data without additional safeguards.
6.2.2. Standard Contractual Clauses (the SCCs) – where no adequacy decision exists, we use SCCs approved by the European Commission, requiring third-party recipients to comply with EU data protection standards.
6.2.3. Binding Corporate Rules (the BCRs) – where relevant, we ensure that affiliates or service providers implement BCRs that are approved by EU regulators.
6.2.4. Other legal mechanisms – in certain situations, we may rely on specific derogations under Article 49 of GDPR, such as your explicit consent or the necessity of data transfers to fulfill contractual obligations.
6.3. Additional safeguards:
6.3.1. We conduct risk assessments before transferring any Personal Data outside the EEA;
6.3.2. We limit cross-border transfers to only what is necessary to fulfill our Services and legal obligations;
6.3.3. We continuously monitor the legal landscape to ensure compliance with changing data protection laws (e.g., Post-Schrems II Ruling).
6.4. If you require further details regarding international transfers, you may contact our Data Protection Officer at info@fincryptou.com.
7. THIRD PARTY WEBSITES
7.1. Our Website and Client Portal, and Services may contain links, advertisements, or integrations that redirect you to third-party websites, services, or platforms that are not owned or controlled by the Company. These third-party websites operate under their own privacy policies and terms of service, and we do not assume responsibility for their data collection, processing, or security practices.
7.2. If you click on a third-party link or use a third-party service, the collection, storage, and use of your Personal Data will be governed by that third party’s privacy policy, which may differ from ours. We strongly encourage you to review the privacy policies and terms of any external website or service before engaging with them.
7.3. Examples of third-party interactions may include:
7.3.1. Clicking on an advertisement displayed on our Website, the Client Portal, and being redirected to an external website;
7.3.2. Using third-party payment gateways or financial service providers to complete a transaction;
7.3.3. Engaging with social media integrations (e.g., Facebook, Twitter, LinkedIn) that track user interactions.
7.4. If you create an Account or interact with our Services through a third-party platform (e.g., via a partner website, mobile app, or social media login), your Personal Data may be shared with the owner of that third-party site, meaning that:
7.4.1. Your Personal Data will be subject to that third party’s privacy policy;
7.4.2. The Company is not responsible for how the third party processes your Personal Data;
7.4.3. Any disputes, data protection concerns, or privacy rights related to the third-party platform must be handled directly with that provider.
7.5. We do not control and are not liable for how third parties collect, use, or secure your Personal Data. If you have concerns about a third-party website or service, you should contact their support team or refer to their privacy policy.
8. RETENTION OF PERSONAL DATA
8.1. The Company retains your Personal Data only for as long as necessary to:
8.1.1. Provide, maintain, and improve our Services;
8.1.2. Fulfill contractual and legal obligations;
8.1.3. Ensure compliance with the Applicable Laws and regulations;
8.1.4. Meet accounting, tax, audit, and financial reporting requirements;
8.1.5. Investigate security incidents, fraud, and enforce our legal rights;
8.1.6. Defend against potential claims and disputes.
8.2. The retention period for different types of Personal Data depends on:
8.2.1. The nature of the data and its processing purpose;
8.2.2. Legal and regulatory requirements applicable to our business;
8.2.3. The existence of ongoing disputes or investigations;
8.2.4. Our legitimate business interests such as fraud prevention and cybersecurity.
8.3. Upon your request, we will delete or anonymize your Personal Data, provided that:
8.3.1. There are no pending legal or regulatory requirements that necessitate retention;
8.3.2. There is no ongoing dispute or unresolved issue related to your Account;
8.3.3. We do not need to retain your Personal Data for legitimate business purposes, such as:
(a) preventing fraud;
(b) complying with AML/KYC regulations;
(c) ensuring platform security.
8.4. We retain your Personal Data according to the following categories:
8.4.1. Account information – stored as long as the Account is active, and for a period required by Applicable Laws after termination;
8.4.2. Transaction and financial data – 8 (eight) years (from the date of termination of transactions or business relationships with the Client); however, the term may be extended for no longer than 2 years upon a justified request from a competent authority. Identity verification (KYC) data – 8 years (from the date of termination of transactions or business relationships with the Client), however, the term may be extended for no longer than 2 years upon a justified request from a competent authority records;
8.4.3. Documents for the prevention of money laundering and international sanctions avoidance (Transaction Registration Log) - 8 (eight) years (from the date of termination of transactions or business relationships with the Client), however, the term may be extended for no longer than 2 years upon a justified request from a competent authority.
8.5. If you have closed your Account, we may continue to store limited Personal Data:
8.5.1. To comply with legal and regulatory obligations;
8.5.2. To defend against legal claims or prevent fraudulent activities;
8.5.3. To resolve any pending disputes.
8.6. Once the retention period expires, your Personal Data will be:
8.6.1. Permanently deleted from our systems;
8.6.2. Anonymized so it can no longer be linked to you;
8.6.3. Securely stored in an encrypted format, if required for historical or statistical purposes.
8.7. If you require further details about how long we retain specific data categories, please contact our Data Protection Officer at info@fincryptou.com.
9. PROTECTION OF PERSONAL DATA
9.1. We take Personal Data security seriously and implement technical, administrative, and organizational measures to protect your Personal Data from:
9.1.1. Unauthorized access or disclosure;
9.1.2. Data breaches, cyberattacks, and hacking attempts;
9.1.3. Loss, alteration, or destruction of Personal Data;
9.1.4. Unlawful processing and misuse.
9.2. Our security measures include:
9.2.1. Data encryption - we use AES-256 and TLS/SSL encryption to protect Personal Data in transit and at rest;
9.2.2. Access controls - we enforce strict access permissions based on the principle of least privilege (PoLP);
9.2.3. Multi-factor authentication (MFA) - we require MFA for all administrative and privileged access;
9.2.4. Intrusion detection systems (IDS) - we monitor for suspicious activities using real-time security analytics;
9.2.5. Regular security audits - we conduct penetration testing, vulnerability assessments, and internal security reviews;
9.2.6. Data minimization - we limit data collection to what is strictly necessary for legitimate purposes;
9.2.7. Anonymization and pseudonymization - we apply data anonymization techniques to protect sensitive information;
9.2.8. Incident response plan - we have a dedicated response team to handle potential security breaches.
9.3. While we take extensive steps to secure your Personal Data, you also play a role in protecting your Account. We strongly recommend that you:
9.3.1. Use a strong, unique password for your Account;
9.3.2. Enable multi-factor authentication (MFA);
9.3.3. Never share your login credentials with anyone;
9.3.4. Log out of your Account after each session, especially when using public or shared devices;
9.3.5. Beware of phishing emails and fraudulent requests pretending to be from the Company;
9.3.6. Regularly update your software and devices to protect against malware and security vulnerabilities.
9.4. If you believe your Personal Data has been compromised, accessed without authorization, or misused, please contact us immediately at the Company’s email address or registered office address as provided in Clause 13.1 hereof. We will investigate all security reports and take appropriate measures to resolve the issue.
10. PRIVACY RIGHTS
10.1. Depending on your jurisdiction, you may have the following privacy rights under the GDPR and other Applicable Laws:
10.1.1. Right to be Informed – you have the right to know how your Personal Data is collected, used, and stored;
10.1.2. Right to access – you can request a copy of the Personal Data we process about you;
10.1.3. Right to rectification – you may request to update or correct inaccurate Personal Data;
10.1.4. Right to erasure – the right to be forgotten – you may request the deletion of your Personal Data, subject to legal obligations;
10.1.5. Right to restrict processing – you can request that we temporarily or permanently stop processing your Personal Data under certain conditions;
10.1.6. Right to object – you can object to the processing of your Personal Data when it is based on legitimate interests or used for direct marketing;
10.1.7. Right to data portability – you may request a structured, machine-readable copy of your Personal Data to transfer it to another provider;
10.1.8. Right to withdraw consent – if processing is based on your consent, you have the right to withdraw it at any time;
10.1.9. Right not to be subject to automated decision-making – you have the right to request human intervention if decisions significantly affecting you are made through automated processes.
10.2. Limitations to your rights:
10.2.1. Your privacy rights are not absolute and may be subject to legal obligations, financial regulations, and compliance measure;
10.2.2. In cases where we must retain your Personal Data for regulatory or security reasons, we may deny deletion requests;
10.2.3. If we reject a request, we will provide a justification in accordance with Applicable Law.
10.3. How can you exercise your rights:
10.3.1. To make a privacy request, please contact our Data Protection Officer at info@fincryptou.com;
10.3.2. We will review your request and respond within one month, as per Article 12(3) of the GDPR;
10.3.3. If you are not satisfied with our response, you have the right to lodge a complaint with the Lithuanian State Data Protection Inspectorate or your local data protection authority.
11. PERSONAL DATA OF CHILDREN
11.1. The Company does not knowingly collect, process, or store Personal Data from individuals under the age of 18. Moreover, our Services are strictly intended for adults, and we do not target or provide access to minors.
11.2. If we become aware that a minor under 18 years old has provided us with Personal Data, we will:
11.2.1. Immediately close the associated Account;
11.2.2. Securely delete the minor’s Personal Data from our systems, unless retention is legally required;
11.2.3. Take additional security measures to prevent further access.
11.3. If you believe that a minor has provided us with Personal Data, please contact us immediately at info@fincryptou.com so we can take the appropriate action.
11.4. In cases where a minor has fraudulently provided false age-related information to gain access to our Services, we disclaim liability for any resulting data processing but will take appropriate corrective actions once identified.
12. AMENDMENTS OF THIS POLICY
12.1. We may update, amend, or modify this Policy periodically to reflect:
12.1.1. Changes in legal or regulatory requirements;
12.1.2. Updates to our Services, technologies, or business practices;
12.1.3. Security or compliance improvements;
12.1.4. User feedback and best practices in the field of data protection.
12.2. When significant changes are made to this Privacy Policy, we will:
12.2.1. Provide you with a 60-day prior notice;
12.2.2. Made available the updated Privacy Policy on the Website;
12.2.3. Ensure continued compliance with GDPR and other Applicable Law.
12.3. Your continued use of our Services:
12.3.1. If you continue using the the Client Portal and our Services after changes take effect, it will be deemed as acceptance of the updated Policy.
12.3.2. If you do not agree with any modifications, you must stop using our Services and request account closure by contacting info@fincryptou.com.
12.4. In case of non-significant changes to this Policy such as (i) style and grammar corrections, paraphrasing and moving a sentence, a clause for the sake of better understanding, or (ii) other changes which do not reduce or limit your rights and do not otherwise affect you negatively, we will not provide any prior notice to you.
12.5. We encourage you to review this Policy periodically to stay informed about how we protect your Personal Data.
13. CONTACT DETAILS
13.1. If you have any questions, concerns, or requests regarding this Privacy Policy, or if you wish to exercise your privacy rights, please contact our Data Protection Officer at:
13.1.1. email address of the Company: info@fincryptou.com;
12.1.2. registered office address: Lvivo st. 21A, LT-09309 Vilnius, Lithuania.
13.2. We will respond to inquiries within the legally required timeframe, in accordance with the GDPR and other Applicable Laws.
13.3. If you are dissatisfied with our response, you have the right to lodge a complaint with the Lithuanian State Data Protection Inspectorate (address: L. Sapiegos st. 17, LT-10312 Vilnius, Lithuania; email: ada@ada.lt) or your local data protection authority.
14. FINAL PROVISIONS
14.1. This Privacy Policy may be translated into multiple languages for convenience; however, the language in which the Privacy Policy was approved by you shall prevail in case of any discrepancies or conflicts.
14.2. If any provision of this Privacy Policy is found to be invalid or unenforceable under the Applicable Law, such provision shall be deemed ineffective only to the extent necessary without affecting the enforceability of the remaining provisions.
14.3. You confirm that you have read, understood, and accepted this Privacy Policy to the full extent. You further acknowledge that you have independently assessed your rights, obligations, and any associated risks before starting to use our Website, the Client Portal, or our Services.
We are using Cookies! For more information please view the Cookie Policy.
© 2025 | All Rights Reserved
LT