E-Gates Privacy Notice
Last Updated: May 22, 2023
1. Why Do You Need this Privacy Notice?
We encourage you to carefully read this Privacy Notice as it provides you with information about your personal data being processed in connection with your access to and use of the Services. This Privacy Notice also governs the processing of personal data in relation to the Communication Channels.
In this Privacy Notice, personal data and personal information are used as synonyms and mean any information that directly or indirectly identifies you as an individual. In this Privacy Notice we explain which types of personal data we hold on you, how we collect and process such data, how long we keep it, and so on.
If you are not a registered user and you are using the KYC Services upon instructions provided by one of our Users, please read the last Section of this Privacy Notice — “Notice to External Users”.
2. Where Can You Find the Definitions?
Unless otherwise provided in this Privacy Notice, capitalised terms used in this Privacy Notice havethe meaning determined in the E-Gates Terms of Service (the “Terms”). We encourage you to read the Terms carefully as they affect your obligations and legal rights.
3. Who Are We and How to Reach Us?
The Services are provided by UAB “E-Gates”, a company established under the laws of Lithuania (“we”, “us”, or “our”), , however, KYC Services are provided by UAB “Global verification platform PassMe”, a company, established under the laws of Lithuania, in which case “we”, “us”, or “our” refer also to UAB “Global verification platform PassMe”. With respect to personal data collected when you access and use the Services and Communication Channels, we may act as a data controller, joint data controller, or a data processor depending on applicable circumstances as described below in this Privacy Notice.
We process your personal data in accordance with this Privacy Notice and we endeavour to comply with the applicable data protection legislation, which includes the General Data Protection Regulation, also known as the GDPR (the “Applicable Legislation”).
If you have any questions regarding this Privacy Notice or the processing of your personal data, do not hesitate to contact us via the following contact details:
Name: UAB “E-Gates”, a company established under the laws of Lithuania
Address: Žalgirio g. 88-101, 306155430 Vilnius, Lithuania
Email: legal@E-Gates.io
PassMe: info@passme.cc
Name: UAB “Global verification platform PassMe"
Address: Žalgirio g. 88-101, LT-09303, Vilnius,Lithuania
Email: legal@E-Gates.io
4. What Are Our Principles?
Lawfulness. We endeavour to process personal data in accordance with the Applicable Legislation and only on the basis of the appropriate legal grounds.
Fairness. We do our best to handle personal data in ways that you would reasonably expect and we do not use any personal information in ways that have unjustified adverse effects on you. We do not deceive or mislead Users when we collect their personal data.
Transparency. We endeavour to make the processing activities transparent and understandable for you, including by providing you with all reasonably necessary information regarding the processing.
Data Minimisation. We endeavour to process only necessary personal data, taking into consideration the requirements of the Applicable Legislation.
Purpose Limitation. We process your data only for the purposes it was collected. If we establish any other purpose, we will inform you reasonably in advance.
Accuracy. We endeavour to ensure the accuracy of your personal data, including by providing you with the opportunity to rectify or complete it.
Confidentiality, Integrity, and Availability. We try to comply with the best practices applicable to the development and maintenance of the security systems.
Storage Limitation. We keep the personal data as long as prescribed in this Privacy Notice, based on the purposes the data was collected.
Accountability. We endeavour to comply with the Applicable Legislation, and, furthermore, if we disclose personal data to any person, we will do our best to ensure that such person will comply with the terms of the Applicable Legislation and this Privacy Notice.
5. What Personal Data Do We Collect?
The categories of personal data we collect depend on how you interact with us, use the Services, and the requirements of the Applicable Legislation. We collect and process the following types of personal data as outlined below. Please note that we may also collect certain other information, which may be required under the applicable laws.
| Category of Data | Examples | Description or Comments |
| Account Data | email address | - |
| password | ||
| internal ID | When a User Account is created, a unique internal ID, which essentially is a random identification number, will be automatically assigned to each such User Account. The internal ID is technically necessary to operate the Services and used for internal purposes to count the Users. Without any other pieces of data, the internal ID does not identify you as an individual. | |
| Verification Data | first name, last name, and middle name | - |
| gender | ||
| job title (if you act on behalf of a legal entity) | ||
| phone number | ||
| date of birth | ||
| facial image data and biometrical data | This may include photos of your face (including selfie images) and photos or scans of the face on the identification document, videos, and sound recordings, as well as facial features. | |
| ID document information | This may include your passport or ID card and associated information. | |
| address information | This includes information about the country of residence, city, ZIP code, name of the street, building and/or apartment number. | |
| proof of address | It means the respective document, confirming your residential address and associated information. | |
| information collected from public resources | When we conduct a verification, we also collect certain information that is publicly available, such as whether you are considered a politically exposed person (PEP), a nongrate person, or whether you are present on sanctions lists, or terrorist databases. We also conduct media reputation checks. | |
| Payment Data | Wallet Addresses | The “Wallet Address” means a public address on the respective blockchain associated with the relevant Digital Wallet. It constitutes a random set of symbols assigned by the respective blockchain network. |
| account details, such as: IBAN code or account number, name of beneficiary, etc. | Please note that account and card details are processed by the respective payment processors and/or payment service providers, which are separate data controllers with respect to such data. We neither process this data nor manage, control, or affiliate with such payment processors and/or payment service providers. | |
| card details, such as: card number, name of the holder, security code (also known as CVV or Card Verification Value code), expiry date, etc. | ||
| Transaction amount | References to “Wallet Address” and“Transaction” in this Privacy Notice apply tothe Wallet Addresses and Transactions onall applicable blockchain networks. | |
| Wallet Addresses, account or card details of sender and recipient | ||
| the type of Funds used in the respective Transaction | ||
| Transaction time and date | ||
| Transaction status | ||
| Transaction ID | ||
| Technical Data | internet protocol (IP) address | This means a unique address of a device, which allows us to identify your approximate location (country, city, region, ZIP code). For better understanding, IP addresses are expressed as a set of numbers, for instance: 194.150.2.33. |
| browser details | This includes information about the browser type and its version. | |
| device details | This includes information about the type of the device (e.g., computer, tablet, or smartphone) and its model. | |
| operating system | This means the information about the type and version of the operating system on your device (e.g., Windows 10, macOS version 12.4, etc.). | |
| Analytical and Statistical Data | (a) Internet Protocol (IP) address; (b) the type of device used; (c) the device operating system; (d) the browser used; (e) information regarding your use of the Platform, for instance, when you clicked a certain button or made some input. | When you access and use the Platform, certain data may be collected automatically via Google Analytics. More information regarding Google Analytics is available here. After collecting the personal data, Google creates reports about the use of the Platform, which contain the aggregated information where we do not see any data pertaining to a particular person. In other words, we cannot identify you from the other users. For better understanding, IP address means an “online address” of a device, which may help to identify your approximate location (e.g, country, city or region, ZIP code). The IP addresses are expressed as a set of numbers, for example: 194.150.2.33. Please note that according to Google’s documentation, the IP address is anonymised (masked), so neither we nor Google can identify the IP address and precise location of a particular visitor. We gather the information by means of placing cookies. Cookies are a feature of the software that allows web servers to recognise the device used to access the Platform. A cookie is a small text file that the Platform saves on your device when you visit thereof. They allow the Platform to remember your actions and preferences over a period of time. Google solutions are operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and its affiliates including Google LLC, 1600, Amphitheatre Parkway, Mountain View, CA, 94043, USA. To our knowledge, the data collected via Google solutions is not anonymised (with the exception of the IP address) and will be transmitted to, processed and stored by Google in the United States. You can learn more about how Google processes personal data in Google’s privacy policy. Note that competent US state authorities may have access to the personal data collected via Google solutions. With respect to the personal data collected via Google solutions, Google acts as our data processor. However, Google may use this personal data for any of its own purposes, such as profiling and cross-platform tracking. In this case, Google acts as an independent data controller. You can learn more about Google tools here. |
| Contact Data | full name | - |
| contact details | This includes your email address and phone number (optional). | |
| any other data requested by us or data that you choose to provide us with | Please do not provide personal data unless it is reasonably necessary or requested by us. | |
| Subscription Data | email address | - |
| Social Media Data | nicknames, names, and/or photos | When you access or otherwise participate in our Communication Channels, you will need to use certain social media (the “Social Media”). In general, Social Media makes available the respective statistical information to us in an anonymised form. It is impossible for us to make any conclusions about individual users and access to individual user profiles relying solely on such information. Certain categories of personal data and processing details vary depending on the Social Media, therefore, please refer to the respective Social Media listed below. |
| messages, comments, and other communications | ||
| information provided to us by the respective Social Media as outlined below | ||
| other data that you choose to provide us with | ||
| Instagram Data | (i) visits to our Communication Channels; (ii) range of contributions; (iii) information about countries and cities where our visitors come from; (iv) statistics about the gender ratios of visitors; and (v) other statistical information related to the use of our Communication Channels. | Our Instagram accounts are operated by Meta Websites Ireland Limited, the service provider for Instagram (“Instagram”). Instagram collects and processes your personal data to the extent described in its privacy policy which can be found here. We and Instagram have entered into a so-called joint controller agreement, available here, to comply with the requirements of the Applicable Legislation. |
| Twitter Data | Our Twitter accounts are operated by Twitter, Inc. or Twitter International Unlimited Company depending on where you are located (“Twitter”). Twitter collects and processes personal data to the extent described in its privacy policy which can be found here | |
| LinkedIn Data | Our LinkedIn pages are operated by LinkedIn Ireland Unlimited Company, (“LinkedIn”). LinkedIn collects and processes personal data to the extent described in its privacy policy which can be found here. We and LinkedIn have entered into a so-called joint controller agreement, available here, to comply with the requirements of the Applicable Legislation. | |
| Facebook Data | Our Facebook profiles are operated by Facebook Ltd. (“Facebook”). Facebook collects and processes personal data to the extent described in its privacy policy which can be found here. We and Facebook have entered into a so-called joint controller agreement, available here, to comply with the requirements of the Applicable Legislation. | |
| Telegram Data | certain anonymised statistical information regarding the use of our Telegram groups, chats, bots, and/or channels. | Our Telegram channels, groups, and bots are operated by Telegram Messenger Inc. (“Telegram”). Telegram collects and processes personal data to the extent described in its privacy policy which can be found here. |
| Reddit Data | visits to our Reddit pages | Our Reddit pages are operated by Reddit is Reddit Inc. (“Reddit”). Reddit collects and processes personal data to the extent described in its privacy policy which can be found here. |
| upvote rate and community karma earned | ||
| total shares | ||
| other statistical information regarding the use of our Reddit pages | ||
| Medium Data | visits to our Medium blogs | Our Medium blogs are operated by A Medium Corporation (“Medium”). Medium collects and processes personal data to the extent described in its privacy policy which can be found here. |
| the number of visitors who saw our posts, took the time to actually read or recommend them | ||
| other statistical information regarding the use of our Medium blogs |
6. How Do We Use Personal Data?
| Category of Data | Description | Lawful Basis for Processing |
| Account Data | To create and register a User Account in order to access and use certain Services. | To take steps at your request prior to entering into a contract, and, further, to perform a contract with you. |
| If you act on behalf of a legal entity 一 our legitimate interest to ensure the access and use of the Services by the legal entity you represent. | ||
| Verification Data | To identify you as an individual and verify your identity. | Compliance with our legal obligation under the applicable laws and regulations, including anti-money laundering and combating the financing of terrorism procedures. |
| To enable you to activate a User Account and/or use certain functionality of the Services. | ||
| Payment Data | To carry out certain Transactions, arising out and in connection with your use of the Services. | To perform a contract with you. |
| Our legal obligation to keep and retain the financial records to comply with the applicable laws. | ||
| Our legitimate interest as well as the interests of other Users to prevent and detect fraud and abuse, and protect the security of our Users. | ||
| Technical Data | To ensure the operation of the Services. | To perform a contract with you. |
| To ensure the security of your User Account, for instance by identifying suspicious activities. | ||
| Our legitimate interest to ensure the security of your User Account, improve the Services functionality and user experience, detect fraud and respond to requests from authorities. | ||
| To provide a better user experience by improving functionality, usability, user flow and interface of the Services. | ||
| Analytical and Statistical Data | To analyse the use of the Platform and provide a better user experience by improving the Platform user flow and interface. | Your consent. |
| Contact Data | To respond to your inquiry. | Our legitimate interest to respond to your inquiry. |
| Subscription Data | To provide you with marketingand newsletter emailsconcerning the Services,compliance guidance, as wellas general updates. | Your consent. You may revoke your consent and unsubscribe from receiving marketing and newsletter emails from us at any time by (i) contacting us; or (ii) clicking the unsubscribe button available at the bottom of each marketing and newsletter email. In such a case, we will delete your email address from the respective marketing database. Please note that administrative or service-related communications (security alerts, email verifications, maintenance notifications, etc.) are not considered marketing and such communications may not offer an option to unsubscribe. |
Social Media Data | To communicate with the visitors, participants, or subscribers. | Our legitimate interest to achieve the purposes outlined herein. To take steps at your request prior to entering into a contract and further to perform such a contract, if and to the extent you wish to enter into a contractual relationship with us. |
| To handle requests from visitors via the Communication Channels. | ||
| To obtain statistical information about the reach of the Communication Channels. | ||
To conduct customer surveys, marketing campaigns, market analyses, or other promotions and events. |
7. How Long Do We Process Your Data?
As a general rule, we keep personal data as long as it is necessary for the purposes it was collected. We may process certain personal data longer than outlined below, if it is necessary:
(a) to meet our legal obligations under the applicable law;
(b) in relation to anticipated or pending legal proceedings; or
(c) to protect our rights and legitimate interests or those of third parties.
| Category of Data | Storage Period | Rationale |
| Account Data | As long as you keep your User Account with the Services and for six (6) months after its termination, regardless of reason. | We process your Account Data as long as it is necessary for the operation of your User Account. We store your Account Data after its termination to exercise your right for reactivation of such User Account as provided in the Terms. |
| Verification Data | As long as you keep your User Account and for eight (8) years after its termination, regardless of reason. | We set this retention period due to our legal obligations under the applicable laws and regulations, including anti-money laundering and combating the financing of terrorism procedures. |
| Payment Data | As long as you keep your User Account and for eight (8) years after the completion of the respective Transaction. Please note that due to the nature of a blockchain, the Wallet Addresses and Payment Data associated therewith may be stored permanently on the applicable blockchain (not by us). | We set this retention period due to our legal obligations under the applicable laws and regulations, including anti-money laundering and combating the financing of terrorism procedures. |
| Technical Data | As long as you keep your User Account and for eight (8) years after its termination, regardless of reason. | We need such data for the purposes outlined by us above. |
| Analytical and Statistical Data | Up to two (2) years. You may find specific timelines here. | We need such data for the purposes outlined by us above. Specific timelines are set in the Google settings. |
| Contact Data | As long as you keep your User Account and for five (5) years after its termination. | We set this retention period due to our legal obligations under the applicable laws and regulations, including anti-money laundering and combating the financing of terrorism procedures. |
| Subscription Data | As long as you remain a subscriber. | We process such data only until you opt out from receiving our marketing and newsletter emails. |
| Social Media Data | No retention period for statisticaland analytical information. The personal data you provided us with is stored as long as it is not deleted by you or respective Social Media. Other personal data is processed as long as it is necessary for the purposes it was collected, unless otherwise is expressly provided, e.g. in a specific consent form or privacy notice or statement. | We do not establish any retention period for statistical and analytical information, because such information does not allow us to identify any particular individual. We may not be able to erase the personal data you provided us within the Communication Channels, therefore, such data is processed until either you or respective Social Media delete it. |
8. How Do We Share Your Data?
General. We do not sell or rent out your data. However, we may share your personal data in accordance with this Privacy Notice, Applicable Legislation, or with your consent, in each case for the purposes of and if it is reasonably necessary:
(a) to provide you with access to the Services and performance of our undertakings with you;
(b) for compliance with the applicable laws and regulations; or
(c) for our legitimate interest to maintain, improve and develop the Services.
Please note that if we share any portion of your personal data with third persons, we will endeavour to secure such transfer using appropriate legal, organisational, and technical measures.
Recipients. Given the purposes outlined above, your personal information is shared with the following categories of recipients:
(a) Affiliates;
(b) our contractors and suppliers who need to have access to your data in order to allow you to use certain functionality of the Services;
(c) analytical solution providers, such as Google;
(d) support and technical teams;
(e) verification service providers;
(f) email delivery service providers;
(g) hosting service providers;
(h) payment processors and payment service providers;
(i) government authorities, upon their request or if necessary to comply with our legal obligations;
(j) another entity if we sell or otherwise transfer the Services or their part; and
(k) other third-party solutions, which may be from time to time integrated in relation to the Services.
9. Do We Transfer Your Personal Data to Third Countries?
Sometimes we may transfer your personal data to countries that do not offer the same level of data protection as the laws of the European Union or your country. In case we transfer your personal data to a country that does not maintain the “adequate” level of data protection, as defined by the European Commission, we will put in place suitable safeguards, which give you more protection and control regarding your personal data, and take reasonable steps to ensure that your privacy rights continue to be protected as outlined in this Privacy Notice and provided for in the Applicable Legislation. As a general rule, we will use the Standard Contractual Clauses (special documents developed by the European Commission) as an appropriate safeguard. You may reach us via the contact details indicated herein to ask whether your personal data is subject to transfer to a third country. This paragraph does not apply to the transfer of the data on or through a blockchain, since such data is publicly available. Please consider the “What Are the Features of Blockchain Data Processing?” section of this Privacy Notice below.
10. Who Controls Your Personal Data?
General. With respect to the personal data collected when you access and use the Services, we act as a data controller, joint controller, or a data processor depending on applicable circumstances as described below.
Data Controller. When we act as a data controller, we mean that we solely determine what data collected and the purposes and means of processing of your data. As a general rule, if the personal data is processed in connection with the Services (except for the KYC Services), we, namely E-Gates, are considered a data controller.
Joint Controller. When we act as a joint controller with others, we mean that we and the respective person or entity process the substantially the same set of personal data and jointly determine the purposes and means of processing such personal information. If and to the extent we are considered to be a joint controller according to the Applicable Legislation, you may exercise your data protection rights with respect to the relevant personal data against both us or the respective person or entity. However, we will be able to assist you only with respect to the processing operations expressly outlined in this Privacy Notice. We have no influence on the processing of personal data in connection with your interaction with others, including, but not limited to, Social Media and other third-party service providers, as such. According to the Applicable Legislation, we may be regarded as joint controllers, for example, in the following cases:
(a) with respect to your Social Media Data — when you access or otherwise participate in our Communication Channels, we are deemed a data controller with respect to (i) the data you provide us with and (ii) the statistical data provided by the respective Social Media. However, with respect to any other processing of your data, the respective Social Media acts as an independent data controller;
(b) with respect to the Payment Data in Fiat Currencies — when you transact in Fiat Currencies (such as make Deposits or Withdrawals), we are deemed a joint data controller with respect to the Payment Data processed by us and the applicable payment service providers. However, with respect to any other data that you provide to payment service providers, they act as independent data controllers.
Data Processor. PassMe acts as a data processor in relation to the use of the KYC Services, meaning a company which processes personal data on behalf of the respective User, who initiated our involvement. In this case, we are not data controllers and activities of PassMe are limited to the requirements of the applicable laws and instructions provided by the respective User, who, in this case, acts as a data controller, i.e., a person who determines the purposes and means of data processing. Please learn more regarding this matter in the last Section “Notice to External Users”.
11. What Are the Features of Blockchain Data Processing?
Please note that the Wallet Addresses and information about Transaction associated therewith interact with public decentralised blockchain infrastructures and blockchain-based software, including smart-contracts, that work autonomously. When we say that a blockchain is decentralised we mean that there is no single person, including us, who controls the blockchain or stores data available thereon, and when we say “public” we mean that the access is available for anyone and cannot be restricted. The data entered in a public decentralised blockchain is distributed via the nodes that simultaneously store all records entered into the blockchain.
By design, blockchain records cannot be changed or deleted and are said to be “immutable”. Please be aware that any Transaction within a blockchain is irreversible and information entered into a blockchain cannot be deleted or changed. Therefore, your ability to exercise certain data protection rights or abilities may be limited.
In addition, due to the blockchain’s nature, the information that was entered in a blockchain will be publicly available and we will neither control such information nor manage access to it. Once you start carrying out Transactions, certain data, which may be considered personal, will become publicly available on a blockchain. The ultimate decision whether to transact on a blockchain or carry out any Transactions rests with you.
12. Are You Subject to Automated Decision-Making?
According to the Applicable Legislation, you have the right not to be subject to a decision based solely on automated processing of data, including profiling, which produces legal effects concerning you or similarly significantly affecting you. Automated decision-making is the process of making a decision by automated means without any human influence on the outcomes.
It is mandatory for you to provide the Verification Data in order to be eligible and authorised to access and use certain functionality of the Services. When you provide us with your Verification Data, the verification systems will process it automatically and report to us whether you are eligible to use certain functionality of the Services. If the verification systems notify us that you are not eligible to use certain functionality of the Services, you will be automatically refused from using the respective Services functionality.
In addition, we may also automatically block Users based on their geographical location. This is necessary to restrict access to the Services for the Users from prohibited jurisdictions (meaning the jurisdictions in which the use of the Services or its functionality is prohibited by applicable laws or regulations, the Terms, or our rules and policies).
If you do not agree with the outcomes of automatic decisions, you may: (a) request us to manually review the respective information and provide you with the outcomes of the review and/or (b) express your point of view and provide additional information or documents in order to contest the decision.
13. What About Interacting with Third-Party Links?
The Website may include links and social media plugins to third-party websites and applications. Clicking on those links or enabling those connections may allow third parties to collect or share certain data about you. We do not control these third-party websites and applications, and are not responsible for their privacy statements. When you leave the Website, we encourage you to read the privacy policy/notice/statement of every website or application you visit.
14. What About Securing Your Personal Data?
We strive to do our best to keep your personal data secure. We always review and update appropriate technical and organisational measures to (i) keep your personal data secure in accordance with the Applicable Legislation, our internal policies and procedures regarding the storage of, access to, and disclosure of personal data; and (ii) protect you against unauthorised or unlawful processing of personal data and accidental loss or destruction of, or damage to them. We endeavour to implement and maintain technical and organisational measures, which are appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction, or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures. Your personal information may undergo anonymisation, pseudonymisation, and/or encryption to ensure safe transfer and/or processing.
15. What Data Subject Rights Do You Have?
General. According to the Applicable Legislation, you may have the rights outlined below. In order to exercise your rights as a data subject, we may request certain information from you to verify your identity and confirm that you have the right to exercise such rights.
Blockchain Data Processing. Please note that when you interact with a blockchain, we may not be able to exercise certain rights that you may have pursuant to the Applicable Legislation with respect to the Wallet Addresses and information about Transactions associated therewith. For instance, we may not be able to ensure that such personal data is deleted, corrected, or restricted. You may learn more above in the “What Are the Features of Blockchain Data Processing?” section of this Privacy Notice.
Data Subject Rights. According to the Applicable Legislation, you may have the following rights:
| Rights | Description |
| Right to access your personal data (commonly known as a “data subject access request”) | This enables you to ask us whether we process your personal data. If we process your data, you may request certain information about the processing activity and/or a copy of the personal data we hold about you, and check that we are lawfully processing it. |
| Right to rectification of the personal data | This enables you to have any incomplete or inaccurate data we hold about you completed or rectified, though we may need to verify the accuracy of the new data you provide to us. |
| Right to erasure of your personal data (commonly known as a “right to be forgotten”) | This enables you to ask us to delete or remove personal data where there is no good reason for us to continue processing it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal or technical reasons which will be notified to you, if applicable, at the time of your request. |
| Right to object to processing of your personal data | This enables you to object to processing of your personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. |
| Right to restrict the processing of your personal data | This enables you to ask us to suspend the processing of your personal data in the following scenarios: (i) if you want us to establish the data’s accuracy, (ii) where our use of the data is unlawful but you do not want us to erase it, (iii) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims,(iv) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it. |
| Request the transfer of your personal data (commonly known as a “right to the data portability”) | We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. |
| Right to withdraw consent | You may withdraw your consent at any time where we are relying on consent to process your personal data. |
| Right not to be subject to automated decision-making | You reserve the right not to be subject to a decision based solely on automated processing of data, including profiling, which produces legal effects concerning you or similarly significantly affecting you. |
| Right to file a complaint | You may file a complaint with a relevant supervisory authority in case we violate your rights or obligations imposed on us under the Applicable Legislation. The relevant supervisory authority will particularly depend on where you are located. The details of the Lithuanian data protection supervisory authority: State Data Protection Inspectorate Website: https://vdai.lrv.lt/en Address: L. Sapiegos str. 17, LT-10312, Vilnius, Lithuania Phones: +370 5 271 2804 / 279 1445 E-mail: ada@ada.lt. |
16. Do We Process Children’s Personal Data?
The Services are not intended for the use of children (under 18 years old or older, if the country of your residence determines a higher age restriction). We do not knowingly market to, solicit, process, collect, or use personal data of children.
If we become aware that a child has provided us with personal information, we will use commercially reasonable efforts to delete such information from our database. If you are the parent or legal guardian of a child and believe that we have collected personal information from your child, please contact us.
17. Can We Modify and Update this Privacy Notice?
We keep our Privacy Notice under regular review and we may update it at any time. If we make any changes to this document, we will change the “Last Updated” date above. Please review this Privacy Notice regularly to check for the updates. If we make substantial changes to the way we treat your personal information, we will either (i) display a notice on the Platform, or (ii) notify you by email prior to the change becoming effective.
18. Notice to External Users
Application. This Section applies to the persons who use the KYC Services upon instructionsprovided by one of our Users.
Our Role. When the PassMe Services are used by our User, we act as a data processor, meaning a company which processes personal data on behalf of the respective User. We do this for the benefit of our User and to perform the Terms (i.e., agreement between us and the User). Accordingly, we process the respective personal data only in accordance with the User’s instructions and pursuant to the Applicable Legislation. The respective User is deemed a data controller, i.e., the person who determines the purposes and means of data processing. Therefore, if you have questions regarding the data processing terms, you should contact our respective User who requested you to use the PassMe Services.
Responsibilities. We are not responsible for the processing of your personal data by our Users, as well as for their respective privacy policy, notice, or statement. We are responsible only for our data processing activities and documentation.
Activities With Your Data. PassMe will process your personal data in accordance with theinstructions provided by the respective User. This may include the following activities: (i) documentcheck, (ii) identity verification, (iii) liveness detection, (iv) background check, (v),know-your-transaction check, etc. Commonly, your Verification Data will be processed, as describedin this Privacy Notice above.
How to Exercise Your Rights. To exercise your data subjects and privacy rights, it is advisable to contact the respective User, not us. If you nevertheless contact us, the only thing we can do is to transfer your request to the respective User. For this purpose, we will need to identify the User in question. So, as you see, it is a matter of common sense to contact the User, not us.
How Long We Keep Your Data. We keep your personal data as long as requested by the respective User. Once requested by the appropriate User, subject to the requirements of the applicable law, we will erase the data without undue delay.
Automated Decision-Making. According to the Applicable Legislation, you have the right not to be subject to a decision based solely on automated processing of data, including profiling, which produces legal effects concerning you or similarly significantly affecting you. When you provide uswith your data within the KYC Services, the verification systems will process it automatically and wefurther report whether you have successfully passed and completed the relevant verification procedure. If the verification systems notify that you fail to pass and complete the relevant verification procedure, the respective User may refuse from entering into certain relationships or transactions with you. If you do not agree with the outcomes of automatic decisions, you may contact the respective User, who requested you to use the PassMe Services, regarding this matter.
