1 Introduction

1. This Privacy policy is the main document that sets out the basis as to what happens to any personal data that You provide to Ebioro, UAB, or that We collect from You or other sources while using our Services about You. You may choose not to provide any information to Us, however Ebioro may be unable to provide Services.
2. Please pay attention to the fact that Ebioro may update this Privacy policy from time to time, therefore please do review it regularly.
3. Your personal data controller is Ebioro UAB. We have appointed a data protection officer (“DPO”). You can contact our DPO at [email protected].
4. Ebioro acts according to the Law on the Legal Protection of Personal data of the Republic of Lithuania, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of personal data and on the free movement of such data (General Data Protection Regulation) and other applicable legal regulation.
5. Security is highly important to us. We take all reasonable measures to protect personal data from loss, theft, misuse and unauthorized access, disclosure, alteration, and destruction, including industry standard security and encryption features.
6. If the Profile is opened by legal person, Head or other representative of the Client shall properly inform data subjects (Beneficial owners, Head, etc.) about transfer of their data to Us and to present this Privacy policy to them.

2 Definitions

1. AML shall mean anti-money laundering and counter-terrorism financing regulations.

2. Personal data shall mean any information relating to an identified or identifiable natural person.

3. Supervisory institutions shall mean Bank of Lithuania, State Data Protection Inspectorate, Financial Crimes Investigation Service, other institutions that supervise our activity.

4. You shall mean the natural person who is using one of our services and needs to provide us with your personal data

3 Personal information we collect

Personal information means any data which relates to a living individual who can be identified from that data, or from that data and other information which is in the possession of, or is likely to come into the possession of, Ebioro (or its representatives or service providers). In addition to factual information, it includes any expression of opinion about an individual and any indication of the intentions of Ebioro or any other person in respect of an individual. The definition of personal information depends on the relevant law applicable for your physical location.

3.1 Information you provide to us

This includes information you provide to us in order to establish an account and access our Services. This information is either required by law (e.g. to verify your identity), necessary to provide the requested services, or is relevant for our legitimate interests described in greater detail below.The nature of the Services you are requesting will determine the kind of personal information we might ask for, but may include:

• Identification Information: Full name, date of birth, nationality, gender, signature, utility bills, photographs, phone number, home address, and/or email.
• Formal Identification Information: Government issued identity document such as Passport, Driver’s License, National Identity Card, State ID Card, Tax ID number, passport number, driver’s license details, national identity card details, visa information, and/or any other information deemed necessary to comply with our legal obligations under financial or anti-money laundering laws.
• Financial Information: Bank account information, payment card primary account number (PAN), transaction history, trading data, and/or tax identification.
• Transaction Information: Information about the transactions you make on our Services, such as the name of the recipient, your name, the amount, and/or timestamp.
• Employment Information: Office location, job title, and/or description of role.
• Correspondence: Survey responses, information provided to our support team or user research team.

3.2 Information we collect automatically or generate about you

This includes information we collect automatically, such as whenever you interact with the Sites or use the Services. This information helps us address customer support issues, friendly onboarding, improve the performance of our Sites and applications, provide you with a streamlined and personalized experience, and protect your account from fraud by detecting unauthorized access. Information collected automatically includes:

• Online Identifiers: Geo location/tracking details, operating system, browser name and version, and/or personal IP addresses.
• Usage Data: Authentication data, security questions, click-stream data, public social networking posts, and other data collected via cookies and similar technologies. Please read our Cookie Policy for more information.

3.2.1 Information collected from third parties

This includes information we may obtain about you from third party sources. The main types of third parties we receive your personal information from are:

• Public Databases, Credit Bureaus & ID Verification Partners in order to verify your identity in accordance with applicable law. ID verification partners such as Sumsub use a combination of government records and publicly available information about you to verify your identity. Such information may include your name, address, job role, public employment profile, credit history, status on any sanction’s lists maintained by public authorities, and other relevant data.
• Blockchain Data to ensure parties using our Services are not engaged in illegal or prohibited activity and to analyze transaction trends for research and development purposes.
• Marketing Partners & Resellers so that we can better understand which of our Services may be of interest to you.

• Social Data Profiles: For example Facebook,Skype,Twitter,etc. We obtain this information by correlating the information you provided to us during registration (i.e., name, email address and mobile number) with multiple several databases from these parties

3.3 Anonymized and aggregated data

In addition to the categories of personal information described above, Ebioro will also process anonymized information and data that is not processed by reference to a specific individual. Types of data we may anonymize include transaction data, click-stream data, performance metrics and fraud indicators.

4 How we use your personal information

We may use your information in the following ways and for the following purposes:

4.1 To maintain legal and regulatory compliance

Ebioro needs to process your personal information to comply with anti-money laundering and security laws. We also process your personal information in order to help detect, prevent, and mitigate fraud and abuse of our Services and to protect you against account compromise or funds loss. If you do not provide personal information required by law, we will have to close your account.

4.2 To provide Ebioro services

We process your personal information to provide Services to you. Third parties that we use such as identity verification services may also access and/or collect your personal information when providing identity verification and/or fraud prevention services. In addition, regulated entities that we partner with might also access and/or collect your personal information (i.e., we might redirect you to a third-party provider to buy crypto currencies and will share your personal information so that you don’t need to do it). We also collect information about your account usage and closely monitor your interactions with our Services. The consequences of not processing your personal information for such purposes is the termination of your account.

4.3 To provide communications and customer services

According to your preferences and in compliance with applicable law, we may send you marketing communications to inform you about events, to deliver targeted marketing and to share promotional offers. If you are a new customer, we will contact you by electronic means for marketing purposes only if you have consented to such communication. If you do not want us to send you marketing communications, please go to your account settings to opt-out or submit a request via [email protected]

We may send you service updates regarding administrative or account-related information, security issues, or other transaction-related information. These communications are important to share developments relating to your account that may affect how you can use our Services. You cannot opt-out of receiving critical service communications.
We also process your personal information when you contact us to resolve any questions, disputes, collect fees, or to troubleshoot problems. Without processing your personal information for such purposes, we cannot respond to your requests and ensure your uninterrupted use of the Services.

4.4 In our legitimate business interests

Sometimes the processing of your personal information is necessary for our legitimate business interests, such as:
• quality control and staff training;
• to enhance security, monitor and verify identity or service access, and to combat spam or other malware or security risks;
• research and development purposes;
• to enhance your experience of our Services and Sites; or
• to facilitate corporate acquisitions, mergers, or transactions.

5 Legal basis for processing your information

For individuals located in the European Economic Area, United Kingdom or Switzerland at the time their personal data is collected, we rely on legal bases for processing your information under the relevant data protection legislation. These bases mean we will only process your data where we are legally required to, where processing is necessary to perform any contracts we entered with you (or to take steps at your request prior to entering into a contract with you), for our legitimate interests to operate our business, to protect Ebioro’s or your property rights, or where we have obtained your consent to do so. We will not use your personal information for purposes other than those purposes we have disclosed to you, without your permission.

6 Disclosing your personal information to third parties

We allow your personal information to be accessed only by those who require access to perform their work and share it only with third parties who have a legitimate purpose for accessing it. Ebioro will never sell or rent your personal information to third parties without your explicit consent. We will only share your personal information with the following types of third parties:
• Identity verification services to prevent fraud. This allows Ebioro to confirm your identity by comparing the information you provide us to public records and other third party databases.
• Financial institutions which we partner with to process payments you have authorized.
• Service providers and professional advisors under contract who help with parts of our business operations. Our contracts require these service providers to only use your information in connection with the services they perform for us and prohibit them from sharing your information with anyone else.
• Companies or other third parties in connection with business transfers or bankruptcy proceedings.
• Companies or other entities that purchase Ebioro assets.
• Law enforcement, regulators, or any other third parties when we are compelled to do so by applicable law or if we have a good faith belief that such use is reasonably necessary, including to: protect the rights, property, or safety of Ebioro, Ebioro customers, third party, or the public; comply with legal obligations or requests; enforce our terms and other agreements; or detect or otherwise address security, fraud, or technical issues.
7 How we protect and store personal information

Ebioro implements and maintains reasonable measures to protect your information. Customer files are protected with safeguards according to the sensitivity of the relevant information. Reasonable controls (such as restricted access) are placed on our computer systems. Physical access to areas where personal information is gathered, processed or stored is limited to authorized employees.

We protect your personal information by maintaining physical, electronic, and procedural safeguards in compliance with the applicable laws and regulations.
As a condition of employment, Ebioro’s employees are required to follow all applicable laws and regulations, including in relation to data protection law. Access to sensitive personal information is limited to those employees who need to it to perform their roles. Unauthorized use or disclosure of confidential customer information by a Ebioro employee is prohibited and may result in disciplinary measures.
When you contact a Ebioro employee about your file, you may be asked for some personal details. This type of safeguard is designed to ensure that only you, or someone authorized by you, has access to your file. You also play a vital role in protecting your own personal information.

8 Retention of personal information

How long we hold your personal information for will vary. The retention period will be determined by the following criteria:
• the purpose for which we are using your personal information – we will need to keep the information for as long as is necessary for that purpose; and
• legal obligations – laws or regulation may set a minimum period for which we have to keep your personal information.

If you have further questions about our data retention practices, please contact us at [email protected]

If we anonymize your personal information so that it can no longer be associated with you, it will no longer be considered personal information, and we can use it without further notice to you.

9 Children personal information

We do not knowingly request to collect personal information from any person under the age of 18. If a user submitting personal information is suspected of being younger than 18 years of age, Ebioro will require the user to close his or her account and will not allow the user to continue using our Services. We will also take steps to delete the information as soon as possible. Please notify us if you know of any individuals under the age of 18 using our Services so we can take action to prevent access to our Services.

10 Cross border transfers

Ebioro is business with operations the European Union. However, for the provision of our services we are engaged with providers that have a global presence and might need to transfer your information cross-border. When we transfer your personal information to another country outside the European Union, we will ensure that any transfer of your personal information is compliant with applicable data protection law.

11 Your privacy rights

Depending on applicable law of where you reside, you may be able to assert certain rights related to your personal information. These rights include:

• the right to obtain information regarding the processing of your personal information and access to the personal information which we hold about you;
• the right to withdraw your consent to the processing of your personal information at any time. Please note, however, that we may still be entitled to process your personal information if we have another legitimate reason for doing so. For example, we may need to retain personal information to comply with a legal obligation;
• in some circumstances, the right to receive some personal information in a structured, commonly used and machine-readable format and/or request that we transmit those data to a third party where this is technically feasible. Please note that this right only applies to personal information which you have provided directly to Ebioro;
• the right to request that we rectify your personal information if it is inaccurate or incomplete;
• the right to request that we erase your personal information in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal information, but we are legally entitled to retain it;
• the right to object to, or request that we restrict, our processing of your personal information in certain circumstances. Again, there may be circumstances where you object to, or ask us to restrict, our processing of your personal information but we are legally entitled to refuse that request; and
• the right to lodge a complaint with the relevant data protection regulator if you think that any of your rights have been infringed by us.

You can exercise your rights by contacting us using the details listed below. Further information about your rights may be obtained by contacting the supervisory data protection authority located in your jurisdiction.

12 How to contact us

If you have questions or concerns regarding this Privacy Policy, or if you have a complaint, please contact us at [email protected]