Privacy Policy

This Privacy Policy describes how 0xpay (also referred to in this Policy as “we”, “our” or “us”) collect, use, and share information related to your use of our products, services, and the website. This Policy complies with the requirements of the European General Data Protection Regulation (“GDPR”) and seeks to establish the transparent, lawful, fair and secure handling of personal data of our customers and users.

This Privacy Policy explains what personal data we collect through our website and services, how and why we collect it, how we use it and what third parties we share it with. Additionally, it describes your personal data rights and how you may exercise them.

Secure storage and handling of funds you entrust with us as well as ensuring fairness, competitiveness, genuinity and transparency of the market and your Orders and Transactions are our first and foremost priority. We may revise this Privacy Policy from time to time but we will never do so in a manner that would compromise the importance of our mission. If any modifications are made to this Policy (and other policies, including Terms of Service and Cookie Policy), we will notify you of the changes via email and on this page.

We recommend you read this Policy in full to be aware and informed of the processes your data is involved into and your rights. For any questions regarding this Privacy Policy, collection and use of your data, disclosure and sharing of your data, and other concerns or requests related to your personal data, please contact us at: support@0xpay.app.

1. Definitions

The following section covers the basic definitions used in this Privacy Policy. It describes what is meant by your personal data and who controls and processes your personal data.

1.1. Personal Data

“Personal Data” means any information that may be used to identify you as an individual, directly or indirectly. Such information includes your personal name, identification number, location data, and any information found online that may reveal your physical, genetic, mental, economic, cultural or social identity.

1.2. Information about the Deceased

Personal Data requires a person to have legal capacity, meaning they can exercise their rights, give consent and enter into agreements. Legal capacity begins at birth and is lost upon death. Therefore, in this Policy, any information related to the deceased person is not seen as Personal Data and is excluded from its meaning.

Nevertheless, we will ensure that your personal data collected from you during your life is kept securely and safely with us after your death. We will not share or disclose it in any manner that is not defined in this Policy or not otherwise permitted by the GDPR. Treatment of personal data after death of the data subject differs in regards to the national laws on personal data in each EU Member State: here you may learn about how personal data of deceased person may be treated in your Member State of residence and what options may be available to you and your trusted persons after your death.

1.3. Controller of your Personal Data

As defined in the GDPR, 0xpay is the Controller of your personal data. It means that we determine what information we collect, how and why we collect it, how it is shared and disclosed and what means we use to process this information.

1.4. Processing of your Personal Data

We use specific vendors and partners that are responsible for processing your personal information. For more specific information, please check out Section 8 to learn of how your data is processed, what vendors we use for processing your personal data and what countries we may send your data to for processing.

2. Information We Collect

To provide our Services and offer our Products, we must collect information about you.

2.1. Information that You Provide

This category includes content and information that you provide when you use our Services and Products. 0xpay will never ask you to submit any information related to your racial or ethnic origin, sex life or sexual orientation, political opinions, philosophical or religious beliefs, biometric or genetic data and trade union membership.

2.1.1. Account Registration

When you create your personal account, we may ask for your contact information, including your full name and e-mail address. In addition, in order to further verify your identity for the purposes of compliance measures imposed by us under the relevant legislative acts, such as Anti-Money Laundering and Terrorism Financing Prevention Act, we may collect the following personal information from you:

• Formal identification information, such as identity documents issued by the competent government authorities in the country of your domicile and/or birth, e.g. passport, national ID card, residence permit and right of residence cards, driver’s license, birth certificate, visa information, and other relevant identification documents necessary to determine your identity and comply with our obligations under the AML and anti-financial crime laws and regulations;

• Financial information, such as bank account details, payment card information, transaction history, trading data, tax information, and other relevant information.

• Information about your business, such as formal certificate of incorporation issued by the competent authorities of the country of incorporation of your business, extracts from the commercial registries, tax and/or VAT number and information, Articles and/ or Memorandum of Association, Certificates of Incumbency, personal identification information about all ultimate beneficial owners (hereinafter: the “UBOs”), shareholders and management board members, information about the origin and source of funds, etc.

• Employment information, such as the job title, location of the employer’s officer and/or job description.

• Transaction information, such as information about amounts of your transactions and recipients of such.

2.1.2. Communications

If you contact us directly, we may ask for some additional information from you, such as your name, e-mail address, personal address, phone number and other personal information. If you communicate with us, we will always state the reasons why we need this information from you.

2.1.3. Payment Information

Our Services allow our users to opt for a desired payment method in order to execute Orders and Transactions via the use of our third-party payment processors. We do not store your information about the financial account and cards. It is referred to our payment processor.

2.2. Cookie Files

We use cookies on our website to gather information about our users' interaction with our Services. Information we collect via cookies may include your use of the website features, the frequency of your visits, your interaction with the functionalities of the Services and other relevant information.

Cookies are small pieces of text sent by your web browser by a website you visit. Cookies may store user preferences and other information. Cookies provide a convenience feature to save you time or tell the Web server that you have returned to a specific page. A cookie file is stored in your web browser and allows the Service or a third-party to recognize you and make your next visit easier and the Service more useful to you.

Cookies can be “persistent” or “session” cookies. Persistent cookies remain on your personal computer or mobile device when you go offline, while session cookies are deleted as soon as you close your web browser.

Cookies set by us are called “first party cookies”. Cookies set by parties other than the website owner are called “third party cookies”. Third party cookies enable third party features or functionality to be provided on or through the website.

You may learn more about cookies and their use at http://www.aboutcookies.org/ and http://www.allaboutcookies.org/.

2.3. Log Files

We use log files to store information gathered from your use of our Services. We use this information to enhance the functionalities of the website, acquiring detailed information about traffic to optimize the website performance and improve the overall quality of provision of our Services. The information stored in log files may include Internet Protocol (IP) addresses, browser type, operation system (OS), Internet Service Provider (ISP), referring/exit pages, landing pages, time and date stamps and clickstream data. Please note that this information may be considered Personal Data under certain circumstances in accordance with the relevant provisions of the GDPR.

2.4. Information from Partners and Third Parties

Our partners that have been authorized by us to provide our Services may provide your Personal Data to us. In this case, the information forwarded to us is collected by our partners and shared with us. We require our partners to have lawful rights to collect, use and share your Personal Data before disclosing it to us. Such Partners and third parties include but are not limited to the following sources:

• Public Databases, Identity Verification Partners and Credit Institutions: we gather information from the above-mentioned Partners to verify your identity as per the applicable laws and regulations. Identify verification involves collecting such personal information as your name, address, employment information, credit history, affiliation with any restricted, sanctioned or prohibited groups and associations, determined as such by relevant legal acts, as well as other relevant data. Particularly, we are obliged to collect and store such information as per our obligations under the Law of the Republic of Lithuania on Money Laundering and Terrorist Financing Prevention (Lietuvos Respublikos pinigų plovimo ir teroristų finansavimo prevencijos įstatymas, or AML/CTF Law), aimed at monitoring, detecting and preventing acts related to money laundering, terrorism financing and other financial crimes.

• Blockchain Data: we collect publicly available blockchain data to detect and prevent illegal activities, including those defined in AML/CTF Law, as well as to determine current blockchain trends.

• Marketing Partners, Advertisers and Analytics Partners: we may collect personal data from such partners and third parties for the purposes of conducting research about how you use and interact with our website, Services and Products, as well as to understand what Services and Products may be of interest to you.

3. Anonymized Data

As defined by the GDPR, anonymization is a technique that alters personal information to the point when it may no longer be directly linked to a particular individual and such an individual may not be identified, directly or indirectly, from such data.

0xpay may employ anonymized data for the purposes of conducting research about quality of our Services, understanding customer needs and demands, conduct marketing, detect and prevent security vulnerabilities and breaches, and other relevant business purposes.

4. How We Use Information

We use information we collect in various ways, including the following:

• Providing, operating and maintaining our Services;

• Processing payments, executing Orders, Trades and Transactions in a manner consistent with the rules of market fairness, transparency, competitiveness, and genuinity;

• Detecting and preventing loss of funds, including losses occurring as a result of fraud and abuse of our Services;

• Ensuring compliance with the relevant laws and regulations to prevent anti-money laundering, terrorism financing, fraud and other financial crimes;

• Complying with the anti-financial crime regimes and obligations, regulated and imposed by the competent authorities of Republic of Lithuania, such as the Bank of Lithuania (Lietuvos bankas) and the Financial Crime Investigation Service (Finansinių nusikaltimų tyrimo tarnyba, or the “FCIS”);

• Communicating with you, including direct means or through our partners, to perform customer support activities, to inform you of the changes and updates related to the Services, to notify you of important information related to the Services and for marketing and promotion;

• Sending you emails, including notification emails, reminders and confirmations;

• Improving the quality of our Services;

• Conducting research and development related to our Services to develop new features and functionalities and introduce new products and services;

• Performing measurement and analytics activities to learn how our users interact with our Services and understand our users' behaviour and preferences;

• Promoting safety, security and integrity of your funds, our Services and data.

5. How We Share This Information

We may share the information we collect in various ways and third parties.

5.1. Vendors and Service providers

We provide information we collect to vendors and services providers that help us keep our business running. Such vendors include (but are not limited to) payment platforms, web and mobile analytics services, advertisers, partners in IT such as hosting and software providers as well as sales and marketing products.

5.1.1. Non-EU/EEA Vendors

Please kindly note that some of our service providers are located outside of the EU/EEA area. For further information on how your data is handled when sharing it with third parties outside of the EU/EEA, please see Section 11 of this Policy.

5.2. Payment Platforms

As a merchant, we share your information with payment services and platforms such as PayPal, to process your transaction and complete your order. Payment providers may collect information specifically for the purposes of processing your transaction: for further details, please kindly visit Intergiro Privacy Policy page. 0xpay may forward your information to payment platforms in order to finalize your orders; however, we never keep your payment information or use in in any way but to process your transaction.

5.3. Advertisers

To ensure you see the ads that may be of interest to you, we work with third-party advertising partners. These partners may receive information from us to personalize ads to fit your interests. They may also collect information about you and use it in accordance with their own privacy notes. We never sell your information to advertisers. Additionally, we make sure advertisers we choose are compliant with the GDPR and manage your information accordingly.

5.4. Partners that Work with Us

Due to the nature of our business, we communicate and establish business connections with various partners in the field of banking, legal services, compliance, accounting, and other relevant fields. We may provide your information to them to ensure uninterrupted, accurate, and integral provision of our Services and commence activities that help us maintain our business activities.

5.5. Law Enforcement and Compliance

In some circumstances, we may need to disclose your personal information in accordance with the law and current regulations to law enforcement authorities, government officials or other relevant third parties. It may be necessary in the case of court proceedings, complying with a legal order or other legal process, as well as for the purposes of financial crime, money laundering and terrorism financing prevention, if we have strong grounds to believe any natural or legal person to be involved in or associated with the said forms of crime.

5.6. Business Transfers

In cases of insolvency, bankruptcy, acquisition, transfer of ownership, sale of assets or succession of 0xpay, your personal information may be disclosed to the new owner, acquirer or successor of the company or other relevant third parties.

6. How We Secure This Information

At 0xpay we understand the importance of keeping your personal information in a secure and integral manner, as any breach of personal data may lead to detrimental consequences to you and your funds. Therefore, we employ various physical, technical and administrative safeguards to ensure integrity, security and confidentiality of your personal data.

Your personal information is secured with the help of Transport Layer Security (TLS) protocol that is designed to protect and secure your information from unauthorized access and breaches of privacy. TLS protocol is mainly used for encrypting the information exchanged between our website and servers. We also use TLS to encrypt all the emails and messages exchanged with us. We use the latest and the most secure version of TLS (v 1.3) to date and make sure to update if a more secure and reliable version is released in the future.

In addition, your transaction and other personal information is stored by us in an encrypted manner. Such encrypted data is stored and maintained with the use of our relevant service providers that help us maintain physical, technical, electronic and administrative safeguards. Please note that some of such vendors may be located outside of the EU/EEA zone: to learn more about how your personal data is collected, stored, handled and processed by such vendors, please read Section 11 of this Policy.

At the same time, even with all the security and safety measures imposed by us at all times, we cannot guarantee that your data may not be breached, accessed without authorization or otherwise tainted and leaked. We ask you to kindly acknowledge that a great part in data security lies with you, and it is important to treat your personal data with diligence, attentiveness, and care. It is strongly recommended to make sure your password includes a combination of letters, numbers and signs and consists of a sufficient amount of characters; it is also advised to check for the safety of your connection (which can be accessed by clicking a lock sign next to the URL field of your browser) to make sure you do not submit your personal information to fraudulent and compromised versions of our website, developed and maintained by unauthorized persons with malicious intent.

Should you become aware of any attempt to misuse your personal information by the above-mentioned or any other malicious means, or should you believe your personal information is not stored, handled and maintained securely by us, please notify us immediately at <EMAIL>.

7. Retention of Personal Information

Your personal information is stored securely for as long as your account is opened. We will only store and retain your personal information for the period necessary to fulfill purposes for which it is collected. Retention periods may vary in regards to the type of personal information and purposes for which it was collected, such as indicated below:

• Personal information related to our legal obligations to comply with anti-financial crime and anti-money laundering laws and regulation, including Law on Money Laundering and Terrorist Financing Prevention, may be stored for as long as it is required by such laws;

• Contact information for marketing purposes is retained for as long as we have your consent and is deleted immediately after you recall your consent;

• Telephone call records and other correspondence with us may be kept for a period of up to five years;

• Information collected via technical means is retained for a period of up to one year.

8. Legal Basis and Legitimate Interests

Our legal basis to collect, use and share your personal data varies depending on the context. The following are the situations in which we perform processing:

• When we have your consent, meaning you have read our data processing purposes and have agreed to them by giving your consent; such as in cases that include but are not limited to being subject to our marketing notifications and campaigns and granting your consent to use your personal information to enhance your experience of using our website and Services;

• When we need to perform a contract with you, meaning that your information is necessary to process and finalize your order or comply with the terms of any other contact we have entered into with you; to enforce the terms of this Policy and other agreements; to provide our Services; to provide customer service and support, to ensure quality of our Services and communications;

• When we have a legal obligation to comply with, meaning that data disclosure is necessary to comply with the legal requirements set by law or legal order;

• When we have a legitimate interest, meaning that we process your personal data to operate and provide our Services, improve our Products, ensure proper security and prevent illegal activities and handling of your data. We only have legitimate interest when it does not override your fundamental rights.

9. Rights of the Data Subject

As a data subject, you have certain rights provided by the GDPR that you may invoke.

9.1. Access, Update, Correct or Erase Your Information

You have the right to request the above to be done with your information. You may do so at any time by emailing us at support@0xpay.app.

9.2. Objecting to and Restricting Processing of Information

You may also exercise these rights at any moment by contacting us at support@0xpay.app.

9.3. Data Portability

If you wish to receive all the personal information we collected from you to then provide it to another controller, you may do so by contacting us at support@0xpay.app.

9.4. Opt-Out of Marketing Messages

You have the right to opt-out of marketing messages at any moment. This can be done by clicking the ‘unsubscribe’ option in the marketing emails from us. You may also contact us at support@0xpay.app and we will unsubscribe you.

9.5. Withdraw Your Consent

You may withdraw your consent for processing your personal information at any moment. Please note that lawfulness of consent before withdrawal will not be affected.

9.6. Complaining to a Data Protection Authority (DPA)

You have the right to complain to the DPA of your country of residence about collecting and processing of your personal information by us. The list of the DPA representatives, their webpages and contact information is available here.

10. Automated Processing and Decision-Making

We may employ automated tools to determine fraud or financial crime risks associated with any Order, Trade, Transaction or Customer. However, we do not perform any decision-making based on means of fully automated processing, or automated processing that relies solely on decisions and conclusions generated by the machines and the line of code and does not involve any human control, assessment and/or intervention. Similarly, we do not employ any algorithmic and automated systems to make decisions that have serious life-affecting consequences, except for the cases laid down by relevant data protection provisions.

11. International Transfer of Data

We strive to enhance the security of personal information you are entrusting us with. Therefore, we opt for the most secure and diligent data processors to do the task. Some of such processors are located overseas outside of the EU/EEA area in countries that have different regulations on personal information. However, our partners follow the requirements and safeguards of the GDPR when receiving and handling your personal information that we share with them.

For transfers of information to and from processors located in the UK, the European Commission adequacy decision has been adopted, meaning that data may flow freely from the EU/EEA to the UK and back since the EU considers the data protection regime in the UK essentially equivalent to the regime of the GDPR.

For transfers of information into the EU from other countries covered by the European Commission adequacy decisions, such as Andorra, Argentina, Canada, Faroe Islands, Guernsey, Isle of Man, Israel, Japan, Jersey, New Zealand, Switzerland and Uruguay, we are required to comply with the local legal requirements and regulations on transfers of personal data, therefore we make sure the specific arrangements are being followed when receiving data from any of the aforementioned countries.

For transfers of information to processors located in the US, we no longer rely on processors that are certified under the EU-US Privacy Shield Framework because it has been invalidated in 2020 by the decision of the European Court of Justice.

Instead, we make sure our international processors have adopted Standard Contractual Clauses for data protection.

12. Children's Privacy

We do not knowingly collect and process any personal information from children under 13 years of age. Please note that for any collection and processing of personal information of a child under 13, we require explicit consent from the child’s legal representative, such as a parent or a guardian.

If you suspect that a child under 13 has provided us with their personal information without explicit consent, please contact us at support@0xpay.app.

13. Changes to the Policy

We may modify this Policy from time to time to adapt it to the changing regulations and new developments. Changes will be posted on our Website. Additionally, we will notify you of changes via email.

14. Contact information

If you have any questions or concerns regarding this Policy, your personal data rights and how to invoke them, or any other question about your personal information, please feel free to contact us at support@0xpay.app.