Orizon dashboard

Privacy Policy

Euchanges UAB (“we”, “us”, “our”, “ours”) are committed to protecting your privacy in accordance with the applicable data protection laws.

We offer services in or from within Lithuania, which is a part of the EU. Data Protection Legislation in this Privacy Policy (the “Policy”) means the EU’s General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) and No. XIII-1426 of 30 June 2018 amending Law No. I-1374 (only available in Lithuania) (“Personal Data Protection Law”, or “PDRL”), and guidance and recommendations by EU Personal Data Protection Board and State Data Protection Inspectorate (“SDPI”).

This Policy describes our current policies and practices in relation to the collection, handling, use and disclosure of personal information through our websites, pages, features, mobile applications, API, and other online products and services that link to this Policy (collectively, the “Platform” or when you otherwise interact with us. It also deals with how you can complain about a breach of the privacy laws, how you can access the personal information we hold about you and how to have that information corrected.

Euchanges UAB as Data Controller.

For the purposes of applicable data protection laws, Euchanges UAB acts as the data controller for the processing of personal data in relation to:

  1. The creation, management, and use of the Customer’s platform account (via web or mobile app); and
  2. The provision of any services offered independently of the regulated payment services (such as customer support for services provided directly by Euchanges UAB).

Please note that for certain regulated payment services accessible via our platform (such as virtual IBANs or card services), your personal data may be processed by our licensed financial partner, Intergiro. Intergiro acts as an independent data controller for such processing activities. For further information, please refer to Intergiro’s own privacy policy

We encourage you to read the Policy carefully before proceeding further as it forms part of our Terms of Use.

By opening an account with us and using our Platform and services, you acknowledge that you are aware about the terms of this Policy.

The data we collect

We collect and process various categories of personal data at the start of and for the duration of our relationship with you. Some categories of personal data are kept beyond the termination of our relationship where so required and there is a legitimate purpose for doing so. We limit the collection and processing of information to what is necessary to achieve one or more of the lawful bases identified in this Policy.

When you register an account and/or use our Platform with us, we may ask you for the information we need to verify your identity and support such services provided on the Platform in order to facilitate the provision of buying, selling and trading digital assets. This can include a broad range of information such as:

  1. Personal information: This may include full name, residential address, age, gender, signature, e-mail address, mobile number, date of birth, nationality, passport number, driver’s license details, national identity card details, photographs, employment information, utility bills, and /or financial information. We may also ask you to provide evidence of your identity such as asking for a copy of your passport or driving licence, and proof of residence and/or proof of income. We are required to ask for this information to comply with anti-money laundering (AML) legislation to ensure we safeguard against and report any suspicious activities.
  2. Logging information: We collect log information about your use of the Platform, including the type of browser you use, app version, access times, pages viewed, your IP address, any other network identifiers, and the page you visited before navigating to our Platform.
  3. Device information: We collect information about the computer or mobile device you use to access our Platform, including the hardware model, operating system and version, unique device identifiers, and mobile network information.
  4. Activities on the Platform: We collect records of your activities on our Platform, including, any content you post, your account details, the time, value and currency and cryptocurrency, pricing of any purchase, sale or transaction made and the payment method.
  5. Location information: In accordance with your device permissions, we may collect information about the precise location of your device.
  6. Information Collected by Cookies and Other Tracking Technologies: We use different technologies to collect information, including cookies and web beacons – please see section 13 for more details.
  7. Transaction Information. Transaction information as you use our services, including deposit snapshots, account balances, trade history, order activity and distribution history, bank account number, identification data of e-wallet, amount of currency and cryptocurrency during transaction, account statement.
  8. Financial Information. Your e-wallet information, credit card information (including the card number, expiry date and CVC), tax identification number, transaction history and trading data.
  9. Information collected in accordance with the requirements of the laws. Results from Politically Exposed Persons (PEP) Screening & Sanction screening, any additional personal data required for proving Source of Funds (e. g. employment contract, certificate of inheritance, etc.), data on the management structure and business activity, etc.

How data is collected

We collect your personal data in the following manner:

  1. Information you provide to us directly when contacting us;
  2. Information we receive from third parties, such as third-party service providers;
  3. Information acquired by us during the course of our relationship and dealings with you;
  4. Information collected through the use by you of our website, platforms and applications; and
  5. Information gathered from publicly available sources.

The legal bases for the processing of your data

To process personal data, we need a valid lawful basis under the Data Protection Legislation which will justify the processing. The purposes for which your personal data is collected and processed include the following:

Contractual necessity

This lawful basis applies to most of our processing activities in relation to personal data belonging to our customers/clients. It applies both during the pre-contractual stages of our relationship (when you are signing up) as well as once the contractual agreement(s) are in place.

Compliance with a legal obligation to which we are subject

We are subject to other legal obligations other than the Data Protection Legislation, which may require us to process personal data. For example, we are required to retain information in accordance with record-keeping requirements under applicable legislation. Further we may need to carry out certain investigations, customer due diligence, and reporting for the purposes of anti-money laundering (including counterterrorist and proliferation financing) legal and/or regulatory requirements.

Legitimate interests of Company or a third party

We may also process your personal data where it is in our legitimate interests (or the interests of a third party) to do so, provided that those interests override your interests or fundamental rights or freedoms. There may be cases where your interests and fundamental rights could override our legitimate interests. This may happen in cases where personal data are processed in circumstances where you do not reasonably expect further processing. We will always need to (i) identify a legitimate interest (ii) show that processing is necessary to achieve it, and (iii) balance it against your interests, rights and freedoms. Some non-exhaustive examples of situations where we may seek to pursue legitimate interests are:

  • for marketing purposes;
  • for the exercise, establishment or defence of legal claims; and
  • to prevent fraud.

Consent

We rarely rely on your consent to process your personal data, as usually another lawful basis will be more suitable. Where we do seek to rely on your consent, we will always ensure that this consent is fairly obtained by clearly informing you about why your consent is needed. We will usually require that you provide your consent through a clear, affirmative action such as ticking a box, toggling/swiping a button or switch on our website or on a mobile application, signing your name or other suitable method that can clearly evidence your consent. Non- exhaustive examples of when we may need your consent are:

  • to enable a feature on a mobile device application; or
  • to enable us to place cookies and similar technologies in accordance with our Cookie Policy.

Use of your personal data

We may use the personal information that you provide, or which is collected by us in accordance with this Policy and relevant laws, to:

  1. provide you with our services;
  2. verify your identity and carry out checks that we are required to conduct by applicable laws and regulations, including without limitation, “know your customer”, anti-money laundering, fraud, sanctions and politically exposed person (PEP) checks;
  3. contact you on matters related to your account, including, to request any additional information or documentation;
  4. provide you with notices related to your account, general updates, market updates and other marketing materials, including, the services offered by a Company - we will give you the option of electing not to receive these communications and you can unsubscribe at any time by notifying us that you wish to do so;
  5. tailor the products and services offered through the Platform to you, including without limitation, to perform any suitability or appropriateness assessments for using our services and/or products;
  6. enable us to manage your ongoing requirements and our relationship with you, for example, to process transactions, troubleshoot a problem, prevent or investigate illegal or potentially illegal activities - we may do so by electronically unless you tell us that you do not wish to receive electronic communications;
  7. customise and improve our Platform;
  8. assess your risk score according to parameters determined by us;
  9. assess whether you qualify as a professional client, wholesale client, institutional client or other specific category of clients;
  10. detect and reduce risks of fraud;
  11. to enforce/defend our rights;
  12. to meet our internal policy requirements;
  13. to market our products to you;
  14. maintain administrative records relating to our business; and
  15. set up security measures to secure your account, including without limitation, to carry out two-factor authentication.

Incomplete and inaccurate information

If you do not provide us with some or all of the information that we ask for, we may not be able to verify your identity and as such you may not be able to open a trading account with Company and use our Platform.

You can provide and update your information at any time by visiting the “Account” page in our Platform. We recommend that you update your profile in your account regularly, to ensure that the functions offered to you are appropriate for your current circumstances. You may have to update such information upon our request, if we consider the information provided as untrue, incorrect, incomplete and/or inconsistent with other information provided by you at any time. You acknowledge that we may rely upon such information and that you are responsible for any damages or losses which may result from any inaccuracies, including without limitation, the inappropriateness of our services to you.

Sharing of information

We will not share the personal information we hold about you except in the following circumstances:

  1. between and among Company’s internal corporate entities and our current and future parents, affiliates, subsidiaries, and other companies under common control and ownership; and
  2. with professional advisors, vendors, consultants, and other service providers, such as transaction service providers, IT hosting companies, banks, other financial institutions and credit reference agencies who need access to such information to carry out work on our behalf;
  3. in response to a request for information if we believe disclosure is in accordance with, or required by, any applicable law or legal process, including lawful requests by public authorities to meet national security or law enforcement requirements;
  4. if we believe your actions are inconsistent with our user agreements or policies, or to protect the rights, property, and safety of Company or others.

Security and integrity of information

We strive to ensure the security of your personal information and information that we collect related to you or your activities on our Platform. We protect your personal information by using data security technology and using tools such as firewalls and data encryption. We also require that you use a personal username and password every time you access your account online. As set out in Company’s terms of use, you must not share your password with anyone else.

Where it is necessary for us to share your personal information with a third party, we will ensure that third parties only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions.

We have also put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Transfer of information

To ensure that the security of your personal information we have put in place appropriate measures to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects Data Protection Legislation for example by stipulating this as part of our contract with our third-party suppliers.

If you would like further information about the safeguards in place for transfers of personal information to other third parties, under the applicable data protection laws, please contact us using the details set out in section 15 of this Policy.

Data retention

We strive to maintain the relevance, reliability, accuracy, completeness and currency of the personal information we hold and to protect its privacy and security.

We keep personal information only for as long as is reasonably necessary for the purpose for which it was collected or to comply with any applicable legal or ethical reporting or document retention requirements. We will not retain your personal data in a form which permits the identification of the data subject for longer than needed for the legitimate purpose or purposes for which we originally collected it, including for the purpose of satisfying any legal, accounting or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we will anonymize your personal information so that it can no longer be associated with you, in which case we will use such information without further notice to you.

We are obligated to retain personal data about you and your transactions for such time until the retention of your personal data is no longer necessary for any business or legal purpose, i. e. in order to comply with anti-money laundering and countering the financing of terrorism and other obligations applicable to us.

Once collected, we may retain your data related to financial transactions for up to 8 years following the date of your last transaction or the date you close your account (whichever is the later). This time limit may be additionally extended if a reasonable ground exists.

The personal data storage period is set based on the below principles:

Usually, we keep data during the course of the provision of services, during the validity of the contract and 10 years after the expiration of the contract or legal relationships, while executing the requirements set forth in legal acts related to document archiving and in order to declare, execute or defend the legal claims.

If the transaction has not been concluded, we will store personal data for 3 years from the date of its receipt. If a transaction is refused due to the implementation of money laundering and terrorist financing prevention measures, personal data shall be stored for 8 years from the moment of refusal.

According to the requirements of legal acts regulating the prevention of money laundering and terrorist financing, we will process personal data for 8 years from the date of receipt. This time limit may be additionally extended if a reasonable ground exists.

If you revoke your consent for data processing or the data processing term expires (when the data is processed on the basis of your consent), only the data confirming the fact of your consent is retained for 5 years from the end of the consent period or the cancellation of consent in order to declare, execute or defend the legal claims.

At the end of the retention period, we will securely delete or destroy data retained, and require our sub-processors or third-party suppliers to do likewise.

Your rights

Under the Data Protection Legislation, you have certain rights and protections regarding the processing of your personal information. For example, in certain circumstances you have the right to:

  1. Request access to your personal information. This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  2. Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  3. Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
  4. Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
  5. Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  6. Request the transfer of your personal information to another party.

Individuals also have the right to complain about the use of their personal information to the supervisory authority which is the SDPI. You may contact the SDPI on the below details:

Address: State Data Protection Inspectorate, L. Sapiegos str. 17 (Left-hand entrance), LT- 10312 Vilnius

Email: ada@ada.It

Phone: (+370) 5 212 7532

Fax: (+370) 261 9494

Website: https://vdai.lrv.lt/

If you have a concern about our processing of personal data that we are not able to resolve through our internal resolution process, you have the right to lodge a complaint with the data privacy authority where you reside. For contact details of your local Data Protection Authority, please see: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection- authorities/index_en.htm.

Existence of automated decision-making

You have a right not to be subject to a decision based solely on automated processing (i.e., by computers and without human intervention), including profiling, which produces legal effects concerning you or similarly significantly affects you.

However, this right does not apply when the decision:

  • is necessary for entering into, or performance of, a contract between you and us;
  • is required or authorised by law; or
  • is based on your explicit consent.

Although certain third parties may use automated decision-making tools or software, we do not use automatic decision-making or profiling when processing personal data. If this changes, we will confirm this with you and provide meaningful information about the logic involved, as well as the significance and the envisaged consequences for you.

Cookies

We use technology to collect anonymous information about the use of our platform. For example, when you browse our Platform, our service providers log your server address, the date and time of your visit, the pages and links accessed and the type of browser used. It does not identify you personally and we only use this information for statistical purposes and to improve the content and functionality of our website, to better understand our clients and markets and to improve our services.

The Cookie Policy addresses the processing of your personal data using Cookies. You can find out more about our use of Cookies in our Cookie Policy.

Data breaches

The accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data is known as a “data breach”. Data Protection Legislation imposes certain requirements on controllers to identify, assess and report data breaches in a timely manner.

Where we have to provide a notification to the SDPI, this shall be done without undue delay and, where feasible, not later than 72 hours after we became aware of a data breach. Where the notification to the SDPI is not made within 72 hours, it will be accompanied by reasons for the delay.

We undertake to inform you, when required, if your personal data is compromised and there is a high risk to your rights and freedoms as a result.

Questions and complaints and how to contact us

We welcome your questions and comments about privacy. If you have any concerns or complaints, please submit a support request from Company’s website, email us at support@orizon.finance. Your complaint will be considered by us through our internal complaints resolution process and we will try to respond with a decision within 30 days of you making the complaint.

Confidentiality

Employees and / or authorized persons must comply with the principle of confidentiality and keep confidential any information relating to the Personal Data with which they have become aware in the course of their duties, unless such information is public in accordance with

applicable laws or regulations Employees and / or authorized persons must also comply with the principle of confidentiality at the end of the labor relations and / or contract under which the person has acted. The obligation of confidentiality shall also apply after the Employee and

/ or the authorized person change the position in the Company. The principle of confidentiality also implies that persons who process Personal Data are prohibited from disclosing them without the Company's written permission.

Changes to this policy

The Policy will be reviewed from time to time to take account of changes to our operations or practices and, further, to make sure it remains appropriate to any changes in law, technology and the business environment. Any personal information held will be governed by our most current Policy.

Limits to your right to information

Your right to information is limited in certain cases. The requirements to give information do not apply insofar as:

  • the provision of information to you proves impossible or would require disproportionate effort on our part in order to provide. This is provided that we take appropriate steps as controller to protect your rights as a data subject, your freedoms and your legitimate interests, including by making information publicly available (as this Policy intends to do);
  • obtaining or disclosure is expressly laid down by Data Protection Legislation which we are subject and which provides appropriate measures to protect your legitimate interests;
  • the personal data must remain confidential subject to an obligation of professional secrecy regulated by Lithuanian law (such as statutory obligations of secrecy); or
  • you already have the information.