Private Policy

• Lawfulness: we endeavour to process personal data in accordance with the applicable data protection legislation and only on the basis of the appropriate legal grounds.
• Transparency: we do our best to make the processing activities transparent and understandable for you, including by providing you with all reasonably necessary information regarding the processing.
• Data Minimisation: we endeavour to process only necessary personal data, taking into account the requirements of the applicable legislation.
• Purpose Limitation: we process your data only for the purposes it was collected. If we establish any other purpose, we will inform you reasonably in advance.
• Control: we try to give you as much control over your data as reasonably feasible taking into account the available functionality and requirements of the law
• Confidentiality, Integrity, and Availability: we try to comply with the best practices applicable to the development and maintenance of the security systems.
• Disclosure Accountability: if we disclose personal data to any person, we will do our best to ensure that such person will comply with the terms of the applicable legislation and this Privacy Notice.

The categories of personal data we collect depend on how you interact with us, use the Services, and the requirements of applicable data protection legislation. We collect and process the following types of personal data:

• A. Account Data

  When you register a user account, we collect your email address and password.

  When a user account is created, we assign a unique ID to each account. The ID is technically necessary to operate the Services. The unique ID is a random internal identification number automatically assigned to each user account. The ID is used for internal purposes to count the users. Without any other pieces of data, the ID does not identify you as an individual.

• B. Verification Data

  In order to enable you to use certain functionality of the Services, such as withdrawal, we collect the personal data, which is necessary to verify your identity. Such information includes:

  • i. your first name, last name, middle name, and gender;
  • ii. date of birth;
  • iii. address information, including country of residence, city, ZIP code, name of the street, number of house and/or apartment;
  • iv. ID document information, such as passport, ID card, or driver licence;
  • v. selfie photo with your ID document.

• C. Transaction Data

  In order to carry out certain transactions within the Services, such as, deposit, withdrawal, buy and sell orders, staking (collectively, the “Transactions”), we assign to you certain addresses that are used to track the ownership of digital assets on the respective blockchain network (the “Addresses”).

  When you carry out Transactions, we collect and process your respective Address and information about such Transaction, such as: (i) Transaction amount; (ii) Addresses or account details of sender and recipient; (iii) the type of digital asset or fiat currency used in the respective Transaction; (iv) Transaction time and date; (v) Transaction status; (vi) Transaction ID, etc.

  When you make a deposit or withdrawal to or from your user account, we receive your digital wallet address, address of your account on certain other exchanges, bank account or card data, and other payment information associated with such deposit or withdrawal.

• D. Application Data

  When you submit an application for the purpose of listing on the TIDEX exchange, we collect your email address and Telegram contact.

• E. Referral Data

  When you participate in our referral program, we generate a referral link and automatically assign to you a unique referral identification number (referral ID), which is a set of random letters and numbers, such as ca40fb07-b8c1-405d-9b0e-106076c65067. The referral ID is used for internal purposes to identify you as a user, who shares a referral link and invites others to use the Services. The invited users are also assigned with a unique internal identification number to identify the referred users.

• F. Technical Data

  When you access or browse the Services, certain data may be collected automatically:

  • Internet Protocol (IP) address - This means a unique address of a device, which allows us to identify your approximate location (country, city, region, ZIP code). For better understanding, IP addresses are expressed as a set of numbers, for: 194.150.2.33.
  • Browser details - This includes information about the browser type and its version.
  • Device details - This includes information about the type of the device (e.g., computer, tablet, or smartphone) and its model.
  • Operating system - This means the information about the type and version of the operating system on your device (e.g., Windows 10, macOS version 12.4, etc.).

• G. Contact Data

  We may also collect certain data if you reach us via the contact details indicated on the Website or in the App, or if you use a chat functionality, which may be available on the Website or App. In this case, we may collect and process certain information related to your request, such as email address, name, or any other data you choose to provide us.

• Account Data:

  We use the Account Data to create a user account and ensure the availability of certain functionality of the Services. The legal basis for the processing is the necessity for the performance of a contract between you and us. When we retain your email address following the termination of your user account, the legal basis for the processing is compliance with our legal obligation, i.e., to contact you if we need to.

• Verification Data:

  We collect and process your Verification Data in order to identify you as an individual and verify your identity. We collect this information as a regulated entity in order to comply with our legal obligations under the applicable laws and regulations, including anti-money laundering and combating the financing of terrorism procedures. The legal basis for the processing is compliance with our legal obligation.

• Transaction Data:

  We use the Transaction Data to ensure the operation of the Services and to enable you to carry out and complete the Transactions. The legal basis for the processing is (i) the necessity for the performance of a contract between you and us; (ii) our legitimate interests as well as the interests of other users to prevent and detect fraud and abuse in order to protect the security of our users; (iii) compliance with our legal obligations under applicable laws and regulations, including anti-money laundering and combating the financing of terrorism procedures.

• Application Data:

  We use the Application Data to enable you to apply for the listing on the TIDEX exchange. From the legal standpoint, we process the Application Data in order to perform a contract with you or to take steps at your request prior to entering into a contract.

• Referral Data:

  We use the Referral Data to enable you to participate in our referral program. The Referral Data allows us to (i) count you as a user, who shares a referral link and invites others to use the Services, and (ii) count the invited user. The Referral Data is necessary in order to accrue the relevant referral remuneration to you, if any. The legal basis for the processing is the necessity for the performance of a contract between you and us.

• Technical Data:

  The Technical Data is collected in order to (i) ensure the operation of the Services, (ii) ensure the security of your user account, for instance by identifying suspicious activities, and (iii) provide a better user experience by improving functionality, usability, user flow and interface of the Services. The legal basis for processing the Technical Data is, for item “(i)”, the performance of a contract between you and us and, for items “(ii)” and “(iii)”, our legitimate interest to ensure the security of your user account and improve the functionality and user experience of the Services.

• Contact Data:

  We process your Contact Data to respond to your inquiry and the legal basis is our legitimate interest to do the same. We also store the Contact Data to comply with the applicable legislation.

We share your personal information with the following categories of recipients:

• (a) customer support team;
• (b) customer support management system and online chat service provider;
• (c) software development team;
• (d) hosting service providers;
• (e) know-your-customer (KYC) service providers;
• (f) online chat service provider;
• (g) payment service providers, which process deposit and withdrawal transactions;
• (h) government authorities, upon their request or if necessary to comply with a legal obligation;
• (i) another entity if we sell or otherwise transfer the Services or their part.

Sometimes we may transfer your personal data to countries that do not offer the same level of data protection as the laws of the European Union. In case we transfer your personal data to a country that does not maintain the “adequate” level of data protection, as defined by the European Commission, we will put in place suitable safeguards, which give you more protection and control regarding your personal data, and take reasonable steps to ensure that your privacy rights continue to be protected as outlined in this Privacy Notice and provided for in the applicable legislation. As a general rule, we will use the Standard Contractual Clauses (special documents developed by the European Commission) as an appropriate safeguard. You may reach us to ask whether your personal data is subject to transfer to a third country. This paragraph does not apply to the transfer of the data on or through a blockchain, since such data is publicly available. Please consider the “Your information and blockchain” section of this Privacy Notice.

As a general rule, we keep the data as long as it is necessary for the purposes it was collected. If necessary to meet our legal obligations under the applicable law or to protect our rights and legitimate interest or those of third parties, we may process the data longer than outlined below.

• Account Data

  Storage Period. As long as your user account is not terminated and further stored for eight (8) years from the termination of your user account.

  Rationale. We process your Account Data as long as it is necessary for the operation of your user account.
  We further process your Account Data after the termination of your user account due to our legal obligations under the applicable laws and regulations, including anti-money laundering and combating the financing of terrorism procedures.

• Verification Data

  Storage Period. As long as you have your user account is not terminated and for eight (8) years from the termination of your user account.

  Rationale. We process the Verification Data due to our legal obligations under the applicable laws and regulations, including anti-money laundering and combating the financing of terrorism procedures.

• Transaction Data

  Storage Period. As long as your user account is not terminated and for eight (8) years from completion of the respective Transaction. Please note that due to the nature of a blockchain, certain Transaction Data may be stored permanently.

  Rationale. We process the Transaction Data to provide the functionality of the Services to you and to comply with our legal obligations under the applicable laws and regulations, including anti-money laundering and combating the financing of terrorism procedures.

• Application Data

  Storage Period. If we enter into a contract, during the term of our engagement and for five (5) years after its termination.
  If we don’t enter into a contract, for five (5) years after the date of the data submission.

  Rationale. We need this data to perform an engagement with you and to comply with our legal obligations under the applicable laws and regulations.

• Referral Data

  Storage Period. Until your user account is terminated.

  Rationale. We need such data only as long as you have an active user account.

• Technical Data

  Storage Period. Until the browsing session from your respective device expires.

  Rationale. We process such data to provide you with the access to the Services and due to our legitimate interest to ensure the security of your user account and improve the functionality and user experience of the Services.
  We need such data only as long as you have an active browsing session.

• Contact Data

  Storage Period. As long as you have your user account and for five (5) years from the date when your user account is terminated.

  Rationale. We process such data due to our legal obligations under the applicable laws and regulations.

Please note that certain Transactions interact with decentralised blockchain infrastructure and blockchain-based software, that works autonomously. When we say that a blockchain is decentralised we mean that there is no single person, including us, who controls the blockchain or stores data available thereon. The data is distributed via the nodes that simultaneously store all records entered into the blockchain.

By design, blockchain records cannot be changed or deleted and are said to be “immutable”. Please be aware that any transaction within the blockchain is irreversible and information entered into a blockchain cannot be deleted or changed. Therefore, your ability to exercise certain data protection rights or abilities may be limited.

In addition, due to the blockchain’s nature, the information that was entered in a blockchain will be publicly available and we will neither control such information nor manage access to it. Once you start carrying out Transactions, certain data will become publicly available on a blockchain. The ultimate decision whether to transact on a blockchain or carry out Transactions rests with you.

It is mandatory for you to provide the Verification Data in order to be eligible and authorised to access and use certain functionality of the Services, such as withdrawal. When you provide us with your Verification Data, the verification systems will process it automatically and report to us whether you are eligible to use certain functionality of the Services, for example, to withdraw your funds or virtual (cryptographic) assets. When the respective verification system notifies us that you are not eligible to use certain functionality of the Services, you will be automatically refused from using the respective Services functionality.

In addition, we may also automatically block users based on their geographical location. This is necessary to restrict access to the Services of the users from prohibited jurisdictions (meaning the jurisdictions in which the use of the Services or its functionality is prohibited by applicable laws or regulations, the Tidex Terms of Service, or our rules and policies).

If you do not agree with the outcomes of automatic decisions, you may: (a) request us to manually review the respective information and provide you with the outcomes of the review and/or (b) express your point of view and provide additional information or documents in order to contest the decision.

According to the applicable data protection legislation, you may have the following rights:

• (a) request access to your personal data (commonly known as a “data subject access request”). This enables you to ask us whether we process your personal data and, if we do process your data, you may request certain information about the processing activity and/or a copy of the personal data we hold about you and to check that we are lawfully processing it;

• (b) request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us;

• (c) request erasure of your personal data (commonly known as a “right to be forgotten”). This enables you to ask us to delete or remove personal data where there is no good reason for us to continue processing it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal or technical reasons which will be notified to you, if applicable, after your request;

• (d) object to processing of your personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms;

• (e) request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (1) if you want us to establish the data’s accuracy, (2) where our use of the data is unlawful but you do not want us to erase it, (3) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims, (4) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it;

• (f) request the transfer of your personal data to you or to a third party (commonly known as a “right to the data portability”). We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you;

• (g) withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent;

• (h) not to be subject to a decision based solely on automated processing of data, including profiling, which produces legal effects concerning you or similarly significantly affecting you;

• (i) file a complaint with a relevant supervisory authority in case we violate your rights or obligations imposed on us under the applicable data protection legislation. The relevant supervisory authority will particularly depend on where you are located.

  The details of the Lithuanian data protection supervisory authority:

  State Data Protection Inspectorate

  Website:	https://vdai.lrv.lt/en
  Address:	L. Sapiegos str. 17, LT-10312, Vilnius, Lithuania
  Phones:	+370 5 271 2804 / 279 1445
  E-mail:	ada@ada.lt

Please note that due to the nature of the processing operation, we may not be able to exercise certain rights that you may have pursuant to the applicable data protection legislation. When interacting with a blockchain we may not be able to ensure that your personal data is deleted, corrected, or restricted. This is because the blockchain is a public decentralised network and blockchain technology does not generally allow for data to be deleted or changed and certain rights, such as your right to erasure, right to rectification, right to object, or restrict processing of your personal data cannot be enforced. In these circumstances, we will only be able to exercise your rights with respect to the information that is stored on our servers and not on a blockchain. If you want to ensure your privacy rights are not affected in any way, you should not transact on public blockchains as certain rights may not be fully available or exercisable by you or us due to the technological infrastructure of the blockchain. You can learn more about blockchain above in “Your information and blockchain” section of this Privacy Notice.

In order to exercise your rights as a data subject, we may request certain information from you to verify your identity and confirm that you have the right to exercise such rights.

The Services are not intended for the use of children (under 18 years old or older, if the country of your residence determines a higher age restriction). We do not knowingly market to, or solicit data from children. We do not knowingly process, collect, or use personal data of children.

If we become aware that a child has provided us with personal information, we will use commercially reasonable efforts to delete such information from our database. If you are the parent or legal guardian of a child and believe that we have collected personal information from your child, please contact us.