Privacy Policy

1. PURPOSE AND SCOPE

1.1. NTJ UAB, legal entity code 306169597, registered address at Mėsinių str. 5, LT-01133, Vilnius, Lithuania (hereinafter – the Company, we or us) is a company administering a virtual currency exchange and virtual currency wallet at  www.safe2transact.com/; acting according to the laws of the Republic of Lithuania. The Company is committed to conduct business operations in a transparent and open manner consistent with its regulatory obligations.

1.2. In any case, all personal data collected by us is processed in accordance with the EU General Data Protection Regulation No. 2016/679 (GDPR), Law on the Legal Protection of Personal Data of the Republic of Lithuania and other applicable legal acts.

1.3. In this Privacy Policy, we provide you with explanation on what kind of personal data we collect when providing you with our services (Services), what are the purposes of such processing and what rights you have in respect of your personal data.

1.4. When writing ‘you’, we mean you as – a potential, existing or former client, our client’s employee or other parties, such as beneficial owners, authorized representatives, business partners, our merchant’s clients, other associated parties or a person contacting us by e–mail or using other communication means.

2. PRINCIPLES RELATING TO PROCESSING OF PERSONAL DATA

2.1. We are responsible for ensuring security of your personal data made available to us, in particular to prevent unauthorized access to your data.
2.1. When processing personal data, we follow the principles of:
– legality, fairness and transparency;
– purpose limitation;
– data minimization;
– accuracy;
– storage limitation;
– integrity and confidentiality.

3. WHAT INFORMATION WE COLLECT, FOR WHAT PURPOSES AND ON WHAT LEGAL BASIS

3.1  Categories of personal data being processed

The personal data we collect can be grouped into the following categories:

CategoryPersonal data elements
1. Basic personal dataFirst, last, middle, maiden names, job title, etc.
2. Identification information and other
background verification data (your, or your
representatives’ and, ultimate beneficiary
owner’s)
Name, surname, personal identity code, date of birth, any other unique sequence of symbols granted to you,
intended for personal identification, country of birth, address, nationality (in the case of a stateless person – the
state which issued the identity document), citizenship, gender, copy of passport or ID card and its details (e.g., type, number, place and date of issuance, expiry date, MRZ code, signature), evidence of beneficial ownership or the
source of funds (funds for account opening or transactions, occupation/employment information), source of wealth (information on how wealth was obtained), tax information (tax residence, tax identification number), number of
shares held, voting rights or part of share capital, title, visually scanned or photographed image of your face or
image that you provide through a mobile or desktop camera while using our identification application, video and
audio recordings for identification.
3. Monetary operations detailsSuch as currency, amount, location, date, time, IP address, payer’s and payee’s name and registration information, messages and documents sent or received with the payment
4. Details of your activities on your account or
mobile application
History of the actions performed on your account, mobile application, technical information, including the internet
protocol (IP) address used to connect your computer to the internet, your log-in information (e.g., login time),
browser type and version, time-zone setting, operating system and platform, type of device you use, unique device
identifier
5. Details of your activities on our
website
History of the actions performed on our website, technical information,
including the internet protocol (IP) address
used to connect your
computer to the internet, time zone setting, operating system and
platform.
6. Details of your
existing bank
account/-s
Financial institution account number, IBAN number, payment card
number.
7. Information related to legal requirementsData resulting from enquiries made by the authorities, data that
enables us to perform anti-money laundering
requirements and
ensure the compliance with international sanctions, including the
purpose of the business
relationship and whether you are a politically exposed person and other data that is required to be processed by us

in order to comply with the legal obligation to “know your client”
(collected data will differ depending on the client’s risk score)
8. Contact detailsPhone number, e-mail, residential address
9. Special category dataBiometric data

3.2  Purposes and legal basis for personal data processing

PurposeLegal basisCategories of personal data
1. To conclude the contract
with you, or to take
steps at
your request prior to
entering into a
contract
• Taking necessary steps before conclusion of
the contract and/or conclusion of the contract;
• Legal obligations – Law on Prevention of
Money Laundering and Terrorist Financing of
the Republic of Lithuania
• Basic personal data;
• Identification and other background verification data;
• Contact details;
• Other personal data needed (in order to evaluate the possibility of providing our Services).
2. To perform the contract
concluded with you,
including (but not limited to)
provision of our
Services,
administering your wallet
• Performance of the contract;
• Legal obligations – Law on Prevention of
Money Laundering and Terrorist Financing of
the Republic of Lithuania; and Order of the
Financial Investigations Unit No V-314
• Basic personal data;
• Identification and other background verification data;
• Monetary operation details;
• Details of your activities in your website account or
mobile application;
• Details of your existing bank account/-s;
• Information related to legal requirements;
• Details of your existing bank account/-s;
• Contact details;
• Other personal data needed (in order to evaluate the possibility of providing Services).
3. To comply with legal obligations (e.g.,
implementation of the obligations under the
Law on Prevention of Money Laundering and
Terrorist Financing of the Republic of Lithuania and other fraud and crime prevention purposes) and risk management obligations
• Legal obligations – Law on Prevention of
Money Laundering and Terrorist Financing of
the Republic of Lithuania
• Basic personal data;
• Identification and other background verification data;
• Monetary operation details;
• Details of your existing bank account/-s;
• Information related to legal requirements;
• Contact details;
• Other personal data needed (in order to evaluate the possibility of providing Services).
4. To identify you remotely• Law on Prevention of Money Laundering and
Terrorist Financing of the Republic of Lithuania
• Order No. V314 of the Director of the Financial Crime investigation service under Ministry
of the Interior of the Republic of Lithuania dated 30 November 2016
• Special category data (biometric
data)
5. To prevent, limit and investigate any misuse
or unlawful use or disturbance of the Services
or to establish, exercising and defend legal
claims
• Performance of the contract;
• Legitimate interest – defend against legal
claims and prevent fraud;
• Legal obligations – Law on Prevention of
Money Laundering and Terrorist Financing of
the Republic of Lithuania; Order of the Financial Investigations Unit No V-314
• Basic personal data;
• Identification and other background verification data;
• Monetary operation details;
• Details of your activities in your website account or mobile
application;
• Details of your activities in our website;
• Details of your existing bank account/-s;
• Information related to legal requirements;
• Contact details;
• Other personal data needed (in order to evaluate the possibility of providing Services).
6. To ensure adequate provisions of the Services, the safety of information within the Services, as well as to improve, develop and maintain
applications, technical systems and
ITinfrastructure or our legitimate business
interests, such as enabling us to improve and
deliver a better and more personalized service
• Legitimate interest – to improve and deliver a better and more personalized service.• Basic personal data;
• Contact details;
• Details of your activities in your website account or mobile
application;
• Details of your activities in our website;
• Other personal data needed (in order to evaluate the possibility of providing Services).
7. To provide an answer when you contact us via our website or other communication means• Legitimate interest – to provide good
customer service.
• Basic personal data;
• Contact details;
• Other personal data needed (in order to evaluate the possibility of providing Services).
8. To perform the contract with our merchant’s
clients
• Legitimate interest – to comply to our
contractual obligations with merchants.
• Basic personal data;
• Details of your existing bank account/-s;
• Monetary operations details.
9. To prevent fraud (in case you are rejected, we will keep your onboarding results for the
purposes of future applications)
• Legal obligations – Law on Prevention of
Money Laundering and Terrorist Financing of
the Republic of Lithuania; Order of the Financial Investigations Unit No V-314
• Basic personal data;
• Details of your existing bank account/-s;
• Monetary operations details.
10. To administer Customer’s feedback
WE URGE YOU TO
WITHHOLD ANY SENSITIVE
PERSONAL INFORMATION
AND PROVIDE ONLY A
SHORT FEEDBACK.
• Performance of
contractual
obligations

deriving from
our Terms and
Conditions).
• Basic personal data;
• Details of your existing bank account/-s;
• Monetary operations details.
11. To improve our Website/ application and
Services.
• Legal basis is your consent provided for the use of cookies
Please note that
without any
adverse effect you
have a right to
withhold your
consent or

withdraw your
previously given
consent by
contact us using
our contact details
provided
herein.
• Cookie generated data
12. To send administrative
information to you,
for
example, information
regarding our Website/
application and relevant
changes to our
Services
• Our legitimate
interest – to
provide good

customer
service.
• Basic personal data;
• Details of your existing bank
account/-s;
13. For our internal business
purposes, such as statistics,
analyzing and managing our
businesses, business
mergers and acquisitions,
market research, audits,
developing new
products,
enhancing our Website,
applications,
identifying
usage trends, determining
the
effectiveness of our
promotional campaigns
and
gauging customer
satisfaction.
• Our legitimate
interest – to
provide good

customer
service and
develop our
Services
• Basic personal data;
• Identification and other
background verification data;
• Monetary operation details;
• Details of your activities in your
website account or mobile

application;
• Details of your activities in our
website;
14. For logging the data.
Whenever you use our
services, products or visit
our Website, we
collect
information that your
browser sends to
us that is
called Log Data. This Log
Data
includes information
such as your computer’s
Internet Protocol (“IP”)
address, browser version,
pages of our service that you
visit, the time and date of
your visit, the time spent on
those pages, and other
statistics.
• Our legitimate
interest – to
provide good

customer
service and
develop our
Services
• Details of your activities in
your Website/ application
account or mobile
application;
• Details of your activities in
our Website/ application;

We do not process special category data related to your health, ethnicity, or religious or political beliefs unless required by law or in specific circumstances where, for example, you reveal such data while using the Services (e.g., in payments details).

If you provide us personal data about other people (such as your spouse or family) or you ask us to share their personal data with third parties, you confirm that you have brought this Privacy Policy to their attention beforehand.

4. HOW WE COLLECT YOUR PERSONAL DATA

We collect information you provide directly to us when you:

a) fill out any forms on our website, platform and/or mobile application;
b) open an account or use any other Services;
c) contact us via our website or by using other means of communication (e.g., via our social network
accounts);
d) use services of merchant’s which are our partners.

We may also receive your personal data from third parties. In particular:a) we may receive personal data from third parties such as public or private registers and databases.
This includes information to help us check your identity, if applicable, information about your
spouse and family, and information relating to your transactions;
b) occasionally we will use publicly available information about you from publicly available sources
(e.g., media, online registers and directories) and websites for enhanced due diligence checks,
security searches and other purposes related to client due diligence processes;
c) we may receive personal data from a third party which is connected to you or is dealing with us,
for example, business partners, sub–contractors, service providers, merchants and etc.;
d) we may receive personal data from banks or other financial institutions in case the personal data
is received while executing payment operations;
e) we may receive personal data from other entities which we collaborate with.5. OUR IDENTIFICATION TOOLS

In order to perform your identity verification, we use the services provided by our partner GB Group Plc., The Foundation Herons Way, Chester Business Park, Chester, United Kingdom, CH4 9GB (hereinafter – “GBG”). The Service Provider takes the photo images or video recordings of your face and your ID document that you provide through a mobile application or a dedicated website using the camera. For more information on GBG please read their Privacy Policy here
https://www.gbgplc.com/en/legal-and-regulatory/products-services-privacy-policy/

GBG’s solution is used for comparing live photographic data or video record of you and your ID document, to comply with legal obligations (e.g., implementation of the obligations under the Law on Prevention of Money Laundering and Terrorist Financing of the Republic of Lithuania and other fraud and crime prevention purposes) and risk management obligations.

The result of the face similarity (match or mismatch) will be retained for as long as it is necessary to carry out verification and for the period required by anti-money laundering laws (currently up to 8 years after the termination of the business relationships).

We ensure that your face similarity check is a process of comparing data acquired at the time of verification, i.e., this is a one-time user authorization by comparing person’s photos to each other. Your facial template is not created, recorded or stored. It is not possible to regenerate the raw data from retained information.

Using GBG’s services, personal data is collected and transferred to us to further identification and verification of the person in the identity document and the person captured in the photo. This process shall allow us to verify your identity more precisely and make the process quicker and easier to execute. If you do not feel comfortable with this identification method, you may contact us by e-mail at cs@safe2transact.com for an alternative way to identify you.

6. DIRECT MARKETING

In case you are an existing client (i.e., you already use our Services), we may use your e-mail address for direct marketing purposes, but only with regard to our products and/or Services that are similar or related to the Services you have obtained, and only if you do not object to such use of your e-mail address. You are also granted with a clear, free of charge and easily enforceable possibility to object or withdraw from such use of your contact details.

In other cases, we may use your personal data for the purpose of direct marketing, only if you give us your prior explicit consent regarding such use of the data.

We are entitled to offer the Services provided by our business partners or other third parties to you or find out your opinion on different matters in relation to our business partners or other third parties only if you will specifically consent to this.

In case you do not agree to receive these marketing messages or calls offered by us, our business partners or third parties, this will not have any impact on the provision of Services to you as the client.

We provide a clear, free-of-charge and easily enforceable possibility not to give your consent or, at any time, to withdraw your consent to receive our marketing messages. We shall state in each notification sent by e-mail that you are entitled to object to the processing of the personal data, and to refuse receiving messages from us. You shall be able to refuse receiving our marketing messages by clicking on the respective link in each marketing e-mail received from us.

7. AUTOMATED DECISION MAKINGWe do not use automated decision making.8. HOW WE SHARE YOUR PERSONAL DATAWe may disclose your personal information to the recipients of the following categories: a) public authorities, institutions, organizations, courts and other third parties, but only upon request and only when required by applicable laws, or in cases and under procedures provided for by applicable laws;
b) third parties providing services to us including providers of legal, financial, auditing, tax, business management, personnel administration, remote identification, accounting, advertising (including online advertising), direct marketing, communications, data centers, hosting, cloud and/or other services. In each case, we provide such third parties with only as much data as necessary to provide their services. Service providers engaged by us may process your personal data only in accordance with our instructions and may not use them for other purposes;
c) third parties for the purpose of performance of the contract concluded with you;
d) our affiliate companies – i.e., companies belonging to the same group;
e) third parties, when we intend to enter into a business sale transaction and/or to perform legal and/or financial due diligence of us prior to such transaction;
f) other persons with your consent.9. INTERNATIONAL TRANSFER OF PERSONAL DATAIn case your personal data is transferred outside the European Economic Area (EEA), we will take
necessary steps to ensure that your data is treated securely and in accordance with this Privacy Policy
and we will ensure that it is protected and transferred in a manner consistent with the legal
requirements applicable to the personal data. This can be done in a number of different ways, for
example:a) the country to which we send the personal data, a territory or one or more specified sectors
within that third country, or the international organization is approved by the European
Commission as having an adequate level of protection;
b) the recipient has signed or contains in its terms of service (service agreement) standard
contractual clauses adopted by the European Commission;
c) special permission has been obtained from a supervisory authority.

We may transfer personal data to a third country by taking other measures if it ensures appropriate
safeguards as indicated in the GDPR or on the basis of derogations. To find out about the exact
additional security measure used, please write to us at info@safe2transact.com

10. HOW WE PROTECT YOUR PERSONAL DATA

Please note that, although no system of technology is completely secure, we have to implement appropriate security measures in order to minimize the risks of unauthorized access to or improper use of your personal information.

We and our third-party service providers that may be engaged in the processing of personal data on our behalf (for the purposes indicated above) are contractually obligated to respect the confidentiality of the personal data.

A variety of logical and physical security measures are used to keep your personal data safe and prevent unauthorized access, usage, or disclosure of it (the list indicated below is not exhaustive): we use antivirus software, access control policies, we review our information collection, storage, and processing practices, including physical security measures, to prevent unauthorized access to our systems, we use data encryption, etc.

11. HOW LONG DO WE KEEP YOUR PERSONAL DATA

We will keep your personal data for as long as it is needed for the purposes for which your data was collected and processed, including for the purposes to comply with any legal, regulatory, tax, accounting or reporting obligations. This means that we store your data for as long as it is necessary for provision of the Services and as required by the retention requirements in laws and regulations. If the legislation of the Republic of Lithuania does not provide any applicable data retention period, it shall be determined by us, taking into account the legitimate purpose of the data retention, the legal basis and the principles of lawful processing of personal data.

The terms of data retention of the personal data for the purposes of the processing of the personal data as specified in this Privacy Policy are as follows:

a) when data is processed based on your consent, we will process your data for as long as your consent remains in force, if there are no other legal requirements which shall be fulfilled with regard to the personal data processing;

b) in case of the conclusion and execution of contracts – until the contract concluded between you and us remains in force and up to 10 years after the relationship between you and us has ended;

c) the personal data collected for the implementation of the obligations under the Law on the Prevention of Money Laundering and Terrorist Financing shall be stored up to 8 (eight) years as provided in the Law on Prevention of Money Laundering and Terrorist Financing of the Republic of Lithuania. The retention period may be extended for a period not exceeding 2 (two) years, provided there is a reasoned request from a competent authority;

d) the personal data submitted by you through our website or via e-mail is kept for an extent necessary for the fulfilment of your request and to maintain further cooperation, but no longer than 6 months after the last day of the communication, if there are no legal requirements to keep them longer.

In the cases when the terms of data keeping are indicated in the legislative regulations, the legislative regulations are applied.

We may retain your personal data for a longer period when:

a) it is necessary in order for us to defend ourselves against existing or threatened claims, or to exercise our rights, or for the proper resolution of dispute, complaint or claim;

b) there is a reasonable suspicion of illegal activity;

c) it is required by applicable laws;

Upon expiration of the retention period, we will delete and/or reliably and irrevocably depersonalize your data as soon as possible, within a reasonable time required to perform such action.

12. YOUR RIGHTS

a) The right to be informed. You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data.

b) The right to access. You have the right to request from us the copies of your personal data. Where your requests are excessive, in particular if they are being sent with a repetitive character, we may refuse to act on the request, or charge a reasonable fee taking into account the administrative costs for providing the information. The assessment of the excessiveness of the request will be made by us.

c) The right to rectification. You have the right to request us to correct or update your personal data at any time, in particular if your personal data is incomplete or incorrect.

d) The right to data portability. The personal data provided by you is portable. You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

e) The right to be forgotten. When there is no good reason for us to process your personal data anymore, you can ask us to delete your data. We will take reasonable steps to respond to your request. If your personal data is no longer needed and we are not required by law to retain it, we will delete it or destroy it.

f) The right to restrict processing. You have the right to restrict the processing of your personal data in certain situations (e. g. you want us to investigate whether it is accurate; we no longer need your personal data, but you want us to continue holding it for you in connection with a legal claim).

g) The right to object processing. Under certain circumstances you have the right to object to certain types of processing (e. g. receiving notification emails). However, if you object to us using personal data which we need in order to provide our Services, we may need to close your payment account as we will not be able to provide the Services.

h) The right to file a complaint with a supervisory authority. You have the right to file a complaint directly the State Data Protection Inspectorate of Lithuania if you believe that the personal data is processed in a way that violates your rights and legitimate interests stipulated by applicable legislation. You may apply in accordance with the procedures for handling complaints that are established by the State Data Protection Inspectorate, and which may be found by this link:
https://vdai.lrv.lt/lt/veiklos-sritys-1/skundu-nagrinejimas.

i) Rights related to automated decision-making (currently not applicable). You have the right not to be subject to a decision which is based solely on automated processing and which produces legal or other significant effects. In particular, you have the right:
• to obtain human intervention;
• to express point of view;
• to obtain an explanation of the decision reached after an assessment; and
• to challenge such a decision.

j) Right to withdraw your permission. If you have given us consent for processing of your data, you can withdraw your consent at any time. It will have been lawful for us to use the personal data up to the point you withdrew your permission. You also have a right to withhold your consent without any adverse effect.

If you would like to exercise any of these rights, please contact us via e-mail: info@safe2transact.com. For security reasons, we will not be able to process your request if we are not sure of your identity, so we may ask for your ID as proof.

Your requests will be fulfilled, or fulfilment of your requests will be refused by specifying the reasons for such refusal, within 30 (thirty) calendar days from the date of submission of the request that complies with our internal rules and the GDPR. The afore-mentioned time frame may be extended by 60 (sixty) calendar days taking into account the complexity and number of the requests. The Company will inform you of any such extension within 30 (thirty) calendar days of receipt of the request, together with the reasons for the delay.

We may refuse to satisfy you request if the exception and/or limitation to the exercise of data subjects’ right set out in the GDPR apply, and/or if your request is found to be manifestly unfounded or disproportionate. If we refuse to satisfy your request, we will give you our reason for such refusal in writing.

13. COOKIES POLICY

If you access our information or Services through our website, you should be aware that we use cookies.

For more information on how to control your cookie settings and browser settings or how to delete cookies from your device, please read the Cookie Policy available on our website here
https://safe2transact.com

14. LINKS TO OTHER WEBSITESOur website may contain links to other websites which are not operated by us. When you decide to click on these links and be led to such websites, we recommend familiarizing yourself with their privacy
policies or notices, cookie policies and/or other documents. We assume no responsibility for the
content, policies or practices of such third-party websites or services.15. CHANGES TO THIS PRIVACY POLICYWe regularly review this Privacy Policy and reserve the right to modify it at any time in accordance
with applicable laws and regulations. We will inform you of any material changes in advance.16. CONTACT US

You may contact us by e-mail info@safe2transact.com.