Credex Multipay UAB is committed to protecting Your privacy.
This Privacy Policy explains how personal data is processed by Credex Multipay UAB.
Credex Multipay UAB is a company incorporated in the Republic of Lithuania having registered office at Eisiskiu Sodu18-oji g.11, LT-02194 Vilnius, Republic of Lithuania.
The words “we”, “our”, “us” refer to Credex Multipay UAB.
You may contact our Data Protection Officer by sending an email to this address: [email protected]
If you have questions, please contact us at [email protected]
| Purpose of Processing | How we collect the data | Data Subjects: Categories of Data | Storage Period | Legal Basis |
|---|---|---|---|---|
| Onboarding | Directly from you | User: ID photo; selfie; proof of address; video; country; tax number; taxpayer residence; occupation; type of future transactions; monthly turnover of incoming payments (in EUR equivalent); monthly turnover of outgoing payments (in EUR equivalent); number of outgoing payments per month. | Five (5) years after onboarding | Compliance with a legal obligation |
| Service provision | Directly from you | User: Email; profile ID; photo; username; currency; network; user's wallet address; buyer's or seller's wallet address; transaction amount; risk score; number of confirmations; network fee; service fee. | Until the termination of a contract or until the deletion of an account whichever happened earlier, and within the terms specified by law | Processing is necessary for the performance of a contract to which you are a party. We will not be able to provide you with our service if you fail to provide the data |
| In-service communication, such as communication with the support team | Directly from you Automatically through your use of our service |
Our users: Data about your account and data from the message to the support; email. |
Until the termination of a contract or until the deletion of an account whichever happened earlier, and within the terms specified by law | Our legitimate interests to improve the quality of our Service |
| AML/KYC compliance: transaction information storage | Directly from you Automatically through your use of our service |
User: Information about transaction, including sum of transaction, time, corresponding account. |
Five (5) years after the transaction | Compliance with a legal obligation |
| AML/KYC compliance: Suspicious Activity Report (SAR) | Directly from you | User: Information about transaction, including sum of transaction, time, corresponding account. | Five (5) years after the event | Compliance with a legal obligation |
| AML/KYC compliance: business correspondence with user | Directly from you | User: Content of the correspondence. | Five (5) ears after receiving (sending) the correspondence | Compliance with a legal obligation |
Your information is securely stored on our services located in the EU.
We keep your personal information for the time period specified above for each type of data. We will then dispose this information by deleting rows from the database.
In cases specified by the legislation of the EU or other applicable law we may store and handle your personal information after achieving the original purposes of data processing or the end of time period specified above.
According to art. 1.125 Civil Code of the Republic of Lithuania, of July 18, 2000, № VIII-1864 we reserve the right to extend the term of storage your data if we have any reasons to consider that the processing is necessary to initiate or defend against any actions to claim rights or legal proceedings, or related to judicial or security procedures. According to the art. 1.125 Civil Code of the Republic of Lithuania General prescription comprises a period of ten (10) years.
We use third-party service providers to help us provide the Services and give support.
They only receive data needed to provide their services to us. We have agreements with our service providers that say they cannot use any of this data for their own purposes or for the purposes of another third party.
We prohibit our service providers from selling data they receive from us or receive on our behalf.
We require service providers to use data only in order to perform the services we have hired them to do (unless otherwise required by law). For example, we may use a company to help us provide client support. The information they may receive as part of providing that support cannot be used by them for anything else.
| Processors, their Location and the Link to Privacy Policy / Website if applicable | Purpose of Transfer | Safeguards for restricted transfers (outside the LT) |
|---|---|---|
| Contractors | Human Resources | We use International Data Transfer Agreements, Standard contractual clauses to ensure that your data is properly protected |
| Sum and Substance LTD, UK | Remote identity verification, fraud prevention, enforcement of AML/CFT laws and regulations, internal risk management and due diligence procedures | Adequate country (UK) |
| MessageBird B.V. | SMS and 2fa services | Adequate country (NL) |
| Google LLC (the USA) | Google play, push notifications, Mobile analytics, Web Analytics Service Provider (Google Analytics) | We conclude a contract that obliges the Processor to implement the provisions, measures, controls and requirements set out in the EU legislation, including provisions related to imposing appropriate measures to protect personal data and provide you with legally recognised and enforceable measures to protect your rights as well as recognised and enforceable legal remedies |
| APPLE INC. (the USA) | App Store Connect | We conclude a contract that obliges the Processor to implement the provisions, measures, controls and requirements set out in the EU legislation, including provisions related to imposing appropriate measures to protect personal data and provide you with legally recognised and enforceable measures to protect your rights as well as recognised and enforceable legal remedies |
| Amplitude INC. (the USA) | Web Analytics Service Provider (Amplitude) | We conclude a contract that obliges the Processor to implement the provisions, measures, controls and requirements set out in the EU legislation, including provisions related to imposing appropriate measures to protect personal data and provide you with legally recognised and enforceable measures to protect your rights as well as recognised and enforceable legal remedies |
We do not make any automated decisions about you that would result in legal or other similarly significant effects on you.
You have the following rights under the GDPR concerning personal data: the right to information, right to access, right to rectification, right to withdraw consent, right to object against processing for specific purposes (such as direct marketing), right to object to automated processing, right to be forgotten and right for data portability (copy of personal data in a commonly used machine–readable format).
You may also exercise the mentioned rights by contacting us via email at [email protected].
You also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or where an alleged infringement of the GDPR has taken place.
We regularly update this Policy in case there are significant changes in the way we process your personal data.
You will receive a notification prior to such significant changes become effective by email if you provided us with your email address, by our mobile app or by pop-up notice on our website.