User Privacy Notice
This Privacy Notice is when you are a User of Unlimit Crypto (also known as the “Company” ”we” or “our”) services available at:
Just browsing? Go to our Website Privacy Statement.
When does this privacy notice apply?
It applies when you have agreed to Unlimit Crypto User Terms (“Terms”) and you submit an order to use Unlimit Crypto payment and embedded widget services (“the Service”). We refer to you as a “User”. For further information on the Service please refer to Unlimit Crypto User Terms.
For which purposes do we process your personal data?
1. To identify, authenticate and perform obligatory checks (such as Know your Customer (KYC) and Know your Transaction (KYT)) on you, so we can provide the Service to you.
We use your personal data to perform obligatory checks so we can verify and authenticate you so that we meet our obligations underpayments, anti-money laundering, sanctions & embargo, anti-bribery and anti-corruption laws, as well as different directives, regulations and guidance issued by authorities to combat fraud, money laundering and bribery and corruption.
The Company may use automated decision-making, including profiling to identify any fraudulent transactions or suspicious behaviour. If this decision produces legal effects that affect you, as an individual, you have the right to obtain human intervention, express your point of view, or contest the decision based solely on automated processing, including profiling.
On what legal ground do we process this personal data?
We process your personal data based to comply with our legal obligations, such as Know your Customer (KYC and CDD (customer due diligence)).
In addition, to manage our internal administration and to automate some features of our verification process, including with our partners (a “partner” is a legal entity that signed an agreement with us and refers users to us- we suggest that you read their respective privacy notices on how they process your personal data).
We process personal data for our legitimate interests (for instance, when you provide us with your personal data for biometric facial verification so we improve the speed in which we can accurately authenticate you).
Subject to applicable law, any automated decision-making processing, including profiling, will be based on your prior consent. See paragraph 8 if this Notice for more information.
What types of personal data may we process?
- Individual personal information (E.g., name, place of birth, if you hold any public functions, residence permits (and photos)
- Your contact details (E.g., work address, home address, email address, telephone number or any personal data that you provide to us so we can communicate to you about your application or verification status for our services)
- Your biometric data, such as facial features. In such circumstances, facial image data, such as photos of your face (including selfie images) and pictures or scans of your face contained in your identity document may also be collected.
- Your identity documents or information and authentication data (ID card, passport, nationality)
- Your financial data (E.g., bank account, credit record (if applicable), account or wallet number depending on your use of the Service)
- Your mobile device identifiers (E.g. IMSI and EMEI number).
- Your personal data because of any due diligence or enhanced due diligence (E.g., Due diligence checks, sanctions and anti-money laundering checks).
This information is to identify and manage fraud and includes automated reading, and verification of the authenticity of personal data.
How long do we keep your personal data?
We keep your personal data for as long as we are obliged to under the applicable laws.
2. To answer questions and to communicate with you
We use your personal data to reply to and answer your question or communications as part of our support services.
On what legal grounds do we process personal data for this purpose?
We process your personal data based on our legitimate interest in answering questions and communicating with you.
What types of personal data do we process?
We process your name, email address, any information you provide to us in your communication, and any other personal data necessary to answer your question.
For what period do we keep your personal data?
We will keep this data until you ask us to remove it unless we have a legal ground to retain such personal data. Please note that we will not be able to offer the Service to you if you request us to delete all personal data, including the personal data we receive from a partner. Please see Section 9 to read more about your Rights.
3.To process your transactions
We process personal data to provide our services as described in our Terms.
What types of personal data do we process?
Personal data arising out of the execution of our transactions, such as date, time, amount, currencies, location information and additional or supporting documentary evidence related to transactions or any other details arising from our contract with you and our partners.
What legal grounds do we process your personal data?
We process your personal data based on our legal obligations to perform our Services.
For how long do we keep your personal data?
We retain transaction data for as long as we are required to do so under applicable laws. For example, we are required to keep transaction data (which may contain your personal data) for at least five years from the transaction date.
4. To process and perform know your transactions off and on chain compliance
To ensure not only off-chain compliance, we also process the following information for on-chain compliance.
We process information to ensure that persons using the Services are not engaged in any illegal or prohibited activities and to analyze transaction patterns for analysis and development purposes.
What legal grounds do process your personal data?
We process your personal data based on our legal obligations to perform our Services.
For how long do we keep your personal data?
We retain such personal data for as long as we are required to do so under applicable laws.
How do we collect your personal data?
When you submit your personal data to us.
This can happen in different ways:
- When you have agreed to give to the partner your personal data who has a contract with us so we can provide our services. E.g., during the course of our business relationship with the partner.
- When you accept our Privacy Notice, receive communications from us, via email or forms available on our Website or any other means of communication. When you accept us collecting such personal data, you have the right to opt out of such collection at any time. If you want to opt-out please go to our Website.
Personal Data we collect when you use our services
This personal data may include the following:
- Transactions data.
- Profile and usage data services (if applicable and may include Personal Data on how you use the services. We may collect data from devices you use to connect to the services, such as computers and mobile phones, including EMEI and IMSI, IP address and use cookies (go to our Cookie Notice and Website Privacy Statement).
- Third-party data. Personal data we lawfully obtain from other entities such as service providers, fraud prevention aggregation agencies, public authorities, persons that refer you to us, our Group companies, and companies processing payments.
Who has access to your personal data?
Access to your personal data within Group of Companies
Personal data we collect may be transferred internationally (outside the European Economic Area) across our organisation. Your personal data may be exchanged within the group of companies to which the Company belongs, including its affiliates, subsidiaries and parent companies, which you can view here. Employees in the group are authorised to access your personal data only to the extent necessary to serve the applicable purposes we describe above and to perform their jobs.
Access to your personal data by partners
Personal data we collect or receive for the purposes of entering into contractual with another legal entity that has signed an agreement with us and then refers your personal data as a user’s to us for processing. We recommend that you read the Privacy Notice the partners in which you have entered a contract with.
Access to your personal data by third parties
The following categories of third parties have access to your personal data for the provisioning of their services to us in support of our services:
- Enterprise customer support
- Cloud hosting
- Enterprise ticket and workflow
- Verification platforms
When third parties are given access to your personal data, we will take the required contractual, technical and organisational measures to ensure that your personal data are only processed to the extent that such processing is necessary. The third parties will only process your personal data as per applicable law.
Suppose your personal data are transferred to a recipient in a country that does not provide adequate protection for personal data. In that case, we will ensure that your personal data are adequately protected, such as entering into EU Standard Contractual Clauses with these third parties.
In other cases, your personal data will not be supplied to third parties, except where required by law or when we are obliged by a legal order to provide the personal data to the government.
The use of your personal data by data processors
When a third party processes your personal data solely following our instructions, it acts as a data processor. We enter an agreement with such a data processor. In this agreement, we include obligations to ensure that the data processor processes your personal data solely to provide products or services to us.
Should you require a list of our sub-processors when you subscribe to a specific service, you can ask us by following the contact details in paragraph 12.
For information on sub-processors who may have access to your personal data and their processing:
- Zendesk: Management of contact requests and communication; Service provider: Zendesk, Inc., 989 Market Street #300, San Francisco, CA 94102, USA; Website: https://www.zendesk.com; Privacy Policy: https://www.zendesk.com/company/customers-partners/privacy-policy/; Standard Contractual Clauses (Safeguarding the level of data protection when processing data in third countries): Binding Corporate Rules as a Basis for U.S. Data Transfers: https://www.zendesk.de/company/privacy-and-data-protection/#data-processing-agreement.
- AWS: Cloud services, server based in the EU for EU personal data processing and other locations depending on applicable laws. Service Provider: AWS Inc, subject to AWS contracting party. Website: https://aws.amazon.com/ Privacy Notice: https://aws.amazon.com/privacy/
- Sum and Substance: Provision of Know Your Customer, Know your Business and Transaction monitoring services, including biometric facial recognition. Service Provider: Sum and Substance Ltd (UK), 2015-2023; Website: https://sumsub.com/; Privacy Policy: https://sumsub.com/privacy-notice/; Standard Contractual Clauses
- Crystal : Cryptocurrency transaction analysis and monitoring on the blockchain, bringing best-in-class anti-money laundering compliance and risk management solutions to exchanges, banks, and financial institutions. Service Provider: Crystal Blockchain B.V., with registered address at Strawinskylaan 3051, 1077ZX Amsterdam, the Netherlands, Chamber of Commerce registration number 60269618; Website: https://crystalblockchain.com/ Privacy Policy: https://crystalblockchain.com/templatepages/privacy-notice/
How is your personal data secured?
We have taken adequate safeguards to ensure the confidentiality and security of your personal data. The Company has implemented appropriate technical, physical and organisational measures to protect personal data against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorised disclosure or access, as well as all other forms of unlawful processing (including, but not limited to, unnecessary collection) or further processing.
The use of cookies
Please view our Cookie Notice. If you want to know how we process your personal data when you are visiting or browsing our Website, and interacting with our Website or any demo or app on our Website, go to our Website Privacy Statement.
Automated Decision Making
Automated decision-making means making decisions through automated means of processing personal data without human intervention. We do not generally use automated decision-making in establishing and carrying out a business relationship.
However, we may process some specific data automatically by using systems to make automated suggestions or decisions, including profiling, based on information we have or collect from other authorised sources. This helps us ensure we can react quickly and efficiently, with an aim also to protect our Merchants and payers. We may use automated decision-making and profiling to undertake anti-money laundering and anti-fraud measures.
We may use your personal data to help us identify if any transaction is potentially being used for purposes of fraud or money-laundering/terrorist financing, or sanctions contraventions.
If we determine a risk of fraud or unauthorised activity, we may stop activity on the account/block the payment instrument or refuse access to them.
Your rights
Under applicable data protection and privacy laws, you may have the right to:
- Access your personal data
You may ask us whether we process any personal data related to you. If this is the case, you may ask us to provide you with a copy of the personal data we process of you insofar as required by applicable data protection laws. - Correct and erase your personal data
You may request us to correct any inaccurate personal data we process about you. Also, you may ask us to erase the personal data that relate to you if they are no longer necessary for the purposes for which we processed them if you have withdrawn your consent. We do not have another legal ground for processing your personal data, if your personal data have been unlawfully processed, or if your personal data must be erased following applicable EU or EU member state laws. - Object to processing your personal data
You may object to our processing of your personal data based on our legitimate interest. We will then only process your personal data for this purpose if we have an overriding legitimate interest to do so. You may also ask us to erase your personal data, unless there is an overriding legitimate interest for the processing. This includes the right to opt-out of marketing communications which is stated in the Website Privacy Statement. - Data portability
In certain circumstances, you may request receipt or transmission to another organisation, in a machine-readable and structured form, of the personal data you specifically provided to us or if it was provided by you to us with your consent. - Lodge a complaint
If you think we did not comply with the applicable data protection and privacy laws, we ask you to please contact us and our data protection function will investigate and respond to you.
You have the right to ask State Data Protection Inspectorate or court to protect your rights. You can contact the State Data Protection Inspectorate at:
Phones: +370 5 271 2804 / 279 1445
Fax: +370 261 9494
E-mail: [email protected]
Address: L. Sapiegos str. 17 (Left-hand entrance), LT-10312 Vilnius
Childrens’ personal data
The Services are not intended to nor are designed to attract minors under the age of 18.
We do not voluntarily process any personal data of children (as defined under the applicable law) and in the circumstance when any personal data of children is processed, it will be processed only with the prior consent of the parent or guardian of the child.
If we become aware that it has processed any personal data of any children without prior parental consent, it will take all the necessary steps to delete such personal data as soon as reasonably possible.
Who is responsible for your personal data?
Depending on the type of processing activity, the Company may act:
- As data processor, we may process personal data that is required by a partner where you go to make a transaction.
- As a data controller, we may process personal data that we are required to under applicable laws as a heavily regulated entity – E.g., for verification and authentication purposes and continuous transaction monitoring.
How to contact us if you have any requests or concerns
If you have any questions or concerns regarding the processing of your personal data, please send a request relating to any of your data protection rights by sending an email to [email protected].
Legal Name of Entity: GateFi UAB
Address: GateFi UAB- Vilnius, Eisiskiu Sodu 18-oji g11
Changes to this Privacy Notice
This Privacy Statement may be changed over time. The most up to date Privacy Notice is published on our Website.
You can store or print this Privacy Notice by using the buttons at the top of this page.
Who we are and where we provide our services
To know more about us and who we are, please visit us at https://crypto.unlimit.com
UN_G_DP_Unlimit Crypto User Privacy Notice v.1.0 August 2023