Privacy Policy

Privacy and the protection of your personal data are very important for Lympid which has always processed the collection, use, consulting and treatment of the data in strict compliance with the applicable legislation regarding personal data protection.

With the application of EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016, also called the General Data Protection Regulation (GDPR), Lympid is committed to providing its customers with detailed information about the use and protection of their personal data, the reasons why it is processed and their rights regarding this processing, among others, in compliance with the provisions in articles 13 and 14 of the GDPR.

1.- Data Controller

1.1 - EUROVIRTUAL CRYPTO SERVICES UAB, with head offices at Vilkpėdės g. 22, Vilnius, 4400-0425-9214, Lithuania, owner of Lympid trademark and platform, is the entity responsible for processing the personal data of Lympid´s users.

1.2 - Lympid’s users can contact the data controller through the following addresses to raise any questions or get clarification regarding personal data protection:- By email to: client.jorney@lympid.io;- By courier mail to: Vilkpėdės g. 22, Vilnius, 4400-0425-9214, Lithuania.

2.- Principles applicable to the protection of your personal data 

Lympid processes your personal data in accordance with the general principles laid down in the General Data Protection Regulation (GDPR) and in other legislation applicable to the protection of personal data, namely:

- "Principle of lawfulness, fairness and transparency": Lympid guarantees that your personal data is subject to lawful, fair and transparent processing; 

- “Principle of purpose limitation": Personal data are processed by Lympid for specified, explicit and legitimate purposes, and are not further processed in a manner incompatible with those purposes;

- "Data minimisation principle": In the interests of minimal and limited data collection, Lympid only processes data that is strictly necessary, appropriate and relevant to the purposes for which it is processed;

- “Principle of accuracy": Lympid undertakes to delete or rectify any personal data that is found to be inaccurate or imprecise as soon as possible.

- “Principle of conservation": personal data shall be stored by Lympid for the period of time strictly necessary to fulfill the purposes for which they were collected;

- “Principle of integrity and confidentiality": Lympid undertakes to process your data securely, implementing technical and organizational measures to ensure a high level of protection of personal data, particularly those necessary to ensure the confidentiality and integrity of this data.

3.- Concepts/definitions

3.1 - Personal data: any information that, whatever its medium, directly or indirectly identifies or is likely to identify a natural person, in particular by reference to an identifier, such as a name, an identification number, a location data, an electronic identifier, or other specific elements of that natural person's physical, physiological, genetic, mental, economic, cultural or social identity.

3.2 - Personal data subject: any natural person to whom the personal data refers. Within the scope of the activities pursued by Lympid, the following are data subjects: the users of Lympid´s platform, web site or other pages, its clients, employees, service providers and suppliers.

3.3 - Processing of personal data: operation or set of operations performed on personal data, by automated or non-automated means, including collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparison or interconnection, restriction, erasure or destruction. In short, the concept of Processing of Personal Data is comprehensive and shall apply to all operations or sets of operations carried out by Lympid with reference to your personal data. 

4. Grounds for lawfulness

4.1 - Lympid, in accordance with the "lawfulness principle", only processes personal data when there are legitimate grounds for doing so.

4.2 - The processing of the personal data of data subjects is essentially carried out on the following grounds:

- Consent: when the data subject has given his or her consent to the processing of his or her personal data, for one or more specific purposes, through a declaration or positive act that expresses a free, specific, informed and explicit expression of will that the data subject authorizes the processing of his or her data;

- Performance of pre-contractual diligence: when the processing is carried out with a view to the performance of steps or procedures preceding the conclusion of a certain contract - pre-contractual diligence;

- Execution/performance of a contract: when the processing of the data is assumed as necessary for the conclusion, performance or development of a contractual instrument to which the holder of the personal data is a party; 

- Compliance with a legal obligation: when the processing is necessary to comply with a legal obligation incumbent upon the controller, that is, to comply with a legal imposition to which the controller is bound.

- Pursuit of legitimate interests: when the personal data is processed to pursue the legitimate interests of the controller, particularly marketing, except when the interests or fundamental rights and freedoms of the data subject require protection of the personal data.

5.- Personal data category

5.1 - Lympid and/or its third-party partners process personal data of varying nature and sensitivity, depending on each area of activity and the purpose underlying the processing of such data.

5.2 - Depending on the purpose, Lympid and/or its third-party partners, process various categories of personal data, including but not limiting:
- Identification data (e.g. name, date of birth, nationality, identity document);
- Address and contact data (e.g. e-mail address, residential address, telephone number);
- Device or browser related data;
- Account information;
- Third-party accounts information and transaction information (e.g. bank accounts in financial institutions);
- Financial data (e.g. Inbound and outbound payments forecast, income, expenses, commitments, source of wealth, source of funds on the account); 

6.- Purposes of processing the data and legal grounds

6.1- Lympid’s users’ personal data is processed in pursuit of specific, explicit and legitimate purposes and cannot later be processed in a way that is incompatible with these purposes.

6.2 - In order to ensure a minimum and limited collection of data, Lympid only handles data that is strictly necessary, adequate and important for the purposes for which it is handled.

6.3 - Lympid, or its third-party partners, process personal data for the following purposes (non-exhaustive list):
a) Management of users, accounts or services:
  - To manage registration, access, usage or interaction on Lympid´s platform, i.e. if the users want to register, access or use the platform, Lympid needs to handle some data related to them to grant them access to various functions, products and Lympid´s services, as if Lympid did not process the data this would not be possible.
   - To facilitate account creation;
   - To establish and/or verify identity, namely through message or e-mail verification or third-party provider services;
  - Customer support. Lympid considers it legitimate to process Lympid users' data to respond to requests and/or questions raised regarding Lympid's products and services;
   - To communicate with Lympid users for any other reason and personalise their experience;
   - To facilitate transactions;
   - For the purpose of processing payments;
   - To manage complaints, compliments and incidents;
b) Marketing or related activities:
   - Lympid handles data related with its users to send them written notices, warnings, disclosures and announcements, by email and/or by other electronic communications, in order to advertise or promote a particular Lympid´s product or service; 
   - To send invitations to Lympid´s users, by email and/or by other electronic communications, in order them to participate in Lympid’s events;
   - To disseminate external communications;
   - To award prizes or other gratuities;
c) Human Resources:
   - Recruitment and selection of human resources;
   - Human resource management (e.g. access and attendance management, time management);
   - Processing and payment of salaries;
   - Exercise of disciplinary power;
   - Performance evaluation;
   - Evaluation of work capacity, within the scope of occupational medicine;
   - Assessing the worker's suitability to carry out the respective functions;
   - Quality control;
d) Accounting, fiscal and administrative management:
   - Accounting and invoicing;
   - Management of payments;
   - Providing tax-related information, including sending information to the Tax Authority;f) Audits:
   - Execution of internal or external audits;
g) Litigation:
   - Management of litigation and other disputes/conflicts;
h) Statistical or similar purposes:
   - Pursuit of statistical or similar purposes
i) Information technology:
   - Receiving and processing requests for IT support;
   - Information security control;
   - Access management, logs;
   - Backups management;
   - Management of security incidents;

7.- Personal data recipients

7.1 - For the purposes mentioned above and in compliance with its legal obligations, Lympid may have to send the user’s personal data to third parties, namely:
- To entities that are subcontractors pursuant to the General Data Protection Regulation, to provide the contract enforcement services, information technologies, data storage, auditing, document management and litigation, namely with service providers in the security services, AML\CTF, accounting, information systems, auditing and litigation areas;
- Entities that are considered to be third parties for the purpose of the General Data Protection Regulation such as the Tax and Customs Authority, Judicial Entities and Regulators.

7.2 - Lympid shall only use subcontracted entities who act according to its instructions and as long as they present sufficient guarantees they can undertake the proper technical and organizational measures, so that the processing satisfies, among other things, the security, confidentiality and integrity requirements and these guarantees are formalized in an agreement signed by Lympid and the entities.

8.- Storage period

8.1 - Lympid will retain personal data for the period of time strictly necessary for the performance of the respective purposes or, as the case may be, until the data subject withdraws the consent given or exercises his or her right to object or erasure.

8.2 - Lympid may be required to retain some of the personal data for a longer period taking into account factors such as:
- Legal obligations, under the laws in force;
- Statute of limitations under applicable laws;
- Possible litigation;
- Guidelines issued by competent data protection authorities.

9.- Data subject's rights

9.1 - Lympid´s users or customers, as the data subjects through the collection and processing of their data, have the following rights:

- Right of access: whenever they request, they can access their personal data, get information about the processing of their data and get a copy of their personal data that is handled;

- Right of rectification: whenever they consider that their personal data is incomplete or inaccurate, they can request its rectification\modification;

- Right of data erasure: notwithstanding any legal obligations that may limit this right, the data subjects can request their data elimination when: the data no longer needed to be processed for the purpose that justified its collection or processing; the user withdraws its consent on which the data processing was grounded and there are no other legal grounds for it; they present opposition to the processing of the data and there are no prevailing legal interests, to be assessed on a case by case basis, that justify the processing; when the data has been processed illegally; when the personal data has to be deleted to comply with a legal obligation that the data controller is subject to; when the data has been collected in the context of the offer of services by the company mentioned in article 8(1) of the General Data Protection Regulation;

- Right of limiting the processing: the data subjects can request to limit the processing of their data in the following situations: if the user challenges the accuracy of the data, during a period that allows the controller to check its accuracy; if the processing is illegal and the data subjects oppose to their personal data being deleted and requests that its use be limited; if the data processor no longer needs the data to be processed but the data is still necessary for the purposes of declaration, exercise or defense of a right in a legal process; if the user opposes to the processing, until it is seen that the legitimate interests of the data processor prevails over theirs.

- Right of objection: the data subjects have the right to oppose the processing of their data when the processing is based on the legitimate interest of the controller or when the data is processed for other reasons than those for which it was collected, but that is compatible with it.- If you oppose the processing of the data, Lympid shall stop processing your data unless it has legitimate reasons to conduct this processing and these prevail over your interests. You can also oppose the processing of your data at any time for direct marketing purposes.

- Right to portability: if your personal data is in a structured format that is in current use and of automatic reading, the processing is based on the express consent or by contractual form and if it is done by automatic means, you have the right to send them to another controller as long as if that is technically possible.

- Right to withdraw your consent: in situations where the processing in question is undertaken based on your consent, you have the right to withdraw the consent you gave at any time. In this case, the controller will stop processing the data in question, unless there are other grounds that justify the processing.

- Right to lodge a complaint with the supervisory authority: you have the right to lodge a complaint with the State Data Protection Inspectorate, Republic of Lithuania data protection authority, regarding the matters concerning the processing of your personal data.

10.- Use of cookies

10.1 - Lympid collects cookies when you visit our site or platform. A cookie is a small text file that is placed on your hard drive by a web page to improve performance and the user's browsing experience, increasing the speed and efficiency of replies while eliminating the need to enter the same information several times.

10.2 - There are two kinds of cookies:
- Permanent cookies - Which are saved in the browser used on your equipment (e.g. PC, mobile and tablet) and that are used whenever you return to any of our sites. They are normally used to direct the browser according to the user's interests, allowing us to provide a more personal service.
- Session cookies - These are temporary cookies that stay in your browser's cookie folder until you leave the website. The information these cookies collect is used to analyze web traffic patterns, enabling us to identify problems and provide a better browser experience.

10.3 - The cookies are used for the following purposes:
- Strictly necessary cookies - Allow you to browse the website and use the applications as well as letting you access secure areas on the website. Without these cookies, the services you request cannot be provided.
- Analytical cookies - These are cookies that collect information about the use of the website, allowing it to improve the way it works. By way of example, cookies of this nature are likely to reveal which pages are most visited on the website and help to register any difficulties that users experience when navigating and interacting on the website, also having the virtuality to demonstrate whether or not the advertising is effective. This makes it possible to view and analyze overall patterns of website use, rather than the use of a single individual.
- Functional cookies - Save the user's preferences regarding its use of the site so they do not need to be configured every time you visit it.
- Third-party cookies - These cookies measure the success of the applications and the effectiveness of third-party publicity. They can also be used to customize a widget with the user's details.
- Ads cookies - Provide direct advertising, depending on each user's interests so as to give ads campaigns taking into account the user's preferences and they also limit the number of times an advert is seen, helping to measure the effectiveness of publicity and the success of the website organization.

10.4 - Depending on your management of cookies on our site and your interaction with us we use some information collected by cookies in order to ensure proper functioning on the site, highlighting the appropriate display of content, adjusting your screen resolution, to improve our offers, among others. This information includes registration data, location data, session length, your equipment, your browser and your IP address.

10.5 - On our website we use, as a rule, session cookies, essentially for the following purposes:
i) to enable you to navigate on the site, use its applications and access secure areas of it (necessary cookies);
ii) to collect statistical data to improve the presentation and navigation of the site (analytical cookies). If you consent to this, our website will use Google Analytics cookies for this purpose. Google may supplement the aggregated data with demographic data and other information of interest, so that we can better understand the visitors/users of our website.

10.6 - When you browse our platform and then later visit platforms where there is publicity format (social networks, Google and other partners of these networks) you may be shown adverts about our brand. We also use the data to reach new potential customers who may be interested in our products.

10.7 - Cookies do not harm your processor and do not contain viruses. You can deactivate the use of cookies at any time in the configuration of your browser or directly on our site. However, if you deactivate certain cookies this may stop some web services from working properly, partially or completely affecting the browsing on the website.

11.- Protection of processed data

11.1 - Protecting Customer Data is critical for Lympid. Therefore, every effort is made to protect data from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction.

11.2 - Lympid is carefully selecting Vendors, they are required to use appropriate measures to protect customer confidentiality and ensure the security of personal information.

11.3 - It should be noted that the security of information transmission, via the Internet, e-mail or mobile communication may sometimes be unsecured for reasons beyond Lympid, so the customer must be careful when providing confidential information outside Lympid systems.

12.- Final provisions

12.1 -   Changes to the Privacy Policy:
12.1.1 - Lympid reserves the right to unilaterally change this Privacy Policy at any time by notifying the customer of the changes on Lympid’s website, informing the customer by e-mail. By post or Internet bank message no later than 30 (thirty) calendar days before such changes take effect;
12.1.2 - If you have any questions related to the processing of personal data or the use of cookies, please contact us in the most convenient way for you: write to Vilkpėdės g. 22, Vilnius, 4400-0425-9214, Lithuania or email to client.journey@lympid.io.

Schedule A
Shared Data

First Name, Last Name, User ID, Email, Mobile, Nationality, Date of Birth, Place of Birth, Address, PEP Declaration, KYC Details – ID, KYC date and method, Document Type, Country, Issue Date, Validity and Number.