Privacy Policy

This Privacy Policy, together with our Terms of Business and its other essential parts, governs MAS’s collection, processing and use of your Personal Data. As used in this Privacy Policy, “MAS“, “we“, “us” or “our” refers to UAB Multi Asset Solutions Digital, a company incorporated in Lithuania under registration number 306086055, having its registered office at Jasinskio st. 16, Vilnius LT-03163, Lithuania. MAS is registered with the Lithuanian Financial Crime Investigation Services (FCIS) as a Digital Asset Service Provider offering Virtual Currency Exchange and Custody Solutions.

We are committed to safeguarding the privacy and security of your personal information. This Privacy Policy is provided in accordance with MAS’s obligations under applicable privacy and data protection law, including Regulation (EU) 2016/679 (GDPR) (Applicable Data Protection Law). This privacy policy outlines how we collect, use, disclose, and protect your data when you use our services. We define “Personal Information” or “Personal Data” as information which identifies you personally, e.g. your name, address, e-mail address, trades etc.

This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

For the purposes of Applicable Data Protection Law, MAS is a data controller (for example, when collecting personal data from our customers to provide them with our services, send them marketing information and collecting personal data from our staff and consultants). MAS may also be a data processor where it processes personal data belonging to another party under their instruction and control. This Privacy Policy primarily applies in the context where MAS is a data controller.

By using MAS website or services, you consent to the data practices described in this Privacy Policy. If you do not agree with any part of this Privacy Policy, then we cannot make our website or services available to you and you should stop accessing and using them.

We may collect the following types of personal information from you:

• Name, address, and contact details (email, phone number);
• Date of birth;
• Gender;
• Professional and employment details;
• Tax identification number;
• electronic identifiers (IP address, browser type and version, time zone setting and location, browser plug-in types and versions);
• Identification documents (passport, ID card);
• Proof of address documents;
• Photographical images;
• Transaction data and history;
• Financial information, including virtual asset wallet addresses and bank account details;
• Information on sources of funds;
• Marketing and communication data (preferences in receiving marketing from us and our third parties and your communication preferences);
• Any other information required by relevant regulations and laws.

Most of the personal information we process is provided to us directly by you. We may also receive information from publicly available sources or from our service providers (e.g., information on sanctions lists).

We use the collected personal information for the following purposes:

• To verify your identity in accordance with regulatory requirements;
• To provide you our services under our Terms of Business;
• To comply with anti-money laundering (AML) and counter-terrorism financing (CTF) obligations;
• To communicate with you regarding our services, updates, and important notices;
• To improve our services and enhance customer experience;
• To protect against fraud, unauthorized access, and illegal activities;
• To meet other legal and regulatory obligations.

Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending third party direct marketing communications to you via email (although we may also rely on legitimate interests). You have the right to withdraw consent to marketing at any time by contacting us.

We may share your personal information with the following parties under certain circumstances:

• Regulatory authorities and law enforcement agencies as required by law;
• Third-party service providers who assist us in providing you our services;
• financial institutions and payment service providers;
• customer communications platforms;
• service providers providing software for identification purposes or services on checking against sanctions list;
• Business partners, auditors, and legal advisors for compliance and reporting purposes.

We will enter into contracts with such third parties by which they are bound by terms no less protective of any Personal Information disclosed to them than the obligations we undertake to you under this Privacy Policy or which are imposed on us under applicable data protection laws.

Our contractors and affiliates may be situated at different locations (including countries located outside the EU. In these cases we may transfer your Personal Information only in the following cases:

• if the country where we transfer your Personal Information to provides the adequate level of personal data protection (based on the relevant decision of European Commission);
• if we take appropriate safeguards to ensure that your rights as data subject are protected;
• if any derogations for specific situations apply (for instance, if is such transfer is necessary for the establishment, exercise or defence of legal claims or for important reason of public interest).

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by applicable laws and regulations. As a rule, we will have to store your data for 5 years upon closure of your account with us. We will dispose your information once we do not have any obligation to provide you with a service you requested, nor an obligation to hold personal data for regulatory or legal purpose.

In order to provide customised services tailored to our customers, our website operates ‘cookies’ (cookies) to store and retrieve information from time to time. This may identify your computer with respect to cookie management, but does not personally identify you.

For more information, please refer to our Cookie Policy available on our website.

We implement appropriate technical and organizational measures to protect your personal information from unauthorized access, loss, alteration, disclosure, or destruction. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Where you have consented to, or we are obliged to pass on Personal Information to third parties to provide you with a requested service or in the carrying out of a regulatory or legal obligation, we will request that the same levels of technical and organisational security measures are met by our service providers.

Under data protection law, your rights include:

• Your right of access > You have the right to ask us for copies of your personal information.
• Your right to rectification > You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
• Your right to erasure > You have the right to ask us to erase your personal information in certain circumstances.
• Your right to restriction of processing > You have the right to ask us to restrict the processing of your personal information in certain circumstances.
• Your right to object to processing > You have the right to object to the processing of your personal information in certain circumstances.
• Your right to data portability > You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

Please contact us at mas-digital.com if you wish to make a request relating to any of your rights listed above. Please note there may be a minimal charge for providing you with any additional copies of your Personal Information to cover administrative costs.
We may request you to confirm your identity by providing identification documentation and/or other methods prior to assisting you in exercising any of your rights, in order to ensure that such actions are the true wish of the data subject.
In cases when we will not be able to fulfill your requests due to legal obligations or overriding legitimate interests, we will inform you accordingly.

If you have any questions or concerns regarding our privacy policy or data practices, please contact us at info@mas-digital.com.

We may update this privacy policy from time to time to reflect changes in our data practices or legal obligations. Any latest updates will be posted on our website, and the effective date will be revised accordingly.