ChainHold UAB (“ACEBIT”, “we”, “our” or “us”) is committed to protecting and respecting your privacy in accordance with the General Data Protection Regulation of the European Union 2016/679 (GDPR). We ensure compliance with the highest data protection standards.

This Privacy policy (“Privacy Policy”) governs and explains how ChainHold UAB collects and further processes your personal data when you use the ACEBIT platform and our Services. The terms contained in this Privacy Policy apply each time you access our content and/or services, regardless of the device you use.

The data controller - ChainHold UAB, registered office address at: Vilnius, Labdarių g. 6A-18, LT-01120, Lithuania is dedicated to protecting your privacy and personal data. Registered number: 306331298

Your privacy is our priority. ChainHold UAB is committed to preserving and protecting your personal data, adhering to the highest standards required by the General Data Protection Regulation of the European Union (GDPR) and Lithuanian Data Protection laws.

To provide Services of the ACEBIT platform to our Users, we collect various data to ensure the security and legality of transactions including:

• Transaction Amount
• Wallet Address: A unique address for sending or receiving cryptocurrencies
• PIN: Required to identify the natural or legal person participating in the transaction
• Name of recipient or payer: Important for recording and verifying transactions
• E-mail: Serves for communication and notifications
• ID copy
• Images and information obtained during digital verification of the User using third party Platforms for electronic signature and identity verification to increase security and authenticity
• User IP-address

ACEBIT provides its Users with Chat channels for communication and support during the process of buying, selling cryptocurrencies, and using the ACEBIT platform. Data collected through such communications may include platform session logins. ACEBIT maintains user anonymity and security, reducing the amount of personal data retained after a chat session ends.

When Users initiate a transaction on the ACEBIT platform, they receive an e-mail with the details of the transaction and a confirmation of the completed transaction, if applicable. These e-mails serve as official documentation and a record of the transaction, providing Users with transparency and proof of their cryptocurrency operations.

For the purpose of informing our Users of any changes in the Platform or Services, or providing them with any general information about ACEBIT Services, changes in the data protection policy, or news related to cryptocurrencies, we may send Newsletters. These Newsletters are sent only to users who have given their consent to receive such information. Consent can be withdrawn at any time by the User.

Our Website uses cookies to improve user experience and site functionality. Data collected through cookies may include the user's IP address, which helps identify and resolve technical issues. We also collect data about the frequency of access to the website and information about the device from which it is accessed, such as the type of device, operating system, and browser. This data provides insight into how users engage with the website, enabling optimization and adaptation of content and functionality according to User needs.

Lawful grounds for Data Collection and Processing by ChainHold UAB include:

1. Necessity for the performance of a contract: For the services provided by ACEBIT, the use of chat channels for support, notifications about transactions via email, payments and withdrawals of cryptocurrencies or fiat currencies data processing is necessary for the execution of the contract or for taking steps at the User's request before concluding the contract.
2. Consent: In cases such as sending a newsletter as specified above, ACEBIT collects and processes data based on the express consent of the User. This means that Users actively consent to the processing of their data for specific, clearly defined purposes.
3. Fulfilment of ChainHold UAB legal obligations: This includes compliance with regulatory requirements, taxation laws, and assistance in investigations by us, other financial organizations, or third parties of any suspected criminal activity.

Each of these lawful bases ensures that ACEBIT handles personal data in a transparent and accountable manner, protecting the rights and interests of data subjects in accordance with applicable data protection laws and regulations.

In accordance with the data protection policy and applicable GDPR regulations, ChainHold UAB determines the retention period of personal data based on key factors mentioned below:

1. Duration of the contractual relationship or performance of the service: ChainHold UAB retains personal data for the duration of the contractual relationship with Users or as long as it is necessary to provide services.
2. Legal obligations: After the expiration of the contractual relationship or the performance of the service, the data is stored until the expiration of all legal storage obligations.
3. Consent: When data is collected based on the consent of the User, ChainHold UAB will store the data during the time the consent is valid. If the User withdraws consent, ChainHold UAB will stop processing and storing such data.
4. Transaction Data: The transaction-related data retention period is 10 years.

ChainHold UAB strictly follows these data storage guidelines, ensuring that Users' personal data is retained only as necessary and in accordance with legal requirements and privacy best practices.

ChainHold UAB respects the rights of data subjects in relation to their personal data. These rights can be exercised by writing to [email protected] or contacting the Data Protection Officer. ChainHold UAB is obliged to respond to the data subject's request within 30 days.

Data subjects have the following rights:

• To know (be informed) about the processing of data concerning him/her (right to know);
• To access his/her data and be informed about the methods of their processing (right of access);
• To obtain rectification of personal data or, taking into account the purposes of the processing, to have incomplete personal data completed (right to rectification);
• To obtain the erasure of data concerning him/her or the suspension of data processing activities (except storage) (right to erasure and ‘right to be forgotten’);
• To obtain from the Data Controller restriction of the processing of personal data if there is a legitimate ground (right to restriction of processing);
• To object at any time to processing of personal data concerning him or her which is based on the performance of a task carried out in the public interest or for the purposes of the legitimate interests pursued by the controller or by a third party. The controller has to demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject (right to object);
• To exercise the right to data portability (right to data portability);
• To lodge a complaint with the Commissioner for Personal Data Protection.

A user may not be able to exercise these rights in situations provided by law (e.g., for preventing, investigating, and detecting crimes where disclosure could compromise ongoing investigations, or for protecting the rights and freedoms of others).

We will ask a User to prove his or her identity (e.g., face-to-face, electronic signature, or, if unavailable, remotely via a video call) before enabling them to exercise their rights.

All information requested will be provided within 30 calendar days from the day the request was received. In cases where the request cannot be completed, we will provide an answer explaining why. If more time is needed to respond to complex requests, we will notify a User within the first 30 days; any extension may not exceed an additional two months.

Handling of personal data and interaction with third parties as a part of Services provided by ACEBIT is regulated through cooperation agreements. These agreements are the basis for any exchange of data between ChainHold UAB and its partners, and each such agreement includes a section dedicated to data protection.

ChainHold UAB does not forward personal data to third parties that are not covered by the cooperation agreement. We assume responsibility for personal data shared with partners to be protected and processed with the same level of security and confidentiality as within the Company.

ChainHold UAB may be required by law to provide information about Users to regulatory authorities and law enforcement bodies worldwide, or we may determine it is appropriate or necessary to do so. Such disclosures may also include requests from governmental or public authorities or commercial organizations seeking to mitigate fraud risk, or for the purposes of litigation or legal process, national security, or other legitimate public interest.

ChainHold UAB implements strict security measures to ensure the protection of personal data during its collection and processing according to the following principles:

• Principle of integrated data protection: Security measures are built into all data collection and processing processes from the very beginning. Data protection is an integral part of all operations, rather than an afterthought.
• Training of employees: ChainHold UAB implements regular training sessions for employees to ensure high awareness of data protection, methods to prevent possible risks, and familiarity with data processing rules and procedures.
• Compliance with the Regulation: We apply appropriate technical and organizational measures to ensure the integrity and confidentiality of personal data in line with applicable Data Protection laws and regulations.
• Continuous improvement of security measures: ChainHold UAB regularly audits, tests vulnerabilities, and updates security systems to maintain alignment with the latest security standards and best practices.
• Data collection and processing activities records: We maintain comprehensive logs of data collection and processing activities connected to the ACEBIT platform and services. These logs are available for supervisory authority review.
• Protective measures for devices: Devices used for data handling have strong security measures such as antivirus software, firewalls, and regular updates.
• Physical protection of sensitive documentation: Documents are stored in locked, monitored areas. Only authorized personnel with a strict need-to-know basis have access.
• Records of access to the server (Log System):All access to ACEBIT servers is logged, including unauthorized access attempts.
• Additional security measures: Data encryption is performed per prescribed instructions to prevent unauthorized access.

ChainHold UAB actively adheres to the principles prescribed by the General Data Protection Regulation of the EU 2016/679 (GDPR), including legality, transparency, expediency, accuracy, storage limitation, integrity, and confidentiality. Data Subjects may request monthly reports, a summary of the Data Protection Impact Assessment, or clarification regarding their rights and details of our Data Protection Policy. Through these measures, ChainHold UAB upholds its legal obligations and demonstrates its commitment to high standards of privacy protection for our Users.

This Privacy Policy was last updated on 2024 July 29 and entered into force on 2024 July 30. It can be changed in accordance with legal acts and changes in ChainHold UAB operations. Changes will be notified at acebit.co.