Policies
Privacy Policy
This Privacy Policy tells you what to expect when using Kayo Exchange`s website and service. At Kayo Exchange the privacy and security of your personal data is of paramount importance, and we are committed to safeguarding the data that our website visitors and service users share with us
This privacy policy explains how Kayo Exchange processes information that can be used to directly or indirectly identify an individual (“Personal Data”) collected through the use of our website and website.
In principle, we will only use your personal data in accordance with the applicable data protection laws, in particular the Lithuania`s Law on Legal Protection of Personal Data No. XIII-1426 (DPL) and the General Data Protection Regulation (GDPR), and only as described in this privacy policy.
This policy applies where we are acting as a data controller with respect to the personal data of our website visitors and service users; in other words, where we determine the purposes and means of the processing of that personal data.
Responsible for data processing
Responsible for data processing in accordance with the provisions of the GDPR and DPL is:
Kayo Exchange UAB,
Perkūnkiemio gatve 13-91,
12114 Vilnius, Lithuania,
Registration number: 306067763,
www.kayo.exchange
(hereinafter "Kayo Exchange" or "we")
Your Rights
You have a number of ‘Data Subject Rights’ below is some information on what they are and how you can exercise them. There is more information on the State Data Protection Inspectorate`s website (https://vdai.lrv.lt/en/).
- information about the processing of your personal data.
- obtain access to the personal data held about you.
- ask for incorrect, inaccurate or incomplete personal data to be corrected.
- request that personal data be erased when it’s no longer needed or if processing it is unlawful.
- object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation.
- request the restriction of the processing of your personal data in specific cases.
- receive your personal data in a machine-readable format and send it to another controller (‘data portability’).
- request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers.
- You also have the right in this case to express your point of view and to contest the decision
- Where the processing of your personal data is based on consent, you have the right to withdraw that consent without detriment at any time through our contact form.
The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal personal data about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it.
We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal data.
We encourage you to get in touch if you have any concerns with how we collect or use your personal data. You do however also have the right to lodge a complaint directly with the State Data Protection Inspectorate, their contact details are as follows: State Data Protection Inspectorate, L. Sapiegos g. 17, Vilnius 10312, Lithuania, Telephone number: +370 5 279 1445, https://vdai.lrv.lt/en/
Legal bases of data processing
We process users' personal data only in compliance with the relevant data protection regulations. User data is only processed if the following legal permissions exist:
- in order to provide our contractual services and online services
- processing is required by law
- with your consent
- on the basis of our legitimate interests.
The above legal bases are set out as follows:
- Consent Art. 6 para. 1 lit. a. and Art. 7 GDPR
- Processing for the fulfilment of our services and implementation of contractual measures Art. 6 para. 1 lit. b) GDPR
- Processing for the fulfilment of our legal obligations Art. 6 para. 1 lit. c) GDPR
- Processing to protect our legitimate interests Art. 6 para. 1 lit. f) GDPR
Collection and use of information when you are visiting our website
The individual data concerned, processing purposes, legal bases, recipients and, where applicable, transfers to third countries are listed below:
a) Hosting
To provide our website, we use a web hosting service, who process the data mentioned below and all
other data that is processed in connection with the operation of our website on our behalf. Our website
is provided using the services of Cloudflare Inc of 6 Place de la Madeleine. 75008 Paris. San Francisco
USA.
The legal basis for the data processing is our legitimate interest in providing our web site in accordance with Art. 6 para. 1 f) GDPR.
b) Log file during website visit We log your website visit. In doing so, we process: Name(s) of our accessed web site(s), date and time of the access, the amount of data transferred, the browser type and version, the operating system you use, the referrer URL (the previously visited web site), your IP address, the requesting provider. The legal basis for data processing is our legitimate interest in the ongoing provision and security of our website in accordance with Art. 6 (1) f GDPR. The log file is deleted after seven days, unless it is needed to prove or clarify specific legal violations that have become known within the retention period.
c) Cookies Cookies are small files that are stored on your computer when you visit a website. The next time you visit, the website can recognise the file. The files are thus typically used to compile statistics or for behavioural advertising purposes. Cookies help us to provide you with our services on our website and are partly necessary for website functionality purposes. The personal data stored in our cookies is encrypted.
i) Third-party cookies We collect and process data for the following purposes:
- Optimisation of the website and your user experience
- Creation of statistics on the use of the website by you and other users
- Advertising purposes, including profiling and behavioural advertising initiatives, so that we can make our product information and offers as relevant as possible to you
- Compliance with applicable legal requirements (e.g., General Data Protection Regulation (GDPR) and the Privacy and Electronic Communications Directive (PECD)) and Lithuania`s Law on Legal Protection of Personal Data No. XIII-1426 (Data Protection Law), including documentation requirements:
- Compliance with basic principles concerning the processing of personal data and legal basis for the processing (e.g., obtaining consent)
- Implementation and maintenance of technical and organisational security measures
- Investigation of suspected or known security breaches and notification to data subjects and authorities
- Statistics on the use of the website
ii) How long are cookies stored? Cookies are stored on your computer for different lengths of time depending on their type. From a technical point of view, a distinction is made between two types of cookies:
Session cookies: session cookies are used, for example, to temporarily store the items in your shopping cart while you navigate the website. Session cookies are not stored on your device and disappear when you close your browser.
Persistent Cookies: Persistent cookies are stored as text files on your device. Persistent cookies allow our server to recognise your device the next time you visit our website.
iii) How can I prevent and delete cookies? When you visit our website, one or more cookies are automatically stored on your device. If you do not want this to happen, it is best to use the following links (depending on the browser you use) to set your browser to prevent cookies from being stored on your computer in the future. ( Google Chrome, Mozilla Firefox, Flash cookies, Microsoft Internet Explorer, Opera, Safari)
If your browser is not listed above, it's best to check your browser's help menu or search the Internet for "cookies" in conjunction with your browser's name.
iv) Why do we provide information about cookies? The provision of information about our use of cookies is in accordance with the Privacy and Electronic Communications Directive. The legal basis for the collection of your personal data through cookies, including for profiling and analytical purposes, is your consent. The use of necessary cookies however is our legitimate interest and as such no consent would be required.
v) Why do we use cookies? Cookies are small text files that can be used by websites to make a user's experience more efficient. The law states that we can store cookies on your device if they are necessary for the operation of this site. For all other types of cookies, we need your permission.
vi) What are the types of cookies There are different types of cookies:
Functional cookies
Functional cookies are essential cookies to provide a correct and user-friendly website. Some examples:
- Storing your language preferences;
- Detecting abuse or fraud;
- Storing browser settings to display the website according to the screen size.
Analytical cookies
These cookies are typical third party cookies that we use to collect statistical data about how our website is used, including:
- Average page load time;
- Pages visited;
- Browser data;
- IP address;
- MAC address;
- Duration of a (page) visit;
- Data about the operating system;
- Data about the device used;
- Clicking behaviour and other interactions on one or more pages.
The main purpose of these cookies and their statistical data is, after analysis, to optimise our performance, security, usability, content and services.
Non-essential Cookies
Non-essential Cookies are any cookies that do not fall within the definition of essential cookies, such as cookies used to analyse your behaviour on a website (‘analytical’ cookies) or cookies used to display advertisements to you (‘advertising’ cookies).
vii) The Cookies we use
| Cookie | Type | Description | Lifespan |
|---|---|---|---|
| XSRF-TOKEN | Necessary | Ensures visitor browsing-security by preventing cross-site request forgery. This cookie is essential for the security of the website and visitor | session |
| hs | Necessary | This cookie is sets for security purposes. | session |
| laravel_session | Necessary | laravel uses laravel_session to identify a session instance for a user, this can be changed. | 2 years |
The legal basis for the use of cookies is your consent in accordance with Art. 6 para. 1 a) GDPR as well as our legitimate interest in accordance with Art. 6 para. 1 f) GDPR.
Collection and use of information when you are using our services
In order to provide our services, Kayo Exchange collects certain types of data. This section will describe how Users` data is collected and used by Kayo Exchange.
Data entered or transferred into Kayo Exchange by Users such as texts, questions, contacts, media files, etc., remain the property of the User and may not be shared with a third party by Kayo Exchange without express consent from the User.
Kayo Exchange will process your account data you provide when you open Kayo Exchange account, perform transactions on the Kayo Exchange website, or use other Kayo Exchange Services. This information may include:
- Contact information, such as name, home address, email address, date of birth.
- Account information, such as username and password.
- Financial information, such as bank account numbers, bank statements, and trading information.
- Identity verification information, such as an image of your government issued ID, passport, national ID card or driving license, and under special conditions also a social security number.
- Residence verification information, such as utility bill details, phone bill or similar document.
- The source of the account data is a user who opens an account. The account opening data will be used and processed for the purposes of performing a detailed Know Your Customer (Hereinafter: KYC) procedure according to necessary Anti-Money Laundering and AntiTerrorist Regulations.
When you send a data subject access request
The legal basis for the processing of your personal data in the context of handling your data subject access request is our legal obligation and the legal basis for the subsequent documentation of the data subject access request is both our legitimate interest and our legal obligation.
The purpose of processing your personal data in the context of processing data when you send a data subject access request is to respond to your request. The subsequent documentation of the data subject access request serves to fulfil the legally required accountability.
Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the processing of a data subject access request, this is three years after the end of the respective process.
You have the possibility at any time to object to the processing of your personal data in the context of the processing of a data subject access request for the future. In this case, however, we will not be able to further process your request. The documentation of the legally compliant processing of the respective data subject access request is mandatory. Consequently, there is no possibility for you to object.
Internal Administration
We may transfer the personal data of buyers/sellers or their employees, agents, guarantors, etc. within Kayo Exchange for internal administrative purposes (e.g., accounts receivable management, controlling, risk management, indirect purchasing, compliance with legal obligations such as tax returns, money laundering).
Employees of Kayo Exchange are trained on the data protection regulations of Kayo Exchange within the scope of an online training and are obliged to maintain the confidentiality of personal data or security measures in accordance with internal guidelines if they participate in the processing. At Kayo Exchange, personal data is processed automatically by means of computer technology and manually in the form of a paper file or a file by individual authorised employees who need this data for their work (need-toknow principle).
Within the framework of the processing of personal data, technical and organisational measures have been taken to ensure the protection of personal data.
Updating your information
If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion or object to its processing, please do so within your user account or contact us. For your protection and the protection of all of our users, we may ask you to provide proof of identity before we can answer the above requests.
Keep in mind, we may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another user. Also, we may not be able to accommodate certain requests to object to the processing of personal data, notably where such requests would not allow us to provide our service to you anymore.
Security
Any information stored on Kayo Exchange is treated as confidential. All information is stored securely and is accessed by authorised personnel only. Kayo Exchange implements and maintains appropriate technical, security and organisational measures to protect Personal Data against unauthorised or unlawful processing and use, and against accidental loss, destruction, damage, theft or disclosure.
Disclosure of information to third parties
In processing your transactions, we may share some of your Personal Data with third party service providers who help with our business operations. Your information will not be sold, exchanged, or shared with any third parties without your consent, except to provide Kayo Exchange Services or as required by law.
Disclosure to prevent damage and disclosure to legal authorities
We will reveal user’s personal data without his/her prior permission only when we have reason to believe that the disclosure of this information is required to establish the identity of, to contact or to initiate legal proceedings against a person or persons who are suspected of infringing rights or property belonging to Kayo Exchange or to others who could be harmed by the user’s activities or of persons who could (deliberately or otherwise) transgress upon these rights and property. We are permitted to disclose personal data when we have good reason to believe that this is legally required and when the competent authorities have required to present them with such Personal Data.
International transfers
Our main operations are based in Lithuania and your personal data is generally processed, stored and used within in Lithuania and other countries in the European Economic Area (EEA). In some instances, your personal data may be processed outside the European Economic Area. If and when this is the case, we take steps to ensure there is an appropriate level of security, so your personal data is protected in the same way as if it was being used within Lithuania and the EEA. Where we need to transfer your data outside Lithuania or the EEA, we will use one of the following safeguards:
- The use of approved standard contractual clauses in contracts for the transfer of personal data to third countries.
- Transfers to a non-EEA country with privacy laws that give the same protection as Lithuania and the EEA.
Cooperation with processors and third parties
If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transmit it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (e.g., if a transmission of the data to third parties, such as to payment service providers, is necessary for the performance of the contract pursuant to Art. 6 para. 1 lit. b GDPR), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g., when using agents, web hosts, etc.). If we commission third parties to process data on the basis of a so-called "processing agreement", this is done on the basis of Art. 28 GDPR.
Duration of data storage
We only store personal data for as long as it is necessary for the purposes for which it is processed or for as long as any consent you have given us has been revoked by you. Insofar as statutory retention obligations must be observed, the storage period for certain data may be up to 6 years, irrespective of the processing purposes.
Updating your information
If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so within your account or contact us. For your protection and the protection of all of our users, we may ask you to provide proof of identity before we can answer the above requests.
Keep in mind, we may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another user. Also, we may not be able to accommodate certain requests to object to the processing of personal data, notably where such requests would not allow us to provide our service to you anymore.
Links to other providers
Our website also contains - clearly recognisable - links to the websites of other companies. Insofar as there are links to websites of other providers, we have no influence on their contents. Therefore, no guarantee or liability can be assumed for these contents. The respective provider or operator of the pages is always responsible for the content of these pages.
The linked pages were checked for possible legal violations and recognisable infringements at the time of linking. Illegal contents were not recognisable at the time of linking. However, permanent monitoring of the content of the linked pages is not reasonable without concrete indications of a legal violation. Such links will be removed immediately if infringements of the law become known.
Personal information and children
Our services are aimed at people aged 18 and over. We will not knowingly collect, use or disclose personal data from minors under the age of 18 without first obtaining consent from a legal guardian through direct offline contact.
Changes
This Privacy Policy may be revised, modified, updated and/or supplemented at any time, without prior notice, at the sole discretion of Kayo Exchange. When we make changes to this Privacy Policy, we will notify all users on our website, and make the amended Privacy Policy available on our website.