Privacy Policy

Effective Date: 28.08.2024
Last Updated: 28.08.2024

This Privacy Policy describes how we collect, use and with whom we share your personal data, which we collect when you browse our https://orbitos.io website (hereinafter – Website), use our services, or when you choose to contact us or provide us with your personal data through the Website or email.
You will also find important information about your privacy rights, so please read the Privacy Policy carefully. If you provide personal data on behalf of someone else, you are required to inform them about the processing of their data and to refer them to this Privacy Policy.
BEFORE YOU START TO BROWSE OUR WEBSITE OR USE OUR SERVICES, PLEASE, READ THIS PRIVACY POLICY CAREFULLY. IF YOU HAVE QUESTIONS OR CONCERNS REGARDING THE POLICY IMPLEMENTATION PLEASE CONTACT US.
We will be able to provide to you services only after the consent is obtained from you, otherwise, services will not be provided.

Definitions

For the purposes of the Privacy Policy, definitions are used as defined in the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons concerning the processing of personal data and the free movement of such data and repealing Directive 95/46/EC (GDPR).

Data Controller

Titaris UAB, a company incorporated and registered under the laws of Lithuania, with legal entity code 304923251, having its registered office address at Rinktinės str. 5-101, Vilnius, Lithuania, is the controller of your personal data. Our contact e-mail address is compliance@orbitos.io 

Data Processor

A private person or legal person or its representative (who was appointed and acts based on the Power of Attorney) that processes personal data on behalf of a data controller. 

Personal Data

Means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier such as an IP address or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Services

means the activity of storing digital assets ensuring its security, exchange one currency to another (including but not limited to EUR, BTC, BCH, ETH, USDC, XRP).

Website

Means Orbitos Crypto Custody platform https://orbitos.io

1. INFORMATION WE COLLECT AND HOW WE USE IT

1.1. Personal data

Before commencing our business relationship with you, we will collect information directly from you through the registration and identity verification processes, as well as indirectly through your use of our services and interactions with them.
We may collect and process the following types of personal data:
Personal Identification Information: Name, address, personal code/date of birth, nationality, passport/ID number, and other identification data.
Contact Information: Email address, phone number, and other contact details.
Financial Information: Bank account information,crypto wallet addresses information and transaction history.
Usage Data: Information about how you use our Services, including your IP address, browser type, and operating system.
Verification Data: Information required for anti-money laundering (AML) and know-your-customer (KYC) compliance, including but not limited to Source of Funds (SoF) and Source of Wealth (SoW) information. 

1.2. Purposes of gathering and processing data

We collect and process personal data for the following purposes:
Provision of Services: To fulfill our contractual obligations and provide you with the crypto custody services you have requested, including managing your accounts, processing transactions, and delivering customer support.
Identity Verification and Compliance: To verify your identity and ensure compliance with legal and regulatory requirements, including anti-money laundering (AML) and know-your-customer (KYC) regulations.
Legal and Regulatory Compliance: To comply with applicable laws, regulations, and legal obligations, including tax reporting, fraud prevention, and the investigation of any suspicious activities.
Operational Improvement: To analyze usage patterns and improve the quality and functionality of our services, including enhancing user experience and developing new features.
Security and Fraud Prevention: To protect against and prevent fraud, unauthorized access, and other illegal activities by monitoring and safeguarding your data and our systems.
Marketing and Communication: To send you information about our products, services, and promotions, provided you have consented to receive such communications.
Business Operations and Management: To manage and administer our business operations, including conducting internal audits, managing customer relationships, and improving our overall business processes.
Legal Claims and Disputes: To establish, exercise, or defend against legal claims and disputes, including resolving any issues that may arise in the course of our business relationship.

2. WHO MAY SEE YOUR DATA

We may share your personal data with our trusted service providers when they provide services to us, to you on behalf of us and under our instructions. We will control and shall remain responsible for the use of your personal data at all times.
We may share your personal data with the following entities:
Service Providers: Third-party service providers that help us operate our business (e.g., payment processors, cloud service providers).
Regulatory Authorities: To comply with legal obligations, including AML and KYC regulations including but not limited to Bank of Lithuania, Financial Crime Investigation Service (FCIS – liet. FNTT), State Tax Inspectorate (STI – liet. VMI)
Business Partners: With your consent, we may share data with our partners for joint marketing activities like Google LLC*.
Legal Requirements: Where required by law, court order, or governmental regulations.

Google LLC* is based in the US and certain data may be transferred outside the EU.
Google LLC* participates in the Privacy Shield. You can learn more about Privacy Shield here.

International Data Transfers
Your personal data may be transferred to and processed in countries outside of your country of residence. When we transfer your data internationally, we ensure that it is protected by appropriate safeguards, such as the EU Standard Contractual Clauses or other legally accepted mechanisms.

However, should you navigate to third-party websites via links provided on our site, and subsequently provide your personal data to such third parties, please be aware that these entities may process your personal data as independent data controllers. These third-party websites may collect information about you, utilize cookies, incorporate additional tracking mechanisms, and monitor your interactions with the embedded content. In such cases, we disclaim any responsibility for the collection and processing of data by these third parties.
To safeguard your privacy, we strongly encourage you to review the privacy notices of any third parties with whom you interact. This applies whether you access their services through links provided on our Website or through third-party systems integrated into our Website.

3. YOUR RIGHTS

You have the following rights regarding your personal data:
Access: You can request a copy of your personal data held by us.
Rectification: You can request correction of inaccurate or incomplete data.
Erasure: You can request deletion of your data, subject to legal obligations.
Restriction: You can request the restriction of processing your data in certain circumstances.
Data Portability: You can request to receive your data in a structured, commonly used format.
Objection: You can object to processing based on legitimate interests or direct marketing.
Withdraw Consent: You can withdraw your consent at any time, where processing is based on consent.
To exercise these rights, please contact us at compliance@orbitos.io

In certain circumstances, you may have the right to request the restriction of processing your personal data or to object to its processing. If you believe there are issues with how we are handling your personal data, or if you seek further information regarding the processing of your personal data, you have the right to lodge a complaint with your national data protection authority within the EU/EEA. In the Republic of Lithuania, the relevant authority is the State Data Protection Inspectorate. Contact details for the State Data Protection Inspectorate can be found here (https://vdai.lrv.lt/en/).

4. OUR OBLIGATIONS

In accordance with our Privacy Policy, we are committed to the following obligations to ensure the protection of your personal data:
Transparency: We clearly inform you about the collection, use, and processing of your personal data, including the purposes for which your data is collected and the legal basis for processing.
Data Protection: We implement and maintain appropriate technical and organizational measures to protect your personal data from unauthorized access, loss, destruction, or alteration.
Data Accuracy: We take reasonable steps to ensure that the personal data we hold is accurate, complete, and up-to-date. You are encouraged to inform us of any changes to your personal data to ensure its accuracy.
Rights Fulfillment: We facilitate the exercise of your rights under applicable data protection laws, including the right to access, rectify, erase, restrict, object to processing, and port your personal data, as well as the right to withdraw consent where applicable.
Data Transfers: We ensure that any transfers of personal data to third parties or international entities are conducted in accordance with applicable data protection laws and that adequate safeguards are in place.
Third-Party Engagement: We ensure that any third parties who process personal data on our behalf adhere to appropriate data protection standards through contractual agreements and monitoring.
Compliance and Updates: We comply with all applicable data protection laws and regulations and will update our Privacy Policy as necessary to reflect changes in our practices or legal requirements.
Incident Response: We promptly address and investigate any data protection incidents or breaches, and will notify you and relevant authorities as required by law.
Contact and Support: We provide clear contact details for any queries or concerns you may have regarding our data protection practices and will address your inquiries in a timely and effective manner.
Data Retention: We retain your personal data for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. The specific retention periods depend on the type of data and the applicable legal requirements.

5. FINAL PROVISIONS

Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will be posted on this page, and, where appropriate, notified to you by email. Please review this page periodically for any updates. You will be notified of significant amendments via email sent to the address associated with your account.

Marketing
To keep you informed about updates to our Services or related information from our partners, we may periodically send you campaign information.
However, should you wish to discontinue receiving such communications, you may opt out at any time. You retain the right to cease receiving marketing communications from Orbitos or to prevent us from sharing your data with our partners by submitting a request via email compliance@orbitos.io

Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us at compliance@orbitos.io