top of page
Introduction

We encourage you to carefully read this Privacy Notice as it provides you with information about your personal data being processed in connection with your access to and use of the Services. 

In this Privacy Notice, personal data and personal information are used as synonyms and mean any information that directly or indirectly identifies you as an individual. This Privacy Notice explains which types of personal data we hold on you, how we collect and process such data, how long we keep it, and so on.

Definitions

Unless otherwise provided in this Privacy Notice, capitalised terms used in this Privacy Notice have the meaning determined in the Smarty Ramp Terms & Conditions (the “Terms”). We encourage you to read the Terms carefully as they affect your legal rights.

Identity and Contact Details

When we say “we”, “us”, or “our”, we mean Smarty Ramp UAB, a company established under the laws of Lithuania that acts as the provider of the Services. With respect to personal data collected in connection with your access and use of the Website, we may act as a data controller, meaning that we determine what data collected as well as the purposes and means of processing of your data.

We process your personal data in accordance with this Privacy Notice and we endeavour to comply with the applicable data protection legislation.

If you have any questions regarding this Privacy Notice or the processing of your personal data, do not hesitate to contact us at business@smartyramp.com

Type of Data

We collect and process your personal data in relation to your or your company’s use of the Services. We process the following types of personal data as outlined below:

  1. Identity Data: full name, citizenship, country of domicile, residential address, IP address, birth date, birthplace, compliance documentation (including, but not limited to, proof of identity and proof of address), user account ID, wallet address.
     

  2. Biometric Data: photo, liveness identity verification.
     

  3. Transaction Data: transaction amount, transaction ID, data of sender and receiver.
     

  4. Technical Data: device details, including the version of its operating system and location, internet protocol (IP) address, advertising identifiers GAID (for Android) and IDFA (for iOS).
     

  5. Contact Data: your full name, contact details and other data requested by us or data that you choose to provide us with.
     

  6. Cookies Data: data collected automatically along with cookies, as provided in detail in the Cookies Section below.

 

We may receive such data directly from you, from your representatives, or from third parties, such as Compliance Checks providers.

Data Use

We use the personal data as follows:

  1. Identity Data: we process such information to perform the Terms, comply with the applicable legislation and policies, including the AML, and to ensure security of the Services. The lawful basis for such data processing is performance of the contract or taking steps to enter into a contract according to your request, compliance with the applicable law and legitimate interest to ensure security of the Services.
     

  2. Biometric Data: we process such information to verify your identity in order to comply with the applicable legislation and policies, including the AML. The lawful basis for such data processing is compliance with the applicable law and your consent.
     

  3. Transaction Data: we process such information to provide the Services, comply with the applicable legislation and policies, including the AML, and to ensure security of the Services. The lawful basis for such data processing is performance of the contract, compliance with the applicable law and legitimate interest to ensure security of the Services.
     

  4. Technical Data: we process such data to ensure proper and secure operation of the Services. The lawful basis is performance of contract and legitimate interest to secure the Services operation. In addition, we use such data to improve the Services, to personalise the Services, and to fix and correct errors, malfunctions and other technical issues. For this purpose, we enable tracking ad views and clicks, web-based interface activity, and conversions through a unique device identifier, information about your use of the web-based interfaces, for instance, when you clicked a certain button or made some input. The lawful basis is legitimate interest to improve the Services.
     

  5. Contact Data: we utilise this data in order to respond to your inquiry. The lawful basis for such data processing is our legitimate interest in providing a response to your inquiry.
     

  6. Cookies Data: the lawful basis for such data processing is your consent, except for Essential and Functional cookies. The detailed information on cookies is provided in the Cookies Section below.

Storage Period

As a general rule, we keep personal data as long as it is necessary for the purposes it was collected. We may process certain personal data longer than outlined below, if it is necessary: 

  1. to meet our legal obligations under the applicable law;
     

  2. in relation to anticipated or pending legal proceedings; or 
     

  3. to protect our rights and legitimate interests or those of third parties.


The storage periods are as follows:

  1. Identity Data: For eight (8) years from the date of your termination of using the Services. This retention period is set in order to comply with applicable legislation, including anti-money laundering regulations and policies, such as Republic of Lithuania Law “On the Prevention of Money Laundering and Terrorist Financing”.
     

  2. Biometric Data: For eight (8) years from the date of your termination of using the Services. This retention period is set in order to comply with applicable legislation, including anti-money laundering regulations and policies, such as Republic of Lithuania Law “On the Prevention of Money Laundering and Terrorist Financing”.
     

  3. Transaction Data: For eight (8) years from the date of your termination of using the Services. This retention period is set in order to comply with applicable legislation, including anti-money laundering regulations and policies, such as Republic of Lithuania Law “On the Prevention of Money Laundering and Terrorist Financing”.
     

  4. Technical Data: There is no storage period with respect to the Technical Data as such data is anonymous, aggregated and does not allow for identifying any particular person against the Users. If and to the extent we will be able to identify any particular person, a certain limitation period for the processing of the data will be established and this Privacy Notice will be updated accordingly.
     

  5. Contact Data: For eight (8) years from the date of your termination of using the Services. This retention period is set in order to comply with applicable legislation, including anti-money laundering regulations and policies, such as Republic of Lithuania Law “On the Prevention of Money Laundering and Terrorist Financing”.
     

Cookies Data: The applicable storage periods vary as outlined in the Cookies Section. We need such data for the purposes outlined in the Cookies Section.

As a general rule, we keep personal data as long as it is necessary for the purposes it was collected. We may process certain personal data longer than outlined below, if it is necessary: 

  1. to meet our legal obligations under the applicable law;

  2. in relation to anticipated or pending legal proceedings; or 

  3. to protect our rights and legitimate interests or those of third parties.


The storage periods are as follows:

  1. Identity Data: For eight (8) years from the date of your termination of using the Services. This retention period is set in order to comply with applicable legislation, including anti-money laundering regulations and policies, such as Republic of Lithuania Law “On the Prevention of Money Laundering and Terrorist Financing”.
     

  2. Biometric Data: For eight (8) years from the date of your termination of using the Services. This retention period is set in order to comply with applicable legislation, including anti-money laundering regulations and policies, such as Republic of Lithuania Law “On the Prevention of Money Laundering and Terrorist Financing”.
     

  3. Transaction Data: For eight (8) years from the date of your termination of using the Services. This retention period is set in order to comply with applicable legislation, including anti-money laundering regulations and policies, such as Republic of Lithuania Law “On the Prevention of Money Laundering and Terrorist Financing”.
     

  4. Technical Data: There is no storage period with respect to the Technical Data as such data is anonymous, aggregated and does not allow for identifying any particular person against the Users. If and to the extent we will be able to identify any particular person, a certain limitation period for the processing of the data will be established and this Privacy Notice will be updated accordingly.
     

  5. Contact Data: For eight (8) years from the date of your termination of using the Services. This retention period is set in order to comply with applicable legislation, including anti-money laundering regulations and policies, such as Republic of Lithuania Law “On the Prevention of Money Laundering and Terrorist Financing”.
     

Cookies Data: The applicable storage periods vary as outlined in the Cookies Section. We need such data for the purposes outlined in the Cookies Section.

Data Sharing

We do not sell or rent out your data. However, we may share your personal data in accordance with this Privacy Notice, applicable data protection legislation, Terms, or with your consent. Please note that if we share any portion of your personal data with third persons, we will endeavour to secure such transfer using appropriate legal, organisational, and technical measures.

If we transfer any personal data outside the European Economic Area, where a country is not subject to an adequacy decision by the European Commission or considered adequate as determined by applicable data protection laws, we take steps to ensure your personal data is adequately protected. As a general rule, we will use the 2021 EU standard contractual clauses (EU SCCs), which is a standard document approved by the European Commission. A copy of the relevant instrument can be obtained for your review upon request.

Given the purposes outlined above, your personal information may be shared with the following categories of recipients:
 

  1. Affiliates;
     

  2. Your representatives, such as your payment service providers;
     

  3. Referrer, if you were referred to us by a Referrer;
     

  4. Analytical solution providers;
     

  5. Compliance Checks service providers;
     

  6. Support and technical teams;
     

  7. Online chat providers;
     

  8. Marketing teams;
     

  9. Hosting service providers; 
     

  10. Government authorities, upon their request or if necessary to comply with our legal obligations;
     

  11. Another entity if we sell or otherwise transfer the Services in whole or in part; and
     

  12. other third-party solutions, which may be from time to time integrated into the Services.

Automated Decision-Making

During the Compliance Check, you may be subject to automated decision-making based on your personal data, meaning decisions made without human involvement. If you are rejected during the Compliance Check, you will not be able to use the Services. This process is necessary to ensure that we can legally enter into a contract with you. If you disagree with any automated decisions made during the Compliance Check, please contact us to request a human review of your verification.

Third-Party Services

The Website may include links and social media plugins to third-party websites and applications. Clicking on those links or enabling those connections may allow third parties to collect or share certain data about you. We do not control these third-party websites and applications, and are not responsible for their privacy statements. When you leave the Website, we encourage you to read the privacy policy/notice/statement of every website or application you visit.

Rights

According to the applicable data protection legislation, you may have the following rights:

  1. to request access to your personal data (commonly known as a “data subject access request”). This enables you to ask us whether we process your personal data and, if we do process your data, you may request certain information about the processing activity and/or a copy of the personal data we hold about you and to check that we are lawfully processing it;
     

  2. to request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us;
     

  3. to request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us to continue processing it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal or technical reasons which will be notified to you, if applicable, at the time of your request;
     

  4. to object to processing of your personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms;
     

  5. to request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (1) if you want us to establish the data’s accuracy, (2) where our use of the data is unlawful but you do not want us to erase it, (3) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims, (4) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it;
     

  6. to request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you;
     

  7. to withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent;
     

  8. not to be subject to a decision based solely on automated processing of data, including profiling, which produces legal effects concerning you or similarly significantly affecting you;
     

  9. to file a complaint with a relevant supervisory authority in case we violate your rights or obligations imposed on us under the applicable data protection legislation. The relevant supervisory authority will particularly depend on where you are located.

 

In order to exercise your rights as a data subject, we may request certain information from you to verify your identity and confirm that you have the right to exercise such rights.

Transactions involving the Services are processed and recorded on applicable blockchain networks. Data recorded on blockchain networks is publicly accessible, meaning anyone can view information about blockchain transactions. While the Transaction Data, such as wallet addresses and transaction IDs, is not considered personal data or personally identifiable information on its own, it can become one when combined with other data. Therefore, certain particular individuals may be identified and their personal information may become publicly available. Additionally, blockchain networks are generally immutable, meaning that no one can modify or delete data once it has been recorded on the blockchain. Therefore, you, we, or any other person will not be able to correct or erase data recorded on the blockchain network. Therefore, certain privacy or data protection rights may be limited.

Data of Children

The Services are not intended for the use of children (under 18 years old or older, if the country of your residence determines a higher age restriction). We do not knowingly market to, solicit, process, collect, or use personal data of children.

If we become aware that a child has provided us with personal information, we will use commercially reasonable efforts to delete such information from our database. If you are the parent or legal guardian of a child and believe that we have collected personal information from your child, please contact us.

Modifications

We keep our Privacy Notice under regular review and we may update it at any time. If we make any changes to this document, we will change the “Last Updated” date above. Please review this Privacy Notice to check for the updates. If we make substantial changes to the way we treat your personal information, we will display a notice on the Website or otherwise within the Services.

Cookies

General. Cookies are, in effect, small data files that are placed on the browser of a visitor’s device (such as computer, smartphone, tablet, etc.) when accessing online content and by which it is possible to recognise that device when it interacts with the Services (the “Cookies”). Cookies and similar technologies use unique codes that act as an identifier and, in certain circumstances, may be treated as personal data under the applicable data protection legislation. This is because they can enable the user of a device to be uniquely recognised as the same user, even if their “real world” identity is unknown. Please note that we may involve third-party service providers to collect and process certain Cookies.
 

Consent. When you first access the Services, you have the right to decide whether to accept or reject non-essential and non-functional Cookies. You do not need to allow non-essential and non-functional Cookies to access and use the Services. However, enabling non-essential and non-functional Cookies may allow us to analyse the Services use, better understand your needs and create a more tailored browsing experience. You may disable Cookies within the Cookies preference centre available within the Services, if any, or by changing your browser settings at any time. How you can do this will depend on the browser you use. Most browsers have dedicated privacy pages that explain how websites collect, handle, and pass on information to third parties.
 

Cookies Types. Essential and functional Cookies are required for the Services to operate properly. We do not need your consent to operate such Cookies since these Cookies ensure basic functionalities and security features of the Services, anonymously. We are required to get your consent to operate the non-essential Cookies, such as those used to analyse your behaviour in the Services, target you with relevant advertisements, etc., e.g., analytical, functional, targeting cookies. Cookies allow us to know how many users visited the Services, how long they stayed in the Services, what sections they visited, etc. This helps us to provide a better experience and to understand the content you find useful. The description of each cookie file that is used within the Services you may find further in Schedule 1 attached hereto.

Third-Party Service Providers. The Cookies are generally provided by third-party solutions, such as Google, HubSpot, Wix, Cloudflare and LinkedIn. More information regarding such third-party solutions is provided in Schedule 2 attached hereto. With respect to personal data collected via third-party solutions, they act as our data processors. However, if they use this personal data for any of their own purposes, such as profiling and cross-platform tracking, they act as independent data controllers.

Schedule 1 

Cookies Types

Schedule 2 
Cookie Service Providers

Intermediaries

In certain circumstances, you may provide your personal data to our authorised Third-Party Service providers. In such cases, it will be considered that you have entrusted your personal data to us.

If you are not a data subject and you provide personal data to us on behalf of a data subject, the information contained in this Privacy Notice must be provided to such data subject before or at the moment when the personal data is provided to us. By providing personal data of data subjects, you acknowledge this Privacy Notice for yourself and for such data subjects. Otherwise, you shall not provide personal data of other data subjects to us.

bottom of page