Privacy Policy

This Privacy Policy (hereinafter referred to as the “Policy”) describes the procedures on processing of Personal data of Data subjects when they use the website with the URL: https://guardarian.com/ (hereinafter referred to as the “Website”) and/or any of our API or third party services, listed on the Website, and/or interact with our online advertisements or marketing emails (collectively referred to as the “Services”). Your Personal Data will be processed by Guardance UAB, a legal entity incorporated according to the laws of the Lithuania, registry code: 306353686, legal address: Žalgirio str. 88-101, LT-09303 Vilnius; contact email: [email protected] (hereinafter referred to as the “Company” or “We”).

By accepting this Policy, you agree to be legally bound by it and all terms incorporated by reference. If you don’t agree with this Policy or any of its clauses, you shall immediately cease to use our Website.

Company respects your privacy and values its importance, and is wholly committed to keeping your information safe and secure. We process your personal data in accordance with privacy laws and this Privacy Policy to make sure your data protection rights are implemented and enforceable.

We have implemented different technical and organizational solutions to comply with applicable legislation related to the processing of personal data, privacy, and data security in countries where we operate or where the applicable law applies to us. Policy sets forth the basic rules and principles by which we process your personal data, and mentions our responsibilities while processing your personal data according to transparency obligations.

THE FOLLOWING TERMS AND DEFINITIONS SHALL APPLY TO THIS POLICY:

• “Controller” or “Data controller” means Company.
• “Processor” means a natural person or a legal entity that is engaged in the processing of Personal data of Data subjects under the contract concluded with Company.
• “Data subject” or “User” means a natural person who visits the Website and / or uses the Services.
• “Company”, “Ourselves”, “We” and “Us” refers to Company.
• “Personal data” means information that relates to Data subject and identifies Data subject (Section 3).
• “Cookies” means small fragments of data sent by our web server and stored on user's device. Cookies are stored when you visit the Website, and this allows us to make it work effectively: Cookies allow us to save your selected settings (e.g., language) and analyze Website traffic.
• “Party” refers to either you or us. For the avoidance of any doubt, the contracting Parties under these Terms are you and Company.
• “Services” means services provided by Company via the Website.

Under this Policy, Company is the Controller. Your Personal Data will be processed by Guardance UAB, a legal entity incorporated according to the laws of the Lithania, registry code: 306353686, legal address: Žalgirio str. 88-101, LT-09303 Vilnius; contact email: [email protected]. Guardance UAB being a company registered in Lithuania complies with the requirements of General Data Protection Regulation (European Union) 2016/679 (hereinafter “GDPR”), as well as with the requirements of the laws of the Republic of Lithuania.

We do not process any special categories of Personal data such as dracial or ethnic origin, political opinions, religious or philosophical beliefs etc. If Company finds out that such Personal data has been proceeded, Company will immediately delete such Personal data and will take reasonable measures preventing the processing of such Personal data in future.

We guarantee that we do not sell Users Data directly for a monetary reward. Company will not sell, rent, or loan any personal Information to any third party.

We do not intend to collect personal data of persons under the age of 13 (thirteen) years old.

We collect the following categories of Personal data from you:

• information necessary for your identification such as name, surname, citizenship, address, as well as documents and information necessary for compliance with KYC and AML rules such as copies of your identification documents (passport, ID card, driving license or other documents for the compliance); phone number and email;
• technical data - IP address, language, country, browser type, and version, time zone setting, browser plug-in types, some location information about where you might be, operating system and version;
• data on how you use the Website such as your URL clickstreams (the path you take through the Website), page response times, download errors, how long you stay on web pages, what you - do on those pages, how often, and other actions;
• cookies (please see details in Section 4) We collect Personal data from third parties or other people, such as public databases, credit bureaus, identity verification partners, resellers and channel partners, joint marketing partners, and social media platforms, fraud prevention agencies and partners who help us to provide our services.

We may receive Personal data mentioned in Section 3.1. of the Policy from another service provider that you use in case you consent to it.

We collect information and contact details from publicly available sources, such as media stories, online registers or directories, and websites for enhanced due diligence checks, security searches, and KYC purposes.

Guardarian uses cookies to help Data subjects navigate through the Website and efficiently perform the functions of the Website. Particularly, the following kinds of cookies may be used by Guardarian in accordance with this Policy:

1. Necessary cookies used to detect if the visitor has accepted the marketing category in the cookie banner.
2. Statistics cookies used to:

• register a unique ID that is used to generate statistical data on how the visitor uses the Website.
• throttle request rate.
• allow the visitor to share content from the website onto their social media profile.
• determine the number of visitors accessing the Website.
• store the user's preferences using the Website.

3. Marketing cookies used to:

• collect data on user behavior and interaction in order to optimize the Website and make advertisements on the Website more relevant.
• collect information on user preferences and/or interaction with web-campaign content.
• re-engage visitors that are likely to convert to customers based on the visitor's online behavior across Website. More detailed information is given in our Cookie Policy.

Company processes Personal data provided in Section 3 of the Policy for the following purposes:

• Concluding contracts (partner agreements for participation in affiliate program, exchange service agreements);
• Statistical and analytical purposes;
• User support;
• Sending marketing e-mails and newsletters;
• User’s authorization on the Website;
• Improving the work of the Website;
• Providing User with all the functionality of the Website;
• KYC procedure;
• Analyzing the interaction of Data subjects with the Website for creating and launching marketing and ad campaigns on the Internet. We process your Personal data when:
• You visit and use any page of our Website Platform, regardless of where you visit or use them from;
• You apply for, receive, pay and/or use any of our Services.
• You communicate with us or leave a query;
• You subscribe to our newsletters/marketing e-mails/updates;
• We need to share your Personal data with the authorized third-parties to provide the services, especially for carrying out identity verification, international financial sanctions and politically exposed person screening and conducting KYC and AML procedure;
• We measure or analyze the Website’s traffic.

There are legal grounds necessary for the processing of Personal data and we count on them to process your Personal data. We use the main four grounds to process your Personal data: consent, contract, legal obligation, and legitimate interests:

1. Consent – the freely given, informed, and unambiguous indication of your wishes to the processing of your Personal data for a specific purpose which signifies agreement to the processing of Personal data.
2. Contract – a legal ground for the processing of your Personal data necessary for us to perform a contract or terms and conditions to which you are a party or in order to take steps at your request prior to entering into the contract or terms and conditions.
3. Legal obligations – a legal ground for the processing of your Personal data when it is necessary for compliance with a legal obligation to which we are subject.
4. Legitimate Interests – a legal ground for the processing of your Personal data when it is based on our legitimate interests or the legitimate interests of a third party, provided that those interests are not outweighed by your rights and interests and those interests have a specific purpose, they are necessary, and they are balanced.

For your convenience we prepared this table to make it more comprehensive to understand what Data We process and why.

We may share your Personal data with our third party service providers indicated below:

• SumSub https://www.sumsub.com/ for identity verification, financial sanctions, adverse media and politically exposed person screening and fraud prevention;
• Twilio: https://www.twilio.com/ for phone authentication;
• Powercash21: https://powercash21.com/ card payment service provider;
• Globitex: https://globitex.com/ for SEPA payment;
• Maxmind: https://www.maxmind.com/ services providing fraud-preventing and risk modeling tools;
• website analytics companies to analyze data and improve our services and the Website such as Google Analytics;
• Sendgrid: https://sendgrid.com/ for e-mails sending out;
• advertising companies for marketing purposes such as cGoogle AdWords;
• social media companies to promote and be present in social media such as Facebook, Instagram, LinkedIn, Twitter, YouTube, Telegram, GitHub, Discord, medium, Reddit.

Please, note that in accordance with section your Personal data may be transferred to our partners who are located outside the EEA. This country may not provide the same level of data protection as the legislation of your country of residence. With each of the partners, we accept obligations under the standard contractual clauses adopted by the EU Commission, which give us a legal basis for such transfer.

We may share your KYC data with third party virtual asset service providers that We are in a partnership with and if you wish to establish a business relationship with such virtual asset service providers. We will make sure that We only share Your Personal data with such virtual asset service providers if they comply with the GDPR.

1. Although we and third-party partners take all reasonable and necessary measures to protect your Personal data from unauthorized access by third parties, we must inform you about the potential risks of such storage of your Personal data within jurisdictions outside of the EEA in accordance with Article 49 (1) (a) GDPR. By agreeing to processing of your Personal data in accordance with this Privacy Policy, you give us explicit consent to transfer of your Personal data to jurisdictions outside the EEA, despite all possible risks of such transfer. Among such potential risks are:
2. Existence of rules and regulations on processing of Personal data in such jurisdictions other than GDPR. Despite this, we provide Personal data subjects with the level of guarantees provided to Personal data subjects by GDPR.
3. Obtaining access to your Personal data by government agencies. However, such access can be obtained by these authorities only in accordance with the current legislation of the relevant country and if there are legal grounds for obtaining access. We undertake not to disclose data in absence of a legitimate reason and to do so only to the minimum extent necessary for this. Attempts to illegally access Personal data. We take all the necessary measures to prevent such attempts and prevent unauthorized access to your Personal data.

Each Data subject has the following rights:

• Right of access: the Data subject is entitled to receive from Company the information about Personal data that is processed by Company, the purposes of Personal data processing, the categories of Personal data recipients, the period of Personal data storage, and the information about the transfer of Personal data to other jurisdictions.
• Right to lodge a complaint with a supervisory authority: the Data subject is entitled to file a complaint against Company with a supervising authority of Data subject’s habitual residence or place of work, or with a supervising authority located in a place of possible infringement, or with a supervising authority of Company’s residence which supervises the compliance of Company with Personal data legislation.
• Right to rectification: the Data subject is entitled to rectification of inaccurate data about the Data subject.
• Right to erasure: the Data subject is entitled to erasure the Personal data about the Data subject.
• Right to data portability: the Data subject is entitled to receive Personal data about the Data subject in a structured, commonly used, and machine-readable format and transmit such data to another controller.
• Right to object: the Data subject is entitled to object to Personal data processing on the grounds relating to a particular situation (for example, if Company processes Personal data for marketing purposes).
• Right to withdraw Data subject’s consent to Personal data processing.
• If the Data subject is intending to use one of the rights provided for in para.7.1 of the Policy, the Data subject shall send a mail or an email to Company by using contact details of Company provided for in Section 11 of the Policy.
• Once we receive any of your requests we will consider and decide on it within one month unless there is a justified requirement to provide such information faster. This term may be extended according to the applicable law. We may request specific information from you to confirm your identity when necessary and reasonable. This is a security measure to ensure that Personal data is not disclosed to any person who has no right to receive it. You do not need to pay a fee to access information or other rights but we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive or refuse to comply with your request in these circumstances.

Company takes all the reasonable measures to protect Data subject’s Personal data from unauthorized access by third parties, as well as against loss, misuse, alteration, or destruction of Personal data, including the following:

• Only authorized personnel of Company have access to the Personal data of Data subjects, and these employees and contractors are required to treat this information as confidential.
• We will not permit any third parties to contact you directly on an unsolicited basis in relation to their own products or services. We do not sell, trade, or rent your Personal data to others.
• We use certain security measures to help keep your Personal data safe, but we cannot guarantee that these measures will stop any users trying to get around the privacy or security settings on the Website through unforeseen and/or illegal activity.
• We are constantly improving our data security systems and doing everything in our capacity to prevent its leakage. In case such a leak occurs, we undertake to notify users and the regulatory authority about the incident as quickly as possible, as well as to make every effort to minimize negative consequences.
• We test systems for vulnerabilities and security issues at least once every 12 months.
• Access to confidential data is protected, for example, through passwords or access tokens.
• The incident response processes are tested at least once every 12 months.
• An automated system has been introduced to monitor logs and other security events, as well as to generate warnings about abnormal or security-related events.

We strive to limit the period of Personal data processing to the necessary minimum and not to store them for longer than is reasonably necessary.

We store Personal data as long as we need it and the retention practice depends on the type of data we collect, regulatory burden, and how we use the Personal data. The retention period is based on criteria that include legally mandated retention periods, pending or potential litigation, tax and accounting laws, intellectual property or ownership rights, contract requirements, operational directives or needs, and historical archiving. We’ll generally keep your Personal data for five years after our business relationship ends,or such period as may be required by applicable local laws.

In some circumstances, we may anonymize your Personal data for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

The Policy available is presented in the most up-to-date version. Over time, we may unilaterally amend the Policy, including to comply with the latest changes in the applicable law and jurisprudence. All changes come into force from the moment they are published on this page unless a different period is indicated in the text of the amendments.

Company will make every effort to organize additional ways to notify users of amendments to the Policy, but we ask you to regularly check for the latest version yourself.

If you still have any question or need clarification with regard to our privacy practice, please contact us: Email: [email protected] or fill in the support contact form on the Website with the URL: https://guardarian.freshdesk.com/support/tickets/new.