This Privacy Policy ("Policy") explains how Brontesgate UAB (company code 306947621), registered at Žalgirio g. 88-101, LT-09303 Vilnius, Lithuania ("Company", "we", "our", or "us"), collects, processes, and protects personal data of users of its cryptocurrency exchange platform (the "Platform").
We are committed to protecting your personal data in line with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the Lithuanian Law on Legal Protection of Personal Data, and other applicable EU/EEA data protection laws.
1. Data Controller
Brontesgate UAB is the data controller of your personal data.
Contact details:
📧 Email: gdpr@brontesgate.com
🏢 Address: Brontesgate UAB, Žalgirio g. 88-101, LT-09303, Vilnius, Lithuania
You may exercise your rights by contacting us at the above details. We also cooperate with the State Data Protection Inspectorate of Lithuania (VDAI), the supervisory authority.
2. GDPR Principles
We comply with the GDPR's core principles:
- Lawfulness, Fairness, Transparency – Data is processed legally and transparently.
- Purpose Limitation – Data is only used for explicit, legitimate purposes.
- Data Minimization – Only the minimum necessary data is collected.
- Accuracy – Data is kept accurate and updated.
- Storage Limitation – Data is retained only as long as necessary or legally required.
- Integrity and Confidentiality – Technical and organizational safeguards are applied.
- Accountability – We maintain records and demonstrate compliance at all times.
3. Information We Collect
Personal Data:
- Full name, date of birth, nationality, citizenship
- National ID or passport details
- Contact information (email, phone)
- Proof of address (utility bill, bank statement)
- Biometric or liveness verification data
- Bank account/payment card details
- Cryptocurrency wallet addresses
- Transaction history and communication records
Corporate Clients:
- Legal entity details (name, registration code, address, incorporation documents)
- Details of directors, representatives, and beneficial owners (UBOs)
- Identification documents of directors/UBOs
- Proof of corporate address and good standing
Technical Data:
- Device and browser information (IP, OS, type)
- Usage information (pages visited, actions taken)
- Cookies and analytics data (see separate Cookie Policy).
4. How We Use Your Data
Your data is used for:
- Verifying identity and fulfilling KYC/AML/CFT obligations
- Processing fiat-to-crypto transactions
- Preventing fraud and abuse
- Providing customer support and communication
- Improving Platform performance and security
- Complying with legal/regulatory requirements
- Protecting Company rights and security
We do not use your data for marketing without your explicit consent.
5. Legal Bases for Processing
We rely on the following GDPR grounds:
- Legal obligation – AML/CFT and financial compliance (Article 6(1)(c)).
- Contract performance – Providing services you request (Article 6(1)(b)).
- Legitimate interests – Platform security, fraud prevention (Article 6(1)(f)).
- Consent – For optional activities such as marketing or analytics (Article 6(1)(a)).
6. Data Sharing
We may share your data with:
- KYC/AML providers
- Banking and payment partners
- Blockchain analytics providers
- Regulators or law enforcement when legally required
- Service providers under Data Processing Agreements (DPAs)
We do not sell or rent your data. Third parties only process your data under strict contractual obligations.
7. International Transfers
Where data is transferred outside the EU/EEA, we ensure:
- Adequacy decisions by the European Commission, or
- Standard Contractual Clauses (SCCs), or
- Explicit consent from the user.
8. Data Retention
- KYC/AML records: minimum 5 years from the end of customer relationship.
- Transaction records: retained for at least 5 years.
- General account data: retained while active; deleted or anonymized after closure.
- Marketing data: until consent is withdrawn.
9. Security Measures
We use encryption, secure storage, access controls, and monitoring tools to protect personal data. However, no system is 100% secure; users should also protect their login credentials.
10. Your Rights
You have the following rights under GDPR:
- Right of access
- Right to rectification
- Right to erasure
- Right to restriction of processing
- Right to data portability
- Right to object
- Right to withdraw consent
- Right to lodge a complaint with the State Data Protection Inspectorate of Lithuania (VDAI)
11. Children's Privacy
The Platform is not intended for individuals under 18 years. We do not knowingly collect data from minors.
12. Changes to This Policy
This Policy will be reviewed periodically. Any updates will be published with a new effective date. Material changes may also be communicated by email or via the Platform.
13. Contact Us
For privacy questions or to exercise your rights:
📧 gdpr@brontesgate.com
🏢 Brontesgate UAB, Žalgirio g. 88-101, LT-09303 Vilnius, Lithuania
