Privacy Notice

Brighty

Welcome to the “App”

Who We Are

  • Depending on the type of App Services you opt for as a User, the Controller of Your Personal Data shall be one or both of the following Brighty group companies:
    • For cryptocurrency-related Services: Brighty Digital UAB, a Lithuanian Company with registration number 306099818, having its registered address at Konstitucijos pr. 21, Vilnius, Lithuania.
    (the “Company” “We” “Us” “Our”).
  • By using Our App and Our Services, You acknowledge reading and fully considering this Privacy Notice.
  • The Company acknowledges that in collecting Your Personal Data We are bound by the GDPR. For any further request or query about how We use Your Personal Data, You may address Us/Our Data Protection Officer through the following email address: privacy@brighty.app.
  • Any notice, demand, request or other communication which You address to the Company shall either be sent by certified mail, return receipt requested, or by e-mail. All communication done by e-mail shall be deemed received on the business day following the day of transmission.

Definitions

Capitalised terms in this Notice shall have the meaning assigned to them under the GDPR, and shall be construed accordingly. Furthermore, the following definitions shall apply:

  • Account – an account provided to You by the Company upon Your registration and acceptance of the Terms and Conditions for use of the Services.
  • GDPR – the General Data Protection Regulation (EU) 2016/679, of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC, as amended, replaced or superseded and in force from time to time.
  • Services – the traditional/fiat currency and cryptocurrency-related Services provided by the Company through the App, as defined in our Terms and Conditions.
  • User – any person who registers an Account and uses the App (“You”, “Your”).

Subject Matter

  • This Privacy Notice informs You how the Company collects, processes, uses, stores and protects Your Personal Data as well as the rights You have with respect to the processing of Your Personal Data, when using the Services.
  • The Company reserves the right to amend and update this Privacy Notice, whenever it deems appropriate, and any changes thereof shall come in force and effect from the instance they appear online on the App. Any substantial modifications to this Privacy Notice will be communicated to You.

Principles of Data Processing

  • We fully respect Your fundamental rights and consider the protection of Your Personal Data to be a priority. Accordingly, when processing Your Personal Data, We respect the following basic principles:
    • We submit Your Personal Data only to lawful and fair processing, and We maintain full transparency vis-à-vis the way We handle Your Personal Data.
    • We collect and process Your Personal Data only for specified, explicit, and legitimate purposes as outlined in this Privacy Notice, and We do not process it further in any manner incompatible with these purposes.
    • We process Your Personal Data only to the extent that it is necessary and appropriate to the purposes for which it is collected.
    • We make reasonable efforts to ensure that Your Personal Data is accurate and updated, taking all reasonable steps to immediately delete or correct it in case of inaccuracy.
    • We process Your Personal Data in a manner that guarantees its security by using appropriate technical and organizational measures.
  • In general, We comply with all applicable laws and statutory obligations as Data Controller of Your Personal Data.

Types of Personal Data We Process

Capitalised terms in this Notice shall have the meaning assigned to them under the GDPR, and shall be construed accordingly. Furthermore, the following definitions shall apply:

  • At the point of Your Account registration and use – “Registration and Operational Data”, including the following:
    • Legal Name and Surname;
    • We will determine the applicable conversion rate from time to time using the over the counter and exchange rates available to us.
    • E-mail address;
    • Active phone number;
    • Password;
    • Transactional data (e.g. IBAN and other bank details);
    • Cryptocurrency wallet addresses;
    • Information about Yourself as prompted by Our App and any applicable registration and information input forms.
  • During Your business relationship with Us - Know Your Customer Data (KYC), including the following:
    • Government-issued proof of identity documents;
    • Proof of address documents issued in the last six months;
    • Source of funds information;
    • Any mandatory information as per applicable Anti-Money Laundering and Counter-Terrorist-Financing laws and regulations.
    Depending on the circumstances of the relationship, we may collect additional KYC Data.
  • Any other Personal Data directly provided by You during Your interaction with Us.

Purposes and Legal Basis for Data Processing

  • The Company may process Your Personal Data to fulfill its obligations under the Terms and Conditions, for the following purposes:
    • Administration and development of the App and the Services;
    • Enhancement of user experience, including the provision of personalized Services and improvement of the App and the Services;
    • Verifying compliance with the Terms and Conditions of the App.
  • The Company may process Your Personal Data to comply with its legal obligations, for the following purposes:
    • Detection of money laundering, terrorist financing, fraud and other financial crimes on the App.
  • The Company may process Your Personal Data based on our legitimate interest to promote our Services and develop our business, for the following purposes:
    • Commercial communication, rewards and promotional programs relating to Our Services.
  • The Company may process Your Personal Data only with Your lawful consent for the following purpose:
    • General marketing and promotion.
  • You have the right to withdraw Your consent at any time in writing to Our contact details mentioned in this Notice. Withdrawal of Your consent does not affect the lawfulness of the treatment of Your data prior to its revocation.

Data Recipients

  • For the execution of the purposes mentioned in this Privacy Notice, We may provide access or transmit Your Personal Data to the following recipients ("Data Processors"):
    • Third-party customer verification and identification providers;
    • Our internet and data hosting providers for hosting purposes;
    • Third-party providers for the smooth operation of the App and Our information and communication systems;
    • Third-party digital asset custody technology providers;
    • Third-party cryptocurrency risk intelligence providers;
    • Third party marketing partners for marketing and promotional purposes;
    • Third party analytical tools providers
    • Third-party payment providers for payment facilitation purposes;
  • The processing of Your Personal Data by Our Data Processors is done under a contract compelling Data Processors to the same level of data protection provided under this Privacy Notice.
  • We will not disclose Your Personal Data with any third parties outside of the European Union . However, in the event that such a data transfer occurs, We will take all reasonable steps possible to ensure that Your data is treated as securely as it is within the European Union and in accordance with this Privacy Notice and applicable legislation. Additionally, We will update this Privacy Notice to reflect the cross-border data transfer and the relevant safeguards for Your privacy.
  • In the event that We are required by a court or other administrative authority, pursuant to an investigation relating to unlawful activities such as money laundering and in any other case that We are legally bound to do so, the Company may transfer Your Personal Data to public authorities to the extent specified by law.

Data Security and Confidentiality

  • The Company applies internal policies and takes all appropriate organizational, technical and procedural security measures, as well as technical standards, in accordance with applicable laws and regulations for the proper use and integrity of Your Personal Data and to prevent unauthorized or accidental access, processing, deletion, alteration or other use.
  • The processing of Your Personal Data by the Company is conducted in a secure and confidential manner, taking into account the latest developments, implementation costs and the nature, scope, context and purposes of the processing, as well as the risks for Your rights and freedoms, which are applicable in each circumstance.
  • Your Personal Data is processed solely by authorised personnel of the Company, bound by strict obligations of confidentiality.

Retention of Personal Data

  • We retain Your Personal Data for the lifetime of your Account plus five years beyond Account closure, in accordance with the Data Minimisation and Storage Limitation principles.
  • Furthermore, the Company may retain Your Personal Data after the expiration of the relevant processing purposes for the following reasons:
    • In case We have a legal obligation to retain Your Personal Data under a relevant statutory provision.
    • Based on Our legitimate interest to defend the Company against any potential legal claims, before any competent court or public authority.
  • After the retention period, Your Personal Data is erased from Our databases and systems.
  • For more information about data retention terms in relation to specific Personal Data, please contact Us at privacy@brighty.app.

Your Rights

  • You have the right:
    • To request access to Your Personal Data and information related to its processing and obtain a copy thereof.
    • To request for the rectification of any inaccuracies or missing Personal Data.
    • To request the erasure of Your Personal Data.
    • To request the restriction of the processing of Your Personal Data in cases explicitly provided for by law.
    • To object to the processing of Your Personal Data in cases explicitly provided for by law.
    • To object to a decision taken solely on the basis of automated processing, including profiling, which has impact on You or significantly affects You.
  • Any requests relevant to the above Section 10.1 must be addressed in writing to support@brighty.app.
  • If You feel that Your rights are infringed, You have the right to file a complaint with the Estonia Office of the Data Protection Inspectorate at the following website https://www.aki.ee/en/guidelines/how-can-we-help-foreign-persons-and-authorities or the Lithuania Office of the State of the Data Protection Inspectorate at the following website https://vdai.lrv.lt/en/

Your Obligations

By using Our Website and by providing Your Personal Data, You acknowledge that You are required to provide Your actual, accurate and complete data as requested by the Company. Furthermore, You must inform Us of any changes to Your information so as to ensure it is kept up-to-date and accurate

Cookies

Our Website uses cookies. For more information please review Our Cookie Notice