HUMB | Crypto Privacy Policy & Data Protection

1. ABOUT HUMB

HUMB UAB (hereinafter referred to as "HUMB" or "we") is a virtual currency exchange operator and depository virtual currency wallet operator established and authorized under the laws of the Republic of Lithuania. HUMB operates website https://www.humb.io/ and its mobile/tablet application (together hereinafter referred to as "website" or "platform") and suggests the following services to both natural persons and legal entities (together hereinafter referred as "Customers", each individually as "Customer", also – as "You"):

Exchange services: Customers can exchange (i) virtual currency to fiat, (ii) fiat to virtual currency, (iii) virtual currency to virtual currency.
Custodian and/or non-custodian virtual currency wallet services: We open an account that has its wallet address, and the Customer can use this wallet address to deposit and withdraw virtual currency.
Virtual asset listing services: placing virtual asset on platform enabling exchange services with this virtual asset within HUMB's platform.

HUMB with its business address at J. Jasinskio st. 16B, Vilnius, LT-03163, Lithuania, registered in the commercial register under Registry Code: 306756840 is the owner and content provider of the platform. As soon as You use HUMB's platform, You entrust HUMB with the processing of Your personal data. Therefore, in this Privacy Policy You are informed which personal data HUMB collects from You, how HUMB processes it and to whom passes it on in detail. In addition, HUMB informs You about the precautions it takes to protect Your personal data, what rights You have in this context and who You can contact regarding data protection issues.

2. ABOUT THIS PRIVACY POLICY

Data protection and the security of transactions are core elements of cryptocurrencies, blockchain technology and their entire global movement. HUMB values the trust that Customers place in us when exchanging cryptocurrencies or using other services on our platform. For this reason, privacy and data security are extremely important to HUMB. It is very important to us that You feel safe when You visit our website and use our services, as well as in all other business transactions with us. HUMB wants to offer You the best possible experience with our platform to ensure that You can enjoy using our services (and/or products, if any) now and in the future. That is why we want to understand user behavior on our platform to continuously improve it. The processing of Your personal data is therefore not only necessary for the services we provide, but also to improve user-friendliness. With regard to the terms used in this Privacy Policy, such as "Processing" or "Controller", we refer to the definitions of the Regulation (EU) 2016/679 of the General Data Protection Regulation (hereinafter - GDPR).

3. APPLICABILITY

No, HUMB's products and services are not meant for anyone under the age of 18. Only people of legal age are allowed to use HUMB's platform, services and register for an account. We therefore do not knowingly collect personal data from minors. So, if You are under 18 years of age, please do not use the HUMB platform and do not provide us with any personal data.

4. CONTROLLER

Who is responsible for data processing and who can You contact?

HUMB is aware that both the protection and careful handling of Your personal data are of a big importance. HUMB will only use the personal data You provide in accordance with the applicable data protection regulations, this Privacy Policy, and Your consent.

HUMB is responsible and/or co-responsible within the meaning of Article 4 paragraph 7 of GDPR and is therefore in charge of the processing of personal data in connection with the services provided. If You have any questions regarding the processing of Your personal data and the exercise of Your rights under the GDPR, You can contact our team: privacy@humb.io.

Please note that we require additional identification data from You for certain inquiries (e.g. Passport, ID card, etc.) to ensure that Your personal data is only passed on to You.

5. DATA CATEGORIES AND SOURCES

What personal data do we process and what sources does the data come from?

We process the personal data that we receive from You as part of the business relationship and use of our website. In addition, we may process data that we receive as service provider and data that we have received from credit agencies, debtor directories, business analysis providers and from publicly accessible sources (e.g. commercial register, register of associations, land register, media, sanction lists).

5.1 Contact data

Natural person: when creating a new user account or communicating as a natural person with HUMB, we may process, for example: name, address, telephone number, e-mail, date of birth etc.

5.2 Identification data

Before starting providing services or engaging in other business relationships, HUMB takes steps to identify and verify the identity of natural persons and legal entity's representatives.

Natural person: employees of HUMB are responsible for the identification of the Customer as a natural person, collection and initial verification of data and documents. Before starting or continuing a business relationship, information for example: name, surname, date of birth, citizenship, address, identity document details like personal code and passport number, telephone number, e-mail, source of income, business relationships, amount of funds, credit/debit card details, bank account details, is collected via mandatory questionnaire. If an account is verified, also depending on the verification level, we may ask to provide utility bill details for residence verification, data about the status of related politically exposed persons, sanctions, and adverse media screenings, proof of source of funds, person's picture or video data for authentication procedure, biometric data for verification, etc.

5.3 Financial data

In the context of purchase and sale transactions of our services, we might process, for example: bank details (IBAN, BIC), information about the payment service provider, virtual asset wallet address, payment details, transaction-ID, orders, etc.

5.4 Log data

During activities on the website, we might process, for example: IP-address, transaction data, deposit and withdrawal address, computer or mobile device information, frequency, time, operating system, browser type, device type, unique device identification number, identification cookies, optionally form data, crash reports, performance data, third-party cookies, etc.

5.5 Mobile app data

When using the mobile app, we might process, for example: IP address, transaction data, deposit and withdrawal address, information on mobile devices, frequency, time, operating system, browser type, device type, unique device identification number, optional form data, crash reports, performance data and only with Your express consent, data from: camera, microphone, storage, phone.

5.6 Details to and proof of funds

If proof of funds is required, we might process, for example: banking statements or other data provided by banks or financial institutions, sales contracts or contracts in general, or other suitable data to prove or determine the origin of the funds, if the daily/monthly or general limits on HUMB are exceeded or it is required by other internal policies of HUMB. Due to the purpose services or trading volume, the additional information about the recent, past or planned business or personal activities of business or private customers or other data may be processed to determine the intentions of the Customer.

5.7 Support inquiries

If You contact our support, we might process, for example: personal data transmitted to the support team when You send a request to HUMB's support team or any other member of the HUMB team.

5.8 Marketing data

If You visit our website or social media sites, we might process statistical and marketing data, for example: number of visitors, frequency, clicks, time, places, target groups, data from cookies and similar technologies (pixels, ClearGIFs, etc.), consumer's behaviour, interests and preferences, data on market research and target group surveys, etc.

5.9 Photo, video and audio data

When we attend or organize events or fairs or conduct interviews with people, we may take photos and other recordings of such events and process photo, video and audio data. However, we will always inform You separately about such recordings.

5.10 Hiring data

If You apply for a job on our website or via LinkedIn, we may process data that is necessary for the recruitment process, for example: contact details, curriculum vitae, qualifications, police clearance certificate, credit report, national identity documents such as passport, driver's license and the data from all these documents, links to Your portfolio or social media platforms, etc.

6. PURPOSE AND LEGAL BASIS FOR USING PERSONAL DATA

For what purposes and on what legal basis do we process Your personal data?

6.1 For the performance of contractual obligations (Article 6 paragraph 1 (b) of GDPR)

Processing of personal data may be necessary to perform the contract with You or to take steps at Your request prior to entering a contract. Such contractual obligations include, for example, the following data processing operations:

General provision of our services, all tasks necessary for the operation, performance and administration of HUMB and its platform.
Account management (e.g. continuous updating of Customer data).
Execution of Your orders (e.g. payment processing, chargebacks, proof of purchase and sale).
Customer service and support requests (e.g. contacting us about complications).
Video authentication process if You register for an account on our website (verification of identity).
Analysis and improvement of the quality of the platform and the general user experience (e.g. performance monitoring on the platform).
Data security and IT security on our website and securing our network (e.g. preventing identity theft and incorrect or suspicious access to our websites).
Recruiting process for new employees.

6.2 For the performance of contractual obligations (Article 6 paragraph 1 (b) of GDPR)

Processing of personal data may also be necessary to abide by various legal obligations. Such legal obligations include, for example, the following data processing operations:

Contract management, accounting and invoicing.
Compliance and risk management.
Know-Your-Customer measures such as video authentication procedures (identity verification) and proof of funds.
Monitoring to prevent fraud, misuse (e.g. for illegal purposes), money laundering and terrorist financing.
Providing information to fiscal criminal authorities in the context of fiscal criminal proceedings or for prosecution according to official orders.
Consulting credit agencies to determine creditworthiness and default risks.

6.3 To protect legitimate interests (Article 6 paragraph 1 (f) of GDPR)

Where necessary, data processing can occur beyond the performance of the contract to ensure the legitimate interests of HUMB or a third party. Such a legitimate interest includes the following data processing operations:

Prevention of fraud, misuse (e.g. for illegal purposes), money laundering and terrorist financing.
Risk management and risk minimization, e.g. through inquiries to credit agencies, debtor directories or providers of business analysis.
Identification and examination of potentially incorrect or suspicious business cases and access to our websites (e.g. website analysis via Sift Science or similar tools).
Data transfer within HUMB for internal administrative purposes.
Account management and processing of general Customer requests and inquiries.
Measures to protect our Customers and partners as well as to ensure network and information security; also measures to protect our employees and HUMB's property, e.g. through video surveillance and external data centres and service providers.
Processing of inquiries from authorities, lawyers, collection agencies in the context of legal prosecution and enforcement of legal claims in the context of legal proceedings.
Market research, business management and further development of services and products.
Processing of statistical data, performance data and market research data via the website, the app or social media platforms (e.g. Facebook, Instagram, LinkedIn, YouTube etc.).
Processing of Customer preferences (e.g. language, region) via cookies on our website.
Marketing and advertising (e.g. implementation of marketing strategies, targeting of customers, dispatch of vouchers, advertisement from HUMB and its partner companies).
Use of audio, video and photo data from public spaces (e.g. public events, fairs, etc.) for marketing and other representing purposes on our social media channels or our website.

6.4 Based on Your consent (Article 6 paragraph 1 (a) of GDPR)

If You have given us Your consent to the processing of Your personal data, the processing will only occur for the defined purposes and to the extent agreed in the declaration of consent. A given consent can be revoked at any time without giving reasons with effect for the future if You no longer agree to the processing. With Your consent, we process data for the following purposes, for example:

For the use of all functions of the mobile/tablet app (e.g. telephone permission to read the SMS confirmation, camera to scan barcodes, microphone for commands, etc.).
Direct marketing and advertising (e.g., Customer satisfaction surveys, newsletters, sweepstakes, and other advertising communications).
Website analysis and tracking for advertising purposes.
Certain uses of audio, video and photo data (e.g., commercials, interviews, etc.) for marketing and other representing purposes through various channels.
Automated authentication process (identity verification).
Application management system, recruitment process and processing of Your application.

7. SPECIAL CATEGORIES OF PERSONAL DATA

Does HUMB process special categories of personal data?

No, in general, HUMB does not process any special categories of personal data from Customers. This includes data that reveal racial or ethnic origin, political opinions, religious or ideological convictions or trade union membership, as well as genetic and biometric data (Article 9 paragraph 1 of GDPR).

8. RECIPIENTS OF PERSONAL DATA

Who receives Your personal data?

8.1 Data transfer within the HUMB Group

Within HUMB, those departments or employees will receive Your personal data who need it to fulfil contractual and legal obligations and legitimate interests. We transfer personal data for the purpose of our day-to-day business operations such as account management and other processes You have requested, as well as for the efficient performance of internal administrative activities in a joint manner and for the maintenance and improvement of our products and services.

Joint Controllership: If HUMB acts together with other parties as joint controller (e.g. processing of data for jointly defined purposes within a group of associated entities), we may provide those parties with personal data if applicable and based on at least one of the legal bases mentioned above under Point 7. In case of a joint controllership, we transfer Your personal data only based on a sufficient agreement with our partners (Article 26 of GDPR).

8.2 Data transfer to processors

To a limited extent, we also transfer personal data to processors who provide services for us such as video authentication services, IT services, Customer support, accounting, invoicing, application management, legal services, etc. Processors may only use or pass on this data insofar as this is necessary to provide services for us or to comply with legal regulations. We contractually oblige these processors to guarantee the confidentiality and security of Your personal data that they process on our behalf.

8.3 Data transfer to public bodies and institutions

We may also transfer Your personal data (i) if we are required to do so by law or during legal proceedings, (ii) if we believe that disclosure is necessary to avoid damage or financial loss, or (iii) in connection with an investigation into suspected or actual fraudulent or illegal activities.

8.4 Data transfer to other third parties

Before starting providing services or engaging in other business relationships, HUMB takes steps to identify and verify the identity of natural persons and legal entity's representatives.

9. INTERNATIONAL DATA TRANSFER

Is data transferred to third countries or international organizations?

Your personal data may be accessed, transferred and/or stored by employees or suppliers at a destination outside the country in which You are located, whose data protection laws may be of a lower standard than those in the European Union. However, HUMB will in all circumstances protect personal data in accordance with this Privacy Policy.

If we process personal data in a third country (outside the European Union (EU) or the European Economic Area (EEA)) or if this happens in the context of the use of third-party services or disclosure and/or transfer of personal data to third parties, we only transmit personal data to the performance of our (pre)contractual obligations based on Your consent, a legal obligation or our legitimate interests. Subject to legal or contractual permissions, we process or have processed personal data in a third country only if the conditions of Article 44 of GDPR are met. This means, for example, that the processing and transmission takes place on the basis of special guarantees, such as compliance with a code of conduct or a certification mechanism as well as binding and enforceable commitments from the recipient in the third country to apply the appropriate guarantees for the protection of the data or compliance with officially recognized special contractual obligations, which have been announced by the European Commission (known as "Standard Contractual Clauses").

10. SOCIAL MEDIA PRESENCE

General: HUMB maintains social media presences on various platforms (see below) to communicate with its active Customers, potential customers and interested social media users about HUMB's services, products and other news. When accessing such social media platforms, the general terms and conditions and the privacy policies of these operators also apply. We would like to point out that user data can also be processed outside of the European Union. This can result in risks for users due to different legal frameworks (e.g. the enforcement of data subject rights could be made more difficult).

As part of the technical process of various social media platforms (e.g. Instagram, Facebook, LinkedIn, X etc.), when You click on a content or a website You are visiting, they find out whether You are logged into Your social media account at the same time. This information is collected by social media platforms and assigned to Your social media accounts, regardless of whether You click on the content of this platform or not. By logging out of Your accounts, You can prevent these companies from associating the collected information with Your accounts.

The activities of these companies are not controlled by HUMB and therefore we do not accept any liability for any damage You may suffer because of the use of Your data by these companies.

Controller: HUMB may only process personal data from social media users if they communicate directly with HUMB via such platforms (e.g. visitors number, posted articles, likes, direct messages, Customer inquiries, comments, etc.). In these cases, HUMB is also responsible for processing the personal data collected thereby. In addition to data processing by us, other providers, in particular operators of social networks and platforms, also process personal user data. We have no influence on this data processing and are not responsible for it — the data processing takes place exclusively in responsibility of the other providers.

11. NEWSLETTER

What is the legal basis for electronic notifications and how to unsubscribe?

In our e-mail newsletter we inform You about HUMB's services and products. If You would like to receive our newsletter, You must register with Your email address. We only send newsletters and other electronic notifications with Your express consent if You have subscribed to them (double opt-in) or which are recorded when registering for a HUMB account or if there is a legal basis for this. In the double opt-in procedure, we check whether You are the owner of the specified email address or whether the owner agrees to receive electronic notifications. This procedure serves as proof if a third party misuses an e-mail address by registering for the newsletter without the knowledge of the authorized party.

Our newsletter is carried out by our own technology team using our own technology stack. Such web beacons enable us to better understand our Customers' interactions with the newsletter. They perform a similar function as cookies but are not visible to the user. Web beacons can be used to obtain information about whether an email has been opened and whether the user's system can receive HTML emails.

By checking the respective separate box for news and updates by email (newsletter), You expressly consent to receiving electronic communication as described above in point 12.

12. RETENTION AND DELETION PERIODS

How long will my personal data be processed (stored) and when will it be deleted?

HUMB processes and stores Your personal data only for as long as it is necessary for the fulfilment of the purpose of data collection, as required by legal retention periods, or as long as consent has been given. After the purpose has been achieved or upon expiry of the relevant period, the corresponding data will be routinely deleted.

13. DATA SUBJECT RIGHTS

You have the following rights regarding Your personal data:

Right of access: You have the right to request confirmation from us as to whether we are processing personal data related to You. When processing personal data related to You, You have the right to receive information from us about the personal data stored about You and to receive a copy of the personal data processed about You within a reasonable period.

Right to rectification: You shall have the right to request the rectification of incorrect personal data concerning You. Considering the purposes of the processing, You also have the right to have incomplete personal data completed — also by means of providing a supplementary statement.

Right to erasure: You shall have the right to request HUMB to delete Your personal data if one of the following reasons applies and no further processing is required:

The personal data are no longer necessary for the purposes for which they were collected.
The personal data have been illegally processed.
The deletion of personal data is necessary to fulfil a legal obligation under European Union or Member State law to which HUMB is subject.

Requests for the deletion of personal data must contain the respective ground (Article 17 paragraph 1 of GDPR).

Right to restriction of processing: You shall have the right to request that we restrict processing if one of the following conditions is met:

You dispute the accuracy of the personal data (the restriction applies for a period that enables HUMB to verify the accuracy of the personal data).
The processing of Your personal data was unlawful, and You refuse to delete Your personal data and instead request that its use is to be restricted.
HUMB no longer needs Your personal data for processing purposes, but You need them to assert, exercise or defend legal claims.
You have objected to the processing of Your personal data, and it has not yet been determined whether HUMB's legitimate grounds outweigh Your own.

Right to data portability: You shall have the right to receive the personal data concerning You that You have provided to us in a structured, commonly used and machine-readable format. You also shall have the right to have this data transmitted directly to another controller named by You, insofar as this is technically feasible and the rights and freedoms of others are not impaired. The right to data portability can only be exercised if the processing is based either on Your consent or on a (pre)contractual necessity and where the processing is automated. The right to data portability does not apply to processing which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Right to object: You have the right to object to the processing of Your personal data at any time if the processing is based on our legitimate interests. If You object to the processing, we will no longer process Your personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh Your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. The objection does not affect the legality of the processing of Your personal data based on legitimate interests until You withdraw Your consent.

Contact: To exercise any of the above rights, You can send an email to privacy@humb.io or a letter to HUMB UAB, J. Jasinskio st. 16B, Vilnius, LT-03163, Lithuania. Please note that for such inquiries we need further identification data from You (e.g. Passport, ID card, etc.) to ensure that Your personal data is only passed on to You.

We will answer to Your inquiry within 30 days from the day we receive it.

14. OBJECTION ADVERTISEMENT

How can I object to the processing of my data for advertising purposes?

You can object to the processing of Your personal data for advertising purposes at any time. Please contact us at privacy@humb.io.

15. AUTOMATED DECISION-MAKING

Does HUMB use my personal data for automated decision-making including profiling?

HUMB does not use fully automated decision-making within the meaning of Article 22 of GDPR. However, HUMB may use profiling techniques (e.g. to prevent fraud and money laundering) in certain cases to assess specific personal aspects and provide Customers with better services. In these cases, HUMB will inform You separately.

16. PROCESSING FOR OTHER PURPOSES

Is my personal data processed for purposes other than those for which the personal data was collected?

If HUMB intends to process personal data for a purpose other than that for which the data was collected, HUMB will inform You of this other purpose prior to processing and provide You with all other relevant information. Of course, HUMB will only process Your personal data for other purposes if this is permitted by the legal requirements or if You have given Your consent.

17. SUPERVISORY AUTHORITY

Which supervisory authority can I submit a complaint to?

You have the right to complain to the responsible supervisory authority if You are of the opinion that Your rights under the GDPR or local legal acts have been violated. In Lithuania this is the State Data Protection Inspectorate.

18. DATA SECURITY

How is my personal data protected?

The security of data is very important to HUMB, and we are committed to protecting the data we collect. We maintain comprehensive administrative, technical and physical measures to protect Your personal data from accidental, unlawful or unauthorized destruction, loss, modification, access, disclosure or use. These measures correspond to the highest international safety standards and are regularly checked for their effectiveness and suitability for achieving the desired safety requirements.

For example, we have implemented the following technical and organizational measures:

SSL encryption on our websites from which we transfer personal data.
Two-factor authentication (2FA) for our platform.
Ensuring the confidentiality, integrity, availability and resilience of our systems and services.
Use of encrypted systems.
Pseudonymization and anonymization of personal data.
Entry, access and transfer control for our offices and systems.
Measures of quick restoring of the personal data availability in the event of a physical or technical incident.
Measures for privacy by design and default on our platform such as preventing user enumeration.
Implementation of procedures for the regular review, assessment and evaluation of the effectiveness of the technical and organizational measures to ensure the security of processing, e.g. our bug bounty program.
Internal IT security guidelines and IT security training courses.
Incident-response management.

19. UPDATES OF THIS PRIVACY POLICY

How do I find out about changes to this Privacy Policy?

HUMB reserves the right to amend this Privacy Policy at any time with effect for the future, in particular to adapt it to a further development of the website, services, or legal requirements. The current version of the Privacy Policy is always available on our website. We recommend that You check the Privacy Policy regularly for any updates.

20. HOW TO CONTACT US?

If You have any questions about this Privacy Policy or the processing of Your personal data, please contact us:

HUMB UAB
J. Jasinskio st. 16B
Vilnius, LT-03163
Lithuania
Email: privacy@humb.io

Thank You for reading our Privacy Policy!