DEFINITIONS

1. PURPOSE AND SCOPE

   We at Itez are committed to protecting and respecting your privacy. To provide you with our services we have to process some personal information related to you (the “Personal Data”). This Privacy Notice explains how Itez collects, uses, shares, retains and otherwise processes your Personal Data and informs you about your rights regarding such personal data processing.

   Please read this Privacy Notice carefully, as it becomes legally binding when you use the Itez website or Itez mobile application (jointly the “Platform”), as well as any of the services available to you through the Platform.

   If you have any questions or concerns about how we process your personal data, please contact [email protected]

2. DATA CONTROLLER

   The processing of your personal data is performed by Beamloop UAB, the Platform Services Provider being the main controller of your Personal Data, jointly with DataBridge OÜ, the Platform security, and IT solutions provider.

3. COLLECTION OF PERSONAL DATA

   To provide you with our services and meet our regulatory obligations, your Personal Data is collected when you reach the Platform, use the services available therein, or when you reach us on social media, by email, as well as by any other means of communication. Itez may collect your Personal Data from various sources, as described below:

   Source	Details
   Direct interaction	We collect your Personal Data when you provide us with when reaching the Platform, fill in any forms, register or otherwise interact with us.
   Digital interaction	By using cookies and other similar technologies, we may automatically collect certain Personal Data about your visit and use of the Platform, such as your IP address, device data, browser details, information about your visit, as well as other relevant technical information.
   Indirect interaction	We may collect your Personal Data posted on publicly available sources, such as other websites and social media or provided by third parties such as financial institutions, identity verification partners, and state registers.

4. CATEGORIES OF PROCESSED PERSONAL DATA

   The table below explains what personal data we collect and use:

   Category	Details
   Identity data	Your name, personal identification code, date of birth, place of birth, age, citizenship, residence, identity document data, address, facial image, PEP status, and any other information you provide during registration and compliance procedures
   Payments data	Details on your payment method, your credit card details, bank or payment account details, address and details of your electronic wallet, details of the transactions you carry out while using the Platform.
   Financial data	Details regarding your source of funds and income.
   Preferences data	Details regarding your activity in the use of services, services, and products being used, your inquiries and complaints.
   Communication data	Video and audio recordings, any correspondence between you and us.
   Technical data	Details regarding the type of your device, device identifier, IP address, and your device location.

5. PURPOSE AND LEGAL BASIS OF PERSONAL DATA PROCESSING

   We are processing Your Personal Data for multiple purposes and on the legal grounds listed in Art.6 of GDPR, as further described below:

   Purpose	Category of Personal Data	Legal Basis
   Identification and verification	Identity data	necessary for the performance of contractual obligations; necessary to comply with legal obligations; legitimate interest to prevent and detect unauthorized access, prevent frauds and reduce possible damages
   Application of due diligence measures and monitoring of the business relationship	Identity data, Technical data, Payments data, Financial data.	necessary for the performance of contractual obligations; necessary to comply with legal obligations;
   Provision of services	Identity data, Payments data, Communication data, Preferences data, Technical data, Financial data.	necessary for the performance of contractual obligations;
   Cooperation with law enforcement agencies and data protection authorities	Identity data, Payments data, Communication data, Technical data	necessary to comply with legal obligations;
   Marketing	Communication data, Preferences data, Technical data	consent; legitimate interest in the sale of similar products and services
   Customer relationship management	Preferences data, Identity data, Communication data,	necessary to comply with legal obligations; legitimate interest in customer relationship management; performance of contractual obligations;
   Enabling use of services provided by payment service providers	Identity data, Payments data, Communication data, Technical data	necessary for the performance of contractual obligations; necessary to comply with legal obligations;

6. PLACE OF YOUR PERSONAL DATA PROCESSING

   Our operations are supported by a network of servers, computers, and other information technology infrastructure. The Personal Data processing referred to in this Privacy Notice is mostly carried out in Lithuania and is not sent outside the European Economic Area, and if this is done, appropriate protection measures are applied.

7. FORWARDING AND DISCLOSURE OF YOUR PERSONAL DATA

   Any Personal Data you provide is treated as confidential and will not be disclosed to the general public. To provide you with our Services and improve them, perform contractual obligations, meet security standards, and fulfill certain legal obligations, sometimes we may have to share your Personal Data with the following third parties:

   Third Party category	Reason for sharing
   Affiliates and subsidiaries	We may share your Personal Data with our affiliates and subsidiaries in cases where such forwarding is needed to provide you with our Servies and perform corresponding contractual obligations.
   Business partners and service providers	We may share your Personal Data with professional advisors, financial, security, auditing, accounting and other business partners, as well as identity verification and transactions monitoring service providers to comply with legal obligations, provide you with our Services and pursue our legitimate interest to prevent illegal activities, ensure security and maintain regulatory compliance.
   Financial institutions	We may share your Personal Data with banks, payment processors and other relevant financial institutions involved in the Provision of Services, as it is required. We will share your personal data with our payment processors as necessary to process your transactions and provide you with our Services.
   Legal authorities	We may have to forward your Personal Data to law enforcement agencies, regulatory agencies, and other legal authorities to the extent we are obliged to do so according to the law.
   Marketing and advertising partners	We may share your Personal Data with marketing and advertising partners to improve our Services and provide you with customized advertising content.

   The abovelisted third parties have access to your Personal Data only on a “need-to-know” basis and are expected to protect your Personal Data in the same manner as we do, however, we cannot control the processing of your Personal Data by third parties and are not responsible in any way for it.

   The list of all third parties with whom we share your Personal Data is continuously changing and may vary. Thus, please feel free to contact us to know more about third parties with whom we have shared your Personal Data.

8. SECURITY MEASURES AND PROTECTION OF YOUR PERSONAL DATA

   We are serious about the security of your Personal Data. Taking into account the nature of the Personal Data and the threats posed, we have implemented different physical and technical measures to prevent unauthorized access to your Personal Data, keep your Personal Data safe, and make sure it is not improperly used or disclosed.

   All Personal Data processed on the Platform is stored on secure servers with control over access to information using both physical and electronic means.We are also regularly audited to confirm we remain compliant with our security certifications. As part of these audits, our security is validated by external auditors.

9. RETENTION AND DELETION OF PERSONAL DATA

   We store Your Personal Data insofar as it is reasonably necessary to reach the objectives of data processing or until the term stipulated by legal obligation and will delete your Personal Data as far as it is no longer required for the purposes of processing or when the appropriate retention period for Personal Data ends.

   While defining the retention period, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the processing purposes and whether we can achieve these purposes through other means, and applicable statutory obligations.

   Please note, that being subject to certain anti-money laundering laws, we may be required to store and maintain certain kinds of your Personal Data for a significant period of time beyond the closure of your account with us.

10. COOKIES

    Cookies are small text files that are placed on your digital device when you visit our website. Such text files store information about your visit and help our website recognize your digital device and also to remember your preferences. If you wish to get more detailed information on cookies please visit www.aboutcookies.org.

    We use cookies and other similar technologies, like web beacons, for different analytical, marketing, advertising, and technical purposes. This helps us to simplify your navigation on the website, remember your preferences, provide you with relevant information, and analyze how you interact with our tools and services in order to improve your general browsing experience.

11. YOUR RIGHTS

    Depending on the applicable law of your country of habitual residence, you may be able to enjoy certain additional privacy-related rights. If any of the rights listed below are not provided under law in your country of habitual residence, Itez has absolute discretion in providing you with those rights.

    1. Information and Access. You can request us to provide you with a confirmation that your Personal Data is processed, get information about such processing and ask us to provide you with a copy of that information in a structured format.
    2. Rectification. We are doing our best to hold only accurate and up-to-date information about you. However, if the Personal Data we held about you is incomplete or inaccurate, you may request us to update or rectify your Personal Data.
    3. Retention and Erasure. We are not processing your Personal Data longer than it is needed. You can nevertheless ask us ​​to erase your Personal Data. This right may be limited subject to requirements listed in applicable laws.
    4. Objection. You have a right to object to the processing of your personal data and request us to stop the processing of your Personal Data if we are processing your Personal Data for direct marketing, or research purposes or without any corresponding legal grounds for such processing.
    5. Processing restrictions. In certain circumstances, such as when you contest the accuracy or object the processing of your Personal Data, you can ask us to restrict, block or suppress the processing of your Personal Data. If your request is approved, we will stop the processing of your Personal Data, but will continue to store it.
    6. Data portability. You may ask us to provide you with your personal data which you have provided to us in a structured, commonly used and machine-readable format, or, when this is possible, that we communicate your Personal Data on your behalf directly to another data controller.
    7. Consent withdrawal. When the processing of your Personal Data is based on your consent, you are entitled to withdraw your consent at any time. Your withdrawal will not affect the lawfulness of your Personal Data processing when such is based on other legal grounds.
    8. Automated decision-making and profiling. Sometimes we rely on automated processes. You have the right not to be subject to a decision based solely on the automated processing of your Personal Data including profiling, which produces legal or similarly significant effects on you. In general, by making decisions, we do not rely solely on automatic tools, however, If we made a decision about you based solely on an automated process, you may contest such a decision and require human intervention.
    9. Right to lodge a complaint. Your privacy rights are of utmost priority to us and we are always happy to solve any issues and concerns related to the processing of your Personal Data. Thus, in case of any questions please reach us by email [email protected] so we can solve any arisen issue in a prompt and efficient manner. However, if you are not satisfied with our response to your complaint, you have the right to submit a complaint to the data protection authority in your country of habitual residence.
    10. Right to opt out of marketing communications. To ensure you are always up-to-date with our products and services, sometimes we’d like to share with you our latest news. In such case, we will contact you by electronic means for marketing purposes only if you have consented to such communication and based on your marketing preferences. However, if you have changed your mind, you may raise objections with regard to initial or further processing for purposes of direct marketing at any time.

    To exercise any of your rights set out in this section, you can send us an email at [email protected] For security reasons, we may ask you to provide us with proof of your identity.

12. TRANSFER OF YOUR PERSONAL DATA

    To facilitate the Platform, we may transfer your Personal Data outside the EEA to our subsidiaries, business partners, service providers, and other third parties taking part in the provision of our services. To the extent that we transfer your Personal Data outside of the EEA and the UK, we will ensure that the transfer is lawful and that Data Processors in third countries are obliged to comply with the European Union (EU) General Data Protection Act 2016 and the UK Data Protection Act 2018. If transfers of Personal Data are processed in the US, we may in some cases rely on standard contractual clauses.

    By using our products and services, you consent to your Personal Data being transferred to other countries, including countries that have differing levels of privacy and data protection laws than your country. In all such transfers, we will protect your Personal Data as described in this Privacy Notice, and ensure that appropriate information-sharing contractual agreements are in place.

13. PROTECTION OF YOUR RIGHTS

    You may contact Itez in connection with queries and cancellation of consent, and, in regard to the processing of Personal Data, demand the exercise of your rights and lodge complaints in connection with the Processing of your Personal Data.

    Details for contacting Itez companies: [email protected]

    The contact details for the designated data protection specialist for private customers: [email protected]

    In addition, you have the right to contact the Data Protection Inspectorate or a court in their jurisdiction in the event of a violation of their rights. However, please note that we are always ready to help. Thus, before submitting any complaints we are kindly asking you to reach out to us first, to solve any arisen issues swiftly and smoothly.