Privacy Policy

Last updated: 10 May 2023

  1. Who are we?

As used herein, “Monitok” refers to the company Monitok, UAB, company code 306005345, address Užupio st. 30, LT-01203 Vilnius, Republic of Lithuania, including without limitation thereby, its owners, directors, investors, employees or other related parties. Monitok, UAB is a company with limited liability, incorporated under the laws of Lithuania. Depending upon context, “Monitok” may also refer to the Services, products, Site, content or other materials (collectively, “Materials“) provided by Monitok.

Monitok, UAB and its affiliates (hereinafter, “Monitok“, “we”, “us” or “our”) are committed to protecting and respecting your privacy. This Monitok privacy policy (the “Privacy Policy”) (together with our Terms of Use) governs our collection, processing, and use of your Personal Data.

In this Privacy Policy, you or Data Subject mean any person whose Personal Data is processed by us and the term “Personal Data” means any information or set of information by which we may directly or indirectly identify you, such as your name, email address, telephone number, etc. We process Personal Data in accordance with the provisions of the General Data Protection Regulation No. 2016/679 (EU) (the “GDPR”), the requirements of the applicable legal acts, as well as the instructions of the authorities or internal regulation.

If you use the Materials, subscribe to our newsletters, or contact or address us on any other issues, we assume that you have read and agreed to the terms of this Privacy Policy and the purposes, methods, and procedures for the use of your Personal Data specified therein. If you do not agree with the Privacy Policy, you may not use our Services or otherwise interact with us. This Privacy Policy is subject to change, so please visit this site from time to time and read the latest version of the Privacy Policy available herein.

  1. What is the purpose of this Privacy Policy?

We, Monitok, respect your privacy and make every effort to ensure the security and confidentiality of your Personal Data and other information.

The purpose of this Privacy Policy is to inform you of:

  • The types of Personal Data which we may collect about you and how it may be used;
  • Any disclosure of Personal Data to third parties;
  • Your ability to correct, update and delete your Personal Data;
  • The security measures we have in place to prevent the loss, misuse, or alteration of Personal Data under our control;
  • Retention of your Personal Data.
  1. Definitions

Account: access which is granted to Users as set out in our Terms of Use.

Platform: hardware and software technologies which are used by Monitok to provide Service as set out in our Terms of Use.

User: a person or legal entity who register on their own or on behalf of an entity or organization to use the Service provided via Platform.

Site: operated by Monitok.

Service: a non-advisory, execution-only dealing service to you in relation to Transactions.

Transaction: means (i) the agreement between the Buyer and the Seller to exchange Cryptocurrency through the Service for currencies at a commonly agreed rate (“Crypto-currency Purchase Transaction“), (ii) the conversion of currencies into Crypto-currency deposited by Members on their account (“Conversion Transaction“), (iii) the transfer of Crypto-currency among Members (“Crypto-currency Transfer Transaction“), (iv) the transfer of currencies among Members (“Currency Transfer Transaction“) and (v) the purchase of ancillary products (“Purchase Transactions“). Monitok may not offer all of these types of transactions at this time or in all places.

  1. Which Personal Data is collected from you?

We collect and process Personal Data about you directly from you when you contact us, register to use the Platform or submit such information as a part of the Know-Your-Client (“KYC”), as well as automatically through your use of the Platform. We may also collect or receive Personal Data from third party service providers, state institutions or other persons that may have a legal ground to provide the Personal Data to us.

Personal Data we collect directly from you

Identification Information: We collect the following information when you register an Account: Full name, e-mail address, the purpose for opening the account and related information (such as planned turnover, average transaction size and count). We also collect any other information relating to you which you have provided to us in any forms that you may have submitted to us, or in other forms of interaction with you.

Financial Information: Your bank account information, credit card information (including the card number, expiry date and CVC), country wallet address (BTC), tax identification number, transaction status and history and trading data.

Transaction Information: includes transaction information as you use our Services, including deposit snapshots, account balances, trade history, order activity and distribution history, bank account number, identification data of electronic money account, account statement, risk assessment/scoring and offer details.

Information collected in accordance with the requirements of the laws (KYC, AML and Identity Verification Policy): Results from Politically Exposed Persons (PEP) screening & sanction screening, any additional Personal Data required for proving Source of Funds (e. g. employment contract, certificate of inheritance, etc.), data on the management structure and business activity, etc.

Information for administering and submitting of suspicious monetary operations or transactions to competent authorities under AML: includes information that the person’s property is derived directly or indirectly from or through participation in a criminal offense or that such property is related to terrorist financing.

Profile Information: includes your Account full name and password, preferences, feedback and survey responses.

Employment Information: includes your employment history, education background and income levels.

Candidates Information: Personal Data that you provide to us in your CV and during the job interview (e.g. full name, contact details, information about education, work experience, foreign language skills and etc.)

Communications with Us: We collect information you give us during any support and feedback communications via email, telephone, or when you contact us through contact forms on the Platform. We use this information to respond to your inquiries, provide support, facilitate transactions, and improve our Platform.

Usage Information: Information about your use of our Platform, including cookies, IP (internet protocol) address, computer and connection information, device type and unique device identification numbers (e. g. IMEI number, MAC address), bandwidth, mobile network information, mobile operating system and type of mobile browser, statistics on page views, and traffic to and from our websites, and other technical data collected through cookies and other similar technologies that uniquely identifies your browser. 

Marketing and Communications Data includes your consent and preferences in receiving direct marketing from us and our third parties and your communication preferences.

Please note that if you are acting as an authorized individual on behalf of a User and are providing Personal Data for such User, you are responsible for ensuring that you have all required permissions and consents to provide such Personal Data to us for use in connection with the Platform and that our use of such Personal Data you provide to the Platform does not violate any applicable law, rule, regulation or order.

We are required by law to notify the Financial Crime Investigation Service if we know or suspect that assets of any value are derived directly or indirectly from or as a result of a criminal offense, and if we know or suspect that such property is related to terrorist financing.

Please note that the Personal Data we collect and provide to the Financial Crime Investigation Service is required in order for us to meet our regulatory requirements (such as Anti-Money Laundering and Know-Your-Customer regulations), and to safeguard our legitimate interests. In the event that you will not provide such information, we may not be able to provide our Service.

  1. How is your Personal Data collected? 

We use different methods to collect Personal Data from and about you including through: 

  • Direct interactions 

You may provide us with your Personal Data by filling in forms or by corresponding with us via our Site or API or by post, phone, email or otherwise. This includes Personal Data you provide when you: 

  1. apply to use our Services; 
  2. create an Account on our Platform; 
  3. give us some feedback or lodge a query. 
  1. Third parties or publicly available sources 

We may receive Personal Data about you from various third parties and public sources as set out below: 

  1. Our partner who shares your Personal Data with us so that (a) you can use our Service on their behalf; and (b) they can pay money to you (for example, your salary if you are their employee or payment for goods and/or services if you are their supplier);
  2. analytics providers such as Google based outside the EU; 
  3. advertising networks such as Google based inside OR outside the EU; and 
  4. search information providers Google based inside OR outside the EU; 
  5. Electronic Identity Verification providers from data brokers or aggregators based inside or outside the EU; 
  6. We may also record and verify personal identity documents such as passports electronically including screen grabs; 
  7. Identity data and contact data from publicly availably sources based inside the EU; 

In order to provide contracted Service, we may need verify details with Credit Reference agencies, anti-Fraud agencies, Sanction screening and politically exposed persons (PEP) listings. 

  1. Data We Collect Automatically

When you use the Platform, our servers automatically record information using cookies and other tracking technologies, including information that your browser sends whenever you visit the Platform. This log data may include your Internet Protocol address, the address of the web page you visited before coming to the Platform, your browser type and settings, the date and time of your request, information about your browser configuration and plug-ins, language preferences, and cookie data.

In addition to log data, we may also collect information about the device you use for the Platform, including what type of device it is, what operating system you’re using, device settings, unique device identifiers, and crash data. Whether we collect some or all of this information may depend on what type of device you’re using and its settings.

We may combine this information with other information that we have collected about you, including, where applicable, your full name, username, email address, and other Personal Data.

Further information on how We use cookies and other tracking mechanisms is laid out in our Cookie Policy.

  1. Lawful basis for processing Personal Data

We process your Personal Data using one of the following legal basis:

  1. Performance of a contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract;
  2. Legitimate interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your Personal Data for our legitimate interests. We do not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us;
  3. Legal requirement means processing your Personal Data where it is necessary for compliance with a legal or regulatory obligation that we are subject to;
  4. Consent means processing your Personal Data using your written consent.

Note that we may process your Personal Data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground, we are relying on to process your Personal Data.

Generally, we do not rely on consent as a legal basis for processing your Personal Data other than in relation to sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.

  1. What are the purposes of Personal Data processing?

How We Use Your Data

We will only use your Personal Data when the law allows us to. Most commonly, we will only disclose your Personal Data to the third parties which shall be considered as data processors for the following purposes:

  • To provide our Platform to you, to facilitate communications and transactions on the Platform, to communicate with you about your use of our Platform, to respond to your inquiries, to fulfill your orders, and for other customer service purposes;
  • To process transactions – in order to allow you to make the payment(s) and/or receive funds through your payment devices and by the Platform;
  • To verify your identity – in order to verify your identity, perform transactions you instruct on us or for the purposes of fraud detection or protection, or in other situations involving suspicious or illegal activities we use and share your Personal Data with credit-checking/reference agencies and fraud prevention agencies. We may as well perform a search of your credit file, if this is necessary and/or required to deliver our Service to you;
  • To perform our Service and payments – we use and share your Personal Data with banking, including Electronic Money Institutions, crypto exchanges and financial service partners such as banking intermediaries, international payment services providers and regulated distribution agents;
  • To tailor the content and information that we may send or display to you, to offer location customization, and personalized help and instructions, and to otherwise personalize your experiences while using our Platform;
  • To better understand how Users access and use the Platform, both on an aggregated and individualized basis, in order to improve our Platform and respond to User desires and preferences, and for other research and analytical purposes;
  • To manage our relationship with you, including notifying you about changes to our Terms or Privacy Policy, ask you to leave a review or take a survey;
  • To pursue legitimate interests of the Company – video or electronic surveillance for the protection of property and health, legal compliance, IT systems monitoring, fraud prevention, debt management;
  • To administer and protect our business and this Site (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data);
  • For direct marketing and promotional purposes. For example, we may use your Personal Data, such as your email address, to send you news and newsletters, special offers, and promotions, to conduct sweepstakes and contests, or to otherwise contact you about products or information we think may interest you. We also may use the information that we learn about you to assist us in advertising our Platform on third-party websites.

In addition, we or our partners may transfer or disclose your Personal Data to:

  • comply with any legal obligation required under legal requirement (e. g. to state authorities);
  • enforce any part of our agreements concluded between you and us or to investigate potential breaches; or
  • protect our rights or our property, or those of our other clients. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction. 

We require all third parties to respect the security of your Personal Data and to treat it in accordance with the law. We do not allow our third-party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions.

  1. How is your Personal Data processed?

When processing your Personal Data, Monitok follows the following principles of Personal Data processing:

  • Your Personal Data is processed only to the extent necessary to achieve the relevant, clearly defined and legitimate purposes, taking into account the protection of your privacy;
  • Your Personal Data is processed accurately, fairly and lawfully and only for purposes that are consistent with the purposes for which your Personal Data were collected prior to collection;
  • Your Personal Data is processed strictly in accordance with the statutory requirements for clear and transparent processing of Personal Data;
  • Your Personal Data will be processed only in a form that identifies you for no longer than it is necessary for the purposes for which the Personal Data are processed;
  • The processing of your Personal Data is subject to relevant technical and organisational measures to ensure the security of Personal Data, including protection against unlawful data processing and unintentional loss, destruction and damage.
  1. How your Personal Data is shared?

In order to ensure a continuous operation and the proper provision of services, we may disclose your Personal Data to our employees, managers, suppliers, subcontractors, and service providers, if reasonably necessary to achieve those purposes.

We may also transfer your Personal Data to subsidiaries or mother company of Monitok and to third parties who process your Personal Data and/or have access to them, on our behalf and upon our instructions, e.g. to the providers of IT systems, acquiring and card issuing banks, third-party authentication vendors, accounting and financial services companies, cloud and hosting providers, payment partners and other persons who help us to duly provide you with the Service. In this case, Monitok will take appropriate measures to ensure that the processors involved process the Personal Data assigned to them solely for the purposes we have specified, and only perform the actions we have been instructed to do and ensure appropriate organisational and technical security measures for the protection of Personal Data.

We have the right to transfer your Personal Data to state or local government institutions and authorities, law enforcement and pre-trial investigation institutions, courts and other dispute resolution institutions, other persons performing functions assigned by law, in accordance with the procedure provided for by legislation of the Republic of Lithuania. We provide these entities with mandatory information required by law or specified by the entities themselves. In addition, your Personal Data may be transferred to the persons providing legal services where such Personal Data need to be disclosed in order to identify, implement or defend your rights and legitimate interests.

We use best efforts to ensure that your Personal Information is protected in accordance with our Privacy Policy and applicable data protection laws. Your Personal Data may be transferred to the countries outside EU/EEA countries. If your Personal Data will be transferred to the countries outside EU/EEA countries, we shall protect the processing of your Personal Data through contractual means (such as by using the standard contractual clauses approved by the European Commission for data transfer) or other means (such as ensuring that the European Commission decisions determined that such jurisdictions offer adequate level of protection) or other necessary security measures as required by applicable laws. 

Any third party that receives or has access to Personal Data shall be required by us to protect such Personal Data and to use it only to carry out the services they are performing for you or for Monitok, unless otherwise required or permitted by law. We will ensure that any such third party is aware of our obligations under this Privacy Policy and we will enter into contracts with such third parties by which they are bound by terms no less protective of any Personal Data disclosed to them than the obligations we undertake to you under this Privacy Policy or which are imposed on us under applicable data protection laws.

  1. What rights do you have and how do you implement them?

As a data subject, you have the following rights regarding your Personal Data:

  • request to know (to be informed) about the processing of your Personal Data (right to know);
  • request to access your Personal Data and obtain a copy (right of access);
  • request to correct or, depending on the purposes of the processing of Personal Data, supplement the incomplete Personal Data (right to rectification);
  • request the erasure of your Personal Data or the suspension of your Personal Data processing activities (excluding storage) (right to erase and right to “be forgotten”);
  • request us to restrict the processing of Personal Data for one of the legitimate reasons (right to restrict);
  • request to transfer your Personal Data in a systematic, computer-readable format (right to data portability);
  • the right to withdraw your consent at any time (when Personal Data are processed based on your consent);
  • the right to object the processing of your Personal Data when we process Personal Data based on a legitimate interest of the Monitok or a third party, including profiling. If you object, we will only be able to further process your Personal Data for compelling legitimate reasons that take precedence over your interests, rights, and freedoms, or to make, enforce or defend legal claims;
  • submit a complaint to the State Data Protection Inspectorate.

In order to exercise your rights, you should contact us at following e-mail: However, we would like to point out that, in exercising your rights, you must properly verify your identity. Therefore, when you submit your application, you must confirm your identity in the manner prescribed by law use electronic means of communication that allow to identify you). You may also send data subject’s request together with authorized personal document (ID or passport) copy to our office – Užupio st. 30, LT-01203 Vilnius, Republic of Lithuania, however, we encourage you to submit you requests via e-mail.

Upon receipt of your request or instruction regarding the processing of Personal Data, no later than within 1 month from the date of the request, we will provide a response and perform the actions specified in the request or inform you why we refuse to perform them. If necessary, the specified period may be extended by a further 2 months, considering the complexity and number of requests. In such a case, within 1 month from the date of receipt of the request, we will inform you of such extension. We will provide the information you request free of charge, but if your requests are manifestly unreasonable or disproportionate, in particular because of their repetitive content, we will have the right to take a reasonable charge based on the administrative costs of providing the information or the messages or actions you request or refuse to act upon request.

We may refuse to exercise your rights listed above, except for refusal to process your Personal Data for direct marketing purposes, competitions or in other cases when Personal Data is processed with your consent, when your request does not allow us to comply with the provisions of the GDPR, or when, in cases provided for by law, it is necessary to ensure the prevention, investigation and detection of crimes, as well as the protection of the rights and freedoms of the Data Subject, us and other persons, or when the Monitok has a legitimate interest.

If Personal Data is deleted upon your request, we will only store copies of information that are necessary to protect our legitimate interests and those of others, to comply with the obligations of law, to resolve disputes, to recognize interference or to comply with any agreements you have entered with us. Please note that these rights are not absolute, and requests are subject to any applicable legal requirements, including legal and ethical reporting or document retention obligations (such as AML/CTF regulations).

If you think that we are improperly processing or implementing your Personal Data or are not implementing your rights at all, please contact us first. We are ready to resolve all the problems amicably. However, if we fail to resolve this issue, you have the right to apply to the State Data Protection Inspectorate ( which is responsible for the supervision and control of the legislation regulating the protection of Personal Data.

  1. How Personal Data is retained?

We retain your Personal Data as long as you maintain an Account on the Platform. We will cease to retain your Personal Data, or remove the means by which the Personal Data can be associated with particular individuals, as soon as it is reasonable to assume that:

  1. the purpose for which that Personal Data was collected is no longer being served by its retention; and
  2. retention is no longer necessary for legal, accounting or business purposes.

Please note that certain laws may require us to retain records of transactions or accounts for a certain period of time (e.g. Law of the Republic of Lithuania on the Prevention of Money Laundering and Terrorist Financing states that Personal Data has to be retained for 8 years from the date of termination of transactions or business relationship with the client).

To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements and recommendations.

  1. How do we secure your Personal Data?

We have implemented security measures to ensure the confidentiality of your Personal Data and to protect your Personal Data from loss, misuse, alteration or destruction.

We implement a variety of security measures to maintain the safety of your personal information when you submit a request, place an order or access your Personal Data. These security measures include: SSL (Secure Sockets Layered) technology to ensure that your Personal Data is fully encrypted and sent across the Internet securely and other measures to protect our servers from hackers and other vulnerabilities. 

In order to secure Personal Data, all Users (including their authorized individuals) of the Platform shall comply with the security requirements in the Terms and take the following additional steps to help ensure the security of their Personal Data and the access to their Account:

  1. You should choose a robust user identification, password, and/or PIN to access your account (“Credentials”) that nobody else knows or could easily guess. Credentials must meet the requirements we specify when you establish those Credentials. You should keep your Credentials secure and private, and not share your Credentials with any third party.
  2. You should install anti-virus, anti-spyware, and firewall software in your personal computers and mobile devices;
  3. You should update operating systems, anti-virus, and firewall products with security patches or newer versions on a regular basis;
  4. You should remove file and printer sharing in computers, especially when they are connected to the internet;
  5. You should make regular backups of your critical data;
  6. You should consider the use of encryption technology to protect highly sensitive or confidential information;
  7. You should completely log off and clear your browser cache after finishing each online session with the Platform;
  8. You should not install software or run programs of unknown origin;
  9. You should delete junk or chain emails;
  10. You should not open email attachments from strangers;
  11. You should not disclose personal, financial, or credit card information to little-known or suspect websites;
  12. You should not use a computer or a device that cannot be trusted; and
  13. You should not use public or internet café computers to access online services or perform financial transactions.

You may have set a password in order to access certain parts of our Platform. You are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Only authorised personnel of Monitok have access to your Personal Data, and these personnel are required to treat the information as confidential. The security measures in place will, from time to time, be reviewed in line with legal and technical developments.

Occasionally, at our discretion, we may include or offer third party products or services on our Site. These third party sites have separate and independent privacy policies. We encourage you to review all policies, rules, terms and regulations, including the privacy policies, of each site that you visit. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.

We do not control those third-party sites or any of the content contained therein and you agree that we are in no way responsible or liable for any of those third party sites, including, without limitation, their content, policies, failures, promotions, products, services or actions and/or any damages, losses, failures or problems caused by, related to or arising from those sites.

  1. Children under 18

Our Platform is not designed for children under 18. If we discover that a child under 18 has provided us with Personal Data, we will delete such information from our systems.

  1. Changes to this Privacy Policy

Monitok reserves the right to change, update and/or supplement this Privacy Policy, Site policies, content, disclosures, disclaimers and features at any time, so please re-visit this page frequently. We will provide notice of substantial changes to this Privacy Policy on the Service and/or we will send you an email regarding such changes to the e-mail address that you volunteered. Such substantial changes will take effect seven (7) days after such notice was provided on any of the above-mentioned methods. Otherwise, all other changes to this Privacy Policy are effective as of the stated “Last Revised” date, and your continued use of the Service after the Last Revised date will constitute acceptance of, and agreement to be bound by, those changes.

  1. Who should you apply to, if you have any questions?

If you have any questions (or comments) concerning this Privacy Policy, you are welcome to contact us through the following contact details:

Contact our responsible person:

We will try to reply within a reasonable timeframe. Please feel free to reach out to us at any time. If you are unsatisfied with our response or decision, you can reach out to the applicable data protection authority:

The State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija in Lithuanian, website available at