Privacy Policy

May 2024

We are Newrails UAB, a company established in Vilnius, with an address at Švitrigailos str. 11C, LT-03228, Vilnius, Lithuania, and registered in the legal entities registry, holding the legal entity code 305270426. We are wholly owned by a United Kingdom private limited company named Typhoon Wealth Group Limited.

This document explains how we process (use, administer, store, etc.) personal data received and collected during the provision of our services.

The data processing is carried out in due accordance with the General Data Protection regulation (EU Regulation 2016/679), the Law on personal data protection of the Republic of Lithuania, and all other applicable legal requirements for processing personal data.

The policy becomes applicable for your data as soon as we receive it (provided by you or a company intending to become our Client).

1. Values We Take Into Consideration When Processing Your Personal Data

We always process your data fairly, transparently and with legal ground for it. We collect and process personal data only for legal and clearly set purposes. We avoid usage of personal data for other than the below listed aims. We do not collect or store excessive scope of personal data, or unnecessary for the provision of our services or for meeting the legal requirements. We always work hard to keep our client database actual/ up to date, so we appreciate your prompt notification to us on any change in relation to your data as well as your response to our regular request to update the information. We are strongly concerned about your privacy, data confidentiality and security, therefore to prevent any data leakage, illegal or unauthorized access to it we apply reasonable technical and organizational measures to ensure those features.

2. Data We Collect That Is Related to You

As we provide electronic payment services to legal entities and individuals (hereinafter – Client), the data subjects encompass Clients themselves, legal representatives, managers, shareholders (directly or indirectly), ultimate beneficiaries, contact persons, or any individuals associated with a company intending to be our Client (hereinafter data subject will be referred to as “you”). This also pertains to data received while managing Clients' accounts and processing payments.

We collect, check, store, and use for providing the services the following personal data related to you:

• a) Identification data: first name, last name, date of birth, personal code, citizenship, all the information which is on your personal identification document and your photo/ video, provided during the sign-up process.
• b) Contact details: email, phone number, residential address and more contact data (if needed upon request).
• c) Data required to fulfill anti-money laundering and counterfeiting terrorist financing (hereinafter – AML/ CTF) regulation: the fact of being or not politically exposed person, and applicability of international financial sanctions to you.
• d) Data for online identification.
• e) Audio-visual data: we record and store photo/ video of you and your identification document taken during your onboarding process (identification process carried out using service provider Sum & Substance Ltd.); your emails with attachments (if any), phone-calls to our contact center.
• f) Data about behavior online: frequency of Clients’ representative’s login to our platform My Newrails, his/ her actions there, session length and other details.
• g) Technological information: IP address used to connect your device to our platform My Newrails or our website, log-in data and any browsing information, time-zone settings, the type of device you use, unique device identifier, mobile network information, etc.
• h) Information about your visit: links you have clicked on, through and from our site (including date and time), services you’ve searched for and the ones you viewed, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling and clicks).
• i) Information on transactions: payments to and from your Newrails Payments e-money account, including the date, time, amount, currency, exchange rate, payer and beneficiary details, as well as information on when the beneficiary has been added or removed, details of the merchant associated with the transaction, IP address of sender and receiver, sender’s and receiver’s name and registration information, messages sent and received with the payment, details of device used to arrange the payment, payment method used.

3. Purposes for Collecting and Using Your Data

We will process personal data that you have provided to us when signing up for our services, or using our services, as well as personal data collected by us from available registries, public sites and other databases [as required by law].

We collect your personal data to securely, trustworthily, and responsibly provide e-money account, payments and other services to our Client. We administer and store your personal data by using the means and methods to meet AML/ CTF as well as all other legal requirements.

We collect data in order to:

• Provide our services to you;
• Communicate with you;
• Provide you with information on our Terms & Conditions, pricing, etc.;
• Provide you with our commercial offers.

4. Sources of Your Data Collection

We access and/ or use your personal data if any of the following applies:

Data received from you when:

• You fill in the forms;
• You contact us;
• You sign up for using Newrails services;
• You register for our newsletters and updates;
• You allow us access to your device (contact information, log in information, photos, and other digital content).

Data received from your device when:

• You log in, sign up, do a transaction, send us a message;
• You browse the information you can find on our Website;
• You are on our platform My Newrails and allow access to your device’s camera, photo gallery, microphone, GPS function of your device;

Data received from third parties:

• We collect information from public databases such as PRADO in EU, for checking the validity of provided personal identification document;
• We also check publicly available legal entities’ databases, where, along with legal entities data, is provided information on the Chief Executive Officer, legal representative, management board members and other persons related to the legal entity;
• We constantly check various lists of politically exposed persons and international financial sanctions; we search for our Client, its representatives, UBOs in those lists by various methods;
• We collect information from third parties, such as credit reference agencies, fraud prevention agencies and partners who help us to provide our services;
• Credit record, information to help us check your identity, and information relating to your transactions. We also get your data from various databases, as well as from other financial institutions and business partners.

5. Disclosure of Your Data

The data is processed on our servers, stored by Amazon Web Services in the territory of the European Union. We may provide your data to:

• Other payment institutions and banks, participating in the chain of processing your payment order or other transaction;
• Insurance and re-insurance companies when insurance service is provided to us, or by us in relation to our services;
• E-commerce platforms and other partners, if you express your interest and consent to collaborate with them;
• Newrails group companies, when this is necessary for execution of audit, risk assessment, financial reporting or in cases where we use unified information platforms or other technical solutions necessary for the provision of our services.
• Bank of Lithuania, State Social Insurance Fund, State Tax Inspectorate, Department of Statistics, and other state institutions when executing mandatory reporting or other legal obligations;
• Financial Crimes Investigation Authority, courts, notaries and other judicial institutions upon their request or in cases we have a reason to suspect a criminal activity;
• Our partners for marketing, communication, legal advice, audit and other professional services.

We also provide data to data processors we engage to meet all the legal requirements or to efficiently execute our services (payment service provider, audit company, IT service provider, and others).

6. Locations to Store Your Data

Mainly we store and process your personal data within EU/ EEA territory. However, in some cases, for example, execution of contractual obligations or upon your consent, we transfer your data outside European Union (EU)/ European Economic Area (EEA).

When transferring personal data outside EU/ EEA we make sure that at least one of the following measures is applied:

• European Commission has approved adequacy of personal data protection in the third country;
• Data Controller and data recipient has concluded an agreement following standard data protection clauses adopted by European Commission, or adopted by supervisory authority and approved by European Commission;
• Parties follow approved codes of conduct or apply other security measures (as set in the GDPR)
• Data recipient in the USA is certified according to the requirements set by mutual agreement between EU and USA.

7. Length of Your Data Storage

We will store data collected during the provision of services to the Client for 10 (ten) years after closing the last account of the Client and termination of the last contract.

Data of not finished KYC onboarding process shall be stored for 3 (three) months if the prospect Client has not finished it and we do not have any AML/ CTF related doubts in regard to the prospect Client.

If we have refused to onboard the Client due to AML/ CTF concerns, the collected prospect Client’s data will be stored for 5 (five) years.

8. Your Rights

If you see any information about yourself on My Newrails is incorrect, misleading, or outdated, please email us and we will correct and update it as soon as possible. If you would like to get acquainted with your personal data we process, please send us the request. We will prepare the report as soon as possible, but no later than 30 days. If there is any specific data that you need (e.g., dates and timing of your calls to us), please indicate that in your request.You may request us to delete your data stored by us if it is stored not due to the legal requirements. You also may refuse or change your consent on direct marketing at any time. You have the right to request the personal data you have provided to us to transfer it to another legal entity. Should you have any questions, requests, or complaints about how we process your personal data, please contact us or file us the filled form or request. You also have the right to file a complaint to State Data Inspectorate. For more information, please visit www.ada.lt.

9. Privacy Policy Applicability and Amendments

This document comes into force upon the launch of our services. It may be amended when it is necessary due to product changes, legislation, or other reasons. Therefore, we kindly ask you to check for the updated version of the policy on our website www.newrails.xyz.

We may amend this Privacy Policy at any time by posting a revised version on our website and, where appropriate, by notifying you by email. The revised version will be effective as of the published effective date.

10. Contact Details

In case you have any questions in regard to data processing, or you would like to execute any of your rights set in GDPR, please contact us by info@newrails.xyz. For drawing our attention that your inquiry is related to personal data, please add a reference "GDPR", "Personal data" or similar.