Privacy policy

Latest update: January 01, 2024.

This Privacy Policy (“Policy”) clarifies how Virtual Assets Operator UAB (hereinafter, “Bankto“, “we”, “us”, and “our”) collects, uses, shares, and protects Personal Information you provide us during the usage of website (the“Website”), or related services provided by Bankto via the Website or the Bankto platform, or any other products and services (Services). It governs the rules of personal data processing of our clients, their partners’ representatives and all other Website visitors or Service users. We process personal information about the following users: Website visitors, Merchants who sign up for our Services, B2B Bankto Platform users, B2C Bankto users, Merchant Clients, wallet holders, and any other person using any Services provided by Bankto.


Bankto commits to protecting your privacy. We have implemented all necessary legal, technical and organisational measures to ensure the confidentiality, integrity and availability of your Personal Information. Under “Personal Information” or “Personal Data” we mean any data you can be identified with or which may help to identify you. The General Data Protection Regulation 2016/679 as of April 27, 2016 (further, the “GDPR”) and all other applicable laws and regulations apply to the processing of Personal Information by Bankto.



Our contact details

All references to “Bankto”, “us”, “we” or “our” apply to Virtual Assets Operator UAB, a company incorporated under the laws of the Republic of Lithuania with the registration number 305946609.


Our registered office address is Verkių st. 25B-61, LT-08223 Vilnius, Lithuania.


For all the issues related to data protection please contact us at: 



What type of personal information we collect

The types of Personal Information we may collect include:


  • Contact details, such as email, telephone number, or messenger ID
  • Details of your identity document, such as images of your ID card, passport, driving license or other document we might require
  • Account Information, such as username, password, or similar identifier
  • Profile data such as purchases or orders made by or to you, your interests and preferences,
  • Residence address and residence verification information, such as utility bill details or similar details 
  • Employment details
  • Financial information, such as bank account numbers, bank account, trading history 
  • Transaction Data such as details about crypto-payments and transactions, details of products and services for which Services are provided
  • Crypto-wallet address and invoice details 
  • Other information obtained during the KYC process, such as information about your source of funds or wealth
  • Geolocation details
  • Usage data such as history of your logs and activity on the Website and Service
  • Technical data, such as IP address, login data, browser type, version, operating system information, time zone setting and location, device fingerprint, and other technology on the devices you use to access the Website and Services.
  • Marketing data 


We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific Bankto feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used per this privacy policy. 



How we get the information and why we have it

We collect information in various ways depending on the way you interact with us.


Most information we collect is provided by you directly. You may give us personal information by filling in forms or by corresponding with us (by email or post). This includes when you apply for our services, create an account for our Services, subscribe to our services or publications, give us feedback or contact us, enter into promotions or surveys, [or request that we send you marketing material]. 


We could also receive some information from publicly available sources (for example, on sanctions) or from our contractors. We make use of screening lists provided by data vendors, ID verification, anti-fraud and transaction monitoring services.


We could also collect data from third-party sources, such as search information providers, providers of technical, payment, and delivery services, and analytics providers (such as Google Analytics). 


As you interact with our Website or Services, we will automatically collect technical data about your devices, equipment, browsing actions, patterns and history. We collect personal data by using cookies or other similar technologies. Please see our cookie policy for further details. 


Please note that processing of your Personal Data may include automated decision-making including profiling. We may apply automated decision-making including profiling for onboarding, maintaining the account with us and fraud prevention purposes.


Where we make an automated decision about you, you may have the right to ask that such a decision be reconsidered or manually reviewed by a human person. 


Please note that we will not be able to provide our services to you if you refuse to provide us with information according to our KYC/AML requirements, which is communicated to you once you decide to apply for any of our services that require verification of identity and ongoing monitoring of activity. Please keep in mind that in some cases we may require additional details and documents for KYC and AML/CTF purposes. In general, where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide the data requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a service we have with you.  



We process our clients’ data for the following purposes

We will only use your personal data when the law allows us to. Most commonly we will use your personal data in the following circumstances: 


  • Where we need to perform the contract we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests, including when we have a legitimate interest to carry out necessary updates regarding our services, prevent any fraudulent activity proactively and retrospectively, and contact employees of our clients and business partners.
  • Where we need to comply with a legal obligation, including but not limited to our legal obligation to comply with AML/CFT requirements under the applicable laws and regulations, or keeping records for auditing or tax purposes.


Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third-party direct marketing communications to you via email or text message. You have the right to withdraw consent at any time by contacting us at 


We process your data for the following purposes:


  • to provide our services to you, as an individual, or a corporate client you represent;
  • to process transactions and send relevant transaction notices; 
  • to contact you or reply to your requests and support needs;
  • to comply with our legal obligations (e.g. KYC/AML/CTF requirements);
  • to provide assistance in case of criminal investigation and regulatory action;
  • to monitor and report for compliance purposes; 
  • to protect your assets from unauthorised access; 
  • to protect our assets; 
  • to detect, investigate, and prevent any fraud and scam or unauthorised or illegal activity and perform risk assessment and management;
  • to provide you with information on our products, news and updates and personalize your Services;
  • to resolve disputes and protect your interests or the interests of other users;
  • to collect fees; 
  • to enforce our contractual terms;
  • to establish and defend legal claims and protect our interests; 
  • to verify your identity in accordance with applicable laws and regulations and our AML Policy;
  • to comply with law enforcement needs and share information with financial institutions and tax authorities if required by applicable law;
  • to manage our relationship with you, including notifying you about changes and updates related to our Services or policies, delivering support or administrative notices, company news, updates, promotions and related information; 
  • to administer and protect our business, Website and Services, including troubleshooting, data analysis, testing, system maintenance, support, reporting and data hosting;
  • to analyse Website and Services usage to understand and improve our website, Services, marketing, customer relationships and experience;
  • to deliver relevant Website and Services content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you; 
  • to administer a contest, promotion or survey; 
  • to carry out any other purpose or reason for which the personal data is collected. 



Who we share your personal information with

We may share this information with:


  • our affiliates, agents and representatives;
  • our third-party service providers who help with our business operations and the delivery of our services.  Please note that we require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. Our third-party providers/contractors include: 
    • our contractors providing software for identity verification and anti-fraud purposes and other due diligence solutions;
    • our contractors providing us with information from publicly accessible sources (for instance on sanctions);
    • our financial service providers through which we facilitate fiat currency transactions to/from our services;
    • technical and IT support, cloud, and wallet providers; 
  •  Providers or website analytics;
  • Professional advisers including lawyers, bankers, auditors, insurers and other professionals who provide consultancy, banking, legal, insurance, corporate, administration and accounting services;
  • law enforcement or regulatory agencies, data protection authorities, government officials, and other authorities, if required or permitted by law, including where we are compelled by a relevant court order or other legal procedure, where we believe that disclosing such data is necessary to prevent harm or financial loss, to report suspected illegal, unauthorised or fraudulent activity, or to investigate violations of our terms, including this Policy.


We do not sell, rent or otherwise make personal information commercially available to any third party, except with your prior permission.



International transfer of personal information

In order to provide our services, we may need to transfer your personal information to locations outside the European Economic Area (“EEA”).  For any transfer of data outside the EEA, we will implement appropriate measures to ensure that your personal information remains protected and secure in accordance with applicable data protection laws: 


  • We may transfer your personal data to countries that have been found to provide an adequate level of protection of personal data, or
  • We may use Standard Contractual Clauses and employ other safeguarding measures to ensure compliance with data transfer requirements in respect of third parties. 



Personal data retention

We will ensure that any information we need for any purpose shall not be kept for longer than it is necessary, subject to our own legal and regulatory obligations. We retain your personal data to comply with our legal obligations, resolve disputes, and protect your and our legitimate interests. 


You can always request to remove the personal data. But keep in mind that in certain cases we are obliged to store your information to be legally compliant.


Certain categories of data collected and processed by us, including but not limited to transaction records, user identification information, and other relevant data, will be retained for a minimum period of five years from the date of collection or the end of the business relationship, as mandated by applicable regulations, such as Directive (EU) 2018/843 commonly known as the Fifth Anti-Money Laundering Directive (5AMLD).


The retention of this data is crucial for compliance with anti-money laundering (AML) regulations, and customer identification requirements, and to facilitate regulatory oversight and audits. It serves the legitimate interests of us in maintaining accurate transaction records and facilitating legal and regulatory compliance.




We have implemented security measures to comply with acknowledged international security standards. Our platform also uses SSL or TLS encryption for security reasons and for the protection of confidential content transmission when you send us requests.


All of our partners, employees, consultants, workers and data processors (i.e., those who process your personal information on our behalf), who have access to, and are associated with the processing of personal information, are obliged to respect the confidentiality of such personal information, keep it secure and protect it. 


We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator when we are legally required to do so.



Your rights regarding your personal information

You have the following rights in relation to the personal information we hold about you. Please note that some of these rights will only apply in certain circumstances and some of them may be limited where we have an overriding interest or legal obligation to continue to process the data or where data may be exempt from disclosure due to reasons of confidentiality obligations.


  • Access: you are entitled to ask us if we are processing your data and, if we are, you can request access to your personal data.  This enables you to receive a copy of the personal data we hold about you and certain other information about it;
  • Correction: you are entitled to request that any incomplete or inaccurate personal data we hold about you be corrected;
  • Erasure: you are entitled to ask us to delete or remove personal data in certain circumstances. There are also certain exceptions where we may refuse a request for erasure, for example, where the personal data is required for compliance with law or in connection with claims;
  • Restriction: you are entitled to ask us to suspend the processing of certain of data about you, for example, if you want us to establish its accuracy or the reason for processing it;
  • Transfer: you may ask us to help you request the transfer of certain of your personal data to another party;
  • Objection: where we are processing your personal data based on legitimate interests (or those of a third party) and you may challenge this.  However, we may be entitled to continue processing your information. You also have the right to object where we are processing your personal information for direct marketing purposes;
  • Automated decisions: you may contest any automated decision made about you where this has a legal or similar significant effect and ask for it to be reconsidered. This does not apply where the decision is necessary for entering into, or the performance of, a contract between you and us.
  • Consent: where we are processing personal data with consent, you can withdraw your consent.


If you want to exercise any of these rights, please contact us at 


Please note that you also have a right to lodge a complaint with the Lithuania Data Protection Inspectorate (Andmekaitse Inspektsioon), or where an alleged infringement of Data Protection law has taken place. 



Our Marketing Policy 

We will only process your personal data for marketing purposes once we have your consent. You have the right to object where we are processing your personal information for direct marketing purposes. This means you can opt out of receiving direct marketing from us at any time.


You can opt out of receiving direct marketing from us at any time.  You can do this by clicking on the “unsubscribe” link at the end of any marketing email we send you, or by contacting us at


You have the right to ask us not to continue to process your personal data for marketing purposes. 



Links to third-party websites or apps

Our Services, email updates and other communications may, from time to time, contain links to and from the websites or apps of others. The personal data that you provide through these websites or apps is not in any case subject to this Privacy Policy and the treatment of your personal data by such websites is not our responsibility. 


You should consult the third parties’ Privacy Policy notices which will set out how your information is collected and processed when visiting those websites or apps, as we have no control over information that is submitted to, or collected by these third parties.



Changes to this Policy

We may make changes to this Privacy Policy from time to time. To ensure that you are always aware of how we use your personal information we will update this Privacy Policy from time to time to reflect any changes to our use of your personal information. We may also make changes as required to comply with changes in applicable law or regulatory requirements. We encourage you to review this Privacy Policy periodically to be informed of how we use your personal information.


It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.



Contact us 

Notwithstanding any other specific provision in this Privacy Policy, you can contact us at to: 


  • See what data we have about you, 
  • Change or correct any data we have about you, 
  • Request us to delete any data we have about you, 
  • Opt-out of receiving promotional communication and content from us, 

Ask questions, make inquiries, complaints, or claims, or provide feedback.



Our data protection officer

Our Data Protection Officer (DPO) is a person in charge of data protection compliance. You may contact DPO if you have any concerns with respect to our data protection practices at:



Our data protection authority

Contact details of the Lithuanian Data Protection Authority is this: 


State Data Protection Inspectorate, address at L. Sapiegos str. 17, LT-1032, Vilnius, Lithuania.


Phone +370 5 271 2804, email Website here:


Our Data Protection Supervisory Authority is the Lithuania Data Protection Inspectorate (Andmekaitse Inspektsioon). You can complain to the Data Protection Inspectorate if you are unhappy with our data protection practices.


Accept payments in crypto and get paid in your local currency with Bankto

Bankto Logo Colorwhite with trademark e

Accept payments in crypto and get paid in cash instantly with Bankto

Sign Up

Select the account type you wish to open

Already a member?

Become a partner



Bankto logo with caption in white
If you have a network of potential clients who might be interested in accepting Bitcoin and other cryptos as a payment method or you have a platform to promote our service or ATM’s, you can apply for our Introducer programme by filling out our request form.

Start earning crypto today!

Become a partner and eliminate borders with Bankto

Log in

Accept payments in crypto and get paid in your local currency with Bankto

Bankto Logo Colorwhite with trademark e

Accept payments in crypto and get paid in cash instantly with Bankto

Log In

Select the account type you want to log in with

Don’t have an account?

Tell us about yourself, and we'll be in touch soon.

Existing customer? Click here for Support

and confirm you are not acting for or on behalf of someone else