Privacy Policy
1. Introduction
1.1
This Privacy Policy explains how Evolution Ltd (“Evolution”, “we”, “us”, “our”) collects, uses, shares, and protects your personal data when you use our banking, payment, crypto, lending, or digital services.
1.2
Evolution Ltd is committed to safeguarding your privacy and complying with:
EU General Data Protection Regulation (GDPR)
Lithuanian data protection laws
EBA Guidelines
Bank of Lithuania rules
1.3
This Policy applies to:
Personal account customers
Business account users
Visitors to the Evolution website or App
Applicants for Evolution services
Individuals contacting customer support
2. Data Controller Information
2.1
The data controller responsible for your personal data is:
Evolution Ltd
[Registered Address]
[Company Registration Number]
Email: [Data Protection Email]
2.2
Evolution may also act as:
Joint controller (e.g., with payment partners, card networks)
Processor (for certain business services)
2.3
Evolution has appointed a Data Protection Officer (DPO):
Email: [DPO Email]
3. Categories of Personal Data We Collect
Evolution collects the following types of data:
3.1 Identity & Verification Data
Full name
Date of birth
Nationality
Residential address
Identity documents (passport, ID card, residence permit)
Photos, videos, or biometric verification data
Tax identification number
Proof of address documents
3.2 Contact Information
Email address
Phone number
Communication preferences
3.3 Financial Information
Account numbers and IBANs
Card details (tokenized, never stored in plaintext)
Transaction history
Crypto trades
Savings, credit limits, loan details
Salary information (if you use salary features)
3.4 Technical & Device Data
Device identifiers
IP address
App usage statistics
Browser type
Device OS
Performance logs
3.5 Location Data
Approximate location (IP-based)
Regulatory-required geolocation signals
Fraud-prevention geolocation
3.6 Compliance Data
AML/KYC findings
Sanctions screening results
PEP (Politically Exposed Person) checks
Risk profiles
3.7 Communication Data
Chat history
Emails
Phone call metadata (if applicable)
3.8 Marketing Preferences
Notification settings
Subscription preferences
4. How We Collect Your Data
We collect data through:
4.1 Direct Interactions
Account registration
KYC verification
In-app actions
Customer support interactions
4.2 Automated Data Collection
Device analytics
Cookies
App telemetry
4.3 Third Parties
Card networks
Credit bureaus
Identity verification providers
AML/CTF partners
Banking correspondents
Public databases
4.4 When Required by Law
Sanctions lists
Law enforcement data sources
Regulatory reporting systems
5. Purposes and Legal Bases for Processing (Article 6 GDPR)
Evolution processes your data for the following purposes:
5.1 To Provide Banking Services (Legal Basis: Contract)
Opening and managing your account
Processing transactions
Issuing cards
Managing payments, crypto trades, FX, and lending
Providing receipts and statements
5.2 To Meet Regulatory Obligations (Legal Basis: Legal Requirement)
Required under:
AML/CTF laws
PSD2
Banking regulation
Sanctions laws
Reporting to regulators
Fraud monitoring
5.3 To Protect Our Legitimate Interests (Legal Basis: Legitimate Interest)
Improving product features
Preventing fraud and cyberattacks
Ensuring system security
Customer support operations
Analytics to improve the App
5.4 With Your Consent (Legal Basis: Consent)
Marketing communications
Optional features (e.g., location-based services)
Cookie-based personalization (where applicable)
5.5 To Perform Credit & Risk Assessments (Legal Basis: Contract + Legitimate Interest)
Creditworthiness evaluation
Loan decisions
Repayment modeling
Automated decision-making (see Section 11)
6. How We Use Special Categories of Data
Evolution does not process special categories (racial/ethnic origin, health data, etc.) unless required for:
Identity verification
Legal compliance
Fraud prevention
Processing is minimized and strictly controlled.
7. How We Use Your Data in Crypto Services
If you use crypto features:
We analyze trading behavior
Monitor for AML risks
Record blockchain transaction identifiers
Perform sanctions and wallet screenings
Crypto data is subject to regulatory reporting requirements.
8. Automated Decision-Making (Article 22 GDPR)
Evolution uses automated systems for:
Fraud detection
AML risk scoring
Credit scoring
Transaction monitoring
You have the right to:
Request human review
Contest automated decisions
Receive explanations of decisions
9. Sharing Your Personal Data
We share your data only when necessary. Categories of recipients include:
9.1 Financial Infrastructure Partners
Card networks (Visa/Mastercard)
Payment processors
Banking correspondents
Crypto liquidity providers
Clearing and settlement institutions
9.2 Compliance Partners
AML/KYC verification providers
Sanctions and PEP screening partners
Fraud prevention agencies
Credit bureaus (if applying for credit)
9.3 Technology Providers
Cloud hosting services
IT and security vendors
Analytics platforms
9.4 Regulators & Authorities
Bank of Lithuania
European Central Bank
Financial Intelligence Units (FIUs)
Law enforcement (where legally required)
9.5 Other Evolution Group Companies
(if Evolution has affiliated entities)
10. International Transfers (Chapter V GDPR)
10.1
Your data may be transferred outside the European Economic Area (EEA).
10.2
We ensure adequate safeguards such as:
EU Standard Contractual Clauses (SCCs)
Adequacy decisions
Encryption and minimization
Vendor due diligence
10.3
Transfers are performed only when necessary for providing services or meeting regulatory obligations.
11. Data Retention
11.1
We retain data only for as long as necessary for legal, regulatory, or operational purposes.
Retention examples:
Data Type | Retention Period |
|---|---|
AML/KYC Data | 8 years after account closure |
Transaction records | 8 years |
Crypto transaction logs | 8 years |
Marketing preferences | Until withdrawal of consent |
Customer support logs | 2–5 years |
Device/version data | As needed for security |
11.2
After retention expires, data is securely deleted or anonymized.
12. Your Rights Under GDPR
You have the right to:
Access your data (Art. 15)
Rectify inaccurate information (Art. 16)
Erase data in certain cases (Art. 17)
Restrict processing (Art. 18)
Data portability (Art. 20)
Object to processing (Art. 21)
Withdraw consent at any time (Art. 7)
Opt out of marketing communications
We respond to all GDPR requests within one month.
13. Security of Your Personal Data
Evolution applies:
Encryption at rest and in transit
Multi-factor authentication
Strict access controls
Role-based permissions
Regular security audits
Transaction anomaly detection
Cybersecurity monitoring 24/7
Data security is a core part of our banking infrastructure.
14. Cookies and Tracking Technologies
14.1
We use cookies to:
Improve website performance
Enable secure login
Measure traffic
Personalize content
14.2
You may manage cookie preferences through:
In-app settings
Browser controls
Cookie banner
Full details are provided in our Cookie Policy.
15. Children’s Data
Evolution services are intended only for customers aged 18 and above.
We do not knowingly process children’s data.
16. Changes to This Privacy Policy
16.1
We may update this Policy to reflect:
Legal changes
New product features
Changes in processing activities
16.2
Material changes will be communicated via:
The App
Email
Website notices
17. Contact Us
For privacy-related requests:
Evolution Ltd — Data Protection Officer (DPO)
Email: [DPO Email]
Website: [domain]
Address: [Registered Address]
You may also contact:
State Data Protection Inspectorate (Lithuania)
Website: https://vdai.lrv.lt