Privacy Policy

Last updated: January 2026

Contents

Introduction

PropertyInvest ("we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our real estate crowdfunding platform.

We process personal data in accordance with the General Data Protection Regulation (GDPR), the Lithuanian Law on Legal Protection of Personal Data, and other applicable data protection laws.

By using our platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our policies and practices, please do not use our services.

Data Controller

The data controller responsible for your personal data is:

PropertyInvest UAB

Company registration number: 305123456

Address: Gedimino pr. 1, Vilnius, Vilnius, Lithuania

Email: [email protected]

Phone: +370 600 00000

Personal Data We Collect

We collect different types of personal data depending on how you interact with our platform:

Identity Data
  • Full name (first name, last name)
  • Date of birth
  • Gender
  • Nationality and citizenship
  • Personal identification number
  • Government-issued ID documents (passport, ID card, driver's license)
  • Photographs and selfies for identity verification
Contact Data
  • Email address
  • Phone number
  • Residential address
  • Mailing address (if different)
Financial Data
  • Bank account details (IBAN, account holder name)
  • Payment card information (processed securely by payment providers)
  • Source of funds information
  • Investment history and portfolio data
  • Tax identification number (TIN)
  • Tax residency information
Technical Data
  • IP address
  • Browser type and version
  • Device type and operating system
  • Time zone and location data
  • Cookies and similar tracking technologies (see our Cookie Policy)
Usage Data
  • Pages visited and features used
  • Time spent on pages
  • Click patterns and navigation paths
  • Search queries
  • Investment preferences and interests
Communication Data
  • Correspondence with our support team
  • Feedback and survey responses
  • Marketing preferences

How We Collect Your Data

We collect personal data through the following methods:

Direct Interactions

When you create an account, complete KYC verification, make investments, contact support, or fill out forms on our platform.

Automated Technologies

Through cookies, server logs, and analytics tools as you navigate our platform.

Third Parties

From identity verification providers, payment processors, credit bureaus, and public databases for AML/KYC compliance.

Public Sources

From publicly available sources such as company registries, sanctions lists, and politically exposed persons databases.

How We Use Your Personal Data

We use your personal data for the following purposes:

Platform Services
  • Create, maintain, and secure your investor account
  • Process your investments in real estate projects
  • Facilitate deposits, withdrawals, and returns payments
  • Provide portfolio tracking and reporting
  • Send transaction confirmations and account notifications
Regulatory Compliance
  • Verify your identity (KYC - Know Your Customer)
  • Conduct anti-money laundering (AML) checks
  • Screen against sanctions and PEP lists
  • Report to tax authorities as required by law
  • Comply with crowdfunding platform regulations
Communication
  • Respond to your inquiries and support requests
  • Send important service announcements
  • Notify you about new investment opportunities (with consent)
  • Send marketing materials and newsletters (with consent)
Platform Improvement
  • Analyze platform usage and user behavior
  • Improve our services and user experience
  • Develop new features and products
  • Conduct research and statistical analysis
Security
  • Detect and prevent fraud and unauthorized access
  • Maintain platform security and integrity
  • Investigate suspicious activities
  • Protect the rights and safety of our users

Data Sharing and Disclosure

We may share your personal data with the following categories of recipients:

  • Identity verification providers - for KYC/AML compliance (e.g., Onfido, Veriff)
  • Payment processors - for processing transactions (e.g., Stripe, banking partners)
  • Cloud hosting providers - for data storage and infrastructure
  • Email service providers - for sending communications
  • Analytics providers - for platform analytics (e.g., Google Analytics)
  • Customer support tools - for managing support requests

  • Bank of Lithuania (crowdfunding supervision)
  • Financial Crime Investigation Service (AML reporting)
  • Tax authorities (tax reporting obligations)
  • Other regulatory bodies as required by law

We may share limited investor information with real estate developers for projects you invest in, as necessary for contractual and legal purposes. This includes your name and investment amount for loan documentation purposes.

Legal counsel, accountants, auditors, and other professional advisors who need access to personal data to provide their services to us.

In connection with any merger, acquisition, sale of assets, or bankruptcy proceedings, your personal data may be transferred to the acquiring entity.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes.

International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer your data outside the EEA, we ensure appropriate safeguards are in place:

  • Adequacy decisions - transfers to countries deemed adequate by the European Commission
  • Standard Contractual Clauses (SCCs) - EU-approved contractual terms with data recipients
  • Binding Corporate Rules - for transfers within corporate groups
  • Certification mechanisms - such as approved codes of conduct

You can request a copy of the safeguards we use for international transfers by contacting us at [email protected].

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, regulatory, accounting, or reporting requirements.

Data Category Retention Period Reason
Account data Duration of account + 10 years Legal and regulatory requirements
KYC documents 10 years after relationship ends AML regulations
Transaction records 10 years Tax and accounting requirements
Investment contracts 10 years after maturity Legal obligations
Support communications 3 years Quality assurance
Marketing preferences Until consent withdrawn Consent-based
Analytics data 26 months Platform improvement

Data Security

We implement appropriate technical and organizational security measures to protect your personal data:

Encryption

TLS/SSL encryption for data in transit; AES-256 encryption for data at rest.

Access Controls

Role-based access, multi-factor authentication, and principle of least privilege.

Monitoring

24/7 security monitoring, intrusion detection, and regular security audits.

Staff Training

Regular data protection training for all employees handling personal data.

While we implement robust security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

Your Data Protection Rights

Under GDPR, you have the following rights regarding your personal data:

Right of Access

Request a copy of the personal data we hold about you.

Right to Rectification

Request correction of inaccurate or incomplete personal data.

Right to Erasure

Request deletion of your personal data (subject to legal retention requirements).

Right to Restriction

Request restriction of processing of your personal data.

Right to Data Portability

Receive your data in a structured, machine-readable format.

Right to Object

Object to processing based on legitimate interests or for direct marketing.

Right to Withdraw Consent

Withdraw consent at any time where processing is based on consent.

How to Exercise Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

You also have the right to lodge a complaint with the State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija) at vdai.lrv.lt.

Automated Decision-Making

We may use automated decision-making in the following circumstances:

  • KYC/AML screening - automated checks against sanctions lists and PEP databases
  • Fraud detection - automated analysis of transaction patterns
  • Risk assessment - automated investor classification based on provided information

You have the right not to be subject to a decision based solely on automated processing that produces legal effects or significantly affects you. If you believe an automated decision has been made incorrectly, you can request human review by contacting us.

Children's Privacy

Our platform is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately, and we will delete such information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

  • Posting the updated policy on this page with a new "Last updated" date
  • Sending you an email notification (for registered users)
  • Displaying a prominent notice on our platform

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Data Protection Officer

PropertyInvest

Gedimino pr. 1, Vilnius, Vilnius, Lithuania

[email protected]

+370 600 00000