Posted: 01/03/2022
Last Updated: 01/03/2022

Terms, words and phrases in this Privacy Policy shall, unless otherwise defined in this Privacy Policy, have the meaning set forth in the Terms and Conditions as provided by the Company on the Website and as amended from time to time.


This Privacy Policy sets out the basis on which any information and/or data of the User, is collected, used and disclosed by MellowGrow UAB, a Lithuanian company incorporated with registration number 305790188 and having its registered office at Vilnius, Polocko g 2-3 (hereafter referred to as the ‘Company’) when accessing or using the Website or the Services.
The Company is committed to preserving the privacy of all visitors to the Website and users of the Services. The Policy explains how the Company complies with The General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’).
By using the Website and/or the Services, the User becomes subject to the Terms. Please take time to read the Terms and this Privacy Policy. By proceeding further, you signify that you have read and expressly consent to the collection, use, retention, processing, transfer and disclosure of your Personal Data under the terms of this Privacy Policy.
Information and/or Personal Data which may be collected, stored, processed, transferred, used and disclosed by the Company includes but is not limited to information and/or data that can be used on its own or with other information to, directly or indirectly, identify, contact, or locate a single person, or to identify an individual in context.


The following terms “Controller”, “Processor”, “Data Subject”, “Personal Data”, “Processing Activity/ies”, “Pseudonymisation”, “Cross-Border Processing of Personal Data”, “Supervisory Authority” used in this document shall have the same meaning as in the GDPR.
Other capitalised terms used in this Privacy Policy shall have the same meaning given to them in the Terms and Conditions.

Basic Principles Regarding Personal Data Processing

The Company, as Controller, shall adhere to the GDPR principles as stipulated in Article 5(2) of the GDPR where the “Controller shall be responsible for, and be able to demonstrate, compliance with the principles.” The Personal Data must be processed fairly and lawfully, be obtained only for specific and lawful matters, be adequate and up to date, not to be held for any longer than necessary, and be protected in appropriate ways.
The Company shall be accountable and must disclose information held to the Data Subject when requested and shall not transfer Personal Data outside of the European Economic Area (EEA), unless that country or territory also ensures an “adequate” level of protection. The Processing of Data must be carried out in accordance with the rights of the Data Subjects.

The Company May Collect the Following Information


Information provided by the User: when accessing and using the Website and/or the Services, subscribing to the Company’s updates, responding to a survey or when filling enquiry forms on the Website and when corresponding by phone, e-mail or other communication services, you may be asked to provide certain information. The information may include Personal Data such as name, address, e-mail address, phone number, financial and/or credit card information, bitcoin or other cryptocurrency wallet address, personal description, ID or Passport copy, date of birth, passport number, or other data which can be used for personal identification purposes and required for ‘know your customer’ purposes that may be required to comply with applicable laws.

Information collected automatically by the Company: with regard to each visit to the Website, the Company will automatically collect the following: technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, the User login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, information about the visits, including the full Uniform Resource Locators (URL), clickstream to, through and from the Website (including date and time), products viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number.

Information may be collected by Cookies and other tracking methods. Cookies are small data files that are stored on your device when visiting a website, which enable the Company to collect information about your device identifiers, web browsers used to access the Services, pages or features viewed, time spent on pages, mobile app performance and links clicked. Web beacons (or pixel tags) are electronic images that may be used to help deliver cookies, count website visits, understand usage and determine the effectiveness of email marketing campaigns.
Users are advised that if they wish to deny the use and saving of cookies from the Website on their computer’s hard drive they should take necessary steps within their web browsers security settings to block all cookies from the Website, except for the strictly necessary cookies that cannot be disabled.

 For more information, the User is invited to consult our Cookies Policy.

Information received from third-parties: this includes, but is not limited to the Company partners, sub-contractors in technical, payment services, transportation & delivery, advertising networks, search information providers, credit reference agencies, or other third parties who may provide information, for the purpose of fulfilling the Services or to comply with legal requirements. The Company shall seek to ensure that these parties provide the same level of data protection and that they shall only carry out their contractual obligations towards the Company or upon the instructions of the Company and not for any other purposes.

In case of using a location-enabled device: in such case, the Company may collect location data or use various means to determine the location.

Use of Information

The Company may use your Personal Data when accessing and/or using the Website or the Services to supply you with the Services required, to bill you and to contact you when required. The Company may also analyse the Personal Data provided to help in administering, supporting and improving the business, as per the following ways:
  • to provide, maintain, deliver and improve the Services and obtaining your views of the Services;
  • to send periodic emails about products and Services;
  • to follow up with the User after correspondence (live chat, email or phone inquiries);
  • for marketing and re-targeting purposes;
  • to carry out any other purpose for which the information was collected.
If it wants to stop receiving information as per the above, the User can opt out at any time by contacting the email address indicated in this Privacy Policy. At all times, access to the User’s Personal Data by the Company’s own staff and third-party intermediaries, will be restricted to the bare minimum required for the Company to perform its business and the provision of the Services.


Your Personal Data may be processed only if you have unambiguously given your consent or, the processing is necessary for the performance of the Services you request or, for compliance with legal obligations as in the case of the Anti-Money Laundering and Countering of Terrorist Financing Regulations (AML/CTF) or, for any other purpose carried out in the public interest or, requested in the exercise of official authority vested in the Company or a third party with whom the Personal Data is disclosed except where such interest is overridden by the interest to protect the fundamental rights and freedoms that arise from the right of privacy.
As an individual you may exercise your right to access your Personal Data held about you by the Company by submitting your request in writing to the following email address:

Rectification, deletion

The Company shall at your request immediately rectify, block or erase your Personal Data that has not been processed according to the GDPR and the Data Protection Act or processed unlawfully and where applicable proceed with notifying any third party about the measures undertaken. Although all reasonable efforts will be made to keep your information updated, you are kindly requested to inform us of any change referring to the Personal Data held by the Company. In any case if you consider that certain information about you is inaccurate, you may request rectification of such data.
Provided that no such request shall be implemented if it is shown to be impossible to implement or implementation will entail a disproportionate effort.

Data Portability

You have the right to receive, upon request, a copy of the Personal Data that you have provided to the Company in a structured, commonly-used and machine-readable format and to transmit such data to another controller, for free. The Company shall endeavour to ensure that such requests are processed within one month for free, subject that this is not excessive and does not affect the rights of other individuals’ Personal Data.

Right to be forgotten

Upon request, you have the right to have your Personal Data erased by the Company. The Company acting reasonably will take all necessary actions (including technical measures) to inform third-party data Processors to comply with the request unless your Personal Data needs to be retained to comply with legal obligations or court orders.

Data Subject’s Support

The Company may provide its Users with user support through an online chat with an agent. A username and email address would be necessary to sign up for online chat. The data collected in this manner shall be processed exclusively for the purpose of providing user support.

International or Cross-border Transfer of Your Data and Your Express Agreement

The transfer of the User’s data may be necessary for accessing and/or using the Services and the Website, to provide updates and to respond to the User’s potentials inquiries. As the internet operates in a global environment, the use of the internet to collect and process personal data necessarily involves the transmission of data on an international or cross-border basis. By using the Website and/or the Services or by communicating with us, you acknowledge and expressly consent to the Company’s processing and disclosure of your Personal Data in this way. By using the Website, communicating with us, and using our Services, you provide your express consent to the Company’s disclosure of your personal data to third-party intermediaries (if applicable) for the purposes described in this Privacy Policy.

Sharing of Information

The Company may share the Users Personal Data with others as follows:
  • with partners where it is necessary for the User to acquire, hold or use the Token and/or receive the Services;
  • when using interactive areas of the Website, like our blog or other online forums, certain information you choose to share may be displayed publicly, such as your username, actions you take and any Content you post;
  • the Company may disclose information to Courts and Government authorities or bodies if requested to do so under a court order or legal process, or to establish or exercise the Company’s legal rights or defend against legal claims;
  • if the Company believes that the User’s actions are inconsistent with the Terms or policies, or to protect the rights, property and safety of the Company or others;
  • in connection with, or during negotiations of, any merger, sale of company assets, financing or acquisition of all or a portion of our business by another company;
  • between and among the Company; or
  • with your consent or at your direction.
At any point in time you shall retain all rights to your data.


The Company protects information collected using physical, technical, and administrative security measures to reduce the risks of disclosure, unlawful processing, accidental loss, destruction, damage and unauthorized access. Should a security breach occur, the Company will use reasonable endeavours to try to fix it.

Social Sharing and Links to Third Party Websites

When sharing the Website, Services or other Company information on social websites, this will enable the sharing of information with your contacts or the public, depending on the settings you establish with the entity that provides the social sharing feature. You may also be exposed to service links to third party websites that are not owned or controlled by the Company. Please be aware that the Company is not responsible for the privacy practices of such websites. For more information about the purpose and scope of data collection and processing in connection with social sharing features and links to third party websites, the Company encourages you to visit the privacy policies of the entities that provide these features.
Furthermore, you are advised to conduct yourself appropriately when engaging with the Company on social media or when sharing the Website, Services or other Company’s information.

Data Retention

The Company will retain your Personal Data for a reasonable period or for as long as the law requires. The Company will retain your data as long as needed for the use of the Website and/or for the provision of the Services.

Disposal of Personal Data

When the Company receives requests to dispose of Personal Data records by Data Subjects, the Company shall ensure that these requests are handled within a reasonable time frame. The Company shall keep record including a log of these requests.

The Company shall also strive in obtaining adequate disposal mechanisms to ensure no Personal Data is leaked outside of the Company.

Response to Personal Data Breaches

When the Company learns of a suspected or actual Personal Data breach, the Company shall perform an internal investigation and take appropriate remedial measures in a timely manner. Where there is any risk to the rights and freedoms of Data Subjects, the Company will notify the relevant supervisory authorities without undue delay and, when possible, within 72 hours from when it learns of such breach. Data Subjects will be informed when the Personal Data breach is of a “high” level.

Governing Law

The Company is based in Lithuania and by using the Website and/or the Services, or otherwise providing information to the Company, you consent to the processing and transfer of information in accordance with Lithuanian law.

Final Provisions

You may request the Company to access your information and Personal Data at any time.

The Company shall be responsible for and be able to demonstrate compliance with the principles outlined in this Privacy Policy. The Company may at its own discretion assign or transfer this Privacy Policy and your related information to any person or entity that acquires or is merged with it without restriction.

Any claims, questions, comments and requests regarding this Privacy Policy should be addressed to the Company’s contact via email at during regular business hours on any business day.

Changes to the Privacy Policy

The Company may update this Privacy Policy from time to time at its own discretion and in response to changing legal, technical and/or business developments. The revised Privacy Policy will take effect immediately upon publication by the Company and we will replace this page with an updated version. When we update our Privacy Policy, we shall take appropriate action and inform you accordingly by a Privacy Notice consistent with the significant changes we would have made.
However, you acknowledge that it is your sole responsibility to check the “Privacy Policy” page from time to any time so as to be aware of any changes which may have occurred from time to time.

How to contact the appropriate Authority

Should you wish to file a complaint, you may contact the State Data Protection Inspectorate and lodge the recommended form of complaint.


This document was updated on the date indicated at the beginning of the document and is effective from that date.