1. Introduction
This Privacy Policy (“Policy”) explains how Alfacash UAB, operating under the trade name “Sheepy” (“Sheepy”, “we”, “our”, or “us”), collects, uses, stores, discloses, and protects personal data when individuals access the website located at https://www.sheepy.com (the “Website”), engage with Sheepy’s virtual currency payment infrastructure, or otherwise communicate with us. This Policy applies to all Website visitors, end-users who interact with Sheepy via merchant checkout flows, and business clients or their authorized representatives.
This Policy is designed in compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), as well as the Law on Legal Protection of Personal Data of the Republic of Lithuania. It reflects Sheepy’s commitment to high standards of privacy, data minimization, lawfulness, transparency, and purpose limitation.
2. Controller
Sheepy is operated by Alfacash UAB, a private limited liability company registered under the laws of Lithuania with company number 306095517 and a registered office in Vilnius. Sheepy acts as the data controller for all personal data collected and processed in connection with the Services.
Sheepy has appointed an internal Data Protection Officer (DPO) responsible for overseeing data protection compliance and handling inquiries related to privacy matters. The DPO acts as a point of contact for users and supervisory authorities regarding Sheepy’s data practices.
3. Scope
This Policy governs the processing of personal data collected via the Website, during onboarding, through checkout interfaces, and in connection with contractual, technical, or regulatory interactions with Sheepy. It applies to business clients, their staff and representatives, prospective clients, end-users, and other stakeholders who provide personal data in the course of communications with Sheepy.
Sheepy’s Services are intended exclusively for use by persons who are at least 18 years old. Sheepy does not knowingly collect or process personal data from children or minors under the age of 18. If you believe that personal data of a minor has been submitted to Sheepy in error, please contact the DPO so we can take appropriate steps to delete the data without undue delay.
4. Data
Sheepy may collect identification details including full name, date of birth, nationality, and scanned identity documents; contact information such as email addresses and correspondence addresses; transaction records, wallet addresses, blockchain metadata, and fiat payment information; corporate records and beneficial ownership data for legal entities; geolocation and browser metadata; device fingerprinting and behavioral data; and support communications or system interaction logs. Additional information may be obtained from public sources, credit agencies, fraud prevention databases, sanctions screening services, and blockchain analytics tools.
Sheepy may use automated decision-making technologies, including profiling, in limited contexts to ensure compliance with legal obligations (such as anti-money laundering checks), detect potentially fraudulent activity, assess risk during onboarding, or prioritize support requests. These automated processes are designed to improve operational efficiency and ensure consistent compliance procedures.
You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal or similarly significant effects, unless such processing is necessary for entering into or performing a contract, is based on your explicit consent, or is otherwise permitted by applicable law. If you object to automated processing, you may contact Sheepy to request human intervention and express your point of view.
5. Legal basis
Sheepy processes personal data where it is necessary to perform a contract or pre-contractual measures at your request; where required to comply with legal obligations, including anti-money laundering and sanctions laws; where Sheepy has a legitimate interest in protecting its platform and ensuring the delivery of the Services; and, where applicable, on the basis of your explicit consent. Consent may be withdrawn at any time without affecting the lawfulness of prior processing. Sheepy ensures that its legitimate interests do not override your fundamental rights and freedoms.
6. Purpose of data use
Sheepy uses your personal data to verify identity and perform Know Your Customer (KYC) and Know Your Business (KYB) checks, provide access to the Services, process transactions, deliver technical support, detect fraud and abuse, comply with legal requirements, conduct risk analysis, improve user experience, and communicate important service updates. Data is not processed in a manner incompatible with these purposes.
7. Data sharing and international transfers
Sheepy operates within the European Economic Area (EEA) and may process or transfer personal data outside the EEA when required for technical support, onboarding, or regulatory compliance. Where data is transferred to jurisdictions that do not provide an equivalent level of protection, Sheepy ensures appropriate safeguards are in place, including the use of Standard Contractual Clauses or legally binding agreements. Users acknowledge that certain services may depend on international data transfers and agree to such transfers when accepting this Policy.
If Sheepy transfers your personal data to a jurisdiction outside the European Economic Area that is not subject to an adequacy decision by the European Commission, Sheepy shall ensure that the recipient applies safeguards equivalent to those required under the GDPR. Users may request further details regarding these safeguards, including a copy of the applicable standard contractual clauses, by contacting DPO.
8. Retention of personal data
Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, comply with applicable law, resolve disputes, and enforce Sheepy’s terms. This may include statutory retention periods related to anti-money laundering (AML), tax compliance, and contractual obligations. Once data is no longer needed, it is securely deleted or irreversibly anonymized. If Sheepy is legally prevented from deleting certain data, appropriate safeguards are applied to restrict access.
9. Your data protection rights
Data subjects have the right to request access to their personal data, seek rectification of inaccurate or outdated information, request the erasure of data under certain conditions, object to or restrict processing, and obtain a copy of their personal data in a portable format. These rights may be limited by overriding legal obligations, such as Sheepy’s duties under AML regulations.
Users who wish to exercise any of their rights should contact DPO and provide sufficient details to allow verification of their identity. Sheepy will respond within one calendar month, in accordance with Article 12 of the GDPR. If a request is complex or numerous, an extension may be applied. In case of unresolved concerns, users may lodge a complaint with the State Data Protection Inspectorate of Lithuania.
10. Cookies and tracking technologies
Sheepy uses cookies and similar tracking technologies to enhance the user experience, secure its systems, analyze web traffic, remember user preferences, and provide personalized content. Users are notified of the use of cookies and asked for their consent when required by law. By continuing to use the Website, users consent to the placement of cookies unless they configure their browser to reject them. More details about how cookies operate and how they can be managed are provided in Sheepy’s Cookie Policy, available on the Website.
11. Data security
Sheepy implements industry-recognized security practices to ensure the confidentiality, integrity, and availability of personal data. These include strong authentication controls, encryption of data in transit, secure server infrastructure, monitoring of access logs, and frequent security audits. Access to personal data is limited to authorized personnel who are subject to confidentiality obligations. Regular training is provided to all staff on data protection principles.
In the event of a data breach involving a high risk to individuals’ rights and freedoms, Sheepy will promptly notify affected users and report the incident to the supervisory authority, in line with GDPR Articles 33 and 34. If the risk is mitigated through effective safeguards, individual notice may not be required.
12. Third-party links and services
The Website may contain links to third-party platforms or services not operated by Sheepy. Sheepy is not responsible for the content, practices, or privacy policies of such platforms. Users are encouraged to read the policies of third parties before interacting with their services. Any data shared with external parties will be governed by their respective privacy frameworks.
13. Amendments to the Privacy Policy
Sheepy reserves the right to amend this Privacy Policy at any time. Updates will be posted on the Website with a new “Last Updated” date. Users are encouraged to periodically review the Policy to stay informed of how their data is handled. Where changes materially affect data subjects’ rights, Sheepy will provide prominent notice or seek renewed consent if required by law.
14. Contact
For any privacy-related questions, requests, or complaints, please contact DPO at [email protected].
'%3e%3cpath%20d='M4%2013C4.325%2015.532%205.881%2017.781%208%2019'%20stroke='%231C1D39'%20stroke-width='2'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3cpath%20d='M20%2011.0002C19.7554%209.24041%2018.9391%207.60985%2017.6766%206.35969C16.4142%205.10953%2014.7758%204.30911%2013.0137%204.08175C11.2516%203.85438%209.46362%204.21268%207.9252%205.10144C6.38678%205.9902%205.18325%207.36013%204.5%209.00019'%20stroke='%231C1D39'%20stroke-width='2'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3cpath%20d='M4%205V9H8'%20stroke='%231C1D39'%20stroke-width='2'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3cpath%20d='M12%2015H14C14.2652%2015%2014.5196%2015.1054%2014.7071%2015.2929C14.8946%2015.4804%2015%2015.7348%2015%2016V17C15%2017.2652%2014.8946%2017.5196%2014.7071%2017.7071C14.5196%2017.8946%2014.2652%2018%2014%2018H13C12.7348%2018%2012.4804%2018.1054%2012.2929%2018.2929C12.1054%2018.4804%2012%2018.7348%2012%2019V20C12%2020.2652%2012.1054%2020.5196%2012.2929%2020.7071C12.4804%2020.8946%2012.7348%2021%2013%2021H15'%20stroke='%231C1D39'%20stroke-width='2'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3cpath%20d='M18%2015V17C18%2017.2652%2018.1054%2017.5196%2018.2929%2017.7071C18.4804%2017.8946%2018.7348%2018%2019%2018H20'%20stroke='%231C1D39'%20stroke-width='2'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3cpath%20d='M21%2015V21'%20stroke='%231C1D39'%20stroke-width='2'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_112_4974'%3e%3crect%20width='24'%20height='24'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
'%3e%3cpath%20d='M8%206C8%205.46957%208.21071%204.96086%208.58579%204.58579C8.96086%204.21071%209.46957%204%2010%204H18C18.5304%204%2019.0391%204.21071%2019.4142%204.58579C19.7893%204.96086%2020%205.46957%2020%206V14C20%2014.5304%2019.7893%2015.0391%2019.4142%2015.4142C19.0391%2015.7893%2018.5304%2016%2018%2016H10C9.46957%2016%208.96086%2015.7893%208.58579%2015.4142C8.21071%2015.0391%208%2014.5304%208%2014V6Z'%20stroke='%231C1D39'%20stroke-width='2'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3cpath%20d='M4%2010C4%209.46957%204.21071%208.96086%204.58579%208.58579C4.96086%208.21071%205.46957%208%206%208H14C14.5304%208%2015.0391%208.21071%2015.4142%208.58579C15.7893%208.96086%2016%209.46957%2016%2010V18C16%2018.5304%2015.7893%2019.0391%2015.4142%2019.4142C15.0391%2019.7893%2014.5304%2020%2014%2020H6C5.46957%2020%204.96086%2019.7893%204.58579%2019.4142C4.21071%2019.0391%204%2018.5304%204%2018V10Z'%20stroke='%231C1D39'%20stroke-width='2'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_112_4982'%3e%3crect%20width='24'%20height='24'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
