Enacted: July 24, 2024
Last modified: July 24, 2024
This Privacy Policy (hereinafter referred to as the “Policy”) enacts the procedure applied by XPAID UAB, a private limited company registered in Lithuania at Vilnius Salnos g. 28, registration number 306120408 (hereinafter referred to as “XPAID”, the “Company”, or the “Controller”) to the processing of personal data of the users of Company’s services related to exchange and storage of cryptocurrency (hereinafter referred to as the “Users”) and other data subjects (hereinafter referred to as the “Data subjects”) visiting the Company’s website https://xpaid.org/ (hereinafter referred to as the “Website”) or other websites or online resources through which XPAID or legal entities affiliated with XPAID promote and offer services related to exchange and storage of cryptocurrency (hereinafter referred to as the “Services”).
This Policy and the activities of XPAID and Company’s processors related to processing of personal data are governed by the General Data Protection Regulation No. 2016/679 adopted by the European Parliament and the Council on 27 April 2016 (hereinafter referred to as the “GDPR”).
The following terms and definitions shall apply to the Policy:
“Account” means a set of data about the User stored in a computer system of the Company necessary for providing the User with the Services.
“Controller” means XPAID as the legal entity which determines the purposes and means of the processing of personal data.
“Minor” means a natural person who is less than 16 (sixteen) years of age.
“Processors” means:
Company’s subsidiaries, dependent companies, or other affiliated persons or/and legal entities (hereinafter referred to as the “Affiliates”),
Natural or legal persons involved in the provision of the Services of the Company,
Other natural or legal persons engaged by the Controller in the processing of personal data
which process personal data on behalf of the Controller.
“Services” means services related to exchange and storage of cryptocurrency provided by XPAID or by the Affiliates of XPAID under the control of XPAID, including but not limited to the following:
Exchange of cryptocurrency to fiat currency and vice versa
Transfer of cryptocurrency from only cryptocurrency wallet to another cryptocurrency wallet
Storage of cryptocurrency
Withdrawal of cryptocurrency to another cryptocurrency wallet of the User
Withdrawal of fiat funds to bank accounts, electronic wallets, and bank cards from the Account of the User
“Third parties” means natural or legal persons receiving personal data from Company or Company’s Processors for the purposes other than processing of personal data.
Unless otherwise is provided by the Policy, the term “Data subjects” encompasses the term “Users”.
For the purposes of this Policy the term “User” also includes the natural person representing the Company’s client that is a legal entity.
The terms and definitions of GDPR apply to this Policy unless they contradict the terms and definitions of the Policy.
1. LAWFULNESS OF PROCESSING OF PERSONAL DATA
1.1. Under the Policy, the personal data of the Users and other Data subjects is processed under the following legal grounds:
1.1.1. The Data subject has given consent to the processing of his or her personal data in accordance with the Policy (point (a) paragraph 1 Article 6 GDPR).
1.1.2. Processing of Data subject’s personal data is necessary for the provision of the Services of the Company (point (b) paragraph 1 Article 6 GDPR).
1.2. By opening, visiting, and using the Website or another website or online resource affiliated with the Company or the Website, the Data subject provides the Company with the consent to the processing of cookie files and other similar data in accordance with Section 7 of the Policy and other personal data prescribed in para.2.1.14 of the Policy. No other personal data of such Data subjects shall be processed by the Controller.
1.3. In order to use the Services of XPAID, the Data subject may be required to create the Account on one of the Company’s websites or other online resources used for the provision of the Services and become the User of the Company.
In order to create the Account, the User shall provide the Company with the personal data provided in paras.2.1.1-2.1.8 of the Policy.
To provide the personal data prescribed by paras.2.1.1-2.1.8 of the Policy, the User shall also pass the KYC procedures adopted by the Anti-Money Laundering and Countering Terrorism Financing Policy of XPAID. Such KYC procedures may require the provision of the User’s image (selfie) and the photo or scan of the User’s identification document.
If the User refuses to provide the Company with the personal data provided in paras.2.1.1-2.1.8 of the Policy or to pass the KYC procedures of XPAID, the Company refuses to provide the User with the access to the Services.
If the Company provides the Services to the User without creating the Account, the provision of such Services shall only take place after the User provides the Company with the personal data prescribed by paras.2.1.1-2.1.8 of the Policy and passes the KYC procedures of XPAID.
By creating the User’s Account or by starting the use of the Services without creating the Account, the User provides the Company with the consent to the processing of all the personal data provided in Section 2 of the Policy.
1.4. By interacting with the Company via social networks and messengers in accordance with Section 8 of the Policy, the Data subject provides the Company with the consent to the processing of personal data prescribed by para.8.2 of the Policy.
1.5. By voluntarily contacting the Company in any way, including contacting the Company in accordance with para.1.4 of the Policy, the Data subject provides the Company with the consent to the processing of personal data prescribed by para.2.1.1, para.2.1.7, paras.2.1.12-2.1.14, and para.8.2 of the Policy.
1.6. The use of the Services by the User per se grants the Company the right to process personal data of the User provided in paras.2.1.1-2.1.11 of the Policy under the legal ground prescribed by para.1.1.2 of the Policy to the extent necessary for the provision of the Services to the User and compliance with applicable legislation and regulations in the field of anti-money laundering and countering terrorism financing.
2. PERSONAL DATA PROCESSED BY THE CONTROLLER
2.1. Under the Policy, the Controller has the right to process the following personal data of the Data subjects:
2.1.1. First and last name of the Data subject.
2.1.2. Date of birth of the Data subject or/and personal (identification) code of the Data subject.
2.1.3. Information about the citizenship of the Data subject.
2.1.4. Information about residential address of the Data subject, as well as the information about the status of the Data subject as a temporary or permanent resident of the respective country.
2.1.5. Image’s (photographs, selfies etc.) of the Data subject’s face, as well as images (photographs, scans etc.) of the Data subject’s identification documents and documents confirming the residential address of the Data subject and the information contained in these documents.
2.1.6. Information about the User’s corporate status at a Company’s client that is a legal entity, as well as images (photographs, scans etc.) of the documents confirming such corporate status.
2.1.7. Email address or/and telephone number of the Data subject.
2.1.8. Username and password created by the User during the creation of the User’s Account.
2.1.9. Information about the transactions of the User performed by the User by using the Services of the Company, including information about the unique transaction codes and information about payment account or deposit virtual currency wallet identification codes, as well as information about the parties to the transactions, the purposes of the transactions, and the transactions amounts.
2.1.10. Information about payment methods of the User and the bank cards and bank accounts used by the User for performing transactions while using the Services of the Company.
2.1.11. Information about appearance of the User or the User’s legal entity which the User represents in the sanctions or other lists approved by national governments or/and international organizations which prevent the User from using the Services of the Company.
2.1.12. Information about social networks accounts of the Data subject, namely, the username or URL of the User’s profile in the social network.
2.1.13. The messages sent by the Data subject to the Company through the communication channels provided by the Company (which includes complaints of the Data subjects related to the compliance of XPAID with the requirements of GDPR and other applicable legislation), which includes any information about the Data subject voluntarily provided to the Company by such a Data subject, as well as other information about interaction and communication of the Data subject with the Company.
2.1.14. Cookie files processed in accordance with Section 7 of the Policy, as well as other analytical or metric data about the visitors of the Website or other websites or online resources affiliated with the Company or the Website collected by the Controller or with assistance of Processors that may include the following information:
A) Operating system used on the device of the Data subject
B) Version (type) of the Website (or other Company’s website or online resource) visited by the Data subject (mobile or desktop version)
C) Screen resolution of the Data subject’s device
D) Time during which the Data subject visited the Website (or other Company’s website or online resource) and the activities of the Data subject within the Website or other Company’s website or online resource (pages visited, clicks made by the Data subject, time spent on the specific webpage)
E) Number of Data subjects that visited the Website (or other Company’s website or online resource) within the specific period of time
F) Number of unique Data subjects that visited the Website (or other Company’s website or online resource)
2.2. The personal data provided in para.2.1.14 of the Policy is anonymized and cannot be pertained to any specific Data subject.
2.3. The personal data provided in paras.2.1.7-2.1.8 of the Policy can be automatically saved for auto-entry when the User logs into the User’s Account.
3. PURPOSES OF PERSONAL DATA PROCESSING
3.1. The personal data provided in paras.2.1.1-2.1.11 of the Policy is processed for the following purposes:
3.1.1. Provision of the Services of the Company.
3.1.2. Resolution of disputes with the Users.
3.1.3. Processing transactions of the Users performed by the Users while using the Services of XPAID.
3.1.5. Communication with the Users not related to advertising or marketing.
3.1.6. Improving the work of the Website (and other websites and online resources of the Company used for the provision of the Services) and the quality of the Services, providing technical support to the User’s Account.
3.2. The personal data provided in paras.2.1.12-2.1.14 of the Policy is processed for the following purposes:
3.2.1. Marketing and advertising purposes, which includes both direct marketing and advertising of Company’s products related to the Website (as well as other websites and online resources used for the provision of the Services) on other websites, in social media, and in search engines.
3.2.2. Analytical purposes.
3.2.3. Resolving disputes with Data subjects.
3.2.4. Other communication with Data subjects not related to advertising or marketing or resolving disputes.
3.3. The personal data provided in para.2.1.1 and para.2.1.7 of the Policy is processed for the purposes provided in paras.3.2.3-3.2.4 of the Policy.
4. CONTROLLER AND PROCESSORS
4.1. The Company is the Controller of the Data subject’s personal data meaning that the Company defines the categories of personal data processed, the purposes of personal data processing, the list of Processors, the ways of processing and storing personal data, and the rules of cross-border transfer of personal data.
4.2. The personal data described in this Policy is processed either directly by the Controller or by the Processors engaged by the Controller that process personal data on behalf of the Controller. The Controller is responsible before the Data subjects for the Processors processing personal data of Data subjects in accordance with this Policy. The following categories of Processors are engaged by the Controller in the processing of personal data of Data subjects:
4.2.1. Persons directly involved in the provision of the Services in favor of the Users.
4.2.2. Processors processing payment and crypto transactions of the Users using the Services of the Company.
4.2.3. Processors storing personal data of Data subjects.
4.2.4. Processors providing advertising and marketing services to the Controller.
4.2.5. Processors analyzing, assessing, storing, and systemizing personal data provided in para.2.1.14 of the Policy.
4.2.6. Processors providing technical support for the Website, the User’s Account, and other websites and online resources used for the provision of the Services.
4.2.7. Processors assisting the Company with resolving disputes with the Users.
4.2.8. Affiliates of the Company engaged in the provision of the Services.
4.3. All the Processors of the Controller engaged in the processing of the personal data under the Policy act in accordance with the contract concluded between the Controller and the respective Processor. The concluded contract provides for the security and confidentiality of personal data of Data subjects and compliance with GDPR and other applicable legislation.
5. CONTROLLER AND THIRD PARTIES
5.1. The Controller can transfer personal data of Data subjects provided in para.2.1.7 and paras.2.1.12-2.1.14 of the Policy to the following categories of Third parties and for the following purposes:
5.1.1. Affiliates of the Company offering services similar to the Services of XPAID or services affiliated with the Services of XPAID for the purpose of promoting services of such Affiliates among the Users of the Company.
5.1.2. Natural persons and legal entities prescribed in paras.4.2.4-4.2.5 of the Policy for the purpose of promoting services similar to the Services of the Company among the Users of XPAID.
5.2. The Controller can transfer any personal data of any Data subject to the following categories of Third parties and for the following purposes:
5.2.1. Courts requesting the provision of personal data in accordance with the applicable legislation of the court’s jurisdiction for the purposes prescribed by the applicable legislation.
5.2.2. Supervising authorities requesting the provision of personal data within the limits of their powers for legitimate purposes prescribed by the applicable legislation.
5.2. The Controller does not sell and has never sold personal data of Data subjects to any Third party. The Controller has no intention in selling personal data of Data subjects to any Third parties.
6. MINORS
6.1. The Website (as well as other websites and resources of the Company) and the Services of the Company are not directed to Minors. This is confirmed by the fact that the provision of the Services requires making the payments which can only be made by a person with legal capacity. Thus, the Services can only be provided to the Users who are at least 16 (sixteen) years of age.
6.2. The Controller does not process and does not have actual knowledge that the Controller is processing personal data of Minors. If the Controller finds out that some data from or about a Minor was collected or/and processed in other way, the Controller will immediately take all the necessary measures aimed at deleting such data and restricting access of the Minor to the Website and the Services.
6.3. If the Controller has doubts regarding the age of the User, the Controller has the right to request the User to verify the User’s age. If the User refuses to verify the User’s age or if the Controller finds out that the User is less than 16 (sixteen) years of age, the rules of para.1.3 of the Policy shall apply.
7. COOKIE POLICY
7.1. The Website and other websites and online resources of the Company may use “Cookies”.
Cookies or cookie files are small text files located in browser directories that may include an anonymous unique identifier. Generally, there are two types of cookies – a session cookie and a persistent cookie. A session cookie is used to make it easier for a person to navigate a website and expires when a person closes the browser. A persistent cookie remains on a hard drive of a person’s device for an extended period of time. Cookies cannot be used to run programs or deliver viruses to a person’s computer. Cookies are uniquely assigned to a person’s device and can only be read by a web server in the domain that issued the cookie to a person’s device. To learn more about cookies please follow the link.
7.2. The Company may use both session cookies and persistent cookies to help Data subjects navigate through the Website and efficiently perform the functions of the Website, as well as other websites and online resources used for the provision of the Services. Particularly, the following kinds of cookies may be used by the Company in accordance with this Policy:
7.2.1. Session Cookies. The Company may use Session Cookies to operate the provided Services.
7.2.2. Preference Cookies. The Company may use Preference Cookies to remember preferences and various settings of the Data subject using the Services.
7.2.3. Security Cookies. The Company may use Security Cookies for making safe the use of the Website and other websites and online resources used for the provision of the Services.
7.3. By use of cookies, the Company may automatically collect information about the online activity of the Data subject on the Website and other websites and online resources used for the provision of the Services. Such information may include:
7.3.1. The information about the webpages visited by the Data subject.
7.3.2. The URL links clicked by the Data subject.
7.3.3. The searches made by the Data subject via the Website or other websites and online resources used for the provision of the Services.
7.4. The Data subject has the right to accept or decline cookies by using the browser settings. However, if the Data subject declines cookies, the Data subject may not be able to use the full range of functions provided by the respective resource of the Company.
7.5. The Company may also use other technologies for processing personal data provided in para.7.3 of the Policy, including the following:
7.5.1. Web beacons. Web beacons (also known as clear gifs, pixel tags, or web bugs) are tiny graphics with a unique identifier, similar in functions to cookies, and used to track online movements of website users. Unlike cookies, which are stored on a user’s device, web beacons are embedded invisibly on the web pages of the website or in an email, and the size of such web beacons is about the size of the period at the end of the sentence.
7.5.2. Tracking URLs. A tracking URL is a standard link that has parameters attached to it for the purpose of tracking and analytics. A tracking URL has unique identifier that allows to identify the source of the website’s traffic (e.g., the location from which the Internet users visit the website, or the search engine used by the visitors for clicking the URL of the website).
7.6. The Company may also use web beacons and tracking URLs prescribed by para.7.5 of the Policy in marketing emails of the Company (including marketing bulk emailing) and in online advertisements of the Company posted on third-party websites.
8. COMPANY AND SOCIAL NETWORKS
8.1. In order to promote information about the Company, its Services, and the Website and other online resources of the Company, the Company may create the accounts in social networks and messengers, including Facebook, Instagram, WhatsApp, and Telegram.
8.2. Data subjects may follow the accounts of the Company in social networks and the channels of the Company in messengers. Data subjects may like posts and comments of the Company and leave comments, reviews, or reactions under the posts and messages of the Company in social networks and messengers. Data subjects may also send messages to accounts of the Company in social networks and messengers.
8.3. The data prescribed by para.8.2 of the Policy is considered as personal data of Data subjects provided in para.2.1.13 of the Policy. Such personal data of Data subjects, depending on the nature of the processed data, may be used by the Company for the purposes provided by para.3.1.2, para.3.1.5, para.3.1.6, or para.3.2 of the Policy.
9. RIGHTS OF A DATA SUBJECT
9.1. Each Data subject has the following rights:
9.1.1. Right of access: the Data subject is entitled to receive from the Controller the information about personal data that is processed by the Controller, the purposes of personal data processing, the categories of personal data recipients, the period of personal data storage, and the information about the transfer of personal data to other jurisdictions.
9.1.2. Right to lodge a complaint with a supervisory authority: the Data subject is entitled to file a complaint against the Controller with a supervising authority of Data subject’s habitual residence or place of work, or with a supervising authority located in a place of possible infringement, or with a supervising authority of Controller’s residence which supervises the compliance of the Controller with personal data legislation.
9.1.3. Right to rectification: the Data subject is entitled to rectification of inaccurate data about the Data subject.
9.1.4. Right to erasure: the Data subject is entitled to erasure the personal data about the Data subject.
9.1.5. Right to restriction of processing: the Data subject is entitled to restrict processing of personal data under the grounds provided for in Article 18 GDPR.
9.1.6. Right to data portability: the Data subject is entitled to receive personal data about the Data subject in a structured, commonly used, and machine-readable format and transmit such data to another controller.
9.1.7. Right to object: the Data subject is entitled to object to personal data processing on the grounds relating to a particular situation (for example, if the Controller processes personal data for marketing purposes).
9.1.8. Right not to be subject to a decision based solely on automated processing, including profiling.
9.1.9. Right to file a request or complaint with the Controller. Such right also includes the right of the Data subject to use judicial remedies against the Controller in a country of Controller’s or Data subject’s residence under Article 79 GDPR and the right to use judicial remedies against the supervisory authority in a country where the supervisory authority is established (Article 78 GDPR).
9.1.10. Right to withdraw Data subject’s consent to personal data processing.
9.1.11. Right to prohibit sale or resale of Data subject’s personal data.
9.2. Unless otherwise is provided by other paragraphs of the Policy, the Data subject that wants to exercise his or her rights provided by para.9.1 of the Policy shall send a mail or an email to the Company by using contact details of the Company provided in Section 14 of the Policy.
9.3. The User that wants to exercise one of the rights provided in paras.9.1.3-9.1.8 or paras.9.1.10-9.1.11 of the Policy shall contact the Company through the customer support system provided to User via the online resources used for the provision of the Company’s Services or by using the communication methods prescribed in para.9.2 of the Policy.
9.4. The User can exercise the right provided in para.9.1.3 of the Policy by changing the personal data within the User’s Account used for receiving the Services subject to the approval of such changes by the Company. The Company may refuse the provision of the Services to the User who changed his or her personal data within the Account if the subsequent provision of the Services to such User will violate applicable legislation.
9.5. If the User has the User’s Account and the request of the User relates to personal data provided in paras.2.1.1-2.1.8 of the Policy, the rights of the User provided in para.9.1.4 and para.9.1.10 of the Policy may only be exercised by deleting the User’s Account. In this case, the User will no longer be able to use the Services unless the User creates another Account and re-passes the KYC procedures of the Company or unless the Company approves the use of the Services by such a User without the Account. If the Company approves the use of the Services by the User without the creation of the Account, the User shall still provide the Company with personal data prescribed by paras.2.1.1-2.1.8 of the Policy.
9.6. By agreeing with this Policy, the User agrees that erasure of User’s personal data, restriction of processing of User’s personal data, objection to processing of User’s personal data, or withdrawal of User’s consent to the processing of personal data may result in restriction of User’s access to the Services and may impair the ability of the User to use the Services in a proper manner as prescribed by the Policy and other documents of the Company.
9.7. If the Data subject desires to lodge a complaint with a supervisory authority against the Company or use judicial remedies against the Company or the supervisory authority, the Data subject shall follow the procedures provided by Articles 77-79 GDPR and by the legislation of the country in which the Data subject is planning to lodge a complaint or use judicial remedies.
10. SECURITY OF PERSONAL DATA
10.1. The Controller takes all the reasonable measures to protect Data subject’s personal data from unauthorized access by third parties, as well as against loss, misuse, alteration, or destruction of personal data, including the following:
10.1.1. The Data subject’s session on the Website goes through the secure SSL connection during the Website browsing.
10.1.2. Only authorized personnel of the Controller have access to the personal data of Data subjects, and these employees and contractors are required to treat this information as confidential.
10.1.3. The Controller ensures the confidentiality of the User’s credentials used for entering the Account, as well as other data used for receiving the Services.
10.1.4. The Company uses encryption methods for providing the Services to the Users.
10.1.5. The Company conducts regular check-ups and tests of the internal network system for the security issues.
10.1.6. The Company uses the resources of reliable Processors involved in the KYC procedures applicable to the Users of the Services.
10.2. The existing security measures will be reviewed from time to time in accordance with new legislation and technical innovations.
11. STORAGE OF PERSONAL DATA
11.1. The Controller stores personal data of Data subjects only for the period that is necessary for achieving the purposes of processing provided by Section 3 of this Policy.
11.2. The Controller stores personal data of the User provided in paras.2.1.1-2.1.11 of the Policy as long as the User uses the Services.
11.3. If the User deletes the User’s Account or if the User that did not have an Account stops using the Services, the Controller has the right to store personal data of the User provided in paras.2.1.1-2.1.11 of the Policy for the period of 5 (five) years after deletion of the User’s Account or after the User stopped using the Services without creating the Account in the first place unless the User directly requests the Controller to delete such personal data at the time of the User’s Account deletion.
The Company may deny the request of the User to delete the personal data if keeping such personal data is necessary for the compliance with applicable legislation and regulations (including legislation and regulations aimed at preventing money laundering or financing of terrorism) or with the appropriate court or supervising authority order or request.
11.4. The Controller takes all the reasonable steps to periodically delete personal data provided in para.2.1.14 and Section 7 of the Policy. However, because such personal data cannot be attributed to any specific Data subject, the Controller does not have technical opportunity to exercise the request of the Data subject to delete personal data provided in para.2.1.14 of the Policy that relates directly to such a Data subject.
11.5. The Controller does not store any personal data provided in Section 8 of the Policy.
11.6. The Controller will continue to store personal data of a Data subject for an undefined period of time if storing such personal data is required by applicable legislation aimed at preventing money laundering or terrorist financing.
12. INTERNATIONAL TRANSFER OF PERSONAL DATA
12.1. The Controller stores personal data of Data subjects only on the servers located in countries of EEA (European Economic Area which includes the countries of the European Union plus Iceland, Liechtenstein, and Norway).
12.2. The Processors of the Controller store personal data of Data subjects in the countries of EEA, as well as the countries outside EEA in respect of which the European Commission made the decision that such countries provide an adequate level of data protection (Article 45 GDPR). Particularly, the personal data of Data subjects may be stored in the United Kingdom, Andorra, or Switzerland. The full list of the countries outside EEA providing an adequate level of data protection can be found through the link.
12.3. If it is not possible to store personal data of the Data subject in accordance with para.12.1 or para.12.2 of the Policy, the Controller will transfer personal data of the Data subject to jurisdictions outside EEA subject to appropriate safeguards provided in Article 46 GDPR.
12.4. If for some reasons it is not possible for the Controller to transfer and store personal data of the Data subject in accordance with paras.12.1-12.3 of the Policy, the Controller will transfer Data subject’s personal data outside EEA only subject to the provisions of Article 49 GDPR which provide derogations for specific situations.
If the only legal ground under which the Controller can transfer Data subject’s personal data outside EEA is the consent of the Data subject (Article 49 paragraph 1 point (a) GDPR), the Controller will only perform the transfer after receiving the consent of the Data subject to the proposed transfer of personal data. Such consent may only be obtained from the Data subject after the Controller informs the Data subject about the possible risks of such a transfer caused by the absence of an adequacy decision provided by para.12.2 of the Policy and appropriate safeguards provided by para.12.3 of the Policy. If the Data subject does not provide the consent to the transfer of personal data, the Controller may refuse provision of the Services to such a Data subject or restrict access of the Data subject to the Services if the provision of the Services or provision of access to the Services are impossible without the Data subject’s consent to the international transfer of personal data.
13. CHANGES TO THIS POLICY
13.1. The Company shall periodically review this Policy for the compliance with applicable data protection laws and will provide the Policy with amendments as the Company deems necessary. The amendments will be posted on the Website in the form of the updated Policy and will be in effect since the date of publication, unless otherwise is specifically provided in the text of the updated version of the Policy. The publication of the updated version of the Policy amounts to notification of Data subjects about the changes. Data subjects shall periodically review the Website for the amendments in the Policy.
13.2. The Company will take reasonable measures to notify the Users about the changes in the Policy. In doing so, the Company may send emails to the Users or notify the Users through the customer support system provided via the online resources used for the provision of the Services.
14. CONTACTING CONTROLLER
XPAID UAB
A private limited company registered in the Republic of Lithuania
Registration number: 306120408
Address: Salnos g. 28, Vilnius 04126, Lithuania