UAB "PAYTEND EUROPE" PRIVACY POLICY
Introduction
1. UAB "PAYTEND EUROPE",company code 304730875 (hereinafter – "the Company" or "we"), registered address at Mėsinių str. 5, Vilnius, Lithuania. We are the electronic money institution authorized and regulated by the Lithuanian supervisory authority – Bank of Lithuania. Our activities are the issuing of electronic money, the redemption of electronic money, issuing and/or acquiring of payment instruments, execution of payments transactions. Our license and all activities covered by it can be checked here: https://www.lb.lt/lt/frd-licencijos/view_license?id=474
2. All our activities are regulated by the applicable laws related to the electronic money, including, but not limited to the legal acts related to the financial institutions and financial services. Moreover, as we are collecting and using the personal data (hereinafter – the Personal data) of our clients (hereinafter – "the Clients" or "you"), we are obligated to use and process your Personal data only in accordance with this privacy policy (hereinafter – Privacy policy) and the applicable legal acts which regulate the protection of Personal data.
3. All our employees, agents and employees of our agents who know the secret of Personal data must keep it safe even after termination of the employment or contractual relationship.
4. This privacy policy (hereinafter – "the Privacy Policy") is the supplement to our Terms and Conditions. This Privacy Policy provides for basic rules for collecting, storing, processing and retention of your Personal data and other information relating to you, as well as the scope of processed personal data, the purposes, sources, recipients and other important aspects of data processing in using our services as a payment services provider. It is therefore recommended to analyze the provisions of this Privacy Policy in detail prior to beginning to use our services.
5. You can visit our website not providing any information about yourself, however, if you want to open an account in our system and/or use other payment services offered by us, we will ask you to provide your Personal data indicated in the system and to carry out established identification procedures. Please be sure to read this entire Privacy Policy before using or submitting information through our services. By using or submitting information through our services, you are indicating that you agree to be bound by the terms of this Privacy Policy.
Principles of processing personal data
1. We commit to comply with the provisions of General Data Protection Regulation, the Law on Legal Protection of Personal Data of the Republic of Lithuania and all of the other Laws and/or legal acts that are applicable, as well as all of the European Union acts that are applicable in accordance with the Personal data protection regulations that are applicable for the specific country in which our services are provided.
2. The principles we strictly follow to comply with the needs to protect your Personal data are as follows:
a. Principle of legality, fairness and transparency which means that Personal data with respect to you is processed in a lawful, honest and transparent way;
b. Purpose limitation principle which means that Personal data is collected for specified, clearly defined and legitimate purposes and shall not be further processed in a way incompatible with those purposes;
c. Data reduction principle which means that Personal data must be adequate, appropriate and only which is necessary for the purposes for which it is processed;
d. Accuracy principle which means that Personal data must be accurate and, if necessary, updated; all reasonable steps must be taken to ensure that Personal data which is not accurate in relation to the purposes for which it is processed shall be immediately erased or corrected;
e. The principle of limitation of the length of the storage which means that Personal data shall be kept in such a way that your identity can be determined for no longer than is necessary for the purposes for which Personal data is processed;
f. Integrity and confidentiality principle which means that Personal data shall be managed by applying appropriate technical or organizational measures in such a way as to ensure the proper security of Personal data, including protection from unauthorized processing or processing of unauthorized data, and against accidental loss, destruction or damage.
Legal basis for Personal data processing and purposes
1. Your Personal data is processed by us when you gave the consent and / or when processing of data is necessary in order to fulfill the agreement to which you are the party, or to take action at your request prior to the conclusion of the agreement and / or to process the data necessary for the fulfillment of the legal obligation imposed on us.
2. The purposes of the processing of the Personal data:
a. provision of services of issuance, distribution and redemption of electronic money and provision of payment services;
b. conclusion and execution of the agreements;
c. implementation of the obligations under the Law on Money Laundering and Terrorist Financing Prevention of the Republic of Lithuania;
d. Client’s identification;
e. direct marketing.
Processed Personal data and the retention term of the Personal data, Clients’ Personal data recipients
1. According to the other purposes of processing of the Personal data above, the following Personal data is processed by us (it includes, but is not limited):
a. name, surname, personal code, date of birth, age (year of birth), address, residence place, identification card (passport) number, issuance place and date, mobile phone number, email address, employment data;
b. Clients (natural persons) - photo, signature, financial institution account number, IBAN number, debit card number, video and audio record for identification, telephone conversations, Client IP addresses, date of Client transactions, amount of transactions, currency, location, data about the beneficiary of the funds, the history of the actions performed, the source of funds, sex, nationality, employment status;
c. Representatives of the Clients (legal entities) (members of the Client's management bodies and other representatives (for example, employees) who are authorized according to the corporate documents to represent the Client in relations with the data controller or acting in accordance with the power of attorney, procuration when representing the Client): personal code, personal identity document data, e-mail address, sex, position, surname, address, nationality, phone number, name, photo, signature, bank account information (bank name and bank account number), monetary transaction or transaction date, amount, currency , data about the beneficiary of the funds (natural person's name, surname, date of birth, personal identification number or other unique character assigned to this person to identify the person, legal entity name, legal form, registered office address, code, if any);
d. Ultimate beneficiary owners of the Clients (legal entities) (natural persons who directly or indirectly own or control a legal unit with a sufficient number of shares or voting rights, including through bearer share management): personal identification code, identity card, sex, surname, address , nationality, name, photo, signature, number of shares held, voting rights or share capital part, monetary transaction or transaction date, amount, currency in which the monetary transaction or transaction is executed, data about the beneficiary of funds (natural person's name, surname, date of birth, personal identification number, or other unique character assigned to this person to identify the person, legal entity name, legal form, registered office address, code, if any);
e. Partners (natural persons) – name, surname, personal code, address, mobile telephone number, e-mail, signature, the account of the financial institution, the data of payments made by partners, amount of payments, other related data;
f. Partners (legal entity) – name, surname, position, signature, mobile telephone number, e-mail, the basic of representation, other related data;
g. The person who is contacting us – name, surname, personal code, phone number, address and other data which is provided by the person who is contacting us.
2. Your Personal data is kept in such a way that your identity can be determined for no longer than is necessary for the purposes for which Personal data is processed.
3. The terms of data retention of the Personal date for the purposes of the processing of the Personal data as specified in this Privacy Policy are as follows:
a. Direct marketing: until your consent is valid regarding the use of your Personal data for the purpose of direct marketing;
b. Provision of services of issuance, distribution and redemption of electronic money and provision of payment services: Personal Data collected for this shall be stored in accordance with the Index of the Retention Periods of General Documents approved by the order of the Chief Archivist of Lithuania and the legal acts applicable to our activities;
c. Conclusion and execution of the agreements: Personal Data collected for this shall be stored in accordance with the Index of the Retention Periods of General Documents approved by the order of the Chief Archivist of Lithuania and the legal acts applicable to our activities;
d. Implementation of the obligations under the Law on Money Laundering and Terrorist Financing Prevention of the Republic of Lithuania and Client’s identification: 8 (eight) years after the termination of the business relationship with you. The retention period may be extended for a period not exceeding 2 (two) years, provided there is a reasoned request from a competent authority. Such data retention period is required by the Law on Prevention of Money Laundering and Terrorist Financing of the Republic of Lithuania.
4. Your Personal data is obtained from you, credit and other financial institutions and their branches, Center of Registers, databases for checking the data of personal documents (databases of expired documents and other international databases), authority check registers (registers of notarized authority and other databases), companies maintaining registers of international sanctions, from 3rd party connected with you and/or dealing with us, other legal entities.
5. Your Personal data specified in this Privacy Policy may be transferred to:
a. supervisory authorities, credit, financial, payment and/or electronic money institutions;
b. pre-trial investigation institutions, the State Tax Inspectorate;
c. To any of our partners, payment service agents (if the operation is carried out using their services), who are necessary part of the provision of our products and services;
d. to our contractors or service providers for the purpose of conducting business and providing services or products to You, including web hosting providers, IT system administrators and payment processors;
e. to service providers, who makes Your identity verification using their IT solution;
f. beneficiaries of transaction funds receiving the information in payment statements together with the funds of the transaction;
g. debt collection and recovery agencies, companies processing consolidated debtor files;
h. lawyers, bailiffs, auditors;
i. other entities, including any government regulatory having a legitimate interest;
j. other entities under an agreement with us.
6. Your personal data may be transmitted to the third parties, which are in the countries of the European Union and the European Economic Area and third countries, not specified above due to the provision of services of issuance, distribution and redemption of electronic money and provision of payment services and with your prior consent.
7. Please note that we respect your as data subjects’ rights and due to that we are very carefully by choosing our partners, including Personal data processors and / or sub-processors. In case if Personal data processors and /or sub-processors are based in third countries, we transmit your Personal data to such processors and / or sub-processors only with the application of the standard contractual clauses (the European Commission’s decision of 5 February 2010 on standard contractual clauses for the transfer of Personal Data to processors established in third countries which do not ensure an adequate level of data protection). The standard contractual clauses may be not applied in cases if Personal data processors and /or sub-processors in third countries are:
a. recognized by the European Commission as providing an adequate level of protection for Personal Data;
b. covered by a suitable framework recognized by the relevant authorities or courts as providing an adequate level of protection for Personal Data, including but not limited to binding corporate rules.
Direct marketing
1. The direct marketing is the activity that is intended to offer the goods or services to you by email, telephone or other direct way (for example, Apps) as well as to inquire your opinion about the offered goods and services.
2. We may use your contacts details of your email for our similar goods or services marketing, in case if you did not object for the use of your e-mail for the marketing of our similar goods and services and you are granted with clear, free of charge and easy realisable possibility to object or withdraw with such use of your contact details by sending each message. We may also provide the information to you about our products or services by sending the messages in app and such messages may be viewed in the notification center, in case if the you did not choose “opt-out” function in our app. In other cases, we may use your Personal data for the purpose of direct marketing, if the you gave your prior consent regarding such use of data.
3. You can ask us or third parties to stop sending you marketing messages at any time by adjusting your marketing preferences in our app or by following the unsubscribe links on any marketing message sent to you.
4. We may be entitled to offer the services provided by our partners or other third parties to you or find out your opinion on different issues in relation to our partners or other third parties on the legal basis for this, i.e. on the basis of your prior consent.
5. In case if you do not agree to receive marketing messages and / or calls offered by us, our partners or other third parties, this will not have any impact on provision of the services you.
6. The Personal data collected and processed for the purposes of the direct marketing is name, surname, the email address, mobile phone number and the address of the place of residence.
Use of Cookies
1. Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. By continuing to browse the site, you are agreeing to our use of cookies.
2. The cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer or mobile phone if you agree. Cookies contain information that is transferred to your computer's hard drive. We use session cookies which are cookies which expire once you close your web browser.
3. We use the following cookies:
a. Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website and enter into transactions;
b. Analytical/performance cookies. They allow us to recognize and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily. We use Google Analytics cookies. Google Analytics collects information anonymously. It reports website trends without identifying individual visitors. You can opt out of Google Analytics without affecting how you visit this site.
c. Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
4. Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.
5. You may block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.
Security of the personal data and third-party links
1. We aim to ensure the highest level of security for all information obtained from you and public data files. In order to protect this information from unauthorized access, use, copying, accidental or unlawful erasure, alternation, or disclosure, as well as from any other unauthorized form of processing, we use appropriate legal, administrative, technical and physical security measures. These measures can include physical, electronic and procedural safeguards such as computer safeguard and secured files and buildings. We also endeavor to limit access to personal information to only employees, agents and representative that need to know.
2. Despite our efforts, third parties may unlawfully intercept or access your personal information, transmissions to us, or may wrongly instruct you to disclose information to them by posing as PAYTEND EUROPE or by misinforming you about our services. Always use caution and good judgment when sending money and when using internet and mobile technologies.
3. However, no method of transmission over the internet is 100% secure. In the unlikely scenario that your Personal data is compromised due to the data breach or if we come to learn that either our system or your account specifically has suffered the security breach, we will take all reasonable steps to remedy the breach as well as notify you as soon as possible.
4. We are not responsible for the protection of your privacy on websites of third parties, even if such websites are accessed by you through links provided on this website. We recommend to learn privacy policies of each website which does not belong to us.
The rights granted to the Client as data subject, procedure of handling requests and complaints
1. Following the requirements of the legal acts regulating protection of Personal data, we shall guarantee the following rights for you:
a. to know about processing of Personal data;
b. to have access to your Personal data and processing thereof;
c. to have your Personal data rectified;
d. to object to processing of your Personal data;
e. to transfer your Personal data to another data controller or provide directly to you in a convenient format (NOTE: applicable to the Personal data which is provided by you and which is processed by automated means on the basis of consent or on the basis of conclusion and performance of the contract);
f. to request to erase Personal data if superfluous Personal data is processed or another ground provided for in the General Data Protection Regulation exists;
g. to request to restrict data processing if a ground provided for in the General Data Protection Regulation exists;
h. to withdraw the consent given to us;
i. to lodge an appeal to the State Data Protection Inspectorate;
j. other rights established in the General Data Protection Regulation and other applicable legal acts.
2. We exercise your only after receipt of a written request for exercise of the particular right from you and only after satisfying ourselves about your identity.
3. Having identified yourself in the written request for exercise of your rights and having signed it, you shall submit such request to us by personally appearing at the address of our registered office, by ordinary mail or by e-mail [info@paytendeurope.com]. We will not accept such requests by telephone.
4. If your request is submitted by e-mail, it must be provided so that the format and content of the electronic format could be recognized, it could be opened and processed by electronic document management systems or other information technology tools used by us.
5. The request shall be provided in the official language, be legible, contain information of the right referred to clause 1 of this section and to what extent you would like to exercise and information on how you would like to receive a response. In case where you do not have an objective possibility to submit the request in the Lithuanian language, you may provide the request in the English language.
6. Your requests shall be fulfilled or fulfilment of your requests shall be refused by specifying the reasons for such refusal within 30 (thirty) calendar days from the date of submission of the request meeting our internal rules and General Data Protection Regulation. The afore-mentioned time limit may be extended for 30 (thirty) calendar days by giving a prior notice to you if the request is related to great scope of Personal data, other simultaneously examined requests. A response to you will be provided in the form specified by you as the desirable response.
7. The request submitted by you will be examined free of charge. However, your provide requests on a regular basis, the submitted requests are evidently unreasonable or excessive, we will, taking into account the administrative costs related to provision of information or communication or performance of the requested actions (including the costs incurred as a result of payment for the work to our employees), be entitled to request to pay a reasonable fee for examination of the submitted request or refuse to fulfil the request by giving a prior notice to you.
8. You can also file the complaint regarding the Personal data in the same manner as specified above in this section.
9. You can address the State Data Protection Inspectorate with a claim regarding the processing of your Personal data, if you believe that the Personal data are processed in violation of your rights and legitimate interests stipulated by applicable legislation. You may apply in accordance with the procedures for handling complaints that are established by the State Data Protection Inspectorate and which may be found by this link: https://www.ada.lt/go.php/Skundu-nagrinejimas378
10. This Privacy Policy is subject to the law of the Republic of Lithuania. All of disputes regarding the clauses of the Privacy Policy shall be settled by negotiation and, in case of failure to resolve an issue by negotiation, the dispute shall be taken to courts of the Republic of Lithuania.
Changes in the Privacy Policy
1. We reserve the right to modify this Privacy Policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website.
Contact us
1. Our contact details are available at [www.passportcash.com].
2. Contact details of the data protection officer authorized by us: [dpo@paytendeurope.com].