UAB “ConnectPay”, company code 304696889 (hereinafter – the Company), registered address at Gedimino Ave. 20, 01103, Vilnius, Lithuania. The Company is the electronic money institution authorized and regulated by the Lithuanian supervisory authority – Bank of Lithuania. The Company’s activities include the issuing of electronic money, the redemption of electronic money, issuing and/or acquiring of payment instruments, execution of payments transactions. The license of the Company and all activities covered by it can be checked here.
The Company commits to comply with the provisions of General Data Protection Regulation, the Law on Legal Protection of Personal Data of the Republic of Lithuania and all of the other Laws and/or legal acts that are applicable, as well as all of the European Union acts that are applicable in accordance with the Personal data protection regulations that are applicable for the specific country in which the services are provided.
1.Personal data is collected for specified and legitimate purposes and is not further processed for purposes incompatible with those purposes established prior to the collection of personal data.
2. Personal data is processed accurately, honestly and lawfully.
3.Personal data is accurate and if necessary due to the processing of personal data is constantly updated as well as inaccurate or incomplete data is corrected, supplemented, destroyed or the processing is stopped.
4. Personal data is identical, suitable and only to the extent which is necessary to collect and further process the personal data.
5. The personal data is stored for the period specified by the Company, but not longer than the terms set forth by the applicable legal acts allow as well as when the storage term is expired the personal data are destroyed.
6. Implementation of adequate organizational measures, designed for securing personal data against accidental or illegal destruction, modification, disclosure, and any other illegal management.
7. Implementation of measures designated for the prevention of use by persons seeking to acquire funds by fraudulent means.
Personal data is processed in the Company when the Customer has given consent and / or when processing of data is necessary in order to fulfill the agreement to which the Client is a party, or to take action at the request of the Customer prior to the conclusion of the agreement and / or to process the data necessary for the fulfillment of the legal obligation imposed on the Company.
The purposes of the processing of the Personal data:
(a) Provision of services of issuance, distribution and redemption of electronic money and provision of payment services;
(b) Conclusion and execution of the agreements;
(c) Customers’ identifications;
(d) Implementation of the obligations under the Law on Money Laundering and Terrorist Financing Prevention.
As well, the Company may collect and process Personal data of the Customer due to the direct marketing.
The Personal data collected for the direct marketing purposes may be processed only with the consent of the Customers which clearly indicates that Customers agree with the processing of the Personal data for the direct marketing. Direct marketing is the activity that is intended to offer the goods or services to the Customer by post, telephone or other direct way as well as to inquire the opinion of the Customers about the offered goods and services. In case if the Customers do not agree with the processing of their Personal data for the direct marketing purposes, the Personal data for the direct marketing is not processed. The Customers are granted the right to withdraw its consent given for the processing of the Personal data for the purposes of the direct marketing. The Customer may withdraw the given consent by sending the information to e-mail: firstname.lastname@example.org as well as by using the electronic channel which is dedicated for the management of the Customer account and for the communication with the Company.
According to the purposes specified above, the following Personal data is processed by the Company:
a) Name, surname, personal code, date of birth, age (year of birth), address, residence place, identification card (passport) number, issuance place and date, mobile phone number, email address, employment data;
b) Customers (natural persons) – photo, signature, financial institution account number, IBAN number, debit card number, video and audio record for identification, telephone conversations, client IP addresses, date of client transactions, amount of transactions, currency, location, data about the beneficiary of the funds, the history of the actions performed, the source of funds, sex, nationality, employment status;
c) Representatives of the clients (legal entities) (members of the client’s management bodies and other representatives, for example, employees) who are authorized according to the corporate documents to represent the client in relations with the data controller or acting in accordance with the power of attorney, procuration when representing the client): personal code, personal identity document data, e-mail address, sex, position, surname, address, nationality, phone number, name, photo, signature, bank account information (bank name and bank account number), monetary transaction or transaction date, amount, currency , data about the beneficiary of the funds (natural person’s name, surname, date of birth, personal identification number or other unique character assigned to this person to identify the person, legal entity name, legal form, registered office address, code, if any);
d) Ultimate beneficiary owners of the clients (legal entities) (natural persons who directly or indirectly own a legal entity with a sufficient number of shares or voting rights or otherwise exercise control): personal identification code, identity card, sex, surname, address , nationality, name, photo, signature, number of shares held, voting rights or share capital part, monetary transaction or transaction date, amount, currency in which the monetary transaction or transaction is executed, data about the beneficiary of funds (natural person’s name, surname, date of birth, personal identification number, or other unique character assigned to this person to identify the person, legal entity name, legal form, registered office address, code, if any).
The Personal data collected and processed for the purposes of the direct marketing is as follows: name, surname, the email address, mobile phone number and the address of the place of residence.
The Personal data of the Customers is obtained from the Customers as well as from the commercial banks, other credit and financial institutions. Personal data from commercial banks, other credit and financial institutions is obtained through execution of the payment transactions.
a) payment service users (payees and payers);
b) financial institutions (subject to Customer’s consent and in the scope of the personal data of the solely specified by Customer);
c) The Bank of the Republic of Lithuania and the SEPA participant (personal data for these beneficiaries is due to the use of the Single Euro Payments Area – SEPA).
Customers’ personal data may be transmitted to the third parties not specified above for the specified and legitimate purposes only, and only to third parties who have the right established by laws and other legal acts to receive personal data in the countries of the European Union and the European Economic Area.
Cookies are files, often including unique identifiers, that are sent by web servers to web browsers, and which may then be sent back to the server each time the browser requests a page from the server.
The Company has its own website and during website visit, in order to provide the Data subject with the full range of services provided by the Company, and in order to improve the quality of the services provided to the Data subject’s computer (device), cookies may be obtained. The Company uses the information contained in the records to identify the Data subject as a previous visitor of the Company’s website, and to obtain information on the source, time of the visit to the website.
The data received by using cookies is not used and on the basis of this data it is impossible to identify a particular natural person. The Company does not use the information received by cookies to contact the website visitor using mail, email or by phone.
The Customers have to express their consent or non-consent of using the cookies by selecting “ACCEPT” option that appears before starting to use the website of Company. Customers have the right to withdraw their given consent.
Delete stored cookies
Google Analytics Cookies
You can find out more about Google Analytics here.
However, if you still want to opt out of Google Analytics cookies, you can find more information here.
The Company implements appropriate organizational and technical measures to protect the Customers’ personal data from accidental or unlawful destruction, modification, disclosure, as well as any other unlawful handling. However, no method of transmission over the Internet is 100% secure. In the unlikely scenario that Customers’ personal data is compromised due to the data breach or if the Company comes to learn that either it’s system or Customers’ account specifically has suffered the security breach; the Company will take all reasonable steps to remedy the breach as well as notifies the Customers as soon as possible.
The company does not take any responsibility regarding the third-party links found in in the Company’s website and their privacy policies used.
In accordance with statutory regulations on data protection, the Customers have the right to access the personal data relating to Customers and which has been collected or disclosed by the Company and the right to have such personal data rectified in case such personal data is inaccurate or incomplete. The Customers are granted the rights:
a) to check whether the Company holds Customers’ personal data;
b) to access and correct Customers’ personal data;
c) to request that the Company corrects any of Customers’ personal data that may be inaccurate;
d) to inquire about Company’s policies and practices in relation to personal data and to be informed of the kind of personal data held by the Company.
e) to request erasure of personal data concerning Customer when there is no sufficient legal ground for Company to process it.
The Company undertakes that all other rights of data subjects as described in applicable laws are guaranteed for the Customers as data subjects.
The Company ensures that the requested information will be provided in 30 calendar days after the day the request was received by the Company. The Customer can also file the complaint regarding the Personal data in the same manner.
The Customer has the right to submit application regarding the issues of personal data processing directly to the State Data Protection Inspectorate which is the supervisory authority of the Company for the protection of personal data. The Customer may apply in accordance with the procedures for handling complaints that are established by the State Data Protection Inspectorate.
The Company will be happy to help if any issues occur. Please contact the Company by sending an e-mail to our DPO contact listed below.
Data Protection Officer: Justina Gricak