Privacy Policy

Introduction

UAB “ConnectPay”, company code 304696889 (hereinafter – the Company), registered address at Gedimino Ave. 20, 01103, Vilnius, Lithuania. The Company is the electronic money institution authorized and regulated by the Lithuanian supervisory authority – Bank of Lithuania. The Company’s activities include the issuing of electronic money, the redemption of electronic money, issuing and/or acquiring of payment instruments, execution of payments transactions. The license of the Company and all activities covered by it can be checked here.

All activities of the Company are regulated by the applicable laws related to the electronic money, including, but not limited to the legal acts related to the financial institutions and financial services. Moreover, as the Company is collecting and using the personal data (hereinafter – the Personal data) of its customers (hereinafter – the Customers), the Company is obligated to use and process the Personal data of the Customers only in accordance with this privacy policy (hereinafter – Privacy policy) and the applicable legal acts which regulate the protection of Personal data.

Principles of processing personal data

The Company commits to comply with the provisions of General Data Protection Regulation, the Law on Legal Protection of Personal Data of the Republic of Lithuania and all of the other Laws and/or legal acts that are applicable, as well as all of the European Union acts that are applicable in accordance with the Personal data protection regulations that are applicable for the specific country in which the services are provided.

This Privacy policy is prepared for the introduction of the Customers how the Company is processing the Personal data of the Customers and well as what kind of measures are implemented in the Company to achieve the adequate protection of the Personal data of the Customers that are being processed during the provision of services. The principles that the Company strictly follows to comply with the needs to protect its Customers Personal data.

1.Personal data is collected for specified and legitimate purposes and is not further processed for purposes incompatible with those purposes established prior to the collection of personal data.

2. Personal data is processed accurately, honestly and lawfully.

3.Personal data is accurate and if necessary due to the processing of personal data is constantly updated as well as inaccurate or incomplete data is corrected, supplemented, destroyed or the processing is stopped.

4. Personal data is identical, suitable and only to the extent which is necessary to collect and further process the personal data.

5. The personal data is stored for the period specified by the Company, but not longer than the terms set forth by the applicable legal acts allow as well as when the storage term is expired the personal data are destroyed.

6. Implementation of adequate organizational measures, designed for securing personal data against accidental or illegal destruction, modification, disclosure, and any other illegal management.

7. Implementation of measures designated for the prevention of use by persons seeking to acquire funds by fraudulent means.

8. The personal data of the customers is considered as confidential information and may only be disclosed to the third parties in accordance with the rules and procedure provided in the Privacy Policy, internal documents of the Company and the legal acts of the Republic of Lithuania.

Legal basis for Personal data processing and purposes

Personal data is processed in the Company when the Customer has given consent and / or when processing of data is necessary in order to fulfill the agreement to which the Client is a party, or to take action at the request of the Customer prior to the conclusion of the agreement and / or to process the data necessary for the fulfillment of the legal obligation imposed on the Company.

The purposes of the processing of the Personal data:

(a) Provision of services of issuance, distribution and redemption of electronic money and provision of payment services;

(b) Conclusion and execution of the agreements;

(c) Customers’ identifications;

(d) Implementation of the obligations under the Law on Money Laundering and Terrorist Financing Prevention.

As well, the Company may collect and process Personal data of the Customer due to the direct marketing.
The Personal data collected for the direct marketing purposes may be processed only with the consent of the Customers which clearly indicates that Customers agree with the processing of the Personal data for the direct marketing. Direct marketing is the activity that is intended to offer the goods or services to the Customer by post, telephone or other direct way as well as to inquire the opinion of the Customers about the offered goods and services. In case if the Customers do not agree with the processing of their Personal data for the direct marketing purposes, the Personal data for the direct marketing is not processed. The Customers are granted the right to withdraw its consent given for the processing of the Personal data for the purposes of the direct marketing. The Customer may withdraw the given consent by sending the information to e-mail: clientcare@connectpay.com as well as by using the electronic channel which is dedicated for the management of the Customer account and for the communication with the Company.

Processed Personal data and the storage term of the Personal data

According to the purposes specified above, the following Personal data is processed by the Company:

a) Name, surname, personal code, date of birth, age (year of birth), address, residence place, identification card (passport) number, issuance place and date, mobile phone number, email address, employment data;

b) Customers (natural persons) – photo, signature, financial institution account number, IBAN number, debit card number, video and audio record for identification, telephone conversations, client IP addresses, date of client transactions, amount of transactions, currency, location, data about the beneficiary of the funds, the history of the actions performed, the source of funds, sex, nationality, employment status;

c)  Representatives of the clients (legal entities) (members of the client’s management bodies and other representatives, for example, employees) who are authorized according to the corporate documents to represent the client in relations with the data controller or acting in accordance with the power of attorney, procuration when representing the client): personal code, personal identity document data, e-mail address, sex, position, surname, address, nationality, phone number, name, photo, signature, bank account information (bank name and bank account number), monetary transaction or transaction date, amount, currency , data about the beneficiary of the funds (natural person’s name, surname, date of birth, personal identification number or other unique character assigned to this person to identify the person, legal entity name, legal form, registered office address, code, if any);

d) Ultimate beneficiary owners of the clients (legal entities) (natural persons who directly or indirectly own a legal entity with a sufficient number of shares or voting rights or otherwise exercise control): personal identification code, identity card, sex, surname, address , nationality, name, photo, signature, number of shares held, voting rights or share capital part, monetary transaction or transaction date, amount, currency in which the monetary transaction or transaction is executed, data about the beneficiary of funds (natural person’s name, surname, date of birth, personal identification number, or other unique character assigned to this person to identify the person, legal entity name, legal form, registered office address, code, if any).

The Personal data collected and processed for the purposes of the direct marketing is as follows: name, surname, the email address, mobile phone number and the address of the place of residence.

The Personal data of the Customers are kept in such a way that the identity of the Customers can be determined for no longer than is necessary for the purposes for which Personal data is processed. The terms of storage of the Personal data of the Customers in case of the purposes indicated in this Privacy policy, excluding the purpose for the direct marketing, are set forth by the applicable law. The Company strictly follows those terms and in case changes appear, the terms are changed in accordance with the changes. The Personal data of the Customers collected and processed for the purpose of direct marketing shall be kept not longer than the consent of the Customers’ is valid.

The Personal data of the Customers is obtained from the Customers as well as from the commercial banks, other credit and financial institutions. Personal data from commercial banks, other credit and financial institutions is obtained through execution of the payment transactions.

Customers’ Personal data recipients

Customers’ Personal data specified in this Privacy Policy may be transferred to:

a) payment service users (payees and payers);

b) financial institutions (subject to Customer’s consent and in the scope of the personal data of the solely specified by Customer);

c) The Bank of the Republic of Lithuania and the SEPA participant (personal data for these beneficiaries is due to the use of the Single Euro Payments Area – SEPA).

Customers’ personal data may be transmitted to the third parties not specified above for the specified and legitimate purposes only, and only to third parties who have the right established by laws and other legal acts to receive personal data in the countries of the European Union and the European Economic Area.

Use of Cookies

Cookies are files, often including unique identifiers, that are sent by web servers to web browsers, and which may then be sent back to the server each time the browser requests a page from the server.
The Company has its own website and during website visit, in order to provide the Data subject with the full range of services provided by the Company, and in order to improve the quality of the services provided to the Data subject’s computer (device), cookies may be obtained. The Company uses the information contained in the records to identify the Data subject as a previous visitor of the Company’s website, and to obtain information on the source, time of the visit to the website.
The data received by using cookies is not used and on the basis of this data it is impossible to identify a particular natural person. The Company does not use the information received by cookies to contact the website visitor using mail, email or by phone.
The Customers have to express their consent or non-consent of using the cookies by selecting “ACCEPT” option that appears before starting to use the website of Company. Customers have the right to withdraw their given consent.

Delete stored cookies
If at a certain moment you have allowed the use of cookies when visiting our website and now you wish to opt out and delete the cookies collected, please find instructions on how to proceed according to your browser here.

Google Analytics Cookies
Google Analytics uses cookies which record information such as how many pages you visited on this website, the traffic source that brought you on our website, how much time you spent on the page. The information collected is used to measure, monitor and improve our website performance. No sensitive personal information is collected through Google Analytics.
You can find out more about Google Analytics here.
However, if you still want to opt out of Google Analytics cookies, you can find more information here.

Security of personal data

The Company implements appropriate organizational and technical measures to protect the Customers’ personal data from accidental or unlawful destruction, modification, disclosure, as well as any other unlawful handling. However, no method of transmission over the Internet is 100% secure. In the unlikely scenario that Customers’ personal data is compromised due to the data breach or if the Company comes to learn that either it’s system or Customers’ account specifically has suffered the security breach; the Company will take all reasonable steps to remedy the breach as well as notifies the Customers as soon as possible.

Third Party Links

The company does not take any responsibility regarding the third-party links found in in the Company’s website and their privacy policies used.

The rights granted to the Customers as personal data subject

In accordance with statutory regulations on data protection, the Customers have the right to access the personal data relating to Customers and which has been collected or disclosed by the Company and the right to have such personal data rectified in case such personal data is inaccurate or incomplete. The Customers are granted the rights:

a) to check whether the Company holds Customers’ personal data;

b) to access and correct Customers’ personal data;

c) to request that the Company corrects any of Customers’ personal data that may be inaccurate;

d) to inquire about Company’s policies and practices in relation to personal data and to be informed of the kind of personal data held by the Company.

e) to request erasure of personal data concerning Customer when there is no sufficient legal ground for Company to process it.

The Company undertakes that all other rights of data subjects as described in applicable laws are guaranteed for the Customers as data subjects.

Procedure of handling requests and complaints

The Company ensures that the requested information will be provided in 30 calendar days after the day the request was received by the Company. The Customer can also file the complaint regarding the Personal data in the same manner.
The Customer has the right to submit application regarding the issues of personal data processing directly to the State Data Protection Inspectorate which is the supervisory authority of the Company for the protection of personal data. The Customer may apply in accordance with the procedures for handling complaints that are established by the State Data Protection Inspectorate.

Contact the Company

The Company will be happy to help if any issues occur. Please contact the Company by sending an e-mail to our DPO contact listed below.

Data Protection Officer: Justina Gricak
Email: dpo@connectpay.com