UAB “ConnectPay”, company code 304696889 (hereinafter – the Company), registered address at Gedimino Ave. 20, 01103, Vilnius, Lithuania. The Company is the electronic money institution authorized and regulated by the Lithuanian supervisory authority – Bank of Lithuania. The Company’s activities include the issuing of electronic money, the redemption of electronic money, issuing and/or acquiring of payment instruments, execution of payments transactions. The license of the Company and all activities covered by it can be-checked
Security is highly important to us. We take all reasonable measures to protect personal data from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction, including industry standard security and encryption features.
The Company commits to comply with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), the Law on Legal Protection of Personal Data of the Republic of Lithuania and all of the other Laws and/or legal acts that are applicable, as well as all of the European Union acts that are applicable in accordance with the Personal data protection regulations that are applicable for the specific country in which the services are provided.
1. Personal data is collected for specified and legitimate purposes and is not further processed for purposes incompatible with those purposes established prior to the collection of personal data.
2. Personal data is processed accurately, honestly and lawfully.
3. Personal data is identical, suitable and only to the extent which is necessary to collect and further process the personal data.
4. The personal data is stored for the period specified by the Company, but not longer than the terms set forth by the applicable legal acts allow as well as when the storage term is expired the personal data are destroyed.
5. Implementation of adequate organizational measures, designed for securing personal data against accidental or illegal destruction, modification, disclosure, and any other illegal management.
6. Implementation of measures designated for the prevention of use by persons seeking to acquire funds by fraudulent means.
Personal data is processed in the Company when the Customer has given consent and / or when processing of data is necessary in order to fulfill the agreement to which the Customer is a party, or to take action at the request of the Customer prior to the conclusion of the agreement and / or to process the data necessary for the fulfillment of the legal obligation imposed on the Company.
The purposes of the processing of the Personal data:
(a) Provision of services of issuance, distribution and redemption of electronic money and provision of payment services;
(b) Conclusion and execution of the agreements;
(c) Customers’ identifications;
(d) Implementation of the obligations under the Law on Money Laundering and Terrorist Financing Prevention.
(e) As well, the Company may collect and process Personal data of the Customer due to the direct marketing.
The Personal data collected for the direct marketing purposes may be processed only with the consent of the Customers which clearly indicates that Customers agree with the processing of the Personal data for the direct marketing. Direct marketing is the activity that is intended to offer the goods or services to the Customer by post, telephone or other direct way as well as to inquire the opinion of the Customers about the offered goods and services. In case if the Customers do not agree with the processing of their Personal data for the direct marketing purposes, the Personal data for the direct marketing is not processed.
The Customers are granted the right to withdraw its consent given for the processing of the Personal data for the purposes of the direct marketing. The Customer may withdraw the given consent by sending the information to e-mail: email@example.com as well as by using the electronic channel which is dedicated for the management of the Customer account and for the communication with the Company.
According to the purposes specified above, the following Personal data is processed by the Company:
a) Name, surname, personal code, date of birth, age (year of birth), address, residence place, identification card (passport) number, issuance place and date, mobile phone number, email address, employment data, etc.;
b) Customers (natural persons) – personal code or other unique character sequence assigned to this person for identification, photo, signature, financial institution account number, IBAN number, debit card number, video and audio record for identification, telephone conversations, client IP addresses, date of client transactions, amount of transactions, currency, location, data about the beneficiary of the funds, the history of the actions performed, the source of funds, sex, nationality, employment status, etc.;
c) Representatives of the clients (legal entities) (members of the client’s management bodies and other representatives (for example, employees) who are authorized according to the corporate documents to represent the client in relations with the data controller or acting in accordance with the power of attorney, pro-curation when representing the client): personal code or other unique character sequence assigned to this person for identification, personal identity document data, e-mail address, sex, position, surname, address, nationality, phone number, name, photo, signature, bank account information (bank name and bank account number), monetary transaction or transaction date, amount, currency , data about the beneficiary of the funds (natural person’s name, surname, date of birth, personal identification number or other unique character assigned to this person to identify the person, legal entity name, legal form, registered office address, code, if any), etc.;
d) Ultimate beneficiary owners of the clients (legal entities) (natural persons who directly or indirectly own a legal entity with a sufficient number of shares or voting rights or otherwise exercise control) and managers: personal identification code or other unique character sequence assigned to this person , identity card, surname, address , nationality, name, photo, signature, number of shares held, voting rights or share capital part, monetary transaction or transaction date, amount, currency in which the monetary transaction or transaction is executed, data about the beneficiary of funds (natural person’s name, surname, date of birth, personal identification number, or other unique character assigned to this person to identify the person, legal entity name, legal form, registered office address, code, if any), etc.
The Personal data collected and processed for the purposes of the direct marketing is as follows: name, surname, the email address, mobile phone number and the address of the place of residence.
The Personal data of the Customers is obtained from the Customers as well as from the commercial banks, other credit and financial institutions. Personal data from commercial banks, other credit and financial institutions is obtained through execution of the payment transactions.
a) payment service users (payees and payers);
b) financial institutions (subject to Customer’s consent and in the scope of the personal data of the solely specified by Customer);
c) agent of a payment institution;
d) Company’s suppliers of software development and support services;
e) other suppliers;
Processing your information, as described above, may involve sending it to other countries outside of the EEA. In such circumstances we are responsible for making sure that your information continues to be protected.
Cookies are files, often including unique identifiers, that are sent by web servers to web browsers, and which may then be sent back to the server each time the browser requests a page from the server.
The Company has its own website and during website visit, in order to provide the Data subject with the full range of services provided by the Company, and in order to improve the quality of the services provided to the Data subject’s computer (device), cookies may be obtained. The Company uses the information contained in the records to identify the Data subject as a previous visitor of the Company’s website, and to obtain information on the source, time of the visit to the website.
The data received by using cookies is not used and on the basis of this data it is impossible to identify a particular natural person. The Company does not use the information received by cookies to contact the website visitor using mail, email or by phone.
The Customers have to express their consent or non-consent of using the cookies by selecting one of the options that appear before starting to use the website of Company: “OK” or “Deny”. The Customers has the right to withdraw their given consent.
Delete stored cookies
Google Analytics Cookies
You can find out more about Google Analytics here.
However, if you still want to opt out of Google Analytics cookies, you can find more information here.
The Company implements appropriate organizational and technical measures to protect the Customers’ personal data from accidental or unlawful destruction, modification, disclosure, as well as any other unlawful handling. However, no method of transmission over the Internet is 100% secure. In the unlikely scenario that Customers’ personal data is compromised due to the data breach or if the Company comes to learn that either it’s system or Customers’ account specifically has suffered the security breach; the Company will take all reasonable steps to remedy the breach as well as notifies the Customers as soon as possible.
The company does not take any responsibility regarding the third-party links found in in the Company’s website and their privacy policies used.
In accordance with statutory regulations on data protection, the Customers have the right to access the personal data relating to Customers and which has been collected or disclosed by the Company and the right to have such personal data rectified in case such personal data is inaccurate or incomplete. The Customers are granted the rights:
a) Right of access. Customer has the right to obtain from Company confirmation as to whether or not personal data concerning him/her is being processed, and, where that is the case, to access the personal data.
b) Right of rectification. Customer has the right to obtain from Company the rectification of inaccurate personal data concerning him/her, also the right to have incomplete personal data completed. Please be advised that Company may need to verify the accuracy of the new data Customer provides to Company.
c) Right to restriction of processing. Customer shall have the right to obtain from Company restriction of processing if there is legitimate reason. Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with Customers consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the EU or of a Member State.
d) Right to data portability. Customer has the right to receive the personal data concerning him/her, which Customer provided to Company and has the right to transmit data to another controller. Please be advised that this right only applies to information which Customer provided for Company.
e) Right of erasure (right to be forgotten). Customer have right to obtain from Company the erasure of personal data concerning if there is no good reason for Company continuing to process it. Company may not always be able to comply with the request of erasure for specific legal reasons which will be notified to Customer, if applicable, at the time of the request.
f) Right to object. Customer has the right to object at any time to processing of personal data concerning him/her which is processed for the purposes of Company’s legitimate interests.
g) Right to withdraw consent at any time where Company are relying on consent to process Customer’s personal data. However, this will not affect the lawfulness of any processing carried out before Customer withdraw his/her consent. In some cases if Customer withdraw his/her consent, Company may not be able to provide the Services to Customer.
The Company undertakes that all other rights of data subjects as described in applicable laws are guaranteed for the Customers as data subjects.
The Company ensures that the requested information will be provided in 30 calendar days after the day the request was received by the Company. The Customer can also file the complaint regarding the Personal data in the same manner.
The Customer has the right to submit application regarding the issues of personal data processing directly to the State Data Protection Inspectorate which is the supervisory authority of the Company for the protection of personal data. The Customer may apply in accordance with the procedures for handling complaints that are established by the State Data Protection Inspectorate.
The Company will be happy to help if any issues occur. Please contact the Company by sending an e-mail to our DPO contact listed below.
Data Protection Officer: Justina Gricak