Version No.1 valid as of 05/03/2019
We are committed to protect your Personal Data and respect your privacy. This privacy notice (together with the General Electronic Money and Payment Service Agreement) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us and what choices you have about your personal data. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
This privacy notice is aligned with The Republic of Lithuania Legal Protection Law of Personal Data No. I-1374, Amendment No. XIII-1426 and General Data Protection Regulation.
Institution – UAB SAFU.COM;
Data Controller - the natural or legal person, which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Law. In this instance, Institution is Data Controller.
Data Processor - a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Data Subject - the individual in relation to which Institution is holding information about - employees, partners, customers, other individuals to whom Institution renders services.
Law – The Republic of Lithuania Legal Protection Law of Personal Data No. I-1374, Amendment No. XIII-1426 valid from July 16, 2018 and General Data Protection Regulation (EU) 2016/679 of 27.04.2016.
We collect personal information about you when you use our products or services, or deal with us in some way. We collect information about you from a variety of sources, such as:
- Applications, personal financial statements, and other written or electronic communications reflecting information such as your name, address, identification number, occupation, assets, and income.
- Transactional account history including your account balance, payment records, and credit card usage.
- Information received from third parties, (e.g. government, regulatory, or credit agencies).
This includes collecting information when you:
- Contact us - for example, when you sign up, fill in an application or order form, give us feedback or make a complaint.
- Use our products or services - for example, when you perform transactions, use your debit or credit card or make exchange operations.
- Visit our website or use our mobile apps.
The information we collect from you may include:
- Login credential information – including your email address and phone number.
- Information about your identity data — including your name, date of birth and other ID information.
- Information about contact data may include your declared and actual address of residency, telephone number, email address.
- Due diligence information – including Know your customer, Anti-Money-Laundering and other customer registration information.
- Other personal information, such as details of your interactions with us.
- Information about transaction data may include financial, transaction information, card details.
- When you visit our website, or use our mobile apps we collect usage data —your location information, IP address, browser type and version, operating system and any third-party sites you access.
You have rights to transparent information, communication and modalities for the exercise of your rights as the Data Subject under the Law. Your principal rights under the Law are:
- the right to be informed;
- the right to access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to object to processing;
- the right to data portability;
- the right to complain to a supervisory authority; and
- the right to withdraw consent.
You have the right to be informed about the collection and use of personal data. Information must be concise, transparent, intelligible, easily accessible, and written in clear and plain language.
You have the right to request details of personal information which we hold about you under the Law, this includes access to the personal data, together with certain additional information. Additional information includes details of the purposes of the processing, the categories of personal data. The rights and freedoms of others are not affected.
You have “the right to be forgotten”, to the erasure of your personal data without undue delay. It applies in following circumstances:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- you withdraw consent to consent-based processing;
- you object to the processing under certain rules of applicable data protection law;
- the processing is for direct marketing purposes;
- the personal data have been unlawfully processed.
However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defense of legal claims.
In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; the personal data is no longer needed for the purposes of processing, but you require personal data for the establishment, exercise or defense of legal claims; you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data.
You have the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics.
To the extent that the legal basis for our processing of your personal data is consent; or that the processing is necessary for the performance of an agreement to which you are party or in order to take steps at your request prior to entering into a contract, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
If you consider that processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
You may exercise any of your rights in relation to your personal data by written notice to us.
We collect much of the information listed above directly from you when you submit it on our website or through our mobile application. This includes information such as contact information, registration information and service inquiries. If you do not want to share your information, you can choose not to participate in a particular service or activity.
Indirect Collection – Cookies and Other Technology
- Provide you with personalized content based on your use of the Website
- Enable you to more easily use the Website by remembering and using contact information, purchasing information, and registration information
- Evaluate, monitor and analyze the use of the Website and Institution mobile application and their traffic patterns to help improve the Website and services
- Assist us with ad reporting functions such as to learn which ads are bringing users to the Website
The types of technologies we use include:
Like most standard website servers, we use log files. Log files track Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, platform type, date/time stamp, and number of clicks. We utilize this information to analyze trends, administer the site, prevent fraud, track website navigation in the aggregate, and gather broad demographic information for aggregate use.
We are careful about how we use your information. We use it to deliver our products and provide our services. We also use your information for other reasons, such as to better understand you and your needs, and to let you know about other products and services you might be interested in. We collect, use and exchange your information for the following purposes:
Provision of financial services
- Customer identification
Account servicing/ provision of the payment services:
- Payment service provision;
- Issuance and servicing of payment cards / credit cards;
Providing remote financial institution services
Provision of EMI services:
- Monetary operation processing;
- Beneficiary identification;
- Provision of mobile application services
- Using cookies
- Provision of EMI services:
Enforcement of statutory obligations
- Know-Your-Customer research, incl. identification of the customer, identification of the beneficial owner and clarification of a politically significant person;
- Public Institutions / Investigations, etc. execution of law enforcement requests;
- Fulfilment of AML law requirements, such as suspicious and unusual transaction tracking system maintenance and reporting;
- Control service reporting.
- Provision of general information via telephone;
- Website online request form fulfilment;
- Customer group evaluation and research;
- Sending commercial notices;
- Organization of customer events;
- Addressing potential clients;
- Using cookies;
We shall use the personal data in compliance with the Law, and the confidentiality obligation contained in the General Electronic Money and Payment Service Agreement, and only use and retain such data as far and as long as this is necessary for the purposes of Institution utilization, rendering of services on the Website and for keeping customers informed of Institution services.
In addition, our mobile application will collect and track information regarding the mobile experience - such as your phone model, the duration and frequency of your usage sessions, information regarding application crashes, the particular screens you choose to view, etc.
We will not disclose any of your personally identifiable information except when we have your permission or under special circumstances, such as when we believe in good faith that the Law requires it or under the circumstances described below.
These are some of the ways that your information may be disclosed:
We occasionally hire other companies to provide limited services on our behalf, including Website development and operation, sending postal mail or email, analyzing website use, processing payments, processing data. We will only provide those companies the information they need to deliver the service, and they are contractually prohibited from using that information for any other reason.
To make an informed decision on whether to provide your personal data to the Institution using this website, we need to make you aware of organizations that act as Data Processors for us in the provision of our services to you:
UAB “Kredito uniju namai” – Banking Information System FORPOST for management of the Customer’s information flow and record keeping.
Central Bank of Lithuania - payment service system provider, to send and receive SEPA payments.
CENTROlink – a payment system operated by the Bank of Lithuania, providing the gateway to the Single Euro Payments Area (SEPA).
UAB “Identifikaciniai projektai” – personal identification service provider
LexisNexis Risk Solutions (Europe) Ltd. - Anti-Money Laundering solutions
Data in the Aggregate
We may disclose “blinded” aggregated data and user statistics to prospective partners and other third parties. Blinded data is data that does not identify an individual person.
We use multiple security measures to ensure confidentiality your information. We aim to only keep your information for as long as we need it.
We store your hard copy and electronic records in secure buildings and systems. Access to your personal information is permitted only for Institution authorized employees.
When you log into our Website or apps, we encrypt data sent from your computer to our systems so no one else can access it. We have firewalls, intrusion detection and virus scanning tools to stop viruses and unauthorized people accessing our systems.
We use Secure Sockets Layered (SSL) technology to ensure that your information is fully encrypted and sent across the Internet securely.
We use PCI DSS encryption technology for payment card numbers, passwords, and registration information. Every session required for Two Factor Authentication, is an extra layer of security that requires not only a password and username on your login at Institution.
We offer our customers choices for the collection, use and sharing of personal information. You may contact us at [email protected] if you wish to edit your private information and we will use commercially reasonable efforts to accommodate your request.
If you believe that any inaccurate or inappropriate information has been obtained or provided to others through your use of this website, you should contact a representative of Institution via email: [email protected] or at the branch located on P. Babickio g. 22C, LT-11311, Vilnius, I-V from 9 a.m. to 5 p.m. Make sure to have your ID document with you.
To get access to your personal data processed by Institution, please submit request via email: [email protected] or at the branch located on P. Babickio g. 22C, LT-11311, Vilnius, I-V from 9 a.m. to 5 p.m. Indicate your full name and attach a copy of your ID document.
We will provide the required data or the reason for refusal to provide such data within the period set by legislation.
Keeping your personal financial information private is very important to us. As a matter of policy and long-time business practice, we do not sell information provided by our users. Any user statistics that we may provide to prospective partners regarding financial matters are provided in the aggregate only and do not include any personally identifiable information about any individual user or corporate user.
Remember to sign out of your account and close your browser window when you have finished your work. This is to ensure that others cannot access your account by using your computer when you are away from it. Because information sent through the Internet travels from computer to computer throughout the world, when you give us information, that information may be sent electronically to servers outside of the country where you originally entered the information.
Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. Information that you disclose by use of the Website (as with any site that is non-secure), by posting a message or using e-mail, potentially could be collected and used by others. This may result in unsolicited messages from third parties or use of such information by third parties for their own purposes, legal or illegal. As a result, while we strive to protect your personal information, we cannot ensure or warrant the security of any information you transmit to us or from our services, and you do so at your own risk. Once we receive your transmission, we use commercially reasonable efforts to ensure its security on our systems.
When do we need to tell you about personal breach?
In the case of a personal data breach, we shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify. If a breach is likely to result in a high risk to the rights and freedoms of individuals, we must inform you directly and without undue delay.
What is a personal data breach?
A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes. It also means that a breach is more than just about losing personal data.
Personal data breaches can include:
- access by an unauthorised third party;
- deliberate or accidental action (or inaction) by a controller or processor;
- sending personal data to an incorrect recipient;
- computing devices containing personal data being lost or stolen;
- alteration of personal data without permission; and
- loss of availability of personal data.
You can contact us any time to exercise any of your rights in relation to your personal data or if you have any additional questions about Privacy collection and storage of data by contacting us at [email protected]. The person submitting the request must clearly indicate his/her full name and add a copy of his/her personal identification document.