UAB “International Payment Union”
II. Principles of processing Personal Data
III. Categories of Personal Data being processed
IV. Purposes and legal basis for Personal Data processing
V. Direct marketing
VI. How do we obtain your Personal Data?
VII. Who do we share your Personal Data with?
VIII. International transfer of Personal Data
IX. Automated decision-making
X. How do we protect your Personal Data?
XI. Retention terms of Personal Data processing
XII. What rights do you have in relation to your Personal Data?
XIII. The right to lodge a complaint
XV. Cookies Policy
XVI. Contact us
UAB “INTERNATIONAL PAYMENT UNION”, company code 304917978 (hereinafter – the Company or we),registered address at Barboros Radvilaites str. 1, LT-01124 Vilnius, Lithuania, is an electronic money institution, holding a license No. 39 issued by the Bank of Lithuania on 25 of July 2018.
When writing ‘you’, we mean you as – a potential, existing and/or former client, our client’s employee or other parties, such as beneficial owners, authorised representatives, business partners, other associated parties and/or person contacting us using e–mail or other communication measures.
Please note that in case you provide us with the information about any person other than yourself, your employees, counterparties, advisers or suppliers, you must ensure that they understand how their information will be used.
The principles we follow in order to comply with the need to protect your Personal Data are as follows:
The Personal Data we collect can be grouped into the following categories:
|Type of information||Personal data|
|Basic Personal Data||name, surname, job title etc.|
|Identification information and other background verification data (your or your representative’s, ultimate beneficiary owner’s of legal entities)||name, surname, personal identity code, date of birth, address, nationality, gender, passport or ID card copy, evidence of beneficial ownership or the source of funds, number of shares held, voting rights or share capital part, title, visually scanned or photographed image of your face or image that you provide through a mobile application or camera, video and audio recordings for identification, telephone conversations to comply with client due diligence/”know your client”/anti-money laundering laws and collected as part of our cli|
|Financial data||transactional data (e.g. beneficiary details, date, time, amount and currency which was used, name/IP address of sender and receiver), accounts, amount of transactions, income, location, etc.|
|Information related to legal requirements||data resulting from enquiries made by the authorities, data that enables us to perform anti-money laundering requirements and ensure the compliance with international sanctions, including the purpose of the business relationship and whether you are a politically exposed person and other data that is required to be processed by us in order to comply with the legal obligation to “know your client”.|
|Contact Data||registered/actual place of residence, phone number, e–mail address etc.|
|Any other Personal Data related to you that you may provide|
|Purpose||Legal basis||Categories of Personal Data|
|Conclusion of the contract or for performance of measures at your request prior to the conclusion of the contract (to get to know, identify and verify our clients)||1. to take the necessary steps before the conclusion of the contract; 2. legitimate interests; 3. complying with regulations applicable to us.||Basic Personal Data; Identification and other background verification data; Contact Data; Other Personal Data needed (in order to identify the possibility of providing services).|
|For the fulfilment of a contract concluded with you, including but not limited to provision of services of issuance, distribution and redemption of electronic money and provision of payment services||1. contract performance; 2. legitimate interests; 3. complying with regulations applicable to us;||Basic Personal Data; Identification and other background verification data; Financial data; Information related to legal requirements; Contact Data; Other Personal Data provided to us by or on behalf of you or generated by us in the course of providing services|
|To comply with legal obligations (e.g. implementation of the obligations under the Law on Money Laundering and Terrorist Financing Prevention of the Republic of Lithuania and other fraud and crime prevention purposes) and risk management obligations)||1. complying with regulations applicable to us; 2. legitimate interests.||Basic Personal Data; Identification and other background verification data; Financial data; Information related to legal requirements; Contact Data; Other Personal Data provided to us by or on behalf of you or generated by us in the course of providing our services.|
|To provide an answer when you contact us through our website or other communication measures||1. your consent; 2. legitimate interests.||Basic Personal Data; Contact Data; Other Personal Data provided to us by you.|
What do we mean when we say:
Legitimate Interest: the interest of ours as a business in conducting and managing our services to enable us to provide to you and offer the most secure experience.
Contract performance: processing your Personal Data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
Legal Obligation: processing your Personal Data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
We may use our existing clients’ e–mail for our similar goods or services marketing. In case you do not object to the use of your e-mail for the marketing of our similar goods and services and you are granted with clear, free of charge and easily realisable possibility to object or withdraw from such use of your contact details by sending each message.
We may also provide the information to you being our client about our products or services by sending the messages in the application and such messages may be viewed in the notification center, in case you do not choose the “opt-out” function in our application.
In other cases, we may use your Personal Data for the purpose of direct marketing, if you give us your prior consent regarding such use of data.
We are entitled to offer the services provided by our business partners or other third parties to you or find out your opinion on different issues in relation to our business partners or other third parties on the legal basis for this, i.e. on the basis of a prior consent.
In case you do not agree to receive these marketing messages and/or calls offered by us, our business partners or third parties, this will not have any impact on the provision of services to you as the client.
We provide a clear, free-of-charge and easily realisable possibility for you at any time not to give your consent or to withdraw your given consent for sending proposals put forward by us. We shall state in each notification sent by e-mail that you are entitled to object to the processing of the Personal Data or refuse to receive notifications from us. You shall be entitled to refuse to receive notifications from us by clicking on the respective link in each e-mail notification.
We collect information you provide directly to us. For example, when becoming a new client (if you have entered into or seek to enter into an agreement with us). The Company also collects information which you provide us with such as messages that you have sent us (e.g. completing a form on our website or mobile application, registration for our services), by access and use of our website or mobile application, by setting up an account with us, when you subscribe to our electronic publications (e.g. newsletters).
Personal Data that we may collect from third parties:
We may transfer your Personal Data in accordance with the principles of confidentiality to the following categories of recipients:
As we provide international services your Personal Data may be transferred and processed outside the European Union (hereinafter – the EU) and the European Economic Area (hereinafter – the EEA).
The transfer of Personal Data may be considered as needed in such situations as, e.g.:
This can be done in a number of different ways, for example:
We may transfer Personal Data to a third country by taking other measures if it ensures appropriate safeguards as indicated in the GDPR.
In some cases, we may use automated decision-making which refers to a decision taken solely on the basis of automated processing of your Personal Data.
Automated decision-making refers to the processing using, for example, a software code or an algorithm, which does not require human intervention.
We may use forms of automated decision making on processing your Personal Data for some services and products. You can request a manual review of the accuracy of an automated decision in case you are not satisfied with it.
We ensure the implementation of appropriate technical and organizational and administrative security measures required to ensure the security of your Personal Data processing, in order to protect your Personal Data from loss, misuse, accidental or unlawful destruction, modification, disclosure, unauthorized access or any other unlawful handling.
The Company and any third-party service providers that may engage in the processing of Personal Data on our behalf (for the purposes indicated above) are also contractually obligated to respect the confidentiality of the Personal Data.
We will keep your Personal Data for as long as it is needed for the purposes for which your data was collected and processed but no longer than it is required by the applicable laws and regulations. This means that we store your data for as long as it is necessary for providing services and as required by retention requirements in laws and regulations. If the legislation of the Republic of Lithuania does not provide any period of retention of Personal Data, this period shall be determined by us, taking into account the legitimate purpose of the data retention, the legal basis and the principles of lawful processing of Personal Data.
In the cases when the terms of data keeping are indicated in the legislative regulations, the legislative regulations are applied.
Your Personal Data might be stored longer if:
You as a data subject have rights in respect of Personal Data, we hold on you. Under certain circumstances and in accordance with EU or other applicable data protection laws, you may have the right to:
We will exercise your rights only after we receive your written request to exercise a particular right indicated above and only after confirming the validity of your identity. The written request shall be submitted to us by personally appearing at the registered office address of the Company, by ordinary mail or by e-mail: firstname.lastname@example.org.
Your requests shall be fulfilled or fulfilment of your requests shall be refused by specifying the reasons for such refusal within 30 (thirty) calendar days from the date of submission of the request meeting our internal rules and GDPR. The afore-mentioned time frame may be extended for 30 (thirty) calendar days by giving a prior notice to you if the request is related to a great scope of Personal Data or other simultaneously examined requests. A response to you will be provided in a form of your choosing as the requester.
You can file a complaint regarding the Personal Data in the same manner as specified above the section XII.
You can also address the State Data Protection Inspectorate with a claim regarding the processing of your Personal Data if you believe that the Personal Data is processed in a way that violates your rights and legitimate interests stipulated by applicable legislation. You may apply in accordance with the procedures for handling complaints that are established by the State Data Protection Inspectorate and which may be found by this link: https://www.ada.lt/go.php/Skundu-nagrinejimas378.
For more information on how to control your Cookie settings and browser settings or how to delete Cookies on your hard drive, please read the Cookies Policy available on our website: www.interpaylink.com.
You can contact us by writing to us at email@example.com or post us at UAB “International Payment Union” – Barboros Radvilaites str. 1, LT-01124 Vilnius, Lithuania.
You can also contact our Data Protection Officer by sending an e-mail to the address:firstname.lastname@example.org.