The DiPocket group consists of DiPocket UAB and DiPocket Limited (“DiPocket”). We will let you know which company you have a relationship with when you first apply for or use our services (the “Services”). This Privacy Policy will explain how our organization uses the information (the “Personal Data”) we collect from you when you use our Services.

We carefully safeguard the Personal Data we hold about you. DiPocket is the data controller of your Personal Data, provided to us. If you wish to contact us about the processing of your Personal Data, please contact our Data Protection Officer at [email protected].

What data do we collect?

DiPocket collects the following data:

User profile:

  • Personal identification information (name, surname, address, e-mail address, telephone number, etc.);
  • Additional data required by money laundering and terrorist financing prevention legislation (personal identification number and/or date of birth, citizenship, facial image, identity document data, copies of the documents provided, details of the device used, IP address, etc.);
  •  Location data, where you sign up to use the Services as well as your location when using the Services;
  •  Your communication with us (correspondence by e-mail, conversations by phone, etc.).

Payment services:

  • Transaction data (transaction amount, date and time, merchant, acceptance details (e.g., confirmed by PIN);
  • Card data (PAN, expiry date, etc.);
  • Sender or beneficiary data (bank account number, IBAN, beneficiary or sender, etc.).
  • Account information and payment initiation services:
  • Transaction data (transaction amount, date and time, bank account number, IBAN, beneficiary or sender, etc.);
  • Select User account information for account information services (balance of funds, bank account number, etc.).

If you give us Personal Data about other people, including minors, which we use to provide the Services, then you confirm that (i) you have ensured that they agree to our holding and use of that Personal Data or that you are otherwise allowed to give us this information and consent on their behalf to our holding and use of it, and (ii) you have provided them with all the information regarding the processing of Personal Data as required under the applicable laws.

How do we collect your data?

You directly provide us with most of the Personal Data we collect. We collect such data and process it when:

  • You provide us with your Personal Data during the registration process. Information you provide at registration is both a statutory requirement and necessary for us to enter into the agreement (the “Agreement”). You provide us with your Personal Data voluntarily. If you do not provide us with the necessary information and documents, we will not be able to perform the Services;
  • You use our Services (e.g., information about payments you make or receive); You interact with us (customer service, or engage with us on any social media platform, etc.).

DiPocket may also receive your Personal Data indirectly from the following sources:

  •  From our business partners who perform User onboarding, including, where applicable, financial institutions or other obligated entities that we rely on for verifying user identity;
  •  When it is compliant with the applicable law, we may receive it from third parties such as credit reference agencies (who may check the Personal Data against other databases – public or private – to which they have access), official registers and databases or fraud prevention agencies;
  •  In order to carry out enhanced due diligence procedures we also collect publicly available information about you (including information on the internet, social media, etc.);
  •  In case of open banking, upon receiving your consent, we process Personal Data from accounts you hold with third party financial institutions.
  • How will we use your data?

We use the Personal Data to properly fulfill the Agreement:

  • ·or contractual reasons, in order to provide you with the Services (e.g., to produce cards for use with the account, to provide you with payment services and account-related communications, etc.);
  • For purposes where we have a legal obligation, including for tax and accounting, to perform “Know your client”, to prevent and detect fraud, money laundering and other crime (such as identity theft), to carry out regulatory checks, including PEP (Politically Exposed Persons) screening, sanctions screening, and adverse media monitoring, and meet our obligations to our regulators, etc.;
  • On the basis of your consent, where you agree in a clear and unambiguous way with processing of your Personal Data for marketing purposes or when processing special category personal data, etc.; On the basis of our legitimate interests, where the processing is necessary for the intended purpose, such processing can be reasonably expected and it is balanced with your interests and fundamental rights and freedoms;
  • On the basis of substantial public interest to support you if you fall under the vulnerable User category;
  • If you instruct us to process Personal Data in a particular way (e.g., open banking);
  • ·E-mailing you with offers on other products and services where these are related to those you already use.

We will never pass Personal Data to a third party for them to market to you without your consent.

Profiling

Profiling carried out by DiPocket involves processing of Personal Data by automated means for the purposes of risk management and ongoing monitoring of transactions in order to prevent fraud, money laundering and terrorist financing. It is based on legal obligations applicable to DiPocket as financial institution.

Who we can share the Personal Data with

We will keep the Personal Data confidential but we may share it with other entities (who are also bound to keep it secure and confidential) if we have a duty to disclose it or if it is required for the provision of the Services.

In particular, if this is compliant with applicable laws, we may share the Personal Data with:

  •  Other DiPocket group companies and/or our distributors (where applicable) in order to provide you with the Services, to fulfil our obligations to identify you and prevent money laundering, terrorist financing and fraud;
  • Our suppliers (including their sub-contractors) such as providers of data center, card processing, cards bureau (if we issue a physical card for you) and SMS messaging services, and other suppliers who provide IT and payment services;
  • Other third parties (including their sub-contractors) who perform part of the Services or support your transactions, such as Mastercard, SWIFT, CENTROlink and our partner banks who provide payment execution;
  • Other financial institutions when providing account information services or making outbound payments;
  • Regulators and supervisory authorities in connection with their duties (such as crime prevention);
  • Fraud prevention agencies, in particular, we will always tell fraud prevention agencies if you give us false or fraudulent information. They will also allow other organisations (in Lithuania, United Kingdom or other countries), including law enforcement agencies, to access this information to prevent and detect fraud, money laundering or other crimes. You can write to us at [email protected] for the details of the fraud prevention agencies with which we share the information;
  • Anyone to whom we transfer or may transfer our rights and duties in the Agreement, including any third party after a restructure, sale or acquisition of any DiPocket group company, provided that they use the Personal Data for the same purposes as it was originally given to us and/or processed by us.

Transfer of Personal Data outside of the EEA and United Kingdom

We may process the Personal Data abroad, within or outside the European Economic Area and the United Kingdom, provided we comply with the applicable laws and regulations. Where we are sharing the Personal Data with organisations outside of the EEA and the United Kingdom, we will ensure they agree to apply equivalent levels of protection as we do. We use legal mechanism, such as standard contractual clauses as indicated in General Data Protection Regulation (2016/679) art. 46 to implement the cross-border transfer of your personal data, or implement security measures like anonymization on the data before the cross border data transfer. For any inquiries on means that safeguards data transfer outside the EEA and the United Kingdom please contact us at [email protected].

Open-Banking

We will transfer Personal Data to any entity, who you authorise us to share information about your account with, provided that they are listed as a suitably authorised entity at the time of your request. We will rely upon your instructions to the third party to access your account information from us, as evidence of your consent to share your Personal Data.

How do we store your data?

DiPocket has established technological, physical, administrative and procedural safeguards in line with the industry accepted standards to protect and ensure the confidentiality, integrity or accessibility of the Personal Data processed, to prevent the unauthorized use of or unauthorized access to the Personal Data, and to prevent a Personal Data breach (security incident). All our staff receives data protection training and are instructed to strictly follow our data protection policies.

DiPocket securely stores your data in data centers located exclusively in European Union and United Kingdom.

The period for which we are required to retain your information depends on the company with which you have entered into a contract:

  • DiPocket Limited, in compliance with the relevant legislation of the United Kingdom, will retain your Personal Data for a period not exceeding six years following the termination of our business relationship with you as it is required to ensure we can fulfil our legal obligations regarding the retention of data for anti-money laundering and counter-terrorism prevention purposes, and to enable us to respond to any potential legal claims;
  • DiPocket UAB, in compliance with the relevant legislation of the Republic of Lithuania, will retain your Personal Data for a period not exceeding ten years following the termination of our business relationship with you as it is required to ensure we can fulfil our legal obligations regarding the retention of data for anti-money laundering and counter-terrorism prevention purposes, and to enable us to respond to any potential legal claims.

We may keep your Personal Data for longer because of a potential or ongoing court claim or another legal reason.

Once the relevant time period has expired and the Personal Data is no longer required for the abovementioned reasons, we will delete your Personal Data.

Please note that if you cancel, or we decline your registration or you decide not to go ahead with it, we will keep the Personal Data for as long as we are required to do so under applicable laws (to help prevent fraud and other financial crime, and for other legal and regulatory reasons).

What are your data protection rights?

Every User is entitled to the following:

The right to access – You have the right to request us for copies of your Personal Data. We may charge you a small fee for this if you wish to obtain a confirmation as to whether or not Personal Information concerning you is being processed by us, you can request a free copy of it by requesting this at [email protected].

The right to rectification – You have the right to request us to correct any information you believe is inaccurate. You also have the right to request us to complete the information you believe is incomplete.

The right to erasure – You have the right to request that we erase your Personal Data, under certain conditions. Where you make this request we will apply your instructions to any third parties who are processing your Personal Data on our behalf, and we will consider your request in light of our legitimate interests. Where a request to erase Personal Data is received on behalf of a minor, we will take extra care to consider the impact on them of any decision we make.

The right to restrict processing – You have the right to request that we restrict the processing of your Personal Data, under certain conditions.

The right to object to processing – You have the right to object to DiPocket’s processing of your Personal Data, under certain conditions.

The right to data portability – You have the right to request that we transfer the Personal Data that we have collected to another organizations, or directly to you, under certain conditions.

Where you have given us your explicit consent for the processing of Personal Data, you also have the right to withdraw this consent at any time by contacting us at [email protected]. Such withdrawal will not affect the lawfulness of the processing carried out before the withdrawal was submitted.

If you feel your rights and freedoms in relation to processing your Personal Data have been infringed in any way, please let us know so that we can attempt to resolve the issue.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email: [email protected].

You also have a right to lodge a complaint with your national Data Protection Authority: · In the United Kingdom – ICO (https://ico.org.uk/global/contact-us/). · In the EU – please see a list provided (https://edpb.europa.eu/about-edpb/about-edpb/members_en).

Requirement to update your Personal Data

You must notify us immediately of any and all data and circumstances that have changed with regard to the data set out in the Agreement, or the documents submitted to us (e.g., changes in personal or contact details, residency or tax residency, loss or theft or other reason for change of an identity document) as well as of any and all circumstances that may affect the fulfilment of your obligations towards us (e.g., commencement of bankruptcy procedures of a natural person). We may request documentary evidence of the changes, which you must provide. This notification obligation applies even if the above changes have been made public (e.g., registered in a public register or published through the mass media). If you fail to fulfil the notification obligation, DiPocket is entitled to assume the correctness of the data at DiPocket’s disposal, unless otherwise prescribed in the jurisdiction of your residency.

Notices and exchange of information

We may provide you with all information electronically via the Website, App, e-mail or mobile phone, unless otherwise established in the applicable laws. We are entitled to use third party services for processing or delivering electronic notices and information to you.

Unless otherwise stipulated by the applicable laws, any notice given by DiPocket must be considered to have been received if sent by e-mail or via the App or other electronic means of communication available for the Services, on the day of technical dispatch.

Unique User Identifier

Your Unique User Identifier is your mobile number. It is important you keep it updated with us at all times as we may use it to verify it is you when you make a transactions or access your Personal Data.

Privacy policies of other websites

When we include links to other websites, please bear in mind they will have their own privacy and cookies policies that will govern the use of any information you submit. We recommend you read their policies before accessing these sites.

Changes to our Privacy Policy

DiPocket keeps its Privacy Policy under regular review and places any updates on this web page. This Privacy Policy was last updated on 26 November 2024.

How to contact us

If you have any questions about DiPocket’s Privacy Policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us. Email us at: [email protected].