We carefully safeguard the information we hold about you. DiPocket is the data controller of your Personal Information that you provide to us. If you wish to contact us about the processing of your Personal Information, please contact our Data Protection Officer at [email protected]
What data do we collect?
Our Company collects the following data:
- Personal identification information (name, surname, address, e-mail address, telephone number, etc.).
- Additional data required by money laundering and terrorist financing prevention legislation (personal identification number and/or date of birth, citizenship, facial image, identity document data, copies of the documents provided, details of the device used, IP address, etc.).
- Your communication with us (correspondence by email, conversations by phone, etc.).
- Transaction data (transaction amount, date and time, merchant, acceptance details (e.g., confirmed by PIN), bank account number, beneficiary or sender, etc.).
- Card data (PAN, expiry date, CVV, etc.).
- Transaction data (transaction amount, date and time, bank account number, IBAN, beneficiary or sender, etc.).
- App Login data, where you sign up to use our app (User name, password, etc.).
Account information and payment initiation services
- Transaction data (transaction amount, date and time, bank account number, IBAN, beneficiary or sender, etc.).
- Select Customer account information for Account information services (balance of funds, bank account number, etc.).
If you give us Personal Information about other people including minors which we use to provide the Services, then you confirm that (i) you have ensured that they agree to our holding and use of that data or that you are otherwise allowed to give us this Information and consent on their behalf to our holding and use of it, (ii) you have provided them with all the Information regarding the processing of personal data as required under the applicable law.
How do we collect your data?
You directly provide us with most of the data we collect. We collect data and process data when:
- You provide us with your Personal Information during the registration process. Information you provide at registration is both a statutory requirement and necessary for us to enter into the Agreement. You provide us with your Personal Information to us voluntarily. If you do not provide us with the necessary information and documents, we will not be able to perform the services.
- You use our services (e.g. information about payments you make or receive).
- You interact with us (customer service, or engage with us on any social media platform, etc.).
Our Company may also receive your data indirectly from the following sources:
- From our business partners who perform customer onboarding.
- When it is compliant with the applicable law, we receive it from third parties such as credit reference agencies (who may check the Personal Information against other databases – public or private – to which they have access), official registers and databases or fraud prevention agencies.
- In order to carry out enhanced due diligence procedures we also collect publicly available information about you (including information on the internet, social media, etc.).
- In case of Open Banking, we process personal data from accounts you hold with third party financial institutions so that you can see this data in DiPocket app
How will we use your data?
We use the Personal Information to properly fulfill the agreement with you, for security, identity verification, to communicate with you and to comply with the law:
- For contractual reasons, in order to provide you with the services (e.g. to produce cards for use with the Account, to provide you with payment services and Account-related communications, etc.).
- For purposes where we have a legal obligation, including for tax and accounting, to perform “Know your client”, to prevent and detect fraud, money laundering and other crime (such as identity theft), to carry out regulatory checks and meet our obligations to our regulators, etc.
- On the basis of your consent, where you agree in a clear and unambiguous way with processing of your personal data (for marketing purposes or when processing special category personal data).
- On the basis of our legitimate interests, where the processing is necessary for the intended purpose, such processing can be reasonably expected and it is balanced with your interests and fundamental rights and freedoms. On the basis of substantial public interest to support you if you fall under the vulnerable customer category.
- If you instruct us to process data in particular way (open banking).
- Email you with special offers on other products and services where these are related to those you already use.
We will never pass Personal Information to a third party for them to market to you without your consent.
Profiling carried out by DiPocket involves processing of Personal Information by automated means for the purposes of risk management and ongoing monitoring of transactions in order to prevent fraud, money laundering and terrorist financing. It is based on legal obligations applicable to DiPocket as financial institution.
Who we can share the Personal Information with
We will keep the Personal Information confidential but we may share it with other entities (who are also bound to keep it secure and confidential) if we have a duty to disclose it, if it is required for the provision of our Services to you.
In particular, if this is compliant with applicable law, we may share the Personal Information with:
- Other DiPocket Group companies in order to provide you with the services, to fulfil our obligations to identify you and prevent money laundering, terrorist financing and fraud.
- Our suppliers (including their sub-contractors) such as providers of data center, card processing, cards bureau (if we issue a physical card for you) and SMS messaging services, and other suppliers who provide IT and payment services.
- Other third parties (including their sub-contractors) who perform part of the services or support your transactions, such as Mastercard, CENTROlink and our partner banks in the EEA who provide, amongst other things, for the safeguarding of your funds;
- Other financial institutions when providing Account information services or making outbound payments.
- Regulators and supervisory authorities in connection with their duties (such as crime prevention).
- Fraud prevention agencies, in particular, we will always tell fraud prevention agencies if you give us false or fraudulent information. They will also allow other organisations (in Lithuania or other countries), including law enforcement agencies, to access this information to prevent and detect fraud, money laundering or other crimes. You can write to us at [email protected] for the details of the fraud prevention agencies with which we share the Information.
- Anyone to whom we transfer or may transfer our rights and duties in the Agreement including any third party after a restructure, sale or acquisition of any DiPocket Group company, provided that they use the Personal Information for the same purposes as it was originally given to us and/or processed by us.
Transfer of Personal Information outside of the EEA
We may process the Personal Information abroad, within or outside the European Union and the United Kingdom, provided we comply with the applicable laws and regulations. Where we are sharing the Personal Information with organisations outside of the EEA and the United Kingdom, we will ensure they agree to apply equivalent levels of protection as we do. We use legal mechanism, such as standard contractual clauses as indicated in General Data Protection Regulation (2016/679) art. 46 to implement the cross-border transfer of your personal data; or implement security measures like anonymization on the data before the cross border data transfer. For any inquiries on means that safeguards data transfer outside EU please contact us at [email protected]
We will transfer data to any entity who you authorise us to share information about your Account with, provided they are listed as a suitably authorised entity at the time of your request. We will rely upon your instructions to the third party to access your account information from us, as evidence of your consent to share your data.
How do we store your data?
DiPocket has established technological, physical, administrative and procedural safeguards all in line with the industry accepted standards in order to protect and ensure the confidentiality, integrity or accessibility of the Personal Data processed; prevent the unauthorized use of or unauthorized access to the Personal Data, prevent a Personal Data breach (security incident) in accordance with DiPocket’s instructions, policies and applicable laws. All our staff receives data protection training and are instructed to strictly follow our data protection policies.
Our Company securely stores your data in data centers located exclusively in European Union.
The period for which we are required to retain your information depends on the company with which you have entered into a contract:
- DiPocket Limited, according to applicable legislation of the United Kingdom, is required to keep your Personal Information for six years after the business relationship with you ends.
- DiPocket UAB, according to applicable legislation of the Republic of Lithuania, is required to keep your Personal Information related to your identification and services provided for eight years after our business relationship with you ends. Correspondence with you shall be stored for five years from the date of termination of transactions or business relationships with you. These time limits may be additionally extended for up to two years upon a reasonable instruction of a competent authority.
We may keep your Personal Information for longer because of a potential or ongoing court claim or another legal reason.
Once the relevant time period has expired and the Personal Information is no longer required for the abovementioned reasons, we will delete your data.
Please note that If you cancel or we decline your registration or you decide not to go ahead with it, we will keep the Personal Information for as long as we are required to do so under applicable law (to help prevent fraud and other financial crime, and for other legal and regulatory reasons).
What are your data protection rights?
Our Company would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:
The right to access – You have the right to request us for copies of your personal data. We may charge you a small fee for this service. If you wish to obtain a confirmation as to whether or not Personal Information concerning you is being processed by us, you can request a free copy of it by requesting this at [email protected]
The right to rectification – You have the right to request that us correct any information you believe is inaccurate. You also have the right to request us to complete the information you believe is incomplete.
The right to erasure – You have the right to request that we erase your personal data, under certain conditions. Where You make this request we will apply your instructions to any third parties who are processing your Personal Information on our behalf, and we will consider your request in the light of our legitimate interests. Where a request to erase Personal Information is received on behalf of a minor, we will take extra care to consider the impact on them of any decision we make.
The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
The right to object to processing – You have the right to object to Our Company’s processing of your personal data, under certain conditions.
The right to data portability – You have the right to request that Our Company transfer the data that we have collected to another organization, or directly to you, under certain conditions.
Where you have given us your explicit consent for the processing of Personal Information, you also have the right to withdraw this consent at any time by contacting us at [email protected] However, such withdrawal will not affect the lawfulness of the processing carried out before the withdrawal was submitted.
If you feel your rights and freedoms in relation to processing your Personal Information have been infringed in any way, please let us know so that we can attempt to resolve the issue.
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email: [email protected].
You also have a right to lodge a complaint with your national Data Protection Authority:
- In the United Kingdom – ICO (https://ico.org.uk/global/contact-us/).
- In the EU – please see a list provided (https://edpb.europa.eu/about-edpb/about-edpb/members_en).
Requirement to update your Personal Information
You must notify us immediately of any and all data and circumstances that have changed with regard to the data set out in the Agreement, or the documents submitted to us (e.g. changes in personal or contact details, residency or tax residency, loss or theft or other reason for change of an identity document) as well as of any and all circumstances that may affect the fulfilment of your obligations towards us (e.g. commencement of bankruptcy procedures of a natural person). We may request documentary evidence of the changes, which you must provide. This notification obligation applies even if the above changes have been made public (e.g. registered in a public register or published through the mass media). If you fail to fulfil the notification obligation, DiPocket is entitled to assume the correctness of the data at DiPocket’s disposal, unless otherwise prescribed in the jurisdiction of your residency.
Notices and exchange of information
We may provide you with all information electronically via the Website, App, e-mail or mobile phone, unless otherwise established in the applicable laws. We are entitled to use third party services for processing or delivering electronic notices and information to you.
If, in accordance with the applicable laws and/or this Agreement, you have the right to terminate the Agreement, you shall send the termination notification to [email protected]
Unless otherwise stipulated by the applicable laws, any notice given by DiPocket must be considered to have been received if sent by e-mail or via the App or other electronic means of communication, on the day of technical dispatch.
Your Unique Customer Identifier is your mobile number. It is important you keep it updated with us at all times as we may use it to verify it is you when you make a transactions or access your Personal Information.
Your mobile number is also used by other Customers within DiPocket’s systems to transfer or request funds to/from you.
Privacy policies of other websites
When we include links to other websites, please bear in mind they will have their own privacy and cookies policies that will govern the use of any information you submit. We recommend you read their policies before accessing their sites.
How to contact us
Email us at: [email protected]