Политика конфиденциальности

Date of issue: 01/01/2021

We carefully safeguard the information we hold about you, including your personal data (the "Personal Information") and name, surname, personal identification number, date of birth, address, e-mail address, telephone number, facial image, live video recording, identity document data and a copy of the document, transaction data, PAN, expiry date, CVV, payment account number, IP address, citizenship, employment, public office, other applicable data required by money laundering and terrorist financing prevention legislation. DiPocket is the data controller of your Personal Information that you provide to us. If you wish to contact us about the processing of your Personal Information, please contact our Data Protection Officer at [email protected] Subject to your explicit consent, we may transfer your Personal Information to third parties, also explaining the intended use of the transferred Personal Information. When you provide your consent to such transfer, the specified third party becomes the Data Controller of the Personal Information we transfer to them. You can withdraw your consent at any time using the App or the Website.

Your Personal Information will be processed for the purposes described in the Agreement (including for contractual reasons, in order to provide you with the Services) eg to produce cards for use with the Account and to provide you with Account-related communications, for purposes where we have a legal right or a legal obligation (including for tax and accounting) reasons, or for fraud and money laundering detection and for marketing where you consent to this.

You have a right of access to your Personal Information and you can correct (rectify) that Personal Information at any time.

We will process the Personal Information which you provided to us during the registration process. The Personal Information you provide at registration is both a statutory requirement and necessary for us to enter into the Agreement. Providing your Personal Information to us is voluntary, if you do not provide us with the necessary information and documents, we will not be able to perform the Services.

You have a right to ask us to restrict processing or to erase your Personal Information, and where you make this request we will apply your instructions to any third parties who are processing your Personal Information on our behalf, and we will consider your request in the light of our legitimate interests. Where a request to erase Personal Information is received on behalf of a minor, we will take extra care to consider the impact on them of any decision we make.

You also have a right to object to the processing of your Personal Information, provided it is processed based on public interest or our legitimate interests. Furthermore, you may also ask us to provide your Personal Information in machine-readable form back to you, for onward sharing with another data controller or to provide this data to a third party for their use, at your direction.

Where you have given us your explicit consent for the processing of Personal Information, you also have the right to withdraw this consent at any time by contacting us at [email protected] However, such withdrawal will not affect the lawfulness of the processing carried out before the withdrawal was submitted.

If you feel your rights and freedoms in relation to processing your Personal Information have been infringed in any way, please let us know so that we can attempt to resolve the issue. The Personal Information also comes from your usage of the Card, including information about payments you make or receive, and from your other interactions with us, for example through social media, and, if it is compliant with the applicable law, from third parties such as credit reference agencies (who may check the Personal Information against other databases – public or private – to which they have access) or fraud prevention agencies.

Subject to your consent, we may also monitor or record telephone calls between you and us or capture images or video recordings during our interactions. We will use these recordings for risk management and fraud prevention purposes, to check your instructions to us, and for training and quality purposes.

If you give us Personal Information about other people including minors which we use to provide the Services, then you confirm that (i) you have ensured that they agree to our holding and use of that data or that you are otherwise allowed to give us this Information and consent on their behalf to our holding and use of it, (ii) you have provided them with all the Information regarding the processing of personal data as required under the applicable law.

If you cancel or we decline your registration or you decide not to go ahead with it, we will keep the Personal Information for as long as we are allowed to under applicable law and for legitimate business purposes, to help prevent fraud and other financial crime, and for other legal and regulatory reasons:

• According to law on the prevention of money laundering and terrorist financing of Republic of Lithuania, register data, copies of your identity documents, the identity data of the beneficial owner, the identity data of the beneficiary, direct video streaming/direct video broadcasting recordings, other data received at the time of establishing your identity, and account and/or agreement documentation (originals of the documents), and the documents confirming a monetary operation or transaction and data or other legally binding documents and data related to the execution of monetary operations or conclusion of transactions shall be stored for eight years from the date of termination of transactions or business relationships with you;
• According to law on the prevention of money laundering and terrorist financing of Republic of Lithuania, correspondence with you shall be stored for five years from the date of termination of transactions or business relationships with you;
• Time limits for storage may be additionally extended for up to two years upon a reasoned instruction of a competent authority.

If the Personal Information is no longer required for the abovementioned reasons, we will delete it.

If you wish to obtain a confirmation as to whether or not Personal Information concerning you is being processed by us, you can request a free copy of it by requesting this at [email protected]

According to art. 13.2 (d) of General Data Protection Regulation (2016/679) you also have a right to lodge a complaint with your national Data Protection Authority.

How we use the Personal Information

We use the Personal Information for security, identity verification, to communicate with you and to comply with the law.

Specifically, if it is compliant under the applicable law, we and other DiPocket Group companies may use the Personal Information to pursue our legitimate interests:

• to carry out regulatory checks and meet our obligations to our regulators;
• to prevent and detect fraud, money laundering and other crime (such as identity theft);
• to tell you about products and services which may be of interest to you (direct marketing) – if we do so we will provide you with a method to notify that you wish to opt out of such communications and we will honour your instructions;
• to develop and improve our Services through assessment and analysis of the Personal Information including credit and/or behavioural scoring, market and product analysis, and market research.
• We will never pass the Personal Information to a third party for them to use in their own direct marketing without your consent.

Who we can share the Personal Information with

We will keep the Personal Information confidential but we may share it with other entities (who are also bound to keep it secure and confidential) if we have a duty to disclose it, if it is required for the provision of our Services to you, or for legitimate purposes including business purposes and where your rights or freedoms are not infringed. Where we rely upon ‘legitimate purposes’ as a justification for our processing of the Personal Information, we will carry out an assessment, called a ‘Legitimate Interests Assessment’ and keep a record of it.

In particular, if this is compliant with applicable law, we may share the Personal Information with:

• other DiPocket Group companies, including to fulfil our obligations to identify you;
• our service providers and agents (including their sub-contractors) such as providers of data center, cards processor, cards bureau (if we issue a physical card for you), SMS messaging service providers;
• to other third parties (including their sub-contractors) who perform part of the Services or support your transactions, such as Mastercard and our partner banks in the EEA who provide, amongst other things, for the safeguarding of your funds;
• anyone to whom we transfer or may transfer our rights and duties in the Agreement;
• Lithuanian and other regulators and authorities in connection with their duties (such as crime prevention);
• fraud prevention agencies, in particular, we will always tell fraud prevention agencies if you give us false or fraudulent information. They will also allow other organisations (in Lithuania or other countries), including law enforcement agencies, to access this information to prevent and detect fraud, money laundering or other crimes. You can write to us at [email protected] for the details of the fraud prevention agencies with which we share the Information;
• any third party after a restructure, sale or acquisition of any DiPocket Group company, provided that they use the Personal Information for the same purposes as it was originally given to us and/or processed by us.

Transfer of Personal Information

We may process the Personal Information abroad, within or outside the European Union, provided we comply with the applicable laws and regulations. Where we are sharing the Personal Information with organisations outside of the EEA, we will ensure they agree to apply equivalent levels of protection as we do. We use legal mechanism, such as standard contractual clauses as indicated in General Data Protection Regulation (2016/679) art. 46 to implement the cross-border transfer of your personal data; or implement security measures like anonymization on the data before the cross border data transfer. For any inquiries on means that safeguards data transfer outside EU please contact us at [email protected]

Open-Banking

We will transfer data to any entity who you authorise us to share information about your Account with, provided they are listed as a suitably authorised entity at the time of your request. We will rely upon your instructions to the third party to access your account information from us, as evidence of your consent to share your data.

Requirement to update your Personal Information

You must notify us immediately of any and all data and circumstances that have changed with regard to the data set out in the Agreement, or the documents submitted to us (e.g. changes in personal or contact details, residency or tax residency, loss or theft or other reason for change of an identity document) as well as of any and all circumstances that may affect the fulfilment of your obligations towards us (e.g. commencement of bankruptcy procedures of a natural person). We may request documentary evidence of the changes, which you must provide it. This notification obligation applies even if the above changes have been made public (e.g. registered in a public register or published through the mass media). If you fail to fulfil the notification obligation, DiPocket is entitled to assume the correctness of the data at DiPocket’s disposal, unless otherwise prescribed in the jurisdiction of your residency.

Notices and exchange of information

We may provide you with all information electronically via the Website, App, e-mail or mobile phone, unless otherwise established in the applicable laws. We are entitled to use third party services for processing or delivering electronic notices and information to you.

If, in accordance with the applicable laws and/or this Agreement, you have the right to terminate the Agreement, you shall send the termination notification to [email protected]

Unless otherwise stipulated by the applicable laws, any notice given by DiPocket must be considered to have been received if sent by e-mail or via the App or other electronic means of communication, on the day of technical dispatch.

Unique Customer Identifier

Your Unique Customer Identifier is your mobile number. It is important you keep it updated with us at all times as we may use it to verify it is you when you make a transactions or access your Personal Information.

Your mobile number is also used by other Customers within DiPocket’s systems to transfer or request funds to/from you.