Privacy Policy

I. Introduction

  1. This Privacy policy (Policy) is the main document that sets out the basis as to what happens to any personal data that You provide to Verified payments, UAB, (Verifo, We, Us), or that We collect from third parties about You while You are using or applying for our Services and explains how we process Your personal data through any relationship We have. Services may be available through our or our intermediaries’ internet banking systems, mobile apps or application programming interfaces (all of them or any of them hereinafter may be referred to as the “Platform”). You may choose not to provide any information to Us, however Verifo may be unable to provide Services.
  2. Please pay attention to the fact that Verifo may update this Policy from time to time, therefore please do review it regularly. You will be informed regarding changes of the Policy by e-mail.
  3. Your personal data controller is Verifo, head office address T. Kosčiuškos st. 24, LT-01100, Vilnius, Lithuania as specified in General Service Agreement. We have appointed a data protection officer (“DPO”). You can contact our DPO at [email protected].
  4. Verifo acts according to the Law on the Legal Protection of Personal data of the Republic of Lithuania, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) and other applicable legal regulation.
  5. Security is highly important to us. We take all reasonable measures to protect personal data from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction, including industry standard security and encryption features.
  6. In case you provide information about other natural persons to Verifo, you undertake to make this Policy known to them before the disclosure of such information to Verifo. Thus, if the Profile is opened by legal person, Head or other representative of the Client, You shall properly inform data subjects (Beneficial owners, Head, etc.) about transfer of their data to Verifo and to present this Policy to them.
  7. By contacting Us, using our Platform and / or our Services You confirm that You have read, understood and agreed with this Policy.

II. Definitions

  1. AML shall mean antimoney laundering and counterterrorism financing regulations.
  2. Data subject means any identified or identifiable natural person, whose personal data is processed by data controller.
  3. Personal data shall mean any information relating to an identified or identifiable natural person.
  4. Processing means any operation or set of operations which is performed on personal data, such as collection, recording, storage, erasure, destruction, etc.
  5. Supervisory institutions shall mean Bank of Lithuania, State Data Protection Inspectorate, Financial Crimes Investigation Service, other institutions that supervise our activity.
  6. You shall mean the natural person who is making payment to our System, applying for our Services, using our Platform and / or our Services or representative, Beneficial owner on whose behalf the Personal data is provided.
  7. Other terms in this Privacy policy are used as defined in General Service Agreement.

III. The purposes of processing

  1. Provision of Payment services, verification of the identity, prevention of fraud, money laundering, counter-terrorist financing, other financial crimes, implementation of other obligations under AML requirements.
    1. Verifo is required by law to verify the Client‘s identity, monitor transactions of the Client, prevent fraud, money laundering, counter-terrorist financing, other financial crimes, properly implement obligations of payment service provider and comply with AML regulations. For this purpose, We may collect below data about natural person client or representative of legal person client:
      1. Data about identity: name, surname, personal identification number or other unique sequence of symbols assigned to the person for identification purposes, date of birth, personal identification document number, copy of personal identification document,
        nationality or the state which has issued the personal identification document, country of residence, ID number in Verifo system, Account number in Verifo system, face photo, etc. (Identity data).
      2. Contact data: address, phone number, email address, etc. (Contact data).
      3. KYC data: account number on other payment service providers, checks on public and private registries, fraud, money laundering, counter-terrorist financing and other financial crimes prevention agencies, employer, position, address, occupation, used Services, payment and other transactions, turnover, source of funds, countries from / to which funds will be received / transferred, information of political involvement, other data of monitoring of Client’s activity, etc. (KYC data).
      4. Device information: OS of device, browser type and version used for access to Profile, IP and location, time zone setting, etc. (Device information).
      5. Verifo payment card information: number and CVV/CVC code of payment card, PIN code, relevant expiry dates, etc. (Payment card information).
    2. We may also collect and process Identity data about Beneficial owners of legal entity.
    3. If You are a payer (natural person) using our payment collection services or making payment to our Client and do not have a Profile in Verifo system, We may collect and process the following data about You: name, surname, personal identification number and email address.
    4. We may collect data from You and from third parties, We may search publicly available information about You in order to verify your identity, process transactions, detect and prevent fraud or other similar purposes.
    5. We collect data mentioned above as We are required by law and We need this information as to enter contractual relationship with the Client. If You or a representative of legal entity won’t provide required data, We may refuse to enter into contractual relationship and provide Services for the Client.
    6. We may provide Your data to: supervisory institutions, banking and financial services partners, other payment service providers, payment card manufacturing/personalization and delivery companies, companies that provide identification and sanctions/ watch lists screening, transaction monitoring services, government institutions, attorneys, bailiffs, pre-trial investigation institutions, courts, auditors, debt recovery agencies, companies that handle joint debtor data files, fraud, money laundering, terrorist financing and other financial crimes prevention agencies, other subjects that have legitimate interest or Your acceptance.
    7. We are going to process Your data for eight years from the date of termination of transactions or business relationships with Us. Time limits for processing may be additionally extended for up to two years upon a reasoned instruction of a competent
      authority.
    8. In case the business relationship has not been established based on reasons not related with AML (e.g. You decided not to finish application or verification procedure due to Your own personal reasons) Your personal data will be stored for 2 years since the last contact with You or action from Your side;
    9. We may provide Your data to third countries as to perform Your payment transaction to third country recipient or using third country partners services for the payment transaction. Please be advised that there are European Commission Adequacy decisions for the transfer of the data to Andorra, Argentina, Canada (commercial organizations), Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay and the US (limited to the Privacy Shield framework). The data to the other third countries is transferred for the purpose of the performance of a contract between You and Us.
  2. Notification about changes in our Services and dispute prevention
    1. We are required by law to notify You about changes in our Services and terms & conditions for provision of services. These notifications are not marketing material and are to be provided as required by law. According to this You shall not have the right to object receiving such notifications. For this purpose, We may process Your Contact data.
    2. We process above mentioned data as We are required by law and for the performance of the contract with the Client.
    3. We are going to process Your data for the above-mentioned purpose till the date of termination of business relationships with Us.
    4. You can also refer to Us requiring information from Us, to consult with Us about our Services or to inform Us about unauthorized payments, demand to block Your payment instrument or ask to provide other information. You may contact Us by phone or email. As You contact Us We may process Your Identity data, Contact data, Device data, also record our phone conversations and store content of our correspondence and history of it.
    5. Above mentioned data is processed:
      1. As You refer to Us by phone: for the purposes of the legitimate interests pursued by Us to prevent disputes between You and Us about proper provision or receiving of information.
      2. As You refer to Us by email: data is collected for the law requirement purposes and for the purposes of the legitimate interests pursued by Us to prevent disputes between You and Us about proper provision or receiving of information.
    6. Data collected by contacting us by email will be processed for eight years from the date of termination of transactions or business relationships with Us as it is required by AML regulations. Data collected by contacting Us by phone will be processed for 18 months from the day You called to our customer support. These terms may be additionally extended for up to 24 months from the final decision in case of dispute between the parties.
    7. Your data may be provided to supervisory institutions, attorneys, pre-trial investigation institutions, courts, auditors, debt recovery agencies, companies that handle joint debtor data files, other subjects having Your acceptance.
  3. Dispute settlement
    1. Before starting a dispute with Us firstly You should contact Verifo so that We can handle Your complaint and satisfy it benevolently if it is well grounded. If You are not satisfied with our reply, You can address competent authority according to our Complaints policy.
    2. As the dispute may arise, for dispute settlement purposes We may collect and process such data: Identity data, Contact data, KYC data, also data provided in Your claim and its supplements, other data needed to investigate Your claim. The data is processed as We are required by law.
    3. Data will be processed for 2 years from the day We provided You a final response. These terms may be additionally extended up to the final dispute settlement between the parties.
    4. Your data may be provided to supervisory institutions, attorneys, pre-trial investigation institutions, courts, auditors, debt recovery agencies, companies that handle joint debtor data files, other subjects having Your acceptance.
  4. Debt recovery
    1. If somehow You will have a debt for Us, We may process such data about You: Identity data, Contact data, also data about Your payments, Services and information about debt.
    2. Data will be processed for 10 years from the date the debt originated. In case there is court proceeding, the term may be additionally extended up to the time the debt is recovered and 12 months after recovery.
    3. Your data may be provided to attorneys, pre-trial investigation institutions, courts, auditors, bailiffs, debt recovery agencies, companies that handle joint debtor data files, banking and financial services providers, other payment service providers, government institutions.
    4. You therefore agree that if You failed to fulfill Your obligations to us, We have the right to provide Your data to companies that handle joint debtor data files by informing You in advance.
  5. Marketing
    1. We may provide You by email the information about our new Services, other goods and services We offer that are similar to those that You have already used or inquired about, to provide You or permit selected third parties to provide You information about goods or services We feel may interest You.
    2. Email for our direct marketing purposes (newsletters) will be processed only with Your separate acceptance.
    3. Your email address will be processed for 1 year from the date You terminate business relationship with Us. You have the right at any time to object to Your email usage fordirect marketing purposes.
    4. We may provide Your email to email marketing service providers to send You newsletters on our behalf.
    5. We hereby inform You that We may also use Your personal data (such as used services, location, IP, behavior, etc.) to form a view on what We think You may want or need, or what may be of interest to You and show You adverts in our webpage.
    6. We may also provide anonymized information to advertisers to promote our products and services. Therefore, such anonymized information would be used to help our advertising partners provide a targeted campaign, relevant for a sub-section of our Clients.
    7. Your data will be processed for 1 year from the date You terminate business relationship with Us. You have the right at any time to object to Your data usage for marketing purposes.
    8. Data mentioned above is processed for the purposes of the legitimate interests pursued by Us: to show You our Services that We think You may want or need, or what may be of interest to You.
  6. Statistics
    1. All Your provided or our collected data about You, except Identity data, may be processed for the statistical purposes. We process Your data in such a way that after including data in statistical evaluation there would be no possibility to identify You.
    2. You agree that You are informed about the right to refuse that Your data would be processed for the statistical purposes, but Verifo would have the right to continue processing of Your data if can prove that data is processed for convincing legitimate reasons that are superior to the interests, rights and freedoms of You or in order to bring, enforce or defend legal requirements.
    3. The data will be processed till it becomes not relevant.

IV. Data processing

  1. Your data will be processed by automated means, as well as to manual processing, including automated individual decision-making and profiling, for various processing purposes.
  2. Automated decision making and profiling might be used for Verification of Your identity, monitoring Your operations and activity in the Profile. Such procedures are necessary according to AML requirements and necessary for entering and performing business relationship between Us and the Client. Verifo implements suitable measures to safeguard Your rights and freedoms and legitimate interests, including the right to obtain human intervention. You also have the right to express Your point of view and to contest the decision.
  3. The information We process about You is stored on our secure servers. We use all needed technical, organizational and other means to protect Your data.

V. Verifo partners services

  1. As stated in General Service Agreement, You may access Verifo partners services via Verifo system. According to this You may find links to third party websites on our website. These websites should have their own privacy policies which You should check. We shall not be liable for their policies and activity as We have no control over them.
  2. If You choose to use such services, You have to provide Your data to such partner and accept the terms & conditions of services set by that partner or We may share Your data in order to provide certain services to You upon Your request. Verifo shall only be an intermediary between You and the service provider and is not liable for the proper provision of such services.

VI. Your rights

  1. Please be informed about Your rights under Data Protection regulations in relation to Your personal data:
    1. Right to Information: The right to ask Us for information about what personal data of Yours is being processed and the rationale for such processing;
    2. Right of Access: The right to access Your personal data;
    3. Right of Rectification: The right of rectification of inaccurate personal data concerning You, and the right to have incomplete personal data completed. Please be advised that We may need to verify the accuracy of the new data You provide to Us;
    4. Right of Erasure (the right to be forgotten): The right of erasure of personal data concerning You if there is no convincing reason for Us continuing to process it. Please be advised that We may not always be able to comply with Your request of erasure for specific legal reasons which will be notified to You, if applicable, at the time of Your request. Please note that Under GDPR Article 17(3)(b), legal requirements take precedence over the right to be forgotten. From an AML perspective, the EU’s 4th Anti￾Money Laundering Directive (4AMLD) introduced the requirement that both customer due diligence and transaction records be retained for a minimum of a set number of years after the end of the customer relationship and as a financial institution Verifo will retain Your data, in line with AML regulations, for a minimum of 8 years. In this context, the right to be forgotten would only be enforceable after this period had ended;
    5. Right of Restriction of Processing: The right to obtain from Us restriction of processing if there is legitimate reason. Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with Your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the EU or of a Member State;
    6. Right to Data Portability: The right to receive the personal data concerning You, which You provided to Us and have the right to transmit data to another controller. Please be advised that this right only applies to information which You provided for Us;
    7. Right to object: The right to object at any time to processing of personal data concerning You which is processed for the purposes of our legitimate interests. We shall no longer process the personal data unless We demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of You or for the establishment, exercise or defense of legal claims. Where personal data is processed for marketing purposes, You shall have the right to object at any time to processing of personal data concerning You for such marketing;
    8. Right to Object to Automated Processing: This right to object to a decision based on automated processing. Using this right, a customer may ask for his or her request (e.g. attempted identity verification) to be reviewed manually, because he or she believes that automated processing of his or her data may not consider the unique situation of the customer;
    9. Right to withdraw consent: The right to withdraw Your consent at any time where we are relying on consent to process Your personal data. However, this will not affect the lawfulness of any processing carried out before You withdraw your consent. In some cases, if You withdraw Your consent, We may not be able to provide the Services to You;
    10. Right to complain: You have right to make a complaint at any time to the State Data Protection Inspectorate, Lithuania supervisory authority for data protection issues. We would, however, appreciate the chance to deal with Your concerns before You approach the supervisory authority so please contact Us in the first instance.
  2. You can implement Your rights according to Our Policy for implementation of data subject rights.