Privacy policy

PAYSWIX PRIVACY POLICY

1. GENERAL INFORMATION

This Privacy Policy of Payswix (hereinafter referred to as “we”, “our”, "us" or “Data Controller”) governs and explains for what purpose and on what basis we collect, further process or share your personal data provided to us by you or otherwise collected by us. The terms contained in this Privacy Policy apply each time you access our content and/or services, regardless of what device (computer, mobile phone, tablet, TV, etc.) you use.

Data Controller’s details:

Payswix, UAB

Legal entity code: 304604766

Office address: Menulio str. 7, LT-04326 Vilnius, Lithuania

Tel. +370 (8) 52075750

E-mail: [email protected]

Link: www.payswix.com

Data Protection officer‘s details:

Privacy Partners, UAB

Legal entity code: 304846919

Office address: Smolensko g. 6-407, LT-03201 Vilnius, Lithuania

Tel.: +370 5 254 8240

E-mail: [email protected]

We are committed to fully comply with the requirements of the applicable laws and regulations of the European Union and of the Republic of Lithuania and the guidelines of the regulatory authorities, and that we have adopted all reasonable technical and administrative measures to ensure that data that we collect are protected from loss, unauthorized access and/or alteration. We assure that data are not stored for longer than necessary. The Data Controller’s employees have made written commitments not to disclose and distribute information accessed in the workplace to any third party, including information about visitors of the website/social media accounts.

Important. Persons under the age of 16 may not provide any personal data through our website/social media accounts. If you are a person under 16, make sure that you obtain a parent or guardian’s permission before you provide personal information to us.

The definitions used in this Privacy Policy have the meanings assigned to them in General Data Protection Regulation No 2016/679 (EU).

Be sure to read carefully this Privacy Policy, because each time you access the websites www.payswix.com , or you use the services of Payswix, you agree to abide by the terms described here. If you disagree with these terms, please do not visit our website, use our content and/or services.

2. HOW DO WE COLLECT INFORMATION ABOUT YOU?

Data you give to us

This covers data given by you as well as data provided by people linked with you or your business’s, or people working on your behalf.

  • - When you apply for our products and services (you may provide us with personal data directly by filling in a registration form, providing documents necessary for the provision of our services etc.);
  • - When you sign up to our website or install our applications;
  • - When you write us emails, letters or you talk to us on the phone, including recorded calls;
  • - When you subscribe to our newsletter or register to receive other communications;
  • - When you participate in our surveys.

Important. We may also collect your personal information if you are related to our clients or potential clients, and they are legal entities. In that case you might be the director of the company, shareholder, member of the board, ultimate beneficiary owner (UBO), authorized representative of the company.

Data we may collect about you automatically when you use our services

This covers the data about you accessing our services and your account activity.

- Information about the usage of our website (we collect information about you through the use of cookies and similar technologies. To learn more about the cookies we use, please read our cookies policy: www.payswix.com/cookies-policy);

- Inquiries through our registration system or social media accounts;

- Payment and transaction data.

In certain cases, we may acquire information about you from third parties and may collect information about you from publicly available sources (e.g. through your LinkedIn social networking platform, Facebook, Twitter, Instagram, your company’s website or otherwise). This may include information shared by our partners and marketing agencies. We may link information provided by yourself, collected from public and commercial sources to other information we obtain from you or about you.

We may also collect information about you in other contexts than discussed in this Privacy Policy. If this is the case, we will give you further notice.

3. PURPOSES AND LEGAL BASIS OF DATA PROCESSING

We seek to collect as limited amount of your information as possible. The purposes of the processing of your personal data, with respective legal bases and personal data collected for such purposes, are set out in the table below:

Purpose

Legal basis/bases

Personal data

To provide payment and related services.

- Obligations under a contract between you and us;

- Compliance with legislative requirements;

- Our legitimate interests;

- Your consent.

Name, surname, details about payments to and from your accounts with us, payment method, credit card number, address, passport number, credit card expiration date, details about the products or services we provide you, other information we may need in providing our services to you, such as your phone number or e-mail address to which we will send your registration confirmation, information about your interests and preferences.

To provide service-related information you request

- This information is provided to you based on our legitimate interest to provide you with accurate information about the services we provide, extra services, etc.;

- Your consent;

- Obligations under a contract between you and us.

In order to be able to answer your queries by phone, e-mail, through social media and otherwise, we may ask you to give us your phone number, e-mail address or

other contact details convenient to you.


Purpose

Legal basis/bases

Personal data

For marketing purposes, e.g. providing customized advertisements and sponsored content and sending promotional communications.*

Assessment and analysis of our market, clients, products and services (including asking for your opinions on our products and services and carrying out client/partner surveys).

- Legitimate interest to inform about our services, events, news and other relevant information;

- An additional clear consent, which shall be received (e.g., in manner of additional tick box to be ticked with the link to the Privacy Policy and/or other relevant documents) before processing the personal data for marketing purposes.

IF YOU RECEIVED THE MARKETING CONTENT FROM US AND KNOW/THINK THAT YOUR ADDITIONAL CONSENT HAD NOT BEEN PROVIDED TO US, THEN PLEASE INFORM US ABOUT THIS SITUATION AS SOON AS POSSIBLE VIA [email protected]

Name, social media account details, telephone, e-mail address, your interests.

To understand the way people use our online services so that

we can improve them and develop new content, products and

services.

- Legitimate interest to monitor the quality of our services, develop and improve the content we provide, and ensure security of the website;

- Your consent.

IP address, operating system version, and settings of the device you use to access our content/products, time and duration of your login session, search query terms you enter through our website, and any information stored in cookies that we have set on your device, your device’s GPS signal or information about nearby Wi-Fi access points and cell towers that may be transmitted to us when you use our website content.

We process conversation recording to ensure the quality of the provided services, to preserve the information on the concluded transactions, the circumstances of their conclusion and the execution process and to deal with complaints, requests, or notifications from individuals.**

- Your consent received by choosing to continue a conversation.

Phone number, name, surname, date of the call, time of tart and end of the call, content of the conversation.

To protect our interests before any court or any other institution.

- Compliance with legislative requirements;

- Legitimate interest to defend against lawsuits and claims.

Depending on the lawsuit or claim filed, we may collect all personal data mentioned in this Privacy Policy that we have about you.

* You may opt out of direct marketing communications from us at any time. If you prefer not to receive our direct marketing communications, please let us know by sending us an e-mail to [email protected] or clicking on the opt-out link appearing in the newsletter.

** If a person does not agree for the conversation to be recorded, alternative means to contact Payswix are available: by email [email protected] or by visiting the Payswix office.

Where we do not base our use of information about you on one of the above legal bases, we will ask for your consent before we process your information (these cases will be clear from the circumstances and the context).

In some instances, we may use information about you for purposes other than described above. Where this is the case, we will provide a supplemental notice to you.

Important. You may choose not to disclose certain information to us (e.g. information requested in the registration form), but in that case you may not be allowed to register in our website or receive our services. It may also mean that we cannot run your accounts or policies. It could mean that we cancel a product or service you have with us.

4. HOW LONG WILL YOUR PERSONAL DATA BE KEPT?

We will retain your personal data for the period necessary to fulfil the purpose for which they were collected. After that, we will delete them, except where we are legally obligated to retain the information for tax purposes, or such data may be required in conducting a pre-trial investigation, but in any event the retention period will not extend beyond 10 years after you stop being a client. On expiration of this period, the data will be irretrievably deleted.

In accordance with the Law on Legal Protection of Personal Data of the Republic of Lithuania, the General Data Protection Regulation and other legal acts personal data storage periods are as follows:

Personal data

Retention period

Payment data

At least 10 years after the payment transaction.

Personal data used for provision of the services

8 years after you stop being a client.

Personal data used for marketing purposes

3 years from your last visit to our website.

IT system logs

Up to several months.

Analytical data

Such data are normally collected automatically while you visit the website and immediately depersonalized/aggregated.

Conversation records

Up to 3 years from the day of the record.

Correspondence with the clients

5 years after you stop being a client.

Complaints

Up to 10 years.

5. TO WHOM WE DISCLOSE YOUR PERSONAL DATA?

We may (or are obliged to) disclose your personal data to outside organizations such as:

- Companies that provide services for us, which are necessary for the provision of our services to you or the fulfillment of legal requirements;

- Banks/companies that provide payment services;

- Public authorities, authorities supervising activities in the payment sector, pre-trial investigation officials, courts, and others, when disclosure to be necessary to protect our legitimate interests or we are obliged by law.

This is so that we can provide you with products and services, run our business, and obey the rules that apply to us. We also use the following data processors for the processing of personal data specified in this Privacy Policy (but not limited to them): data center, cloud, website administration and related services companies, marketing service companies, software development, provisioning, maintenance and development companies, information technology infrastructure services companies, communication services companies, internet browsing or internet activity analysis and service companies.

6. TO WHAT COUNTRIES DO WE TRANSFER YOUR PERSONAL DATA?

Sometimes we may have to transfer your personal data to other countries that may offer lower levels of data protection. In such cases we do all that is within our control to ensure the security of the data we transfer.

The Data Controller transfers your personal data to the following countries outside the European Economic Area: Israel, India.

Where the Data Controller transfers your personal data to countries outside the European Economic Area we ensure that any of the following safeguards is implemented:

- A contract is signed with the data recipient based on the standard contractual clauses adopted by the European Commission;

- In respect of data transmission by a group of undertakings, binding corporate rules are applied;

- The data recipient is established in a country recognized by the European Commission as applying adequate data protection standards (Israel, for example).

7. HOW DO WE PROTECT INFORMATION ABOUT YOU?

We have put in place reasonable and appropriate physical and technical measures to safeguard the information we collect in connection with the provision of our content/services. Please note, however, that although we take reasonable steps to protect your information, no website, Internet transmission, computer system or wireless connection is completely secure.

8. RIGHTS THAT YOU HAVE

The data subject whose data are processed in connection with activities carried out by the Data Controller, depending on the situation, has the following rights:

Rights that you have

Certain restrictions

To know (be informed) about the processing of your data (right to know)

You have the right be informed in a concise form and using simple and plain language before the processing of your personal data.

To access your data and be informed about the methods of their processing (right of access).

This right means:

- confirmation whether or not we process personal data concerning you;

- providing you with the list of your data that we process;

- informing you about the purposes and legal bases for the processing of your personal data;

- confirmation as to whether or not we transfer data to third parties and, if so, the safeguards we have implemented;

- informing you from which source your personal data originate;

- information as to the existence of profiling;

- information about the storage period.

After we have established your identity, we will provide you with the above information, provided this does not affect the rights and freedoms of others.

To obtain rectification of personal data or, considering the purposes of the processing of personal data, to have incomplete personal data completed (right to rectification).

This applies if the information we hold is incomplete or inaccurate.

To obtain the erasure of your data (right ‘to be forgotten’).

This applies if:

- the information we hold is no longer necessary in relation to the purposes for which we use it;

- we process your data on the basis of your consent and you withdraw your consent;

- we process your data on the basis of legitimate interests and we find that, following your objection, they are overridden by your private interests;

the information was unlawfully used.


Rights that you have

Certain restrictions

To stop all data processing activities in respect of your data (except storage).

This right applies, temporarily while we investigate your case, if you:

- contest the accuracy of the information;

- have objected to our processing of your personal data on the basis of legitimate interests;

- our processing of your information is unlawful and you oppose the erasure of the information;

- we no longer need the information, but you require it to establish a legal case.

To obtain from the Data Controller restriction of the processing of personal data if there is a legitimate ground (right to restriction of processing).

You may opt out of our use of your personal data for direct marketing purposes.

To object to processing of personal data.

This right means that data subject can object at any time to processing of personal data concerning him or her which is based for the performance of a task carried out in the public interest or for the purposes of the legitimate interests pursued by the controller or by a third party. The controller must demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject.

To exercise the right to data portability.

This right may be exercised if you have provided your data to us and the processing is carried out by us by automated means and on the basis either of your consent, or based on discharging our contractual obligations to you.

We offer you easy ways to exercise these rights. You can do so by giving us a call to +37052075750, writing to us to [email protected], or using certain links provided at the end of our promotional communications.

Despite of the way you choose to reach out, we will ask you to prove your identity face-to-face, by sending an electronically signed request, or, where the two options are not available, by returning to us a One Time Password (OTP) from your email address that you have provided to us in the registration form or when subscribing to our newsletter. The OTP will be sent to you by our Customer Support Service via SMS from +370 (8) 52 07 5750 .

Important. You may not be able to exercise these rights when in the cases provided by law it is necessary to ensure prevention, investigation and detection of crimes, violations of official or professional ethical standards, as well as the protection of the rights and freedoms of the data subject or other persons.

You also have a right to lodge a complaint with the State Data Protection Inspectorate www.ada.lt .

9. HOW WE ARE HANDLING YOUR REQUEST

When we receive your request and your identity was verified, we will verify:

- the access request;

- whether requests are unfounded or excessive;

- whether we process the data requested;

- whether the data requested also involves any exemptions.

We will promptly acknowledge receipt of the request.

If we receive a request send directly by a data subject to us as a data controller, we will evaluate it immediately and will respond to you.

If we receive your request in its capacity as a data processor, we will notify the data controller without undue delay, receive their instructions as to the request handling and make a reasonable effort in assisting the data controller in fulfilling the request. We will also notify you that handling of your request is forwarded to the data controller.

We are ensuring that all information requested will be provided within 30 calendar days from the day the request was first received by us. In case when the request cannot be completed, we will reply with an answer as to why the request cannot be completed. If more time is needed to respond to complex requests, we will notify you within the first 30 days. In any case extension is permissible only of another two months.

CONTACT US

If you discover any inconsistency in this Privacy Policy, any security issue on our website, or have other questions related to the processing of your personal data, please contact us in a manner convenient to you using the contact details below:

Data Controller’s details:

Payswix, UAB

E-mail: [email protected]

Data protection officer‘s details:

Privacy Partners, UAB

E-mail: [email protected]