Basic information about your personal data processing

Data Controller is UAB “Finolita Unio”, Lvovo str. 25, Vilnius LT-09320, Lithuania, email: info@finolita.com

Main data processing purposes:
– To identify customers.
– To implement obligations under the laws on money laundering and terrorist financing prevention and tax evasion prevention.
– To verify the suitable customers.
– To conclude and execute agreements and provide services.
– To respond to your inquiries and fulfill your requests, such as to respond to your questions and comments.
– To send administrative information to you, for example, information regarding our websites and changes to our Terms and Conditions.
– To offer and facilitate the provision of services.
– The execution of risk management (for more information please refer to section Profiling below).
– The processing of transactions.
– To secure evidence. Finolita may record any ongoing communication (video or voice).
– To provide you with updates and announcements concerning our products, promotions and programs and to send you invitations to participate in special programs (direct marketing).
– To personalise your experience on the website by presenting products and offers tailored to you.

Profiling. Currently the customer’s profiling procedures are completed manually. However, Finolita intends to make this process automatic. When this happens, please note that you have a right as a data subject to object to such profiling which is only performed by automated means and request for a manual evaluation of your risk.
Your data subject rights: to obtain information about your stored Personal Data, the right to correct and transmit your data and, if necessary, to object to (when data is processed based on our legitimate interest or your consent), restrict the processing of, or deleting of, your Personal Data. You also have a right to submit a claim at the State Data Protection Inspectorate.

For more specific information about your personal data processing please refer to Full version of the Privacy Policy below.

 

Full version of the Privacy policy (DOWNLOAD)

General
UAB “Finolita Unio” (“Finolita”) is committed to protecting its users’ privacy. Therefore, we would like to give our website visitors and Internet Banking users the required information according to Article 13 and 14 of the General Data Protection Regulation (“GDPR”) with this Privacy Policy. Our services can be broadly divided into two types:

(a) IBAN related services – services that allows you to hold e-money in the account and make internal money transfers in and out of your account, make SEPA and cross-border payment transfers and curency conversion; and
(b) acquiring services – services provided by Finolita that facilitate processing of credit or debit card payments on behalf of a merchant and allows the merchant to accept payments from multiple cards’ brands as well as alternative payment methods, such as Paypal, Skrill, Netteler, Giro, etc..

IMPORTANT NOTICE: The acquiring services shall only be provided by Finolita, if “Hard Brexit” occurs. Therefore, the sections of this Privacy policy which specifically apply to acquiring services will only be valid as of the “Hard Brexit” date, if any. However, Finolita may act as refferal partner, collecting acquiring related Customer‘s KYC/KYB information (including Personal data) and transferring it to Finolita‘s sister company PXP Financial Limited, address – The Corn Mill, Roydon Road, Stanstead Abbotts, WARE, SG12 8XL, United Kingdom („PXP“) or other aquirers, irrespective of “Hard Brexit” event.

Personal data processing occurs in the provision of both: IBAN and acquiring services. Although some data processing operation apply to both types of services, some aspects may be different depending on which service is provided to you. For the sake of clarity, we have specifically highlighted some major differences.

All your data lawfully collected, transferred, processed and maintained is treated in accordance with the principles as stated by the General Data Protection Regulation (GDPR) (EU) 2016/679. We recognize our responsibility to keep your information confidential and secure. Any personal information about you which we obtain in connection with our services provided to you we undertake to keep safe.

The terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, unless otherwise defined in this Privacy Policy.

Controller
UAB “Finolita Unio”
Lvovo str. 25, Vilnius LT-09320, Lithuania
Email: info@finolita.com

Personal Data
‘Personal Data’ means any information relating to a natural person who can be identified, directly or indirectly (‘data subject’).

How we collect information
Personal data is usually provided to us by yourself, however, some information is collected automatically, by using cookies, and some information can be provided by third parties, such as credit rating agencies, public and private registers, etc.

When we provide IBAN services your personal data may be obtained from: the customer (or customer’s representatives); public registries; Refinitiv (former Thomson Reuters) WorldCheck or an alternative service provider such as LexisNexis or DowJones; identification service provider UAB “Ondato” (or an alternative service provider established in EU); Web Shield Limited; Bisnode Austria Group; anti-fraud/transactions monitoring solution provider located in the EU; other payment service providers.

When we provide acquiring services your personal data may be obtained from the following sources: the customer (or customer’s representatives); public registries; Web Shield Limited; Bisnode Austria Group; payment card associations (VISA, Mastercard); other payment sevice providers.

All personal data, processed by us is treated as private and confidential. Please note that information provided by third parties may include Personal Data of directors, executives, ultimate beneficial owners, therefore if you are a representative of a company, it is your obligation to inform other directors, executives and ultimate beneficial owners that their personal data shall be processed by us in a way described in this Privacy policy.

To enable us to provide our services, we need to obtain your Personal Data including your name, surname, your e-mail address, and other relevant details to tailor your needs. The data you enter in the online form or that you share with us at events or exhibitions includes your name, surname, your job title, email address, telephone number and your place of work. All this information can be considered personally identifiable information.

How we use your information lawfully
Your Personal Data will only be processed for specific, explicit and legitimate purposes and in the context of lawfulness. In particular, Personal Data will be processed for the following purposes and where one or more of the following conditions apply:

• To identify customers. The legal basis for processing is compliance with our statutory license obligation.
• To implement obligations under the laws on money laundering and terrorist financing prevention and tax evasion prevention. The legal basis for processing is compliance with a legal obligation to which Finolita is subject. Before we engage into any business relationships, we will ask you to fill-in onboarding forms (customer information questionnaire(s) in order to fulfill our “Know your customer” obligation.
• To verify the suitable customers. The legal basis for processing is compliance with a legal obligation to which Finolita is subject and our legitimate interest to protect our business. The verification process shall result in the rejection of further engagement or a successful onboarding and attribution of a certain risk level (please refer to Profiling section below for more information).
• To conclude and execute agreements and provide services. For example, to provide Internet banking (IBAN) and Internet banking (IBAN) plus acquiring services. The legal basis is performance of a contract to which you are a party to. Please note that acquiring services shall be provided by Finolita only if “Hard Brexit” event occurs. Otherwise, until further notice, services shall be provided by PXP.
• To respond to your inquiries and fulfill your requests, such as to respond to your questions and comments. The legal basis for data processing is our legitimate interest – to provide a good customer service.
• To send administrative information to you, for example, information regarding our websites and changes to our Terms and Conditions. The legal basis for data processing is performance of a contract to which you are a subject to or our legitimate interest to provide good customer service. When Internet banking (IBAN) services are provided, the customer shall have an account at Finolita equipped with a Messenger function which will be used as a primarily communication channel.
• To re-contact you if we have not heard from you in a while. The legal basis for data processing is our legitimate interest – to provide good customer service and keep data updated.
• To offer and facilitate the provision of services– the legal basis is either our legitimate interest to promote our brand or your consent.
• To improve our service and developing new services. The legal basis for data processing is our legitimate interest – to provide a good customer service and improve our business.
• To resolve conflicts, manage litigation, resolve issues, and provide you customer service (including troubleshooting in connection with customer issues). The legal basis for data processing is our legitimate interest – to provide a good customer service in connection with our administration duties.
• The execution of risk management (for more information please refer to section Profiling below). The legal basis for processing is compliance with a legal obligation.
• The processing of transactions. The legal basis is the performance of a contract to which you are a party to or the performance of mandatory statutory provisions.
• To secure evidence. Finolita may record any ongoing communication (video or voice) between Finolita and the customer/user using any available technical means, and archive all the records, as well as the copies of any information and documents that Finolita will receive from the Customer/user and third parties. The legal basis is the legitimate interest to secure evidence of the communication.
• To complete and fulfill your service-order, have your order delivered to you, communicate with you regarding the service and provide you with related customer service. The legal basis is the performance of a contract to which you are a party to.
• To provide you with updates and announcements concerning our products, promotions and programs and to send you invitations to participate in special programs (direct marketing). The personal data collected for direct marketing purposes may be processed only with the unambiguous active consent of you which clearly indicates that you agree with the processing of your personal data for direct marketing. You have a right to withhold your consent or withdraw previously given consent without any adverse effect. Thus the legal basis for data processing is your consent. In some cases, direct marketing can be performed based on our legitimate interest – to promote our business and update you with our new products and services.
• To personalise your experience on the website by presenting products and offers tailored to you. The legal basis for data processing is our legitimate interest – to provide for you a good service experience on our website.
• For our internal business purposes, such as statistics, analysing and managing our businesses, business mergers and acquisitions, market research, audits, developing new products, enhancing our websites, identifying usage trends, determining the effectiveness of our promotional campaigns and gauging customer satisfaction. The legal basis for data processing is our legitimate interest – to improve our services for your needs.
• As we believe to be necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain. The legal basis for processing is compliance with a legal obligation.
• Protection of the legal rights and interests of Finolita, including, but not limited to, the discovery, conduct or defense of legal rights. The legal basis for processing is compliance with a legal obligation.

Profiling
In order to obtain Internet banking (IBAN) and/or acquiring services offered by Finolita, a prior onboarding procedure is carried out by the Compliance team of Finolita. Such onboarding procedure involves collection and thorough analysis of the Personal Data of all our potential customers. Compliance team of Finolita evaluates the information gathered from various legitimately available sources, including but not limited, from Word Check data base, third parties, such as risk assessment agencies, public and private registries, identification service providers (ONDATO) and decides whether to engage into further business relationships with a certain potential customer or not. If the decision is positive, the Internet banking (IBAN) account is opened and a risk level defined by Finolita is attributed. Regarding the provision of acquiring service, attribution of customer’s risk level is a part of acquiring underwriting process. In case it ends positively and customer accepts Finolita’s proposed terms and conditions – acquiring agreement is signed with the customer. Based on this profiling the pricing list is determined. Currently the customer profiling process is completed manually. However, Finolita intends to make this process automatic. When this happens, please note that you have a right as a data subject to object to such profiling which is only performed by automated means and request for a manual evaluation of your risk.

Log Data
We want to inform you that whenever you use our service or visit our websites, we collect information that your browser sends to us that is called Log Data. This Log Data includes information such as your computer’s Internet Protocol (“IP”) address, browser version, pages of our service that you visit, the time and date of your visit, the time spent on those pages, and other statistics.

Cookies
In the course of your visit to our website, your computer or other end device may be issued with cookies. Cookies are files containing a small amount of data that is commonly used as an anonymous unique identifier. These are sent to your browser from our website when you visit and are stored on end user’s device -hard drive.
Our website uses these “cookies” to collect information and to improve our service. You have the option to either accept or refuse these cookies and know when a cookie is being sent to your computer. If you choose to refuse our cookies, some portions of our service will not be available any longer.
Cookies are commonly used on the Internet and do not harm your system. Cookies have a number of uses.
The cookies used on our website (http://www.finolita.com) fall into two categories:
Strictly necessary: These cookies are used to enable core website functionality and do not contain any personal information.
Analytics: These cookies allow us to count page visits and traffic sources, so we can monitor and improve the performance of our website.

The Cookies used in our websites:

Cookie Name Tool Domain Valid until Description
Strictly necessary
moove_gdpr_popup Cookie Settings finolita.com session When this Cookie is enabled, these Cookies are used to save your Cookie Setting Preferences.
wp-settings-2  WordPress  finolita.com 1 year WordPress also sets a few wp-settings-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface.
wp-settings-time-2 WordPress  finolita.com 1 year WordPress also sets a few wp-settings-{time}-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface.
JSESSIONID NANO .finolita.com Until browser is closed or logout Internet bank environment session ID cookie. It is created when the user logs in, deleted upon logout.
JSESSIONID is a cookie in J2EE web application which is used in session tracking. Since HTTP is a stateless protocol, we need to use any session to remember state. JSESSIONID cookie is created by web container and send along with response to client.
SSID NANO .finolita.com Until browser is closed or logout Internet bank envorinment REST service HTTP session identification cookie. It is created when the user logs in, deleted upon logout.
XSRF-TOKEN NANO .finolita.com Until browser is closed
SRVSEC NANO .finolita.com Until browser is closed Associates browser to an application server (when cluster is used).
default-login-type NANO .finolita.com 31556926 seconds Defines login type to the Internet bank environment.
defaultLocale NANO .finolita.com Until browser is closed User preference: interface language.
Analytics cookies
_ga Google Analytics finolita.com session When this Cookie is enabled, these Cookies are used to collect information about how visitors use our site. We use the information to help us improve the site. The Cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. Detailed information about this Google Analytics Cookie is provided here:
https://support.google.com/analytics/answer/6004245
https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
https://tools.google.com/dlpage/gaoptout
__utma Google Analytics .finolita.com 2 years after renewal Used to distinguish users and sessions. The cookie is created when the javascript library executes and no existing __utma cookies exists. The cookie is updated every time data is sent to Google Analytics.
__utmb Google Analytics .finolita.com 30 min after renewal Used to determine new sessions/visits. The cookie is created when the javascript library executes and no existing __utmb cookies exists. The cookie is updated every time data is sent to Google Analytics.
__utmc Google Analytics .finolita.com Until browser is closed Not used in ga.js. Set for interoperability with urchin.js. Historically, this cookie operated in conjunction with the __utmb cookie to determine whether the user was in a new session/visit.
__utmt Google Analytics .finolita.com 10 min after renewal Used to throttle request rate.
__utmz Google Analytics .finolita.com 6 months after renewal Stores the traffic source or campaign that explains how the user reached your site. The cookie is created when the javascript library executes and is updated every time data is sent to Google Analytics.

 

When you enter our websites for the first time, we provide you with an opportunity to accept or decline the usage of cookies. You can also delete and block cookies at any time from this site through your browser, but some features on this site will not function without cookies.
You can change the preferences or settings in your web browser to control cookies. In some cases, you can choose to accept cookies from the primary site but block them from third parties. In others, you can block cookies from specific advertisers, or clear out all cookies.

Transfer of Data to Third-Parties
We employ third-party companies and individuals that may be located outside of the European Economic Area (EEA) due to the following reasons:
• To facilitate our service
• To provide the service on our behalf
• To perform service-related services
• To assist us in analysing how our service is used
We want to inform our service users that these third parties have access to your Personal Data. The reason is to perform the tasks assigned to them on our behalf. However, they are obligated not to disclose or use the information for any other purpose.

Personal Data will only be transferred in the following circumstances:

• To other companies that provide us services. We share Personal Data with other partners who perform services and functions on our behalf. These partners, for example, provide services to you as defined in our service contracts. In particular, we use UAB Baltic Amber Solutions as our IT system provider; ONDATO as an identification service provider; Zoom – a provider of voice and video communications; Refinitiv (former Thomson Reuters) WorldCheck or an alternative provider such as LexisNexis, DowJones – a private data base for risk assessment; other public data bases; AML, fraud prevention and transaction monitoring service providers; Web Shield Limited; Bisnode Austria Group; customer support tool provider located in EU or USA; SMS service provider Infobip – for the communication and strong customer authentication purpose (OTP SMS); public supervisory institutions.
• To financial institutions with whom we work together to develop or provide a product or service. For example, we partner with PXP (based in UK) for the purposes of provision of acquiring services. In order to ensure that PXP customers can continue to receive services under their merchant agreement in the event of a “Hard Brexit”, the company has set up a partnership with Finolita. Under this agreement, all of the PXP’s acquiring/aggregation business present in European Economic Area will be transferred to Finolita. Please note, that this plan will only come into effect if there is a “Hard Brexit”.
• To other parties when you use their services, such as: to merchants and service providers. We may disclose information to other participants in your transactions when you use the services. The information we share includes: person-related data required to complete the transaction.
• Personal Data needed by other transactional participants to resolve conflicts and to investigate and prevent fraud.
• Anonymised data and performance analytics that help better understand the use of our services and increase the satisfaction of our customers.
• To third parties for our business purposes or as permitted or required by law.
• To protect the essential interests of a person.
• To investigate violations of any User Agreement or other legal provision applicable to our services or to enforce such legal instruments to protect our assets, services and rights.
The following categories of recipients of personal data are located outside of the European Economic Area. Personal Data only are transferred where applicable upon the performance of a contract to:
• Payment Providers in Australia, UK, and Russia and
• Credit card organizations in USA

Should you wish to receive a list of our data recipients, please contact our Data protection officer using contact details below.
To fulfill some of our processes we must pass your Personal Data to other parts of our group companies, which may be in other countries. We make sure that they agree to apply the same levels of protection as we are required to apply to information held in Lithuania and to use your information only for the purpose to provide our service to you. In any event Finolita will capture and process such personal information in accordance with the requirements set out in the Data Protection Regulation (EU 2016-679).
Currently, your Personal Data is transferred to our following group companies located outside the European Economic Area, based on standard data protection clauses (only applies, if “Hard Brexit” occurs):
• PXP Financial Limited
The Corn Mill – 1 Roydon Road Stanstead Abbots, Hertfordshire SG12 8XL, UK.
• PXP Services Private Limited
402, 4th floor, CSR Estate, Plot No. 8, Sector-1, HUDA Techno enlave, Madhapur Main Road,
Hyderabad – 500081, Telangana, India

Links to Other Websites
Our service contains links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by us. Therefore, we strongly advise you to review the Privacy Policy of these websites. We have no control over, and take no responsibility for, the content, privacy policies, or practices of any third-party sites or services.

Storage of Data
We retain personal information in an identifiable format as long as required by law or regulation, or as needed for our business purposes. We retain personal information for longer periods of time than is legally required if it is in our legitimate business interests and is not prohibited by law. For the exact retention periods, please contact our Data protection officer.

Data Protection Rights
As the Affected Person, you have the right at any time to obtain information about your stored Personal Data, its origin and the recipient as well as the purpose of the data processing. You also have the right to correct and transmit your data and, if necessary, to object to (when data is processed based on our legitimate interest or your consent), restrict the processing of, or deleting of, your Personal Data.
If you want us to execute your Data Protection Rights as described above, you can send an email to our Data protection officer at data.protection@finolita.com
If you believe that the processing of your Personal Data by Finolita violates the applicable data protection law or your data protection claims have been violated in another way, you may file a complaint with the competent supervisory authority – State Data Protection Inspectorate.

Children’s Privacy
We do not knowingly collect personal identifiable information from or about children under 16 years of age. In the case we discover that a child under 16 has provided us with personal information, we immediately delete this from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us so that we will be able to take necessary actions.

Data encryption and Technical Security Measures
To prevent the illegal manipulation through a third person, the IP address of the logged-on computer will be requested and saved. In addition, all your Personal Data is protected from unauthorised access by a firewall – a computer that is fitted with complex security technology specifically designed to shield the company’s network from the Internet. We also use encryption and other security technologies to protect private information from unauthorized access. We ensure that information, Personal Data and data under our responsibility is properly backed up and that arrangements for recovery processes are in place. Additionally, the company uses reliable internal data protection mechanisms combined with a restrictive security system.

Contacting us
If you have any questions about this Privacy Policy, do not hesitate to contact Data Protection Officer at data.protection@finolita.com

Changes to this Privacy Policy
We reserve the right to amend this Privacy Policy as necessary, for example due to technical developments or legal changes, or to update it in connection with the offer of new services or products. The updated Privacy Policy will be published on our website and we will alert you about the material changes.

Do you have any other questions?