PRIVACY POLICY

Effective date: October 20, 2023

UAB “PRO INVEST GROUP”, company code: 302453988, address: Savanorių av. 187, LT-50177 Kaunas, Lithuania, (“we”, “us”, “our”, the “Company”) is the controller of personal data you provide to us. We operate the ”Skaidri kortelė“ mobile app (the “Application”) to provide the line of credit (the “Services”) to our users (“you”, “your”, the “User”).

Here we describe how we collect, use, and handle your information when you use our Application. By using the Application, you agree to the collection and use of information in accordance with this Privacy Policy. All processing of our Users‘ data is also governed by our main privacy policy, which can be accessed here.

When processing your data, we adhere to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”), and other applicable data protection laws.

Please note that this Privacy Policy applies only to the Application. The Application may contain links to other applications or websites not operated or controlled by us. The links from this Application do not imply that we endorse or reviewed such third-party applications or websites.

I. Information about us (the data controller):

Name: UAB “PRO INVEST GROUP”
Company code: 302453988
Address: Savanorių av. 187, LT-50177 Kaunas, Lithuania
info@kreditucentras.lt
Tel.: +370 700 31020

II. Information about data protection officer:

Data protection officer is not appointed. All Users’ inquiries shall be made at info@kreditucentras.lt.

III. What information we collect?

We collect and use the following information:

1. Personal Data

When you use our Application, we may collect certain personally identifiable information about you (“Personal Data”), i.e., when you voluntarily provide such information such as when you use our Application and Services, contact us with inquiries, etc. Wherever we collect Personal Data we provide a link to this Privacy Policy.

2. Usage Data

We may also collect information that your device sends us whenever you access the Application by or through a mobile device ("Usage Data").
When you access the Application by or through a mobile device, this Usage Data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.
Please note that such information, which is collected passively using various technologies, cannot presently be used to specifically identify you. The Application may use such information and pool it with other information to track certain information, for example, how our users use and interact with the Services.

IV. Collected and processed Personal Data, the purposes, and legal grounds for processing of Personal Data, as well as the terms of Personal Data storage:

Purposes of data processing	Collected and processed data	Legal grounds for processing	Data retention and deletion
For the purposes of registering in the Application	• Name and surname; • Telephone number; • Email address.	The processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract (Art. 6(1)(b) of the GDPR).	Data will be retained for a maximum of 1 (one) year following the last use of the Application, after which it will be permanently deleted.
For the purposes of using the Services (the line of credit)	• Name and surname; • Telephone number; • Email address; • List of performed operations (transactions); • Number of the virtual / plastic card (“card”) provided; • Validity period of the card; • CVV code number of the card.	The processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract (Art. 6(1)(b) of the GDPR).	Data will be retained for a duration of 10 (ten) years after the Services has been provided, after which it will be permanently deleted. The list of performed operations using the line of credit will be stored for 10 (ten) years, following the date of the last recorded operation, after which it will be permanently deleted.
For the purposes of communicating with the User regarding the use of Application	• Name and surname; • Telephone number; • Email address; • Communication information (messages, emails, etc.)	The processing is necessary for the purposes of the legitimate interests pursued by the controller, i.e. respond to Users and provide relevant answers to the questions.	Data will be retained for 1 (one) year following the date of the last communication, after which it will be permanently deleted.

If the User connects to the Application by using biometric data, such as fingerprints, the Company does not collect or have access to such User’s biometric data. The Company only receives an authentication result from the device's biometric system to facilitate User authentication. The Company may log and collect metadata related to biometric authentication attempts, such as timestamps and the number of attempts, but does not access or store the actual biometric data of the User.

V. Are you required to provide us your Personal Data?

Please note that in order for you to use our Application and Services you must provide us with the abovementioned Personal Data.

VI. Where do we get your Personal Data from (where does the data come from)?

We receive data directly from you, i.e., when you provide your Personal Data through the Application.

VII. Secure Data Handling

At our Company, we prioritize the security of User data above all else. We employ a comprehensive set of secure data handling procedures, underpinned by industry-standard encryption techniques. All data, both at rest and in transit, is encrypted using robust cryptographic algorithms. Our systems are regularly audited for vulnerabilities, and we conduct routine security assessments to ensure that we are in line with best practices.

Furthermore, access to User data is strictly limited to personnel who require it for legitimate business purposes, and all such access is logged and monitored for any irregularities. We also ensure that any third-party vendors or partners we work with adhere to stringent data security guidelines, thereby ensuring an end-to-end secure environment for our users' data.

VIII. Transfer of Data

The information you provide to us, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction. By voluntarily providing us with Personal Data, you are consenting to our use of it in accordance with this Privacy Policy.

Please note that we will not share your Personal Data with others, without your permission, except for the following purposes:

1. Others working for us (service providers)

We can use certain trusted third parties (for example, providers of customer support and IT services) to help us improve our Application. These third parties may access information only to perform tasks on our behalf in compliance with this Privacy Policy, and we'll remain responsible for their handling of your information per our instructions.

2. Law & Order

We may disclose your information to third parties if we determine that such disclosure is reasonably necessary to (a) comply with the law; (b) protect any person from death or serious bodily injury; (c) prevent fraud or abuse of us or our users; or (d) protect our property rights.

We do not transfer your Personal Data to third country or international organisation, i.e., outside the European Union, unless required to do so by law or by the courts or as required for one of the purposes set out in this Policy.

IX. Data Retention and Deletion

At our Company, we are committed to retaining User data only for as long as it is necessary to fulfil the specific purposes for which it was collected, or as required by relevant legal or regulatory obligations. Once data is no longer required, or upon a User's request, we ensure its secure and permanent deletion from all our systems.

Our retention periods are determined at the section IV above based on a combination of operational and legal considerations, and we regularly review and update our data retention schedules to align with industry best practices. Any data backups are also subject to these retention guidelines. When data is deleted, we employ methods that ensure the data cannot be recovered, adhering to the highest standards of secure data disposal. This approach ensures that our Users' data is protected throughout its lifecycle, from collection to secure disposal.

X. Data Subjects’ Rights

Regarding the submission of your Personal Data via our Application and according to the GDPR, you have the following rights:
• the right to be informed about data processing;
• the right of access;
• the right to rectification;
• the right to erasure (‘right to be forgotten’);
• the right to data portability;
• the right to restriction of processing;
• the right to object.

Please be advised that you have the right to lodge a complaint with a data protection authority.

To exercise abovementioned rights, you must submit a request in writing and in a way that identifies you, i.e., affirming your identity. We do not process requests without the ability to identify the applicant.

XI. Changes

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy in the Application.

You are advised to review this Privacy Policy periodically for any changes. This Privacy Policy was last updated on the date indicated above. Your continued use of the Application after any changes or revisions to this Privacy Policy shall indicate your agreement with the terms of such revised Privacy Policy.