Kortelių privatumo politika
Effective date: October 20, 2023
UAB “PRO INVEST GROUP”, company code: 302453988, address: Savanorių av. 187, LT-50177 Kaunas, Lithuania, (“we”, “us”, “our”, the “Company”) is the controller of personal data you provide to us. We operate the ”Skaidri kortelė“ mobile app (the “Application”) to provide the line of credit (the “Services”) to our users (“you”, “your”, the “User”).
When processing your data, we adhere to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”), and other applicable data protection laws.
I. Information about us (the data controller):
Name: UAB “PRO INVEST GROUP”
Company code: 302453988
Address: Savanorių av. 187, LT-50177 Kaunas, Lithuania
Tel.: +370 700 31020
II. Information about data protection officer:
Data protection officer is not appointed. All Users’ inquiries shall be made at firstname.lastname@example.org.
III. What information we collect?
We collect and use the following information:
1. Personal Data
2. Usage Data
We may also collect information that your device sends us whenever you access the Application by or through a mobile device ("Usage Data").
When you access the Application by or through a mobile device, this Usage Data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.
Please note that such information, which is collected passively using various technologies, cannot presently be used to specifically identify you. The Application may use such information and pool it with other information to track certain information, for example, how our users use and interact with the Services.
IV. Collected and processed Personal Data, the purposes, and legal grounds for processing of Personal Data, as well as the terms of Personal Data storage:
|Purposes of data processing||Collected and processed data||Legal grounds for processing||Data retention and deletion|
|For the purposes of registering in the Application||• Name and surname;
• Telephone number;
• Email address.
|The processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract (Art. 6(1)(b) of the GDPR).||Data will be retained for a maximum of 1 (one) year following the last use of the Application, after which it will be permanently deleted.|
|For the purposes of using the Services (the line of credit)||• Name and surname;
• Telephone number;
• Email address;
• List of performed operations (transactions);
• Number of the virtual / plastic card (“card”) provided;
• Validity period of the card;
• CVV code number of the card.
|The processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract (Art. 6(1)(b) of the GDPR).||Data will be retained for a duration of 10 (ten) years after the Services has been provided, after which it will be permanently deleted.
The list of performed operations using the line of credit will be stored for 10 (ten) years, following the date of the last recorded operation, after which it will be permanently deleted.
|For the purposes of communicating with the User regarding the use of Application||• Name and surname;
• Telephone number;
• Email address;
• Communication information (messages, emails, etc.)
|The processing is necessary for the purposes of the legitimate interests pursued by the controller, i.e. respond to Users and provide relevant answers to the questions.||Data will be retained for 1 (one) year following the date of the last communication, after which it will be permanently deleted.|
If the User connects to the Application by using biometric data, such as fingerprints, the Company does not collect or have access to such User’s biometric data. The Company only receives an authentication result from the device's biometric system to facilitate User authentication. The Company may log and collect metadata related to biometric authentication attempts, such as timestamps and the number of attempts, but does not access or store the actual biometric data of the User.
V. Are you required to provide us your Personal Data?
Please note that in order for you to use our Application and Services you must provide us with the abovementioned Personal Data.
VI. Where do we get your Personal Data from (where does the data come from)?
We receive data directly from you, i.e., when you provide your Personal Data through the Application.
VII. Secure Data Handling
At our Company, we prioritize the security of User data above all else. We employ a comprehensive set of secure data handling procedures, underpinned by industry-standard encryption techniques. All data, both at rest and in transit, is encrypted using robust cryptographic algorithms. Our systems are regularly audited for vulnerabilities, and we conduct routine security assessments to ensure that we are in line with best practices.
Furthermore, access to User data is strictly limited to personnel who require it for legitimate business purposes, and all such access is logged and monitored for any irregularities. We also ensure that any third-party vendors or partners we work with adhere to stringent data security guidelines, thereby ensuring an end-to-end secure environment for our users' data.
VIII. Transfer of Data
Please note that we will not share your Personal Data with others, without your permission, except for the following purposes:
1. Others working for us (service providers)
2. Law & Order
We may disclose your information to third parties if we determine that such disclosure is reasonably necessary to (a) comply with the law; (b) protect any person from death or serious bodily injury; (c) prevent fraud or abuse of us or our users; or (d) protect our property rights.
We do not transfer your Personal Data to third country or international organisation, i.e., outside the European Union, unless required to do so by law or by the courts or as required for one of the purposes set out in this Policy.
IX. Data Retention and Deletion
At our Company, we are committed to retaining User data only for as long as it is necessary to fulfil the specific purposes for which it was collected, or as required by relevant legal or regulatory obligations. Once data is no longer required, or upon a User's request, we ensure its secure and permanent deletion from all our systems.
Our retention periods are determined at the section IV above based on a combination of operational and legal considerations, and we regularly review and update our data retention schedules to align with industry best practices. Any data backups are also subject to these retention guidelines. When data is deleted, we employ methods that ensure the data cannot be recovered, adhering to the highest standards of secure data disposal. This approach ensures that our Users' data is protected throughout its lifecycle, from collection to secure disposal.
X. Data Subjects’ Rights
Regarding the submission of your Personal Data via our Application and according to the GDPR, you have the following rights:
• the right to be informed about data processing;
• the right of access;
• the right to rectification;
• the right to erasure (‘right to be forgotten’);
• the right to data portability;
• the right to restriction of processing;
• the right to object.
Please be advised that you have the right to lodge a complaint with a data protection authority.
To exercise abovementioned rights, you must submit a request in writing and in a way that identifies you, i.e., affirming your identity. We do not process requests without the ability to identify the applicant.