1. According to the Joint Controller Agreement No. 20180919 from September 19, 2018, your personal data controller is the Paysera network. Contact details of Paysera are available at www.paysera.com. Contact details of the data protection officer authorised by Paysera: firstname.lastname@example.org.
2. Personal data collected by Paysera are processed in accordance with the Law on Legal Protection of Personal Data of the Republic of Lithuania, the General Data Protection Regulation and other legal acts. All employees, agents and employees of the agents of Paysera who know the secret of personal data must keep it safe even after termination of the employment or contractual relationship.
3. For the purpose of the processing personal data, Paysera may engage data processors and/or, at its sole discretion, hire other persons to perform certain functions on behalf of Paysera. In such cases, Paysera shall take necessary measures to ensure that such data is processed by the personal data processors in accordance with instructions of Paysera and applicable legislation. Paysera shall also require the personal data processors to implement appropriate measures for the security of personal data. In such cases, Paysera shall ensure that such persons will be subject to the non-disclosure obligation and will not be able to use this information for any other purpose, except to the extent necessary to perform the functions assigned to them.
5. Paysera respects the individual's right to privacy and makes all reasonable efforts to ensure the security and confidentiality of personal data and other information processed on this website.
6. You can visit this website not providing any information about yourself, however, if you want to open an account in the Paysera system and/or use other payment services offered by Paysera, Paysera will ask you to provide personal data indicated in the system and to carry out established identification procedures.
Purposes of the processing. Data providers, terms and recipients
8. The main purpose for which Paysera collects your personal data is to provide the payment services of Paysera to clients who send and receive payments. As a payment service provider, Paysera is bound by law to establish and verify your identity prior to entering into financial services transactions with you, also, at the time of the provision of the services, to request further information, as well as assess and store this information for the retention period set out by legislation. Taking this into account, you must provide correct and complete information. Further, Paysera specifies the data and purpose of which these data are collected.
9. PURPOSE: Client's identification, provision of payment services (account opening, transfers of funds, payment collection and other), or implementation of other legal obligations of the payment service provider.
9.1. Personal data is processed for this purpose in compliance with legal requirements related to:
9.1.1. establishing and verification of the client's identity;
9.1.2. conclusion and execution of agreements with the client or in order to take steps at the request of the client;
9.1.3. execution of transfers of funds and transmission of necessary information together with a transfer in accordance with legislation;
9.1.4. implementation of the "Know Your Client" principles;
9.1.5. continuous and periodic monitoring;
9.1.6. risk assessment;
9.1.7. updating clients' data in order to ensure their accuracy;
9.1.8. prevention of possible money laundering and terrorist financing, prevention of fraud, detection, investigation and informing of such activity, determination of politically exposed persons or financial sanctions imposed on the client;
9.1.9. ensuring proper risk and organization management.
9.2. For this purpose, the following personal data may be processed: name, surname, personal identification number, address, date of birth, data from an identity document and a copy of the document, photo, direct video transmission (direct video broadcast) recording, citizenship, email address, phone number, payment account number, IP address, current activity, current public function, other data required by the Law on Prevention of Money Laundering and Terrorist Financing.
9.3. These personal data are collected and processed on the basis of a legal obligation imposed on the payment service provider, i.e. the Law on Payments of the Republic of Lithuania, the Law on Electronic Money and Electronic Money Institutions of the Republic of Lithuania and the Law on Prevention of Money Laundering and Terrorist Financing of the Republic of Lithuania, and are required in order to open an account and/or provide a payment service.
9.4. Data retention period: 8 (eight) years after the termination of the business relationship with the client. The retention period may be extended for a period not exceeding 2 (two) years, provided there is a reasoned request from a competent authority. Such data retention period is required by the Law on Prevention of Money Laundering and Terrorist Financing of the Republic of Lithuania.
9.5. Data providers: the data subject, credit and other financial institutions and their branches, PE Center of Registers, databases for checking the data of personal documents (databases of expired documents and other international databases), authority check registers (registers of notarized authority and other databases), the Register of Incapacitated and Disabled Persons, the Population Register, companies consolidated debtor files (e.g. in Lithuania, UAB "Creditinfo Lietuva"or other), companies maintaining registers of international sanctions, other persons.
9.6. Groups of data recipients: supervisory authorities, credit, financial, payment and/or electronic money institutions, pre-trial investigation institutions, the State Tax Inspectorate, payment service agents of Paysera (if the operation is carried out using their services), beneficiaries of transaction funds receiving the information in payment statements together with the funds of the transaction, debt collection and recovery agencies, companies processing consolidated debtor files, lawyers, bailiffs, auditors, other entities having a legitimate interest, other entities under an agreement with Paysera, only provided you have given your separate consent for that.
9.7. Data may be provided to third countries (outside of the European Union or the European Economic Area) only in the case your payment transfer is carried out to a third country, or a partner (correspondent) from a third country is engaged in the payment execution.
10. PURPOSE: Debt management.
10.1. Personal data under this purpose is processed in order to manage and collect debts, submit claims, demands, lawsuits and other documents, to provide documents for debt collection.
10.2. For this purpose, the following personal data may be processed: name, surname, personal identification number, address, date of birth, data from an identity document, email address, phone number, payment account number, IP address, payment account statements.
10.3. Data retention period: the due date for the debt is 10 (ten years) from the day the debt is incurred, and after the opening of legal proceedings, the time limit is extended until the debt is repaid and for 24 (twenty four) months after the repayment. The data retention period is based on the limitation periods for proceedings set out by the Civil Code of the Republic of Lithuania.
10.4. Data providers: the data subject, credit, financial, payment and/or electronic money institutions, PE Center of Registers, the Population Register, companies processing consolidated debtor files (e.g. in Lithuania, UAB "Creditinfo Lithuania"or other), other persons.
10.5. Groups of data recipients: companies processing consolidated debtor files, credit, financial, payment and/or electronic money institutions, lawyers, bailiffs, courts, pre-trial investigation institutions, the State Tax Inspectorate, debt collection and recovery agencies, other entities having a legitimate interest.
10.6. The data may be provided to third countries (outside of the European Union or the European Economic Area), when the circumstances of the debt are related to the third country.
10.7. Please note, that if you have a debt to Paysera and you are postponing the performance of your obligations for more than 30 (thirty) days, Paysera has the right to provide the information on your identity, contact details and credit history, i.e. financial and property liabilities and information on their execution, debts and its payment to companies managing debtors' databases (such as the credit institution UAB "Creditinfo Lithuania" in Lithuania*), as well as to debt collection companies. You can access your credit history by contacting the credit bureau directly.
11. PURPOSE: To support and administrate relations with clients, prevent disputes and collect evidence (recording phone conversations), correspondence of business relations with the client.
11.1. Personal data are processed for this purpose in order to:
11.1.1. protect interests of the client and/or Paysera;
11.1.2. prevent disputes, provide evidence of business communication with the client (recordings of conversations, correspondence);
11.1.3. perform quality assessment and ensure the quality of services provided by Paysera;
11.1.4. when it is necessary for the execution of the agreement, in order to take steps at the request of the client or in implementing a legal obligation.
11.2. For this purpose, the following personal data may be processed: name, surname, address, date of birth, email address, phone number, IP address, payment account statements, phone conversation recordings, correspondence with the client.
11.3. Data retention period: 5 (five) years after the termination of the business relationship with the client. The retention period may be extended for a period not exceeding 2 (two) years, provided there is a reasoned request from a competent authority. Such data retention period is required by the Law on Prevention of Money Laundering and Terrorist Financing of the Republic of Lithuania.
11.4. Data providers: the data subject.
11.5. Data recipients: supervisory authorities, companies processing consolidated debtor files, lawyers, bailiffs, courts, pre-trial investigation institutions, debt collection and recovery agencies, other entities having a legitimate interest, other entities under an agreement with Paysera, only provided you have given your separate consent for that.
11.6. The data are not provided to third countries outside of the European Union or the European Economic Area.
12. PURPOSE: Credit rating assessment, credit risk management, and automated decision making.
12.1. The personal data for this purpose are processed to assess the creditworthiness of clients, to manage the credit risk, and to meet the requirements related to operational risk management and capital adequacy, so that Paysera can offer to provide funding.
12.2. The following personal data may be processed for this purpose: name, surname, address, date of birth, email address, telephone number, payment account number, IP address, payment account statements, client's balance on the account, financial liabilities, credit and payment history, income, education, workplace, current work position, work experience, available assets, and data on relatives.
12.3. Data retention period: 10 (ten) years after the termination of the business relationship with the client.
12.4. Data Providers: the data subject, credit and other financial institutions and their branches, law enforcement agencies, other registers and state institutions, companies processing consolidated debtor files (e.g. in Lithuania, UAB "Creditinfo Lithuania" or other), natural persons who provide data about spouses, children, and other persons related by kinship or affinity, co-debtors, guarantors, collateral providers, etc., legal entities when the client is a representative, employee, contractor, shareholder, participant, owner, etc. of these legal entities, and partners or other legal entities who Paysera employs for service provision.
12.5. Data recipients: credit, financial, payment and/or electronic money institutions or service providers assisting in the assessment of creditworthiness, and companies processing consolidated debtor files.
12.6. The data are not provided to countries outside the European Union or the European Economic Area.
12.7. In order to conclude or offer to enter into a funding agreement with you and to provide you with services, Paysera will, in certain cases, apply decision-making based on the automated processing of your personal data. In this case, the system checks your creditworthiness with a set algorithm and assesses whether the service can be provided. If the automated decision is negative, it may be changed by the client providing more data. Paysera takes all the necessary measures to protect your rights, freedoms, and legitimate interests. You have the right to demand human intervention, express your opinion, and challenge an automated decision. You have the right to oppose an automated decision by contacting Paysera directly.
13. PURPOSE: Protection of interests of Paysera and the client (video surveillance in the premises of Paysera).
13.1. Personal data for this purpose are processed in order to ensure the security of Paysera and/or the client, to protect the life and health of the client and/or his/her representative and other rights of Paysera and the client (video surveillance and recording in the premises of Paysera) in a pursuit of the legitimate interest to protect clients, employees and visitors of Paysera and their property, as well as the property of Paysera.
13.2. For this purpose, the following personal data may be processed: video recordings at the premises managed by Paysera.
13.3. Before entering the premises of Paysera where video surveillance is conducted, you are informed about the surveillance by special markings.
13.4. Data retention period: 1 (one) year.
13.5. Data providers: the data subject, who visits the premises of Paysera, where video surveillance is conducted, and is captured by the surveillance camera.
13.6. Data recipients: courts, pre-trial investigation institutions, lawyers (only in case of attempt to attack).
14. Informing the client about services. Personal data for this purpose is processed in order to inform the client about the services provided by Paysera, their prices, specifics, changes in terms of the agreements concluded with the client, for sending system and other messages relating to the provided Paysera services.
14.1. The following personal data may be processed for this purpose: email address, phone number.
14.2. The data subject confirms that they are aware that such messages are necessary for the execution of the General Payment Service Agreement and/or its supplements concluded with the client, and they are not considered to be direct marketing messages.
14.3. Data retention period: 24 (twenty four) months after the termination of the business relationship with the client.
14.4. Data providers: the data subject.
14.5. Data recipients: the data for this purpose are not provided to other persons.
15. Direct marketing. For this purpose, personal data are processed in order to provide the client with offers on the services provided by Paysera.
15.1. The following personal data may be processed for this purpose: email address, phone number.
15.2. With this document you confirm, that you are aware of the fact that the aforementioned data may be processed for the purpose of direct marketing, and that you have the right to disagree and to object the use of your personal data for this purpose at any time by informing Paysera thereof in writing via email to email@example.com. The message must contain the full name and email address of the personal data subject.
15.3. Data retention period: 24 (twenty four) months after the termination of the business relationship with the client or until the day the client objects the data processing for this purpose.
15.4. Data providers: the data subject.
15.5. Data recipients: The data for this purpose may be transmitted to search or social networking systems (the possibility to object data processing is ensured by the websites of these systems). The data shall not be provided to other persons.
16. All of your personal data collected for the aforementioned purposes, except for the name, surname, personal identification number, the number of your ID document and the exact residence place, may be processed for the purpose of statistical analysis. For this purpose, personal data shall be processed in such a way that, by including them in the scope of statistical analysis, it is not possible to identify the data subjects concerned. The collection of your personal data for the purpose of statistical analysis is based on the legitimate interest to analyze, improve and develop the conducted activity. I am aware that I have the right to disagree and object my personal data processing for such purpose at any time and in any form by informing thereof Paysera. However, Paysera may continue to process the data for statistical purposes if it proves that the data is processed for compelling legitimate reasons beyond the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
18. All the aforementioned personal information constituting personal data shall not be transferred to any third parties without your consent, except when it is required by applicable law or for the purpose of the provision of services (e.g. necessary information is transmitted together with your payment).
19. I agree that my data referred to above will be provided and received through a software tool used by Paysera or its authorised representative thereof, also by other means and third persons with whom Paysera has entered into personal data processing agreements in accordance with laws and regulations.
20. Profiling carried out by Paysera involves processing of personal data by automated means for the purposes of legislation relating to risk management and continuous and periodic monitoring of transactions in order to prevent fraud; such ongoing profiling is based on legitimate interests of Paysera, the performance of a legal obligation and the execution of the agreement.
21. For the purpose of direct marketing and statistical analysis, profiling may be carried out by using Piwik, Google, Facebook and other analytics tools.
Processing the personal data of minors
22. A minor under 14 (fourteen) years old, seeking to use the payment services of Paysera, shall provide the written consent from his/her representative (father or mother or legal guardian) with regard to his/her personal data processing.
24. Like most website managers, Paysera monitors traffic of the website and collects information on the number of visitors browsing the website, the domain name of Internet service providers of visitors, etc. Such information is collected automatically when visiting the website. It helps the website manager to understand the way visitors use the website and to improve the services provided by Paysera.
26. Most web browsers accept cookies, but the person can change the browser settings so that cookies would not be accepted. However, in this case, some functions may not work.
27. All information about the cookies used by the website, their purpose, validity and the data used are given in the table below:
|PHPSESSID||While the web session is active||Operation|
|XSRF-TOKEN||While the web session is active||Operation|
|my_language||1 year, or until the user changes the language||User interface improvement|
|user_token||While the web session is active, or until the user logs out||Operation|
|FilterStore:*||2 weeks||User interface improvement|
|_pk_ses.*||While the web session is active||Statistics|
|_dc_gtm_UA-*||While the web session is active||Statistics|
|my_language||1 year, or until the user changes the language||User interface improvement|
The right of access, rectification, erasure of your personal data and to restrict data processing
28. You have the following rights:
28.1. THE RIGHT OF ACCESS TO DATA: to obtain information as to whether or not Paysera processes your personal data, and, where that is the case, access to the personal data processed by Paysera and to receive information on what personal data and from which sources are collected, the purposes of the processing, the recipients to whom the personal data have been or may be provided; to obtain from Paysera a copy of the personal data undergoing processing in accordance with the applicable law. Upon the receipt of your written request, Paysera, within the time limit laid down in the legislation, shall provide the requested data in writing, or specify the reason of refusal. Once in a calendar year, data may be provided free of charge, but in other cases a remuneration may be set at a level not exceeding the cost of the data provision. More information on the right of access to data and its procedure can be found here;
28.2. THE RIGHT OF RECTIFICATION: if your data processed by Paysera is incorrect, incomplete or inaccurate, you can address Paysera in writing for rectification of the incorrect or inaccurate data or to have the incomplete personal data completed by providing a relevant request;
28.3. THE RIGHT TO BE FORGOTTEN: to request the termination of the data processing (erase the data), in the case the data subject withdraws consent on which the processing is based, or the personal data are no longer necessary in relation to the purposes for which they were collected, or the personal data have been unlawfully processed, or the personal data have to be erased for compliance with a legal obligation. A written notice of objection to personal data processing shall be submitted to Paysera personally, by post or via electronic means of communication. If your objection has legal grounds, Paysera, after examining the request, shall terminate any actions of processing of your personal data, with the exception of cases provided for by law. It should be noted that the right to require the immediate erasure of your personal data may be limited or not possible due to the obligation of Paysera as a payment service provider to store data about the clients' identification, payment transactions, concluded agreements, etc. for the period laid down in legislation;
28.4. THE RIGHT TO RESTRICTION OF PROCESSING: to request to restrict the processing of personal data, where the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data; the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims. A data subject who has obtained restriction of processing shall be informed by the data controller before the restriction of processing is lifted;
28.5. THE RIGHT TO OBJECT: the right to object to the processing of your personal data for direct marketing purposes;
28.6. to address the supervisory authority with a claim regarding the processing of your personal data, if you believe that the personal data are processed in violation of your rights and legitimate interests stipulated by applicable legislation;
28.7. to contact the data controller and/or the data protection officer for the purpose of exercising your rights;
28.8. other statutory rights.
29. You can send your request for access, rectification or objection to data processing via email to: firstname.lastname@example.org. The person submitting the request must clearly indicate their full name and add a copy of their personal identification document or sign the request electronically.
30. Paysera is not responsible for the protection of the Client's privacy on websites of third parties, even if such websites are accessed by the client through links provided on this website. Paysera recommends to learn privacy policies of each website which does not belong to Paysera.
The use of logos
31. The client, using the services of Paysera for business objectives and professional interests, agrees that its name and/or logo may be used by Paysera for direct marketing purposes (e.g. by indicating that the client is using the services provided by Paysera).
Ensuring information security
32. Paysera aims to ensure the highest level of security for all information obtained from the Client and public data files. In order to protect this information from unauthorised access, use, copying, accidental or unlawful erasure, alternation, or disclosure, as well as from any other unauthorised form of processing, Paysera uses appropriate legal, administrative, technical and physical security measures.
34. The term "this website" used in the present provisions is a reference to www.paysera.com.
* – UAB "Creditinfo Lithuania" (company code: 111689163, address: A. Goštauto st. 40, LT 01112 Vilnius, Lithuania, www.manocreditinfo.lt, phone: (8 5) 2394131, which manage and provide your information to third parties (financial institutions, telecommunication agencies, insurance, electricity and utility service providers, trading companies, etc.) for legitimate interests and objectives: to assess your creditworthiness and manage debts. Credit history data are usually stored 10 years after the fulfillment of obligations).