Privacy Policy

GURU PAY PRIVACY POLICY 

This Privacy Policy describes what personal data UAB Guru Pay (“the Company”, “we”, or “us”) collects and how we use (process) them, with whom we share our clients and visitors (you“) personal data, which we collect when you browse our https://gurupay.eu/ website (“the Website”), or when you open an account with us and use our internet banking services (“the Services”), or when you choose to contact us or provide us with your personal data through the Website.  

 

WHO WE ARE 

UAB Guru Pay is an electronic money institution (EMI) providing e-money and payment services to customers in Lithuania, other EEA countries, Switzerland, San Marino, and the Principality of Monaco. The Company carries out financial services activities such as issuance of e-money, payment execution (domestic and cross-border), the opening of IBAN accounts, SEPA and SWIFT payments, etc. We are a modern variety of an ordinary and well-known bank, which allows all operations to be done without leaving your home, but just simply connected to the online bank.  

We respect privacy of our clients as well as potential customers and random visitors to our Website and we are committed to protecting it through this Privacy Policy. Please, take some time and read through the Privacy Policy and get acquainted with the terms and conditions of processing of your personal data and information about your privacy rights. If you provide personal data on behalf of someone else, you are required to inform them about processing of their data and to refer them to this Privacy Policy. Do not hesitate to contact us if you have any questions regarding processing of your personal data or exercise of your rights. This Privacy Policy should be read and applied in conjunction with our Terms and Conditions and our Cookie Policy. 

Data controller 

UAB Guru Pay, a company incorporated and registered under the laws of Lithuania, with legal entity code 304891889, having its registered office address at J. Basanavičiaus str. 24, LT-03224 Vilnius, Lithuania, is the data controller of your personal data. Our contact e-mail address is [email protected] 

Data protection officer 

In case of any questions regarding the processing of your personal data, please contact the Data Protection Officer at [email protected]. 

HOW WE USE YOUR PERSONAL DATA? 

We will only collect and process your personal data when the law allows us to. Most commonly, we will collect and process your personal data in the following circumstances: 

  • When we need to perform the contract, we have entered with you or we are about to enter into and we need to take certain steps at your request. 
  • When we need to comply with a legal or regulatory obligation. 
  • When it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests. 
  • When you consented to data collection and processing for the particular purpose. 

WHAT PERSONAL INFORMATION DO WE PROCESS? 

The personal data we process (collect, use, store and share, etc.) about you depends on who you are and how we interact with you: whether you are our client and user of our internet banking services, or just a regular visitor to our Website, or whether you apply for job position at our Company. When we refer in this Privacy Policy to “personal data” we are referring to data about you (or other natural person) from which you could be identified directly or that makes you identifiable indirectly by one or more factors related and specific to you such as your name, your contact details, online identifier and even your IP address. 

If you are a Private Client 

When you wish to open a personal bank account, you must fill in the Registration form on our Website. For such reason we are collecting and processing personal data you provided for us on the Registration form: 

  • Your name (first name, last name) 
  • Date of birth 
  • Citizenship 
  • ID/ Passport number 
  • Personal code (if applicable) 
  • Politically Exposed Person status (or relative to PEP) 
  • Relation to US (citizen and/or tax resident) 
  • Country of tax residence 
  • Tax identification number (TIN, if applicable) 
  • Permanent residential address (Post code, City, Country) 
  • Communication address (if different from permanent residential address) 
  • Email address 
  • Phone number 
  • Employment status (employer, position) 
  • Source of Funds and Source of Wealth details 
  • Technical data (IP address, location, device, browser, etc.) 

The purpose of processing – provision of services (opening a bank account) 

Legal basis for processing – the performance of the contract between us and you as Private Client or necessity to take steps at your request before entering into a contract 

The period of data storage – 10 years after closing your account 

If you are a Corporate Client 

When you wish to open a company account, you must fill in the Registration form on our Website. For such reason we are collecting and processing personal data you provided for us on the Registration form: 

  • Your name (first name, last name) 
  • Company name and position 
  • Citizenship 
  • Personal code (if not available – Date of Birth) 
  • ID number / Passport number 
  • Residence address / Country of residence 
  • Tax ID and tax residence country 
  • Politically Exposed Person status (or relative to PEP) 
  • Relation to US (citizen and/or tax resident) 
  • Phone number 
  • E-mail address 
  • Date of birth 
  • Counterparties (Company/Individual name; country) 
  • Agreement with counterparties 
  • If Client is an obligated entity – Corporate Client’s customer personal information (Name, Date of Birth, ID and etc.) 
  • Internal policies and procedures related with AML/CTF, agreements with service providers related to AML/CFT and KYC processes 
  • Technical data (IP address, location, device, browser, etc.) 

The purpose of processing – provision of services (opening a company account) 

Legal basis for processing – the performance of the contract between us and you as Private Client or necessity to take steps at your request before entering into a contract 

The period of data storage – 10 years after closing your account 

If you use our internet banking services 

When you use our internet banking services and functionality of our banking website https://online.gurupay.eu/ib/site/login (for making payments, currency exchange), we will collect personal data as necessary for provision of those services: 

  • User ID and password 
  • Beneficiary details 
  • Date, time 
  • Amount and currency which was used 
  • Name and (or) IP address of sender and receiver 
  • Accounts number (e.g. IBAN) 
  • Details of debit cards and credit cards (including the card number, expiry date and CVC) 
  • Amount of transactions 
  • Income, currency, currency exchange rate 
  • Details of the merchant or ATMs associated with the transaction 
  • Location 
  • Technical data (information about devices being used, IP address, a unique device identifier, log-in information (login, password and other registration information), browser type and version, mobile network information, mobile operating system, the type of mobile browser used, information about the visit (including the links that have been clicked on (including date and time)), page response times, length of visits to certain pages and other similar data) 

The purpose of processing – provision of services 

Legal basis for processing – the performance of the contract between us and you 

The period of data storage – 10 years after transaction 

If you ask for an Acquiring Service (for Corporate Clients) 

When you wish to get an Acquiring Service that is provided by our partners we shall collect your data, necessary for this service and transfer those data to our partners. Your data shall be processed by our acquiring partners as an independent data controller according to their Terms&Conditions and Privacy Policy 

  • Full name of company director 
  • Title 
  • Address – company’s and private (including postal code, city, country) 
  • Email 
  • Phone number 
  • Signature 
  • Payout information – owner of account, account number, bank name, SWIFT code 
  • Website login details – User ID and password (if applicable) 
  • Contact persons details – name, phone number, Email (General contact, Technical contact Financial contact (account/billing)) 
  • Data of beneficial owners – Name (first name, last name) email) 
  • Information about PEP status – full name, position, relationship with PEP 
  • Technical data (information about devices being used, IP address, a unique device identifier, browser type and version) 

The purpose of processing – provision of services – Acquiring Service 

Legal basis for processing – the performance of the contract between us and you as Private or Corporate Client or necessity to take steps at your request before entering into a contract 

The period of data storage – 10 years after transaction 

When we implement the Know Your Customer (KYC) principle and Anti-Money Laundering (AML) requirements  

As part of our services, we are obligated to collect certain personal data and information and conduct obligatory Know Your Customer (KYC) and Anti Money Laundering procedures), we will collect personal data as necessary for provision of those services: 

  • Your name (first name, last name) 
  • Photograph of your face 
  • Photograph of ID document 
  • Identity check status 
  • Involvement in court procedures or relevant criminal record 
  • Applicable sanctions 
  • Status as PEP 
  • Counterparties (Company/Individual name; country); 
  • Agreement with counterparties 
  • If Client is an obligated entity – Corporate Client’s customer personal information (Name, Date of Birth, ID and etc.) 
  • Internal policies and procedures related with AML/CTF, agreements with service providers related to AML/CFT and KYC processes 
  • Source of fund/source of wealth 

The purpose of processing – to verify customers’ identity and to perform other obligatory KYC/AML procedures 

Legal basis for processing – to comply with legal obligation (KYC/AML requirements set in the legislation) 

The period of data storage – 8 years after you cease using our services 

If you communicate with us 

When you contact us by corresponding with us, including via e-mail and internet banking, in order to answer to your requests and provide you support we may process: 

  • Your name (first name, last name) 
  • Address 
  • E-mail address 
  • Personal code (if not available – Date of Birth) 
  • ID number / Passport number 
  • Your login data (log name and password) 
  • Prone number 
  • Other personal information you provide in your communication with us or is necessary to respond to your request 
  • Technical data (IP address, location, device, browser, etc.) if you communicate through electronic means 

When you contact us by calling via phone, in order to answer to your requests and provide you support we may record telephone calls and process: 

  • Your name (first name, last name) 
  • Prone number 
  • Language you have chosen for the conversation 
  • Recorded conversation 
  • Other personal information you provide in your communication with us or is necessary to respond to your request 
  • Technical data (IP address, location, device, browser, etc.) 

The purpose of processing – to answer to customers’ questions and requests while providing support and to improve the quality of our services 

Legal basis for processing – the performance of the contract between us and you as Private or Corporate Client or necessity to take steps at your request before entering into a contract or legitimate interest of the Company 

The period of data storage – 180 days after request was solved 

If you file a complaint with us  

When you file any complaint in connection with our services we are obliged to handle the complaint and we must therefore process: 

  • Your name (first name, last name) 
  • Date of the complaint 
  • Address 
  • Phone number 
  • E-mail address 
  • Other personal information you provide in your complaint 
  • Technical data (IP address, location, device, browser, etc.) if your complaint is submitted by electronic means 

The purpose of processing – handling of Clients complaints 

Legal basis for processing – to comply with legal obligation (Resolution of the Board of the Bank of Lithuania No. 03-105 for Rules for examining financial market participants complaints) 

The period of data storage – 3 years from the date of the final reply to the complainant 

If you are applying for an open position in the Company (Recruitment process) 

The Company is constantly growing and having open positions in the Company. If you are applying for a job at our Company in response to job advert, whether advertised on a Company’s profile on LinkedIn or you were recommended by third person (e.g. by current employees of the Company), we shall process personal data of job applicant and potential candidates for employment in order to assess the suitability of the candidate for a particular position you are applying for. During the recruitment process we may process the data that you provide us with your resume or application and/or we receive from other sources (e.g. recommendations from your previous employers): 

  • Your name (first name, last name) 
  • Contact details (phone No., email address) 
  • Education 
  • Work experience 
  • Professional experience (certificates) 
  • Other information that you provide on your resume and cover letter (including but not limited to photograph, date of birth, residential address, etc. which are not mandatory and provided by sole intention of the applicant) 
  • Recommendations from previous employers 
  • Results/findings of the interview with the candidate 
  • Communication with the candidate 
  • Technical data (IP address, location, device, browser, etc.) if your application is submitted by electronic means 

The purpose of processing – identifying and evaluating candidates for potential employment (assessing his/her suitability for particular position) and contacting candidates 

Legal basis for processing – your consent (by applying for a particular position in the Company and sending your resume and other documents to us) 

The period of data storage – until the until the recruitment process is completed, but not longer than 1 year from the date of your consent. 

DIRECT MARKETING 

We may engage in various marketing activities and try to improve our Services and user experience. We need to know what Services are or could be most interesting and useful for our clients, from which countries they come to our Website, how often they return, which browsers they use, on which devices the Website is browsed, what is their IP address. We may collect that data by using third party tools such as cookies and other technologies (e.g. Google Analytics or similar ones), which allows to record and analyze statistical data about use of the Website and / or our Services. Please see our Cookie Policy for further details.  

If you are a visitor of our Website 

As you visit or interact with our Website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, session logs and other similar technologies. For this, we also may use Google Analytics tool, which lets us to collect and analyze the relevant data. You can learn more about how Google Analytics works and the information it allows us to collect and analyze here 

We use cookies to improve our Website, make your browsing experience and our business decisions better. Please see our Cookie Policy for further details. 

  • IP address 
  • Your location (region you came from to our Website) 
  • Your device you are browsing from and the browser you use 
  • What content you are interested on our Website (the sites you visit and the content you read) 
  • Referrer website (the website that linked you to our website, if any) 

The purpose of processing – to improve our Website and users experience 

Legal basis for processing – our legitimate interest (IT security, marketing) and your consent for processing data for particular purpose (e.g. the use of cookies) 

The period of data storage – depends on technologies used for data collection 

If you shall not provide us your personal data 

In case we need to process personal data by legal obligation or under the terms of a contract we have entered with you (or if we need to take steps at your request prior to entering into a contract) and you do not provide us with this personal data, we may not be able to comply with legal requirements and provide our services to you or will not be able to conclude and execute a contract with you. 

Links to other sites 

Our Website may contain links to other sites, e.g. links to social media websites such as our LinkedIn account (https://www.linkedin.com/company/gurupay/about/). This Privacy Policy is applicable only with respect to our Website an internet banking website, but not any other sites, therefore we strongly recommend to review privacy policies of any websites that you may reach by following hyperlinks presented on our Website. We have no control and no responsibilities with regard to any content or data processing by controllers of such other websites. 

WHO CAN WE SHARE YOUR DATA WITH? 

We put our best efforts to keep your data safe and always require the high level of security and confidentiality from our employees and partners. 

We may share your personal data with our trusted services providers. We use third party service providers to undertake processing operations on our behalf, and this may require us to share your personal data with them when they provide services to us. If our service providers need access to your personal data in order to provide services to us, this will be done only according to Data processing agreements we shall sign with all our data processors. Nevertheless, we will control and shall remain responsible for the use of your personal data at all times. The categories of entities that may have access to your personal data: 

  • Providers of information technology services such as hosting services and other key operational systems such as banking modules 
  • Providers of KYC/AML and fraud prevention services 
  • Other professional service providers such as accountants, legal consultants, audit firms etc. 
  • Our business partners, agents or intermediaries who are a necessary part of the provision of our products and services (including payment card providers, other financial institutions, correspondent banks, etc.) 
  • State Tax Inspectorate 
  • Bank of Lithuania, Financial Crime Investigation Service, courts 

We may also provide your data (or allow access to your data) for our IT support service providers on case by case basis in case of specific incident resolution, e.g. customer service issue, security incident investigation, for accounting service providers, etc. 

In some cases, when we provide your personal data to third parties, those third parties may process your personal data as independent data controllers. In such cases, we are not responsible for processing of your personal data performed by such third parties. 

We may also disclose your data if required to do so by law or if we believe that such action is necessary to protect and defend the rights, property or personal safety of the Company, the Website and/or Online Banking system or its visitors. 

Some of our service providers and partners are established outside the European Union (EU) or the European Economic Area (EEA) thus in certain situations we may need to transfer your personal data outside the EU/EEA. Whenever we transfer your data to the third countries outside the EEA, we ensure that that an adequate degree of protection is afforded to your data by ensuring at least one of the following safeguards is implemented: 

  • We will only transfer your data to countries that have privacy laws that have been recognized by the country from which the data are transferred that have been deemed to provide an adequate level of protection for personal by the European Commission. 
  • We will enter into agreements, such as standard contractual clauses (SCC) and other data transfer agreements, with recipients that require them to provide the same level of protection for the data. 
  • We may seek your consent for transfers of your personal data for specific purposes. 
  • We may rely on other transfer mechanisms approved by authorities in the country from which the data are transferred. 

Service providers we engage outside the EEA are: Google LLC (Google Analytics) – data is transferred under SCC. 

WHAT ARE YOUR RIGHTS? 

As a data subject you have a number of rights in relation to your personal data. You can exercise the rights that are mentioned further by contacting us at [email protected]. 

  • The right of access – you may, at any time, request access to the personal data that we hold which relates to you and receive a copy of data that we hold about you in order to enable you to check that it is correct and to ensure that we are processing that personal data lawfully. 
  • The right to rectification– you may, at any time, request us to correct personal data that we hold about you which you believe is incorrect or inaccurate. We may ask you to verify any new data that you provide to us and may take our own steps to check that the new data you have supplied us with is right 
  • The right to erasure (“right to be forgotten”)you may also ask us to erase personal data if you do not believe that we need to continue retaining it. We are not always obliged to erase personal data when asked to do so; if, for any reason, we believe that we have a good legal ground to continue processing of your personal data that you have asked us to erase (e.g. your personal data is still processed for other legitimate purposes or we have to comply with a legal obligation or for the establishment, exercise or defense of legal claims). If personal data is erased under your request, we will only retain such copies of the information as are necessary for us to protect our or third parties’ legitimate interests, comply with governmental orders, resolve disputes, troubleshoot problems, or enforce any agreement you have entered into with us. 
  • The right to restrict processing – in those situations when processing of your personal data is based on our legitimate interest you are entitled to ask us to stop processing it in that way if you feel that our continuing to do so impacts on your fundamental rights and freedoms or if you feel that those legitimate interests are not valid. You may also ask us to stop processing your personal data in these situations: 
    1. if you dispute the accuracy of personal data we are processing and want us to verify that data’s accuracy 
    2. where it has been established that our use of the data is unlawful but you do not want us to erase it 
    3. where we no longer need to process your personal data (and would otherwise dispose of it) but you wish for us to continue storing it in order to enable you to establish, exercise or defend legal claims 
  • The right to data portability – you can ask us to provide you or transmit those data directly to another controller of your choice, where technically feasible, certain personal data that we hold about you in a structured, commonly used machine-readable format. However, you must keep in mind that you may exercise the right of data portability only on data that is processed based on your consent or on a performance of a contract between you and us and that is being processed by automated means. We can guarantee only transferring data to you in such occasions and cannot be responsible with technical compatibility of other party systems where data transfer is requested. 
  • The right to withdraw consent regarding processing of personal data – you may withdraw your given consent for processing of personal data for particular purposes at any time by informing us at email [email protected]. or following the procedure that was specified before obtaining your consent. 
  • The right to object (to automated decision making and profiling) – you have the right to be informed about the existence of any automated decision making and profiling of your personal data and where appropriate, be provided with meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing that affects you. 
  • The right to lodge a complaint with a supervisory authority – if you think that your rights have been violated, you may file a complaint to a State Data protection Inspectorate (L. Sapiegos str. 17, LT-10312 Vilnius , phones: +370 5 271 2804 / 279 1445, fax +370 261 9494, email [email protected] 

How can you exercise your rights? 

You can submit a request by sending it by mail or e-mail or by submitting it through internet banking system. The request must provide sufficient details that allow us to properly understand, evaluate, and respond to it (should be clear, include your name, information about what rights and to what extent you wish to exercise, and how you would like to receive a response and the request must be signed). If you submit your application electronically, the information will also be provided electronically, unless you request in advance to provide it in different way. 

Your request must also provide sufficient information that allows us to reasonably verify you are the person or an authorized representative of a person whose personal data we are processing. If your request is submitted by an authorized representative, a written authorization (power of attorney) and information that verifies the identity of the representative must be enclosed with the request. 

We cannot provide you with the information or exercise your other right if we cannot verify your identity. If we cannot identify you from the information provided or if we have reasonable doubts about your identity, we may request additional you to provide additional information about yourself. 

We will endeavor to process your requests and provide you with the information as soon as possible, but no later than 30 calendar days from the date of receipt of your request. If due to certain circumstances, such as the complexity of the submitted request (e.g. if it is necessary to seek the assistance of data processors) or the large number of other requests processed by the Company, the period may be extended up to two further months. In such case we will inform you of any extension within one month of the receipt of your request together with the reasons for the delay. 

Requests are processed and information and data are provided free of charge, but we reserve the right, in certain cases, to either waive your rights (where the request is unreasonable or disproportionate or repetitive), or the provision of information may be subject to charges – a reasonable fee taking into account the administrative costs of providing information or communication. 

UPDATES OF THE PRIVACY POLICY 

We may change this Privacy Policy from time to time based on changes to applicable laws and regulations or other requirements applicable to us, changes in technology, or changes to our business. Any changes we make to the Privacy Policy in the future will be posted on our Website at https://gurupay.eu/privacy-policy/. We may also notify you directly via our banking website about the changes and the effective date of the updated Privacy. We encourage you to review the information and any changes to our Privacy Policy regularly. If you continue to use our services after the effective date that will mean that you have accepted the changes. 

 

This Privacy Policy was last updated in March 2022.