UAB Guru Pay, a company incorporated and registered under the laws of Lithuania, with legal entity code 304891889, having its registered office address at A. Vivulskio 7-426, LT-03162 Vilnius, Lithuania, is the controller of your personal data. Our contact e-mail address is firstname.lastname@example.org.
Data protection officer
You may contact our data protection officer at email@example.com if you have any questions related to the processing of your data.
1. INFORMATION WE COLLECT AND HOW WE USE IT
1.1. Analytical data
We always improve our Website and user experience. Therefore, we have to know what information is most relevant to Website visitors, how often they connect, what browser and device they use, what content is mostly read, what region visitors come from, and similar demographics and statistics.
For this, we use Google Analytics tool, which lets us collect and analyse the relevant data. You can learn more about how Google Analytics works and the information it allows us to collect and analyse here. You may opt-out from the collection of data by Google Analytics, as described here.
Legal basis to collect analytical data is a necessity to perform our service to provide you with our Website and our legitimate interest to improve it.
A cookie is a small data file that the Website writes to your device when you browse it. A cookie enables the Website to remember your actions and preferences over a period, so you don’t have to keep re-entering them whenever you come back to the site or browse from one page to another.
We use session cookies to remember and identify a connection session, but these cookies do not collect your personal data and last only until you close your browser.
We also use preference cookies which allow you to choose your preferred Website display language and store these cookies on your device for up to 1 year.
You can control and/or delete cookies as you wish – for details, see http://www.youronlinechoices.com/. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. But if you do this you may have to manually adjust some preferences every time you visit the Website, while some services and functionalities may not work.
1.3. Data related to provision of services
In order for us to be able to properly provide our payment services to you, we require various types of personal data, which you either provide directly to us, or which we receive from third parties.
Personal account opening
If you wish to open a personal account, we might ask that you provide to us your basic personal details: full name, date of birth, place of birth, citizenship, ID/passport number, personal code, tax residency country, tax identification number, your (or your relatives’) status as a politically exposed person (PEP), status as an ultimate beneficial owner (UBO).
Further, we might ask that you provide to us your contact details: permanent residential address, zip code, city, country, e-mail address, and telephone number. If your residential address is different from your communication address, we further ask that you provide such mailing address details.
We also might ask for your: main purpose for opening of the account, employment status (including your position and employer’s name), source of incoming funds, and planned transactions.
Provision of personal data related to account opening is mandatory. Without this information, we will not be able to provide to you our services.
Company account opening
If you are opening a company account, we might ask for the following contact person data: full name, position, phone number, and e-mail address.
We are also might be obligated to ask for the following personal data of the company’s beneficial owner (UBO): first and last name, date of birth, place of birth, ID number and country of issue of the ID document, tax ID and tax country, citizenship, PEP status of the UBO or UBO’s relatives, occupation, source of income, residential address, postal address, e-mail address and phone number.
A person signing for the company (signatory) might need to provide their: first name, last name, date of birth, place of birth, ID number and country of issue of the ID document, tax ID and tax
country, citizenship, PEP status (or relatives’ PEP status), residential address, postal address, e-mail address, and phone number.
Third party data
In order to verify customers’ identity and to perform other obligatory “know your customer” (KYC) procedures such as checking customers’ PEP status, we rely on third party service providers.
We may receive from such third party service providers customers’ data such as: photography of face, photography of ID document, identity check status, involvement in court procedures or relevant criminal record, applicable sanctions, and status as PEP.
Legal basis to process the personal data related to provision of services is performance of a contract that we have entered into or in order to take steps at your request prior to entering into a contract between us, and compliance with various legal obligations applicable to us as providers of payment services.
2. WHO MAY SEE YOUR DATA
We may share your personal data with our trusted services providers when they provide services to us, to you on behalf of us and under our instructions. We will control and shall remain responsible for the use of your personal data at all times.
These are the categories of entities that may have access to your personal data:
• Providers of information technology services such as hosting services and other key operational systems such as banking modules;
• Providers of KYC and fraud prevention services;
• Other professional service providers such as accountants, legal consultants, audit firms etc.;
• Our business partners, agents or intermediaries who are a necessary part of the provision of our products and services;
• State Tax Inspectorate;
• Financial Crime Investigation Service, courts;
• Google LLC, which provides us with Google services such as Google Analytics. Google LLC is based in the US and certain data may be transferred outside EU. Google LLC participates in the Privacy Shield. You can learn more about Privacy Shield here – https://www.privacyshield.gov/.
In some cases, where you provide your personal data to third parties, those third parties may process your personal data as independent data controllers. In such cases, we are not responsible for processing of your personal data performed by third parties.
To protect your privacy, we urge you to carefully read privacy notices of any such third parties, even if you access their services by following links placed on our Website or if third party systems are integrated in our Website.
3. HOW LONG DO WE STORE YOUR DATA
Data collected via Website analytics will be stored for up to 1 year in an identifiable state.
Other personal data may be stored for as long as the payment account is opened and for 10 years thereafter.
Personal Data collected for the implementation of the obligations under the Law of Money Laundering and Terrorist Financing Prevention is stored for 8 (eight) years. The retention period may be extended for a period not exceeding 2 (two) years, provided there is a reasoned request from a competent authority.
In some cases, personal data may be stored for a longer period if storage of personal data is required in order to protect our or any third parties’ legitimate interests, e.g. in case of a legal dispute, or if we are obligated to do so by law.
4. YOUR RIGHTS
By contacting us at firstname.lastname@example.org you may exercise your rights as the data subject, including the following:
• The right to request rectification of your personal data;
• The right to request erasure of your personal data. If personal data is erased under your request, we will only retain such copies of the information as are necessary for us to protect our or third parties’ legitimate interests, comply with governmental orders, resolve disputes, troubleshoot problems, or enforce any agreement you have entered into with us;
• The right to data portability.
In some cases you may have a right to request restriction of processing of your personal data or to object to processing of your personal data.
If you think there is a problem with the way we are handling your personal data, you have a right to file in a complaint to your national data protection authority in the EU/EEA. In Lithuania, that is the State Data Protection Inspectorate. You can find contact details of the State Data Protection Inspection here: https://vdai.lrv.lt/en/.