Privacy Policy

GURU PAY WEBSITE PRIVACY POLICY

This Privacy Policy describes how we use and with whom we share your personal data, which we collect when you browse our gurupay.eu website (Website), use our services, or when you choose to contact us or provide us with your personal data through the Website.

You will also find important information about your privacy rights, so please read the Privacy Policy carefully. If you provide personal data on behalf of someone else, you are required to inform them about the processing of their data and to refer them to this Privacy Policy.

Definitions

For the purposes of the Privacy Policy, definitions are used as defined in the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR).

Data controller

UAB Guru Pay, a company incorporated and registered under the laws of Lithuania, with legal entity code 304891889, having its registered office address at A. Vivulskio 7-426, LT-03162 Vilnius, Lithuania, is the controller of your personal data. Our contact e-mail address is info@gurupay.eu.

Data protection officer

You may contact our data protection officer at dpo@gurupay.eu if you have any questions related to the processing of your data.

1. INFORMATION WE COLLECT AND HOW WE USE IT

1.1. Analytical data

We always improve our Website and user experience. Therefore, we have to know what information is most relevant to Website visitors, how often they connect, what browser and device they use, what content is mostly read, what region visitors come from, and similar demographics and statistics.

For this, we use Google Analytics tool, which lets us collect and analyse the relevant data. You can learn more about how Google Analytics works and the information it allows us to collect and analyse here. You may opt-out from the collection of data by Google Analytics, as described here.

Legal basis to collect analytical data is a necessity to perform our service to provide you with our Website and our legitimate interest to improve it.

1.2. Cookies

A cookie is a small data file that the Website writes to your device when you browse it. A cookie enables the Website to remember your actions and preferences over a period, so you don’t have to keep re-entering them whenever you come back to the site or browse from one page to another.

We use session cookies to remember and identify a connection session, but these cookies do not collect your personal data and last only until you close your browser.

We also use preference cookies which allow you to choose your preferred Website display language and store these cookies on your device for up to 1 year.

Cookies are placed on your device only if you provide your consent, unless cookies are required for the strictly technical functioning of the Website. However, note that if you do not consent to the use of cookies, certain functions of the Website may not function properly or may not function at all.

The legal basis for the use of cookies is our legitimate interest in ensuring the technical functionality of the Website. When cookies are used to remember your choices or for statistical purposes, the legal basis is your consent.

You can control and/or delete cookies as you wish – for details, see http://www.youronlinechoices.com/. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. But if you do this you may have to manually adjust some preferences every time you visit the Website, while some services and functionalities may not work.

1.3. Data related to provision of services

In order for us to be able to properly provide our payment services to you, we require various types of personal data, which you either provide directly to us, or which we receive from third parties.

Personal account opening

If you wish to open a personal account, we might ask that you provide to us your basic personal details: full name, date of birth, place of birth, citizenship, ID/passport number, personal code, tax residency country, tax identification number, your (or your relatives’) status as a politically exposed person (PEP), status as an ultimate beneficial owner (UBO).

Further, we might ask that you provide to us your contact details: permanent residential address, zip code, city, country, e-mail address, and telephone number. If your residential address is different from your communication address, we further ask that you provide such mailing address details.

We also might ask for your: main purpose for opening of the account, employment status (including your position and employer’s name), source of incoming funds, and planned transactions.

Provision of personal data related to account opening is mandatory. Without this information, we will not be able to provide to you our services.

Company account opening

If you are opening a company account, we might ask for the following contact person data: full name, position, phone number, and e-mail address.

We are also might be obligated to ask for the following personal data of the company’s beneficial owner (UBO): first and last name, date of birth, place of birth, ID number and country of issue of the ID document, tax ID and tax country, citizenship, PEP status of the UBO or UBO’s relatives, occupation, source of income, residential address, postal address, e-mail address and phone number.

A person signing for the company (signatory) might need to provide their: first name, last name, date of birth, place of birth, ID number and country of issue of the ID document, tax ID and tax

country, citizenship, PEP status (or relatives’ PEP status), residential address, postal address, e-mail address, and phone number.

Third party data

In order to verify customers’ identity and to perform other obligatory “know your customer” (KYC) procedures such as checking customers’ PEP status, we rely on third party service providers.

We may receive from such third party service providers customers’ data such as: photography of face, photography of ID document, identity check status, involvement in court procedures or relevant criminal record, applicable sanctions, and status as PEP.

Legal basis to process the personal data related to provision of services is performance of a contract that we have entered into or in order to take steps at your request prior to entering into a contract between us, and compliance with various legal obligations applicable to us as providers of payment services.

2. WHO MAY SEE YOUR DATA

We may share your personal data with our trusted services providers when they provide services to us, to you on behalf of us and under our instructions. We will control and shall remain responsible for the use of your personal data at all times.

These are the categories of entities that may have access to your personal data:

• Providers of information technology services such as hosting services and other key operational systems such as banking modules;

• Providers of KYC and fraud prevention services;

• Other professional service providers such as accountants, legal consultants, audit firms etc.;

• Our business partners, agents or intermediaries who are a necessary part of the provision of our products and services;

• State Tax Inspectorate;

• Financial Crime Investigation Service, courts;

• Google LLC, which provides us with Google services such as Google Analytics. Google LLC is based in the US and certain data may be transferred outside EU. Google LLC participates in the Privacy Shield. You can learn more about Privacy Shield here – https://www.privacyshield.gov/.

In some cases, where you provide your personal data to third parties, those third parties may process your personal data as independent data controllers. In such cases, we are not responsible for processing of your personal data performed by third parties.

To protect your privacy, we urge you to carefully read privacy notices of any such third parties, even if you access their services by following links placed on our Website or if third party systems are integrated in our Website.

3. HOW LONG DO WE STORE YOUR DATA

Data collected via Website analytics will be stored for up to 1 year in an identifiable state.

Other personal data may be stored for as long as the payment account is opened and for 10 years thereafter.

Personal Data collected for the implementation of the obligations under the Law of Money Laundering and Terrorist Financing Prevention is stored for 8 (eight) years. The retention period may be extended for a period not exceeding 2 (two) years, provided there is a reasoned request from a competent authority.

In some cases, personal data may be stored for a longer period if storage of personal data is required in order to protect our or any third parties’ legitimate interests, e.g. in case of a legal dispute, or if we are obligated to do so by law.

4. YOUR RIGHTS

By contacting us at info@gurupay.eu you may exercise your rights as the data subject, including the following:

• The right to request access to your personal data. You may access, correct, update, change or remove your personal data at any time. However, please note that certain information is strictly necessary in order to fulfil the purposes defined in this Privacy Policy and may also be required by law. Thus, you may not remove such personal data;

• The right to request rectification of your personal data;

• The right to request erasure of your personal data. If personal data is erased under your request, we will only retain such copies of the information as are necessary for us to protect our or third parties’ legitimate interests, comply with governmental orders, resolve disputes, troubleshoot problems, or enforce any agreement you have entered into with us;

• The right to data portability.

In some cases you may have a right to request restriction of processing of your personal data or to object to processing of your personal data.

If you think there is a problem with the way we are handling your personal data, you have a right to file in a complaint to your national data protection authority in the EU/EEA. In Lithuania, that is the State Data Protection Inspectorate. You can find contact details of the State Data Protection Inspection here: https://vdai.lrv.lt/en/.

We regularly review this Privacy Policy and reserve the right to modify it at any time in accordance with applicable laws and regulations. Any changes and clarifications will take effect immediately upon their publication on our Website. Please review this Privacy Policy from time to time to stay updated on any changes.