At UAB “deVere E-Money” (“deVere”, “the Company”, “we” or “us”), we are dedicated to safeguarding and preserving your privacy when using our Services or communicating electronically with us.

This Privacy Policy, together with our terms of use, (“Policy”), provides an explanation as to what happens to any personal data that you provide the Company, or that we collect from you or other sources whilst using our Services on our mobile application deVere Vault (“App”), our websites https://www.devere-emoney.com/, https://devere-vault.com (“Website”), with prepaid multicurrency MasterCard card and other online products and non-banking services (“Services”), that enable you to convert currency and make payments swiftly and in a cost-effective manner. You may choose not to provide any information to us, in which case, the Company may be unable to provide its Services to you; services such as, receiving money, sending money and exchanging currency etc.

The Company code is 304469514, the address is Technopolis Delta, J. Balčikonio str. 9 LT- 08314, Vilnius, Lithuania. The Company is the electronic money institution, authorized and regulated by the Lithuanian supervisory authority – Bank of Lithuania. The license of the Company and all activities covered by it can be checked here: https://www.lb.lt/en/enforcement-measures-1/view_license?id=403

All activities of the Company are regulated by the applicable laws related to the electronic money, including, but not limited to the legal acts related to the financial institutions and financial services.

The Company is collecting and using the personal data (hereinafter – “Personal data”) of its potential, existing and/or former customers, customer’s employee or other parties, e.g. beneficial owners, authorised representatives, business partners, other associated parties and/or person contacting us using e–mail or other communication measures (hereinafter – “Customers” or “you”), the Company is obligated to use and process the Personal data of the Customers only in accordance with this Policy and the applicable legal acts which regulate the protection of Personal data, including the General Data Protection Regulation (2016/679) (hereinafter – GDPR), the Law on Money Laundering and Terrorist Financing Prevention of the Republic of Lithuania, Law on Legal protection of personal data of the Republic of Lithuania and other applicable legal acts.

The Company updates this Policy from time to time, therefore please do review this Policy regularly. Any changes and clarifications will take effect immediately on the date on which we post the modified terms on our Website.

Principles

Managing Personal Data

The Company commits to comply with the provisions of the Law on Legal Protection of Personal Data of the Republic of Lithuania and all of the other Laws and/or legal acts that are applicable, as well as the Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter – Regulation 2016/679) and all other legal acts of the European Union acts that are applicable in accordance with the Personal data protection regulations that are applicable for the specific country in which the services are provided.

The Company manages personal data in observance of the following principles:

1. Processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
2. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; (‘purpose limitation’);
3. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimization’);
4. Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
5. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; (‘storage limitation’);
6. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (‘integrity and confidentiality’).

Information

When providing its Services or communicating electronically with you, the Company collects and processes certain data about you. This information may be provided to us by yourself, or we may collect information about you from you or other sources, as described below.

Information you provide

When using the Company’s Services, by law the Company is required to verify your identity. Therefore, you will be asked to provide certain information. Depending on which of our Services you will be making use of, you may be asked to provide the following information, including but not limited to:

1. Basic Personal data: name, surname, job title, etc.;
2. Identification information and other background verification data (your, or your representatives’ and, ultimate beneficiary owner’s): Name, surname, personal identity code, date of birth, country of birth, address, nationality, citizenship, gender, passport or ID card copy and its details (e.g. type, number, issuance place and date, expiry date, signature), evidence of beneficial ownership or the source of funds (funds for account opening or transactions, occupation/employment information), source of wealth (information on how wealth was obtained), tax information (tax residence, tax identification number), number of shares held, voting rights or share capital part, title, visually scanned or photographed image of your face or image that you provide through a mobile or desktop camera while using our identification application, video and audio recordings for identification.
3. Transaction data: transactional data (e.g. beneficiary details, amount and currency of transactions), IBAN, debit card number, etc.);
4. Information related to legal requirements – Data resulting from enquiries made by the authorities, data that enables us to perform anti-money laundering requirements and ensure the compliance with international sanctions, including the purpose of the business relationship and whether you are a politically exposed person and other data that is required to be processed by us in order to comply with the legal obligation to “know your client”.
5. Contact information: name, postal address, e-mail address, and telephone number, etc.
6. Special category data- Biometrical data.

Use of Your Information

Direct Marketing

Due to the respect of your rights granted to you as data subject, please find the information how use your data for direct marketing purposes.

As a deVere E-Money client, we will provide you with information on products and services that we offer, or a new promotion that we’re running that is related to your Vault account. These communications may be via email or in-app message, which can be viewed in the notification centre. The only information we will use to contact you is that which you provided when first signing up for Vault, that is, your First name and Email Address. If you do not want to receive these messages from deVere E-Money, you can opt out at any time by navigating to the Vault app > Settings > Contact Preferences.

We provide a clear, free-of-charge and easily realisable possibility for you at any time not to give your consent or to withdraw your given consent for sending proposals put forward by us. We shall state in each notification sent by e-mail that you are entitled to object to the processing of the Personal Data or refuse to receive notifications from us. You shall be entitled to refuse to receive notifications from us by clicking on the respective link in each e-mail notification.

Please be informed that the Company is part of the wider deVere Group of Companies and you may at any time request to receive marketing emails and/or calls about products and services that they offer. The list of the deVere Group of Companies are publicly available here: https://www.devere-group.com/globalpresence/. If you wish to receive such marketing emails and/or calls about products and services, please choose the “opt-in” within the Vault app > Settings > Contact Preferences. Only in case you choose to receive direct marketing e-mails or calls about the services and products that deVere Group of Companies are offering, the Company will share with them your First name and Email Address and/or telephone number. Please note that neither the Company, nor the deVere Group of Companies share your personal data with third-party organizations. You can stop receiving of marketing emails and/or calls from deVere Group of Companies by “opting-out” at any time by navigating to the Vault app > Settings > Preferences.

Please note that if you do not agree to receive these marketing messages and / or calls offered by us or deVere Group Companies, this will not apply to Personal data provided to the Company as a result of the using of the services of the Company.

Our identification tools

In order to perform your identity verification, the Company is using the services provided by our partner HELLOSODA UK. The Service Provider takes the photo images or video records of your face and your ID document that you provide through a mobile application or a dedicated website using the camera. For more information on HELLOSODA please read its Privacy Policy https://hellosoda.com/privacy-policy/.

HELLOSODA solution is used for comparing live photographic data or video record of yourself and your ID document, to comply with legal obligations (e. g. implementation of the obligations under the Law on Money Laundering and Terrorist Financing Prevention of the Republic of Lithuania and other fraud and crime prevention purposes) and risk management obligations.

The result of the face similarity (match or mismatch) will be retained for as long as it is necessary to carry out verification and for the period required by anti-money laundering laws.

The Company ensures that your face similarity check is a process of comparing data acquired at the time of the verification, i. e. this is a one-time user authorization by comparing person’s photos to each other. Your facial template is not created, recorded or stored. It is not possible to regenerate the raw data from retained information.

This process shall allow us to verify your identity more precisely and make the process quicker and easier to execute. If you do not feel comfortable with this identification method you may contact us by email [email protected] for an alternative way to identify yourself.

Ways of obtaining your Personal Data

The Company collect your personal data when you:

• Fill in any forms;
• Use our services;
• Use our App;
• Correspond with us;
• Contact us for other reasons.

We also collect personal information about you from third parties, mainly:

• when it is provided to us by a third party which is connected to you and/or is dealing with us, for example, business partners, sub–contractors, service providers, merchants and etc.;
• third party sources, for example, register held by governmental agencies or where we collect information about you to assist with “know your client” check-ups as part of our customer acceptance procedures such as sanctions list, politically exposed persons list and etc.;
• from banks and/or other finance institutions in case the Personal data is received while executing payment operations;
• from publicly available sources – we may, for example, use sources (such as public websites, open government databases or other data in the public domain) to help us maintain data accuracy, provide and enhance our services;
• from other entities in the deVere Group or other entities which we collaborate with.

Children’s Privacy

deVere does not knowingly collect or solicit any information from any individual under the age of 18 without parental or guardian consent. We do not direct any of our business practices or system outputs towards children under the age of 18.

If we are notified or have any other reason to believe that we have collected personal information from or about a child under the age of 18, deVere will promptly delete the information and any account associated with that information. If you are a parent or guardian and you believe deVere has information from or about your child under 18 years of age, please contact us.

Automated Decision Making

In some cases, we may use automated decision-making which refers to a decision which is taken solely on the basis of automated processing of your Personal data.

Automated decision-making refers to the processing using, for example, software code or an algorithm, which does not require human intervention. When using automated decision-making, we will provide you with further information about the logic involved, as well as the significance and the envisaged consequences to you.

Please be informed that you can request a manual review of the accuracy of an automated decision in case you are not satisfied with it and you have the right not to be subject to a decision based solely on such automated processing.

Retaining Your Personal Data

Please be informed that your Personal data is stored for no longer period than it is necessary for the purposes for which it was collected or for the period set forth by applicable laws.

If the legislation of the Republic of Lithuania does not provide any period of retention of Personal Data, this period shall be determined by us, taking into account the legitimate purpose of the data retention, the legal basis and the principles of lawful processing of Personal Data.

The terms of data retention of the Personal data for the purposes of the processing of the Personal data as defined in this Privacy Policy are the following:

1. we retain your Personal data as long as your consent remains in force if there are no other legal requirements which shall be fulfilled concerning Personal data’s processing;
2. in case of the conclusion and execution of agreements – we retain your Personal Data until the agreement concluded between you and us remains in force and up to 10 years after the contractual relationship between you and us has ended;
3. your Personal data which has been collected in order to fulfill the obligations under the Law on Money Laundering and Terrorist Financing Prevention in a proper way shall be stored in accordance with the provisions of Law on Prevention of Money Laundering and Terrorist Financing of the Republic of Lithuania, mainly – up to 8 (eight) years. The aforementioned period may be extended for a period not exceeding 2 (two) years, provided there is a reasoned request from a competent authority;
4. your Personal data which has been submitted by you through our Website is kept for a period which is necessary for the fulfillment of your request and to maintain further cooperation, but no longer than 6 months after the last day of the communication, in case there are no legal requirements to keep them longer.

In the situations when the terms of data-keeping are stated in the legislative regulations, the legislative regulations shall be applied.

Please also be informed that under some circumstances, your Personal Data might be stored longer, mainly:

1. in case it is necessary in order for us to defend ourselves against claims, demands or action and in order to exercise our rights in a proper way;
2. in case there is a reasonable suspicion of an unlawful act that is being investigated;
3. in case your Personal Data is necessary for the proper resolution of a dispute/complaint;
4. under other statutory grounds.

Personal Data Transfer

We may transfer data that we collect from you to locations inside of the European Union and European Economic Area for processing and storing. Also, it may be processed by staff operating inside the European Union and European Economic Area who work for us or for one of our partners, acting and processing data on behalf of deVere according to the data processing agreements signed between the parties. The Company will take all reasonable steps to make sure that your data is treated securely and in agreement with this Privacy Policy.

Data that is provided to us is stored on our secure servers. Details relating to any transactions entered on our Website / App will be encrypted to ensure its safety.

The transmission of information via the internet is not completely secure and hence the Company cannot guarantee the security of data sent to us electronically and transmission of such data is therefore entirely at your own risk. Where we have given you (or where you have chosen) a password so that you can access certain parts of our site, you are responsible for keeping this password confidential.

Disclosing Your Information

We may disclose and/or transfer your Personal data only in accordance with legal regulations and the principles of confidentiality to the following categories of recipients:

1. the deVere Group, our external partner companies, agents or intermediaries who are a necessary part of the provision of our products and services;
2. external service providers that helps us to provide service for you;
3. third parties where we have a duty to or are permitted to disclose your personal information by law, mainly: governmental bodies and/or supervisory authorities (in accordance with the requirements and obligations under the provisions of legal acts concerning anti-money laundering, fraud prevention, counter terrorist financing), credit, financial, payment and/or other electronic money institutions, pre-trial investigation institutions, the State Tax Inspectorate;
4. third parties where reasonably required to protect our rights, systems and services, mainly: lawyers, bailiffs, auditors etc.;
5. service providers such as: cloud storage/servers providers, card issuing institutions, identification and verification service providers, other service providers with which we have concluded service provision agreements (e.g. companies providing services for money laundering, politically exposed persons and terrorist financing check-up, other fraud and crime preventions) or when mentioned sharing is mandatory according to applicable laws;
6. beneficiaries of transaction funds receiving the information in payment statements together with the funds of the transaction;
7. other entities that have a legitimate interest or the Personal data may be shared with them under the contract which is concluded between you and us.

The Company may disclose your personal information to third parties, including but not limited:

1. Where the Company sells any or all of its business and/or our assets to a third party (merger, acquisition etc.);
2. Where we are legally required to disclose your information;
3. To assist fraud protection and minimise credit risk, to protect our rights and legitimate interests, protect safety of any person, prevent misuses, security or technical issues, or respond to authorities’ requests.

Third Party Links

You might find links to third party websites on our Website. These websites should have their own privacy policies which you should check. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.

Security of Your Personal Information

We have technical, administrative and physical safeguards in place to help protect against unauthorized access to, use or disclosure of your information we collect or store. Our employees are trained on the importance of protecting privacy and on the proper access to, use and disclosure of customer information. Under our practices and policies, access to sensitive personally identifiable information is authorized only for those who have a business need for such access.

Although we work hard to protect your personal information that we collect and store, no program is 100% secure and we cannot guarantee that our safeguards will prevent every unauthorized attempt to access, use or disclose personal information.

We will inform you of any breach of personal data within the term set forth by the applicable law, when the Personal data breach is likely to result in a high risk to your rights and freedoms.

The rights granted to you as the data subject

You, as a data subject, shall have the right to:

1. know/be informed about the processing of your Personal data, have access to your Personal data and familiarise you with the processing method;

   You have the right to get information about which Personal data concerning you we process. However, this right may be restricted by legislation, protection of other persons’ privacy and consideration for the Company’s business concept and business practices. The Company’s know-how, business secrets as well as internal assessments and material may restrict your right of access.

2. rectification of incorrect or incomplete data;

   If it turns out that we process Personal data about you that is inaccurate, you have the right to request a rectification of the Personal data. You can also request to have incomplete Personal data about you completed.

3. have any or all of your Personal data erased;

   You have the right to have any or all of your Personal data erased. Provided we do not have any continuing lawful reason to continue processing or holding your Personal data, we will make reasonable efforts to comply with your request. In certain cases, we cannot erase all of your Personal data. In such case this would be due to the fact that we need to store your Personal data due to a contractual relationship or law.

4. restriction of processing of your Personal data;

   You may also ask us to restrict processing your Personal data for a period of time. This can pertain, for example, to a situation where you believe it is unlawful for us to do so and/or data about you is inaccurate and we need to verify it. It can also pertain to a situation where you object to processing that we base on a legitimate interest. In such case we must verify if our grounds override yours.

5. object to any use of your Personal data which is based on the legitimate interests;

   Where we rely on our legitimate interests as the legal basis for processing your Personal data, you have the right to object to us using your Personal data, unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights.

6. Personal data portability;

   In certain situations you can ask us to transfer your Personal data to another data controller or provide directly to you in a convenient format (NOTE: applicable to Personal data which is provided by you and which is processed by automated means on the basis of consent or on the basis of conclusion and performance of the agreement).

7. withdraw your consent;

   In certain situations, where we rely on your consent as the legal basis for processing your Personal data, you may withdraw your consent at any time. In case you withdraw your consent, we will stop that particular processing, when the processing is based on such consent. However, if you withdraw your consent, our use of your Personal data before you withdraw remains lawful;

8. lodge a complaint with a supervisory authority;

   In case you consider that our processing of your Personal data is processed in a way that violates your rights and legitimate interests stipulated by applicable legislation, you may lodge a complaint with a supervisory authority – the State Data Protection Inspectorate. You may apply in accordance with the procedures for handling complaints that are established by the State Data Protection Inspectorate and which may be found on the website: https://vdai.lrv.lt/en/

We will exercise the required rights only after we receive your written request to exercise a particular right indicated above and only after confirming the validity of your identity.

If you require the rights mentioned above please contact us at [email protected].

Your requests shall be fulfilled or fulfilment of your requests shall be refused by specifying the reasons for such refusal within 30 (thirty) calendar days from the date of submission of the request meeting our internal rules and GDPR. The afore-mentioned time frame may be extended for 30 (thirty) calendar days by giving a prior notice to you if the request is related to a great scope of Personal data or other simultaneously examined requests.

The Company must provide conditions to you to exercise the rights specified above, with the exceptions of cases provided by law when it is necessary to ensure:

1. state security or defence;
2. public order, the prevention, investigation, detection and prosecution of criminal offence;
3. important economic or financial interests of the state;
4. prevention, investigation, detection of breaches of official or professional ethics;
5. protection of rights and freedoms of the data subject or any other persons.

The Company also ensures all other rights, guarantees and interests of the Data subjects guaranteed by GDPR and other legal acts of the Republic of Lithuania.

Use of Cookies

If you access any information or services through the Company’s Website, you should be aware that the Company uses cookies which are small text files that are placed on your computer or mobile device when you visit a Company’s Website, containing some information connected with your usage of the Website.

For more information on how to control your cookies settings and browser settings or how to delete cookies on your hard drive, please read the Cookies Policy which is available on the Company’s Website: https://www.devere-emoney.com/cookies-policy.

Personal data protection officer

The Company has appointed a data protection officer (hereinafter the Officer). The appointed person may be reached at [email protected].

Contacting Us

If you have any questions or concerns about our Policy or data processing or if you would like to make a complaint about a possible breach of privacy laws, please contact us at [email protected].

When a privacy question or access/download request is received we have a dedicated team which triages the contacts and seeks to address the specific concern or query which you are seeking to raise. Where your issue may be more substantive in nature, more information may be sought from you. All such substantive contacts receive a response. If you are unsatisfied with the reply received, you may refer your complaint to the supervisory authority or to the competent court. If you ask us, we will endeavor to provide you with information about relevant complaint avenues which may be applicable to your circumstances.

If you have any questions or concerns about our Policy or data processing or if you would like to make a complaint about a possible breach of privacy laws, please contact us at [email protected].

When a privacy question or access/download request is received we have a dedicated team which triages the contacts and seeks to address the specific concern or query which you are seeking to raise. Where your issue may be more substantive in nature, more information may be sought from you. All such substantive contacts receive a response. If you are unsatisfied with the reply received, you may refer your complaint to the supervisory authority or to the competent court. If you ask us, we will endeavor to provide you with information about relevant complaint avenues which may be applicable to your circumstances.