Introduction
At UAB “deVere E-Money” (“deVere”, “the Company”, “we” or “us”), we are dedicated to safeguarding and preserving your privacy when using our Services or communicating electronically with us.
This Privacy Policy, together with our terms of use, (“Policy”), provides an explanation as to what happens to any personal data that you provide the Company, or that we collect from you or other sources whilst using our Services on our mobile application deVere Vault (“App”), our websites https://www.devere-emoney.com/, https://devere-vault.com (“Website”), with prepaid multicurrency MasterCard card and other online products and non-banking services (“Services”), that enable you to convert currency and make payments swiftly and in a cost-effective manner. You may choose not to provide any information to us, in which case, the Company may be unable to provide its Services to you; services such as, receiving money, sending money and exchanging currency etc.
The Company code is 304469514, the address is Technopolis Delta, J. Balčikonio str. 9 LT- 08314, Vilnius, Lithuania. The Company is the electronic money institution, authorized and regulated by the Lithuanian supervisory authority – Bank of Lithuania. The license of the Company and all activities covered by it can be checked here: https://www.lb.lt/en/enforcement-measures-1/view_license?id=403
All activities of the Company are regulated by the applicable laws related to the electronic money, including, but not limited to the legal acts related to the financial institutions and financial services.
The Company is collecting and using the personal data (hereinafter – “Personal data”) of its potential, existing and/or former customers, customer’s employee or other parties, e.g. beneficial owners, authorised representatives, business partners, other associated parties and/or person contacting us using e–mail or other communication measures (hereinafter – “Customers” or “you”), the Company is obligated to use and process the Personal data of the Customers only in accordance with this Policy and the applicable legal acts which regulate the protection of Personal data, including the General Data Protection Regulation (2016/679) (hereinafter – GDPR), the Law on Money Laundering and Terrorist Financing Prevention of the Republic of Lithuania, Law on Legal protection of personal data of the Republic of Lithuania and other applicable legal acts.
The Company updates this Policy from time to time, therefore please do review this Policy regularly. Any changes and clarifications will take effect immediately on the date on which we post the modified terms on our Website.
Principles
Managing Personal Data
The Company commits to comply with the provisions of the Law on Legal Protection of Personal Data of the Republic of Lithuania and all of the other Laws and/or legal acts that are applicable, as well as the Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter – Regulation 2016/679) and all other legal acts of the European Union acts that are applicable in accordance with the Personal data protection regulations that are applicable for the specific country in which the services are provided.
The Company manages personal data in observance of the following principles:
Information
When providing its Services or communicating electronically with you, the Company collects and processes certain data about you. This information may be provided to us by yourself, or we may collect information about you from you or other sources, as described below.
Information you provide
When using the Company’s Services, by law the Company is required to verify your identity. Therefore, you will be asked to provide certain information. Depending on which of our Services you will be making use of, you may be asked to provide the following information, including but not limited to:
Use of Your Information
Purpose | Legal basis | Categories of personal data |
---|---|---|
For the conclusion of the contract or for performance of measures at your request prior the conclusion of the contract. |
|
|
For the fulfilment of the contract concluded with you, including but not limited to the provision of the Services. |
|
|
To comply with legal obligations (e. g. implementation of the obligations under the Law on Money Laundering and Terrorist Financing Prevention of the Republic of Lithuania and other fraud and crime prevention purposes) and risk management obligations. |
|
|
For remote identification of your personal identity |
|
|
To prevent, limit and investigate any misuse or unlawful use or disturbance of the Services or to establish, exercising and defend legal claims. |
|
|
To provide an answer when you contact us through our website or other communication measures. |
|
|
In operating our Site or App and providing Services to you. |
|
|
Direct Marketing
Due to the respect of your rights granted to you as data subject, please find the information how use your data for direct marketing purposes.
As a deVere E-Money client, we will provide you with information on products and services that we offer, or a new promotion that we’re running that is related to your Vault account. These communications may be via email or in-app message, which can be viewed in the notification centre. The only information we will use to contact you is that which you provided when first signing up for Vault, that is, your First name and Email Address. If you do not want to receive these messages from deVere E-Money, you can opt out at any time by navigating to the Vault app > Settings > Contact Preferences.
We provide a clear, free-of-charge and easily realisable possibility for you at any time not to give your consent or to withdraw your given consent for sending proposals put forward by us. We shall state in each notification sent by e-mail that you are entitled to object to the processing of the Personal Data or refuse to receive notifications from us. You shall be entitled to refuse to receive notifications from us by clicking on the respective link in each e-mail notification.
Please be informed that the Company is part of the wider deVere Group of Companies and you may at any time request to receive marketing emails and/or calls about products and services that they offer. The list of the deVere Group of Companies are publicly available here: https://www.devere-group.com/globalpresence/. If you wish to receive such marketing emails and/or calls about products and services, please choose the “opt-in” within the Vault app > Settings > Contact Preferences. Only in case you choose to receive direct marketing e-mails or calls about the services and products that deVere Group of Companies are offering, the Company will share with them your First name and Email Address and/or telephone number. Please note that neither the Company, nor the deVere Group of Companies share your personal data with third-party organizations. You can stop receiving of marketing emails and/or calls from deVere Group of Companies by “opting-out” at any time by navigating to the Vault app > Settings > Preferences.
Please note that if you do not agree to receive these marketing messages and / or calls offered by us or deVere Group Companies, this will not apply to Personal data provided to the Company as a result of the using of the services of the Company.
Our identification tools
In order to perform your identity verification, the Company is using the services provided by our partner HELLOSODA UK. The Service Provider takes the photo images or video records of your face and your ID document that you provide through a mobile application or a dedicated website using the camera. For more information on HELLOSODA please read its Privacy Policy https://hellosoda.com/privacy-policy/.
HELLOSODA solution is used for comparing live photographic data or video record of yourself and your ID document, to comply with legal obligations (e. g. implementation of the obligations under the Law on Money Laundering and Terrorist Financing Prevention of the Republic of Lithuania and other fraud and crime prevention purposes) and risk management obligations.
The result of the face similarity (match or mismatch) will be retained for as long as it is necessary to carry out verification and for the period required by anti-money laundering laws.
The Company ensures that your face similarity check is a process of comparing data acquired at the time of the verification, i. e. this is a one-time user authorization by comparing person’s photos to each other. Your facial template is not created, recorded or stored. It is not possible to regenerate the raw data from retained information.
This process shall allow us to verify your identity more precisely and make the process quicker and easier to execute. If you do not feel comfortable with this identification method you may contact us by email [email protected] for an alternative way to identify yourself.
Ways of obtaining your Personal Data
The Company collect your personal data when you:
We also collect personal information about you from third parties, mainly:
Children’s Privacy
deVere does not knowingly collect or solicit any information from any individual under the age of 18 without parental or guardian consent. We do not direct any of our business practices or system outputs towards children under the age of 18.
If we are notified or have any other reason to believe that we have collected personal information from or about a child under the age of 18, deVere will promptly delete the information and any account associated with that information. If you are a parent or guardian and you believe deVere has information from or about your child under 18 years of age, please contact us.
Automated Decision Making
In some cases, we may use automated decision-making which refers to a decision which is taken solely on the basis of automated processing of your Personal data.
Automated decision-making refers to the processing using, for example, software code or an algorithm, which does not require human intervention. When using automated decision-making, we will provide you with further information about the logic involved, as well as the significance and the envisaged consequences to you.
Please be informed that you can request a manual review of the accuracy of an automated decision in case you are not satisfied with it and you have the right not to be subject to a decision based solely on such automated processing.
Retaining Your Personal Data
Please be informed that your Personal data is stored for no longer period than it is necessary for the purposes for which it was collected or for the period set forth by applicable laws.
If the legislation of the Republic of Lithuania does not provide any period of retention of Personal Data, this period shall be determined by us, taking into account the legitimate purpose of the data retention, the legal basis and the principles of lawful processing of Personal Data.
The terms of data retention of the Personal data for the purposes of the processing of the Personal data as defined in this Privacy Policy are the following:
In the situations when the terms of data-keeping are stated in the legislative regulations, the legislative regulations shall be applied.
Please also be informed that under some circumstances, your Personal Data might be stored longer, mainly:
Personal Data Transfer
We may transfer data that we collect from you to locations inside of the European Union and European Economic Area for processing and storing. Also, it may be processed by staff operating inside the European Union and European Economic Area who work for us or for one of our partners, acting and processing data on behalf of deVere according to the data processing agreements signed between the parties. The Company will take all reasonable steps to make sure that your data is treated securely and in agreement with this Privacy Policy.
Data that is provided to us is stored on our secure servers. Details relating to any transactions entered on our Website / App will be encrypted to ensure its safety.
The transmission of information via the internet is not completely secure and hence the Company cannot guarantee the security of data sent to us electronically and transmission of such data is therefore entirely at your own risk. Where we have given you (or where you have chosen) a password so that you can access certain parts of our site, you are responsible for keeping this password confidential.
Disclosing Your Information
We may disclose and/or transfer your Personal data only in accordance with legal regulations and the principles of confidentiality to the following categories of recipients:
The Company may disclose your personal information to third parties, including but not limited:
Third Party Links
You might find links to third party websites on our Website. These websites should have their own privacy policies which you should check. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.
Security of Your Personal Information
We have technical, administrative and physical safeguards in place to help protect against unauthorized access to, use or disclosure of your information we collect or store. Our employees are trained on the importance of protecting privacy and on the proper access to, use and disclosure of customer information. Under our practices and policies, access to sensitive personally identifiable information is authorized only for those who have a business need for such access.
Although we work hard to protect your personal information that we collect and store, no program is 100% secure and we cannot guarantee that our safeguards will prevent every unauthorized attempt to access, use or disclose personal information.
We will inform you of any breach of personal data within the term set forth by the applicable law, when the Personal data breach is likely to result in a high risk to your rights and freedoms.
The rights granted to you as the data subject
You, as a data subject, shall have the right to:
You have the right to get information about which Personal data concerning you we process. However, this right may be restricted by legislation, protection of other persons’ privacy and consideration for the Company’s business concept and business practices. The Company’s know-how, business secrets as well as internal assessments and material may restrict your right of access.
If it turns out that we process Personal data about you that is inaccurate, you have the right to request a rectification of the Personal data. You can also request to have incomplete Personal data about you completed.
You have the right to have any or all of your Personal data erased. Provided we do not have any continuing lawful reason to continue processing or holding your Personal data, we will make reasonable efforts to comply with your request. In certain cases, we cannot erase all of your Personal data. In such case this would be due to the fact that we need to store your Personal data due to a contractual relationship or law.
You may also ask us to restrict processing your Personal data for a period of time. This can pertain, for example, to a situation where you believe it is unlawful for us to do so and/or data about you is inaccurate and we need to verify it. It can also pertain to a situation where you object to processing that we base on a legitimate interest. In such case we must verify if our grounds override yours.
Where we rely on our legitimate interests as the legal basis for processing your Personal data, you have the right to object to us using your Personal data, unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights.
In certain situations you can ask us to transfer your Personal data to another data controller or provide directly to you in a convenient format (NOTE: applicable to Personal data which is provided by you and which is processed by automated means on the basis of consent or on the basis of conclusion and performance of the agreement).
In certain situations, where we rely on your consent as the legal basis for processing your Personal data, you may withdraw your consent at any time. In case you withdraw your consent, we will stop that particular processing, when the processing is based on such consent. However, if you withdraw your consent, our use of your Personal data before you withdraw remains lawful;
In case you consider that our processing of your Personal data is processed in a way that violates your rights and legitimate interests stipulated by applicable legislation, you may lodge a complaint with a supervisory authority – the State Data Protection Inspectorate. You may apply in accordance with the procedures for handling complaints that are established by the State Data Protection Inspectorate and which may be found on the website: https://vdai.lrv.lt/en/
We will exercise the required rights only after we receive your written request to exercise a particular right indicated above and only after confirming the validity of your identity.
If you require the rights mentioned above please contact us at [email protected].
Your requests shall be fulfilled or fulfilment of your requests shall be refused by specifying the reasons for such refusal within 30 (thirty) calendar days from the date of submission of the request meeting our internal rules and GDPR. The afore-mentioned time frame may be extended for 30 (thirty) calendar days by giving a prior notice to you if the request is related to a great scope of Personal data or other simultaneously examined requests.
The Company must provide conditions to you to exercise the rights specified above, with the exceptions of cases provided by law when it is necessary to ensure:
The Company also ensures all other rights, guarantees and interests of the Data subjects guaranteed by GDPR and other legal acts of the Republic of Lithuania.
Use of Cookies
If you access any information or services through the Company’s Website, you should be aware that the Company uses cookies which are small text files that are placed on your computer or mobile device when you visit a Company’s Website, containing some information connected with your usage of the Website.
For more information on how to control your cookies settings and browser settings or how to delete cookies on your hard drive, please read the Cookies Policy which is available on the Company’s Website: https://www.devere-emoney.com/cookies-policy.
Personal data protection officer
The Company has appointed a data protection officer (hereinafter the Officer). The appointed person may be reached at [email protected].
Contacting Us
If you have any questions or concerns about our Policy or data processing or if you would like to make a complaint about a possible breach of privacy laws, please contact us at [email protected].
When a privacy question or access/download request is received we have a dedicated team which triages the contacts and seeks to address the specific concern or query which you are seeking to raise. Where your issue may be more substantive in nature, more information may be sought from you. All such substantive contacts receive a response. If you are unsatisfied with the reply received, you may refer your complaint to the supervisory authority or to the competent court. If you ask us, we will endeavor to provide you with information about relevant complaint avenues which may be applicable to your circumstances.
If you have any questions or concerns about our Policy or data processing or if you would like to make a complaint about a possible breach of privacy laws, please contact us at [email protected].
When a privacy question or access/download request is received we have a dedicated team which triages the contacts and seeks to address the specific concern or query which you are seeking to raise. Where your issue may be more substantive in nature, more information may be sought from you. All such substantive contacts receive a response. If you are unsatisfied with the reply received, you may refer your complaint to the supervisory authority or to the competent court. If you ask us, we will endeavor to provide you with information about relevant complaint avenues which may be applicable to your circumstances.
© 2023. All rights reserved.