At UAB “deVere E-Money” (“deVere”, “the Company”, “we” or “us”), we are dedicated to safeguarding and preserving your privacy when using our Services or communicating electronically with us.
This Privacy Policy and our Terms of use, (together the“Policy”), provides an explanation as to what happens to any personal data that you provide the Company, or that we collect from you or other sources whilst using our Services on our mobile application deVere Vault (“App”), our websites www.devere-emoney.com, www.devere-vault.com (together the “Website”), with prepaid multicurrency MasterCard card and other online products and non-banking services (“Services”), that enable you to convert currency and make payments swiftly and in a cost-effective manner. You may choose not to provide any information to us, in which case, the Company may be unable to provide its Services to you; services such as, receiving money, sending money and exchanging currency etc.
Data Controller - UAB “deVere E-Money, UAB, company code is 304469514, the address is Technopolis Delta, J. Balčikonio str. 9 LT- 08314, Vilnius, Lithuania. The Company is the electronic money institution, authorized and regulated by the Lithuanian supervisory authority - Bank of Lithuania. The license of the Company and all activities covered by it can be checked here: www.lb.lt/en/enforcement-measures-1
All activities of the Company are regulated by the applicable laws related to the electronic money, including, but not limited to the legal acts related to the financial institutions and financial services.
The Company is collecting and using the personal data (hereinafter - “Personal data”) of its potential, existing and/or former customers, customer's employee or other parties, e.g. beneficial owners, authorised representatives, business partners, other associated parties and/or person contacting us using e-mail or other communication measures (hereinafter - “Customers” or “you”), the Company is obligated to use and process the Personal data of the Customers only in accordance with this Policy and the applicable legal acts which regulate the protection of Personal data, including the General Data Protection Regulation (2016/679) (hereinafter - “GDPR”), the Law on Money Laundering and Terrorist Financing Prevention of the Republic of Lithuania, Law on Legal protection of personal data of the Republic of Lithuania and other applicable legal acts.
The Company updates this Policy from time to time. We will inform you in advance about the essential changes of the Policy by way of notification to your account or your email. Other than that, please review this Policy regularly. Any changes and clarifications will take effect on the date indicated in the prior notification.
The Company commits to comply with the provisions of the Law on Legal Protection of Personal Data of the Republic of Lithuania and all of the other Laws and/or legal acts that are applicable, as well as the GDPR and all other legal acts of the European Union that are applicable in accordance with the Personal data protection regulations for the specific country in which our Services are provided.
The Company manages personal data in observance of the following principles:
When providing its Services or communicating electronically with you, the Company collects and processes certain data about you. This information may be provided to us by yourself, or we may collect information about you from you or other sources, as described below.
Purposes of data processing (legal basis) | Processed data | Envisaged periods for storing and (or) deleting the data (where possible) |
---|---|---|
Taking necessary steps to conclude Customer contracts and performing Customer contracts Legal basis: contractual obligation to perform a contract |
|
During contract term and up to 10 years after the contractual relationship ends; Personal data which has been collected in order to fulfil the obligations under the Law on Money Laundering and Terrorist Financing Prevention - in accordance with the law, generally up to 8 (eight) years. |
Carrying out legal obligations related to onboarding of Customers, provision of services to the Customers (KYC, AML, creditworthiness and financial risk assessment and similar), tax obligations, accounting requirements, archiving requirements
Legal basis: statutory necessity derived from the Law on Anti-money
Laundering and CTF Prevention
|
Contact person of a customer (legal entity):
Authorised person of a customer (legal entity):
Executive (director, representative) of a customer (legal entity):
Shareholder of a customer (legal entity):
|
During contract term and up to 10 years after the contractual relationship ends; Personal data which has been collected in order to fulfil the obligations under the Law on Money Laundering and Terrorist Financing Prevention - in accordance with the law, Generally, up to 8 (eight) years. |
Communication - customer service Legal basis: overriding legitimate interest of the Company to provide good customer service |
|
Data is stored for up to 6 months after the Customer claim is resolved. |
Direct marketing Legal basis: consent (opt-out). Direct marketing is based on two separate consents (opt-out) given via the application. |
|
Data is stored for as long as the Customer‘s consent is valid (until withdrawn), unless personal data is needed for other processing purposes (such as performance of a contract). |
Due to the respect of your rights granted to you as data subject, please find the information how we use your data for direct marketing purposes.
As a deVere E-Money client, we will provide you with information on products and services that we offer, or a new promotion that we're running that is related to your Vault Business account only if you agree to receive direct marketing communication (“opt-in”). These communications may be via email or in-app message, which can be viewed in the notification center. The only information we will use to contact you is that which you provided when first signing up for Vault app or Vault Business platform, that is, your first name and email address. If you do not want to receive these messages from deVere E-Money any longer, you can “opt out” at any time by navigating to the Vault app > Settings > Contact Preferences or inform our DPO at [email protected].
We provide a clear, free-of-charge and easily realizable possibility for you at any time not to give your consent or to withdraw your given consent for sending proposals put forward by us. We shall state in each notification sent by e-mail that you are entitled to object to the processing of the Personal Data or refuse to receive notifications from us. You shall be entitled to refuse to receive notifications from us by clicking on the respective link in each e-mail notification. You also have a right to withhold your consent at the time of setting up your account with us.
Please be informed that the Company is part of the wider deVere Group of Companies and you may at any time request to receive marketing emails and/or calls about products and services that they offer. The list of the deVere Group of Companies are publicly available here: www.devere-group.com/globalpresence. If you wish to receive such marketing emails and/or calls about products and services, please choose the “opt-in” within the Vault Business app > Settings > Contact Preferences. Only in case you choose to receive direct marketing e-mails or calls about the services and products that deVere Group of Companies are offering, the Company will share with them your first name and email address. Please note that neither the Company, nor the deVere Group of Companies share your personal data with third-party organizations. You can stop receiving marketing emails and/or calls from deVere Group of Companies by “opt out” at any time by navigating to the Vault Business app > Settings > Preferences; or by informing our DPO at [email protected].
Please note that if you choose not to agree to receive these marketing messages offered by us, by deVere Group Companies or both, this will not affect the services in any way.
In order to perform your identity verification, the Company is using the services provided by our partner Ondato, UAB. The Service Provider takes the photo images or video records of your face and your ID document that you provide through a mobile application or a dedicated website using the camera. For more information on Ondato, UAB please read its Privacy Policy www.ondato.com/privacy-policy.
Ondato, UAB solution is used for comparing live photographic data or video record of yourself and your ID document, to comply with legal obligations (e. g. implementation of the obligations under the Law on Money Laundering and Terrorist Financing Prevention of the Republic of Lithuania and other fraud and crime prevention purposes) and risk management obligations.
The result of the face similarity (match or mismatch) will be retained for as long as it is necessary to carry out verification and for the period required by anti-money laundering laws.
The Company ensures that your face similarity check is a process of comparing data acquired at the time of the verification, i. e. this is a one-time user authorization by comparing person's photos to each other. Your facial template is not created, recorded or stored. It is not possible to regenerate the raw data from retained information. This process shall allow us to verify your identity more precisely and make the process quicker and easier to execute. If you do not feel comfortable with this identification method you may contact us by email [email protected] for an alternative way to identify yourself.
Automated decision-making refers to the processing using, for example, software code or an algorithm, which does not require human intervention. Currently we are not using automated decision-making technologies. However, if we decide to do so, we will provide you with further information about the logic involved, as well as the significance and the envisaged consequences to you.
Please be informed that you can request a manual review of the accuracy of an automated decision in case you are not satisfied with it and you have the right not to be subject to a decision based solely on such automated processing.
Please be informed that your Personal data is stored for no longer period than it is necessary for the purposes for which it was collected or for the period set forth by applicable laws.
If the legislation of the Republic of Lithuania does not provide any period of retention of Personal Data, this period shall be determined by us, taking into account the legitimate purpose of the data retention, the legal basis and the principles of lawful processing of Personal Data.
Please also be informed that under some circumstances, your Personal Data might be stored longer than it is indicated in the table above, mainly:
We may transfer data that we collect from you to locations outside of the European Union and European Economic Area for processing and storing. Also, it may be processed by staff operating outside the European Union and European Economic Area who work for us, for deVere Group of Companies or for one of our partners, acting and processing data on behalf of deVere Group of Companies according to the data processing agreements signed between the parties. The Company will take all reasonable steps to make sure that your data is treated securely and in agreement with this Privacy Policy. These data transfers are usually based on adequacy decisions by the European Commission (Art. 45 GDPR). Where this is not the case, e.g., when it comes to transfers to the USA, India the data transfers are especially based on EU Standard contractual clauses in line with the templates adopted by the European Commission (Art. 46 paragraph 2 lit. c, paragraph. 5 sentence. 2 GDPR), or on a derogation according to Art. 49 GDPR. You may ask deVere to provide you a copy by contacting the deVere Data Protection Officer at [email protected].
Data that is provided to us is stored on our secure servers located in Netherlands. Details relating to any transactions entered on our Website / App will be encrypted to ensure its safety.
The transmission of information via the internet is not completely secure and hence the Company cannot guarantee the security of data sent to us electronically and transmission of such data is therefore entirely at your own risk. Where we have given you (or where you have chosen) a password so that you can access certain parts of our site, you are responsible for keeping this password confidential.
We may disclose and/or transfer your Personal data only in accordance with legal regulations and the principles of confidentiality to the following categories of recipients:
You might find links to third party websites on our Website. These websites should have their own privacy policies which you should check. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.
We have technical, administrative and physical safeguards in place to help protect against unauthorized access to, use or disclosure of your information we collect or store. Our employees are trained on the importance of protecting privacy and on the proper access to, use and disclosure of customer information. Under our practices and policies, access to sensitive personally identifiable information is authorized only for those who have a business need for such access.
Although we work hard to protect your personal information that we collect and store, no website or app is 100% secure and we cannot guarantee that our safeguards will prevent every unauthorized attempt to access, use or disclose personal information.
We will inform you of any breach of personal data within the term set forth by the applicable law, when the Personal data breach is likely to result in a high risk to your rights and freedoms.
You, as a data subject, shall have the right to:
We will exercise the required rights only after we receive your written request to exercise a particular right indicated above and only after confirming the validity of your identity.
If you would like to exercise the rights mentioned above, please contact us at [email protected].
Your requests shall be fulfilled or fulfilment of your requests shall be refused by specifying the reasons for such refusal within 30 (thirty) calendar days from the date of submission of the request meeting our internal rules and GDPR. The afore-mentioned time frame may be extended for 30 (thirty) calendar days by giving prior notice to you if the request is related to a great scope of Personal data or other simultaneously examined requests.
The Company must provide conditions to you to exercise the rights specified above, with the exceptions of cases provided by law when it is necessary to ensure:
The Company also ensures all other rights, guarantees and interests of the Data subjects guaranteed by GDPR and other legal acts of the Republic of Lithuania.
If you access any information or services through the Company's Website, you should be aware that the Company uses cookies which are small text files that are placed on your computer or mobile device when you visit a Company's Website, containing some information connected with your usage of the Website.
For more information on how to control your cookies settings and browser settings or how to delete cookies on your hard drive, please read the Cookies Policy which is available on the Company's Website: www.devere-emoney.com/cookies-policy.
The Company has appointed a data protection officer (hereinafter the Officer). The appointed person may be reached at [email protected].
If you have any questions or concerns about our Policy or data processing or if you would like to make a complaint about a possible breach of privacy laws, please contact us at [email protected].
When a privacy question or access/download request is received we have a dedicated team which triages the contacts and seeks to address the specific concern or query which you are seeking to raise. Where your issue may be more substantive in nature, more information may be sought from you. All such substantive contacts receive a response. If you are unsatisfied with the reply received, you may refer your complaint to the supervisory authority or to the competent court. If you ask us, we will endeavour to provide you with information about relevant complaint avenues which may be applicable to your circumstances.
If you have any questions or concerns about our Policy or data processing or if you would like to make a complaint about a possible breach of privacy laws, please contact us at [email protected].