PRIVACY POLICY
1. Purpose and scope
We, Regrally Technologies, UAB, company code 306341431, with its registered address at Mėsinių str. 5, Vilnius (the Company or we), describe in this privacy policy (hereinafter—Privacy Policy) what personal data we process, for what purposes, on what legal basis, and how long we keep your personal data, etc.
We are committed to protecting the privacy of your personal data following the applicable laws, including the General Data Protection Regulation (2016/679) (hereinafter – GDPR), Law on Legal protection of personal data of the Republic of Lithuania, and other applicable legal acts (hereinafter – data protection law). We value your privacy, and we only collect and use your personal data under this Privacy Policy and binding legal provisions.
2. Principles relating to the processing of personal data
We are responsible for ensuring the security of your personal data that is made available to us, particularly to prevent unauthorized access to your data.
When processing personal data, we follow the principles of:
legality, fairness and transparency which means that the personal data with respect to you is processed in a lawful, honest, and transparent way;
purpose limitation which means that the personal data is collected for specified, clearly defined, and legitimate purposes and shall not be further processed in a way that is incompatible with those purposes;
data reduction which means that the personal data must be adequate, appropriate and is only necessary for the purposes for which it is processed;
accuracy which means that the personal data must be accurate and, if necessary, updated. All reasonable steps must be taken to ensure that personal data that is not accurate in relation to the purposes for which it is processed shall be immediately erased or corrected;
limitation of the length of the storage which means that the personal data shall be kept in such a way that your identity can be determined for no longer than is necessary for the purposes for which the personal data is processed;
integrity and confidentiality which means that personal data shall be managed by applying appropriate technical or organizational measures to ensure the proper security of the personal data, including the protection from unauthorized processing or processing of unauthorized data against accidental loss, destruction, or damage
.
3. What information we collect, for what purposes and on what legal basis
Categories of personal data being processed
The personal data we collect can be grouped into the following categories:
Type of information | Personal data |
Basic personal data | your name, surname, |
Contact details | Phone number, e-mail, and address. |
Communication details | Content of email correspondence or any other form of communication with us. |
Identification information and other background verification data (your, your representatives’, and the ultimate beneficiary owner’s) | such as your name, surname, date of birth, nationality, personal identification number, position within the client – legal entity, and other relevant information used to confirm your identity. We may also process additional information required for compliance with anti-money laundering (AML), know-your-customer (KYC), and international sanctions obligations. The specific information collected may vary depending on your risk profile and our legal obligations. |
Information related to Services provided | personal data provided by the Client for the purpose of providing services |
Payment for Services details | such as currency, amount, payer’s name, and message sent with the payment. |
4. Purposes and legal basis for personal data processing
We as a data controller, will process the Personal Data of Client, the Client’s representatives and other persons, which are related to the Client based on processing Personal Data for the purposes and legal grounds as indicated in the table below.
Purpose of processing | Legal basis | Categories of data |
1. Client onboarding – to assess your eligibility to enter into a contractual relationship. | • Contract performance • Legal obligation | • Basic personal data • Identification information and other background verification data • Communication details. Contact details |
2. Ensuring compliance with international sanctions | Legal obligation Public interest | Basic personal data Other personal data needed in order to ensure compliance with international sanctions |
3. Fulfilment of the contract concluded with you, including but not limited to the provision of the Services. | • Contract performance | Basic personal data; Payment for Services details; Information related to Services provided; Other personal data needed to provide services |
4. Legal compliance and dispute resolution – to comply with legal requirements and to exercise or defend legal claims. | • Legitimate interest (to be able to defend our rights and interests) • Legal obligation (to provide the court with the information it needs to initiate legal proceedings in accordance with Article 111 of the Civil Procedure Code of the Republic of Lithuania) | Basic personal data; Contact details; Other data. |
5. Service improvement and communication – to understand your needs, improve our services, and send updates or offers that may be relevant to you. | • Legitimate interest (to ensure our ability to provide our products and services adequately) | Basic personal data; Contact details; Communication details. |
6. Recruitment – to process job applications submitted through our website or by email. | • Legitimate interest (recruitment process management and hiring needs) | Basic personal data; Contact details; Communication details; Other personal data you provided. |
7. Responding to inquiries – to respond to messages or forms submitted through our website. | • Legitimate interest (communication and client service) | • Basic personal data •Contact details; • Communication details |
We do not process special category data related to your health, ethnicity, or religious or political beliefs unless required by law or in specific circumstances where, for example, you reveal such data while using the Services (e.g., in payments details).
If you provide us personal data about other people (such as your spouse or family, employees or clients) or you ask us to share their personal data with third parties, you confirm that you have brought this Policy to their attention beforehand.
The definitions used above are understood as follows:
Legitimate interest: legitimate interests are our business needs in conducting and managing our Services to create better benefits for our clients, increase the quality of our Services, and at the same to ensure ours and our clients' interests.
Contract performance: processing your personal data where it is necessary for the performance of a contract to which you are a party or to take pre-contractual measures before entering into such a contract.
Legal obligations: processing your personal data where it is necessary for compliance with a legal or regulatory obligations that we are subject to.
Consent: your consent shall mean any freely given, specific, informed and unambiguous indication of your wishes by which you, by a statement or by a clear affirmative action, signify your agreement to the processing of personal data relating to you. We can request from you a consent for processing when we do not have another legal basis for processing of your data.
5. How we collect your personal data
We may collect or receive your Personal Data in several ways:
When you provide it to us directly, for example, by corresponding with us via email or other direct interactions with us such as completing a form on our website. Sometimes additional information is required to keep information up to date or to verify information we collect;
In the course of our relationship with you or while providing services to third parties;
When it is provided to us by a third party because you are the subject or your data is otherwise included in provision of Services. Third party sources, for example, register held by governmental agencies or where we collect information about you to assist with “know your client” check-ups as part of our client acceptance procedures, such as sanctions list, politically exposed persons list etc. Also, when we receive information about you from third parties;
Publicly available sources – we may, for example, use sources to help us keep your contact details that we already possess accurate and up to date or for professional networking purposes or for providing our legal and other services.
6. How we share your personal data
The following is a list of key recipients, to whom your personal data might be disclosed to:
public authorities, institutions, organisations, courts and other third parties, but only upon request and only when required by applicable laws, or in cases and under procedures provided for by applicable laws;
third parties providing services to the Company including providers of legal, financial, auditing, tax, business management, personnel administration, accounting, advertising (including online advertising), direct marketing, communications, data centres, hosting, cloud and/or other services. In each case, we provide such third parties with only as much data as necessary to provide their services. Service providers engaged by us may process your personal data only in accordance with our instructions and may not use them for other purposes;
third parties for the purpose of performance of the contract concluded with you;
third parties, when we intend to enter into a business sale transaction and/or to perform legal and/or financial due diligence of us prior to such transaction;
other persons with your consent.
7. International transfer of personal data
In case your personal data is transferred outside the European Economic Area (EEA), we will take necessary steps to ensure that your data is treated securely and in accordance with this Policy and we will ensure that it is protected and transferred in a manner consistent with the legal requirements applicable to the personal data. This can be done in a number of different ways, for example:
the country to which we send the personal data, a territory or one or more specified sectors within that third country, or the international organization is approved by the European Commission as having an adequate level of protection;
the recipient has signed or contains in its terms of service (service agreement) standard contractual clauses adopted by the European Commission;
special permission has been obtained from a supervisory authority.
We may transfer personal data to a third country by taking other measures if it ensures appropriate safeguards as indicated in the GDPR or on the basis of derogations.
7. How we protect your personal data
Please note that, although no system of technology is completely secure, we have to implement appropriate security measures in order to minimize the risks of unauthorized access to or improper use of your personal information.
We and our third-party service providers that may be engaged in the processing of personal data on our behalf (for the purposes indicated above) are contractually obligated to respect the confidentiality of the personal data.
A variety of logical and physical security measures are used to keep your personal data safe and prevent unauthorized access, usage, or disclosure of it (the list indicated below is not exhaustive): we use antivirus software, information security policies, access restriction, we regularly review our information collection, storage, and processing practices to prevent unauthorized access to our systems, we use mandatory data encryption and password protection, carry out regular penetration tests and backup of data, etc.
8. How long we keep your personal data
We will keep your personal data for as long as it is needed for the purposes for which your data was collected and processed, including for the purposes to comply with any legal, regulatory, tax, accounting or reporting obligations. This means that we store your data for as long as it is necessary for provision of the Services and as required by the retention requirements in laws and regulations. If the legislation of the Republic of Lithuania does not provide any applicable data retention period, it shall be determined by us, taking into account the legitimate purpose of the data retention, the legal basis and the principles of lawful processing of the personal data.
The terms of data retention of the personal data for the purposes of the processing of the personal data as specified in this Policy are as follows:
a) as long as your consent remains in force, if there are no other legal requirements which shall be fulfilled with regard to the personal data processing. We reserve the right to retain records of any consent given and withdrawn for a period of time necessary to protect our rights;
b) in case of the conclusion and execution of contracts – until the contract concluded between you and us remains in force and up to 10 years after the relationship between you and us has ended;
c) the personal data submitted by you through our Website or via e-mail is kept for an extent necessary for the fulfilment of your request and to maintain further cooperation, but no longer than 3 years after the last day of the communication, if there are no legal requirements to keep them longer.
In the cases when the terms of data keeping are indicated in the legislative regulations, the legislative regulations are applied.
We may retain your personal data for a longer period if:
a) it is necessary in order for us to defend ourselves against existing or threatened claims, or to exercise our rights, or for the proper resolution of dispute, complaint or claim;
b) there is a reasonable suspicion of illegal activity;
c) it is required by applicable laws.
Upon expiration of the retention period, we will delete and/or reliably and irrevocably depersonalize your data as soon as possible, within a reasonable time required to perform such action.
9. Your rights
The right to be informed
. You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data.
The right to access
. You have the right to request from us the copies of your personal data. Where your requests are excessive, in particular if they are being sent with a repetitive character, we may refuse to act on the request, or charge a reasonable fee taking into account the administrative costs for providing the information. The assessment of the
excessiveness of the request will be made by us.
The right to rectification
. You have the right to request us to correct or update your personal data at any time, in particular if your personal data is incomplete or incorrect.
The right to data portability
. The personal data provided by you is portable. You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
The right to be forgotten
. When there is no good reason for us to process your personal data anymore, you can ask us to delete your data. We will take reasonable steps to respond to your request. If your personal data is no longer needed and we are not required by law to retain it, we will delete, destroy or permanently de-identify it.
The right to restrict processing
. You have the right to restrict the processing of your personal data in certain situations (e. g. you want us to investigate whether it is accurate; we no longer need your personal data, but you want us to continue holding it for you in connection with a legal claim).
The right to object processing.
Under certain circumstances you have the right to object to certain types of processing (e. g. receiving notification emails). However, if you object us using personal data which we need in order to provide our Services, we may need to close your payment account as we will not be able to provide the Services.
The right to file a complaint with a supervisory authority.
You have the right to file a complaint directly the State Data Protection Inspectorate of Lithuania if you believe that the personal data is processed in a way that violates your rights and legitimate interests stipulated by applicable legislation. You may apply in accordance with the procedures for handling complaints that are established by the State Data Protection Inspectorate and which may be found by this link:
https://vdai.lrv.lt/lt/veiklos-sritys-1/skundu-nagrinejimas
.
Rights related to automated decision-making.
You have the right not to be subject to a decision which is based solely on automated processing and which produces legal or other significant effects. In particular, you have the right:
to obtain human intervention;
to express point of view;
to obtain an explanation of the decision reached after an assessment; and
to challenge such a decision.
Right to withdraw your consent.
The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
If you would like to exercise any of these rights, please contact us via e-mail: [email protected]. For security reasons, we will not be able to process your request if we are not sure of your identity, so we may ask for your ID as proof.
Your requests will be fulfilled, or fulfilment of your requests will be refused by specifying the reasons for such refusal, within 30 (thirty) calendar days from the date of submission of the request that complies with our internal rules and the GDPR. The afore-mentioned time frame may be extended by 60 (sixty) calendar days taking into account the complexity and number of the requests. The Company will inform you of any such extension within 30 (thirty) calendar days of receipt of the request, together with the reasons for the delay.
We may refuse to satisfy you request if the exception and/or limitation to the exercise of data subjects’ right set out in the GDPR apply, and/or if your request is found to be manifestly unfounded or disproportionate. If we refuse to satisfy your request, we will give you our reason for such refusal in writing.
10. Cookie policy
If you access our information or Services through our Website, you should be aware that we use cookies.
For more information on how to control your cookie settings and browser settings or how to delete cookies from your device, please read the Cookie Policy available on our Website.
11. Links to other websites
Our Website may contain links to other websites which are not operated by the Company. When you decide to click on these links and be led to such websites, we recommend familiarising yourself with their privacy policies or notices, cookie policies and/or other documents. The Company assumes no responsibility for the content, policies or practices of such third-party websites or services.
12. Changes of this Policy
We regularly review this Policy and reserve the right to modify it at any time in accordance with applicable laws and regulations. Any changes will take effect immediately upon their publication on our Website.
Please review this Policy from time to time to stay updated regarding any changes.
13. Contact us
You may contact us by writing an email to [email protected].