Data controller's data
"NEO Finance", AB, legal entity code 303225546, Verkiu str. 25C-1, Vilnius (hereinafter referred to as "we" or "data controller" or "Company").
DATA PROTECTION OFFICER
A data protection officer has been appointed in the Company.
If you would like to check or find out how the company processes your personal data, or if you are going to exercise your rights as data subjects, please contact the Company appointed data protection officer, email: email@example.com, or by phone +37068700300.
Additional information may be provided in consumer credit, paid surety, electronic money account and payment service provision and other contracts, as well as in an agreement for investment in consumer credits.
We respect your privacy and undertake to process and protect your personal data in a fair and lawful manner in accordance with the applicable legal requirements of the European Union and the Republic of Lithuania and the instructions of the controlling authorities. We apply appropriate technical and administrative measures to protect personal data against loss, unauthorized use, and changes.
Company employees and members of the management bodies are informed about the processing of their personal data in accordance with the procedure, approved by the Company's local acts.
Personal data sources
Personal data may be obtained directly from you when you use electronic services, you enter into contracts with us in your name or while representing other persons, send your CV, as well as other information related to employment, practice in the Company or otherwise contact us, communicate with us through social networks or simply watch our activities on social networks or by visiting the Company.
We may also receive your personal data indirectly from persons you represent, your spouses, data processors, databases collecting separate specific data, registers and information systems, other external sources, including but not limited to: Bank of Lithuania, financial Institutions, State Social Insurance Fund Board (SODRA), Databases and registers administered by the State Enterprise Center of Registers, data controllers managing joint debtor's data files, databases managed by UAB "CREDITINFO LIETUVA", Public register of invalid personal documents, Public register of wanted (missing) people.
You are not required to provide any personal data, but it may make it impossible to provide services for you.
WHY ARE WE PROCESSING YOUR PERSONAL DATA?
We process your personal data for the following purposes, including, but not limited to:
We process your personal data for the above-mentioned purposes, because we are bound by existing legislation, an agreement with you or we process your personal data on the legal basis of legitimate interest - ours or third party's (or yours), for example, to optimize costs by improving quality. Your data will not be processed on a legal basis for legitimate interests if your interests, rights and freedoms will be of higher importance. We may also process your personal data for the purpose of entering into an agreement with you or with your consent, or in order to protect the vital interests of you or any other natural person .
WHAT KIND OF YOUR PERSONAL DATA DO WE PROCESS?
For above-mentioned purposes for processing of personal data, we may process, but not be limited to, the following basic categories of personal data:
Name, surname, personal identification number, date of birth, place of residence (address), identification document, nationality, telephone number, e-mail address, age, amount invested and amount limits, investment conditions, rating of the borrower, rating, risk group, credit history, nickname, representation data, date of conclusion of the contract, method of signing, electronic money account and its money turnover, customer attribute (consumer credit recipient / investor), payment order details, credit institution, investment report, investor status, legal entity representative data, debt, workplace, due payment deadline, income received, business license and individual economic activity data, data on available assets and restraints, number of underage children and dependents, marital status, consumer credit terms, purpose, preferential financial commitments which received a negative decision - types and sums, existing liabilities and past due debts, ensuring guarantee , if the person is / is not included in the list of persons for whom there are request to not allow them to enter into consumer credit agreements, time of conclusion of consumer credit agreement, customer and beneficiary recognition questionnaire data, user identification number , information about a search for the person, managed shares, other rights in a legal person, personal name, alternative names, e-mail, signature data, personalized banking security data, settlement result, website registration details, security code for person identification, actions you take, and information provided when you sign in to customer self-service area, date of identification, time, IP address, website browsing history and date, prize, reward for recommendation, recommendation code, query data, other information needed for upkeeping relationship, billing and contract management and providing legal requirements, data subject profile and other information in social media.
DO WE PROCESS SPECIAL CATEGORY PERSONAL DATA?
Upon receiving your consent, we will process data about your legal capacity to make sure you are legally capable (your capacity is not limited) and you may enter into a consumer credit agreement. We check whether the register of incapacitated and limited capability individuals contains data on your incapacity (limited capacity). We do not process this data for any other purpose.
PROCESSING PERSONAL DATA FOR THE PURPOSES OF EMPLOYMENT OR TRAINEESHIP AT THE COMPANY
If you contact us through social media, the social network controller may process your interest in our published positions for the purposes set out in social network controller's policies.
Your personal data, submitted whenever you apply for a specific position, published by the Company, shall be processed for the purpose of concluding an employment contract, or a traineeship agreement with you as a potential employee and a trainee.
While implementing the requirements of the Law on the Prevention of money laundering and terrorist financing of the Republic of Lithuania, we must determine the identities of clients and beneficiaries and their representatives. We can also determine identity remotely (e.g. by using the Finpass identification program). If we identify you with the Finpass identification program, we will process your image data: image, face, identity document, video transfer time, date, your name, zodiac sign, etc. and we will capture the face and identity document by taking pictures during video recording.
RECORDING OF CALLS FOR SERVICE QUALITY CONTROL PURPOSES
For this purpose, we will process your name, telephone number, date of call, conversation start and end time, conversation content. We will only record the conversations that are taking place by your call to 8 700 80075 and when we call you by the Company's assigned numbers during the Company's business hours. We inform you that the conversation is being recorded, prior to the start of the actual conversation. By continuing the conversation, you express your consent to the recording of the conversation. If you do not agree with the conversation being recorded, we invite you to the Company for the conversation.
Data processing for direct marketing purposes
By submitting your name, surname and e-mail address, you may agree / disagree with the use of this data for direct marketing purposes.
When processing personal data for direct marketing purposes, we may also receive information about whether the newsletter has been read: when and how many times the letter or its link has been opened.
If you have a contract with us and have not objected to the processing of personal data for direct marketing at the time of data collection, we will process your data for this purpose according to a legitimate interest by sending notifications regarding similar services. You can refuse to receive such direct marketing messages at any time by emailing us at firstname.lastname@example.org or by clicking on the opt-out link at the bottom of the newsletter, received from the Company.
The consent you have us to use the data for direct marketing purposes may be revoked at any time by the following e-mail: email@example.com or by clicking on the rejection of subscription link at the bottom of the newsletter, received from the Company.
PERSONAL DATA PROCESSING DURING THE PROVISION OF PAYMENT INITIATION SERVICE
We provide payment initiation service in accordance with the principles of good practice of Payment initiation prepared by the Bank of Lithuania. We will process the personal data received for this purpose, only in order to provide the payment initiation service.
You can only use this service if you implement active actions in confirming that the information about you, received during the payment initiation service, would be used to execute the payment initiation service.
Personalized security features provided by your credit institution are only available to you and the credit institution that issued them. We will not keep, store, or transfer to you any sensitive payment initiation service user data, i.e. such as data that is usable for fraudulent purposes and that includes personalized security features.
If, with your consent, we provide a payment initiation service, the Company will provide the information about a successfully executed payment, name, surname, personal identification number (when you agreed to transfer it by active action and account number to the payee.
INITIAL SHARE PUBLIC OFFERING (IPO) PARTICIPANT DATA PROCESSING
We conduct the initial public offering (IPO) in accordance with the Law on Securities of the Republic of Lithuania and other legal acts. We will process personal data received for this purpose only for the purpose of participation in the initial public offering (IPO).
To participate in the initial public offering (IPO), you can register at www.neofinance.com by opening an electronic money account and selecting the status of a participant in the public offering (IPO).
We will keep the following data for the initial public offering (IPO): user ID number, offered share price, quantity, total offered amount. We will keep this data for 10 years after the day of the end of the initial public offering (IPO).
We can apply profiling when making credit decisions, assessing credit risk, implementing marketing and others. We can carry out profiling in order to implement the requirements set out for the Company in the legal acts (e.g. risk assessment in compliance with the requirements of legal acts of the Republic of Lithuania for the prevention of money laundering and terrorist financing), as well as on the basis of consent of data subjects or legitimate interest.
PERSONAL DATA STORAGE PERIOD
Personal data shall be processed for no longer than it is necessary for the purposes for which the data is processed, or for no longer than is required by the data subjects and / or provided for by law.
Usually, we keep data during the course of the provision of services, during the validity of the contract and 10 years after the expiration of the contract or legal relationships, while executing the requirements set forth in legal acts related to document archiving and in order to declare, execute or defend the legal claims of the Company.
If the transaction has not been concluded, we will store personal data for 3 years from the date of its receipt. If a transaction is refused due to the implementation of money laundering and terrorist financing prevention measures, personal data shall be stored for 8 years from the moment of refusal.
When the personal data of the payment initiation service participant are provided, it is stored for 3 years after the receipt of the data.
According to the requirements of legal acts regulating the prevention of money laundering and terrorist financing of the Republic of Lithuania, we will process personal data for 8 years from the date of receipt.
Data provided by candidates, trainees after a specific selection has ended, and whenever a candidate did not enter into a contract with the Company, or in case the candidate has submitted his / her data without applying for a specific position in the Company, with the consent of the data subject, is retained for 1 year or until the data subject revokes the consent for data processing.
Data received by recording conversations are stored and processed for a maximum of 10 years from the date of their receipt.
For the purpose of direct marketing and according to your consent, we process your personal data for no longer than 5 years after receiving your consent, or until you revoke your given consent regarding data processing.
For the purposes of direct marketing, while providing messages regarding similar service, according to the basis of legitimate interest, we process personal data during the term of the contract with you and during 3 years after the expiration of the contract or until you will object to the receipt of such messages.
If you revoke your consent for data processing or the data processing term expires (when the data is processed on the basis of your consent), only the data confirming the fact of your consent is retained for 10 years from the end of the consent period or the cancellation of consent in order to declare, execute or defend the legal claims of the Company.
We may provide your personal data to the following persons according to the data provision basis and after ensuring the safety of transferred data:
If you participate in games and/or lotteries, organized by the Company, we may publicly disclose your winnings upon the receipt of your consent.
We may also provide personal data to other persons upon receiving your consent.
We may also provide your data to protect your vital interests (for example, if you feel ill in our premises and we have to seek medical assistance).
We may use the services of data processors who, in accordance with our instructions and to the extent that we determine, will process personal data to the extent necessary to achieve the purposes for which the data was processed. With the help of data processors, we strive to ensure that processors also implement appropriate organizational and technical security measures and maintain the confidentiality of personal data.
Joint data controllers
We may also process your personal data as a joint data controller with other data controllers. When we process your data together with other data controllers, you can exercise your data subject rights in relation to each of the joint data controllers. Upon your request, we will provide you with contact details of joint controllers and with.
As a data subject, you have the rights, provided below in this section.
The right to know (be informed) about the processing of your personal data.
When we receive information about the processing of personal data directly from you, we inform you orally and / or in writing during the receipt of your personal data.
If we do not receive personal data directly from you, we will inform you about the processing of your personal data within one month of receipt of the data and, if we use your personal data to maintain contacts with you, not later then when we contact you for the first time.
The right to familiarize with your processed personal data and know how they are processed, i.e. to obtain information on the period of retention of personal data, information regarding from which sources and which personal data is collected, for what purpose it is processed, to whom it is provided.
Within one month of receiving the request, we will verify if your personal data is being processed by the Company. Having determined that we are processing your personal data, we will provide you with information about the personal data processed and a copy of the personal data processed.
We may extend the time period for the response, if necessary. We will inform you about this. You are entitled to apply to the State Data Protection Inspectorate due to such extension.
Usually we will give you information free of charge. However, if your requests are obviously unfounded or disproportionate, in particular because of their repetitive content, or if you wish to receive a copy of the processed personal data in a different form / content than the Company has prepared it, we have the right to charge a fee for the provision of information or reports or actions, requested from the Company, as well as for administrative costs.
If your requests are obviously unfounded or disproportionate, we have the right to refuse to execute your request.
If your request does not specify the form of the information, we will provide the information in the same form as we received your request.
The right to request the correction of personal data and to suspend the processing of such personal data, if after familiarizing with your personal data, you will find that the data is incorrect, incomplete or inaccurate.
We will notify you of any correction, termination or suspension of personal data processing performed at your request. We will inform the data recipients of this, unless it is impossible or too difficult to provide such information. We will provide you with information about such recipients at your request,
The right to request to terminate personal data or to limit their processing activities, if, after becoming familiarized with your personal data, you become aware that personal data is processed unlawfully or unjustly.
We will notify you of any limitation of processing that we executed or did not execute according to your request. We will inform data recipients if this unless it is impossible or would require a disproportionate effort. We will provide you with information about such recipients at your request,
Personal data, the processing of which is restricted, are protected.
The right to disagree with the processing of personal data, except if we process personal data due to the legitimate interest of the Company or other person to whom personal data are provided, and your interests are not more important.
In case you have expressed your disagreement with the processing of personal data, we will further process your personal data if we reasonably decide that the reasons for processing personal data take precedence over your interests, rights and freedoms, or if your personal data is required to state, execute or defend your legal claims.
The right to revoke the given consent for processing
You have the right to revoke your consent to the processing of your personal data at any time, whenever your personal data processing is based on your consent.
Right to "be forgotten"
You have the right to request the deletion of your data in the cases provided by law. We have the right to refuse to comply with this request in the cases provided for by law, including but not limited to the cases referred to in Article 17, part 3 of the Regulation.
If your request is met and personal data (deleted on your request) have been previously transferred to data recipients, we will inform the recipients of the data, unless it is impossible or would require a disproportionate effort. We will provide information on such recipients at your request.
Right to data portability
You have the right to request that the personal data you provided (in case they are processed on the basis of consent or contract, and if they are processed by automated means), to be forwarded to another data controller or transferred to you in a structured, commonly used and computer-readable format, if it is technically possible. When applying for the implementation of this right, you must indicate whether you want the personal data to be transferred to you or to another data controller.
If your request is granted and you wish to have the data transferred on a digital medium, we will provide the personal data processed by the Company on the single-use Compact disc (CD), provided by you or the Company's single-use Compact disc (CD), whenever you provide compensation for the purchase price of this media.
The right to data portability cannot be implemented in regard to personal data, processed in files, structured in a non-automatic way, such as paper files.
The transferred personal data is not automatically deleted. If you wish, you must apply to the Company for the implementation of the right to be forgotten.
The right to disagree with the data subject being subjected only to automated processing, including profiling
You have the right to know and be informed about the logic of the automated processing of personal data and what could the consequences of such processing of personal data, when the data is processed only in an automated way.
After you have addressed us regarding the automated data-processing-based decision (if such decisions are made by the Company regarding yourself), we will conduct a thorough evaluation of all relevant data, including the information you provide.
The right to file a personal data complaint with the State Data Protection Inspectorate or the competent court
The actions or inactions of the Company, related to the implementation of the data subject's rights, can be appealed by yourself or through a properly authorized representative or a non-profit institution, organization or association, compliant with requirements of Article 80 of the Regulation, to the State Data Protection Inspectorate, located at A. Juozapavičius str. 6, Vilnius, e-mail address firstname.lastname@example.org , website www.ada.lt also to the competent court of the Republic of Lithuania.
Right to compensation for damage, caused by violation of data subject's rights
If you have suffered damage as a result of a violation of the data subject's rights, you are entitled to compensation, which you must apply for to the competent court of the Republic of Lithuania.
ORDER OF ADDRESSING THE COMPANY TO IMPLEMENT DATA SUBJECT'S RIGHTS
You must confirm your identity by submitting an identification document. Failure to do so will prevent us from accepting your requests and the data subject's rights will not be enforced. This provision shall not apply if you apply for information on the processing of personal data pursuant to Articles 13 and 14 of the Regulation.
In case you decide to claim your rights as the data subject by post, then a copy of the identity document certified either by a notary or according to another order, provided for in the legal acts, must be submitted together with the application. If your personal data (name, surname) have changed, copies of the documents confirming the change of such data should be provided together with the application; if they are sent by post, then a copy of the identity document certified either by a notary or according to another order, provided for in the legal acts, must be submitted together with the application.
If you decide to submit an application by electronic means, the application must be signed by a qualified electronic signature or by electronic means which allow to ensure the integrity and indispensability of the text. This provision shall not apply if you apply for information on the processing of personal data pursuant to Articles 13 and 14 of the Regulation.
The request for the implementation of the data subject's rights must be readable, signed,, and must contain your name, address and / or other contact details for the purpose of maintaining the contact or providing a response.
In case you have decided to implement your rights through a representative, your representative must indicate his / her name, address and / or other contact details to be used by your representative, as well as your name and any other data necessary for the proper identification of the data subject and to provide a document or a copy thereof, confirming the representation.
If we have any doubts about your identity, we have the right to request additional information to inspect it and be sure of the identification.
You may contact the Data protection officer of the Company on all matters relating to the processing of personal data and the exercise of your rights. We recommend that the correspondence be addressed to the Data protection officer of the Company.
If you do not follow the procedure in this section when applying to us, we will inform you about it within 7 calendar days from the receipt of the request and will indicate any shortcomings. If the deficiencies noted are not corrected or you fail to inform the Company of reasonable grounds for not rectifying the shortcomings, we will not examine the request.
In the event of objective circumstances that prevent the identified shortcomings from being removed, we may decide to consider and process your application after evaluating such circumstances.
COMPANY'S ACCOUNTS IN SOCIAL MEDIA
The company owns an account on social media Facebook, LinkedIn and YouTube. The information you provide on Facebook, LinkedIn, or YouTube (including notifications, use of the Like and Follow boxes, and other communications) or which comes from visiting our Company account on Facebook, LinkedIn, or YouTube (including information from cookies used by social network controllers) is controlled by the social network controller. Therefore, we recommend that you read the social network controller's privacy notices (policies).
As the Company's Facebook, LinkedIn, or YouTube account Administrator, we select the appropriate settings based on our target audience and performance management and promotion goals. By enabling the company to create and manage an account on the social network, the Social network controller may impose restrictions on the ability to change certain essential settings, and so, we cannot influence what information the Social network controller will collect about you due to the Company crating an account on the social network.
All such settings may affect the processing of personal data while using social media, visiting the Company's account or reading Company's announcements on the social media network. Even if you just review our messages on Facebook, LinkedIn or YouTube, the social network controller can get some personal information, such as what end device you use, your IP address, and more.
Site visitors’ statistics are analyzed using Google Analytics. Information collected from Google Analytics cookies about your website browsing history can be transferred and stored on servers, located in the USA.
Last updated in 1 April 2019.