Privacy Policy

1. Chapter. General Provisions

This privacy policy is intended to inform you of how we handle your personal data that you provide to us. We also assure you that we process your personal data in accordance with the Regulations, the Law on the Legal Protection of Personal Data of the Republic of Lithuania and other legal acts regulating the protection of personal data.

We reserve the right to modify, in whole or in part, the rules described in this Privacy Policy. We will inform you of any changes by posting an updated version of the Privacy Policy on this website.

Company – FUNDSTR UAB, company code: 305201405;

Website – www.fundstruab.com

Regulation – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);

Personal data – any information relating to an identified or identifiable natural person (data subject); "identifiable natural person" means a person who can be identified, directly or indirectly, in particular by means of an identifier such as name and surname, personal identification number, location and internet identifier or by one or more of the physical, physiological, genetic, mental, economic, cultural or social identities of that natural person;

Data Controller means a natural or legal person who, individually or jointly with others, determines the purposes and means of the Processing of Personal Data. Where Personal Data is processed in accordance with these Principles, FUNDSTR UAB is the Data Controller when it processes Personal Data in the context of providing financial services to the Client.

Data processing – any operation or sequence of operations on personal data or sets of personal data by automated or non-automated means, such as collecting, recording, sorting, organizing, storing, adapting or modifying, extracting, accessing, using, disclosing by transfer, distribution or other means of access, as well as collation or merging with other data, restriction, deletion or destruction.

Data Processor means anyone who Processes Personal Data on behalf of the Data Controller. FUNDSTR UAB uses Data Processors and takes the necessary measures to ensure that such Data Processors handle Personal Data in accordance with FUNDSTR’s documented instructions, in compliance with the necessary and sufficient security measures, and in compliance with the requirements of legal acts regulating Data Protection.

Data Subject means any identifiable living natural person whose Personal Data is processed by FUNDSTR UAB. FUNDSTR processes Personal Data of Data Subjects such as Clients, legal representatives, authorized persons, contact persons, counterparties, payers, board members, ultimate beneficial owners.

2. Chapter. Principles Of Personal Data Processing

Personal data is processed in accordance with the following principles:

  • Personal data must be processed only in such a way and by such means as to ensure their security. Personal data must be protected against unauthorized processing, as well as against processing without consent. All this must be done by means of appropriate technical and organizational measures to ensure the security of the data processing, including its protection against accidental loss, destruction or damage;
  • Personal data shall be kept only for the time necessary to achieve the purposes for which they were collected. In exceptional cases, if personal data are processed for archival purposes in the public interest, for scientific or historical research purposes or for statistical purposes, the data may be stored for a longer period;
  • Personal data must be accurate and, in the event of inaccuracies, kept up to date. Reasonable measures, technical or organizational, must be taken to ensure that inaccurate data are always corrected or deleted;
  • Personal data must be collected only to the extent necessary to achieve the intended purposes;
  • Personal data must be collected only for lawful, clear and defined purposes;
  • FUNDSTR, depending on the Services provided to the Client, obtains Personal Data from external data sources such as: public registers (including the Population Register, the Register of Legal Persons); FUNDSTR also collects Personal Data through saving e-mail communication, and documents the Client’s interaction and communication with FUNDSTR.

3. Chapter. I Purposes, Legal Bases And Deadlines For The Processing Of Personal Data

FUNDSTR collects and processes the following categories of Personal Data:

  • Identification data such as name, last name, personal identification number, date of birth, identity document details.
  • Contact data such as address, phone number, email address, language of communication.
  • Financial data such as ownerships, transactions, credits, income, liabilities, assets. Account data such as account number.
  • Data about trustworthiness and due diligence such as data about payment behaviour, data that enables FUNDSTR to perform its due diligence measures regarding money laundering and terrorist financing prevention and to ensure the compliance with international sanctions, including the purpose of the business relationship and whether the Client is a politically exposed person, data on the origin of assets or wealth such as data regarding the Client’s counterparties and business activities.
  • Data obtained and/or created while performing an obligation arising from the laws, such as data that FUNDSTR is required to report to the authorities, for example, tax authorities, courts, law enforcement agencies including details of income, remarks and debt balances.
  • Data collected by means of communication and other technical means such as data contained in messages, e-mails, photographs, video and/or audio recordings; data related to the Client’s usage of accounts or the mobile application.
  • Family data such as information about the Client’s family and relationships.
  • Demographic data such as country of residence, date of birth and citizenship.
  • Professional data such as education or professional career.
  • Data about relationships with legal entities such as data submitted by the Client or obtained from public databases or a third party as a service provider for the execution of transactions on behalf of a particular legal entity.
  • Relationship with FUNDSTR status data such as the segment to which the Client belongs, information about the Client’s participation in a customer service programme or the assignment of a risk level to the Client.

We Process your personal data only if we have a valid reason to do so. This reason can be based on the following legal ground(s):

  • Performance of agreement is one of the main legal bases according to which we Process Personal Data to provide Services. This includes Processing necessary to take steps at your request prior to entering into an agreement, as well as to conclude, amend, execute, maintain and terminate an agreement.
  • Compliance with legal obligation is the legal basis for the Processing that is necessary for us to comply with the laws.
  • Legitimate interest to Process Personal Data is the legal basis for the Processing of Personal Data for our specific reasonable interest of Data controller or third party, which is balanced against your interests and rights as a Data Subject.
  • Consent provided by you. In cases where we ask for your consent to Process Personal Data you will be separately informed of the specific purpose of Processing. You can withdraw consent given at any time.

To be able to provide the Services, as well as in other cases when it is necessary, FUNDSTR may share the Clients’ Personal Data with Recipients. FUNDSTR will not share more Personal Data than necessary for the particular purpose of Processing. Recipients may process the Personal Data as Data Processors and/or as Data Controllers. When the Recipient Processes Client’s Personal Data on its own behalf as a Data Controller, the Recipient is responsible for providing information to Data Subjects on such Processing of Personal Data. The Recipients acting as Data Controllers are, for example:

  • Public bodies and institutions and other persons exercising functions conferred on them by law, such as supervisory authorities, tax administrations, law enforcement authorities, courts and out- of-court dispute resolution bodies.
  • Financial and legal consultants, auditors or any other service providers of FUNDSTR, FUNDSTR’s authorized persons.
  • Persons maintaining registers (including the Population Register, the Register of Legal Entities, or any other registers where Personal Data is processed). The Recipients acting as Data Processors are, for example other persons involved in the provision of the Services, such as providers of information technologies, hosting, cloud computing, archiving, printing services, technical experts and valuators.

As a general rule, Clients’ Personal Data is Processed within the EU/EEA but in some cases transferred to and Processed in countries outside of the EU/EEA. The transfer and Processing of Personal Data outside of the EU/EEA can take place provided there is a legal basis for it and one of the following conditions is met:

  • The country outside the EU/EEA in which the Data Recipient is located ensures an adequate level of protection of personal data as decided by the European Commission.
  • The Data Controller or Data Processor implements appropriate data security measures, for example, the transfer of Personal Data is carried out in accordance with a contract containing standard terms and conditions approved by the European Commission or other standard terms and conditions approved in accordance with the established procedure, an approved code of conduct, or the Data Recipient is certified.
  • Derogations for specific situations apply, for example, in case of the Client’s explicit consent, performance of a contract with the Client, conclusion or performance of a contract concluded in the interest of the Client, establishment, exercise or defence of legal claims, important reasons of public interest. Personal Data will be retained for the period which depends on the particular purpose of Processing for which the data is collected, or which is stipulated in the Regulatory Legislation. Personal Data will be processed by FUNDSTR as long as the business relationship with the Client exists. For example, after the contractual relationship has expired, FUNDSTR will Process Personal Data in order to comply with Governing law in area of prevention of money laundering and terrorist financing antimoney laundering purposes, as well as for retention period established and applied when the Personal Data is processed for purposes based on FUNDSTR legitimate interest, for example, for the establishment, exercise or defence of legal claims for a period of general prescription according to the Regulatory Legislation. Examples of retention periods:
  • Client’s Personal Data during business relationship that is related to the provision of Services – this Personal Data remains at the disposal of FUNDSTR until the end of your business relationship us, unless another justified purpose exists that requires to retain Personal Data longer.
  • When Client’s Personal Data is necessary to protect the legitimate interests of FUNDSTR under the civil law in the event of a claim – a maximum of 10 years from the termination of contract of the Service.
  • When Client’s Personal Data is necessary to fulfil a legal obligation under the Governing Law related to the prevention of money laundering and terrorist financing – 8 years from the termination of business relationship.
  • When Client’s Personal Data is necessary to protect legitimate interests if FUNDSTR is under investigation or litigation – until the end of the investigation and litigation.
  • When Client’s Personal Data is Processed for marketing purposes – only for as long as the Client’s consent is valid.

4. Chapter. Why And How Fundstr Process Clients’ Personal Data

Identification and authentication

For this purpose, we will ask you to provide a valid identity document and if necessary, other documentation relevant for identification. We use the authentication tools when verifying your identity. We must ensure that your identification data is correct and up to date during the Service provision period.

During the authentication process, we verify a person’s identity in order to provide the Services at FUNDSTR remotely, for example, when you use online services. Authentication is usually carried out using authentication tools provided by us or other service providers. Purpose of Personal Data Processing: To identify Client and to ensure Service provision.
Legal ground: Legal obligation, performance of agreement. Recipients or categories of Recipients: Information Technology and Communications Department, State Enterprise Centre of Registers (Population Register).

Prevention of money laundering and terrorist financing, and enforcement of sanctions

We process Personal Data to fulfil a legal obligation imposed by the Governing Law on money laundering and terrorist financing, international sanctions. We collect Personal Data from you and external sources such as public registers, use of the Services, including execution of Know Your Client requirements and fulfilment of our obligation to monitor transactions. Your Personal Data is transferred to data Recipients, such as the authorities, when it is required according to the respective Governing Law.

Applicable legislation obligates us to perform due diligence activities, including knowing our clients and understanding the purpose and nature of the business relationship and occasional transactions. We must also assess the risks associated with money laundering and terrorist financing and enforce international sanctions. This helps safeguarding certain public interests, as well as ensuring that our Services are used for legitimate purposes and are protected against misuse. For these purposes, we are required to establish your identity, and we ask you to provide accurate and valid information about you and documentation to support the information you provide where necessary. We may use information obtained from public registers, such as the Population Register, the Register of Legal Entities as well as data provided by you. For this purpose, we may also review publicly available information about you. In order to comply with the requirements of Governing Law or based on our legitimate interest, we check lists of persons subject to sanctions (databases) to ensure that our Services are not provided to, or used by, persons subject to, or associated with, international sanctions for the purpose of violating or circumventing such sanctions. During your business relationship with us, we, regularly or based on a particular case, will ask you to update the Personal Data you’ve provided and will check if the data obtained from the external registers mentioned above is up to date. The Governing Law also obligates us to constantly monitor your activity and transactions to ensure that they are not considered suspicious and do not fall under sanctions. The due diligence activities and their regularity depend on our assessment of the Client’s risk of money laundering and terrorist financing.

In accordance with the requirements of the Governing Law, we are obliged to inform the competent authorities (the Financial Crime Investigation Service) of suspected cases of money laundering and terrorist financing and to ensure the confidentiality of such notification. We also process Personal Data of natural persons associated with Business Clients for the above purpose. We identify the identity of the representative of the legal entity (manager, authorised representative, proxy, other persons holding management positions of the legal entity, e.g. insolvency administrators) and collect their personal identity data, demographic data, contact data, data on their relationship with legal entities for this purpose. We also ask for the identification and demographic data of the legal entity’s participants, beneficiaries. If necessary, we ask the legal entity to provide additional documents and information about the beneficiaries, such as the source of funds and assets or details of links to legal persons. Where necessary, we also collect and regularly update Personal Data of the legal entity’s representatives, participants and beneficiaries from registers such as the Population Register, the Register of Legal Persons, using publicly available information, where necessary. In order to ensure compliance with international sanctions, we check lists and databases of sanctioned persons.

Purpose of Personal Data Processing: To perform activities (due diligence measures) for the prevention of money laundering and terrorist financing, To comply with requirements for sanction application.
Legal ground: Enforcement of a legal obligation, Legitimate interest in preventing money laundering and terrorist financing, Legal obligation, Legitimate interest to ensure enforcement of sanctions that do not fall within national and EU regulation. Recipients or categories of Recipients: State Enterprise Centre of Registers (Register of Population, Register of Legal Entities), Data processors intermediating in the provision and receipt of Personal Data, Providers of databases and registers related to application of sanctions, The Financial Crime Investigation Service when FUNDSTR applies restrictions to an asset in relation to the implementation of international sanctions.

Daily operations

We process your Personal Data to provide the daily operations, such as payment services requested by you, as well as to manage relationship with you, provide, control and administer access to the Services. The Processing involves the collection of Personal Data from you and from the use of the Service, transfer of Personal Data to the Recipients in order to perform a Service agreement, when it’s required under the Governing Law, and the receipt of Personal Data from third parties, such as other payment service providers. When you open an account with us, we Process your Personal Data for the purpose of serving you according to the agreement and to provide you with other Services related to account as requested by you.

In addition to processing Personal Data for the purpose of performance of the Contract, in accordance with the obligation imposed by the Governing Law, we transfer Personal Data relating to the opened account to the tax administering authority (the State Tax Inspectorate of the Republic of Lithuania). Purpose of Personal Data Processing: to conclude and perform an agreement for an account and related Services, to comply with the legal obligation to provide information to the tax administration, to execute payments.
Legal ground: Performance of agreement, legal obligation. Recipients or categories of Recipients: State Enterprise Centre of Registers (Population Register), Data processors intermediating in the provision and receipt of Personal Data, Financial institutions (third party payment service providers), Tax administering authority (State Tax Inspectorate of the Republic of Lithuania).

Risk management

We process personal Data to manage risks, ensuring that FUNDSTR operates safely and soundly and in compliance with the Governing Law. We process Personal Data in order to perform legal obligations established by the Governing Law in relation to risk management, fulfilment of capital requirements, preventing fraud and managing incidents. We disclose Personal Data to data Recipients, such as the authorities, when it required under the Governing Law or to protect the legitimate interest of FUNDSTR.

Sound risk management is part of the Governing Law which we must comply with, so that we are able to provide you with the Services, ensure secure operational framework and protect your money from fraudsters. We strive for low risk in our operations because it is the basis for building trust and delivering high value to you in the long-term. For complying with legal obligations in risk management area, we use your Personal Data for the following purposes:

  • Solving incidents which may have impact on our core processes affecting the Services provided, as well as Personal Data breaches which may affect your private life.
  • Discovering, investigating and reporting potentially suspicious transactions and market abuse.
  • Monitoring transactions to detect and prevent fraud and reviewing, diagnosing and responding to detected activity that has been identified as potential fraud incidents.
  • Monitoring compliance with laws, statutes, other regulations and relevant internal regulations.
  • Ensuring business continuity and crisis management.
  • Communicating with supervisory and other authorities, including regular mandatory and event-based reporting, obligation to alert the authorities of the Client’s behaviour that is suspicious from the market abuse perspective, cooperating with the authorities in carrying out various supervisory procedures or investigations.
  • Cooperating and providing information to external auditors.

Purpose of Personal Data Processing: to fulfil legal obligations established by the Governing Law such as those related to risk management, incident management and resolution, to prevent fraud, provide mandatory information to public authorities and ensure cooperation.
Legal ground: legal obligation, legitimate interest to ensure safe and reliable operation. Recipients or categories of Recipients: Public authorities and other persons exercising functions assigned to them by law.

Business management

We process Personal Data to manage, maintain, develop, analyse and improve our business, the Services and your user experience, as well as to protect our legal interests. We need to process Personal Data when we perform activities like document management and archiving, perform analysis and testing for improving our Services, ensuring security and compliance of IT solutions in order to comply with the Governing Law or protect our legitimate interest. Running our business requires us to carry out several administrative activities to ensure prudent operations. For example, we have a legal obligation to maintain accounting records.

Purpose of Personal Data Processing: To fulfil legal obligations such as in relation to accounting, tax administration, To ensure the proper provision of the Services, the protection of information in the provision of the Services, and to maintain, develop, evaluate and improve FUNDSTR’s operations, To establish, exercise or defend legal claims.
Legal ground: Legal obligation, legitimate interest to maintain, develop, examine and improve our business, the Services, the Client’s user experience, legitimate interest to respond to claims and defend the position in disputes. Recipients or categories of Recipients: Providers of telecommunications, IT, hosting, cloud computing services, archiving, postal services.

5. Chapter. Use Of Cookies

A cookie is a small text file that is stored on your computer when you visit our website. Cookies allow us to remember information about your browsing habits, actions and settings so that you can use all the features of the website. Cookies also allow us to collect general statistical information about you and provide personalized advertisements based on your browsing habits.

In order for you to better understand what cookies we collect, as well as the purpose, category and expiration date of each of these cookies, below is a description of the cookies and a table with the cookies we actually use.

By category, cookies are divided into the following groups:

  • Required cookies – the cookies that are necessary for the website to function properly.
  • Functional cookies – the cookies that are used to identify a reusing user of the website. They help to personalize the content on the website, save the selected settings.
  • Statistical cookies – the cookies that are used to compile a statistical analysis of the navigation methods of website visitors. The data collected by these cookies is used anonymously.
  • Advertising cookies – the cookies that are used to display offers or other information that may interest you.

According to the duration of storage, cookies are divided into the following groups:

  • Session – the temporary cookies that only exist as long as you are logged in to the website. Session cookies allow the website to remember the settings you selected when you visited the previous page, so you will not have to re-enter this information when you move to the next page.
  • Long lasting – the cookies that remain on your device after you visit our website. When you return to our website, these cookies will help us identify you as a unique visitor.

In addition, we suggest that you can always configure your browser to refuse some or all cookies or to ask for your permission before accepting them. Please note that by deleting cookies or disabling the use of cookies in the future, you may not be able to access certain parts or functions of our website. For information on how you can change your browser settings and stop accepting cookies, visit www.aboutcookies.org or www.allaboutcookies.org.

6. Chapter. Procedure For Providing Personal Data To Third Parties

The company may transfer your data for processing to third parties who assist in the execution and administration of the provision of services. In each case, the company shall provide the data controller only with the data necessary to execute a specific order or provide a specific service.

Your data may be provided to the competent authorities or law enforcement authorities, as well as to auditors, courts, bailiffs, upon request in accordance with the procedure established by law.

Also, if necessary and with a legitimate interest, the company may transfer your data to other third parties, including the transfer of data outside the European Union. In such cases of data transfer, the company undertakes to fulfill the obligations set out in Articles 44-49 of the GDPR.

7. Chapter. Rights Of Data Subjec

You have the right to:

  • Be aware (be informed) about the processing of your personal data;
  • Access to your personal data;
  • Demand the rectification of personal data;
  • Request the deletion of personal data ("right to be forgotten");
  • Restrict the processing of your personal data;
  • Object to the processing of your personal data;
  • The portability of personal data;
  • Object to a decision being taken against you based solely on automated data processing, including profiling.

The request to the company must be made in writing to the contacts listed in the "Contact Information" section of this Privacy Policy. The company undertakes to respond to this request within 1 month from the date of receipt of the request. This 1-month deadline may be extended for a further 2 months, depending on the complexity and number of applications.

In addition, we draw your attention to the fact that the GDPR sets out the criteria for the exercise of certain rights, the cases in which these rights are not exercised or the conditions that must be met by the processing in order for a certain right to be exercised.

If you do not agree with our answer, you have the right to complain to the competent state authority, the State Data Protection Inspectorate or a court.

8. Chapter. Contact Information

If you have any questions or complaints about the processing of personal data, you can contact our company’s data protection officer by e-mail [email protected]. Requests sent by e-mail should be signed electronically so that we can properly identify you.

Last updated: 10 August 2023
Company
About us
Contacts
Solutions
Benefits
Personal plans
Corporate plans
Resources
Privacy PolicyTerms and ConditionsCookies Policy
Security GuidelinesComplaintsFraud Prevention
Fundstr Mastercard Prepaid Card
Contact us
Email:
[email protected]
Phone:
+370 521 40514
Address:
Lvivo g. 105A, LT‐08104, Vilnius, Lithuania

© 2024 FUNDSTR UAB T/A FUNDSTR is an Authorised Electronic Money Institution established in the Republic of Lithuania with its registered office at LvIvo g. 105A, LT-08104, Vilnius and with company registration number 305201405. Licenced by the Bank of Lithuania LB002008, LEI 213800QE2G1H8MN7O182