Privacy policy

The editorial was last updated and approved in 2020. December 11

UAB “General financing” M. Valančius Art. 1-1, LT-03105 Vilnius Lithuania

  1. GENERAL PROVISIONS
  • Personal data processing rules (hereinafter – Rules ) are regulated by UAB “Bendras finansavimas”, legal entity code 303259527, address Valančiaus st. 1-1, Vilnius, Republic of Lithuania (hereinafter – the Data Controller or the Company ), and the actions of its employees in collecting, using and protecting personal data. The rules are intended for shareholders, persons who are interested in the Company, its services, potential and existing investors, recipients of consumer credit (loans), persons who visit the website www.gosavy.com (or hereinafter – the Website ), use the Company’s electronic services or otherwise .
  • When processing personal data, the Company complies with the 2016 April 27 Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter – GDPR ) .

1.3. These Rules are subject to change. Please visit the Company’s Website from time to time and read the latest version of the Rules published there.

  • The data subject is a natural person who intends to start or has started a business relationship (filling in a consumer credit/loan application, registering on the Company’s website in order to invest in loans, purchasing the Company’s shares, entering into a service contract with the Company or ) with the Data Controller, or the business relationship has ended, but the Data Subject’s data is processed by the Data Controller in accordance with the provisions of legal acts (hereinafter – the Data Subject or the Client ).
  • The rules must be followed by all persons working in the Company under employment contracts who process personal data in the Company or learn about them in the course of their duties, as well as other persons providing services on a contractual basis who may process personal data
  • The data controller ensures that it complies with the following fundamental principles of data protection:
    • Personal data of the data subject is collected for defined purposes (principle of purpose);
    • The personal data of the data subject is processed in a legal, fair and transparent manner (principle of legality, fairness and transparency);
    • The data subject’s personal data must be adequate, appropriate and only necessary to achieve the purposes for which they are processed (principle of reducing the amount of data);
  • Personal data must be accurate and updated when necessary; all reasonable measures must be taken to ensure that Personal Data that are not accurate, taking into account the purposes of their processing, are immediately deleted or corrected (principle of accuracy);
  • The personal data of the data subject shall be stored no longer than the purposes and legal acts of data processing require (principle of limitation of storage duration);
  • The personal data of the Data Subject must be processed in such a way that, by applying appropriate technical or organizational measures, adequate security of the Data Subject’s personal data is ensured, including protection against unauthorized or unlawful data processing and against accidental loss, destruction or damage (principle of integrity and confidentiality );
  • The data controller is responsible for ensuring that the above principles are followed and must be able to demonstrate that they are followed (principle of accountability).
  • These rules apply to the relationship between the Data Controller and Data Subjects who use, have used, have expressed the intention to use or are in some other way related to the services provided by the Company, including relations with Data Subjects that occurred before the entry into force of these Rules.

2. PURPOSE, SCOPE, BASIS AND TERM OF PERSONAL DATA PROCESSING

Data subject

Purpose of data processing

Managed data

Legal basis

Deadline

Recipients of consumer credit; business loans/crowdfunding

project owners (shareholders, manager, beneficiary); spouses of loan (consumer credit) recipients; investors;

Identification

Name, surname, personal code (in the case of a legal entity – company name, legal entity code, legal form, data of the manager, shareholders, beneficiaries), data of personal identification documents (photo, state, citizenship, document number, series, document type, validity date), residential address, gender, identification level (for investors), live video (live video) recording, personal photo, video

recording start and end time,

We are legally obliged (GDPR, Art. 6, d. 1, p. c)

 

The company, in cases where it collects biometric data, is additionally guided by Article 9 GDPR. 2 d. f p., that is, seeks to fulfill the legal requirements applied to the Company (Money laundering and terrorist financing

prevention law

Data is stored from the date of filling out the application and for 10 years after the date of full execution of the last contract between the Company, the borrower and the lender, or 6 years after the financial service was refused;

 

Investor data is stored from the day Paysera is connected to the Company’s Website and for 10 years after the last contract between

Company, borrower

 

 

 

the result of the match between the face and the personal document, the data of the certificate of qualified electronic signature, bank account number, IP address, signature, e-mail address, other data obtained during the identification of the customer

and Consumer Credit Act)

and days of full fulfillment by the lender; if the investor does not enter into contracts, the data is stored for 6 years from the date of registration;

 

If the Company refused to enter into a transaction with you for money laundering and terrorist financing

implementation of prevention measures, personal data is stored for 8 (eight) years from the moment of such refusal when the Company carries out money laundering and terrorist financing of the Republic of Lithuania

the requirements of the prevention law

Recipients of consumer credit; business loans/crowdfunding

project owners (shareholders, beneficiaries, manager); investors

Money laundering and

prevention of terrorist financing

Name, surname, personal identification number, place of residence, citizenship, e-mail address, tel. No. address, investment object, planned investment amount, average monthly income received, main source of funds, real owner of funds, personal document information, risk category to which the client is assigned and/or, risk category of the geographical region, live video transmission (live video broadcasts)

record (start and end time),

We are legally obliged (GDPR Article 6 d. 1. c.);

 

We have a legitimate interest (to prevent money laundering and terrorist financing) (Art. 6 d. 1 f p. GDPR)

The data of consumer credit (loan) recipients are stored from the date of filling out the application and for 10 years after the date of the last full execution of the contract between the Company, the borrower and the lender, or for 6 years after the financial service was refused;

 

Investor data is stored from the day of registration on the Company’s website

 

 

 

 

 

the result of the match between the personal identity document and the facial image, the data of the qualified electronic signature certificate, other data obtained during the identification of the client, documentation of invoices and/or contracts, business relations with the client

correspondence, documents and data confirming a monetary transaction or transaction or other legally valid documents and data related to the execution of monetary transactions or the conclusion of transactions, IP address (in the case of a legal entity, additionally – company name, legal entity code, date of registration, headquarters, state of residence for tax purposes, number of employees, duration of activity, name of manager (representative), shareholders, beneficiaries, personal identification number (or date of birth), citizenship, state of residence for tax purposes, number of shares,

business partner company names and codes and countries).

 

and 10 years after the date of full execution of the last agreement between the Company, the borrower and the lender; if the investor does not enter into contracts, the data is stored for 6 years from the date of registration;

 

If the Company refused to enter into a transaction with you for money laundering and terrorist financing

implementation of prevention measures, personal data is stored for 8 (eight) years from the moment of such refusal, while the Company fulfills the requirements of the Law on the Prevention of Money Laundering and Terrorist Financing of the Republic of Lithuania

Data on the client’s participation in political activities, inclusion in sanctions lists

We are legally obliged (GDPR Article 6 d. 1. c.);

 

We collect information in the public interest

(GDPR Art. 9 d. g p.) and we strive

 

 

 

 

 

 

to fulfill the legal requirements applicable to the Company (GDPR

Article 9 2 d. p.)

 

Recipients of consumer credit; business loans/crowdfunding

project owners (shareholders, beneficiaries, manager); spouses; guarantors

Creditworthiness / solvency assessment, debt management

Name and surname, personal identification number, address of the registered place of residence (in the case of a legal entity – company name, legal entity code, registered office address, name, surname of the manager or authorized person, personal identification number, shareholders’ name, surname, personal identification code, balance sheet data and others below specified information required for assessing creditworthiness), marital status, spouse’s name, surname, personal identification number, number of minor children and dependents, income, non-employment income, employer, workplace, duration of income, total length of service, start and end dates of employment, employment (activity) area, translation into individual or other economic activity, income from it, other received income, received, assigned one-time or periodic social benefits, bank account statement, certificates, certificates, type, amount, nature, sources of received income or other benefits, periods of receipt, social security insurer,

beginning and end of the social insurance period, income

We are legally obliged (GDPR Article 6 d. 1. c.);

 

We conclude and execute a financial services contract with you (GDPR Article 6 d. 1 b p.);

 

We have a legitimate one

interest in

creditworthiness assessment and debt management (GDPR Article 6 d. 1 f p.)

Data is stored from the date of filling out the application and for 10 years after the date of the last full contract between the Company, the borrower and the lender or 6 years after the financial service was refused

 

 

 

 

 

tax declaration data, available immovable and movable property, property rights and their restrictions; data on current and former financial obligations and their execution: number of contracts, counterparty, dates, types; financial obligations, credit limit, account overdraft, used credit, interest, total financial obligations, installments to be paid, method of payment; deadlines for fulfilling financial obligations; overdue payment amounts, terms, amount, number of overdue payments; types of applications, amounts, other information related to the above-mentioned information; credit rating, financial situation of the family (liabilities, income), record keeping or non-keeping records, main economic activity, direct payments and other support for agriculture and rural development, their type, size, registration information

In the information system “List of persons for whom requests to prevent them from concluding consumer credit contracts” have been submitted, data from the information system of bailiffs about executive cases entered in relation to the consumer credit (loan) beneficiary/spouse, etc.

data needed to evaluate

 

 

 

 

 

 

 

the customer’s creditworthiness.

 

 

Crowdfunding

project owners (shareholders, manager, beneficiary)

Assessing the credibility of crowdfunding project owners

Certificate of criminal record (non-criminal conviction), register of wanted persons, other significant information for reputation assessment, e.g. the person was the manager of a legal entity whose right to engage in the provision of financial services was revoked or because of a harsh law or other legal act regulating the provision of financial services or the activities of financial institutions , requirement

another enforcement measure was applied to the violation.

We are legally obliged (GDPR Article 6 d. 1. c.);

 

We aim to fulfill the legal requirements applicable to the Company (GDPR Article 9 d. 2 f p.)

Data is stored from the date of filling out the application and for 10 years after the date of the last full contract between the Company, the borrower and the lender or 6 years after the financial service was refused

Recipients of consumer credit; business loans/crowdfunding

project owners (shareholders, beneficiaries, manager); spouses; guarantors; investors

To comply with the requirements of laws and concluded contracts, among others, for internal administration purposes

In the case of the borrower, the name, surname, registered place of residence (in the case of a legal entity – company name, legal form, registered office address, company code, name, surname, personal code, e-mail, phone number of the manager or authorized person), telephone number are processed , e-mail, customer number, age, consumer credit agreement, consumer credit agreement number, date of conclusion of the consumer credit agreement, date of termination of consumer credit, date of transfer and withdrawal to the debt collection company, type of consumer credit, amount, repayment schedule of consumer credit, end of period , repayment of consumer credit earlier

due date, refundable deposit,

Conclusion and performance of the contract (GDPR Article 6 d. 1 b p.);

 

We have a legitimate one

interest (suitable

SAVY platform database administration and appropriate and high-quality provision of consumer credit (loan) service) (GDPR Article 6 d. 1 f p.)

Investor data is stored from the day of registration on the Company’s Website and for 10 years after the date of full execution of the last contract between the Company, the borrower and the lender; if the investor does not enter into contracts, the data is stored for 6 years from the date of registration; borrowers’ data is stored from the date of filling out the application and for 10 years after the date of full execution of the last contract between the Company, the borrower and the lender, or 6 years after the financial service was refused

 

 

 

 

 

amount of consumer credit, information provided in the consumer credit agreement, signature, account number, personal document number, name of the bank where the account was opened, date and time of filling out the application, loan status, Paysera wallet number, active / inactive status, last login date, time, automatic messages related to the reason for the rejection of the customer’s consumer credit application, clarification of the submitted application data, payment reminders, transfer to the debt collection company, the court and invoices for payment, other messages that we are obliged to provide by law, the texts, topics, sending times and dates of these messages. In the case of investors, the name, surname, personal identification number, investor identification number, Paysera wallet number, active/inactive status, date and time of registration, date and time of last login, history of orders made within SAVY, automatic notifications related to loans are collected to which the client has invested in and internal legal acts

updates, texts, topics,

 

 

 

 

 

 

 

dispatch times and dates

 

 

Recipients of consumer credit; business loans/crowdfunding

project owners (shareholders, beneficiaries, manager); investors; potential recipients of consumer credit;

potential business loans/crowdfunding

project owners (shareholders, beneficiaries, manager); potential investors; guarantors;

potential guarantors

Service provision and quality assurance

Name, surname, telephone number, date of the conversation, start and end time, content of the conversation.

 

IMPORTANT: We will record only those conversations that take place when you contact the Company on the phone number +370 (5) 272 0151 , as well as in the case when we call you on the number assigned to the Company during the Company’s working hours

We have a legitimate one

interest (ensure the quality of customer service, collect

evidence for a dispute, should it arise) (GDPR Art. 6 d. 1 f p.)

Data is stored for 999 days from the date of recording of the telephone conversation.

 

IMPORTANT: When there is reason to believe that a crime or other illegal actions are recorded in the conversation recording material, the necessary conversation recording data is transferred to secure media and stored for as long as there is an objective need, even after the expiration of the conversation recording storage period specified in this point

Recipients of consumer credit; business loans/crowdfunding

project owners (shareholders, beneficiaries, manager); investors;

potential recipients of consumer credit;

potential business loans / crowdfunding

Inquiries sent by the Company’s mail, including but not limited to complaints, requests for administrative purposes or to solve any problems that require your data when you contact the Company

Name, surname, e-mail, date of submission, time, date of response, time, other data of the potential client/client voluntarily provided in the application, request, request, complaint, content of received and sent messages, correspondence history

Contract performance or intended action data

at the request of the entity before the conclusion of the contract (GDPR, Article 6, d. 1, p. b);

 

We have a legitimate one

interest (properly

provide financial services, prevent

the way of liars

Data is stored for 6 years from the date of application. If a consumer credit (loan) agreement is concluded, in this case the data is stored for 10 years after the date of expiry of the loan agreement

 

 

 

financing

project owners (shareholders, beneficiaries, manager); potential investors, guarantors;

potential guarantors

 

 

for data submission, fraud and to ensure the submission of such evidence to relevant institutions (FNTT, Bank of Lithuania, etc.) (GDPR, Article 6, d.

p.)

 

Recipients of consumer credit; business loans/crowdfunding

project owners (shareholders, beneficiaries, manager); investors;

potential recipients of consumer credit;

potential business loans/crowdfunding

project owners (shareholders, beneficiaries, manager); potential investors; guarantors;

potential guarantors and others

website visitors

Smooth internet

ensuring the site’s operation, security and access to services

IP address, browser and device information (operating system version, screen size),

email email address and password

Consent (GDPR Art. 6 d. 1 d. a.);

 

Contract conclusion and execution (GDPR Article 6 d.1.b p.);

 

We have a legitimate one

interest in ensuring the security of the Company’s website (GDPR Article 6 d. 1 f p.)

No longer than 6 years after visiting the Company’s website

Recipients of consumer credit; business loans/collective

financing

The rights and interests of the company, if necessary in legal proceedings or

debt collection, defense

Information about the recipient of the consumer credit (loan), which is specified above, including consumption

documents sent to the credit recipient and

We have a legitimate one

interest (to manage indebtedness,

to claim damages, to defend

Data is stored from the day of filling out the application and for 10 years after it is complete

of the last contract between

 

 

 

project owners (shareholders, beneficiaries, manager); spouses; guarantors

 

their appendices, documents submitted by the recipient of consumer credit and their appendices, procedural documents, court rulings, rulings, judgments, orders of bailiffs and all other documents related to the aforementioned

processes

rights in legal proceedings) (GDPR Art. 6 d. 1 f p.)

The date of fulfillment of the company, the borrower and the lender or 6 years after the financial service was refused

Information about criminal offenses and convictions

The data is necessary in order for us to assert, enforce or defend legal claims in cases of fraud (GDPR Art. 9 d. 2 d. f

pp.)

Recipients of consumer credit; business loans/crowdfunding

project owners (shareholders, beneficiaries, manager); investors;

potential recipients of consumer credit;

potential business loans/crowdfunding

project owners (shareholders, beneficiaries, manager); potential investors

Direct marketing

Name, surname, e-mail address, telephone number, address

 

If you have agreed to receive direct marketing messages by e-mail, in order to understand whether the information we send is relevant to you, we collect statistical information about the sent newsletters (whether you read the newsletter, when and how many times you read or opened it, whether you forwarded it to others, what operating system and email server (its location) you used)

 

IMPORTANT: The company uses profiling – customizing – in order to provide the customer with personal offers

specific algorithms

Consent (GDPR Article 6 d. 1 p. a; Electronic communications 69

Art. 1 day)

 

You have purchased services from the Company

(Article 69(2) of the Law on Electronic Communications)

 

We have a legitimate interest in collecting and using information about you (direct marketing and customer satisfaction survey) (GDPR Art. 6 d. 1 f p.)

Borrowers’ data are stored from the date of consent and for 6 years after the date of full execution of the loan agreement between the Company, the borrower and the lender, except in cases where the Data Subject wishes to extend this term. If no loan agreement is concluded, then the data is stored for 6 years from the date of receipt of consent, except in cases where the Data Subject wishes to extend this term;

 

In the case of investors, data is stored for 6 years

from the receipt of consent

 

 

 

 

 

analyzes the personal data provided by you. The actions performed by the credit provider do not have any legal or similar significant effect on the Customer

 

days, except in cases where the Data Subject wishes to extend this term;

 

After withdrawing the consent, the Company will store the data about the fact of giving the consent

10 years from the end of the data processing term specified in the consent or the withdrawal of the consent in order to assert, enforce or defend the legal rights of the Company

requirements

Investors

conclusion of transactions,

for the purpose of performing the intermediary function and providing financial services

Name, surname, personal identification number, date of birth, nationality, address, e-mail post office, bank account no., organization that issued the card and card no. (if the account is linked to a card), phone number, e-mail, gender, address, IP address, identification level, unique Paysera account number, which must be connected to the SAVY investor account in order to start investing; connected

account balance; investment data

For the purpose of the execution of the contract between the investor, the borrower and the Company (or at the request of the investor, taking steps to conclude such a contract) (GDPR Article 6 d. 1. b)

In the case of investors, data is stored from the time the Paysera wallet is connected and for 10 years after the last day of full execution of the contract

Recipients of consumer credit; business loans/crowdfunding

project owners (shareholders, beneficiaries

recipients, manager);

Communication with the Company through Olark

IP address, location, which sections of the SAVY page you visited, if you specified – name and e-mail, rating of the conversation, other information voluntarily provided in the request

Consent (GDPR Art. 6 d. 1 p. a)

(Olark)

Data is stored for 30 days from the date of the request

 

 

 

investors; potential recipients of consumer credit;

potential business loans/crowdfunding

project owners (shareholders, beneficiaries, manager); potential investors; guarantors;

potential

guarantors and other requestors

 

 

 

 

Investors seeking to create an account on the Company’s website

Investor registration

When registering through a Facebook account, the following data is collected:

· Name

· Surname

· Email address

· Facebook ID

· IP address

If you do not wish to register via

Facebook account, on the Company’s website you will be asked to enter the following information:

· Email address

· Telephone number

Consent (GDPR Art. 6 d. 1 p. a)

In the case of investors, data is stored for 6 years from the date of registration, if the investor does not connect the Paysera wallet;

 

If the investor connects the Paysera wallet, the data is stored for 10 years after the date of full execution of the last contract between the Company, the borrower and the lender;

 

After withdrawing the consent, the Company will store the data about the fact of giving the consent

10 years from the end of the data processing term specified in the consent

 

 

 

 

 

 

 

or withdrawal of consent in order to assert, enforce or defend legal rights of the Company

requirements

Recipients of consumer credit; business loans/crowdfunding

project owners (shareholders, beneficiaries, manager)

Company services

for the purpose of quality publicity on the website

Name, surname, loan ID, purpose of the loan, age, place of residence, e-mail and feedback about the Company

Consent (GDPR Art. 6 d. 1 p. a)

Data is stored for 6 years from the date of receipt of consent.

 

If you withdraw your consent, the Company will store data about the fact of giving consent

10 (ten) years from the end of the data processing term specified in the consent or the withdrawal of the consent in order to declare, execute or

defend the legal claims of the Company

Shareholders of the company

Legal obligations applicable to the company, related to the registration and processing of data of the Company’s shareholders, accounting of shares, fulfillment of tax and other obligations applicable to them

Name, surname, personal identification number, date of birth, address, telephone number, e-mail address

We are legally bound by: Law on Joint-Stock Companies (GDPR, Art. 6, d. c. p.)

Data is processed for no longer than the purposes of data processing or the applicable legal acts require, if a longer data retention period is established in them

deadline. Data

to determine the storage period, the Company applies criteria that meet the obligations specified in the legislation, also taking into account the rights provided by the individual, for example, it provides such a data storage period during which it can be submitted with

related to the execution of the contract

 

 

 

 

 

 

 

requirements, if such arise and the like

Consenting shareholders, employees or service providers of the Company

Publicizing the company’s activities

Name, position, description of work experience, photo

Consent (GDPR Art. 6 d. 1 p. a)

Data is stored from the date of consent until the end of business relations with the Company or the date of withdrawal of consent. Upon termination of business relations with the Company or withdrawal of consent, the Company undertakes to delete personal data within 30 days at the latest;

 

If you withdraw your consent, the Company will store data about the fact of giving consent

10 (ten) years from the end of the data processing term specified in the consent or the withdrawal of the consent in order to declare, execute or

defend the legal claims of the Company

 

 

 

Companies

Representatives of partners/suppliers, employees

For the purpose of providing services

Name surname; personal identification number, address, represented person (relationship with the represented person), position, workplace,

phone number, e-mail post office

We have a legitimate one

interest (goal

fulfill the contract) (GDPR Art. 6 d. 1 f

pp.)

During the term of the contract and

10 years after the end of the transaction

 

The Company may process the personal data of the Data Subjects for other purposes as well, in accordance with the requirements and procedures of the GDPR, the Law on the Legal Protection of Personal Data of the Republic of Lithuania.

 

3. PROVIDING AND RECEIVING PERSONAL DATA

 

  • The data controller may provide processed personal data to the following third parties for defined and legitimate purposes:
    • To personal data processors chosen by the Company with the purpose of performing legal personal data processing actions on behalf of the Company and/or at its direction;
    • for investors, since the consumer credit (loan) contract is concluded between the Company’s investors, the recipient of the consumer credit (loan) and the Company;
    • in fulfillment of a legal obligation, data on investors (natural persons) who have invested EUR 600 or more in the loan are disclosed to legal entities (owners of crowdfunding projects);
    • If the data subject violates the terms of the contract concluded with the Company, third parties, with the help of which the violated rights and legitimate interests of the Company will be protected and defended;
    • to third parties whose activities are related to debt collection, administration or use, with the aim of administering the Data Subject’s debt and/or collecting the Data Subject’s indebtedness to the Company;
    • to other persons (lawyers, consultants, auditors, companies that develop IT systems, ensure or supervise their operation, or persons and ) whom the Company uses for the provision of services necessary for the Company and/or the Data Subject;
    • to state institutions and institutions, other persons performing the functions assigned to them by law (for example, supervisory institutions, law enforcement institutions, bailiffs, notaries, institutions performing financial crime investigation activities or );
    • to persons who have provided means of ensuring the fulfillment of obligations (guarantors, guarantors, pledgers, promissory note issuers);
    • to companies or individuals providing direct marketing services;
    • For information systems INFOBANKAS and KREDIŲ BIURAS administered by UAB “Creditinfo Lietuva” ( spouse’s data is also transmitted, if necessary ) ;
    • Scorify UAB;
    • SEB bank, AB; Paysera LT, UAB;

 

 

 

  • to the Bank of Lithuania and other supervisory institutions;
  • For the loan risk database, which is administered by the Bank of Lithuania;
  • To the Board of the State Social Insurance Fund under the Ministry of Social Security and Labour;
  • To the State Tax Inspectorate;
  • VĮ Register Center;
  • Pre-judicial debt collection companies;
  • UAB “DPD Lietuva”;
  • Lietuvos Paštas AB;
  • Facebook Ireland Ltd;
  • Ondato UAB (identification);
  • Baltneta UAB;
  • UAB “IPF Digital Lietuva”;
  • Upon the consent of the data subject, the Company may transfer personal data to its partners, who may contact the data subject and submit an alternative loan or consumer credit offer;
  • If necessary, in the event of the Company’s restructuring or the Company’s insolvency (bankruptcy), the data may be transferred to other entities that administer the Company’s loan portfolio (including other credit companies in the case of portfolio transfer (sale));
  • If necessary – for companies that intend to buy or would buy the Company’s business;
  • If necessary – to persons to whom the rights, obligations, debts could be or would be transferred by the Data Subjects;
  • to other third parties who have a legal basis to receive
  • The personal data of the data subject may be provided to third parties in the following ways: in writing, by means of electronic communications, by connecting to databases or information systems that store separate data, or in another way agreed upon by the personal data controllers.
  • Personal data is obtained directly from the Client, when he applies to the Company, fills out applications, requests or submits other documents. Personal data of the Data Subject can also be obtained from the Bank of Lithuania; commercial banks; Paysera LT; Boards of the State Social Insurance Fund; State Enterprise Register Center (Register of Residents, Register of Property Seizure Acts, Mortgage Register, Real Estate Register, Register of Legal Entities, Information System of Participants of Legal Entities, Information System of Bailiffs, etc.); managers of other state and departmental registers: register of wanted persons, register of invalid documents; Scorify UAB, UAB

INFOBANK and CREDIT BUREAU of the information systems administered by “Creditinfo Lietuva”, if such data are necessary for making a decision on granting a credit rating, granting credit and debt management, entities providing personal identification services, social networks whose accounts you link to the Company’s system, etc.

  • In addition, we inform you that if the Client is late in fulfilling his obligations to the Company for more than 40 days, the Company may provide information about the Client’s identity, contact details and credit history, i.e. financial and property obligations and their execution, debts and their

 

 

 

payment, to Credit Bureau UAB “Creditinfo Lietuva” (company code: 111689163, address: A. Goštauto st. 40A, LT 01112 Vilnius, Lithuania, www.manocreditinfo.lt, phone: (8 5) 2394131). The credit bureau processes and provides your information to third parties (financial institutions, telecommunications companies, insurance, electricity and utility service providers, trade companies, etc.) for the pursuit of legitimate interests and purposes – to assess creditworthiness and manage indebtedness. When assessing creditworthiness, an automatic assessment of a person’s characteristics is carried out ( profiling ), which may influence the Client’s ability to conclude transactions in the future. Automatic evaluation helps in responsible lending, during which the information provided by the person, credit history, public information, etc. are evaluated. Automated assessment methods are regularly reviewed to ensure their fairness, efficiency and impartiality. Credit history data is processed for 10 years after the fulfillment of obligations. You can check your credit history by contacting the Credit Bureau directly or by using the Finpass mobile app. You also have the right to request rectification or erasure or restriction of data processing, and the right to object to data processing, to demand human intervention in automated decision-making, to express your point of view and challenge the decision, as well as the right to data portability. You can learn more about the implementation and limitations of these rights, the automatic assessment of properties (profiling), at www.manocreditinfo.lt. If your rights are violated, you can contact the data protection officer by e-mail. by e-mail duomenu.apsauga@creditinfo.lt or by the above-mentioned telephone or file a complaint with the State Data Protection Inspectorate or the court.

 

4. PROFILING AND AUTOMATED DECISION MAKING

 

  • When combining and grouping received personal data, profiling may be carried out, i.e. any form of automated processing of personal data, which manifests itself in the use of personal data, for the purpose of evaluating specific personal aspects related to the Customer, especially analyzing or predicting aspects related to creditworthiness (including the fact that in relation to you a person’s credit rating can be formed and given, which may depend on the proposed consumer credit/loan conditions); we can carry out profiling in order to fulfill the requirements set for the Company in legal acts (e.g. risk assessment in fulfilling the requirements of the legal acts regulating the prevention of money laundering and terrorist financing of the Republic of Lithuania); for direct marketing purposes based on the consent of the data subjects or for other purposes related to the Company’s legitimate interests, the performance of obligations provided for in legal acts and the performance of the contract concluded with the Customer.
  • In the event that the relevant decision is made only by automated means, the Customer has the right to demand that the decision be reviewed with human intervention, as well as the right to state his point of view, to receive an explanation of the decision made after this evaluation, and the right to dispute that decision.

 

5. DIRECT MARKETING

 

 

 

  • By using the services provided by the Company, the Data Subject may voluntarily consent to the use of the personal data provided by the Data Subject for the Company’s marketing purposes by expressing their consent in the relevant section of the consumer credit/loan application or, in the case of investors, by registering on the SAVY platform by ticking the box.
  • The data subject can exercise his right to refuse to have his data processed for the purpose of direct marketing, including profiling, by notifying the Company in the following ways:

– by phone +370 (5) 272 0151;

  • by mail labas@savy.lt / dap@savy.lt;
  • by clicking “Unsubscribed” at the bottom of the newsletter;
  • by logging into your SAVY account and selecting “ACCOUNT” and “UPDATE INFORMATION”.
  • The Company uses the Data Subject’s data for marketing purposes permitted by law. For example, based on the information provided by the Data Subject, when the Data Subject visits the www.gosavy.com website, while browsing third-party websites and social networks, it can display offers specially tailored to the Data Subject.
  • The e-mail of the data subject, as well as anonymized information about you, may be provided to third parties who provide marketing services in online search programs, social networks, etc. Such third parties have their own privacy policies and the Data Subject may at any time directly object to the processing of their data in accordance with their privacy policies.

 

6. USE OF COOKIES

 

  • Cookies are used when you visit and browse our Company Website. Cookies are small text files (up to several KB) that your browser places on your computer, tablet or other smart device when you visit the Company’s website. With cookies, the Company aims to ensure efficient and safe operation of the website and to analyze your habits so that the operation of the website is convenient, efficient and meets your needs and expectations.
  • More information about the cookies used on the Company’s website can be found in the Cookie Policy .

 

7. RIGHTS OF THE DATA SUBJECT

 

  • The rights guaranteed to the data subject by legal acts related to the processing of his personal data include the right to:
    • get familiar with your personal data processed by the Company and receive information from which sources and which personal data your personal data was collected for, for what purpose it is processed and to whom it is provided;
    • to demand correction, destruction of your personal data or restriction, except for storage, of the processing of your personal data, when the data is processed in violation of GDPR or other legal provisions;

 

 

 

  • do not agree to your personal data being processed for direct marketing purposes or other purposes for which your consent is requested, without stating the reasons for the disagreement;
  • object to only automated data processing, including profiling;
  • exercise your right to data portability;
  • exercise the right to be “forgotten”;
  • complain about the actions of the Company as a data controller to the State Data Protection Inspectorate of the Republic of Lithuania (hereinafter –

Inspection ) (website address www.ada.lt, registered office address L. Sapiegos st. 17, Vilnius, phone number (8-5) 279 1445 ).

  • The data subject has the right to apply to the Company with a complaint/request regarding the Company’s actions as a data controller. The Data Subject can submit a complaint/request to the Company by e-mail. by mail dap@savy.lt. Disagreeing with the answer provided by the Company, the Data Subject may apply to the Inspection. You can complain about the data controller’s actions (inaction) to the Inspectorate within 3 months from the day of receiving the response from the data controller or within 3 months from the day when the 30 calendar day deadline for submitting a response expires.
  • The Company revises, corrects and updates the personal data of the person whose data is being processed, the Company’s employees can correct the data of the data subject in the event that the data provided by the data subject itself contains grammatical errors.
  • The Data Controller has the right to reasonedly refuse to allow the Data Subject to exercise his rights or to charge a reasonable fee in accordance with GDPR 12 5 d. for the intended circumstances.

 

  1. CUSTOMER PERSONAL DATA PROCESSING TERRITORY

 

8.1. The customer’s personal data is processed in the territory of the European Union / European Economic Area (EU/EEA), but in certain cases it may be transferred and processed outside the EU/EEA. If the Company transfers the Customer’s personal data to such persons, it will take all the measures provided for in legal acts in order to ensure the security of the Customer’s data.

 

9. SECURITY OF PERSONAL DATA

 

  • The organizational and technical data security measures implemented by the Data Controller ensure a level of security that corresponds to the nature of the Data managed by the Data Controller and the risks posed by their processing, including, but not limited to, the measures specified in this section.
  • The company carries out technical and software protection (administration of information systems and databases, maintenance of workplaces, protection of operating systems, monitoring of user access (monitoring), protection against computer viruses and ).
  • The company applies administrative security measures (secure handling of documents and computer data, personnel training, etc.).

 

 

 

  • Employees have the right to collect, process, transfer, store, destroy or otherwise use personal data only when performing their direct work functions and only as prescribed by legal acts
  • Employees of the data controller must observe the principle of confidentiality and keep secret any information related to personal data that they have become familiar with in the course of their duties, unless such information is made public in accordance with applicable laws or other legal acts
  • The following records of connections to the database of persons granted the right to process personal data are recorded.
  • Personal data on laptops, if they are not used in the Data Controller’s internal data transmission network, are protected by appropriate measures that correspond to the risks posed by Data processing.
  • Employees are granted access to personal data only to the extent necessary for the proper performance of duties and the implementation of work functions.
  • Employees who automatically process personal data or whose computers can access areas of the local network where personal data are stored must use passwords. Passwords must be changed periodically (at least every 3 (three) months), as well as when certain circumstances arise (for example, when an employee changes, when there is a threat of hacking, when there is a suspicion that the password has become known to third parties, etc.). An employee working on a particular computer can only know his password. The employee loses the right to process personal data when the employee’s employment or similar contract with the Company ends, or when the Company’s manager cancels the appointment of the employee to process personal data.
  • Backup copies of personal data are made, stored in a place other than the active (working) database, and lost data is restored from the backup copies. In more detail, this procedure is determined by Business Continuity
  • Employees who have noticed violations of personal data security, signs of a criminal act, non-functioning personal data security measures must immediately inform the head of the Company.
  • After assessing the risk factors of a Data Protection breach, the degree of impact, damage and consequences of the breach, in accordance with the relevant internal procedures, the Data Controller makes decisions on the measures necessary to eliminate the Data Protection breach and its consequences and the necessary entities
  • The security of the premises where Personal Data is stored is ensured (only authorized persons are allowed access to the relevant premises, alarms are installed in the premises, etc.).

 

10. LIABILITY

 

  • The Data Subject must provide the Company with complete and correct personal data of the Data Subject and inform about relevant changes in the Data Subject’s personal data. The Company will not be liable for damage caused to the Data Subject and/or third parties due to the Data Subject providing incorrect and/or incomplete personal data or not informing them of changes in a proper and timely manner.

 

 

 

  • The data subject guarantees that all data provided by him using the Company’s services are correct
  • The Data Subject who provided false information shall be liable for damages caused to the Company and/or other users, as well as investors, as a result of such information, including, but not limited to, cases where other users enter into a contract with the Data Subject who provided such false information, based on the assumption that such information is
  • The company cannot fully guarantee that the functioning of the gosavy.com website will be uninterrupted and without any interruptions and errors, that the www.gosavy.com website will be completely protected from viruses or other harmful components. The Data Subject is informed that any material that the Data Subject reads, downloads or otherwise receives using the Company’s website is obtained exclusively at the discretion and risk of the Data Subject, and only the Data Subject is responsible for any damage caused to the Data Subject and the Data Subject’s computer system.
  • If the Data Subject is a registered user of the gosavy.com website, the Data Subject assumes all risk and responsibility for the actions of third parties on the www.gosavy.com website, performed using the Data Subject’s login data, and undertakes to fulfill all obligations assumed using the Data Subject’s login data , except for cases where the Company has not properly fulfilled its obligations.

 

11. FINAL PROVISIONS

 

  • Data subjects can familiarize themselves with these Rules at gosavy.com .
  • These Rules may be revised at least once every six months at the initiative of the Data Controller and/or in the event of changes to legal acts regulating the processing of personal data.
  • The data controller has the right to partially or completely change
  • Additions or changes to the rules take effect from the day of their publication on the Company’s website gosavy.com .
  • If the Data Subject continues to use the website gosavy.com and/or the services provided by the Data Controller after additions or changes to the Rules, it is considered that the Data Subject does not object to such additions and/or changes.
  • All disagreements arising from the implementation of these Rules shall be resolved through negotiations. In case of failure to reach an agreement, disputes are resolved in accordance with the procedure established by the legal acts of the Republic of Lithuania.

 

These Rules and/or issues related to data protection in general can be contacted by contacting the following contacts: E-mail by mail: labas@savy.lt or dap@savy.lt

Tel. No. +370 (5) 272 0151