This Policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand the types of information we collect from you, how we use that information and the circumstances under which we might share it with third parties. By visiting and using our website you are accepting and consenting to the practices described in this Policy.
For the purpose of the relevant data protection legislation, the data controller is ArcaPay UAB, company number 305689591, registered office address at Konstitucijos pr. 21B, Vilnius, LT-01830 Lithuania. ArcaPay UAB fully complies with the General Data Protection Regulation (“GDPR”). If you require further information on your rights under the GDPR, please visit the Data Protection Instectorate's website at www.ada.lt.
INFORMATION AND DATA WE COLLECT
We may collect and use the following data about you, depending on whether you are:
Information you give us. You may give us information about you by filling in forms when registering or using our Services or via correspondence, e.g. email or telephone. The information you give us may include your name and surname, postal and email address, phone number, date of birth or personal code, data from the ID document you provided for your identification (citizenship, document number, data and place of issuance, place of birth, your picture, etc.), financial information (e.g. bank account information), your relation to any of the companies (being a shareholder, executive, representative, etc., company name, your job title), payment reason, geographical location. We may also need additional commercial and/or identification information from you, e.g. if you send high-value transactions or as needed to comply with our anti-money laundering obligations under applicable law.
Information we collect about you. This includes details of the transactions you carry out when using our Services, geographic location from which the transaction originates and the Internet protocol (“IP”) address used to connect your computer to the Internet, Uniform Resource Locators (“URL”) clickstream to, through and from our Website, and technical information such as your browser type and version, time zone setting, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs), browser plug-in types and versions, operating system and platform, as well as user names and passwords.
We may also collect information about you from other sources, including but not limited to: official registers (e.g. corporate registries), social media, credit reference agencies, sanction and PEP screening and fraud prevention agencies and business directories or other publicly available sources.
USES MADE OF THE INFORMATION
We may use the information collected for the following purposes:
Personal data is processed both manually and electronically in accordance with the above-mentioned purposes and in compliance with current regulations. We only permit authorised ArcaPay employees and third-party processors to have access to your information. Such employees and third-party processors are appropriately designated and trained to process data in line with our policies and procedures.
SHARING YOUR INFORMATION WITH OTHERS
We may share your personal information with our ArcaPay group companies where it is in our legitimate interests to do so for internal administrative purposes (for example, ensuring consistent and coherent delivery of our services to our customers, corporate strategy, compliance, auditing, monitoring, quality assurance, improvement of our services, statistical purposes etc).
We may also share your personal information with our service providers and subcontractors, including but not limited to payment processors, banking and financial institutions for the fulfillment of financial transactions, as well as the Central Bank of Lithuania and any other legal, regulatory or governmental institution that we are required to disclose information to.
CROSS-BORDER TRANSFERS OF PERSONAL DATA
ArcaPay group of companies operate in multiple jurisdictions. Personal information may be transferred, accessed and stored globally as necessary for the uses stated above and in compliance with local regulations.
Occasionally, personal data may be transferred to or processed in locations outside of the European Union (“EU”), some of which may have not been determined by the European Commission to have adequate level of data protection. In such cases, we take measures designed to provide the level of data protection required in the EU, including ensuring that data transfers are governed by the requirements of the Standard Contractual Clauses adopted by the European Commission, or another adequate transfer mechanism.
If we receive a request to disclose personal data from a law enforcement agency or regulatory body, we carefully validate such requests, including reviewing the legality of any order and challenging the order if there are grounds under the law to do so, before any personal data is disclosed.
PROTECTING YOUR INFORMATION
We adopt appropriate data collection, processing, storage, and data security measures to protect against unauthorised access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our Site. Our data processing technologies are professionally hosted by a company that specialises in hosting solutions. When you provide sensitive information to us, we encrypt the transmission of that information using secure socket layer technology (SSL). We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Website; any transmission is at your own risk. Once we have received your information, we use strict procedures and security features to prevent unauthorised access.
All data is stored encrypted in the database format and the minimum is kept as required by applicable laws and regulations, as well being securely destroyed when data is no longer necessary for the purposes of the data processing.
EXECUTING YOUR RIGHTS TO DATA
Your rights in relation to your personal information processing are as follows:
To execute your GDPR rights please contact us via email [email protected] from the email address you are registered with on arcapay.com. We’ll acknowledge the receipt of your request shortly and respond to your request within 30 calendar days, unless we tell you we are entitled to a longer period allowed by applicable law.
However, please note that certain personal information may be exempt from such requests in certain circumstances, for example if we need to keep using the information to comply with legal requirements and our own legal obligations or to establish, exercise or defend legal claims.
As a regulated business ArcaPay has an obligation to retain customers’ personal data as well as additional documents for preventing, detecting and investigating possible cases of money laundering and terrorist financing. To comply with regulatory requirements, a copy of the documents and customer’s personal information will be stored in our system for a period of eight years after the end of the business relationship with the customer or after the date of an occasional transaction. Please be aware that anti-money laundering and counter-terrorism financing regulatory requirements overrule the GDPR requirements.
If a customer’s request is manifestly unfounded or excessive, we reserve the right to refuse to act on the request or impose an administrative fee. If you think your rights are not fulfilled properly, you can always contact our Data Protection Officer (DPO) at [email protected].
MARKETING COMMUNICATION PREFERENCES
We communicate with our clients about new products or services, special offers, newsletters, and other marketing announcements. You can always change your preference in your profile settings and configure specific channels you wish to receive marketing communication through.
Transactional information, e.g. information about received money, document requests and/or other information related to our core services, and updates to our policies or T&Cs applicable to you is not part of marketing communication and thus cannot be disabled.
FURTHER QUESTIONS AND HOW TO FILE A COMPLAINT
If you have any queries or complaints about our collection, use or storage of your personal information, or if you wish to exercise any of your rights in relation to your personal information, please contact us by email [email protected]. We will investigate and attempt to resolve your complaint regarding your data processing.
You may also make a complaint to the Lithuanian State Data Protection Inspectorate, L.Sapiegos g. 17, Vilnius, email [email protected].