Revision of October, 2020

PRIVACY POLICY

OF POKLET, UAB

  1. GENERAL PROVISIONS

  1. Poklet, UAB, company number: 305534915, registered office address: Švitrigailos st. 11K-109, Vilnius (hereinafter referred to as the ‘Company’ or ‘Controller’, or ‘We’) respects the privacy of all natural persons (including its customers, other interested parties, visitors to the Company’s Website or App, adults and children) (hereinafter referred to as the ‘Users’ or ‘You’) and undertakes to ensure the security of Your and Your children’s/persons’ under guardianship personal data by using the Company’s mobile application Poklet (hereinafter referred to as the ‘App’), visiting the Company’s website www.poklet.lt (hereinafter referred to as the ‘Website’) and/or using all services provided by the Company, including but not limited to promoting children’s financial literacy (hereinafter referred to as the ‘Services’), and/or contacting the Company.
  2. Electronic money institution – Walletto, UAB, company number: 304686884, registered office address: A. Goštauto st. 8-107, Vilnius, Lithuania, license of an electronic money institution No 33, issued on 29/03/2018 (hereinafter referred to as the ‘Card Provider’), is a company that issue you a payment card related to our Services, so it is also the Controller of Your (and Your children’s/persons’ under guardianship) data to the extent necessary for the issuance and administration of the payment card. You can read the privacy policy of the Card Provider here: www.walletto.eu.
  3. This privacy policy (hereinafter referred to as the ‘Privacy Policy’) provides all Users with general information on the basic principles of the collection, processing and storage of personal data and the procedure followed by the Company.
  4. The processing of the User’s personal data is established by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the ‘GDPR’), the Law on Legal Protection of Personal Data of the Republic of Lithuania, other legal acts regulating the collection of such data, as well as the Privacy Policy. The actions of processing the personal data of a particular User may be detailed and specified in separate agreements between the Company and the Users, as well as in the information provided by the Company to a specific User.
  5. In order to learn about how the Company processes Your (and Your children’s/persons’ under guardianship) personal data, please read carefully the information provided in the Privacy Policy.

  1. PRINCIPLES OF THE PROCESSING OF PERSONAL DATA

  1. When processing personal data, the Company ensures the right to privacy of every person, strictly complies with the requirements of the GDPR, the Law on Legal Protection of Personal Data of the Republic of Lithuania and other legal acts, as well as the following principles:
  1. Lawfulness, fairness and transparency;
  2. Purpose limitation;
  3. Data minimisation;
  4. Accuracy;
  5. Storage limitation;
  6. Integrity and confidentiality;
  7. Accountability.

  1. BASIS FOR THE PROCESSING OF PERSONAL DATA

  1. Your (and/or Your children’s/persons’ under guardianship) personal data may be processed when:
  1. You give consent to the processing of Your (and Your children’s/persons’ under guardianship) personal data for certain purposes;
  2. You enter into/intend to enter into an agreement with the Company regarding the provision of Services, or the agreement has already been entered into and the processing of Your (and/or Your children’s/persons’ under guardianship) personal data is necessary for the performance of the agreement;
  3. it is aimed to protect Your (and/or Your children’s/persons’ under guardianship) essential interests;
  4. Your (and/or Your children’s/persons’ under guardianship) personal data must be processed for the legitimate interest of the Company or of the third party to whom the personal data are provided and if Your interests are not more important;
  5. Your (and/or Your children’s/persons’ under guardianship) personal data must be processed to comply by the Company with the requirements established by legal acts.

  1. METHODS OF COLLECTION AND PROCESSING OF PERSONAL DATA

  1. Personal data may be collected and processed when:
  1. You (and/or Your children/persons under guardianship) visit the Website or the App;
  2. You fill in the documents on the App (requests, applications, questionnaires, etc.) and/or enter into a service agreement with the Company;
  3. You provide personal data during communication with the Company’s employees or representatives.

  1. PURPOSES OF PROCESSING OF PERSONAL DATA
  1. Your (and/or Your children’s/persons’ under guardianship) personal data is processed for the following purposes:
  1. direct marketing,
  2. promoting the Company,
  3. employment of persons in the Company and administration of the related personnel,
  4. person identification,
  5. prevention of money laundering and terrorist financing,
  6. implementation of the principle ‘know your customer’ (KYC),
  7. verification of the accuracy of the personal data You provide,
  8. provision of financial services and conclusion, execution and control of other transactions,
  9. contracts and customer accounting,
  10. protection and defense of the rights and legitimate interests of the Company,
  11. appropriate provision of the Services and improvement of the user experience,
  12. for data analytics purposes (analysing depersonalised user data),
  13. for other purposes specified in Your agreements with the Company or in the information provided to You separately by the Company.

  1. PROCESSING OF PERSONAL DATA FOR THE PURPOSE OF DIRECT MARKETING

  1. For the purpose of direct marketing, Your (and Your children’s/persons’ under guardianship) personal data is processed with Your consent only. For the purpose of direct marketing, including the provision of personalised offers to You, the following Your personal data is processed: full name, telephone number, e-mail address, as well as the following personal data of Your children/persons under guardianship: name, telephone number.
  2. You are entitled to refuse advertising messages sent by the Company at any time and to object to the processing of Your personal data for the purpose of direct marketing without stating the reasons for the objection. You may revoke the consent already given for the processing of personal data for the purpose of direct marketing clearly and unambiguously expressing Your will in writing to an employee of the Company.
  3. You may also exercise the right to object to the processing of personal data for the purpose of direct marketing in the following ways:
  1. by clicking on the link in each e-mail sent to You;
  2. after logging in to Your account and ticking Your objection.
  1. For the purpose of direct marketing, Your personal data is processed for no longer than 5 (five) years from the receipt of the consent or until You withdraw the consent. After the expiry of the data processing period or if You withdraw the consent, We will keep the data on Your consent for 10 (ten) years from the end of the data processing period specified in the consent or the withdrawal of the consent in order to file, enforce or defend Our legal claims.

  1. PROCESSING OF PERSONAL DATA FOR THE PURPOSE OF PROMOTING THE COMPANY

  1. The Company has created and manages an account/s on the social networks: Facebook, LinkedIn, Instagram, TikTok. Information that You (or Your children/persons under guardianship) provide on the social networks (including messages, use of the ‘Like’ and ‘Follow’ fields, and other communications) or that is obtained by You (and Your children/persons under guardianship) by visiting the Company’s accounts on Facebook, LinkedIn, Instagram, TikTok (including information obtained through cookies used by the social network) or reading the Company’s posts on the social networks is controlled by the social network manager Facebook, LinkedIn, Instagram, TikTok.
  2. As an administrator of an account on Facebook, LinkedIn, Instagram, TikTok, the Company selects the appropriate settings based on its target audience and performance management, and promotion objectives, but the social network manager may restrict the Company’s ability to change certain essential settings enabling the Company to create the Company’s account on a social network and administer it. As a result, the Company cannot influence what information about You (or Your children/persons under guardianship) will be collected by a social network manager when the Company creates an account on a social network.
  3. Generally, a social network manager processes personal data (even those collected by the Company after selecting additional account settings) for the purposes set by the social network manager in accordance with the privacy policy of the social network manager. The amount of data received by the Company as an account administrator depends on the account settings selected by the Company, agreements with the social network manager regarding ordering additional services, cookies set by the social network manager.
  4. The Company receives statistical information on the Website and the App. Statistical information is collected and processed in Google Analytics. The Company collects the following data (for statistical purposes) related to visitors to the Website and the App: IP address, Website/App browsing history and date.
  5. The following Your (or Your children’s/persons’ under guardianship) personal data may be processed for the purpose of promoting the Company: Facebook, LinkedIn, Instagram, TikTok profiles and other information, such as the date of review of the Company’s profile on Facebook, LinkedIn, Instagram or TikTok, comments, ‘Like’ and ‘Follow’ messages.

  1. PROCESSING OF PERSONAL DATA FOR THE PURPOSE OF EMPLOYMENT OF PERSONS IN THE COMPANY AND ADMINISTRATION OF THE RELATED PERSONNEL

  1. Personal data of potential employees in the Company is processed for the purpose of employment and administration of the related personnel. Your personal data processed for the purpose specified in this clause submitted for the purpose of employment with the Company shall be the following: curriculum vitae (CV), motivation letter, full name, contact information, documents submitted by You to the Company. Your personal data, which You provide to the Company when applying for a specific position in the Company, are processed for the purpose of concluding an employment contract with You.
  2. If You apply for a specific position by submitting the questionnaire, but the job offer is not submitted to You, or You do not indicate that You apply for a specific position, the Company will store and process Your personal data for future employee recruitment for no longer than 1 (one) year after the receipt of Your consent. The Company may assess Your candidacy and provide You with job offers in the Company within the whole period of data storage.
  3. You are entitled to withdraw Your consent to the processing of personal data for the purpose specified in this section of the Privacy Policy at any time expressly and unambiguously expressing Your will in writing to an employee of the Company by appealing to the Company at contacts specified on the Website or the App.

  1. PROCESSING OF PERSONAL DATA FOR OTHER PURPOSES

  1. The Company processes the following Your personal data for the purpose of identification, prevention of money laundering and terrorist financing, implementation of the principle ‘know your customer’ (KYC), verification of the accuracy of the personal data You provide, provision of financial services and conclusion, execution and control of other transactions, contracts and customer accounting, protection and defense of the rights and legitimate interests of the Company, appropriate provision of the Services and improvement of the user experience, data analytics (analysing depersonalised user data): full name, personal identification number, date of birth, registered and actual place of residence (address), data of identification documents or data of a qualified electronic signature certificate, telephone number, e-mail address, number of the account held by You in other electronic money or credit institution from which You make a transfer to Poklet account, number of the electronic money account opened with the Card Provider, the statement of this account and the money turnover therein, number of the card issued to You by the Card Provider; as well as the following personal data of Your children/persons under guardianship: telephone number, name, age. Before the beginning of the business relationship, these data is processed on the basis of concluding an agreement with You as a potential customer. After entering into the agreement, the personal data specified in this clause is processed on the basis of the performance of the agreement concluded with You, compliance with the requirements established by legal acts for the Company and legitimate interests of the Company.
  2. Your identification shall be performed remotely in the identification system MarkID managed by Mark ID, UAB, company number: 305098955, registered office address: Žalgirio st. 90-100, LT-09303 Vilnius. The following data is processed: full name, date of birth, personal identification number, type and number of ID document, copy/photo of ID document, photo of the person, IP address, date the photo was taken. The MarkID system stores video records and photos. The Company receives data under the agreement with Mark ID, UAB.
  3. For the purposes specified in this section of the Privacy Policy, personal data is processed for as long as the contractual relationship continues and You (and Your children/persons under guardianship) use the Company’s services, and upon the expiry of the contractual relationship, the collected personal data is stored for 10 (ten) years from the end of the business relationship. In the event the contractual relationship does not start after the submission of data, the personal data is only stored for no longer than 10 (ten) years from the date of receipt, unless the Company receives Your written request for destruction of Your personal data processed by the Company. If such a request is received, the personal data is destroyed immediately. If the Company refuses to enter into a transaction with You regarding the implementation of measures for the prevention of money laundering and terrorist financing, Your personal data is stored for 8 (eight) years from the moment of such refusal in order to meet the requirements of the Law on Legal Protection of Personal Data of the Republic of Lithuania.
  4. The Company may process Your (and/or Your children’s/persons’ under guardianship) personal data for other purposes in accordance with the requirements and procedure of the GDPR and the Law on Legal Protection of Personal Data of the Republic of Lithuania.

  1. SUBMISSION AND RECEIPT OF PERSONAL DATA

  1. The Company may submit Your (and/or Your children’s/persons’ under guardianship) personal data to the following third parties:
  1. personal data processors selected by the Company for the purpose of performing lawful personal data processing actions on behalf of the Company and/or on its instructions;
  2. electronic money institution – Walletto, UAB, company number: 304686884, registered office address: A. Goštauto st. 8-107, Vilnius, Lithuania, license of an electronic money institution No 33, issued on 29/03/2018; due to opening an electronic money account and issuing a payment card;
  3. third parties involved to protect and defend the violated rights and legitimate interests of the Company if You breach the terms and conditions of the agreement concluded with the Company;
  4. state institutions and establishments (the State Tax Inspectorate, the State Labor Inspectorate, etc.), when personal data are provided in order to notify of possible illegal activities;
  5. third parties whose activities are related to debt collection or creation, administration or use of a debtors database for the purpose of administering Your debt and/or recovering your indebtedness to the Company;
  6. other persons (lawyers, consultants, auditors, etc.) involved by the Company to provide the necessary services to the Company and/or You;
  7. other third parties if the data are transferred in accordance with the requirements of legal acts of the Republic of Lithuania.
  1. Your (and/or Your children’s/persons’ under guardianship) personal data may be submitted to third parties in the following ways: in writing, by electronic means, by logging in to databases or information systems collecting individual data or in another manner agreed by the controllers.
  2. Your (and/or Your children’s/persons’ under guardianship) personal data can be obtained both directly from You by contacting the Company, filling in applications, requests, submitting documents requested by the Company or otherwise submitting Your data to the Company, and from third parties (such as: the Card Provider, financial institutions, entities providing identification services, etc.).

  1. YOUR RIGHTS AND THEIR EXERCISE

  1. You may submit information about Yourself or Your (and/or Your children’s/persons’ under guardianship) personal data requested by the Company by logging in to Your user account on the Website or the App.
  2. You have all rights established by the Law on Legal Protection of Personal Data of the Republic of Lithuania, the GDPR and other legal acts, including the right to:
  1.  get acquainted with Your personal data processed by the Company and to receive information from which sources and what Your (and/or Your children’s/persons’ under guardianship) personal data were collected, for what purpose they are processed and to whom they are submitted;
  2. request for the rectification, destruction of Your personal data or to restrict, except for storage, the processing of Your personal data when the data are processed in violation of the provisions of the GDPR or other laws;
  3. do not give consent to the processing of Your (and/or Your children’s/persons’ under guardianship) personal data for direct marketing purposes or for other purposes for which Your consent is requested without giving reasons for the objection,
  4. object the use of only automated data processing, including profiling;
  5. exercise Your right to data portability;
  6. exercise the right to be ‘forgotten’;
  7. complain about the actions of the Company as the controller to the State Data Protection Inspectorate of the Republic of Lithuania.
  1. You can exercise Your rights at any time by sending an electronically signed application by e-mail: info@poklet.lt.
  2. You may exercise the right to request the destruction of Your personal data or to restrict, except for storage, the processing of Your personal data in accordance with the following procedure:
  1. If You believe that Your (and/or Your children’s/persons’ under guardianship) personal data are processed unlawfully, unfairly, and You have applied to the Company for this, We will check the lawfulness and fairness of the processing of personal data. Upon Your written request and if the Company determines that the data have been collected unlawfully and unfairly, We will destroy the unlawfully and unfairly collected personal data or will suspend the processing of such personal data, except for storage.
  2. We will protect personal data, the processing of which is restricted, until they are destroyed (at the request of the data subject or upon the expiry of the data storage period), other processing actions with such personal data may be performed only:
  1. We will notify You no later than within 30 (thirty) days of the destruction of Your personal data or of the restriction of Your personal data processing actions, which has been performed or not performed at Your request.
  2. The Company, acting as a data controller, is entitled reasonably to refuse the exercise of Your right to restrict the processing of Your personal data on the grounds set for in the GDPR, including but not limited if further data processing is necessary for the Company to file, exercise or defend legitimate interests.
  3. The Company’s refusal to exercise Your rights as a data subject may be appealed to the State Data Protection Inspectorate of the Republic of Lithuania.
  4. These actions are performed free of charge: provision of the information about the processing of Your (and/or Your children’s/persons’ under guardianship) personal data, verification of the lawfulness and fairness of the data processing, termination of the data processing, the data destruction.

  1. PROFILING AND AUTOMATED DECISION-MAKING

  1. In order to monitor the transactions concluded by You, to prevent money laundering and fraud, or for other purposes related to the legitimate interests of the Company, fulfilment of legal obligations and execution of the agreement concluded with You, the Company may perform profiling related to Your personal data processing in automated or in a semi-automated manner.
  2. The Company also conducts profiling related to assigning the Customers to a certain loyalty group. We divide the Customers into loyalty groups in order to offer additional benefits to our most loyal Customers. The Customers are assigned to a certain loyalty group based on data such as activeness, etc.

  1. PROTECTION OF PERSONAL DATA

  1. The goal of the Company is to ensure the highest possible security of all information received from the User. The Company uses a variety of administrative, technical and physical security measures to protect this information from unauthorized access, use, copying or disclosure.
  2. The Company notes that data transmitted by electronic communication means are transferred using communication networks operated by electronic communication service providers, therefore the Company cannot guarantee and is not responsible for the security and protection of data transmitted in this manner.
  3. The User must take active measures to ensure the confidentiality of his/her personal data and must make every effort to protect the login password to the Website or the App from access of third parties and not to disclose it to third parties in any direct or indirect manner, and to ensure that no third parties may use his/her data using the Website, the App and/or the services provided by the Company and/or for other purposes. The User is responsible for any actions of third parties if they are performed using the User’s data, and all duties and responsibilities arising from or related to such actions of third parties shall be borne by the User in full.

  1. PERSONAL DATA COLLECTED AND PROCESSED ON THE WEBSITE OR THE APP, OR USING THE WEBSITE OR THE APP

  1. If the User wishes to start using the Services offered by the Company on the App, the Company requests to provide the data necessary for the User’s registration: the User’s e-mail address and/or telephone number, as well as his/her full name.
  2. If You (and/or Your children/persons under guardianship) only browse the Website but You do not apply to the Company for the Services, the Company collects the following data related to browsing the Website by You (and/or Your children/persons under guardianship):
  1. IP address;
  2. the country from which the User logs in;
  3. the browser and its version used by the User.
  1. The data referred to in Clause 43 of this Privacy Policy is collected for security and history of use of the Website or the App. When collecting them, the Company does not seek to identify the User.
  2. Data related to the User’s use of the Website or the App, browsing it and/or the Services, and which are not considered personal data, may be processed anonymously by conducting statistical surveys or similar actions. In any case, such data processing will not allow the direct or indirect identification of the User.

  1. RESPONSIBILITY AND CONSENT OF ADULTS FOR THE PROCESSING OF PERSONAL DATA OF THEIR CHILDREN OR PERSONS UNDER GUARDIANSHIP

  1. Children or persons under guardianship may start using all functions of the App:
  1. upon the receipt of an invitation from the parent or guardian to register (i.e. You shall download the App and shall send an invitation to join the child/guardian); or
  2. upon the receipt of Your approval to use the App (i.e. if the child/guardian firstly downloads the App, then he/she must send an invitation to You and will only be able to start using the App’s functions after receiving Your approval).
  1. As the parent or guardian of a child or person under guardianship who registers on the App in order to use our Services, You:
  1. allow and agree that Your child/person under guardianship will use our Services and You are responsible for Your child’s use of our Services, including all taxes, expenses incurred and purchases made;
  2. give us informed consent to the collection, use and sharing of Your child’s/ person’s under guardianship data in accordance with the terms and conditions of this Privacy Policy;
  3. agree to acquaint Your child or person under guardianship with these terms and conditions of the Privacy Policy.
  1. The Company is entitled to delete a child’s profile if it is not assigned to the parent’s or guardian’s profile for 6 months or more.

  1. COOKIES

  1. The Company may use cookies on the Website in the future. Cookies are small files that are sent to the Website visitor’s web browser and stored on the Website visitor’s computer hard drive. Cookies shall be transferred to the Website visitor’s computer or other terminal device the first time you visit the Website. Cookies shall be then used to identify the Website visitor's computer or other terminal device and facilitate the Website visitor’s access to the Website or the information contained therein.
  2. We use the automated marketing platform MailerLite to manage our subscriber list and to send emails to the subscribers. MailerLite is a third party that may process Your (and/or Your children’s/persons’ under guardianship) personal information and record cookies using technologies that meet standards in this field to help monitor and improve our newsletters. You can find the privacy policy of MailerLite here: https://www.mailerlite.com/privacy-policy.

  1. LINKS TO OTHER WEBSITES
  1. The Company is not responsible for the processing of Your (and/or Your children’s/persons’ under guardianship) personal data through third-party websites (hereinafter referred to as the ‘Related Websites’). For user convenience and information, the Website or the App may contain links to other Related Websites. The Company is not responsible for the privacy policy of such websites, the content of the information provided and activities, even in cases where Users access them through links on the Website or the App, as the Company does not monitor or control them. Users are advised to read the privacy policy of each Related Website separately.

  1. CONTACTS OF THE DATA PROTECTION OFFICER

  1. Contacts of the data protection officer in the Company: ph. No.: _____________________, e-mail: ________________________.

 

  1. FINAL PROVISIONS
  1. The law of the Republic of Lithuania shall apply to the implementation and interpretation of the provisions of the Privacy Policy.
  2. This Privacy policy is in English and Lithuanian and all communications with you will be in English and/or in Lithuanian. The Lithuanian language version of this Privacy Policy shall be controlling in all respects and shall prevail in case of any inconsistencies with translated versions, if any.
  3. This Privacy Policy shall not be considered to be an agreement between the Company and the User regarding the processing of the User’s personal data. With this Privacy Policy, the Company informs You about the principles of processing Your (and/or Your children’s/persons’ under guardianship) personal data in the Company, therefore the Company is entitled unilaterally to amend and/or supplement this Privacy Policy at any time. Any amendments and/or supplements to the Privacy Policy shall take effect after their publication on the Website.
  4. If any provision of this Privacy Policy becomes or is recognised invalid, the remaining provisions will remain in full force and effect.