Data protection
We act as the data controller, and are committed to protecting our customers’ rights and privacy and ensuring security of their personal data. This Privacy Policy describes how we collect, use, store, and protect personal data.
Why do we collect your personal data?
It is necessary to collect data so that we could offer high-quality services to our customers and operate in compliance with the requirements established by the laws. We use the accumulated data for our business expansion, product development, and for maintaining customer relations.
What personal data do we gather?
Personal data is primarily collected directly from our customers. The data includes such information as your name and surname, personal ID number and your residential address. In addition, we collect information about the use of our products and services. We also need additional information which we use to supplement the initial information as we want to ensure it is accurate and up to date.
Who are recipients of personal data?
Normally we do not disclose personal data, but in some cases they may be disclosed to our service providers as we strive to provide better services for our customers, make crediting decisions which are more justified, and to operate as required by the legal acts of the Republic of Lithuania.
What are your rights related to personal data?
Our customers always have the right to access the personal data accumulated by us, do you review and update the information which may be incorrect or no longer up to date, request erasure of the personal data which is not necessary for processing, or prohibit or cancel direct marketing, market research or surveys.
Use of an automated decision-making system
Decisions of “Saldo Bank” UAB on granting a credit are based on the automated decision-making process.
In view of the purposes set out in the Privacy Policy, i.e., in the process of creating, developing financial services and improving their quality, we may analyse personal data by automated means, take automated decisions, classify data subjects into groups taking into account the personal aspects concerning the data subjects. We apply the automated decision-making, including profiling, in order to enter into or perform a contract with you, and comply with the requirements prescribed by the legal acts (subparagraphs a, b, c of Art. 6(1), Art. 22(2) of GDPR.).
We may apply the automated decision-making, including profiling, in the following cases:
In doing marketing, we profile your personal data, i.e., we carry out automated personal data processing evaluating certain personal aspects concerning you in order to assess your interests, behaviour, etc., which then allows to anticipate your needs more accurately, and provide you an offer, service and/or product which meets your interests best.
In the process of the analysis and assessment, we apply automated-decision making related, for instance, to the credit rating, credit risk management, personal credit rating, entering into a contract for services.
To ensure implementation of the measures for anti-money laundering and counter-terrorist financing, the profiling is used to assign you to certain categories depending on your risk exposure, operational risks (of main economic activities).
Profiling will involve processing of the following personal data concerning you: your name, surname, date of birth, job position, profession, education, data on the customer’s behaviour on the Company’s website, and the information on the website use. Such personal data will be processed during the term of the contract.
We would like to let you know that in addition to the rights referred to in Section VI of the Privacy Policy, you also have the right to obtain human intervention, express your point of view, and contest the decision made by automated means (Art. 22(3) of GDPR).
1.“Saldo Bank” UAB, entity number 305334925, registered address at Žalgirio g. 94-1, LT-09300 Vilnius (the Company) respects your privacy and personal data and commits to protecting your right to the lawful processing and protection of your personal data. This Privacy Policy (the Policy) provides comprehensive information on processing of the personal data or any other data concerning you that we may collect. The Company may process the data as an autonomous data controller, but the Company may also process the personal data jointly with other data controllers (i.e., being joint controllers as understood in Art. 26 of the General Data Protection Regulation (EU) 2016/679 (the GDPR). You can find more information on other companies of the group, which are joint controllers here: https://www.saldo.com/lt-lt/apie-mus/.
Joint controllers enter into an agreement on the basis of which the joint controllers transparently determine their responsibility for performance of the obligations set forth in the GDPR, define corresponding actual functions of joint controllers, and their relationships with respect to data subjects. At a written request of a data subject, the latter is provided with access to the key provisions of the above-mentioned agreement. A data subject may exercise his/her rights provided for in the GDPR with respect to each of the data controller.
2.Your personal data is processed in accordance with the GDPR, the Law of the Republic of Lithuania on the Legal Protection of Personal Data (the Law on Legal Protection of Personal Data), the Law of the Republic of Lithuania on the Prevention of Money Laundering and Terrorist Financing, other legal acts and documents governing protection of personal data.
3.Personal data shall mean any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
4.Data subject shall mean a person whose personal data the Company processes or intends to process for the established purposes and by established means (‘you’).
5.Customer shall mean a person who contacted the Company to obtain financial services, also such person’s spouse, or a person with whom the Company has entered into a contract for provision of relevant financial services;
6.Automated decision-making shall mean the decision-making by technical means.
7.Profiling shall mean any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, personal preferences, interests, reliability, behaviour, location or movements.
8.Other concepts used in this Policy are understood as they are defined in the legal acts of the Republic of Lithuania and the European Union.
9.Your personal data is processed by the Company for these purposes:
9.1 For the purpose of identification of a person (including fraud prevention), the following personal data shall be processed: name, surname, personal ID number, mobile signature, a copy of a personal ID document, the date and method of identification of the person, the customer’s IP address from which the contact was made when identifying the person, the video recording, the date of making the video recording or taking a photo.
Legal basis: compliance with the requirements set forth in legal acts (Art. 6(1)(c) of GDPR), and consent (Art. 6(1)(a) of GDPR).
Personal data retention period:8 years.
Recipients of personal data: law enforcement authorities (on receipt of their request), supervisory authorities.
Personal data sources: the data subject.
9.2 For the purpose of assessment of creditworthiness and risk, the following personal data of customers shall be processed: data related to assessment of creditworthiness (income of the customer and the customer’s family members, type of their income, financial obligations to financial institutions or other persons, their credit rating, information about delays to perform current or previous financial obligations, history of performance of financial obligations, information about the current and previous employers, hirings and dismissals, engaging in economic activity or individual activity (self-employed), any received and allocated permanent or one-off social benefits, circumstances that may affect your economic or financial situation or ability to repay the credit or pay its cost, other significant circumstances related to the customer’s financial situation or ability to perform obligations properly). Also the data concerning a person are necessary to assess a credit risk (the date of birth, job position, profession, education, family status, number of minor children).
Legal basis: the data controller’s legitimate interest to assess risks (Art. 6(1)(f) of GDPR), compliance with the requirements set forth in legal acts (Art. 6(1)(c) of GDPR), contract performance (Art. 6(1)(b) of GDPR).
Personal data retention period: unless a credit agreement is concluded, the data is stored for 24 months. If a credit agreement is concluded, i.e., in the event of contractual relations, the data is stored for 10 years from the moment of termination of contractual relations.
Recipients of personal data: supervisory authorities, law enforcement authorities (on receipt of their request), “Scorify” UAB, “Creditinfo” UAB.
Sources of personal data: the data subject, credit institutions, the Real Estate Register, the State Social Insurance Fund Board under the Ministry of Social Security and Labour of the Republic of Lithuania, the database of ”Scorify” UAB, the database of ”Creditinfo Lietuva” UAB, the Register of Legally Incapable Persons and Persons with Limited Legal Capacity.
9.3 For the purpose of direct marketing and surveys, the following personal data of customers shall be processed: the name, surname, date of birth, job position, profession, education, data on the customer’s behaviour on the website of “Saldo Bank” UAB, and the information on the website use (which includes monitoring of the person’s behaviour on the website, and the use of the services provided by the Company).
The Company may send direct marketing messages or invitations to take a survey to the existing customers of the Company without a separate consent for marketing of similar services and surveys when the customers are provided with a clear, free and easily manageable opportunity to disagree or deny such use of their contact details, and on the condition that they did not object to such use of their data from the beginning, when sending each message.
Legal basis: the data controller’s legitimate interest to improve its service quality (Art. 6(1)(f) of GDPR).
Personal data retention period: as long as bound by contractual relations.
9.4 For the purpose of securing performance of the credit agreement, surety agreement, the following personal data of customers shall be processed: contact data (the phone number, declared and actual place of residence (address), e-mail address), payment-related data (numbers of bank accounts and/or payment cards, unique text of remittance information, payment type, payment date, payment document number, unique number of the transaction archive, customer’s number in the beneficiary’s information system, currency denomination), data indicating whether a customer is / is not included in the Register of Legally Incapable Persons and Persons with Limited Legal Capacity, data indicating whether a customer is / is not included in the list (kept by the supervisory authority) of persons concerning whom applications are filed to prevent them from entering into credit agreements.
Legal basis: compliance with the requirements set forth in legal acts (Art. 6(1)(c) of GDPR), contract performance(Art. 6(1)(b) of GDPR).
Personal data retention period: unless a credit agreement is concluded, the data is stored for 24 months. If a credit agreement is concluded, i.e., in the event of contractual relations, the data is stored for 10 years from the moment of termination of contractual relations.
Recipients of personal data: supervisory authorities, law enforcement authorities (on receipt of their request), “Scorify” UAB, “Creditinfo” UAB.
Sources of personal data: independent credit brokerage companies, the Register of Legally Incapable Persons and Persons with Limited Legal Capacity, the list (kept by the supervisory authority) of persons concerning whom applications are filed to prevent them from entering into credit agreements; the Bank of Lithuania, “Fintegry” UAB.
9.5 For the purpose of entering into an irrevocable deposit agreement, the following personal data of customers will be processed: the person’s name, surname, personal ID number, contact data (the phone number, declared and actual place of residence (address), e-mail address), bank account number.
Legal basis: compliance with the requirements set forth in legal acts (Art. 6(1)(c) of GDPR), contract performance(Art. 6(1)(b) of GDPR).
Personal data retention period: unless a deposit agreement is concluded, the data is stored for 24 months. If a deposit agreement is concluded, i.e., in the event of contractual relations, the data is stored for 10 years from the moment of termination of contractual relations.
Recipients of personal data: supervisory authorities, law enforcement authorities (on receipt of their request).
Sources of personal data: the data subject, the Population Register.
9.6 For the purpose of ensuring compliance with the requirements related to the prevention of money laundering and terrorist financing, and other requirements of legal acts as well verification whether any sanctions apply, the following personal data shall be processed: the source of funds, nationality, data indicating whether a person is a politically exposed person (PEP), and other data to the extent necessary for this purpose.
Legal basis: compliance with the requirements set forth in legal acts (Art. 6(1)(c) of GDPR).
Personal data retention period: 8 years after termination of the relationship.
Recipients of personal data: the Financial Crime Investigation service, the State Tax Inspectorate, the Bank of Lithuania.
Sources of personal data: the data subject, financial institutions, the Population Register managed by the state enterprise Centre of Registers, the Real Estate Register, the Register of Property Seizure Acts, the State Social Insurance Fund Board under the Ministry of Finance, ”Scorify” UAB, ”Creditinfo” UAB, supervisory authorities, “Ondato” UAB , sanction databases.
9.7 For the purpose of arrears management, the following personal data of debtors shall be processed: the name, surname, personal ID number, job position, profession, education, contact data (the phone number, e-mail address, declared and actual place of residence), data relating to assessment of creditworthiness (income of the customer and the customer’s family members, type of their income, financial obligations to financial institutions or other persons, their credit rating, information about delays to perform current or previous financial obligations, history of performance of financial obligations, information about the current and previous employers, hirings and dismissals, engaging in economic activity or individual activity (self-employed), any received and allocated permanent or one-off social benefits, circumstances that may affect your economic or financial situation or ability to repay the credit or pay its cost, other significant circumstances related to the customer’s financial situation or ability to perform obligations properly, e.g., the family status, number of minor children), the customer’s obligations to ”Saldo Bank” UAB, payment-related data (numbers of bank accounts and/or payment cards, unique text of remittance information, payment type, payment date, payment document number, unique number of the transaction archive, customer’s number in the beneficiary’s information system, currency denomination).
Legal basis: the data controller’s legitimate interest to ensure the debt recovery (Art. 6(1)(f) of GDPR).
Personal data retention period: 10 years after completing performance of obligations or after termination of the relationship.
Recipients of personal data: third parties having taken over the customer’s obligations from the Company, debt collection agencies.
Sources of personal data: the data subject, financial institutions, the Population Register managed by the state enterprise Centre of Registers, the Real Estate Register, the Register of Property Seizure Acts, the State Social Insurance Fund Board under the Ministry of Finance, ”Scorify” UAB, ”Creditinfo” UAB, the Register of Legally Incapable Persons and Persons with Limited Legal Capacity managed by state enterprise the Central Mortgage Institution, supervisory authorities, “Ondato” UAB.
9.8 For the purpose of creating, developing of financial services, and improving the quality of services, the following personal data of customers shall be processed: data concerning a person (the name, surname, date of birth, job position, profession, education), data concerning the customer’s behaviour on the data controller’s website, and the information on the website use (which includes monitoring of the person’s behaviour on the website, and the use of the Company’s services).
Legal basis: the data controller’s legitimate interest to create and develop services, improve their quality (Art. 6(1)(f) of GDPR).
Personal data retention period: personal data is stored only for a period necessary for the purpose.
9.9 For the purpose of confirming the content of calls and ensuring the quality of services (call recording), audio recordings of phone calls between employees and other call participants shall be processed.
Call recordings may also be used for detection of suspected criminal acts, offences under administrative law, proving or detecting the damage inflicted on the Company or third parties, and may be transmitted only to the persons entitled to receive such data in the manner prescribed by the laws.
Legal basis: consent (Art. 6(1)(a) of GDPR) the data controller’s legitimate interest to ensure adequate provision of services (Art. 6(1)(f) of GDPR).
Personal data retention period: 2 years from the day of making an audio recording of the call.
Recipients of personal data: the Company and other entities from the same group of companies, supervisory authorities, law enforcement authorities.
9.10 For the purpose of administration of enquiries, complaints and requests, the following personal data of the persons making enquiries, complaints and requests shall be processed: the name, e-mail address, phone number.
Legal basis: the data controllers’ legitimate interests related to handling of enquiries, requests or complaints (Art. 6(1)(f) of GDPR).
Personal data retention period: 1 year after the day the enquiry, request or complaint was examined.
Sources of personal data: the data subject, supervisory authorities.
9.11 For the purpose of statistics and ensuring the quality of services (by means of cookies), the data of visitors of the data controller’s website available by means of cookies shall be processed. Aggregated data relating to consumer behaviour may be seen, the consumers can be classified by the consumer’s age, place of residence (city, country), interests, devices used, the source through which the website is accessed.
Legal basis: as for necessary cookies required for functioning of the website, the legal basis is the data controller’s legitimate interests related to functioning of the website (Art. 6(1)(f) of GDPR), and in other cases, it is the website visitor’s consent (Art. 6(1)(a) of GDPR).
Personal data retention period: depending on settings of cookies.
9.12 For the purpose of maintaining business relationships, the following personal data of representatives of business entities shall be processed: name, surname, job position, e-mail, phone number.
Legal basis: the data controllers’ legitimate interests to pursue its activities (Art. 6(1)(f) of GDPR)
Personal data retention period: 10 years after termination of the relationship.
9.13 For the purpose of financial accounting, the following personal data of the customers and employees shall be processed: the name, surname, personal ID number, the number of an account at the bank or another financial institution.
Legal basis: the data controllers’ legitimate interests to maintain its financial accounting properly (Art. 6(1)(f) of GDPR), and compliance with the requirements set forth in legal acts (Art. 6(1)(c) of GDPR).
Personal data retention period: 10 years after the day of entering into a contract. The period of 10 years starts running at the end of the year following the calendar year in which the financial year to which the information pertains ended.
Recipients of personal data: the State Tax Inspectorate, the State Social Insurance Fund Board under the Ministry of Social Security and Labour, supervisory authorities.
9.14 For the purpose of online meetings, the following personal data shall be processed: Information about the participants. first name, last name, phone number (optional), e-mail address (optional), password (if single sign-on is not used), profile picture (optional), department (optional). Meeting metadata: subject, description (optional), participant IP addresses, device/hardware information, start and end time of the videoconference. Recordings (optional): Files with all video, audio, and presentation information of the online meeting. If we would like to record an online meeting, we will inform you beforehand in a transparent way and ask for your consent, if necessary. When dialling in with a phone: information about the incoming and outgoing telephone number, country name, start and end time. Text data: You may have the option to use chat, question, and survey functions in an online meeting. The texts you have entered will be processed in order to display them during the online meeting and, in exceptional cases, also to log them for further processing of the online meeting. If we would like to store text data for further processing, we will inform you beforehand with all transparency required and ask for your consent, if necessary.
If you participate in online meetings, the provider of service will store the related data (meeting metadata; data for phone dial-in; questions and answers in webinars, if any; survey function in webinars).
Legal basis: the data controller’s legitimate interests to organize online meetings (Art. 6(1)(f) of GDPR); the data subject’s consent (Art. (6)(1)(a) of GDPR).
Personal data retention period: The data mentioned above will be processed for as long as it is necessary to perform the online meetings and related services.
Communication-related metadata will be deleted as soon as storage is no longer required in order to provide or maintain the service.
In case of a recording, the data of the audio and video transmission as well as optionally the messages in the chat, question, or survey function, are stored and remain stored beyond the duration of the meeting. The recordings stored on the provider's cloud servers are automatically deleted after thirty (30) days at the latest. Data stored on local systems of Company will only be stored in order to and as long as it is necessary to fulfil the respective purpose. Data in reports and on the dashboard of the provider will be deleted after twelve (12) months.
Recipients of personal data: The providers of Zoom, WebEx or Teams receive the information stated above as far as necessary and as outlined in the data processing agreement.
9.15 For the purpose of ensuring proper governance of the Company (implementation of requirements of legal acts), the following personal data of shareholders, Board members of the Company shall be processed: the name, surname, personal ID number, date of birth, residential address, bank account data, disbursement-related data, passport / ID card data, phone number, e-mail address.
Legal basis: compliance with the requirements set forth in legal acts (Art. 6(1)(c) of GDPR).
Personal data retention period: the personal data shall be retained for the period specified in the legal acts.
Recipients of personal data: the State Tax Inspectorate, the state enterprise Centre of Registers, all the other interested parties having justified grounds to obtain, request personal ID documents in cases stipulated by laws for performance of their functions.
9.16 For the purpose of external and internal audits, the data concerning all the employees, customers, representatives of business partners contained in the information systems and paper documents.
Legal basis: the data controller’s legitimate interest to conduct an audit (Art. 6(1)(f) of GDPR).
Personal data retention period: personal data is stored only for a period necessary for the purpose.
Recipients of personal data: entities providing audit services.
9.17 For the purpose of making a record of personal data breaches, the following personal data of the persons recording and reporting the breach shall be processed: the name, surname, and the following personal data of the persons having committed a data breach shall be processed: the name, surname, and the breach-related information.
Legal basis: the data controller’s legitimate interest to manage personal data breaches (Art. 6(1)(f) of GDPR).
Personal data retention period: 10 years from the report on the data breach.
Recipients of personal data: the State Data Protection Inspectorate.
9.18 For the purpose of performance of the legal obligation to provide information on the ultimate beneficial owner in the sub-system JANGIS of the Information System of Legal Entities Participants (JADIS), the following personal data shall be processed: the name, surname, date of birth, personal ID number, residential address, nationality, the name of the country having issued the ID document, the name/s of the country for tax residence purposes, the rights and scope of the beneficial owners’ ownership and/or control. A copy of the ID document is required, if the information is provided concerning a foreigner. In case of an indirect beneficial owner where a legal entity controls a company through one or more legal entities, the following data of those legal entities shall be processed: the name, identifier, legal form, domicile address, the title held and its scope.
If the organisational structure includes foreign entities, the following additional data shall be processed: the name of the register of the country in which such entity is registered, the date of registration, legalised (certified by apostille) extracts from business registers accompanied by translations into Lithuanian (except where the information in the registers is public and can be accessed free of charge).
Legal basis: compliance with the requirements set forth in legal acts (Art. 6(1)(c) of GDPR).
Personal data retention period: 10 years after one stops being the ultimate beneficial owner.
Recipients of personal data: the state enterprise Centre of Registers.
9.19 For the purpose of employment at the Company, the following personal data shall be processed: the CV, name, surname, education, qualification, contact details, etc.
Legal basis: entering into contract (Art. 6(1)(b) of GDPR), the consent (Art. 6(1)(a) of GDPR).
Personal data retention period: If you apply for a specific position but are not offered a job, the personal data you have provided are destroyed after completion of the candidate selection to the vacancy advertised by the Company.
The personal data concerning you as a potential candidate may be stored for the purpose of future selections of Company’s employees only if your consent is obtained.
10.Personal data may be obtained directly from the data subject. A data subject contacts the Company, uses the services provided by the Company, or contacts the Company requesting information, etc.
Personal data may be obtained from the third parties, e.g., legal entities which provide personal data of their representatives natural persons or their employees, also from credit and payment institutions, the Population Register, the Real Estate Register, the Register of Property Seizure Acts, the State Social Insurance Fund Board under the Ministry of Social Security and Labour, the database of ”Scorify” UAB, the database of “ Creditinfo Lietuva” UAB, the Register of Legally Incapable Persons and Persons with Limited Legal Capacity, supervisory authorities, independent credit brokerage companies, other information systems and registers when it is necessary to comply with requirements of legal acts.
Personal data may be obtained when a data subject visits the website when cookies used on the website are saved on the data subject’s terminal equipment.
11.In some cases your personal data may be transferred outside the European Economic Area. Such data transfers may be carried out only given a legal basis and in compliance with the requirements provided for in Chapter V of GDPR.
12.In the manner set forth in this Policy, you have the right to:
12.1 know (be informed) about processing of your personal data;
12.2 access your personal data being processed, and receive information on the manner of their processing;
12.3 request rectification or erasure of your personal data (the right to be forgotten), or restriction of processing of your personal data;
12.4 receive your personal data being processed in a structured, easily machine-readable and interoperable format, and to transmit it to another controller (the right to data portability);
12.5 object to the processing of your personal data;
12.6 request that you are not subjected to a decision based solely on automated processing, including profiling (save for the set forth exceptions).
13.The Company cannot provide you the data concerning you or any related information without identifying you first.
14.You have the right to obtain a confirmation from the Company whether the personal data concerning you are processed. If such personal data are processed, you have the right to access the personal data.
15.You have the right to request that the Company rectified inaccurate personal data concerning you without delay. In view of the purposes for which the data were processed, you have the right to request supplementing any incomplete personal data.
16.You have the right request that the Company erased the personal data concerning you without delay where:
16.1 the personal data are no longer necessary for achievement of the purposes for which the data were collected or processed otherwise;
16.2 you have withdrawn the consent which served as the basis for processing of Your personal data, and there is no other legal basis for data processing;
16.3 you object to the data processing when the processing is carried out on the basis of consent, and there are no overriding reasons to process such data;
16.4 you do not consent to the data processing for the purposes of direct marketing;
16.5 Your personal data have been processed unlawfully.
17.Personal data must be deleted (erased) in compliance with the requirements of the Republic of Lithuania and the European Union.
18.Your request for erasure of the personal data, including the obligation of the Company to instruct data controllers to erase such data, shall not apply where processing is necessary at least in one of the following cases:
18.1 for exercising the right of freedom of expression and information;
18.2 for compliance with a legal obligation which requires processing by legal acts of the European Union or the Republic of Lithuania to which the data controller is subject;
18.3 for the statistical purposes in compliance with Art. 89(1) of the GDPR, if your right (to be forgotten) may render it impossible or seriously aggravate achievement of the purposes of that processing;
18.4 for the establishment, exercise or defence of legal claims.
19.You have the right to request that the Company restricted processing of your data when at least one of the following applies:
19.1 you are contesting accuracy of the data for the period during which the Company may verify accuracy of the personal data;
19.2 processing of your personal data is unlawful, but you do not consent to erasure of such data and request restriction of their use instead;
19.3 the Company no longer needs the personal data for the purposes of processing, but the data subject needs the data for the establishment, exercise or defence of legal claims;
19.4 you do not consent to the data processing until it is verified whether the legitimate reasons of the Company override your reasons.
20.Where personal data are processed for the purposes of direct marketing, you have the right to object (without specifying any reasons or motives) to the processing of the personal data concerning you for such marketing purposes, including profiling, related to such direct marketing.
21.Requests for exercising the above-mentioned rights may be submitted by contacting Rusnė Juozapaitienė, the data protection officer of the Company, in writing or e-mail rusne@duomenuapsauga.eu.
22.The Company has the right to refuse to examine your application to enter into a credit agreement or refuse entering into a credit agreement, if your personal data necessary for entering into the credit agreement are not provided.
23.The Company and other entities of the same group of companies as well as their business partners have the right to use and disclose your personal data if to do so is permitted or prescribed by the legal acts of the Republic of Lithuania and the European Union.
24.For the purpose of increasing the Company’s visibility on social media and on the legal basis of the legitimate interest to increase the Company’s visibility on social media (Art. 6(1)(f) of GDPR), the personal data of social media visitors shall also be processed: profiles of social media visitors, pressing of “Like” and “Follow” buttons, comments. The information about personal data retention period is provided in privacy policies of Facebook, Instagram, Twitter, YouTube social media.
As the administrator of the social media account, the Company selects the appropriate settings, takes into account its target audience, and the objectives of its business management and promotion. When granting the Company an opportunity to create and manage accounts on the social media, the providers of the social media may restrict a possibility to change certain essential settings. As a result the Company will not be able to have any influence on the data concerning you which the social media providers will be collecting when the Company sets up social media accounts. Any of such settings may affect personal data processing when you are using social media, visit the Company’s accounts or read the Company’s posts on the social media. The providers of social media usually process your personal data (even the data collected when the Company selects additional settings for the account) for the purposes defined by the providers of the social media relying on their privacy policies. Nevertheless, when you use social media, communicate with the Company via social media, visit the Company’s accounts on social media, watch videos on such accounts, the Company receives information about you. The scope of the received data depends on the settings of the accounts selected by the Company, agreements with the providers of social media for extra services, and the cookies set up by the providers of social media.
25.The Company may provide personal data of data subjects to data processors, but they render services to the Company and process personal data on behalf of the Company, e.g., providers of IT support, financial accounting, legal, other consultancy and marketing services. Data processors have the right to process personal data only as instructed by the Company and only to the extent necessary for proper performance of the obligations stipulated in agreements. When engaging the data processors, the Company shall take all the necessary measures to ensure that the data processors have implemented all the appropriate organisational and technical measures ensuring security, and that they maintain secrecy of personal data.
26.The Company collects, processes and analyses the information related to your use of its website.
27.The Company uses cookies and similar technologies to provide you with high-quality services, ensure cybersecurity, carry out marketing, conduct an analysis of the website use, and offer you most interesting content on the website.
28.You may choose whether to consent to the use of cookies, or not. If you do not consent to the use of cookies, you may still continue using the website.
More information about cookies is provided in the Cookie Policy (www.saldo.com).
29.Should you have any questions concerning processing of your personal data, you may contact the Company via e-mail: privacy.lt@saldo.com, phone +370 (699) 75532, or by a letter addressed to “Saldo Bank” UAB, Žalgirio g. 94-1, Vilnius.
30.Performance and interpretation of provisions of this Policy shall be governed by the law of the Republic of Lithuania.
31.This Policy does not constitute an agreement between you and the Company on processing of the consumer’s personal data. By this Policy, the Company informs you about the principles of your personal data processing at the Company, and the Company has the right to unilaterally amend and/or supplement this Policy any time.
32.Any amendments and/or supplements to this Policy shall come into effect as of the moment they are published on the Company’s website at www.saldo.com.
33.If any provision of this Policy becomes or is declared invalid, the remaining provisions shall continue to be effective.
34.This Policy was updated on 7 February 2023.