Preamble
Kasapay UAB (“we”) attach great importance to the protection of your personal data.
As such and in accordance with the regulations in force (in particular Regulation 2016/679 known as “GDPR”), this notice relating to the protection of personal data (i) provides you with clear and detailed information, and (ii) aims to inform you about the personal data we collect about you, the reasons why we use and share it, for how long we keep it, what your rights are and how you can exercise them.
As data controller, we are responsible for collecting and processing your personal data in the course of our business.
This notice is intended for (i) employees of our business partners and prospects in the context of commercial exchanges, and (ii) candidates in the context of a job offer or an unsolicited application.
We can update this notice at any time, in particular in order to take into account any changes in the regulations relating to the protection of personal data. If this notice changes, you will be informed by logging on to the site www.kasapay.lt or via the usual communication channels.
Who is responsible for data processing and who can you contact?
The data controller is:
Kasapay UAB
Vilnius, Lithuania
E-mail address : [email protected]
What sources and data do we use?
We process personal data that we collect directly from you in situations where i) you express an interest in obtaining additional information about our products and services, following a meeting at a trade fair; ii) you interact directly with us via professional social networks or via a “Contact us” (or similar) feature available on our website or iii) you are one of our business partners / service providers with whom we interact on a regular basis.
We also process personal data about you that we collect from other sources, including i) third parties who prescribe our products and services to potential customers and ii) publicly available data.
As such, we collect the following personal data:
- Civil status information: Last name, First Name
- Contact information : Email address, phone number
- Information relating to exchanges with us: electronic exchanges (electronic mail, SMS, MMS, instant messaging)
- Information relating to professional life: company, job title, professional social network
- Information relating to your browsing on the site www.kasapay.lt: IP address, information on the terminal (computer, tablet, smartphone, etc.) these data are saved in text files called “cookies”
- Others: asset freezing measures and sanctions related to the anti-money laundering and terrorist financing system, press article, media
- All information voluntarily entered and submitted by you into a form hosted directly or embedded on the site www.kasapay.lt
You are informed that cookies may be installed on your terminal equipment during your first visit to the site www.kasapay.lt. To find out more about the cookies used, see our Cookies policy.
The data collected is essential for achieving the purposes described below.
For what purposes do we process your personal data (purpose of processing) and on what legal basis?
We process your personal data in order to be able to:
- Carry out sales prospecting actions: promote our products and services, convert leads encountered at trade shows or via prescribers to target customers, respond to requests for information made via the website by people who have expressed a certain interest in our offer
- Manage and monitor our relationships with business partners / service providers: manage contracts, respond to requests for information, manage complaints
- Prevent and detect money laundering and terrorist financing and comply with any international sanctions regulations as part of our and our partner’s know your customer (KYC) process
- Allow site www.kasapay.lt to remain functional: these are technical cookies used by the Site host for the technical management of the network
- Develop the website www.kasapay.lt: analyze the frequentation and use made by Internet users, improve the browsing experience, memorize browser display preferences, implement security measures
These treatments are based on our legitimate interest, our legal obligations, the execution of contracts, as well as on consent as to i) requests for information made via the “Contact us” (or similar) functionality of the website ii) deposit of certain cookies third party on your terminal.
Who receives your data
Within the company, your data is transmitted to the services which need it to enable us to comply with our contractual and legal obligations:
- Our partner company(ies) or subsidiaries established (including branches) in one of the member states of the European Union
- Executive management
- Sales department
- Operations department
- Communication / marketing department
- Project service
- Fraud service
- Compliance and Risks Department
- Legal Department
We share your personal data with subcontractors (article 28 of the GDPR) to whom we may use and who provide us with services such as i) administration and hosting of information systems ii) carrying out studies / project (consulting firm, law firm, etc.) and iii) carrying out checks (statutory auditors, audit firm)
In addition, your data may be transmitted to any public / administrative, judicial or supervisory / supervisory authority in compliance with applicable laws and regulations.
How long do we keep your data?
If necessary, we process and store your personal data for the duration of our professional relationship.
Finally, the retention period also depends on the legal limitation periods:
- Clients : for the duration of the business relationship and ten years from the end of the business relationship
- Prospects: three years from their collection or from the last contact
- Partners / Providers: seven years from the date of issue of the invoice or the end of the contract
Cookies from the website www.kasapay.lt: session cookies disappear as soon as the Internet user leaves the website, permanent cookies remain on the Internet user’s equipment until the end of their lifespan or until they are deleted using browser functionality. To find out more about the cookies used, see our Cookies policy.
Throughout the retention period of your personal data, we put in place all appropriate means to ensure their confidentiality and security, so as to prevent their damage, erasure or access by unauthorized third parties.
Is data transferred to a third country or an international organization?
Every effort is made to ensure that our servers and the servers of our technology suppliers are located within the EU. Therefore, your technical browsing data (IP address, browser type, version, etc) remains in the EU at all times to the best of our knowledge.
If you choose to submit an application for payment services, your data will be shared with the third parties listed below.
Elavon Merchant Services
Elavon may transfer your data outside the EEA under appropriate safeguards, including standard contractual clauses (SCCs) approved by the European Commission. For more information about these controls please contact Elavon at [email protected]
Market Pay
Currently, Market Pay does not transfer personal data outside the EU. If such a transfer becomes necessary, we will inform you in advance and ensure compliance with applicable data protection laws. For more information, please contact Market Pay at [email protected].
Are you under an obligation to provide data?
You must provide the personal data necessary for carrying out the processing necessary for the execution of the contract as well as to meet our legal and regulatory obligations.
Where applicable, you will be informed, when collecting your personal data, whether certain data must be entered or if they are optional.
In addition, your consent is necessary for us to be able to place and read some of our cookies. During your first visit to the site www.kasapay.lt, you are asked to accept or refuse the use of certain cookies. You can manage and modify your choice of cookies at any time according to several possibilities. For more information, see our Cookies policy.
Do we use automated individual decision-making?
We do not use fully automated decision-making within the meaning of Article 22 GDPR. If we were to use this process in special cases, we will inform you separately to the extent that the law requires it.
Are your data used for profiling?
We do not process your data in an automated way for the purpose of evaluating certain personal aspects (profiling).
Information relating to your rights
You have a right of access under article 15 of the GDPR, rectification under article 16 of the GDPR, a right to erasure under article 17 of the GDPR, a right to restriction of processing under Article 18 of the GDPR, as well as a right to data portability under Article 20 of the GDPR. When consent is required for processing, you have the right to withdraw it.
The right of access and the right to erasure are subject to the restrictions defined in Articles 34 and 35 of the GDPR. In addition, you have the right to lodge a complaint with a data protection supervisory authority (Article 77 of the GDPR).
In addition, you have the option of providing us with instructions relating to the retention, erasure and communication of your personal data after your death, which instructions may also be registered with “a certified digital trusted third party” . These directives, or a sort of “digital will”, may designate a person responsible for their execution; otherwise, your heirs will be appointed.
Your rights to deletion
You have the right to request the deletion of your personal data that we hold, subject to certain legal obligations. If you would like us to delete your information from our records, please contact us using the details provided below. We will take reasonable steps to comply with your request promptly, unless we are required by law to retain certain information. Please note that deleting your data may affect our ability to provide you with certain services.
You can exercise these various rights by contacting our referent directly at the following coordinates:
Kasapay Data Protection Officer
