ASSOCIATION FINTECH HUB LT PRIVACY POLICY
1. PURPOSE AND SCOPE
This privacy policy (hereinafter – “Privacy Policy”) depicts your privacy rights in terms of gathering, use, storing, sharing, and protecting your personal data (hereinafter – “personal Data”), as well as the scope of processed personal data, the purposes, sources, recipients and other important aspects of data processing by registering, accessing, or using by Association “FINTECH HUB LT”, registered address: Mėsinių g. 5, LT-01133 Vilnius, Lithuania, registration code: 304701279 also referred to as “we”, “us”, “Association”).
As we collect and use personal data, the Association is obligated to use and process your personal data only in accordance with this Privacy Policy, as well as, applicable legislation, including the General Data Protection Regulation (2016/679) (hereinafter – GDPR), the Law on Legal protection of personal data of the Republic of Lithuania and other applicable legal acts.
When writing "you", we mean you as – the representative of a member of the Association, the representative of a legal person intending to become a member of the Association, the member of the Board of the Association, the participant of the General Meeting of the Association, the partner or the representative of the partner or a person contacting us through our website.
Please read carefully the following Privacy Policy and if you have any questions regarding processing of your data you can contact us at [email protected]. We keep this Privacy Policy under regular review and publish updates on our website https://www.fintechhub.lt/. Please review this Privacy Policy from time to time to stay up to date with the changes.
2. PRINCIPLES OF PROCESSING PERSONAL DATA
The principles we follow in order to comply with the need to protect your personal data are as follows:
a) principle of legality, fairness and transparency – the personal data with respect to you is processed in a lawful, honest and transparent way;
b) purpose limitation principle – the personal data is collected for specified, clearly defined and legitimate purposes and shall not be further processed in a way that is incompatible with those purposes;
c) data reduction principle – the personal data must be adequate, appropriate and is only necessary for the purposes for which it is processed;
d) accuracy principle – the personal data must be accurate and, if necessary, updated. All reasonable steps must be taken to ensure that personal data which is not accurate in relation to the purposes for which it is processed shall be immediately erased or corrected;
e) the principle of limitation of the length of the storage – the personal data shall be kept in such a way that your identity can be determined for no longer than is necessary for the purposes for which the personal data is processed;
f) integrity and confidentiality principle – the personal data shall be managed by applying appropriate technical or organisational measures in a way, which would ensure the proper security of the personal data, including the protection from an unauthorised processing or processing of an unauthorised data against accidental loss, destruction or damage.
Your personal data is considered as confidential information and may only be disclosed to third parties in accordance with the rules and procedure provided in this Privacy Policy and the applicable legal acts.
3. INFORMATION WE COLLECT, IT’S PURPOSES AND IT’S LEGAL BASIS
Categories of Personal Data being processed
The personal data we collect can be grouped into the following categories:
3.1. Purposes and legal basis for personal data processing of the representatives of the members of the Association
Purpose: To unite the members of the Association, to represent the interests of its members:
Legal basis: Legal obligation
Categories of Personal Data: Basic Personal Data, Contact details
Purpose: For the carrying out of trainings, programs, professional development or other events:
Legal basis: Legitimate interest
Categories of Personal Data: Basic Personal Data, Job related information, Contact details
3.2. Purposes and legal basis for personal data processing of the representatives of a legal person intending to become a member of the Association
Purpose: To consider the request of a person legal person’s representative intending to become a member of the Association.
Legal basis: Your consent
Categories of Personal Data: Basic Personal Data, Contact details.
3.3. Purposes and legal basis for personal data processing of the members of the Board of the Association
Purpose: To properly perform our duties as an association and the statutes of the Association and to properly manage the Association.
Legal basis: Legal obligation, Legitimate interest
Categories of Personal Data: Basic Personal Data, Job related information, Contact details, Image, Personal code, Other provided information
3.4. Purposes and legal basis for personal data processing of the representatives of the partner or of the partner
Purpose: Conclusion and fulfilment of the contract concluded with partner
Legal basis: Contract performance or in order to take steps at the request of the partner to entering into the contract, Legitimate interest
Categories of Personal Data: Basic Personal Data, Financial data, Job related information, Data related to the performance of the contract, Contact details
3.5. Purposes and legal basis for personal data processing who is contacting the Association
Purpose: To provide an answer when you contact us through our website.
Legal basis: Your consent
Categories of Personal Data: Basic Personal Data, Contact details, Other provided information
The definitions used above are understood as follows:
Legitimate Interest: Association legitimate interests are our needs to process personal data in order to perform tasks related to carrying out our activities, as an association.
Legal Obligations: Processing your Personal Data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
Consent: Your consent shall mean any freely given, specific, informed and unambiguous indication of your wishes by which you, by a statement or by a clear affirmative action, signify your agreement to the processing of Personal Data relating to you.
4. HOW IS YOUR PERSONAL DATA OBTAINED?
We collect information you provide directly to us. We may collect personal data from third parties. In particular from third parties such as public or private registers and databases.
The Association also collects information which you provide us by access and use of our website.
5. AUTOMATED DECISION MAKING
The Association is not using the automated decision-making tools.
6. HOW IS YOUR PERSONAL DATA SHARED BY US?
We may transfer your Personal Data in accordance with the principles of confidentiality to the following categories of recipients:
a) pre-trial investigation institutions, state’s authorities;
b) lawyers, bailiffs, auditors etc.;
c) external service providers (that provide such services as, for example, system development and/or improvement);
d) other entities that have a legitimate interest or the personal data may be shared with them under the contract which is concluded between you and us.
7. DIRECT MARKETING
The Association is not carrying out any kind of direct marketing programs.
8. INTERNATIONAL TRANSFER OF PERSONAL DATA
The Association will not transfer your Personal Data outside the European and the European Economic Area.
9. HOW WE PROTECT YOUR PERSONAL DATA?
Please note that, although no system of technology is completely infallible, the Association has endeavoured to take appropriate security measures to prevent risks of unauthorised access to or improper use of your personal information.
The Association and any third-party service providers that may engage in the processing of Personal Data on our behalf (for the purposes indicated above) shall also contractually obligated to respect the confidentiality of the Personal Data.
10. HOW LONG WE KEEP YOUR PERSONAL DATA?
We will keep your personal data for as long as it is needed for the purposes for which your data was collected and processed, but not longer than it is required by the applicable laws and regulations. This means that we store your data for as long as it is necessary for carrying out the activities of the Association and as required by the retention requirements in laws and regulations.
The terms of data retention of the personal data for the purposes of the processing of the personal data as specified in this Privacy Policy are as follows:
a) as long as your consent remains in force, if there are no other legal requirements which shall be fulfilled with regard to the personal data processing;
b) the personal data submitted by you through our website or via email is kept for an extent necessary for the fulfilment of your request and to maintain further cooperation, but no longer than 6 months after the last day of the communication, if there are no legal requirements to keep them longer (if you are not the representative of a member of the Association, the representative of a legal person intending to become a member of the Association, the member of the Board of the Association, the participant of the General Meeting of the Association, the partner or the representative).
In the cases when the terms of data keeping are indicated in the legislative regulations, the legislative regulations are applied.
Your personal data might be stored longer if:
a) it is necessary in order for us to defend ourselves against claims, demands or action and exercise our rights;
b) there is a reasonable suspicion of an unlawful act that is being investigated;
c) your personal data is necessary for the proper resolution of a dispute/ complaint;
d) under another statutory basis.
11. YOUR RIGHTS
a) The right to be informed. You have the right to be provided with clear, transparent and easily
understandable information about how we use your personal data.
b) The right to access. You have the right to request from us the copies of your personal data.
Where your requests are excessive, in particular if they are being sent with a repetitive character,
we may refuse to act on the request, or charge a reasonable fee taking into account the
administrative costs for providing the information. The assessment of the excessiveness of the
request will be made by us.
c) The right to rectification. You have the right to request us to correct or update your personal
data at any time, in particular if your personal data is incomplete or incorrect.
d) The right to data portability. The personal data provided by you is portable. You have the right
to request that we transfer the data that we have collected to another organization, or directly
to you, under certain conditions.
e) The right to be forgotten. When there is no good reason for us to process your personal data
anymore, you can ask us to delete your data. We will take reasonable steps to respond to your
request. If your personal data is no longer needed and we are not required by law to retain it,
we will delete, destroy or permanently de-identify it.
f) The right to restrict processing. You have the right to restrict the processing of your personal
data in certain situations (e. g. you want us to investigate whether it is accurate; we no longer
need your personal data, but you want us to continue holding it for you in connection with a
legal claim).
g) The right to object processing. Under certain circumstances you have the right to object to
certain types of processing (e. g. receiving notification emails).
h) Right to withdraw your consent. If you have given us consent, we need to use your personal
data, you can withdraw your consent at any time. It will have been lawful for us to use the
personal data up to the point you withdrew your permission.
i) Lodge an appeal to the Supervisory authority. If you have an objection about how we have
processed your personal data, you can turn to the supervisory authority concerned.
We will exercise your rights only after we receive your written request to exercise a particular right
indicated above and only after confirming the validity of your identity. The written request shall be
submitted to us by personally appearing at the registered office address of the Association, by
ordinary mail or by e-mail: [email protected].
Your requests shall be fulfilled, or fulfilment of your requests shall be refused by specifying the
reasons for such refusal, within 30 (thirty) calendar days from the date of submission of the request
meeting our internal rules and GDPR. The afore-mentioned time frame may be extended for 30
(thirty) calendar days by giving a prior notice to you if the request is related to a great scope of
personal data or other simultaneously examined requests. A response to you will be provided in a
form of your choosing as the requester.
12. THE RIGHT TO FILE A COMPLAINT WITH A SUPERVISORY AUTHORITY
Data subjects have the right to file a complaint directly the State Data Protection Inspectorate of
Lithuania if they believe that the personal data is processed in a way that violates their rights and
legitimate interests stipulated by applicable legislation. Data subjects may apply in accordance with
the procedures for handling complaints that are established by the State Data Protection
Inspectorate and which may be found by this link: https://vdai.lrv.lt/lt/veiklos-sritys-1/skundu-
nagrinejimas
13. CHANGES FOR THIS PRIVACY POLICY
We regularly review this Privacy Policy and reserve the right to modify it at any time in accordance
with applicable laws and regulations. Any changes and clarifications will take effect immediately upon
their approval of the Association’s board and their publication on our website
https://www.fintechhub.lt/.
Please review this Privacy Policy from time to time to stay updated on any changes.
1. PURPOSE AND SCOPE
This privacy policy (hereinafter – “Privacy Policy”) depicts your privacy rights in terms of gathering, use, storing, sharing, and protecting your personal data (hereinafter – “personal Data”), as well as the scope of processed personal data, the purposes, sources, recipients and other important aspects of data processing by registering, accessing, or using by Association “FINTECH HUB LT”, registered address: Mėsinių g. 5, LT-01133 Vilnius, Lithuania, registration code: 304701279 also referred to as “we”, “us”, “Association”).
As we collect and use personal data, the Association is obligated to use and process your personal data only in accordance with this Privacy Policy, as well as, applicable legislation, including the General Data Protection Regulation (2016/679) (hereinafter – GDPR), the Law on Legal protection of personal data of the Republic of Lithuania and other applicable legal acts.
When writing "you", we mean you as – the representative of a member of the Association, the representative of a legal person intending to become a member of the Association, the member of the Board of the Association, the participant of the General Meeting of the Association, the partner or the representative of the partner or a person contacting us through our website.
Please read carefully the following Privacy Policy and if you have any questions regarding processing of your data you can contact us at [email protected]. We keep this Privacy Policy under regular review and publish updates on our website https://www.fintechhub.lt/. Please review this Privacy Policy from time to time to stay up to date with the changes.
2. PRINCIPLES OF PROCESSING PERSONAL DATA
The principles we follow in order to comply with the need to protect your personal data are as follows:
a) principle of legality, fairness and transparency – the personal data with respect to you is processed in a lawful, honest and transparent way;
b) purpose limitation principle – the personal data is collected for specified, clearly defined and legitimate purposes and shall not be further processed in a way that is incompatible with those purposes;
c) data reduction principle – the personal data must be adequate, appropriate and is only necessary for the purposes for which it is processed;
d) accuracy principle – the personal data must be accurate and, if necessary, updated. All reasonable steps must be taken to ensure that personal data which is not accurate in relation to the purposes for which it is processed shall be immediately erased or corrected;
e) the principle of limitation of the length of the storage – the personal data shall be kept in such a way that your identity can be determined for no longer than is necessary for the purposes for which the personal data is processed;
f) integrity and confidentiality principle – the personal data shall be managed by applying appropriate technical or organisational measures in a way, which would ensure the proper security of the personal data, including the protection from an unauthorised processing or processing of an unauthorised data against accidental loss, destruction or damage.
Your personal data is considered as confidential information and may only be disclosed to third parties in accordance with the rules and procedure provided in this Privacy Policy and the applicable legal acts.
3. INFORMATION WE COLLECT, IT’S PURPOSES AND IT’S LEGAL BASIS
Categories of Personal Data being processed
The personal data we collect can be grouped into the following categories:
- Basic Personal Data: First, last, middle names, job title, data of birth or personal code
- Job related information: Such as position, previous and current work experience
- Data related to the performance of the contract: Letters, emails, signed documents and other forms of communication
- Contact details: Address, phone number, email
3.1. Purposes and legal basis for personal data processing of the representatives of the members of the Association
Purpose: To unite the members of the Association, to represent the interests of its members:
Legal basis: Legal obligation
Categories of Personal Data: Basic Personal Data, Contact details
Purpose: For the carrying out of trainings, programs, professional development or other events:
Legal basis: Legitimate interest
Categories of Personal Data: Basic Personal Data, Job related information, Contact details
3.2. Purposes and legal basis for personal data processing of the representatives of a legal person intending to become a member of the Association
Purpose: To consider the request of a person legal person’s representative intending to become a member of the Association.
Legal basis: Your consent
Categories of Personal Data: Basic Personal Data, Contact details.
3.3. Purposes and legal basis for personal data processing of the members of the Board of the Association
Purpose: To properly perform our duties as an association and the statutes of the Association and to properly manage the Association.
Legal basis: Legal obligation, Legitimate interest
Categories of Personal Data: Basic Personal Data, Job related information, Contact details, Image, Personal code, Other provided information
3.4. Purposes and legal basis for personal data processing of the representatives of the partner or of the partner
Purpose: Conclusion and fulfilment of the contract concluded with partner
Legal basis: Contract performance or in order to take steps at the request of the partner to entering into the contract, Legitimate interest
Categories of Personal Data: Basic Personal Data, Financial data, Job related information, Data related to the performance of the contract, Contact details
3.5. Purposes and legal basis for personal data processing who is contacting the Association
Purpose: To provide an answer when you contact us through our website.
Legal basis: Your consent
Categories of Personal Data: Basic Personal Data, Contact details, Other provided information
The definitions used above are understood as follows:
Legitimate Interest: Association legitimate interests are our needs to process personal data in order to perform tasks related to carrying out our activities, as an association.
Legal Obligations: Processing your Personal Data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
Consent: Your consent shall mean any freely given, specific, informed and unambiguous indication of your wishes by which you, by a statement or by a clear affirmative action, signify your agreement to the processing of Personal Data relating to you.
4. HOW IS YOUR PERSONAL DATA OBTAINED?
We collect information you provide directly to us. We may collect personal data from third parties. In particular from third parties such as public or private registers and databases.
The Association also collects information which you provide us by access and use of our website.
5. AUTOMATED DECISION MAKING
The Association is not using the automated decision-making tools.
6. HOW IS YOUR PERSONAL DATA SHARED BY US?
We may transfer your Personal Data in accordance with the principles of confidentiality to the following categories of recipients:
a) pre-trial investigation institutions, state’s authorities;
b) lawyers, bailiffs, auditors etc.;
c) external service providers (that provide such services as, for example, system development and/or improvement);
d) other entities that have a legitimate interest or the personal data may be shared with them under the contract which is concluded between you and us.
7. DIRECT MARKETING
The Association is not carrying out any kind of direct marketing programs.
8. INTERNATIONAL TRANSFER OF PERSONAL DATA
The Association will not transfer your Personal Data outside the European and the European Economic Area.
9. HOW WE PROTECT YOUR PERSONAL DATA?
Please note that, although no system of technology is completely infallible, the Association has endeavoured to take appropriate security measures to prevent risks of unauthorised access to or improper use of your personal information.
The Association and any third-party service providers that may engage in the processing of Personal Data on our behalf (for the purposes indicated above) shall also contractually obligated to respect the confidentiality of the Personal Data.
10. HOW LONG WE KEEP YOUR PERSONAL DATA?
We will keep your personal data for as long as it is needed for the purposes for which your data was collected and processed, but not longer than it is required by the applicable laws and regulations. This means that we store your data for as long as it is necessary for carrying out the activities of the Association and as required by the retention requirements in laws and regulations.
The terms of data retention of the personal data for the purposes of the processing of the personal data as specified in this Privacy Policy are as follows:
a) as long as your consent remains in force, if there are no other legal requirements which shall be fulfilled with regard to the personal data processing;
b) the personal data submitted by you through our website or via email is kept for an extent necessary for the fulfilment of your request and to maintain further cooperation, but no longer than 6 months after the last day of the communication, if there are no legal requirements to keep them longer (if you are not the representative of a member of the Association, the representative of a legal person intending to become a member of the Association, the member of the Board of the Association, the participant of the General Meeting of the Association, the partner or the representative).
In the cases when the terms of data keeping are indicated in the legislative regulations, the legislative regulations are applied.
Your personal data might be stored longer if:
a) it is necessary in order for us to defend ourselves against claims, demands or action and exercise our rights;
b) there is a reasonable suspicion of an unlawful act that is being investigated;
c) your personal data is necessary for the proper resolution of a dispute/ complaint;
d) under another statutory basis.
11. YOUR RIGHTS
a) The right to be informed. You have the right to be provided with clear, transparent and easily
understandable information about how we use your personal data.
b) The right to access. You have the right to request from us the copies of your personal data.
Where your requests are excessive, in particular if they are being sent with a repetitive character,
we may refuse to act on the request, or charge a reasonable fee taking into account the
administrative costs for providing the information. The assessment of the excessiveness of the
request will be made by us.
c) The right to rectification. You have the right to request us to correct or update your personal
data at any time, in particular if your personal data is incomplete or incorrect.
d) The right to data portability. The personal data provided by you is portable. You have the right
to request that we transfer the data that we have collected to another organization, or directly
to you, under certain conditions.
e) The right to be forgotten. When there is no good reason for us to process your personal data
anymore, you can ask us to delete your data. We will take reasonable steps to respond to your
request. If your personal data is no longer needed and we are not required by law to retain it,
we will delete, destroy or permanently de-identify it.
f) The right to restrict processing. You have the right to restrict the processing of your personal
data in certain situations (e. g. you want us to investigate whether it is accurate; we no longer
need your personal data, but you want us to continue holding it for you in connection with a
legal claim).
g) The right to object processing. Under certain circumstances you have the right to object to
certain types of processing (e. g. receiving notification emails).
h) Right to withdraw your consent. If you have given us consent, we need to use your personal
data, you can withdraw your consent at any time. It will have been lawful for us to use the
personal data up to the point you withdrew your permission.
i) Lodge an appeal to the Supervisory authority. If you have an objection about how we have
processed your personal data, you can turn to the supervisory authority concerned.
We will exercise your rights only after we receive your written request to exercise a particular right
indicated above and only after confirming the validity of your identity. The written request shall be
submitted to us by personally appearing at the registered office address of the Association, by
ordinary mail or by e-mail: [email protected].
Your requests shall be fulfilled, or fulfilment of your requests shall be refused by specifying the
reasons for such refusal, within 30 (thirty) calendar days from the date of submission of the request
meeting our internal rules and GDPR. The afore-mentioned time frame may be extended for 30
(thirty) calendar days by giving a prior notice to you if the request is related to a great scope of
personal data or other simultaneously examined requests. A response to you will be provided in a
form of your choosing as the requester.
12. THE RIGHT TO FILE A COMPLAINT WITH A SUPERVISORY AUTHORITY
Data subjects have the right to file a complaint directly the State Data Protection Inspectorate of
Lithuania if they believe that the personal data is processed in a way that violates their rights and
legitimate interests stipulated by applicable legislation. Data subjects may apply in accordance with
the procedures for handling complaints that are established by the State Data Protection
Inspectorate and which may be found by this link: https://vdai.lrv.lt/lt/veiklos-sritys-1/skundu-
nagrinejimas
13. CHANGES FOR THIS PRIVACY POLICY
We regularly review this Privacy Policy and reserve the right to modify it at any time in accordance
with applicable laws and regulations. Any changes and clarifications will take effect immediately upon
their approval of the Association’s board and their publication on our website
https://www.fintechhub.lt/.
Please review this Privacy Policy from time to time to stay updated on any changes.