Sorry, Internet Explorer is not supported

Privacy Policy

Valid from August 19, 2021

Contomobile (We) are committed to protecting and respecting your privacy and Personal Data.

1. Scope of policy

This policy applies to:

• Your use of the Customer Self-Service Portal;

• Your use of the Contomobile App (the App) once you have downloaded a copy of the App onto your mobile telephone or handheld device;

• Your use of the Developer Portal;

• Your use of our Payment Services; and

• Personal Data that we collect in order to provide our Payment Services to you (including Personal Data that is collected during any application / registration process that may be required to access our Services).

This policy sets out the basis on which any Personal Data we collect, or that you provide to us, will be processed by us. Personal Data will be processed in accordance with European and Lithuanian data protection legislation.
Please read the policy carefully to understand our practices regarding your Personal Data and how We will treat it. By accepting this policy, you expressly consent to the collection, processing, use and disclosure of your personal information in the manner described in this policy.

Please note that certain terms used in this document have defined meanings. These terms are capitalised and the definitions can be found here.

2. Who we are

Contomobile UAB is a company incorporated in the Republic of Lithuania (company code: 304285884) and a licenced Electronic Money Institution authorised by the Bank of Lithuania. For the purpose of European and Lithuanian data protection legislation, the data controller is Contomobile UAB of Tuskulenu st. 33C-55, LT-09219, Vilnius, Lithuania.

If you have any questions or concerns about this policy, about how We process your Personal Data or if you wish to exercise any of your rights in relation to your Personal Data, please contact us via any of the methods below:

Post: Data Protection Officer
Contomobile
Tuskulenu St. 33C-55
LT-09219
Vilnius
Lithuania
Email: dataprotection@contomobile.com

3. What information we collect and how we use it

We will collect and process the following categories of data:

I. Information you give us (Submitted Information):

This is information you give us about you or about a Legal Representative by filling in forms on the App and our Customer Self-Service Portal, submitting documents, corresponding with us or through discussions with our customer services team. It includes information you provide during the User Profile registration process, when you subscribe to or use any of our Services, log into your User Profile, enter into a transaction via our App or Customer Self-Service Portal (for example when you make a payment or transfer funds from your Contomobile Account, or purchase / redeem electronic money), enter a competition, promotion or survey or when you report a problem with the App, the Customer Self-Service Portal or our Services. If you contact us in writing, We will keep a record of that correspondence, or if you contact us by telephone we may record the conversation and retain a copy of the recording.

The information you give us may include your name, address, e-mail address and phone number, your mobile phone number, age, date of birth, gender, personal code, username, password, and other registration information, details relating to your bank accounts (including account number, sort code and IBAN), credit and debit card information (including card number, expiry date and CVC/CVV), details relating to your Qualified Electronic Signature, information from identification documents (for example passport, driving licence, national identity card or residence permit in the Republic of Lithuania numbers), copies of documents you provide to evidence your identity or the identity of any Legal Representative (such as passport, driving licence, national identity card, residence permit in the Republic of Lithuania and utility bills) and any video / photographs or personal descriptions that are recorded to verify your identity and eligibility to use our Services.

Submitted Information will be used for the following purposes:

• To process transactions that you enter into, provide our Services, including payment initiation and account information services, to you and manage your Contomobile Account;

• To confirm your identity, to detect and help to prevent fraud and comply with our legal responsibilities in relation to financial crime and to assess your eligibility to use our Services;

• To enable us to comply with our legal and regulatory obligations, including in relation to money laundering and terrorist financing;

• To communicate with you in relation to the management of your User Profile and Contomobile Account and to provide customer support;

• To investigate complaints and potential breaches of the Contomobile Terms, to enforce our rights under the Contomobile Terms or to resolve any disputes that may arise;

• To provide information to you in relation to our products and services that you request from us;

• To maintain, protect and improve the App, Customer Self-Service Portal and our Services; and

• To notify you about changes to the App, Customer Self-Service Portal or any of our Services.

It is lawful for us to collect and process this information because it is necessary to enable us to enter into a contract with you and provide our Services to you under that contract, and because it is necessary to enable us to comply with our legal and regulatory obligations. If We do not collect and process this data, We will be unable to offer our Services to you.

Please note that if you choose to verify your identity by submitting an Identity Document such as a passport or national ID card, Personal Data from your Identity Document and biometric data, (i.e. a facial image taken from the App, and a facial image from the Identity Document you submitted) will be processed by a third party organisation that provides identity verification services (a current list of our partners is available at https://www.contomobile.com/partners/). We will only process Personal Data for this purpose with your consent, which we will separately request before collecting Personal Data for this purpose. If you do not provide your consent, We may require that you verify your identity using an alternative method, to be determined at our sole discretion, in order to receive our Services.

In addition to the purposes listed above, We may also use Submitted Information to provide information to you in relation to our Services which we feel may be of interest to you. However, We will only use Submitted Information for this purpose with your consent and we will request your consent before we use your information for this purpose. You can withdraw consent at any time by logging into the App or Customer Self-Service Portal. If you do not provide your consent, or you withdraw your consent at any time, you will continue to be able to use our Services but we will not use your Submitted Information to contact you in relation to our Services.

In order to provide our Services to you and comply with our legal obligations it is necessary for us to retain certain Submitted Information (for example, evidence of your identity) for the entire period that you remain a customer of Contomobile, and for such additional time as might be required by law. However, not all Submitted information will be retained this long. We regularly review the types of Personal Data that we hold and delete data that it is no longer necessary for us to retain.

II. Information we collect about you and your device:

When you visit our Customer Self-Service Portal, Developer Portal, use our App or use one of our Services we may automatically collect the following information:

i. Device Information. This is information regarding your computer or handheld device including the internet protocol (IP) address, computer operating system, browser, browser version and any plug-ins, computer time zone settings, the type of mobile device, unique device identifier, mobile operating system and version.

Device Information will be used for the following purposes:

• To confirm your identity, to detect and help to prevent fraud and comply with our legal responsibilities in relation to financial crime;

• To identify the device(s) that you use to complete our identity verification procedures, to access your User Profile and perform transactions or to communicate with us;

• To maintain, protect and improve the App, Customer Self-Service Portal, Developer Portal and our Services; and

• To ensure that content is presented in a manner suitable for you, your computer and/or handheld device.

It is lawful for us to collect and process this information because it is necessary to enable us to provide our Services to you, to protect the legitimate interests of Contomobile and our customers and because it is necessary to enable us to comply with our legal and regulatory obligations. If We do not collect and process this data We will be unable to offer our Services to you.

In order to comply with our legal obligations it is necessary for us to retain certain Device Information (for example information regarding the device used to complete our identity verification procedures) for the entire period that you remain a customer of Contomobile, and for such additional time as might be required by law. However, not all Device information will be retained this long (for example, information relating to your computer operating system will be retained for shorter period in respect of certain services, such as payment initiation services). We regularly review the types of Personal Data that we hold and delete data that it is no longer necessary for us to retain.

ii. Transaction Information. This is information about financial Transactions you enter into through your Contomobile Account (for example when you make a payment or transfer funds from your Contomobile Account, or purchase / redeem Electronic Money). This information may include the type of transaction, the date and time, amount, currency, exchange rates, charges applied, details relating to the payer or payee, merchant details, details about the payment instrument used and any payment references.

Transaction Information will be used for the following purposes:

• To process transactions that you enter into, provide our Services to you and manage your Contomobile Account;

• To confirm your identity, to detect and help to prevent fraud and comply with our legal responsibilities in relation to financial crime;

• To investigate complaints and potential breaches of the Contomobile Terms, to enforce and apply the Contomobile Terms or to resolve any disputes that may arise; and

• To enable us to comply with our legal and regulatory obligations, including in relation to money laundering and terrorist financing.

It is lawful for us to collect and process this information because it is necessary to enable us to provide our Services to you and to enable us to comply with our legal and regulatory obligations. If We do not collect and process this data, We will be unable to offer our Services to you.

In order to provide our Services to you and comply with our legal obligations it is necessary for us to retain Transaction Information for a period of at least 8 years, and for such additional time as might be required by law.

iii. Interaction Information. This is information about your activity on our App, Customer Self-Service Portal or Developer Portal. We use cookies and similar technologies to collect Interaction Information.

We use the following types of cookies:

• Functional Cookies – to enable certain essential functions of the Customer Self-Service Portal;

• Performance Cookies – to analyse and report usage statistics of the Customer Self-Service Portal to allow us to improve our Customer Self-Service Portal, Developer Portal, App and Services; and

• Advertising Cookies – to collect data about your online activity and identify your interests so that we can provide advertising that is most relevant to you.

Interaction Information collected via Performance Cookies will be used for the following purposes:

• To understand how users interact with our Customer Self-Service Portal, Developer Portal and App; and

• To improve the App, Customer Self-Service Portal, Developer Portal and our Services.

We use Google Analytics to collect this information. The information we get through the use of these cookies is anonymised and we make no attempt to identify you or influence your experience of the site while you are visiting it. We may share collected anonymised data with our marketing partners. We will only collect and process Interaction Information via Performance Cookies with your consent – we will request your consent before we collect this type of information. You can withdraw consent at any time by clearing the cookies in your browser or by logging into the App or Customer Self-Service Portal. If you do not provide your consent, or you withdraw your consent at any time, you will continue to be able to use our Services, but we will not collect Interaction Information from you via Performance Cookies.

Interaction information collected via Performance Cookies will be retained for at least the duration of your log-in session. It may be necessary for us to retain some data for a longer period; however, we regularly review the types of Personal Data that we hold and will delete data that it is no longer necessary for us to retain and in any event will not retain Interaction Information collected via Performance Cookies for longer than 18 months.

Interaction Information collected via Advertising Cookies will be used for the following purposes:

• To understand how users search information about our services; and

• To provide as accurate as possible information about our services for the users who search for such information.

We use Google AdWords to collect this information. The information we get through the use of these cookies is anonymised and we make no attempt to identify you or influence your experience of the site while you are visiting it. We may share collected anonymised data with our marketing partners. We will only collect and process Interaction Information via Advertising Cookies with your consent – we will request your consent before we collect this type of information. You can withdraw consent at any time by clearing the cookies in your browser or by logging into the App or Customer Self-Service Portal. If you do not provide your consent, or you withdraw your consent at any time, you will continue to be able to use our Services but we will not collect Interaction Information from you via Advertising Cookies.

Interaction information collected via Advertising Cookies will be retained for at least the duration of your log-in session. It may be necessary for us to retain some data for a longer period; however, we regularly review the types of Personal Data that we hold and will delete data that it is no longer necessary for us to retain and in any event will not retain Interaction Information collected via Advertising Cookies for longer than 18 months.

For further information on the cookies We use, the purposes for which We use them, and to set your privacy preferences, please see our cookie policy.

iv. Content Information. This is information collected from content stored on your computer or handheld device, including live video or photographic images. We use Content Information for the purpose of remote verification of identity, for example when you register to receive our services.

Content Information will be used for the following purposes:

• To confirm your identity, to detect and help to prevent fraud and comply with our legal responsibilities in relation to financial crime; and

It is lawful for us to collect and process this information because it is necessary to enable us to enter into a contract with you and provide our Services to you under that contract and to enable us to comply with our legal and regulatory obligations. If We do not collect and process this data, We may be unable to offer, or continue to provide, our Services to you.

Because of the nature of this information, we will ask you to confirm your consent to the collection and processing of Content Information in the form of video or photographic images via the App or Customer Self-Service Portal before we first collect it. You can withdraw consent for us to collect Content Information at any time via the App or Customer Self-Service Portal. If you do not consent to the collection and processing of this data, or withdraw your consent, We may require that you verify your identity using an alternative method, to be determined at our sole discretion, in order to receive our Services.

Your device may also ask you to confirm that you consent to allow us to access this data and you will have the ability to revoke any such consent via your device’s settings. If you do not provide consent via your device, and/or you disable our ability to collect this information from your device, We may be unable to offer, or continue to provide, our Services to you.

In order to provide our Services to you, and comply with our legal and regulatory obligations it is necessary for us to retain certain Content Information evidencing your identity for the entire period that you remain a customer of Contomobile, and for such additional time as might be required by law. However, not all Content Information will be retained this long. We regularly review the types of Personal Data that we hold and delete data that it is no longer necessary for us to retain.

Your computer or handheld device may offer security features like facial recognition, fingerprint scanning or retinal scanning. For the avoidance of doubt, we do not access the underlying biometric security data that these features rely on. Although our App or Customer Self-Service Portal may integrate with these features to confirm your identity, the process is carried out by your device and we do not collect or store information of this type.

v. Location Information: We use IP address monitoring, GPS data and Wi-Fi connection data collected from your computer or handheld device to determine your location. This information is used to detect and help to prevent fraud and financial crime – for example we may block a transaction if an attempt is made to use your card overseas but our monitoring indicates that you are in Lithuania.

Location Information will be used for the following purposes:

• To confirm your identity, to detect and help to prevent fraud and comply with our legal responsibilities in relation to financial crime; and

• To investigate complaints and/or potential breaches of the Contomobile Terms, to enforce and apply the Contomobile Terms or to resolve any disputes that may arise.

It is lawful for us to collect and process this information in order to protect the legitimate interests of Contomobile and our customers and to enable us to comply with our legal and regulatory obligations. If We do not collect and process this data We will be unable to apply some security measures to your Contomobile Account.

Your computer or handheld device may ask you to confirm that you consent to allow us to access certain types of Location Information and you will have the ability to revoke any such consent via your computer or device settings. If you do not provide consent and/or you disable our ability to collect this information at any time We may restrict your access to some or all of our Services if, at our sole discretion, we consider that this presents an unacceptable security risk or prevents us from complying with our legal and regulatory obligations.

In order to protect the legitimate interests of Contomobile and our customers, and to enable us to comply with our legal and regulatory obligations we may be required to retain Location Information for the entire period that you remain a customer of Contomobile, and for such additional time as might be required by law. However, not all Location Information will be retained this long. We regularly review the types of Personal Data that we hold and delete data that it is no longer necessary for us to retain.

vi. End User Information: This is information we collect about you if you are an End User of one of our Business Customers. If you make a payment to, or receive a payment from one of our Business Customers, we will collect personal information about you in order to process the payment, the scope of the data will depend on the service provided but may include your name and details relating to the bank account used to make or receive the payment (such as account number, financial institution name, and financial institution code).

Depending on the nature of the activities of the Business Customer, we may also be required to collect additional personal information about you to meet our legal and regulatory obligations. This might include information to verify your identity, such as identification documents (for example passport, driving licence, national identity card or residence permit in the Republic of Lithuania number), copies of documents that evidence your identity (such as passport, driving licence, national identity card, residence permit in the Republic of Lithuania or utility bills) or information relating to the source of funds used for a transaction.

End User Information will be used for the following purposes:

• To process transactions that you enter into;

• To provide our Services to our Customers;

• To confirm your identity, to detect and help to prevent fraud and comply with our legal responsibilities in relation to financial crime;

• To investigate complaints and potential breaches of the Contomobile Terms, to enforce and apply the Contomobile Terms or to resolve any disputes that may arise; and

• To enable us to comply with our legal and regulatory obligations, including in relation to money laundering and terrorist financing.

It is lawful for us to collect and process this information because it is necessary to enable us to enter into contracts with our Business Customers or to provide our Services to our Business Customers under such contracts, and because it is necessary to enable us to comply with our legal and regulatory obligations.

In order to comply with our legal obligations, we will retain End User Information that relates to a transaction for a period of at least 8 years, and for such additional time as might be required by law. End User information that does not relate to a transaction will only be retained as long as it is required to comply with our legal obligations. We regularly review the types of Personal Data that we hold and delete data that it is no longer necessary for us to retain.

vii. PIS Payer information. This is information that we will collect if you use our payment initiation service to authorise a payment transaction. For example, if you make an online purchase and you use our payment initiation service to authorise a payment to the retailer directly from an account you hold with another financial institution.

In order to provide this service, we will collect and store your email address and data related to the payment (which shall include the payment amount, payment date, payment currency, payment transaction ID, the financial institution you hold the payment account with, and whether the transaction was processed successfully. We will retain PIS Payer Information data for a period of three years, and for such additional time as might be required by law.

In addition, we may also collect your username / ID for the payment account, account name, account currency, and your consent to create and authorise the payment. This additional data is only used during the payment initiation process to generate and authorise the payment order, and is not retained by us after this process has been completed.

We will always provide you with access to detailed information setting out the terms and conditions on which we provide our payment initiation service (the PIS Rules, which are available on our website here, and obtain your consent to initiate each payment, before we provide this service.

PIS Payer Information will be used for the following purposes:

• To allow us to provide our payment initiation service;

• To investigate complaints and resolve any disputes that may arise;

• To enable us to comply with our legal and regulatory obligations, including in relation to money laundering and terrorist financing.

It is lawful for us to collect and process this information on the basis of your consent, and because it is necessary to enable us to provide our Services in accordance with the PIS Rules, and to enable us to comply with our legal and regulatory obligations.

III. Information we receive from other sources (Third Party Information):

Most of the information we hold about you will be submitted by you, or will be collected in the course of your use of the App, Customer Self-Service Portal, or our other services, and your dealings with us in the course of managing your Contomobile Account. However, we may also receive personal information from other sources, as set out below:

i. Business partners and suppliers. We work with a number of third parties to enable us to provide our Services to you including banking partners, technical service providers, payment service providers and issuers of payment cards or other payment instruments;

ii. Financial institutions. We may receive Personal Data from other financial institutions in the course of providing our Services to you and managing your Contomobile Account. For example, if we receive a payment from an account that you hold with another financial institution, they may transfer your personal information to us in order to process the transaction;

iii. Fraud prevention agencies and identity verification services. We may rely on the services of fraud prevention agencies or organisations that provide identity verification services to help us make decisions, to confirm your identity, to protect against fraud and comply with our legal obligations in relation to financial crime, and to assess your eligibility to use our Services. By agreeing to this privacy policy, you agree that we may carry out searches with these service providers and understand that this may leave a footprint on your credit history; or

iv. Referral partners. We sometimes work with referral partners to introduce us to potential customers that wish to register to receive our Services. If you are introduced to us by a referral partner, the information provided to us may include your name, contact details (including address, e-mail address and phone number) and evidence of your identity (which may include data taken from an identity document such as a passport, driving licence, national identity card or residence permit in the Republic of Lithuania, or copies thereof). Referral partners are required to ensure that: you have consented to be contacted by us in respect of our Services before they introduce you to us; and that they have either obtained your express consent to the transfer of Personal Data, or that they are otherwise legally entitled to transfer it in accordance with applicable data protection legislation.

Details of the partners and suppliers that we may use to collect personal information under points (i) and (iii) above can be found here. You may have the right to request a copy of the information that these organisations may hold about you from them directly.

Third Party Information will be used for the following purposes:

• To contact you in relation to our Services;

• To process transactions that you enter into, provide our Services to you and manage your Contomobile Account;

• To confirm your identity, to detect and help to prevent fraud and comply with our legal responsibilities in relation to financial crime, and to assess your eligibility to use our Services;

• To investigate complaints and/or potential breaches of the Contomobile Terms, to enforce and apply the Contomobile Terms or to resolve any disputes that may arise; and

• To enable us to comply with our legal and regulatory obligations, including in relation to money laundering and terrorist financing.

It is lawful for us to collect and process Third Party Information because it is necessary to enable us to enter into a contract with you and provide our Services to you under that contract, to protect the Legitimate Interests of Contomobile and our customers and because it is necessary to enable us to comply with our legal and regulatory obligations. If We do not collect and process this data, We will be unable to offer our Services to you.

In order to provide our Services to you and comply with our legal obligations it is necessary for us to retain certain Third Party Information (for example, data provided by a third party verifying your identity) for the entire period that you remain a customer of Contomobile, and for such additional time as might be required by law. However, not all Third Party Information will be retained this long. We regularly review the types of Personal Data that we hold and delete data that it is no longer necessary for us to retain.

We may associate any category of information with any other category of information and will treat the combined information as Personal Data in accordance with this policy for as long as it is combined.

4. Disclosure of your information

We may disclose the data we collect from you to the following third parties:

i. Third party service providers such as banking partners, technical service providers, issuers of payment cards and other payment instruments and payment service providers for the purpose of enabling us to provide our Services to you and for the performance of any contract we enter into with these service providers.

ii. Third party providers of Open Banking services (such as account information services or payment initiation services). We may be required to share your personal data, including your Contomobile Account data, with other financial institutions that provide Open Banking services. Open Banking service providers are legally required to obtain your explicit consent to access this data, and we are legally required to allow access when the Open Banking service provider communicates that consent to us (even though you may not have provided such consent to us directly);

iii. Fraud protection agencies and organisations that provide identity verification services to help us make decisions, to confirm your identity, to detect and help to prevent fraud and comply with our legal obligations in relation to financial crime, and to assess your eligibility to use our Services;

iv. Financial institutions in the course of processing the transactions that you enter into and managing your Contomobile Account. For example, if you instruct us to make a payment on your behalf, We will transfer personal information to third parties in order to process the payment. In the event that you instruct us to make a payment to an institution outside the European Union (EU) this might mean that information will be transferred to a country that does not offer the same level of protection and by issuing such an instruction you confirm that you consent to this transfer of data; or

iv. Third party service providers that we rely on in the normal course of our business for purposes such as payment processing, data storage, telecommunications and website hosting.

You agree that We have the right to disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries and any other legal entity authorised to act on behalf of Contomobile UAB. If we do disclose your personal information within our group we will require that they protect your information to at least the same level as is required under this policy.

Subject to ensuring that appropriate safeguards are in place to protect your rights, we may also disclose your personal information to third parties in the following circumstances:

• In the event that We sell or buy any business or assets, in which case We will disclose your Personal Data to the prospective seller or buyer of such business or assets;

• If Contomobile UAB or substantially all of its assets are acquired by a third party, in which case Personal Data held by it about its customers will be one of the transferred assets;

• If We are under a duty to disclose or share your Personal Data in order to comply with any legal or regulatory obligation or request; or

• In order to

- Enforce or apply the Main Service Agreement and Contomobile Terms or Conto QuickPay Terms, and other agreements or to investigate potential breaches; or

- Protect the rights, property or safety of Contomobile UAB, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

5. How we store your personal data

The data that We collect from you will be stored in the EEA, but may be transferred to, and stored at, a destination outside the EEA. It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. These staff may be engaged in the provision of our Services to you, the processing of your payment details and the provision of support services. We will only transfer data and/or process data outside the EEA in compliance with applicable European and Lithuanian data protection legislation. By submitting your Personal Data, you agree to this transfer, storing or processing. If we transfer your information outside of the EEA in this way, we will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy. All information you provide to us is stored on secure servers. Any transactions carried out by us or our chosen third-party provider of payment processing services will be encrypted using Secured Sockets Layer technology.

Where We have given you (or where you have chosen) a Password that enables you to access the Contomobile App or our Customer Self-Service Portal, you are responsible for keeping this password confidential and for fully observing the security obligations set out in the Terms of Use. If you have any reason to suspect that your Password has been compromised, or have any other reason to suspect that your data may have been subject to any unauthorised access you should change your password immediately via our App or Customer Self-Service Portal and notify us as a matter of urgency.

Unfortunately, the transmission of information via the internet is not completely secure. Although We will do our best to protect your Personal Data, We cannot guarantee the security of your data transmitted to our Customer Self-Service Portal; any transmission is at your own risk. Once We have received your information, We will use strict procedures and security features to try to prevent unauthorised access.

In the unlikely event that we become aware of a security breach in relation to your Personal Data that is likely to present a high risk to your rights or freedoms we will notify you without delay after we become aware of the issue and we have established what information has been accessed.

By consenting to this policy you agree to the collection, storage, transfer and processing of your data in this manner.

6. External websites

Our App or Customer Self-Service Portal may, from time to time, contain links to external websites – this might include the websites of our business partners or websites where our Services are advertised. If you follow a link to any of these websites, please note that these websites and any services that may be accessible through them have their own privacy policies and that We do not accept any responsibility or liability for these policies or for any Personal Data that may be collected through these websites or services. Please check these policies before you submit any Personal Data to these websites or use any services.

7. Your rights

Individuals have a number of important rights under the General Data Protection Regulation which you should be aware of. We have summarised the key rights that are available to individuals below and explained how you can exercise them.

I. Accessing and updating information

The accuracy of the information we hold about you is important to us and, if any of the information that we hold is inaccurate or incomplete, you have the right for the information to be corrected. You are able to access some of the information that we hold about you by logging into our App or Customer Self-Service Portal and can edit some of the information directly yourself.

Alternatively, you have the right to request that we provide a copy of the information that we hold about you, or for us to correct any inaccuracies in your information that you are not able to amend yourself. We will also communicate any inaccuracies and corrections to your data to any third parties that we have disclosed the data to unless it would be impossible or disproportionate to do so.

You also have a right of data portability, which allows you to obtain and reuse your Personal Data across different services. If you request a copy of Personal Data from us that we process by automated means (for example your historical transaction records), you may be entitled to receive it in a structured format that is commonly used and machine readable – such as a CSV file. You may also request that we transmit the data directly to another organisation where this is technically feasible.

Requests may be submitted by logging into the App or Customer Self-Service Portal or by using the contact details at Section 2 of this policy above. We do not normally charge for providing a copy of the information that we hold, although we may charge a reasonable fee in respect of our costs if a request is manifestly unfounded or excessive (for example because it is repetitive of a previous request). We aim to process all requests for information or corrections within one month of receipt of written notice of the request – if this will not be possible for any reason (for example because the request is particularly complex) we will contact you to explain why and tell you when we expect to be able to process the request.

II. Right to object, to restrict processing and to be forgotten

In certain circumstances you can object to us processing your Personal Data for certain purposes, restrict us from further processing your Personal Data, or request that we erase your Personal Data.

i. Right to object. You have the right to object to:

• Processing of your Personal Data based on legitimate interests or the performance of a task in the public interest / exercise of official authority (including profiling) unless We have compelling legitimate grounds to continue processing the data or the processing is for the establishment, exercise or defence of legal claims;

• Direct marketing (including profiling); or

• Processing of your personal date for the purpose of scientific / historical research and statistics unless the processing is necessary for the performance of a public interest task.

ii. Right to restrict processing. You have the right to ask us not to process your Personal Data if:

• The accuracy of the data is contested;

• You have objected to processing of your data and We are considering whether compelling grounds exist to continue processing the data;

• It has been unlawfully processed and you wish to request we restrict processing instead of asking us to delete the data; or

• We no longer require the data for the original purpose but you require the data to establish, exercise of defend a legal claim.

iii. Right to be forgotten. You have the right to request the erasure of Personal Data if:

• It is no longer needed for the original purpose for which it was collected and no new lawful grounds for processing your data exist;

• You withdraw your consent and no alternative lawful grounds for processing your data exist;

• You object to processing and there is no overriding legitimate interest for continuing processing your data;

• The data has been unlawfully processed; or

• It is necessary to comply with European or national laws.

Requests may be submitted by logging into the App or Customer Self-Service Portal or by using the contact details at Section 2 of this policy above. We will promptly consider all requests, review the grounds for processing your data and communicate a decision to you without undue delay. However, please be aware that certain circumstances may prevent us from approving these requests – for example we would not be able to erase Personal Data if we are obliged retain your data in order to comply with our legal and regulatory obligations.

III. Marketing

You have the right to ask us not to process your Personal Data for marketing purposes. We will inform you and seek your consent (before collecting your data) if We intend to use your data for such purposes. You can exercise your right to prevent such processing by checking the appropriate boxes on the forms We use to collect your data. You may also exercise the right at any time by logging into the relevant section of our App or Customer Self-Service Portal.

IV. Consent

If you have opted to allow us to collect and process your data in a particular manner or to receive communications from us, you may withdraw that consent at any time. This will not affect the lawfulness of any data processing we have undertaken based on your consent before it was withdrawn, but may affect how we process your data in future. This may prevent us from providing some or all of our Services to you. You can withdraw your consent by logging into the relevant section of our App or Customer Self-Service Portal.

V. Automated decision making

You have the right not to be subject to decisions based solely on automated processing that produces a legal effect or a similarly significant effect on you, unless it is necessary for the entry into or performance of a contract between us, is authorised by law (for example to prevent fraud) or is based on your consent.

8. Complaints

If you have a complaint about the manner in which we have handled your data please submit it in writing, providing as much detail as possible, using the contact details at Section 2 of this policy above. We will work with you to resolve any issues without delay.

If you believe that your rights under the General Data Protection Regulation have been infringed you have the right to lodge a complaint with our supervisory authority. In Lithuania, the relevant authority is the State Data Protection Inspectorate – information and contact details can be found on its website.

9. Changes to this policy

Any changes We may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by one or more of the methods permitted under the Contomobile Terms. The new terms may be displayed on-screen and you may be required to read and accept them to continue your use of the App, Customer Self-Service Portal or any / all of our Services.