1. About Walletto
Walletto DPO contact information
You can reach out to Walletto Data Protection Officer by sending an e-mail to DPO@walletto.eu or sending a letter by post to Žalgirio str. 92-805, Vilnius, Lithuania, LT-09303, marked for 'Data Protection Officer'.
Short Summary of this Policy
|What Data we collect?||
|Why we collect this data?||The Data is collected in order for Walletto to provide services to you.|
|On what legal basis do we collect this Data?||
Data is collected based on:
|What if I refuse to provide the Data?||Your refusal to provide Data will render Walletto unable to provide you with services and will result in either the termination of contract or refusal to establish business relationship.|
|How long will we keep the collected Data?||
|How can I file a 'Data Subjects Request' to Walletto?||By filing out and signing the **Forms** **Forms** and sending it to DPO@walletto.eu or mailing it to Žalgirio str. 92-805, LT-09303, Vilnius, Lithuania addressed to 'Data Protection Officer'.|
2. Legal basis for data processing
Walletto processes Client data on the legal basis of:
- In accordance with Article 6 (1)(b) of General Data Protection Regulation. Necessity for performance of a contract with Client and to comply with our regulatory requirements when performing pre-contractual steps after Clients request. The data is processed to open an Account for the Client and to enable Walletto to execute Client’s payments.
- In accordance with Article 6 (1)(c) of General Data Protection Regulation – Necessity for compliance with a legal obligation to which the controller (Walletto) is subject. This legal basis is used by Walletto when conducting KYC and other due-diligence procedures when opening an account for Client as also after business relationship has been established with the Client to execute the payments, conduct transaction monitoring, comply with reporting requirements and ongoing due-diligence requirements (Sanction screening and risk assessment).
'Data Controller' means anyone who alone or jointly with others determines the purposes and means of the Processing of Personal Data. For the Processing of Personal Data described in these Principles, Walletto is the Data Controller.
'Data Processor' means anyone who Processes Personal Data on behalf of the Data Controller.
'Data Protection Legislation' means the applicable EU and national data protection legislation that Walletto is subject to, for example, Regulation (EU) 2016/679 (General Data Protection Regulation or the GDPR).
'EU/EEA' means the European Union/European Economic Area.
'Personal Data' means any information directly or indirectly related to the Client.
'Processing' means any operation or set of operations performed with regard to Personal Data, whether or not performed by automated means, such as collection, recording, organization, storage, adaptation, alteration, retrieval, use, combination, erasure or destruction.
'Regulatory Legislation and Obligations' means the applicable legal acts that Walletto is subject to, for example, relating to anti-money laundering, banking secrecy, commercial activity, data protection, taxes, bookkeeping, e-money, payment, e-money issuing and payment services.
'Services' means Walletto provided services to Client, for example account opening application review and correspondence, e-money issuing services, payment services and payment card issuing services.
'Account' means a Walletto account which is assigned to Client in order to receive Services.
5. Personal data we collect
In order to provide you with Services, Walletto collects various types of your Personal Data. Personal Data is collected and processed during 3 principal steps:
- identity verification
- use of Walletto Services
Processing of registration data
Registration process begins with establishing of correspondence e-mail that will be used for further communication. Submission of herein mentioned Personal data is mandatory for your registration. Finalizing your registration you will have to confirm your email address provided after the respective message is sent to it.
After confirmation of correspondence e-mail you can continue with filing Client Questionnaire for opening the Account and receiving Services. For this purpose we need to request more information in order to meet our legal and regulatory obligations. Therefore proceeding with the Account opening you should provide us your additional Personal Data, which include data such as:
- Date of birth,
- Residential Address,
- Correspondence address for delivery of Card (if different from residential address),
- ID document number (national identification card/ Passport Number/ Itinerary document),
- ID document number expiry Date,
- Passport Nationality,
- Source of Funds,
- Copy of identification document (ID / Passport / Itinerary document),
- Photograph and any other information you provide us in order to prove your eligibility to use our services.
Walletto does not require information above that which is necessary for fulfilling our legal and regulatory obligations and will at all times ensure minimalism approach to data processing.
Submission of herein mentioned Personal data is mandatory for Account to be opened and assigned. Failure to provide necessary Personal data will lead to dismissal of application for account opening.
In order to open the Account we need to know for what purpose our Services are necessary, therefore during the process of opening your Walletto Account you must determine and indicate such activities and provide details of them. Such information is collected and processed in order to comply with legal and regulatory obligations.
Sometimes we need to request more information to identify you or to meet legal and regulatory obligations. On such occasions you will be prompted to provide additional information.
If you contact us, we will keep a record of that correspondence.
Personal data collected by Walletto in the Registration step is used for the following purposes:
- Account opening;
- Client identification;
- Client risk assessment mandatory under Regulatory legislation and obligations;
In order for us to provide you with our services and execute your payments, we must use the data provided by you during the registration and verification process for the ongoing risk assessment.
The main use of data is for the information checks against Sanction lists and various databases or public resources that allows us to check possible Adverse Media on you:
- Walletto is obliged by law and regulations to conduct such risk assessment during your verification process and on continuous basis thereafter. This means that we can process your data before or during the processing of your payments as also on a scheduled interval basis;
- This assessment can be done either by us directly or by our Service Providers;
- Walletto can request from you additional data if during risk assessment new information is identified that under the applicable laws and regulations obliges Walletto to perform enhanced due diligence.
Your contact information is processed by Walletto only to:
- Provide client support, letting you know about upcoming changes or improvements of Website;
- Provide you with information regarding changes of any terms or conditions applicable to you or Services you use as well as other important information;
- Ask to update existing information or to provide new information which is required to comply with our Regulatory Legislation and Obligations.
You may at any time edit, update or ask to delete your contact details, or other Personal Data that you have provided prior by contacting our Data Protection Officer via e-mail firstname.lastname@example.org or by filling request form on our Website.
Please note that you will be able to request deletion of your contact details and other registration data only if there is no legal obligation for Walletto to preserve such data by the applicable laws.
Processing of Client verification data
In order to receive Walletto Services you must verify your identity. We verify you by the Personal data you provide during registration. However such Personal data must be confirmed, therefore in addition, for verification purposes we also rely on verification services, managed and provided to us by our service providers.
While exercising this verification step, you will be requested to upload your ID document. You will undergo facial verification. For the mentioned purposes we receive and rely on a certain confirmation from our service providers that your identity is verified. Please note, that under the applicable laws Walletto is obligated to collect and store all data received during Client identification and verification process therefore scanned copies of ID documents, data related to facial recognition and other information will be stored by Walletto in accordance with AML laws and Regulatory legislation.
Walletto will request to provide further information that will allow Walletto to reasonably identify you and verify your identity. Walletto reserves the right to contact you and request to provide more information or approve that provided information is up-to-date and valid.
Walletto processes data gathered during Client’s verification in order to comply with regulatory and legal obligations as well as to ensure that Clients are not attempting to create additional Accounts or to commit fraudulent actions. Refusal to undergo ID and facial verification will terminate your Account opening process.
All Personal data you provide for verification process shall be provided directly by you to our service provider performing your verification and therefore processing of such data shall be covered by the policies of such service provider. You should carefully review privacy policies of such Service provider before starting the verification process.
While you are using our Services and Account we are collecting the following information:
- History of transactions (date, information of payer and payee, amount of transaction) is processed in order to: (i) to provide further updates and improvements, (ii) ensure compliance with a legal obligations;
- Messaging history, including, but not limited to, claims and complaints made by you is processed due to the performance of obligations regarding provision of Services. Please note that we identify you by email, which you have submitted during registration process. When you submit your request always provide your email. In other case we will not be able to identify you properly and submit the information requested by you or to fulfill your request;
- Your behavior while using Account (your clicks, visited sections) in order to ensure the improvements of functionality of Website;
- Your payment card information: date of issue and expiry date in order to provide you Services;
- Message content: if you include a message with your payments, the content of that massage is stored by Walletto;
Walletto processes Personal Data collected while using Services and Account on the following legal basis:
- Conclusion and performance of contractual arrangements and obligations between Walletto and the Client; and
- Pursuance of legitimate interests of Walletto, as controller and manager of Webpage platform;
- for compliance with a legal obligation to which Walletto is subject.
In providing personal data of any individual other than yourself to us during the use of our Services, you agree that you have obtained a consent from such individual to disclose their personal data for collection and use. By providing such Personal data to us you bear all the responsibility towards such individual if you have not received proper consents for such provision and you undertake to indemnify us for any liability which may appear due to unlawful provision and/or disclosure of personal data.
6. Other purposes for use of personal data
Developing the Website
We use Personal data to conduct research and development of our Website and Services in order to provide you and others with a better, more intuitive and personalized experience, drive membership growth.
We use Personal data to keep in touch with you in order to provide you with customer service, notify you on news and updates, provide you with the security notices or information.
Security and investigations
Profiling carried out by Walletto involves processing of personal data by automated means for the purposes of legislation relating to risk management and continuous and periodic monitoring of transactions in order to prevent fraud. Such ongoing profiling is based on legitimate interests of Walletto, the performance of a legal obligation and the execution of the agreement.
Providing information on similar products and services
We use Personal data to provide you with information about other goods and services we offer that are similar to those that you have already purchased or inquired about.
Third Party Information
Walletto can engage a Third Party to receive additional information about Client. Such Third Parties aggregate publicly available information, such as news articles, company registries and open other sources. Walletto will combine this information with information you have provided us and we will use this information to help us better understand your financial circumstances and behavior so that we can make decisions about how we manage your Account and in order to make a decisions about whether to agree to approve application on Account opening.
7. Personal data received from third parties
We collect and receive your Personal data from yourself, as well as from the following sources:
- We work closely with third parties in order to help us deliver our Service to you. These third parties are business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies, fraud prevention agencies, customer service providers and developers. Information we collect about you from such parties can include credit search information, information which helps us to verify your identity or information relating to your payment transactions
- Other legal sources, such as public registers, internet search engines, public sources such as social media.
8. How we share personal data
In order to provide you with the Services and meet our legal and regulatory obligations, we use third parties services and such third parties use personal data in delivering their services to us. Therefore we share the information we collect about you with our service providers (Data processors) such as:
- Cloud storage/servers providers. We use their service in order to store your data safely and securely.
- Card issuing institutions. For the purpose of providing you with a card in order to use our Services.
- Identification and verification services providers – in order to verify your identity.
- Correspondent banking institutions. For the purpose to enable payment execution as per your instructions.
- Law enforcement agencies. For the purpose of crime prevention and investigation.
- Regulatory bodies. For the purpose to enable financial market oversight or in cases where Regulator has received your complaint or when data is necessary to prevent or investigate financial crime.
- Tax authorities. For the purpose of complying with Common Reporting Standards requirements for financial institutions.
- Auditors, accountants and lawyers: In order to complete financial, technical and legal audits of Walletto operations, we need to share information about your Account as part of such audit.
- Other service providers with which we have concluded service provision agreements or when such sharing is mandatory according to applicable law.
We only use the services of those data processors which ensure safeguards and use technical and organizational security measures equivalent to the ones required by EU General Data Protection Regulation.
Processing personal data inside and outside the EEA
- The data that we collect from you will be transferred to, and stored at a destination inside the European Economic Area (EEA).
- You personal data can be processed outside of the EEA in order for us to fulfill our contractual obligations towards you to provide the Services. There are some examples where Walletto will need to send your data outside of EEA, for example:
- to action a request made by you to execute an international payment:
- process your payment details:
- provide global anti-money laundering and counter terrorist financing solutions and provide ongoing support services.
We will take all steps to ensure that your data is treated securely and in accordance with legislation, specifically:
- the data sent will be as minimal as necessary to complete the processing purpose;
- data will be sent only through encrypted communication channels.
Our Legal Obligation to Use or Disclose Personal Data
As a regulated financial institution, we can be asked to share your Personal Data to state and public authorities.
We will only do so when we are legally required to provide information or when we need to take legal action to defend our rights, as well as the cases, where we have a belief in good faith that access, use, preservation or disclosure of the information is reasonably necessary to meet any applicable law, regulation, legal process or enforceable governmental request, enforce applicable General Terms and Conditions, including investigation of potential violations, detect, prevent or otherwise address fraud, security or technical issues.
Walletto may partner with other financial institutions, such as Banking, credit and financial services partners, including banking partners, banking intermediaries, credit companies and international payments services providers. With their help we are able to provide you with a larger scope of Services or better quality ones. When we will offer such service to you, you will be asked to consent for data processing.
9. Your rights
You are entitled to the following rights regarding the protection of your Personal Data:
- The right to request access information we process about you: this right enables you to receive a copy of the personal data we hold about you;
- The right to request to correct incorrect / inaccurate information about you: this right enables you to have any incomplete or inaccurate Personal data we hold about you to be corrected. Please note that we need to verify the accuracy of the new data you provide to us.
- The right to request to transfer all or part of the Personal data: This right enables you to ask us to provide you with your Personal data in a structured, commonly used, machine-readable format, which you can then transfer to other appropriate data controller. Note that this right only applies to automated information which you initially provided for us to use and consented for it use or where we used the information to perform a contract with you.
- The right to request erasure of Personal data: This right enables you to ask us to delete or remove personal data where there is no legitimate reason for us to process it, or if you have successfully exercised your right to object to processing (as described in paragraph 9 herein below). Please note that Walletto as a regulated financial institution is obligated under the applicable laws regarding prevention of money laundering and terrorist financing as well as of Law on Electronic Money and Electronic Money Institutions of the Republic of Lithuania to retain certain information you have provided for a number of years, therefore we are not always able to comply with your request of erasure for the mentioned reasons. We will notify you at the time of your request if it the situation is as described.
- The right to request restriction of data processing: This right enables you to ask us to suspend the processing of your personal data in the following cases:
- if you want us to establish the data accuracy;
- where our use of the data is unlawful but you do not want us to erase it;
- where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims;
- you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Please note that such requests can lead to a situation that we are unable to perform our contractual obligations towards you or enter into a contract with you. If this would be the case we will notify you about it.
- The right to object to processing of Personal Data when processing is carried out on the basis of legitimate interest: This right can be exercised in a situation where we are relying on our legitimate interest (or those of a third party) but in your particular situation such processing impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. Please note that Walletto as a regulated financial institution is obligated under the applicable laws regarding prevention of money laundering and terrorist financing as well as of Law on Electronic Money and Electronic Money Institutions of the Republic of Lithuania to process your certain Personal data for compliance purposes, therefore in some cases, we can demonstrate that we have compelling legitimate grounds to process your Personal data which override your rights. Please note that requirements of the mentioned laws supersede any right to objection under applicable data protection laws. If you object to the processing of certain data then we may not be able to provide you Services and it is likely we will have to terminate your account.
- To exercise any of the rights mentioned above, please reach out to our client support team via email of by filling request form on our Website or contact our Data Protection Officer as indicated below. We will ask you to verify your identity and for more information regarding your request.
10. How long do we keep you data
Walletto as a regulated financial institution is obligated under the applicable laws regarding prevention of money laundering and terrorist financing as well as of Law on Electronic Money and Electronic Money Institutions of the Republic of Lithuania to retain your Personal data for a number of years:
- Client identification data and verification data – 8 (eight) years after termination of the contract relations;
- Business correspondence with the Client – 5 (five) years after termination of the contract relations;
- History of transactions and related documents confirming the transaction – 8 (eight) years after the execution or completion of the transaction.
Provided data retention timeline can be extended for up to 2 (two) years upon reasoned instruction of a competent authority.
We therefore use this retention requirement as a benchmark for all personal data that we receive from you. In order to not hold your information for longer than is strictly necessary we will not hold any of your personal data for more than 8 years after the termination of our business relationship.
If you feel that Walletto has breached this policy or processed your data incorrectly, you should send a request or complaint directly to Walletto by sending an e-mail to email@example.com or a letter to our office at Žalgirio str. 92-805, LT-09303, Vilnius, Lithuania.
Please note that Walletto identify you by personal data and e-mail, which you have provided to Walletto when you signed up for the services. When you submit your request always provide your personal details and sent your request via e-mail you have submitted when you signed up for the services. In other case we are unable to identify you properly and submit the information requested by you or to fulfill your request.
Walletto will review the complaint and send you response within 15 working days, or inform you that we need more time to provide you with an extensive response.
If for any reasons Walletto’s answer does not satisfy you, have the right to lodge a complaint to the national Data Protection Agency (DPA) in the country of your residence or to Lithuania State Data Protection Inspectorate (https://vdai.lrv.lt/en/) at firstname.lastname@example.org
We would, however, appreciate the chance to deal with your concerns before you approach the DPA and find a solution at your satisfaction. So please contact us in the first instance.