Privacy Policy

Walletto UAB, a private limited liability company, established and operating under Lithuanian law, legal entity code 304686884, registered address at Žalgirio str. 92-805, Vilnius, Lithuania, LT-09303, is an electronic money institution which is considered as Data Controller for the purposes of this Privacy policy.

The following definitions when used in this Privacy policy have the following meanings:
• Account or Walletto Account has the meaning of the account created by Walletto to the Client;
• Client has the meaning of an individual or legal entity holding Walletto Account;
• Privacy Policy has the meaning of this privacy policy;
• Personal data has the meaning of information that can be used to directly or indirectly identify you.
• Services has the meaning of the services provided by Walletto to its Clients;
• Walletto has the meaning prescribed in Art. 1 of this Privacy Policy;
• Website or Walletto Website has the meaning of the website available at;
• We has the meaning of Walletto;
• You has the meaning of the person whose Personal data is processed by Walletto.

3.1 This Privacy Policy describes how Walletto collects, uses, stores, shares and protects your Personal Data whenever you use Services through the Website or by corresponding with us (for example by email or by filling massaging form on the Website).
3.2 We assume that you have carefully read this document and accepted it. If you do not agree with this Privacy Policy, then you should refrain from using our Services or opening an Account. This Privacy Policy is an integral part of Walletto ’s General Terms and Conditions.
3.3 We may change this Privacy Policy from time to time. We will post any Privacy Policy changes on Website additionally sending you an email informing about changes made. Continued use of Walletto ’s Website implies your acceptance of the revised Privacy Policy.

4.1. General
4.1.1. In order to provide You with Walletto Account and Services thereof, Walletto collects various types of your Personal Data.
4.1.2. Personal Data is collected and used during 3 principal steps: registration, identity verification and the use of Walletto Account and Services.
4.2. Processing of registration data
4.2.1. In the registration process we collect your e-mail address. Submission of herein mentioned Personal data is mandatory for your registration. Failure to provide your email address or decision to delete or object to processing of email address will result in dismissal of your registration.
4.2.2. Finalizing your registration you will have to confirm your email address provided after the respective message is sent to it.
4.2.3. After providing Personal data for registration you can continue with application for opening the Account. For this purpose we need to request more information in order to meet legal and regulatory obligations. Therefore proceeding with the Account opening you should provide us your additional Personal Data, which may include data as such: Name, Surname, Date of birth, Residential Address, Correspondence address for delivery of Card (if different from residential address), ID document number (national identification card/ Passport Number/ Itinerary document), ID document number expiry Date, Passport Nationality, Occupation, Source of Funds, copy of identification document (ID / Passport / Itinerary document), photograph and any other information you provide us in order to prove your eligibility to use our services. Submission of herein mentioned Personal data is mandatory for Account to be created and opened. Failure to provide mentioned Personal data will lead to dismissal of application for account opening.
4.2.4. In order to open the Account we need to know what expected activities on it are. Therefore during the process of opening your Walletto Account you must determine and indicate such activities and provide details of it. Such information is collected and processed in order to comply with legal and regulatory obligations. Sometimes we need to request more information to identify you or to meet legal and regulatory obligations. When that is necessary, you will be prompted to provide such information.
4.2.5. If you contact us, we will keep a record of that correspondence.
4.2.6. Personal data collected by Walletto in the Registration step is used for the following purposes: Account opening; Client identification; Client risk assessment mandatory under the applicable laws;
 • In order for us to provide you with our services and execute your payments, we must use the data provided by you during the verification process for the ongoing risk assessment.   The main use of data is for the information checks against anction lists and various databases or resources that might be used as an Adverse Media;
 • Walletto is obliged by law and regulations to conduct such risk assessment during your verification process and on continuous basis thereafter. This means that we can process
  your data before or during the processing of your payments as also on a scheduled interval basis;
 • This assessment can be done either by us directly or by our Service Providers;
 • Walletto can request from you additional data if during risk assessment new information is identified that under the applicable laws and regulations obliges Walletto to perform enhanced due diligence. To provide Clients with support, letting them know about upcoming changes or improvements of Website; Provide Clients with information regarding changes of any terms or conditions applicable to them or Services they use as well as other important information.
4.2.7. Walletto processes Clients registration data on the legal basis of: Your consent, expressed when voluntarily submitting your Personal Data details which are not mandatory; and Conclusion and performance of contractual arrangements and obligations between Walletto and the Client; for compliance with a legal obligation to which Walletto is subject.
4.2.8.You may at any time edit, update or delete your contact details contacting our service center via e-mail or by filling request form on our Website. Please note that you will be able to request deletion of your contact details and other registration data only if there is no legal obligation for Walletto to preserve such data by the applicable laws.
4.3. Processing of Client verification data
4.3.1. In order for the Account to be created you must verify your identity. We verify you by the Personal data you provide during registration. However such Personal data must be confirmed, therefore in addition, for verification purposes we also rely on verification services, managed and provided to us by our service providers.
4.3.2. While exercising this verification step, you will be requested to upload your ID document. You will undergo facial verification. For the mentioned purposes we receive and rely on a certain confirmation from our service providers that your identity is verified. Please note, that under the applicable laws Walletto is obligated to collect and store all data received during Client identification and verification process therefore scanned copies of ID documents, data related to facial recognition and other information will be stored by Walletto in accordance to this Privacy policy and applicable legislation.
4.3.3. Walletto may request to provide further information that will allow Walletto to reasonably identify you and verify your identity. Walletto reserves the right to contact you and request to provide more information or approve that provided information is up-to-date and valid.
4.3.4. Walletto processes the above mentioned Personal data used for Client’s verification (point 4.3.1. and 4.3.2 of this Privacy policy) in order to comply with regulatory and legal obligations as well as to ensure that Clients are not attempting to create additional Accounts or to commit fraudulent actions. Refusal to undergo ID and facial verification will terminate your Account opening process.
4.3.5. Processing of your ID document, facial verification data, uploaded to third-party database as described above, is covered by third parties’ privacy policies. All Personal data you provide for verification process shall be provided directly by you to our service provider performing your verification and therefore processing of such data shall be covered by the policies of such service provider. You should carefully review privacy policies of such Service provider before starting the verification process.

4.4. Processing of data generated while using Walletto Account
4.4.1. While you are using our Services and Account we are collecting the following information:
4.4.2. History of transactions (date, information of payer and payee, amount of transaction) is processed in order to: (i) to provide further updates and improvements, (ii) ensure compliance with a legal obligations;
4.4.3. Messaging history, including, but not limited to, claims and complaints made by you is processed due to the performance of obligations regarding provision of Services. Please note that we identify you by email, which you have submitted during registration process. When you submit your request always provide your email. In other case we will not be able to identify you properly and submit the information requested by you or to fulfill your request;
4.4.4. Your behavior while using Account (your clicks, visited sections) in order to ensure the improvements of functionality of Website;
4.4.5. Your payment card information: date of issue and expiry date in order to provide you Services;
4.4.6. Massage content: if you include a message with your payments, the content of that massage is stored by Walletto;
4.4.7. Cookies: like most of Websites and mobile applications we use cookies. Please see information on cookies we use in our cookie policy.
4.4.8. Walletto processes Personal Data collected while using Services and Account on the following legal basis:
4.4.9. Conclusion and performance of contractual arrangements and obligations between Walletto and the Client; and
4.4.10. Pursuance of legitimate interests of Walletto, as controller and manager of Webpage platform;
4.4.11. for compliance with a legal obligation to which Walletto is subject.
4.5. Personal data of other individuals
4.5.1. In providing personal data of any individual other than yourself to us during the use of our Services, you agree that you have obtained consent from such individual to disclose their personal data for collection and use. By providing such Personal data to us you bear all the responsibility towards such individual if you have not received proper consents for such provision and you undertake to indemnify us for any liability which may appear due to unlawful provision and/or disclosure of personal data.

5.1. Developing the Website
5.1.1. We use Personal data to conduct research and development of our Website and Services in order to provide you and others with a better, more intuitive and personalized experience, drive membership growth.
5.2. Client support
5.2.1.We use Personal data to keep in touch with you in order to provide you with customer service, notify you on news and updates, provide you with the security notices or information.
5.3. Security and investigations
5.3.1. We use Personal data for security, fraud prevention and investigations. We use your Personal data (including your communications) if we think it’s necessary for security purposes or to investigate possible fraud or other violations of our General Terms and Conditions, this Privacy Policy, implementing the regulatory and legal obligations. We may ask you to provide any additional information which we think may influence process of investigation or examination of your complaint / request.
5.4. Profiling
5.4.1. Profiling carried out by Walletto involves processing of personal data by automated means for the purposes of legislation relating to risk management and continuous and periodic monitoring of transactions in order to prevent fraud. Such ongoing profiling is based on legitimate interests of Walletto, the performance of a legal obligation and the execution of the agreement.
5.5. Providing information on similar products and services
5.5.1. We use Personal data to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about.
5.6. Third Party Information
5.6.1. We will combine this information with information we have collected about you and we will use this information to help us better understand your financial circumstances and behavior so that we may make decisions about how we manage your Account and in order to make a decisions about whether to agree to approve application on Account opening.
6.1. We collect and receive your Personal data from yourself, as well as from the following sources:
6.1.1. We work closely with third parties in order to help us deliver our Service to you. These third parties are business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies, fraud prevention agencies, customer service providers and developers. Information we may collect about you from such parties can include credit search information, information which helps us to verify your identity or information relating to your payment transactions.
6.1.2. Other legal sources, such as public registers, internet search engines, public sources such as social media.
6.2. If you are a beneficial owner, shareholder, representative or employee of our corporate client we are collecting your Personal data in order to fulfill legal and regulatory obligations. Your Personal data is provided to us by the representatives of the company where you hold a certain position. Personal data received under this clause is processed in accordance to the provisions of this Privacy policy and you have all the rights of the Data subject listed herein in this Privacy policy and in the applicable laws.

7.1. In order to provide you with the Services and meet our legal and regulatory obligations, we use third parties services and such third parties use personal data in delivering their services to us. Therefore we may share the information we collect about you with our service providers (Data processors) such as:
7.1.1. Cloud storage/servers providers. We use their service in order to store your data safely and securely.
7.1.2. Card issuing institutions. For the purpose of providing you with a card in order to use our Services.
7.1.3. Identification and verification services providers – in order to verify your identity.
7.1.4. Auditors, accountants and lawyers: In order to complete financial, technical and legal audits of Walletto operations, we may need to share information about your Account as part of such audit.
7.1.5. Other service providers with which we have concluded service provision agreements or when such sharing is mandatory according to applicable law.
7.2. We only use the services of those data processors which ensure safeguards and use technical and organizational security measures equivalent to the ones required by EU General Data Protection Regulation.
7.3. Processing personal data inside and outside the EEA
7.3.1. The data that we collect from you will be transferred to, and stored at, a destination inside the European Economic Area (EEA).
7.3.2. Personal data may be processed outside of the EEA in order for us to fulfill our contractual obligations towards you to provide the Services. We will need to process your personal data in order for us, for example, to action a request made by you to execute an international payment, process your payment details, provide global anti-money laundering and counter terrorist financing solutions and provide ongoing support services. We will take all steps to ensure that your data is treated securely and in accordance with this privacy policy.
7.4. Our Legal Obligation to Use or Disclose Personal Data
As a regulated financial institution, we may need to share your Personal Data to state and public authorities. We will only do so when we are legally required to provide information or when we need to take legal action to defend our rights, as well as the cases, where we have a belief in good faith that access, use, preservation or disclosure of the information is reasonably necessary to meet any applicable law, regulation, legal process or enforceable governmental request, enforce applicable General Terms and Conditions, including investigation of potential violations, detect, prevent or otherwise address fraud, security or technical issues.
7.5. Other
Walletto may partner with other financial institutions, such as Banking, credit and financial services partners, including banking partners, banking intermediaries, credit companies and international payments services providers. With their help we are able to provide you Services and in order to meet legal and regulatory requirements we might be obligated to share your account details with such partners to the extent you actually transact or interact with customers of such partners.

8.1. You are entitled to the following rights regarding the protection of your Personal Data:
8.2. The right to request access information we process about you: this right enables you to receive a copy of the personal data we hold about you;
8.3. The right to request to correct incorrect / inaccurate information about you: this right enables you to have any incomplete or inaccurate Personal data we hold about you to be corrected. Please note that we may need to verify the accuracy of the new data you provide to us.
8.4. The right to request to transfer all or part of the Personal data: This right enables you to ask us to provide you with your Personal data in a structured, commonly used, machine-readable format, which you can then transfer to other appropriate data controller. Note that this right only applies to automated information which you initially provided for us to use and consented for it use or where we used the information to perform a contract with you.
8.5. The right to request erasure of Personal data: This right enables you to ask us to delete or remove personal data where there is no good reason for us to process it, or if you have successfully exercised your right to object to processing (as described in clause 9.1 herein below). Please note that Walletto as a regulated financial institution is obligated under the applicable laws regarding prevention of money laundering and terrorist financing as well as of Law on Electronic Money and Electronic Money Institutions of the Republic of Lithuania to retain certain information you have provided for a number of years, as indicated per clause 8.6.4 below, therefore we may not always be able to comply with your request of erasure for the mentioned reasons. We will notify you at the time of your request if it the situation is as described.
8.6. The right to request restriction of data processing: This right enables you to ask us to suspend the processing of your personal data in the following cases: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it. Please note that such requests may lead to a situation that we may not be able to perform our contractual obligations towards you or enter into a contract with you. If this would be the case we will notify you about it.
8.7. The right to object to processing of Personal Data when processing is carried out on the basis of legitimate interest: This right can be exercised in a situation where we are relying on our legitimate interest (or those of a third party) but in your particular situation such processing impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. Please note that Walletto as a regulated financial institution is obligated under the applicable laws regarding prevention of money laundering and terrorist financing as well as of Law on Electronic Money and Electronic Money Institutions of the Republic of Lithuania to process your certain Personal data for compliance purposes, therefore in some cases, we may demonstrate that we have compelling legitimate grounds to process your Personal data which override your rights. Please note that requirements of the mentioned laws supersede any right to objection under applicable data protection laws. If you object to the processing of certain data then we may not be able to provide you Services and it is likely we will have to terminate your account.
8.8. To exercise any of the rights mentioned above, please reach out to our client support team via email of by filling request form on our Website or contact our Data Protection Officer as indicated below. We may ask you to verify your identity and for more information regarding your request.

9.1. Walletto as a regulated financial institution is obligated under the applicable laws regarding prevention of money laundering and terrorist financing as well as of Law on Electronic Money and Electronic Money Institutions of the Republic of Lithuania to retain your Personal data for a number of years:
9.2. Client identification data and verification data – eight years after termination of the contract relations;
9.3. History of transactions – five years after terminations of the contract relations.
9.4. We therefore use this retention requirement as a benchmark for all personal data that we receive from you. In order to not hold your information for longer than is strictly necessary we will not hold any of your personal data for more than 8 years after the termination of our business relationship.

10.1. You have the right to lodge a complaint to the national Data Protection Agency (DPA) in the country of residence in the event where your rights may have been infringed. We would, however, appreciate the chance to deal with your concerns before you approach the DPA and find a solution at your satisfaction. So please contact us in the first instance.
10.2. Please be noticed that Walletto identify you by personal data and e-mail, which you have provided to Walletto when you signed up for the services. When you submit your request always provide your personal details and sent your request via e-mail you have submitted when you signed up for the services. In other case we will not be able to identify you properly and submit the information requested by you or to fulfill your request.