Mano Bankas cares about the privacy of its customers and personal data protection and therefore seeks to ensure a fair and transparent processing of personal data and comprehensively inform customers about the processing of their personal data.
These Personal Data Processing Rules (hereinafter the Rules) determine the key aspects relating to the processing of customer personal data by Mano Bankas. Please read these Rules carefully. Should you have any questions regarding the processing of your personal data, please contact us using the contact information provided in these Rules.
1. Terms used in the Rules
- Personal data shall mean any information about you, which you provide to us or which we obtain from other sources and which enables us to identify you (for instance, personal data may include your given name and surname, date of birth, personal ID No., contact information, information about your creditworthiness and other information that is required for the appropriate provision of our services, video data recorded by our video cameras, information about the agreements concluded with us, information about the use of our services, etc.).
- Customer or you or data subject shall mean a natural person who used, uses or intends to use the services provided by Mano Bankas or is in any other manner related to these services (for instance, a customer's representative, collateral provider, final beneficiary, a person who sends us an request, etc).
- Mano Bankas or we shall mean the controller of your personal data AB Mano Bankas, a public limited liability company incorporated and operating according to laws of the Republic of Lithuania, Company Reg. No. 112043081, registration address: S. Moniuškos g. 27, LT-08115 Vilnius, Lithuania. We provide services to customers based on the specialised bank license issued by the Bank of Lithuania.
2. General provisions
These Rules shall apply to customers who use, have used or expressed the intention to use the services provided by Mano Bankas either electronically (for instance, by using our internet websites www.mano.bank or www.manopaskola.lt, logging into the e-services system of Mano Bankas, etc.) or personally (for instance, by visiting our customer service centre). The Rules shall also apply to customers with which Mano Bankas forged relations before the entry into effect of these Rules, where such persons have provided their personal data and/or where Mano Bankas has received their personal data.
Mano Bankas shall act as a data controller in respect of the customer personal data that it processes.
In the process of processing of your personal data, Mano Bankas shall adhere to the following:
- The General Data Protection Regulation (EU) 2016/679;
- The Law on Legal Protection of Personal Data of the Republic of Lithuania;
- The Law on Electronic Communications of the Republic of Lithuania;
- Other legal acts regulating the protection of personal data;
- Instructions and recommendations of the State Data Protection Inspectorate and other competent authorities.
3. Our contact information
4. Principles of processing of your personal data
Mano Bankas shall be responsible and shall ensure that the following principles be adhered to in the process of processing of your personal data:
- The principle of lawfulness, transparency and fairness: your personal data shall be processed in a lawful, transparent and fair manner;
- The purpose limitation principle: your personal data shall be collected for the purposes defined and clearly outlined in these Rules and lawful purposes and shall not be processed in any manner that is incompatible with these purposes;
- The data minimisation principle: the personal data being processed shall be adequate, appropriate and only such as required for the purposes for which the data is processed;
- The accuracy principle: your personal data shall be accurate and, where required, shall be updated. Mano Bankas shall implement all reasonable measures to ensure that your personal data which is not accurate, with consideration of the purposes for which it is processed, be immediately deleted or corrected;
- The storage limitation principle: your personal data shall be stored in such a form as to ensure that the identity of data subjects be possible to establish for a term not longer than required for the purposes for which such personal data is processed;
- The integrity and confidentiality principle: your personal data shall be processed in such a manner as to ensure that, if the appropriate technical or organisational measures are used, the appropriate security of the personal data be ensured, including the protection against unauthorised data processing or unlawful data processing and against accidental loss, destruction or damage.
5. Your personal data that we process
- Main identity and contact information such as full name, personal ID No., date of birth, details specified in ID documents, phone number, language, e-mail and residence address;
- Information about family such as marital status, number of dependents, information about family members, heirs and other related persons;
- Information about educational background and professional activities such as information about the acquired qualifications, financial knowledge, current and former employers, professional experience, economic and commercial activities performed (for instance, farming, engagement in an individual activity, etc.);
- Financial information such as information about sources of income and its sustainability, origin of funds, beneficiaries, residence for tax purposes, accounts, various payment documents, outstanding financial obligations and their fulfilment, owned assets, types and value of owned assets, credit history and creditworthiness, expenditure and income, etc.;
- Information about the origin of assets and/or property such as information about the parties to the transactions that you concluded, conditions of such transactions, etc.;
- Information about relations with legal entities obtained from you, public registers or other third parties for the purpose of implementing the respective transaction in respect of the relevant legal entity;
- Information about your transactions in Mano Bankas and other concluded agreements or executed operations, depending on the type of services that Mano Bankas provides to you: for instance, current account No., deposits, payment orders, other payment operations, payment instruments and actions performed using the instruments, cash contributions and withdrawals;
- Audio-visual information: for instance, video surveillance data recorded when you visit our customer service centres or other service provision locations;
- Information relating to customer reliability and compliance with legal requirements such as information required by Mano Bankas in order to be able to perform the respective procedures aimed to prevent money laundering and terrorist financing and ensure the implementation of international sanctions (for instance, the purpose of maintaining a business relationship with a customer, customer involvement in policy-making);
- Information collected when you use electronic means such as IP address, operating system version, other parameters of your device, your login data used to log in to our electronic services system, login information (for instance, login session time and duration, requests, etc.), browsing information, including details of when and from what location the login to the Mano Bankas electronic services system or internet website was affected, etc.;
- Information about your satisfaction with our services and your needs and interests, which you provide to us when you use our services or communicate with our employees;
- In certain cases, special categories of data such as criminal records or customer health records, biometric data (for remote identification purposes, whereby a person’s unique characteristics, e.g. face images or fingerprints, are confirmed). We shall only use your biometric data for identifying you remotely if you grant your express consent to the use of this identification method.
6. Purposes of processing of your personal data
Mano Bankas shall process your personal data for the following main purposes:
- For the purpose of prevention of money laundering and terrorist financing. For this purpose, we implement the mandatory procedures stipulated in legal acts, in the process of which we appropriately establish the identities of the customer and its beneficiaries, update data and perform other required actions;
- For the purposes of conclusion and implementation of agreements with Mano Bankas (i.e. provision of financial services). For these purposes, we process your personal data to be able to take decisions regarding the conclusion of agreements with you and/or to be able to provide services to you and implement our daily financial operations. For instance, to be able to provide certain services, we need to evaluate your creditworthiness so that we are able to provide financing to you according to the responsible borrowing principles.
- For the purposes of maintaining relationships with customers and providing opportunities to use our services. For instance, we administer all the inquiries that you send us, seek to timely and appropriately provide consultancy and other necessary information to you and seek to ensure the relevance and accuracy of the personal data of our customers;
- For the purposes of assurance of the rights and legitimate interests of Mano Bankas, other persons and/or customers. For instance, in order to ensure our rights and interests, we effectively manage outstanding payments, may assign rights of claim, provide data to joint debtor databases and other third parties having a legitimate interest, provide data to selected providers of legal services, courts, bailiffs, etc.;
- For the purposes of the protection of our property and health of our customers and employees and of the assurance of the security of property. For instance, in the process of implementing this purpose, we record video data using video surveillance equipment when you visit a Mano Bankas customer service centre;
- For the purposes of direct marketing. For instance, if you become our customer and do not express your disagreement, we may contact you electronically and offer other similar services with consideration of your needs (you may express disagreement to the receipt of these messages at any time). Also, upon obtaining your consent, we may ask you to provide your opinion about our services and include you in games, promotions, etc. that we organise (you may also withdraw your consent at any time).
- For the purpose of improving our services, market research and collection of statistical information. For instance, in order to improve our services, we may analyse the collected summarised (anonymised) data of our customers as well as conduct market research and analyse various statistical data.
- For the purposes of appropriate fulfilment of our obligations arising out of applicable legal acts. We are a credit institution and in our operations we must closely adhere to the requirements prescribed for us by a variety of applicable legal acts.
- To ensure the provision of our services remotely and to guarantee the smooth functioning and security of our internet websites. For instance, to ensure the appropriate functioning of our electronic services system or internet websites, we need to process certain technical data of our customer devices; to ensure the security of customer logins and behaviour in the electronic environment, we may analyse login sessions, executed operations, etc.
7. Grounds for processing of your personal data
Mano Bankas shall process your personal data in the presence of at least one of the following legal grounds:
- Conclusion and implementation of an agreement. This is one of the grounds for processing your personal data: we rely on it when the processing of your personal data is necessary for a variety of pre-contractual, agreement conclusion and implementation actions. For instance, based on this ground, we process your personal data to be able to provide our services to you (implement the agreements concluded with you).
- Fulfilment of legal obligations. Legal acts prescribe various legal obligations for us; consequently, when we process your personal data, we rely on this legal ground. For instance, we rely on this legal ground when we implement the money laundering and terrorist financing prevention procedures prescribed by legal acts, seek to appropriately fulfil the responsible borrowing requirements prescribed by legal acts and implement other applicable requirements.
- Implementation of the legitimate interests of Mano Bankas and/or other parties (where such interests supersede the interests or fundamental rights and freedoms of the data subject). For instance, we may rely on this legal ground in order to improve the quality of the services provided by Mano Bankas on an ongoing basis, to file and defend legal claims and perform other legitimate actions in order to prevent or minimise loss; in order to monitor and prevent illegal actions in a systemic manner and assess related risks in an ongoing manner.
- Your consent. In certain cases, we may also process your personal data based on your consent. For instance, where you grant consent to receive direct marketing messages, we may contact you and provide you with our service offers.
You should be aware that in case you do not provide your personal data, which is required for concluding or implementing an agreement or the provision of which is envisaged in legal acts or the respective agreement, we will be unable to provide our services to you.
8. Sources of personal data
Mano Bankas uses personal data obtained directly from you when you fill out applications or other forms in order to order our services, correspond with us by e-mail, present specific documents to us, submit requests or claims, call us or contact us in another manner, use our internet websites or electronic services system, participate in our customer surveys or promotional campaigns; we also record video data when you visit customer service centres of Mano Bankas.
Mano Bankas may also obtain your personal data from other legitimate sources:
- Other financial institutions (for instance, other banks operating in Lithuania);
- Various State institutions and registers (for instance, the Bank of Lithuania, the Ministry of Finance, the Lithuanian Agricultural Advisory Service, the State Social Insurance Fund Board, the National Health Insurance Fund, the National Paying Agency, the State Enterprise Centre of Registers, the State Enterprise Regitra, law enforcement institutions, other registers and public authorities);
- Persons administering joint debtor data files (for instance, UAB Creditinfo Lietuva);
- Legal entities, where you are related to such legal entities in any manner (for instance, you are a representative, employee, contractor, founder, shareholder, participant, etc. of such legal entities);
- Other natural persons (for instance, when they provide data of their spouses, children, other persons who are their relatives or are affiliated to them, as well as co-debtors, guarantors, providers of collaterals and other persons);
- Other natural persons or legal entities in the process of fulfilling contractual or legal requirements and documents provided to us (for instance, information in property valuation reports, certificates, etc.);
- Our partners or other legal entities, which use Mano Bankas to provide services to you.
In the process of engaging in our operations, we may combine the available information about you that is obtained from different sources.
9. Profiling and automated decision-making
Profiling is a method of automated processing of your personal data that Mano Bankas employs. Profiling is used in order to automate the processing of customer personal data and be able to evaluate certain personal traits of customers and in this manner analyse and forecast a variety of aspects such as a person's financial situation, remote customer identification, personal preferences and interests.
Profiling may be used to process the available customer data and take decisions (with human intervention) regarding your creditworthiness and financial risks (for instance, when you use the electronic consumer loan application system www.manopaskola.lt) as well as to provide you with appropriate advice or offer you specific services customised to your needs and ensure a more effective monitoring of transactions and operations for the purposes of identifying and preventing money laundering and/or terrorist financing and/or fraud. This enables us to ensure the smoothness, promptness and objectivity of the aforementioned processes. Normally, such profiling is based on the fulfilment of the legitimate interests of Mano Bankas, but it may also be exercised on the basis of an applicable legal obligation, implementation of the respective agreement or customer consent.
Mano Bankas may also process personal data in order to improve the quality of its services and develop new proposals with consideration of customer needs. Where a customer does not express its disagreement to the processing of its data for direct marketing purposes, we may process the customer's personal data in order to select and present general and customised offers of Mano Bankas services (depending on the manner and the types of our services the customer uses). This profiling for marketing purposes shall be based on our legitimate interest. If you disagree that your personal data be processed for direct marketing purposes, please notify us of this immediately.
10. Recipients of personal data
In its operations, Mano Bankas may involve different processors of your personal data (i.e. certain service providers). Such data processors chosen by us shall only process your personal data according to our instructions. For instance, data processors may include companies providing data storage services, companies developing and supporting software, companies providing communications services, companies performing analysis of online activity, companies providing marketing services and other service providers. Your personal data may only be disclosed by Mano Bankas to these data processors to the extent necessary for providing the respective services.
We shall ensure that the chosen data processors adhere to the requirements of the General Data Protection Regulation (EU) 2016/679, laws and other applicable legal acts and recommendations issued by competent authorities. The relationship of Mano Bankas and a specific data processor (except in cases where such relationship is regulated by laws or other legal acts) shall be regulated by the respective written agreement or written conditions.
Mano Bankas may also provide your personal data to other recipients of data:
- Other financial institutions;
- Providers of payment and other services that are involved in your transaction concluded with Mano Bankas (for instance, in order to execute a payment);
- Companies providing insurance and reinsurance services, where insurance services are related to the services that Mano Bankas provides to you;
- Other companies, where this is necessary for financial accounting, audit, risk assessment or service provision purposes;
- Persons administering joint debtor data files (for instance, UAB Creditinfo Lietuva);
- Debt collection companies (for instance, companies overtaking the rights of claim in respect of debtors);
- State institutions and registers (for instance, the Bank of Lithuania, the Ministry of Finance, the Lithuanian Agricultural Advisory Service, the Department of Statistics, the State Social Insurance Fund Board, the National Paying Agency, the State Enterprise Deposit and Investment Insurance, the State Enterprise Centre of Registers, notaries, courts and other dispute settlement institutions, bailiffs, law enforcement institutions, other registers and public authorities);
- The State Tax Inspectorate in order to implement the Agreement between the Government of the Republic of Lithuania and the Government of the United States of America on Improvement of the Implementation of International Tax Compliance and the Implementation of the Foreign Account Tax Compliance Act and other international obligations of the Republic of Lithuania in this field;
- Other third parties that handle various registers (for instance, securities registers) or mediate in the process of providing personal data to such registers;
- Our professional advisers, auditors, attorneys-at-law and financial advisers;
- Other third parties related to the provision of our services and/or having a legitimate ground to receive this data (e.g. providers of video surveillance, information technology, telecommunications, archiving and postal services).
In its operations, Mano Bankas normally does not transfer the personal data of its customers outside of the European Union/European Economic Area (EEA). In individual cases where we must transfer certain personal data of a customer to a data recipient outside of the EU/EEA, we seek to ensure that at least one of the following measures be implemented:
- It is recognised by decision of the European Commission that the State (in which the respective data recipient is located) ensures a sufficient level of personal data protection (a decision on adequacy has been passed);
- An agreement has been concluded with the respective data recipient according to the standard contract terms approved by the European Commission;
- The respective data recipient located in the United States of America has been certified according to the EU and US agreement (the so called privacy shield agreement);
- Security measures according to the applicable codes of conduct or a certification mechanism have been implemented; other security measures according to the General Data Protection Regulation (EU) 2016/679 are ensured.
It should be noted that the providers of payment and other services that are involved in the implementation of your agreements concluded with us may be also established or operate in a State outside of the EU/EEA. Such a State may lack an adequate level of data protection (for instance, it may be a State that the European Commission has not included on the list of States with an adequate level of data protection). We shall take all steps to ensure that your personal data be used securely, but there may be instances where we will be unable to ensure that the data recipient adhere to the same requirements as applicable to EU/EEA States.
11. Terms of storage of personal data
Mano Bankas shall store customer personal data for a term not longer than necessary. The term of processing of personal data shall be set with consideration of the agreement concluded with the respective customer, the legitimate interests of Mano Bankas or legal requirements, e.g.:
- Video surveillance data shall be stored for 3 months from the date it is recorded;
- Direct marketing data shall be stored for 5 years from the date your consent is received (provided that you do not withdraw your consent earlier);
- In case an agreement is concluded, your personal data shall be stored for 10 years after the date the agreement expires;
- Where any services that you request are not provided to you or you refuse to conclude an agreement based on the respective offer presented by Mano Bankas, your personal data shall be stored for 12 months from the date of the refusal to provide the requested services or the date the offer is presented;
- The data confirming the identities of a customer and a beneficiary collected in the process of implementing procedures for preventing money laundering and terrorist financing and other related documents and data shall be stored for 8 years from the date the respective transactions or business relationship with the customer end.
Your personal data may also be stored for a longer term, where it is necessary to defend the rights and legitimate interests of Mano Bankas, provide a response to an inquiry, settle a complaint or dispute and in other cases envisaged by legal acts.
On expiry of the term of processing of personal data, your personal data shall be destroyed or irreversibly anonymised.
12. Security measures in place
Mano Bankas shall implement a variety of organisational and technical security measures that help to protect your personal data against accidental or unauthorised destruction, alteration, disclosure and/or any other unauthorised processing. Mano Bankas requires that the data processors, which are involved by Mano Bankas to process your personal data or which have access to your personal data in the process of providing services to Mano Bankas, implement the appropriate organisational and technical measures to ensure the security and integrity of your personal data.
Nevertheless, it should be borne in mind that in certain cases the transmission of information by electronic means of communication (e-mail, mobile phone, etc.) may be less secure for reasons not depending on the technical or organisational measures implemented by Mano Bankas. To ensure the security of your confidential data, we recommend that you do not provide us with any information via less secure electronic systems or via any electronic systems not used by Mano Bankas.
13. Your rights and their implementation
You have the following rights in respect of your personal data as envisaged in legal acts:
- The right to familiarise yourself with your personal data and with the manner in which it is processed. The right to receive our confirmation that we process your personal data and the right to familiarise yourself with your personal data that we process and other related information;
- The right to demand that any incorrect, inaccurate or incomplete data be corrected. If you believe that the information about you that we process is inaccurate or incorrect, you shall be entitled to demand that this information be modified, corrected or adjusted;
- The right to demand that your personal data be deleted. In the presence of certain circumstances listed in legal acts (where personal data is processed illegally, the grounds for the processing of personal data no longer exist, etc.), you shall be entitled to demand that we delete your personal data;
- The right to demand that the processing of your personal data be restricted. In the presence of certain circumstances listed in legal acts (where personal data is processed illegally, you contest the accuracy of the data, etc.), you shall be entitled to demand that we restrict the processing of your personal data;
- The right to demand that your personal data be transferred to another data controller or provided directly in a form convenient for you. You shall be entitled to receive the data which we process based on your consent or a concluded agreement and the processing of which is carried out using automated means in a normally used and computer-readable format; you shall also be entitled to demand that this data be transferred to another data controller;
- The right to disagree to the processing of your personal data, where such personal data is processed on the grounds of a legitimate interest, except in cases envisaged in legal acts (for instance, where there exist legitimate reasons for the subsequent processing of personal data, etc.);
- The right to revoke your consent to the processing of your personal data at any time by e-mailing the respective notice to email@example.com or visiting a customer service centre of Mano Bankas. Where your revoke your consent to the processing of your personal data, the processing of your personal data based on your consent shall be discontinued;
- If you believe that our acts or omissions infringe upon your rights or legal requirements, you shall be entitled to submit a complaint to the State Data Protection Inspectorate. Further information is available on the internet website of the State Data Protection Inspectorate at www.ada.lt. However, we recommend in all cases, prior to submitting an official complaint to the supervisory authority, to first contact us in order to find a prompt and effective method of solving the issue.
Please remember that these rights of data subjects are implemented subject to satisfaction of all the requirements and conditions envisaged in legal acts.
In order to exercise your above rights, you must present a written application to us by e-mail to firstname.lastname@example.org, by sending your application to S. Moniuškos g. 27, Vilnius, or presenting your application in person at a customer service centre of Mano Bankas. The information contained in your written application must be sufficient to identify you (for instance, you must specify your full name, date of birth, residence address and other contact information); you must also provide information on which of the above rights and to what extent you wish implemented. Upon receipt of your written application, we may request that you additionally confirm your identity and/or refine the scope of implementation of the specific data subject right that you wish implemented.
A received written application shall be examined and a response shall be provided to you within 30 calendar days from the date the appropriate written application is received. In exceptional cases, which require additional time, we, subject to prior notice given to you, may extend the term for considering the claims contained in your application to up to 60 calendar days from the date of your appropriate application.
14. Validity and amendment of the Rules
We shall be entitled to amend these Rules unilaterally at any time. In this case, we will notify you about the respective amendments to the Rules and publish the new wording of the Rules.