Documents and fees

NOTE: the present text is the translation from Latvian. In case of a discrepancy between the Latvian and the English version, the Latvian version of the Policy shall prevail.

This document describes how SIA "Transact Pro" (hereinafter also referred to as the 'Company' or 'we') processes the personal data of its customers - natural persons, as well as third parties involved in the provision of the Company's Services, for instance, representatives, shareholders or beneficial owners (hereinafter also referred to as 'you') of customers that are legal entities.

This our Personal Data Privacy Policy is effective as of 25 May 2018.

DEFINITIONS

Controller is SIA "Transact Pro" (unified registration number: 41503033127, legal and postal address: Gustava Zemgala gatve 76, Riga, LV-1039) - an electronic money institution in the meaning of the Law on Payment Services and Electronic Money, with the right to provide payment services.

Customer is a natural person who uses or has expressed the intention of using the Service.

Service is any service provided by the Company.

Personal Data is any information related to an identified or identifiable natural person. An identifiable natural person is a person who can be identified either directly or indirectly in particular by reference to an identifier such as a name, surname, identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing of Personal Data is any operation or set of operations performed with Personal Data, for example, collection, registration, organisation, structuring, storage, adjustment or modification, recovery, viewing, use, disclosure by transferring, distributing or otherwise making the data available, coordination or combination, restriction, deletion or destruction thereof.

GDPR is the General Data Protection Regulation No 2016/679 of the European Parliament and of the Council (EU).

GENERAL INFORMATION

This Personal Data Privacy Policy has been developed in order to help you learn what information we collect in case you use, have used or have expressed the intention of using or interest in using the Services, why we collect such Personal Data from you and how you can update, manage and delete your Data.

When processing Personal Data, the Company undertakes to protect the privacy of the Personal Data.

The Company processes Personal Data in order to provide financial services.

When using our Services or expressing the intention to use our Services, you agree to the conditions of this Personal Data Privacy Policy. If you disagree with the conditions of this Personal Data Privacy Policy, we will not be able to provide our Services to you.

The Company processes Personal Data in Riga, Latvia. Data processing and storage (including backup) takes place within the European Union.

The Company's processing of Personal Data is registered with the Data State Inspectorate (certificate No 002160, processing registration No 001912).

This Personal Data Privacy Policy is not a legally binding agreement between the Company and the Customer; it provides our guidelines for Personal Data processing and protection.

The Company's processing of Personal Data is subject to the GDPR, as well as other Personal Data protection laws and regulations in force in Latvia.

INFORMATION THAT WE COLLECT WHILE YOU USE OUR SERVICES

Exactly what Personal Data is processed depends on the type of Services you use and your relationship with the Company.

In order to ensure the provision of the Services and to improve those Services, the Company shall collect information, such as:

1. identifying information, e.g. name, surname, date of birth, gender, personal identifier (personal identity number), passport data, citizenship, photograph;
2. contact information, e.g. telephone number, e-mail address, address;
3. digital footprint during access, e.g. the IP network address used for access, time and date of access, information about the web browser used for access;
4. information regarding location, e.g. during access according to the IP address or during payment according to the location of the ATM used;
5. financial information, e.g. salary and other income;
6. professional data, e.g. education, position, employer information;
7. information regarding family, e.g. marital status;
8. special categories of Personal Data, e.g. criminal record data;
9. video surveillance data, e.g. video recordings in our premises;
10. 10. voice recordings, e.g. voice recordings of telephone calls;
11. 11. other personal data the collection of which might be necessary to render Services or in accordance with the requirements of the applicable regulations.

Except when directly required by the law, we do not process special categories of Personal Data, i.e. data revealing your race or ethnicity, political views, religious or philosophical convictions, participation in trade unions, or the genetic or biometric data of the data subject in order to perform a unique identification of a natural person, health data or data regarding the sexual life or sexual orientation of a natural person.

HOW THE COMPANY COLLECTS PERSONAL DATA

The Company usually collects Personal Data directly from the person the data is related to.

For example, if you:

• apply for Services (e.g. apply to open an account);
• use the Services (e.g. use a debit card);
• contact the Company (e.g. visit our home page on the Internet or give us your contact information for some reason).

In some cases, the Company obtains Personal Data from other individuals who are not data subjects, e.g. when a parent applies for a Service that applies to his child, or when legal entities apply for Services in relation to their employees. In such cases, we request the data subjects to be informed regarding disclosure of their Personal Data to the Company, as well as regarding the purposes of such processing of Personal Data and the content of the Personal Data Privacy Policy.

Personal Data may also be provided to the Company by third parties upon the request of the Customer.

The Company may also receive Personal Data when signing various agreements, wherein the other contractual party or representative of the contractual party may not be the Customer, or from other external sources, e.g. public registers, state authorities and other sources, if it is in our legitimate interests or in cases specified by the applicable laws and regulations.

PURPOSES AND LEGAL BASIS FOR PROCESSING COLLECTED PERSONAL DATA

We use collected Personal Data for:

Provision of Services - we use your Personal Data in order to provide Services. It would not be possible to provide Services without the use of your Personal Data.

For protection of your and our legitimate interests - we use Personal Data in order to improve the trustworthiness of our Services and to protect your legitimate interests, as well as those of the Company and of society.

For compliance with the requirements of the law - we also use Personal Data in cases when required to do so by the applicable laws and regulations. In order to comply with the requirements of the law in the area of the prevention of money laundering and the financing of terrorism, we have to know, for example, the sources of your income or if you are a politically exposed person or associated with such a person, as well as your country of tax residence. We also have a duty to provide reports to state authorities, e.g. to the State Revenue Service or other supervisory and control institutions. The data included in our report will depend on the requirements of the applicable laws and regulations.

To provide security - we use your Personal Data in order to improve the security of our Services.

To improve our Services - we also use your information in order to develop and improve our Services.

To develop new Services -we use the information collected within the framework of current Services in order to develop new Services.

To assess performance and other technical parameters of the Service - we use Personal Data for analysis in order to understand how our Services are being used.

To contact you - we use the information collected, e.g. your e-mail address, in order to contact you directly.

Prior to the use of your Personal Data for a purpose that is not mentioned in this Personal Data Privacy Policy, we will ask for your consent.

SHARING OF PERSONAL DATA

Within the Company, your Personal Data is accessible only to authorised personnel, as well as to third parties engaged by the Company and other individuals who have been granted or authorised to have such access by the applicable laws and regulations. If the third parties process Personal Data on behalf of the Company, we involve only such third persons, who provide sufficient guarantees that the technical and organisational methods involved in the processing comply with the requirements of the GDPR and applicable laws, and also ensure the protection of your rights. Processing operations performed by such third-party processors will always be governed by the Privacy and Data Processing Agreement or other special terms and conditions agreed upon between the Company and the processor.

Due to the nature of the Services that we provide, it is necessary to share the Personal Data of Customers in order to conduct our everyday business, i.e. process transactions, maintain Customer accounts and provide reports to state authorities.

When processing data for the above-mentioned purposes, we do not disclose Personal Data to third parties outside the Company except in the following cases:

• to the Company's partners, e.g. partners with which the Company offers joint products and Services, or participants in the SWIFT or SEPA payment systems, and international payment card systems for execution of a Customer's financial transactions;
• to state authorities for the execution of their functions required by law;
• to authorised auditors, legal and financial advisers;
• to Personal Data processors hired by the Company and that provide support for the provision of the Company's Services - we transfer Personal Data to our contractors and commission them to process the information on our behalf, taking into account our instructions and in accordance with the Personal Data Privacy Policy, as well as in compliance with any other applicable privacy and security measures;
• to credit institutions and financial institutions;
• to managers of public registers;
• to officers of the court;
• to debt recovery companies, credit history research (credit information) offices and other third parties to which the Company may assign its rights and obligations.

Prior to disclosing Personal Data to parties that are not mentioned above in this Personal Data Privacy Policy or to which the disclosure of Personal Data is not required by the applicable laws and regulations, we will ask for your consent.

We disclose Personal Data outside the Company only if we are confident that access to the information, use, storage or disclosure of the information is reasonably necessary in order to:

• comply with the applicable laws and regulations or requests and orders by state authorities and officers of the court;
• implement the applicable terms and conditions for the provision of Services, including the investigation of possible infringements;
• discover, prevent or otherwise solve problems in relation to fraud, security or technical issues;
• to protect from harm our interests, as well as the interests of our Customers, partners or society as requested or permitted by the applicable laws and regulations.

We can publicly disclose information that doesn't let to identify a person.

In certain cases, data may be transferred outside the EU/EEA if, for example, the Personal Data processor hired by the Company is located outside the EU/EEA and the transfer of such data is necessary in order to provide a Service or upon the Customer's request.

Data may be transferred outside the EU/EEA only if the Company provides the respective protection measures as required by the GDPR and such a transfer has legitimate grounds.

PROTECTION OF PERSONAL DATA

We ensure the security of all (non-public) Personal Data in the possession of the Company and the processing and storage thereof in compliance with the applicable laws and regulations in force in Latvia, including protection of the privacy and integrity of the Personal Data. The Company's internal processes determine the technological and procedural processes for achieving this objective, and the Company pays special attention to these issues, being aware of the significance of Personal Data security. Access to the Personal Data in the possession of the Company is strictly controlled, and Company employees have access only to the Personal Data they need to perform their work duties.

The Company's Information Security Policy provides a strict procedure for the management of security by, for example, specifying guidelines for the physical security of data. The Company's Encryption Management procedure supplementing this policy determines that the Company will use data encryption in order to protect the privacy of your data during storage and transfer.

In order to protect your Personal Data from unauthorised access, unlawful processing or disclosure, accidental loss, modifications or destruction, we apply appropriate measures in order to comply with the requirements of the applicable laws and regulations. Such measures include technical measures, such as the selection and configuration of suitable information systems, the provision of the respective connection security, the protection of data and files, as well as organisational measures, such as restricted access to such systems, files and objects.

YOUR RIGHTS IN RELATION TO PROCESSING OF PERSONAL DATA

The Company ensures that the processing of Personal Data is honest and transparent, and that all rights of natural persons arising from the applicable laws and regulations shall always be attainable.

In particular, you have:

• the right to access your Personal Data processed by the Company. Upon your request, the Company:

a) shall confirm that Personal Data in relation to you is being processed and shall provide information regarding the purposes of processing, categories of Personal Data and recipients or categories of recipients of Personal Data to which the Personal Data has been disclosed;

b) shall inform you regarding the Personal Data being processed and the available information on the sources thereof;

c) shall provide information regarding the logic of automated processing of Personal Data in case of automated decision-making.

• the right to request corrections to inaccurate Personal Data;
• if the processing of Personal Data is based on your consent, you have the right to withdraw such consent at any time, notwithstanding the legitimacy of data processing performed on the basis of consent prior to the withdrawal of such consent;
• the right to receive the processed Personal Data in a structured, widely used and machine-readable format, as well as the right to send the Personal Data to another controller under certain circumstances;
• the right to request the deletion or restriction of the processing of your Personal Data under certain circumstances;
• the right to object to the processing of Personal Data for certain purposes and under certain circumstances;
• You also have the right to submit a complaint to the supervisory authority, the State Data Inspectorate (Blaumaņa iela 11/13-11, Riga, LV-1011, telephone: +371 67223131, e-mail: info@dvi.gov.lv ).

STORAGE PERIOD OF PERSONAL DATA

Personal Data shall be stored in accordance with the applicable laws and regulation and no longer than necessary. The Personal Data storage period is determined by the Company, and it depends on the particular agreement/Service and basis for Personal Data processing.

The Company stores Personal Data for as short a period as possible and irrevocably destroys all Personal Data once the business necessity and the storage period determined by the applicable laws and regulations have ended (it should be kept in mind that applicable Latvian, European and international laws and regulations, e.g. on accounting and the prevention of money laundering and the financing of terrorism, often require the Company to store historic data).

PROFILING

Profiling is any type of automated Personal Data processing manifested as the use of Personal Data in order to assess certain personal aspects in relation to a natural person, especially in order to analyse or forecast aspects related to the performance of the mentioned natural person at work, their economic situation, health, personal desires, interests, trustworthiness, behaviour, location or movement, for example, in order to perform a risk assessment for the purposes of preventing money laundering and the financing of terrorism.

The Company uses profiling in order to prepare an analysis for advising the Customer, for the purposes of direct marketing, automated decision-making, for example, risk management, as well as for monitoring transactions for the purposes of fraud prevention.

The Company performs profiling on the following legal basis:

• execution of legal obligations. The Company can process Personal Data and assess personal aspects when performing risk assessment for the purposes of preventing money laundering and the financing of terrorism;
• Customer's consent or legitimate interests in some cases. The Company can conduct profiling in order to assess Customer needs, develop its Services, or provide more timely offers of Services.

The Company can make a decision in relation to the Customer only on the basis of the automated processing of Personal Data. In such a case, the Customer is entitled to decide that decisions made only on the basis of automated processing of their Personal Data, including profiling, not be made in relation to them. The Customer may exercise such rights if, on the basis of an automated decision, the Company refuses to enter into an agreement or to provide Services. Upon your request, Company employees will review such an automated decision.

COOKIES

The Company uses cookies, which are small text files stored on a computer or other device in order to improve the functionality of the home page. The Company's Policy on Use of Cookies is available here: https://www.transactpro.eu/lven/ .

ADVERTISING AND DIRECT MARKETING

Our advertisements and direct marketing notifications (e.g. about our Services) are sent to those Customers who have agreed to receive direct marketing and advertising offers from the Company. Such Customers receive offers and direct marketing notifications from the Company by using the selected communication channels. Within the framework of its legitimate interests, the Company can offer its Services to existing Customers.

AMENDMENTS

We regularly review this Personal Data Privacy Policy and ensure that it is complied with when processing your Personal Data.

IN CASE OF QUESTIONS

In case of questions, you can contact the Company; updated contact information can be found on our web site https://www.transactpro.eu .

You can also contact the State Data Inspectorate (Blaumaņa iela 11/13-11, Riga, LV-1011, telephone: +371 67223131, e-mail: info@dvi.gov.lv ), if you have doubts regarding your rights in relation to the processing of your Personal Data.