UAB “IBS Lithuania” Privacy Statement

General information

 

UAB “IBS Lithuania” (hereinafter referred to as “we“ or „Data controller“) is the controller of this website. In this Privacy Policy, we inform you about the collection, use and processing of personal data when using our website http://ibsettle.com/ (hereinafter: “Website”), our web application (hereinafter: “Web App”; both – “Website” and “Web App” jointly called: “Services”).

 

Data controller requisites:

UAB “IBS Lithuania”

Legal entity code: 304310405

Registered office: Konstitucijos pr. 15-69A, LT-09319 Vilnius

Phone. +37068267277

E-mail: info@ibsettle.com

 

Data Protection Officer:

Name: Eitautas

E-mail: privacy@ibsettle.com

Phone. +37062023445

 

We confirm that your data will be collected in accordance with the requirements of the valid legal acts of the European Union and the Republic of Lithuania and the instructions of the controlling authorities. All reasonable technical and administrative measures will be applied in order to protect our collected data about site visitors from loss, unauthorized use and / or changes of data. The Data controller`s employees made a written commitment not to disclose or disseminate information received at the workplace to third parties, including information about visitors of the web site/social network accounts.

Persons under the age of 14 cannot provide any personal information through our site / social networking accounts. If you are a person below the age of 14, before submitting personal information, you must obtain the consent of your parents or other legal guardians.

The terms used in these rules are understood as defined in the General Data Protection Regulation No. 2016/679 (EU).

In order to provide our services, such as our payment methods and our Banking System, we need to process your personal data, as described below. We do this with the utmost consideration.

It is very important that you carefully read these privacy policies, because each time you visit this site, you agree to the terms described here. If you do not agree to these terms, please do not visit our web site, do not use our content and / or services.

 

How do we collect information about you?

Your personal data, e.g. any information about you that allow us to recognize you is collected in various ways:

-       you may provide us with information directly (i.e. when ordering or registering on our Website („Sign-up“));

-       we may collect information automatically (i.e. when you access our website, social account, use our apps);

-       we may acquire information from third parties and collect information about you from publicly available (e.g. through LinkedIn, social networks, your company website or otherwise).

We may collect information that you provide directly. Typically this will happen when you:

-     register on our Website (“Sign-up”);

-     sign Service contract or other contract with us;

-     install our apps;

-     subscribe to our newsletter or other communication;

-     participate in surveys.

We may collect information about you automatically. Typically this will happen when you:

  • submit queries through our Website or through our social networking accounts;
  • use our Website (with the help of cookies and similar technologies data is collected. You can find further information about cookies that we use down below);
  • publish public posts on social networking platforms that we are administering.

Where permitted by law, we may acquire information about you from third parties. This may be the information provided by our partners, marketing agencies, your public profile information (LinkedIn, Facebook, Twitter, Instagram). We may associate the information we receive about you from yourself, public and commercial sources with other information we receive from you or about you.

 

We may collect information about you in other cases that are not covered by this Privacy Policy as well. If this happens, we will inform you additionally.

 

What information about you do we collect?

 

Although we try to collect as little information about you as possible, we collect the following information for our activities:

-       information necessary to provide our services to you (i.e. for the purpose of opening an Account with IBS Lithuania ("Sign-up") and using the Services of IBS Lithuania, like Know Your Customer (KYC) information);

-       information you give us in surveys;

-       information about your preferences and interests;

-       information necessary to verify your age and identity;

-       information about the device you are using.

 

Information that we collect from you directly will be apparent from the context in which you provide it. For example:

To provide Services, we handle the following information:

Personal and contact information – full name and surname, personal number/code,  date and place of birth, nationality, registered address, correspondence address, data of the personal identity documents (type of the personal identity document, issue date, ID number, issuing authority), photography and selfie, signature, tax identification number, tax residency, email address, mobile phone number, occupation, PEP status, IP address etc.

Payment information – such as details of any transactions carried out using any of the Services, bank account number, e-wallet information etc.

IBS Lithuania may also need additional commercial and/or identification information from your e.g. if you send or receive certain high-value or high volume transactions or as needed to comply with our anti-money laundering obligations under applicable law.

Additionally, IBS Lithuania will document and store your payments and transfers processed within the framework of your use of an Electronic Money and Payment account.

Information that we collect automatically will generally concern:
Information about how you use our websites (Device information i.e:  IP address; Geographical location; Date and time of the request; Time zone difference to Greenwich Mean Time (GMT); Access status/http status code; Volume of data transferred; Website (from which the request comes); Browser; Operating system etc. Furthermore, through the use of our Website, Cookies will be stored on your end device.
Information that we collect from third parties or publicly-available sources usually is:
Your personal and contact and payment  information such as full name and surname, personal number/code,  date and place of birth, nationality, registered address, correspondence address, data of the personal identity documents (type of the personal identity document, issue date, ID number, issuing authority), photography and selfie, signature, tax identification number, tax residency, email address, mobile phone number, occupation, PEP status, IP address, transaction information, bank account details, card payment information,  special preferences and interests


You may choose not to provide us certain information (for example, information requested on the registration form (“Sign-up”), however in this case we will not be able to provide to you our Services and other updates. 

For what purposes do we use information about you, and on what legal basis?


Subject to the above, information is processed for the following purposes:

-       to confirm Client’s  identity and verify personal and contact details in order to confirm Client’s eligibility to use our products and services and to comply with any applicable legal and/or regulatory requirements, like anti-money laundering obligations under applicable law;

-       to provide you the Services and to carry out our obligations related to the provision of the Services;

-       to provide you the information about our Services;

-       to provide information, which was requested by you, related to the provision of Services;

-       for marketing purposes, e.g. to provide tailor-made advertisements and promotional content and to send reports about promotional activities, to evaluate and analyze market, customers, products and services (including collecting your opinion on products and services, organizing customers / partners surveys, contests or promotional activities to the extent permitted by law);

-       to find out how people use our Services in order to improve them and create new content, products and services;

-       to defend our interests in court or in other institution;

-       for other purposes, with your consent⃰.

 

We inform you that at any time you have the right to refuse to receive the content of our direct marketing, informing us of your determination by e-mail privacy@ibsettle.com or by using the refusal link in the newsletter. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

 

The legal basis for our use of information about you is one or several of the following:

-       compliance with legal obligations to which we are subjects;

-       performance of the contract with you;

-       a legitimate business interest that is not overridden by interests you have to protect the information;

-       in certain cases, your consent.

The purposes for which we use information about you, with corresponding methods of collection and legal basis for use are presented in this table.


Purpose
Legal basis for Processing
 Personal data
To confirm Client’s  identity and verify personal and contact details in order to confirm Client’s eligibility to use our products and services and to comply with any applicable legal and/or regulatory requirement

Legal obligation

A legitimate business interest that is not overridden by interests you have to protect the information

full name and surname, personal number/code,  date and place of birth, nationality, registered address and  correspondence address, data of the personal identity documents (type of the personal identity document, issue date, ID number, issuing authority), photography and selfie, signature, tax identification number, tax residency, email address, mobile phone number, occupation, PEP status, IP address etc.
To provide you the Services and to carry out our obligations related to the provision of the Services

Performance of the contract with you

Legal obligation

full name and surname, personal number/code,  date and place of birth, nationality, registered address and  correspondence address, data of the personal identity documents (type of the personal identity document, issue date, ID number, issuing authority), photography and selfie, signature, tax identification number, tax residency, email address, mobile phone number, occupation, PEP status, IP address etc
To provide information about the Services

Performance of the contract with you

A legitimate business interest that is not overridden by interests you have to protect the information

full name and surname, email address, mobile phone number
To provide information, which was requested by you, related to the provision of services
This information is provided to you due to we have a legitimate interest in providing accurate information about our services, availability of them, additional services, etc.
In order to answer your inquiries by, e-mail, social networking environment and other ways, we can ask for your, e-mail address or other convenient contact
For marketing purposes, e.g., to provide tailor-made advertisements and promotional content and to send reports about promotional activities, to evaluate and analyze market, customers, products and services (including collecting your opinion on products and services, and organizing customer surveys);
For this purpose we process your personal data with a legitimate interest in informing you about our services, events, news and other relevant information
Social network account details, e-mail, your interests
To find out how people use our online services in order to improve them and create new content, products and services
For this purpose we process your personal data with a legitimate interest to monitor the quality of the services provided, develop and improve the content that we provide, and ensure the security of the website
IP address, operating system version and parameters of the device you use to access content / products, the usage time and duration of your session, query terms that you enter on our website, and any information stored in the cookies that we have detected on your device, GPS signal of the device, or information about the closest Wi-Fi access points and cellular towers that may be passed to us when you are using our website content
Defend our interests in court of other institution

Compliance with legal obligations to which we are subjects

Legitimate interest to defend against claims and pretenses

Depending on the claim or pretense, we may handle all of your personal data contained in our possession in these privacy policies


Where we do not base our use of information about you on one of the above legal bases, we will ask for your consent before we process the information (these cases will be clear from the context).

In some instances, we may use information about you in ways that are not described above. Where this is the case, we will provide a supplemental privacy notice that explains such use. You should read any supplemental notice in conjunction with this notice.

Who do we share your information with?

We may share information about you:

-       For companies that provide services on our request.

-       For other companies within our group of companies.

-       For banks / international payment service provider / other companies that assist in payment transactions.

-       For companies that help organize competitions / games / promotions.

-       For other responsible selected business partners.

-       For other third parties, where required or permitted by law, or is necessary to protect our legitimate interests.

The companies that provide services at our request are currently: remote ID verification service provider, IT service providers, cloud storage service provider, strong customer authentification (SMS validation and confirmation message provider), auditors. The ability of these companies to use your information is limited. They cannot use this information other than for the purposes of providing services for us.

The companies that help organize competitions / games / promotions are currently: advertising and analytics agencies. The ability of these companies to use your information is limited. They cannot use this information other than for the purposes of providing services for us.

Other companies within our group of companies are: International Business Settlement Holdings Ltd.

Responsible selected business partners are financial services providers that help IBS Lithuania provide the Services including banking partners, banking intermediaries and international payments services provider, as well as card manufacturing/personalisation and delivery companies, fraud and risk mitigation service provider. The ability of these partners to use your information is limited. They cannot use this information other than for the purposes of providing services for us.

Other third parties that may be provided with our available information about you when it is necessary to protect our legitimate interests are the governmental authorities, pre-trial investigation officers, courts, etc.

Where might information about you be sent?

When using information as described in this Privacy Policy, information about you may be transferred either within or outside the country or territory where it was collected, including to a country or territory that may not have equivalent data protection standards. In such cases, we do our best to ensure the security of your personal data being transmitted.

The Data controller sends your personal data to the following countries outside the European Economic Area: the People's Republic of China (PRC);

When the data controller sends your personal data to countries outside the European Economic Area, we will make sure that one of the following security measures will be applied:

-       “Privacy Shield”;

-       the agreement signed with the data recipient should be based on the Standard Contractual Clauses approved by the European Commission;

-       in case of transferring data to a group of companies, Binding Corporate Rules rules are applied;

-       the data recipient is located in a country that is to be recognized by the European Commission as applying adequate data protection standards;

-       permission from the Data Protection Inspectorate.

How do we protect information about you?

We have implemented intelligent and appropriate physical and technical measures to protect the information we collect for content / service purposes, inter alia:

-       Administrative measures. Access to your personal data is limited to authorized personnel who have a legitimate need to access it based on their job descriptions. In case third-party contractors process personal data on our behalf, similar requirements are imposed.

-       Technological measures. All information you provide to us is stored on our secure servers. Personal data is transmitted in encrypted format using Secured Sockets Layer / Transport Layer Security (SSL/TLS technology); Where we have given you (or where you have chosen) a password that enables you to access certain parts of our Services, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. Personal data which is stored with us is also encrypted.  Access to your personal data is limited to authorized personnel who have a legitimate need to access it based on their job descriptions and access rights. We use up-to-date firewall protection and high-quality antivirus and anti-malware software.

However, keep in mind that while we are taking appropriate action to protect your information, no website, online transaction, computer system or wireless connection is completely safe.

How long will information about you be kept?

We will retain information about you for the period necessary to fulfill the purposes for which the information was collected. After that, we will delete it, unless legal acts obliges us to store information for tax purposes or data may be required for pre-trial investigation, but in any case, the retention period will be no more than 10 years. When this term expires, the data will be deleted in such a way that they cannot be restored.

 

Typically, personal data is stored in the following terms:

Personal data
Storage period
Personal and contact data
10 years after the end of business relationship.
Payment records
10 years after the payment transaction.
Marketing records
3 years after your last visit to our website.
IT system records (logs
Up to several months.
Business analytics
Business analytics data is typically collected automatically when you use our website and anonymised / aggregated shortly afterwards.


What rights do you have?

The data subject whose data is processed by the data controller, depending on the situation, has these rights:

-       to be informed about personal data being processed (right to be informed);

-       to access personal data and get information about how personal data is being processed  (right to access);

-       to obtain from the controller the rectification of inaccurate personal data concerning data subject and have the right to have incomplete personal data completed (right to rectification);

-       to erase personal data (right to be “forgotten”);

-       to require the data controller to restrict the processing of personal data for one of the legitimate reasons (right to restriction of processing);

-       to transmit personal data to another controller (right to data portability);

-       to object at any time to processing of personal data concerning data subject which is based on the performance of a task carried out in the public interest or for the purposes of the legitimate interests pursued by the controller or by a third party. In order for the controller to process personal data, he is responsible to prove that the processing is conducted for legitimate reasons and those reasons are beyond the interests of the data subject;

-       lodge a complaint with the supervisory authority in your country. 

We offer you easy ways to exercise these rights. You can do this by writing to us at privacy@ibsettle.com or by using certain links at the bottom of the promotional content provided by us.

We may not give you the conditions for the implementation of the above mentioned rights, where in the cases provided by the law, it is necessary to ensure the prevention of crimes, offenses of professional or ethical conduct, as well as to ensure the protection of the rights and freedoms of the data subject or other persons.

Your rights will be fulfilled once your identity is confirmed live, by electronic signature or, if these two options are not possible, remotely via eBanking, Skype, Zoom.

Your rightCertain limitations
Right to be informed
Before processing your personal data, you have the right to receive information about processing of your data in a concise, transparent, intelligible and easily accessible form, using clear and plain language.
Right to access

This is confirmation of:

-        whether or not we process information about you;

-        submitting a list of your personal data we manage;

-        the purpose and legal grounds of the processing;

-        confirmation of whether we are sending data to third parties and if so, what security measures we have taken.

-        the categories of persons with whom we share your personal data;

-        the existence of automated decision-making, including profiling, that produces legal effects concerning you, or significantly affects you in a similar way, and information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

-        provision of data storage time.

Upon identification of your identity, we will provide you the information listed above, if such information will not violate the rights and freedoms of other persons.

 Right to rectify or update personal data
This applies if the information we hold is inaccurate or incomplete.
Right to erase personal data (Right to be “forgotten”)

This applies if:

-        the information we hold is no longer necessary in relation to the purposes for which we use it;

-        we use the information on the basis of your consent and you withdraw your consent;

-        we use the information on the basis of legitimate interest and we find that, following your objection, we do not have an overriding interest in continuing to use it;

-        the information was unlawfully obtained or used.

Right to restrict the processing of personal data  

This right applies temporarily while we look into your case, if you:

contest the accuracy of information we use;

-        have objected to our using the information on the basis of legitimate interest;

-        our use is unlawful and you oppose the erasure of the data;

-        we no longer need the data, but you require it to establish a legal case

Right to object

You can exercise this right if we use the information about you on the basis of legitimate interest for purposes other than direct marketing, you can object to our using it for those purposes, giving an explanation of your particular situation, and we will consider your objection, unless legitimate grounds for processing will override the interests, rights and freedoms of the data subject.

 

Where your personal data are processed for direct marketing purposes, you can object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Right to data portability
This right can be implemented if you have provided data to us and we use that data, by automated means, and on the basis either of your consent, or on the basis of discharging our contractual obligations to you.

Lodge a complaint with the supervisory authority in your country

 

If you think your privacy rights have been breached, you may lodge a complaint with an authority of the EU country of your habitual residence. Contact information for these authorities can be accessed at  http://ec.europa.eu/newsroom/article29/itemdetail.cfm?item_id=612080.

You have a right to lodge a complaint about IBS Lithuania’s processing of personal data by contacting the State Data Protection Inspectorate of Lithuania (www.ada.lt);


Cookies, signals and similar technologies

In these privacy rules we use the term “cookies” for cookies and other similar technologies, such as Pixel Tags, Web Beacons, clear GIFs.

When you visit our website, we want to provide content and features tailored to your needs. This requires cookies. Cookies are small items of information stored in your web browser. They help the data controller to recognize you as the previous visitor to a certain website save the history of your visit to the site and adapt the content accordingly. Cookies also help ensure the smooth running of websites, allow you to monitor the duration, frequency of visits to websites and collect statistical information about the number of site visitors. By analyzing this data, we can improve our sites and make them more user-friendly for your use.

Cookies used in our website:

www.ibsettle.com

IBS Lithuania uses Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it, how often they connect, what browser and device they use, what content is  mostly read, what region visitors come from, and similar demographics and statistics. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily. We use Google Analytics cookies. Google Analytics collects information anonymously. It reports website trends without identifying individual visitors. You can learn more about how Google Analytics works and the information it allows us to collect and analyse here: https://support.google.com/analytics/answer/1012034?hl=lten&ref_topic=6157800

You can find more detailed information about data protection and privacy at:

https://support.google.com/analytics/answer/6004245?hl=en   

 

You may at any time disable collection of your data by Google Analytics, as described here - https://tools.google.com/dlpage/gaoptout/

Title
Period
Purpose
_ga
3 years
Used by Google analytics to distinguish users.
_gat
1 minute
Used by Google analytics to limit the amount of data recorded by Google on high traffic volume websites
_gid
24 hours
Used to distinguish users.
currency
1 month
Used to distinguish users.
default
When the browsing session ends
Default Google analytics cookies
language
1 month
Used to distinguish users


IBS Lithuania also collects  information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our Website or App (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.  IBS Lithuania uses Smart Look to track this information.

You can find more detailed information about this at: https://www.smartlook.com/help/privacy-statement/

You may at any time disable collection of your data by Smart Look, as described here:

https://www.smartlook.com/help/opt-out-of-smartlook/

 

https://ib.ibsettle.com/

To provide Services, we handle the following information:

Title PeriodPurpose
JSESSIONID
When the browsing session ends
Used for session management
default-login-type
1 year
Used for SMS confirmation 


When you use browser to access the content we provide, you can configure your browser to accept all cookies, reject all cookies or get notified when a cookie is downloaded. Each browser is different, so if you do not know how to change cookie preferences, look in its help menu. Operating system of your device may have additional cookie controls. If you do not want the information to be collected using cookies, use easy-to-use procedure in most current browsers that allows you to stop using cookies. To learn more about managing cookies, visit:
http://www.allaboutcookies.org/manage-cookies/

However, do not forget that some services may be designed to work only if there are cookies. Turning them off, you will no longer be able to use such services or certain parts of them.

Besides the cookies data controller is using, certain third parties, in our websites, can set up and access cookies on your computer. In this case, third-party privacy policies apply to the use of cookies.

Please note that our social networking accounts are subject to the appropriate social networking cookie policies.


Contact with us

 

If you notice a discrepancy between these privacy policies, a security loophole on our website or other issues related to the processing of your personal data, please contact our Data Protection Officer  via email privacy@ibsettle.com or contact us using following requisites:

 

Data Controller requisites:

UAB “IBS Lithuania”

Legal entity code: 304310405

Registered office: Jogailos g. 9, LT-01116 Vilnius, the Republic of Lithuania

Phone: +37068267277

E-mail: info@ibsettle.com

 

Final provisions

This Privacy Policy is reviewed at least once every year. When our Privacy Policy is updated, we will notify you, in our opinion, about essential changes by posting a notice on official IBS Lithuania website. Please check back frequently to see any updates or changes or notices to our privacy policy.

If you connect or use our content and / or services after posting such notice, we will assume you agree to the new requirements specified in the updated versions.

Last modified on 24 May 2018