Privacy e Cookies Policy IT - Trustcom Financial

TRUSTCOM FINANCIAL UAB – PRIVACY POLICY

INTRODUCTION

This Privacy Policy (hereafter the Policy) describes the procedures performed by TRUSTCOM FINANCIAL UAB (hereinafter TRUSTCOM) in relation to the processing of personal data collected directly form YOU (Data Subject), through the website www.trustcomfinancial.com (hereinafter the Website), mobile application, social networks and other public sources, i.e. when YOU visit the website of TRUSTCOM, use the mobile application, register as a client, order TRUSTCOM services, subscribe for the newsletter of TRUSTCOM, enter TRUSTCOM account in the social media, contact TRUSTCOM via email or other channels of communication.

Privacy Policy (hereafter Privacy Policy or the Policy) has been drawn up taking into consideration the legal acts of the Republic of Lithuania and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). TRUSTCOM ensures that the processing is carried out in accordance with all the provisions of the General Data Protection Regulation. TRUSTCOM’s personnel may only process personal data in accordance with the instructions issued by the controller.

The Policy shall constitute an integral part of the General Terms and Conditions of Payment Services and The Rules for Payment Services and Account Opening, also the Client Trading Agreement, therefore, they must be interpreted and construed together, taking relevant context into account.

By visiting TRUSTCOM website and/or using the information and/or services contained therein, YOU acknowledge and confirm that YOU have read, understood and agree with this Privacy Policy.

2. DEFINITIONS

Personal Data – as it is described in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation), i.e. any information relating to an identified or identifiable natural person („Data subject” or “YOU”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data Controller is an electronic money institution TRUSTCOM FINANCIAL UAB (“TRUSTCOM”), legal entity code 304521377, registered address at Pamėnkalnio 36-2A, Vilnius, LT-01114, Lithuania, who determines for what purposes the personal data is processed and how it is processed. The Data Controller has appointed a Data Security Officer, who can be contacted via email at [email protected]

Data subject – You – physical person who visits the website of TRUSTCOM, a future, current or ex Client of Trustcom, a representative of a Client – legal person.

Data Processor – a data processor that processes personal data on behalf of Trustcom. A processor and its personnel may only process personal data in accordance with the instructions issued by TRUSTCOM. The processor may not engage another processor without first obtaining TRUSTCOM’s written permission.

Cookie – a cookie is a small text file that a website saves on Data subject’s computer or mobile device when Data subject visits the website. A cookie enables the website to remember actions and preferences of the Data subject ‒ such as login, language, font size and other display preferences ‒ over a period, so the Data subject doesn’t have to keep re-entering them whenever he/she comes back to the site or browse from one page to

Social Networks – social network platforms such as facebook.com, www.instagram.com, www.linkedin.com, www.youtube.com and others, if used.

GENERAL TERMS OF DATA PROCESSING

TRUSTCOM data collection practices are governed by the following Policy, which describes what data Trustcom collects, how Trustcom uses that data and who has access to that data.

The Policy applies to all Trustcom services and any associated services.

From time to time, Trustcom may develop new or offer additional services. If the introduction of these new or additional services results in any material changes to the way Trustcom collects or processes Client’s Personal Data Trustcom will provide them with more information or additional terms or policies. Unless stated otherwise, when Trustcom introduces these new or additional services, they will be subject to this Policy. Therefore, we recommend to visit us periodically on our Website, where you will always find the latest version of the Privacy Policy.

If the User of the services is a legal entity, this Privacy Policy applies to natural persons whose data is transferred to us by the legal entity.

The aim of this Policy is to:

ensure that the Client understands what Personal Data Trustcom collects about them, the reasons why Trustcom collects and uses it, and who Trustcom shares it with;
explain the way Trustcom uses Personal Data;
explain the Client’s rights and choices in relation to the Personal Data that Trustcom collects and processes and how Trustcom will protect the Client’s privacy.

The principles under which Trustcom collects and processes Personal Data are as follows:

lawfulness: Personal Data must be processed lawfully, fairly and in a transparent manner in relation to the Client;
transparency: the Client must be informed of how their data is being processed;
purpose limitation: Personal Data can be processed only for the purposes that were defined before the data was collected;
storage limitation: as a general rule, Personal Data must be deleted when it is no longer needed for the purposes for which it was processed;
data minimisation: only Personal Data which is necessary for each specific purpose of processing will be processed;
data accuracy: Personal Data must be accurate and kept up to date; every reasonable step must be taken to ensure that the personal data which is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay;
confidentiality and data security: Personal Data must be treated as confidential by every Trustcom employee or Trustcom service provider’s every employee and secured with suitable organizational and technical measures to prevent unauthorized access, illegal processing or distribution, as well as accidental loss, modification or destruction.

PURPOSE OF DATA COLLECTION

Personal data is collected and stored for the following purposes: identification of the Client, provision of payment services and other services related to the payment services, proper assessment of emerging risks, continuous and periodic monitoring of business relationships, prevention of money laundering/terrorist financing, fraud and other criminal offenses, business relations with customer, perform dispute prevention, gather evidence, protect the legitimate interests of the Client and/or Trustcom, ensure the quality assurance of the services provided by Trustcom, inform the Client about the services provided, for direct marketing, perform statistical analysis, prevent abuse of services and perform other rights and obligations specified by legislation in force.

THE COLLECTION AND USAGE OF DATA

TRUSTCOM collects data directly from the Clients with their explicit consent. This consent is expressed by ticking the consent box. This consent is given before the moment Trustcom starts to collect the data.

According to Article 5.1., the following data is collected with the Client’s consent:

personal data – name, surname, date of birth, personal code (or tax identification number/ code), place of birth; type of personal identification document, number, date of issue, place of issue, validity date, citizenship; photo; signature; nationality; address of residence; telephone number; e-mail.

financial data (after the opening of account) – IBAN number; date and time of the access; login and password; device address and name; IP address; actions carried out; executed transactions (transaction date, amount, purpose, recipients and senders); account balance, credit and debit turnover; the amount of funds seized and seizure supporting document;

monitoring data (in accordance with anti-money laundering and counter terrorist financing legal requirements) – purpose and intended nature of the client’s business relationship; details of accounts held by the Client in other financial institutions; financial liabilities; a record if the Client or member of the family is a politically exposed person; Client’s accounts (reports) proving the relevance of the location/activity/residence address and etc.

Trustcom also collects data from the Website and Social networks. Trustcom is constantly improving its Website and aims to make the use of it as easy as possible. For this purpose, Trustcom needs to know what information is most relevant to the Website visitors and potential clients, how often they connect, what browser and device they use, which content is mostly read, which region visitors come from, and similar demographics and statistics.

Trustcom collects such information by using automated tool called cookies. This allows Trustcom to record and analyse how visitors use the Website/Social networks and engage such information in Trustcom analysis for the improvement of the Website.

Trustcom collects data that is obtained from other independent external sources (such as joint data files, publicly available data, databases and registers, other service providers).

LOGS

The Website may also record requests the Client makes to the server, such as the web address opened, the device and browser used, date and time of access, the Client’s IP address, geolocation

The grounds for collecting and using such data is Trustcom legitimate interest in ensuring the technical availability and security of the Website, also to investigate possible security incidents.

Such data is stored as long as it is necessary for the purposes it was collected for, however not longer than for two years.

COOKIES

The Website/Social networks collects the following Cookies:

Cookie	Description	Validity term
Google statistics	Used to distinguish users	2 years
Google Universal Analytics	Stores information on visitors, sessions and campaigns	2 years
Google Analytics	Used to distinguish users	24 hours
Facebook Pixel	Advertising, tips, statistics and measurement	90 days
Tawkto	Used to distinguish users	2 years
467aef24c7, csr, zmpncc, zfccn, dcl_pfx_Icnt, JSESSIONID, stk, rtk, _imtrem, _z_identity, IAMTFA, _zsudc, zidp, zoho _fbuid, GAUTH_TICKET, tfa_ ac, clientauthtoken, dcl_bd, is _pfx	Necessary for the Website to work effectively	Session
zip	Necessary for the Website to work effectively	1 day
_iamadt, _iambdt	Necessary for the Website to work effectively	1 month
AKA_A2	Necessary for the Website to work effectively	1 hour
IAMTFATICKET_	Necessary for the Website to work effectively	180 day(s)
Has_js, IsMarketingSkip,	Functionality of Website	Session
Zc_consent, zc_show, polls, acc_ver	Functionality of Website	1 year
ZFEdition, ZFUserCountry, ZFUserCountryCode	Functionality of Website	150 days
Zloaded, coockiechecked, czonecreativeinfo	Functionality of Website	Indefinite
Zld dragpos, zld state	Functionality of Website	5 minutes
Isiframeenabled, zuserlang	Functionality of Website	1 day
isexitmodaldisabled	Functionality of Website	90 days
RT	Analytics cookies	7 days
Za_anonymous_id, zc_cu, zc_cu_exp, zc_tp, zabUserld, zabHMBucket, zabBucket, ZabSplit	Analytics cookies	1 year
Z PageURL, Z Ref	Analytics cookies	1 month
ZohoMarkRef, ZohoMarkSrc, zabVisitld, cookie-uid, zpzohopage, zpzohoref	Analytics cookies	Session
zsstssn	Analytics cookies	30 minutes
Zsltssn, PaymentsReferral	Analytics cookies	90 days
_zldp, _siqid, _uuid	Analytics cookies	2 years
_zldt	Analytics cookies	1 day
zab_	Analytics cookies	1 hour
Creator_cd, gclid, gtm_zoho_source	Analytics cookies	3 months
zsrv0., zsr. Ps_payloadSeqld	Analytics cookies	2 hours
ztpctest	Analytics cookies	Transient

Cookies used on the Website may be categorised into:

functional Cookies – these Cookies are essential in order to enable the Client to move around the Website and use its features. For example, functional Cookies are used to remember login information;

performance Cookies – these Cookies collect anonymous statistical information on how visitors use the Website. For example, performance Cookies may help Trustcom understand how users browse or use the Website and highlight areas that are used the most;

targeted advertising Cookies – these Cookies collect information about browsing habits. They are used to make advertising more relevant to the Client and their Trustcom may also use these Cookies to limit the number of times the Clients see an advert, and to estimate how the advertisements on the Website reach the users. The cookies are usually placed by third party advertising networks to create information about interests through online behaviour;

other third party Cookies – Trustcom also may have Social networks Cookies on the Website. These Cookies allow sharing what the Client has been doing on the Website on Social network such as Facebook, Instagram, Linkedin, Youtube. Trustcom is not responsible for such Cookies as they are governed by the privacy policies of these third parties.

Cookies are placed on the Client’s device only after they give their consent, unless Cookies are required for strictly technical functioning of the Website. However, it is important to note that if the Client does not give his/her consent to the use of Cookies, certain functions of the Website may not function properly or may not function at all.

The legal basis for the use of functional Cookies is Trustcom legitimate interest in ensuring the technical functionality of the Website. When Cookies are used to remember the choices or for statistical or marketing purposes, the legal basis is the Client’s

The Client may control and/or delete Cookies under their wish – for details, see http://www.youronlinechoices.com/. All Cookies that are already on the computer/mobile phone may be deleted and the Client can set most browsers to prevent them from being placed. However, the Client may have to adjust manually some preferences every time visiting the Website, while some services and functionalities may not work.

DATA FOR DIRECT MARKETING

If the Data subject subscribes to the Trustcom newsletter via the Website, Social networks or becomes the potential client, Trustcom may send updates, alerts and newsletters which may be of interest. For the latter purpose Trustcom shall process the Client’s e-mail address.

Legal basis to provide direct marketing material is the existing Data subject’s consent when subscribing to Trustcom newsletter, or Trustcom legitimate interest, when the Data subject becomes Trustcom Client, to advertise and grow sales of Trustcom services and to provide Client with relevant information about Trustcom and offers of services available at the Website. The Client at any time may withdraw their consent or disagree with such use of their email at any time by clicking “unsubscribe” in the message received from Trustcom. However, third parties, including potential clients, may receive direct marketing only under their consent.

Such data is stored as long as it is necessary for the purposes it was collected for, however not longer than for two years.

DATA OF POTENTIAL CLIENTS

When starting the “Open an account” procedure on the Website, the natural person (Data subject) is considered to be a potential client of Trustcom, who requires Trustcom to perform specific actions that are necessary before entering into a contract. As a result, the potential Client is required to provide specific personal data by filling in the Website’s The data required in the form are necessary for Trustcom for the purpose of identification and compliance with legal regulations, related with “anti-money laundering” and “know your client” (hereafter – AML and KYC). Legal basis to process such data is the necessity to take steps at the request of the data subject prior to entering into a contract and to comply with legal obligations applicable to Trustcom as an electronic money institution.

When performing the first step of “Open an account” procedure, the potential Client is required to use the automatized tool, which enables to verify the potential Client’s The necessity for such verification arises from legal obligations related with AML and KYC legislation. During this procedure biometric data of the potential Client’s face is processed by comparing it to the data in the photo of an identity document. The procedure of identity verification with the help of biometric data is understood as a decision, based solely on automated data processing. This means, that a computer without any human intervention automatically compares and decides whether the face matches the one in the identity document. Legal basis to process such data for identity verification purpose is the potential Client’s explicit consent which is provided during the “Open an account” procedure before the data is being collected.

In case the results of the overall verification are positive and the natural person becomes Trustcom Client, such data together with other additional data is stored for the duration of the Business Relation with the Client and after the business relation is terminated, this data is stored for other 8 years or as long as it is required by law or it is necessary for other legitimate purposes.

In case the results of the overall verification are negative or the potential Client does not enter in the business relation with Trustcom (does not conclude a contract with Trustcom), the data is stored for six months.

DATA OF CLIENTS

Having assessed the data provided by YOU as a potential client via the Website form and verified their identity in accordance with applicable procedures, in case of positive results Trustcom may provide the Client Trading Agreement form (or other document) that requires some additional data necessary for the performance of the contract and under applicable legislations related with AML and KYC. In case the Client orders a card, his/her payment card data shall be processed as well. Legal basis to process such data is the necessity to conclude and perform the contract, comply with legal obligations applicable to Trustcom and pursuit of Trustcom legitimate interests to ensure appropriate and effective providing of the services, including fulfilment of Client’s rights, arising from the contract.

The data of the Client are stored as long as the contract is valid and for 8 years after the termination of the business relation, or as long as it is required by law or it is necessary for other legitimate purposes.

ENQUIRIES AND COMPLAINTS

When the Client contacts Trustcom with an enquiry or complaint via the website form at https://trustcomfinancial.com/contacts/, https://trustcomfinancial.com/compliant-form/ or email, their contact details and content of their message will be used to respond to the enquiry or complaint.

Legal basis to collect and process this data is Trustcom legitimate interest to respond to enquiries or complaints about Trustcom In some cases Trustcom may be under a legal obligation to respond to the Client’s enquiries, in which case the performance of legal obligation will be the basis for data processing.

Such data is stored as long as it is necessary for the purposes it was collected for, however not longer than for three years. However, in cases when enquires or complaints may cause legal consequences, such data shall be stored for applicable limitation period.

These Privacy Policy provisions are governed by the law of the Republic of Lithuania. All disputes arising out of these Policy provisions will be resolved through negotiations, and if they fail, in the Courts of the Republic of Lithuania.

DATA ACCESS

Statistical data about Trustcom website visitors, including logs and Cookies, may be accessed by Trustcom employees and employees of Trustom service providers in marketing and IT departments who are responsible for analysing that data, improving the Website and providing marketing initiatives.

Trustcom service providers who provide Trustcom with website content management tools or who host the Website may have access to technical log files.

Data collected by Cookies is accessible to partners providing relevant Cookies (e. g. Google, Facebook, etc.).

Data used for direct marketing purposes is accessible to Trustcom employees and employees of Trustcom service providers in marketing and IT departments who are responsible for executing direct marketing initiatives, and service providers, who provide Trustcom IT tools, used for sending direct marketing messages.

Data of the potential clients and clients may be accessed by Trustcom employees and employees of Trustcom service providers who are responsible for client identification, verification, client relationship management, conclusion and performance of contracts. In addition to this, data of potential clients and clients, including those, who have ordered payment cards, is available to the providers of IT systems, used to store and process such data.

Data of enquiries or complaints is provided to Trustcom or Trustcom service providers and its employees, who are responsible for answering to various requests.

All personal data under particular circumstances may be disclosed to third parties in the following cases:

to the extent permitted or required by legal acts, e. g. to tax institutions, municipal institutions, insurance companies, police and other appropriate institutions;

when Trustcom fairly believes that disclosure is necessary to defend Trustcom rights, to ensure the Client’s safety or safety of others, investigating fraud cases, etc. e. g., with the purpose to ensure the rights and obligations of Trustcom – to lawyers, prosecutors, courts, etc.

Personal data may be transferred and processed outside the EU/EEA when the transfer is necessary for the conclusion and execution of the contract (for example, when your payment is made to a third party or a third party partner (correspondent) is used for execution) or the Client has given consent. In all these cases, Trustcom will work to ensure that appropriate technical and organizational safeguards are in place.

Trustcom is not responsible for ensuring the Client’s privacy on third party websites, even in cases where the Client accesses third party websites using the links on this Website. Trustcom recommends that you read the privacy policy of each non Trustcom Website.

DATA SUBJECT RIGHTS

By contacting Trustcom via e-mail [email protected] or telephone number +370 5 249 5546, YOU may exercise Your rights in line with the requirements of applicable EU and local laws:

to access Personal Data – the right to be informed of, and request access to the Personal Data processed about the Client;

to rectification of Personal Data – the right to request amends or updates of Personal Data where it is inaccurate or incomplete;

to withdraw consent to processing of personal data, where applicable;

to request erasure of Personal Data;

the right to restrict – the right to request that Trustcom temporarily or permanently stops processing all or some of the Client’s Personal Data;

at any time, the right to object – processing Client’s Personal Data on grounds relating to Client’s particular situation and/or the right to object if Personal Data being processed for direct marketing purposes;

the right to data portability – the right to request a copy of Client’s personal data in electronic format and the right to transmit that Personal Data for use in another party’s service;

the right not to be subject to automated decision-making – the right to not be subject to a decision based solely on automated decision making, including profiling, where the decision would have a legal effect on the Client or produce a similarly significant effect.

other statutory rights.

The above-mentioned Data subject’s rights shall be interpreted and executed by Trustcom only within the framework of General Data Protection Regulation and subsequent derived doctrine.

In case of verification through an automated tool, the Client has a right to obtain human intervention, express their point of view and contest the decision.

If personal data is erased at the Client’s request, Trustcom will only retain such copies of the information as are necessary to protect Trustcom or third party legitimate interests, comply with governmental orders, resolve disputes, troubleshoot problems, or enforce any agreement the Client has entered into with Trustcom.

RIGHT TO LODGE A COMPLAINT

14.1. In case the Data subject thinks that his privacy rights have been breached, he may lodge a complaint with an authority of the EU country of their habitual residence, place of work or place of the alleged infringement. Contact details of State Data Protection Inspectorate in Lithuania are the following: State data protection inspectorate, L. Sapiegos str. 17, 10312 Vilnius; Tel. No. (8 5) 271 2804, (8 5) 279 1445; Fax. (8 5) 261 9494; e-mail [email protected].

14.2. Information for other authorities can be accessed at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080