Raisin
Date of last update: 21st of November, 2024
The protection of personal data is important to us at GF Bankas. Therefore, GF Bankas aims to comply with the data protection regulations in order to achieve sufficient protection and security of the customer data. With this document we wish to inform you about the processing of your personal data by GF Bankas and the rights regarding data protection, to which you are entitled.
You can find version of this document in German language here. Please note that in case of discrepancies between English and German versions, the English version shall prevail.
- Who is responsible for data processing and who can you contact?
Controller (Art. 4 No. 7 GDPR) for the data processing is:
UAB GF Bankas
Ukmerges str. 322
LT-12106 Vilnius
Lithuania
Email address: [email protected]
Our corporate data protection officer can be reached at:
UAB GF Bankas
Data protection officer
Ukmerges str. 322
LT-12106 Vilnius
Lithuania
Email address: [email protected]
2. Which data is processed by us and what are the sources for this data?
We process personal data that we receive directly from you in the context of the Customer relationship, also, that we receive from Raisin and/or Raisin Bank. The Customer relationship begins with the initiation of a contract and includes the completion of the contract. We also process personal data that we obtain from private KYC databases (UAB Ondato or AB Softronic).
Personal data that we receive from you, Raisin and/or Raisin Bank includes for example:
- first and last name, address, date and place of birth, nationality, occupational information, proof of identity validation, citizenship, phone numbers, email address, bank account information, information on personal income, information on personal wealth, marital status, tax number, data from identification documents, login data, customer number, etc.
Personal data that we receive from UAB Ondato or AB Softronic includes:
- Information about whether you are a politically exposed person, whether you are subject to international sanctions, negative media coverage.
3. For what purposes and on what legal basis do we process the data? How long my data will be stored?
(a) To fulfil contractual obligations (Art. 6 (1) sentence 1 lit b) GDPR):
We process personal data (Art 4 No. 2 GDPR) in order to provide our services under the deposit contract and other relevant required activities. Precontractual information that you provide as part of the registration process is also included.
For GF Bankas to be able to provide services to the customer it is necessary that certain personal data are transferred between GF Bankas, Raisin GmbH, the distribution partner (if applicable), Raisin Bank AG with which the customer wishes to conclude a contract or has concluded a contract. Any related data transfers rely on Art. 6 (1) sentence 1 lit b) GDPR and require that the customer has granted an exemption from banking secrecy.
GF bankas will store data about deposit contracts for 10 years after their end.
(b) To meet legal obligations (Art. 6 (1) sentence 1 lit c) GDPR):
We may process personal data for the purpose of fulfilling various legal obligations (e.g. obligations under taxation laws, deposit insurance laws, anti-money laundering and combating the financing of terrorism laws, laws on international sanctions, document and data archiving laws and laws regarding internal controls of the Bank).
All data related to fulfilment of legal obligations will be stored for 10 years after the end of the deposit contract, except data related to fulfilment of obligations under anti-money laundering and combating the financing of terrorism laws. Data collected for the purpose of fulfilment of legal obligations under anti-money laundering and combating the financing of terrorism laws will be stored for 8 years after the end of business relations.
(c) Within the framework of your consent (Art. 6 (1) sentence 1 lit a) GDPR):
In case you give us consent for the processing of your personal data for specific purposes, we process data in accordance with the purposes and to the extent defined in the declaration of consent. You have the right to revoke your consent at any time with effect for the future. Further information regarding the right of revocation can be found under 7.
The storage period will be provided in the consent form. It may vary, depending on which data processing operations consent is given for.
(d) To protect legitimate interests (Art. 6 (1) sentence 1 lit f) GDPR):
Bank has a legitimate interest to process your data beyond the actual fulfilment of the contract. Such processing is for example:
- Management of requests, complaints and enquiries;
- Measures to manage the business, to improve services and to recover customers;
- Advertising or market and opinion research, unless you have objected to such use in accordance with Art. 21 GDPR. Further information on the right to object can be found under 6.
This data will be stored for 10 years after the end of the contract. These are secondary purposes of personal data processing related to purpose fulfilment of contractual obligations purpose, described in subparagraph (a). We will not collect more data about you to fulfil these purposes than we collect in order to conclude deposit agreements with you and fulfil them.
4. Who receives my personal data?
- Our data processors (IT service providers, data storage service providers, banking platform providers, providers of internal communication systems);
- Raisin and /or Raisin Bank, to the extent necessary to conclude and fulfil the deposit contract;
- Private KYC databases, to the extent necessary to comply with legal obligations under anti-money laundering and combating the financing of terrorism laws;
- External audit service providers, to the extent necessary to comply with legal obligations regulating internal control systems of the Bank;
- Other persons may receive your data if you have given your consent for the transmission of data to such persons.
Please note, that all data processors and other abovementioned data recipients have a contractual obligation to treat your data as confidential and to process the data only within the framework of the provision of their services to us. Also, based on the fulfilment of legal obligations GF Bankas may be obliged under certain circumstances to forward data to public bodies and institutions.
As far as passing on personal data of customers to recipients outside GF Bankas is concerned, it must be kept in mind that GF Bankas as a bank, is obliged to keep all client-related facts and assessments it becomes aware of in strict confidence (banking secrecy obligation pursuant to Section I No. 3 of the Terms and Conditions). GF Bankas may only disclose information concerning a customer if it is legally required to do so or if the Customer has consented thereto or if GF Bankas is authorized to disclose banking affairs.
5. Does UAB GF Bankas transmit my data to a third country or an international organization?
GF Bankas will not transfer your personal data to a third country or international organization because countries located outside the EEA may not have data protection laws and regulations comparable to the ones applicable in the EU.
In case it would become necessary to transfer personal data to subjects in third countries or to international organizations in order to fulfil deposit contract, we will adopt appropriate measures to ensure that your personal data will be adequately protected in these countries and update this notice. In particular, we may apply the standard contractual clauses published by the European Commission. You may contact our data protection officer for further information.
6. Which privacy rights do I have?
Please note that in order to exercise your rights as described below, you may contact us at any time using the contact details provided in section 1 above.
(a) Right of information (Art. 15 GDPR):
Subject to the statutory requirements, the fulfilment of which must be assessed on a case-by-case basis, your right of information includes that you can request from GF Bankas a confirmation whether we process personal data of you. Is this the case, you have the right to get information about this data and further information about how we process the data.
(b) Right to rectification (Art. 16 GDPR):
If your information is not correct (anymore), you have, subject to the statutory requirements, the fulfilment of which must be assessed on a case-by-case basis, the right to claim for rectification of incorrect personal data by us.
(c) Right to erasure (Art. 17 GDPR):
Subject to the statutory requirements, the fulfilment of which must be assessed on a case-by-case basis, you have the right to call for an immediate erasure of your data by us.
(d) Right to restrict processing (Art. 18 GDPR):
Subject to the statutory requirements, the fulfilment of which must be assessed on a case-by-case basis, the right to restrict processing includes that you can require limited data processing.
(e) Right to data portability (Art. 20 GDPR):
Subject to the statutory requirements, the fulfilment of which must be assessed on a case-by-case basis, you have the right to receive your personal data in a structured, commonly used and machine-readable format (data portability).
(f) Right to object (Art. 21 GDPR):
If data processing takes place on the basis of an overriding legitimate interest or of the public interest, you have the right to object to this data processing. Detailed information on your right of objection can be found at the end.
You have the right, for reasons arising out of your particular situation, to object at any time against the processing of your personal data, which is based on the Art. 6 (1) sentence 1 lit e) GDPR (data processing in the public interest) and Art. 6 (1) sentence 1 lit f) GDPR (data processing on the basis of overriding legitimate interests); this also applies to profiling within the meaning of Art. 4 no. 4 GDPR.
In case you object, we will no longer process your personal data unless we can prove compelling reasons for the processing that outweigh your interests, rights and freedoms, or the processing is for the assertion, exercise or defence of legal claims.
(g) Right to complain:
In case you believe that we process your personal data against national or European data protection law, we kindly ask you to contact us, to find a solution together. In addition, you have the right to object at the respective data protection supervisory authority.
(h) Revocation of consent for data processing:
A consent to the processing of personal data can be revoked at any time without any form requirements. This also applies with regard to the withdrawal of declarations of consent issued to us prior to the application of the GDRP, i.e. before 25 May 2018. We would like to point out that any revocation only applies for the future. We politely request you to direct this via phone or email to our data protection officer: [email protected].
7. Am I required to provide personal data?
In the context of the customer relationship, you must provide the personal data necessary for the initiation and fulfilment of the costumer relationship. Also, you must provide us with personal data necessary for the fulfillment of legal obligations.
Should you disagree with the provision of these required personal data, we are not in a position to conclude or execute a contract with you.
8. Could I suffer negative consequences as a result of processing of my personal data?
You should not suffer any negative consequences as a result of processing your personal data. However, depending on Bank’s risk appetite, data you provided or data that we received about you from other sources or other factors, Bank may decide not to conclude a deposit agreement with you. Though this will not have any financial consequences for you, it may cause a minor inconvenience regarding unsuccessful agreement conclusion process.
9. Does UAB GF Bankas use automated decision making (including profiling)?
GF Bankas does not use automated decision making in the sense of Art. 22 GDPR as part of the business relationship. GF Bankas processes your data partially automated to evaluate certain personal aspects (profiling) and to be able to comply with legal obligations under anti-money laundering and combating the financing of terrorism laws.
10. How can we change this customer information on data protection?
If necessary, we can adjust this data protection information. You can find the latest version of this information here.