This Privacy Policy is effective from **May 9, 2023.**

Privacy Policy

We, company UAB „Findo finansai“, legal entity code 304452187, having its registered office at Gedimino pr. 44A-201, Vilnius, the Republic of Lithuania, with correspondence address at Gedimino pr. 44A-201, Vilnius, the Republic of Lithuania ( “Findo”, “Company”, “we,” “our” or “us”), respect your privacy and are committed to protecting personal information that will be delivered to us (“Personal Data”) acting as data controller during your use of software platform developed by the Company – the Fin.do. Fin.do is a mobile application or website which facilitates a card to card payment service, consisting of debiting the payment card account of the sender upon his/her order and crediting the payment card account of the recipient.
This privacy policy sets out the basis on which all Personal Data we have collected from you, or that you provide to us, will be processed by us (“Privacy Policy”). Please read the following carefully to understand how we will use your Personal Data and our practices regarding your Personal Data.

By using our website “https://www.fin.do” (“Website”) or our mobile application - Fin.do app you confirm your understanding of the fact that we will use any Personal Data collected on you in accordance with the terms of this Privacy Policy. Personal Data is processed according to the provisions of the European Union General Data Protection Regulation, the Law on Legal Protection of Personal Data of the Republic of Lithuania, the Law on Electronic Communication of the Republic of Lithuania, and other applicable laws and this Privacy Policy.

If you do not agree with the data practices described in this Policy, you should not use our services, the Website or the Mobile App.

Please read the following carefully to understand how we will use your personal data and our practices regarding your personal data.

Collection and use

We collect your Personal Data through Fin.do after you download it. We only collect necessary Personal Data about you. In order to use Fin.do and its individual functions, we collect the following data that is processed by the Company:

1.	full name, surname;
2.	date of birth;
3.	email address;
4.	your photo (photo of you together with the payment card used for the sending or receiving of funds);
5.	photo or scan copy of your ID document;
6.	actual residence address, country;
7.	phone number;
8.	card number (full or partial) and expiration date;
9.	CVV of the payment cards used for the sending or receiving of funds;
10.	Touch ID (fingerprint) or Face ID (facial recognition);
11.	mobile phone contacts;
12.	additional information requested by the Company or provided by you in case of necessity (e.g. to carry out full ID verification);
13.	information about how you use Fin.do, such as the types of content you view or engage with, the actions made on the account, the time, frequency and duration of activities and sessions;
14.	other information you provide when you participate in contests or promotions offered by us or our partners, respond to our surveys or otherwise communicate with us;
15.	information about you from third parties, including third-party verification services, credit bureaus, mailing list providers, and publicly available sources;
16.	information collected by Cookies and Web beacons (defined below), including using web beacons and sending cookies to your device.

We define Cookies and Web-beacons as small text files sent by us to your computer or mobile device. They are unique to your account or your browser. Session-based cookies last only while your browser is open and are automatically deleted when you close your browser. Persistent cookies last until you or your browser delete them or until they expire. To find out more about cookies, visit http://www.allaboutcookies.org

We use both session-based and persistent cookies.

This privacy policy does not apply to, and we are not responsible for, third-party cookies, web beacons, or other tracking technologies, which are covered by such third parties’ privacy policies. For more information, we encourage you to check the privacy policies of these third parties to learn about their privacy practices.

When you use the Fin.do, the following Personal Data will also become available to and will be processed by the Company:
1.	IP address;
2.	geolocation;
3.	information about the device on which the Fin.do is running, namely: type of device, unique device ID, mobile operating system and version, mobile browsers, preferred language while using Fin.do;
4.	your provided transaction details and any extra information required to make the payments, also transaction history.

In order to respond to your inquiries by email (if you are not using Fin.do) we shall collect the following information on you: name, surname, topic, and the text of your inquiry. This Personal Data of yours shall be processed based on consent you gave by submitting the data together with your inquiry.

We undertake to:
1.	process your Personal Data lawfully, fairly and in a transparent manner;
2.	not to further process your Personal Data in a manner that is incompatible with the specified, explicit and legitimate purposes for which your data was collected;
3.	ensure to collect only Personal Data that is adequate, relevant and limited to what is necessary for relation to the collection purposes;
4.	take steps to ensure that your Personal Data that is inaccurate, would be erased or rectified without delay;
5.	process your Personal Data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.

Purposes

We need your personal information to provide you with the possibility to use Fin.do. Accordingly, processing of your Personal Data is mainly necessary for the performance of a contract between you and us for the use of Fin.do as explained in Fin.do Terms and Conditions. 

We process your Personal Data for the following purposes and on the following legal grounds:
1.	in order to provide you with the Fin.do services and functions (legal basis – fulfilling the agreement between you and the Company);
2.	in order to process Touch ID or Face ID information (legal basis – your consent);
3.	to notify you about changes to Company’s services and provide you with important information or required notices (legal basis – fulfilling the agreement between you and the Company, our legal obligations or our legitimate interests);
4.	for fraud detection, monitoring and prevention purposes and to comply with all and any requirements of the applicable laws (legal basis – our legal obligations and legitimate interests); 
5.	in order to provide you with the new Company’s services and discounts that interest you (legal basis – our legitimate interests or your consent);
6.	in order to ensure the proper functioning of the Fin.do, protect against fraud and security risks and keep the Fin.do safe, secure and efficient (legal basis – our legitimate interest);
7.	to improve Fin.do and to ensure that service is provided in the most effective manner for you and for your device (legal basis – our legitimate interest).
8.	to protect our rights, property, or the security and integrity of our services, enforce the terms of our Terms and Conditions or other applicable agreements or policies (legal basis – our legitimate interest);
9.	to maintain back-ups of our databases and to keep the records in accordance with our internal policies and procedures and the applicable law (legal basis – our legal obligations and legitimate interests);
10.	to establish, exercise or defend legal claims, whether in court proceedings or in an administrative or out-of-court procedure for the protection and assertion of our legal rights, your legal rights and the legal rights of others (legal basis – our legal obligations and legitimate interests).

In order to provide you with our services we may associate any category of information with any other category of information and will treat the combined information as Personal Data in accordance with this Privacy Policy for as long as it is combined.

You may refuse to submit your Personal Data. However, submitting of your Personal Data is required for proper functioning of your Fin.do account and necessary for achievement of the objectives of this Privacy Policy. Therefore, should you refuse to submit requested Personal Data we shall be unable to provide you with our services. 

Automated decisions and profiling

Fin.do uses its proprietary automated fraud prevention system, enabling it to set up dynamic rules to monitor and block suspicious activities while using Fin.do, which does not include profiling. The account unblocking requires ID verification and/or provision of additional information based in risks assessment of the compliance and risks department. 

Marketing

We would like to use your name, email address and telephone number to inform you of our future offers and similar products to the ones you are using, as well as to invite you to participate in market research activities (such as focus groups, interviews and surveys). This information is not shared with third parties and you may unsubscribe at any time. In every marketing message, we will provide you with a clear, free-of-charge and easily realizable possibility to unsubscribe from such marketing messages. You can control marketing notifications and activate / de-activate them as your wish in the settings of Fin.do, by choosing “Notifications” section and switching them on / off. 

Data sharing

We will disclose the data we collect from you to certain third parties who process your Personal Data on behalf of us or use it in delivering their services to us. Such Personal Data recipients and processors have an obligation to use data securely and confidentially and in accordance with regulatory requirements. 

The Company will disclose Personal data to these categories of data recipients: 
- licensed payment services providers for the purposes of transaction authorization and transaction settlement;
- MasterCard Europe SPRL which requires it for transaction processing purposes; 
- third-party service providers for full ID verification purposes;
- third parties such as banks, fraud prevention agencies or other financial institutions for fraud detection, monitoring and money laundering, terrorist financing and fraud prevention purposes, also competent authorities for law enforcement purposes (e.g. police or financial crime investigation authorities); media companies to assist with marketing efforts and better user experience (when applies);
- companies providing or supporting IT or accounting solutions of the services.

We may transfer your data outside of the European Economic Area, including countries which have different data protection standards than those which apply in the European Economic Area. Any such transfer of your Personal Data will be carried out in compliance with applicable laws. For transfers outside the European Economic Area, we will use Standard Contractual Clauses (and you have a right to ask for a copy of these clauses) and Privacy Shield as safeguards for countries without adequacy decision from the European Commission.

Retention period

We will retain your Personal Data for as long as you use Fin.do and for a reasonable time thereafter. Your Personal Data will not be stored longer than it is necessary for data processing purposes. 

Your Personal Data will be deleted when it is no longer needed for the processing purposes. We will store your Personal Data not longer than for 10 years after the end of the provision of service and your usage of Fin.do unless otherwise required by the applicable law. 

You may contact us if you would like us to delete Personal Data that you have provided via Fin.do. Please note that some or all of the provided Personal Data may be required in order for Fin.do to function properly or to comply with legal obligations.

Your rights

If at any point you believe the Personal Data we process is incorrect, you may request to see this information and have it corrected or deleted. 

You also have the right to request access to your Personal Data or restriction of processing of your data as well as the right to data portability, right to object to data processing and the right to erasure, which means right to have personal data deleted (“right to be forgotten”). 

Where provided by law, you can request correction or revision of your Personal Data; limit the use and disclosure of your Personal Data and revoke consent to any of our data processing activities (revoking of the consent does not affect the lawfulness of processing based on consent before its withdrawal). 

It is possible that we may not be able to implement certain of your rights, such as the “right to be forgotten” and delete all personal data we hold, if it is necessary to apply safeguards, in particular, to prevent the destruction of data or evidence based on and in accordance with the requirements of the applicable laws and regulations, our legal obligations or legitimate grounds for processing. The Company has right not to provide Personal Data if the User’s account was blocked and the User refused to verify account. 

If you are not satisfied with our response or believe we are processing your Personal Data not in accordance with the law, you have the right to lodge a complaint with your national data protection authority (the list of all such authorities is available at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080). Contact details of the State Data Protection Inspectorate of the Republic of Lithuania are the following: address: L.Sapiegos str. 17, 10312 Vilnius, e-mail ada@ada.lt.
You may contact us regarding your privacy and your rights via Fin.do Help Centre or website of the Company https://www.fin.do/contact-form/.

Security of your information

We take reasonable measures, including administrative, technical, and physical safeguards, to protect your information from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction. We hold information about you at our own premises and with the assistance of third-party service providers. We restrict access to personal information to our employees, contractors, and agents who need to know that information in order to transmit, store, or process it, who are subject to contractual confidentiality obligations consistent with this Policy, and who may be disciplined or terminated if they fail to meet these obligations.

Our third-party service providers store and transmit personal information in compliance with this Policy and other appropriate confidentiality and security measures. Nevertheless, we cannot guarantee that unauthorized third parties will never be able to defeat our security measures or use your personal information for improper purposes.

In the event that any information in our possession or under our control is compromised as a result of a security breach, we will take reasonable steps to investigate the situation and, where appropriate, notify those individuals whose information may have been compromised and take other steps in accordance with applicable laws or regulations.

Changes to the privacy policy

We reserve the right to modify, alter or otherwise update this Policy at any time.

Any changes we may make to our Privacy Policy in the future will be notified to you by e-mail and/or when you next start Fin.do. The new terms may be displayed on-screen and you may be required to read and accept them to continue your use of Fin.do. 

Should you not wish to accept those changes, you should notify us and we will take that as an instruction to close your account held with us.

Should we not hear from you, your continued use of our services constitutes your acceptance of any amendment of this Policy. In the event that you close your account following rejection of the changes, we will still hold your personal data on file, to adhere to applicable law.