Fundvest UAB (Fundvest) is a financial brokerage firm established in the Republic of Lithuania (registration code 305667997, address Konstitucijos av. 15-93 Vilnius, Lithuania, website www.fundvest.eu).
Fundvest is the data controller of your personal data that you provide to us. We ensure that personal data collected by us is processed in accordance with the Law on Legal Protection of Personal Data of the Republic of Lithuania, the General Data Protection Regulation (GDPR) and other legal acts.
If you wish to contact us about the processing of your personal data, please contact our Data Protection Officer at firstname.lastname@example.org.
Personal data collected
Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity.
We collect the following data:
- Personal identification information (name, surname, address, e-mail address, telephone number, etc.).
- Additional data required by money laundering and terrorist financing prevention legislation (personal identification number and/or date of birth, citizenship, facial image, video and sound recording of the verification process, identity document data, copies of the documents provided, details of the device used, IP address, installed application information, etc.).
- Transaction data (transaction amount, date and time, beneficiary or sender, etc.).
- Your communication with us (correspondence by email or using messaging feature, conversations by phone, etc.).
- App login and usage data (User name, IP address, general geographic location, usage statistics, etc.).
In most cases you yourself provide us with your personal data:
- During the registration process. The data you provide at registration is necessary for us to enter into a business relationship.
- When using our services (e.g., data on the transactions you make).
- When communicating with us (customer service, interactions via social media platform, etc.).
We may also receive your data from other sources:
- When it is compliant with the applicable law, we receive it from third parties such as official registers and databases or our partners who participate in providing services to you.
- In order to carry out enhanced due diligence procedures we also collect publicly available information about you (information on the internet, social media, etc.).
If you give us personal data about other people (e. g., spouse, family members, etc.), you confirm that you have provided them with all the information regarding the processing of personal data.
Legal basis and purposes of processing of personal data
Processing of your personal data is based on one of the following legal grounds:
- Consent. Where you specifically consented to us processing your personal data (e. g. for marketing purposes).
- Performance of the contract. Certain personal data is necessary to properly provide you with our services (e. g. for using the app, making transactions, receiving customer service, etc.).
- Legal obligation. We are obliged to process certain personal data according to the legal acts applicable to us (e. g., for purposes of prevention of money laundering and terrorist financing, fraud or other crime, for tax and accounting, etc.).
- Legitimate interest. Where we have justification for the processing, it is necessary to achieve our goals and is balanced against your fundamental rights and freedoms.
Profiling carried out by Fundvest involves processing of personal data by automated means for the purposes of carrying out Know-your-client (KYC) procedures, risk management and monitoring of transactions, including prevention of fraud, money laundering and terrorist financing. It is based on legal obligations applicable to Fundvest as a financial brokerage firm.
Recipients of personal data
In some cases, where we have a duty to disclose it or if it is required for the provision of our services, we might share your personal data with third parties.
We share personal data with:
- Our suppliers (e. g. providers involved in onboarding, screening and ongoing monitoring procedures, providers of customer support, IT and other services necessary for the proper performance of the contract and compliance with mandatory legal obligations).
- Other third parties who are involved in providing or supporting our services (e. g. our partner banks).
- Regulators and supervisory authorities (e. g., for purposes of crime prevention, compliance with requirements for financial market participants, tax and accounting, etc.).
Transfer of personal data outside of the EEA
Where it might be necessary to transfer your personal data to third countries, we shall ensure that appropriate protection measures are applied. We shall use legal mechanism, such as standard contractual clauses as indicated in GDPR to implement the cross-border transfer of your personal data or implement security measures like anonymization on the data before the cross-border data transfer.
In case the securities transaction is related to foreign securities, we may have an obligation to transfer your data to third parties in foreign countries to ensure the provision of the services, as well as for purposes related to the supervisory activities carried out by the foreign regulators or supervisory authorities (such as investigative bodies, financial market supervisory authorities, tax administrators, etc.).
We will not process your personal data for longer than necessary for the objectives of the processing.
According to applicable legislation of the Republic of Lithuania, Fundvest is required to keep your personal data related to your identification and services provided for eight years after our business relationship with you ends.
Correspondence with you shall be stored for five years from the date of termination of transactions or business relationships with you.
These time limits may be additionally extended for up to two years upon reasonable instruction of a competent authority.
We may keep your personal data for longer because of a potential or ongoing court claim or another legal reason.
Once the relevant time period has expired and the personal data is no longer required for the abovementioned reasons, we will delete your data.
The right to access. You have the right to request copies of your personal data. If you wish to obtain confirmation as to whether or not personal data concerning you is being processed by us, you can request a free copy of it by requesting this at email@example.com.
The right to rectification. You have the right to request that we correct any information you believe is inaccurate.
The right to erasure. You have the right to request that we erase your personal data (subject to certain conditions).
The right to restrict processing. You have the right to request that we restrict the processing of your personal data (subject to certain conditions).
The right to data portability. You have the right to request that we transfer the data that we have collected to another organization, or directly to you (subject to certain conditions).
The right to object to processing. You have the right to object to processing of your personal data (subject to certain conditions).
Where you have given us your explicit consent for the processing of your personal data, you also have the right to withdraw this consent at any time by contacting us at firstname.lastname@example.org
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email: email@example.com.
You also have a right to lodge a complaint with your national Data Protection Authority. Please see a list provided (https://edpb.europa.eu/about-edpb/about-edpb/members_en). .