Skip to main content

Privacy Policy

Current version of the Document:
Title Privacy Policy
Date 2 October 2023
Reference-Version 2.0
Classification* Internal
Document Type Policy
Status Approved
Approved by Management Board
Prepared by DPO, Compliance, Management Board

* Highly Confidential / Confidential / Internal / Public categories

Document version History:
Version Number Date Changed By Changes Made
2.0 2 October 2023 Legal Counsel Annual Review
1.0 1 October 2021 Legal Counsel New Policy

Contents

1. WHAT DOES THIS PRIVACY POLICY MEAN?
2. ABOUT FQPS
3. WHAT PERSONAL DATA DO WE PROCESS?
4. PROCESSING RELATED TO THE AML AND KYC PROCEDURES
5. PROCESSING IN THE COURSE OF PROVISION OF THE SERVICES OF FQPS
6. PROCESSING IN THE COURSE OF ADMINISTRATION OF FQPS BUSINESS
7. PROCESSING IN THE COURSE OF EMPLOYEE SELECTION (RECRUITMENT)
8. CONTACT US
9. SOCIAL MEDIA
10. PERFORMANCE OF FQPS AGREEMENTS
11. COOKIES
12. DISCLOSURE OF DATA
13. SECURITY OF YOUR PERSONAL DATA
14. YOUR RIGHTS
15. COMPLAINTS
16. LIABILITY
17. AMENDMENTS TO THE PRIVACY POLICY
1. WHAT DOES THIS PRIVACY POLICY MEAN?

This privacy policy (hereinafter the Privacy Policy) provides information on the processing of your personal data carried out by the data controller FQ Payment Solutions UAB (hereinafter referred to as FQPS). Privacy Policy provides information on the processing of your personal data that are obtained: (i) in the course of becoming a client of FQPS and using the services offered by FQPS; (ii) in the course of browsing the Website (iii) as FQPS conducts surveys and performs direct marketing activities; (iv) when you participate in FQPS employee selections; (v) in the course of performance of agreements with partners and suppliers who are legal persons; (vi) when you submit inquiries to us; (vii) as you visit and (or) perform active actions in FQPS social media accounts. Hereinafter all indicated persons whose data are processed by FQPS shall be referred to as ‘Customers’.

2. ABOUT FQPS

FQ Payment Solutions UAB (FQPS), legal entity number 305910374, office address at Svitrigailos st. 11H, Vilnius, 03228 Lithuania, data of the company collected and stored in the Vilnius branch of the Register of Legal Entities of the Republic of Lithuania. Contact details of Data Protection Officer (DPO): dpo@fqps.io

3. WHAT PERSONAL DATA DO WE PROCESS?

Personal data are any information about the Customer collected by FQPS that may be used for the Customer identification and is stored electronically or in any other manner. Personal data include any information, including the Customer’s name, surname, address and IP address, which are collected by FQPS about the Customers for the purposes indicated in this Privacy Policy, or in the agreement with FQPS, or in the separate privacy notice that is provided to the Customer. These data shall also include publicly available personal information of the Customers accessed by FQPS when the Customer contacts FQPS via any social media networks or performs active actions in FQPS social media accounts.

4. PROCESSING RELATED TO THE AML AND KYC PROCEDURES
Whose personal data are processed? What personal data are processed? What is the legal basis for such processing? Who receives the personal data? How long do we keep the data?
Face-to-face identification of prospective clients, representatives of prospective clients (primary KYC procedure)
Prospective clients of FQPS, representatives of prospective clients of FQPS (beneficial owners, director and authorised signatories) Name, Surname, Email Address, Personal Code, Position / connection to the client (beneficial owner, director, authorised signatory), Copy of passport of any country, ID card, issued by an EU and EEA Member Country, residence permit in Republic of Lithuania, Date and time of identification, the Result of identification (is the provided document real or false, the reasons that led to the suspicion of the authenticity of the document) Article 6(1)(c) of GDPR (legal obligation) Database of nonvalid documents of the Ministry of the Interior If a person becomes a client – 8 years after the termination of a contract: If a person does not become a client – 3 months from identification procedure
Remote identification of prospective clients, representatives of prospective clients (primary KYC procedure)
Prospective clients of FQPS, representatives of prospective clients of FQPS (beneficial owners, director and authorised signatories) Name, Surname, Email Address, Personal Code, Position / connection to the client (beneficial owner, director, authorised signatory), Copy of passport of any country, ID card, issued by an EU and EEA Member Country, residence permit in Republic of Lithuania, Image (photo), Date and time of identification, Result of identification (is the provided document real or false, the reasons that led to the suspicion of the authenticity of the document) Article 6(1)(c) of GDPR (legal obligation), 9(2)(a) (consent for biometric data – image) No one If a person becomes a client – 8 years after the termination of a contract: If a person does not become a client – 3 months from identification procedure
Compliance with anti-money laundering requirements of term deposit clients (Deposit Solution and Raisin platforms)
Clients of FQPS (term deposit service) Name and Surname, Unique customer number, customer investment identifier, POS costumer, Gender, Salutation, Marital Status, Date, place and country of birth, Nationality, Address, German Tax ID, Whether the person is taxable Germany only, Other tax residencies, additional tax Ids, ID document type, number, and date of expiry, Telephone number, Email address, FATCA (Foreign Account Tax Compliance Act) status, PEP condition, Service bank BIC, Customer service bank IBAN, Product type, Addition screening data (conviction data) Articles 6(1)(c) (legal obligation), 10 of GDPR (for conviction data) No one If a person becomes a client – 8 years after the termination of a contract: If a person does not become a client – 3 months from identification procedure
Compliance with anti-money laundering and terrorist financing prevention requirements and enforcement of international sanctions (direct clients)
Any client of FQPS, client’s manager, shareholder, authorized person, client’s business partner Name and Surname, Email address, Personal code, Date of birth, Taxpayer Identification Number, Address Citizenship, Copy of Identity Document (information provided in Identity Document), Income (employment (salaries, retirement income, self-employed), business earnings, inheritance/family gift, insurance proceeds/settlement, divorce settlement, investment income/returns, winnings (giver mane / nongovernment lottery), earnings (sale of business, sale of property), Conviction data Articles 6(1)(c) legal obligation), 6(1)(e) (public interest), 10 (for conviction data) of GDPR, Law on the prevention of money laundering and terrorist financing of the Republic of Lithuania and related implementing legislation Financial Crime Investigation Service under the Ministry of the Interior, Ministry of Foreign Affairs of the Republic of Lithuania (regarding the breach of sanctions), Database of nonvalid documents of the Ministry of the Interior KYC information of the client – 8 years after termination of business relationship (the last transaction). Additional information received from the client – 5 years after termination of business relationship (the last transaction)
For making decisions on credit transactions (evaluation of creditworthiness of the client)
Client, owners, managers, accountants, of the client, creditors and debtors of the client Name, Surname, Email Address, Personal Code, Address, Copy of ID document, Assets, Utility Bill Bata, Bank Statement data, Data provided in Source of Wealth (SOW) Form, Emails (communication) Articles 6(1)(b) (contract), 6(1)(f) (legitimate interest) of GDPR No one 10 years after the full repayment of the credit
5. PROCESSING IN THE COURSE OF PROVISION OF THE SERVICES OF FQPS
Whose personal data are processed? What personal data are processed? What is the legal basis for such processing? Who receives the personal data? How long do we keep the data?
Concluding an agreement and providing the service
Counterparties to the agreement, their representatives Name, Surname, Citizenship, Registered address, Correspondence address, Date of birth, Gender, ID document data, Telephone number, Email address, Place of birth, Country of payment of taxes, Taxpayer code Article 6(1)(b) of GDPR (contract – in case the client is natural person), Article 6(1)(f) of GDPR (legitimate interest to perform contract with the client – in case the client is legal person) No one 10 years after the termination of a contract
Providing mandatory information to the clients
Clients, contact persons of the clients Name, Surname, Email address Article 6(1)(c) of GDPR (legal obligation) No one Until the end of the contractual relationship
Evaluation of credit awareness of the client
Clients of FQPS, managers, shareholders of the clients Name, Surname, Personal code, Email address, Phone number, Marital status, Education, professional qualifications, financial data (average salary, obligations, assets) Article 6(1)(b) (contract – in case the client is natural person) of GDPR, article 6(1)(c) of GDPR (legal obligation) Markets in Financial Instruments Directive, Rules approved by the Bank of Lithuania No one 10 years after the termination of agreement with the client
Issuance of Letter of Guarantee
Clients of FQPS Name, Surname, Personal code, Address, Email address, Telephone number, Information about the particular transaction (for which the Letter of Guarantee is necessary): counterparty, amount of transaction, payment date Article 6(1)(b) of GDPR (contract) No one 10 years after the end of guarantee term
Creation of the user account in FQPS system
Clients of FQPS, authorized persons of the client Name and Surname, Personal code, Position, Company, ID document data, Correspondence address, Telephone number, Email address, Account number Article 6(1)(b) of GDPR (contract – in case the client is natural person), Article 6(1)(f) of GDPR (legitimate interest to perform contract with the client – in case the client is legal person No one Until the deletion of the user account
Cash deposit / withdrawal operations
Clients, authorised persons of the client Name, surname, Personal code, Position, company (of representative), Amount of deposit / withdrawal, Date and time of deposit / withdrawal, Number of the respective account Article 6(1)(b) of GDPR (contract – in case the client is natural person), Article 6(1)(f) of GDPR (legitimate interest to perform contract with the client – in case the client is legal person) No one 10 years after the end of contractual relationship
Provision of term deposit account service
Clients, authorised persons of the client Name, Surname, Personal Code, Company, position (of representative), Deposit account number, Date and time of creation of deposit account, Transactional data (amount of deposit, interest (rate and amount), settlement dates (pay-in, pay-out), other relevant transactional data) Article 6(1)(b) of GDPR (contract – in case the client is natural person), Article 6(1)(f) of GDPR (legitimate interest to perform contract with the client – in case the client is legal person) No one 10 years after the end of contractual relationship
Provision of term deposit service (via Deposit Solution and Raisin platforms)
Clients of FQPS (term deposit service) Name, Surname, Name of the Service Bank, Transactional data (amount of deposit, interest (rate and amount), settlement dates (pay-in, pay-out), other relevant transactional data) Article 6(1)(b) of GDPR (contract) No one Data stored in platforms – Deposit Solutions 365 days after Settlement Day, Raisin 3 years (up to 30 years in specific cases) after settlement date; Data stored in the systems of FQPS – 10 years after the settlement date
Internal, SEPA, and Target2 payments (including scheduled bulk payments)
Counterparties to FQPS account agreement Name, Surname, Address, country, ID document, Telephone number, Email address, Representative of the client, in the event payment is made on behalf of another person – person/’s on behalf of which payment is made, name, code, payment code), Number of the account from which payment is made, Receiver’s information (name, code, account number, address), Payer code / purpose of payment, Payment amount Article 6(1)(b) of GDPR (contract) No one 10 years after the end of contractual relationship
International (SWIFT) payments
Counterparties to FQPS account agreement Name, Surname, Address, country, ID document, Telephone number, Email address, Representative of the client, In the event payment is made on behalf of another person – person/’s on behalf of which payment is made, name, code, payment code), Banks’s information: name, SWIFT code, Number of the account from which payment is made, Receiver’s information (name, code, account number), Receiver bank’s information (name, SWIFT code), Payment amount, Payer code / purpose of payment Article 6(1)(b) of GDPR (contract) Intermediary bank 10 years after the end of contractual relationship
Providing APIs (Application Programming Interfaces) for payment services providers
Clients Name, Surname, address, account number (-s), balance (-s) of the account (-s), transaction information (amount, currency, description (purpose) of payment), token, Receiver’s information (full name, account number, payment status Article 6(1)(c) of GDPR (legal obligation) Article 31(1) (1,2) of Law on Payments of the Republic of Lithuania Regulated and licenced payment service providers 3 years after the completion of the transaction
Sending reminders about late payments to the client
Clients, representatives of the clients Name, Surname, Email address, Company, position (of representative), Personal code, Address, Phone number, Account Number, Information on late payments Article 6(1)(b) of GDPR (contract – in case the client is natural person), Article 6(1)(f) of GDPR (legitimate interest to perform contract with the client – in case the client is legal person) No one 10 years after the end of contractual relationship
Restructuring of credit agreements, surety agreements (the purpose is to assess the solvency of the debtor / collateral provider / guarantor and the possibilities of debt repayment), only in restructuring cases of legal entities
Owners / shareholders / managers of corporate debtors; Sureties; guarantors (including holders of promissory notes) Name, Surname, Personal Code, Address, Phone number, Email address, Transaction data, Property (movable and real) Articles 6(1)(b) (contract), 6(1)(f) (legitimate interest) of GDPR Public authorities, courts, bailiffs 10 years after the end of contractual relationship
Debt records with the clients / suppliers
Overdue clients, suppliers whose invoices are overdue Name, surname, Email address, Personal code, Address, Telephone number, Account number, Overdue amounts Article 6(1)(c) of GDPR (legal obligation) Law on Accounting of the Republic of Lithuania, Law on Value Added Tax of the Republic of Lithuania No one 10 years from the date of the particular documents (from the end of the calendar year)
System testing (implementing the business continuity plan)
Clients, authorised persons of the clients Name, Surname, Unique customer number, Personal Code, Gender, Position, workplace, Marital Status, Date, place and country of birth, Nationality, Address, ID document type, number, and date of expiry, Telephone number, Email address, Transaction data, User ID, Activity logs, Property (movable and real), Account number, IBAN, Banks’s information: name, SWIFT code, Number of the account from which payment is made, Payment amount, other payment information, Product type Article 6(1)(c) of GDPR (legal obligation – Article 32 of GDPR, Clause 99 of the Resolution No. 03174 of the Board of Bank of Lithuania of 26 November 2020 The data shall be only processed during the test and after the test will not be stored or processed in any other way
6. PROCESSING IN THE COURSE OF ADMINISTRATION OF FQPS BUSINESS
Whose personal data are processed? What personal data are processed? What is the legal basis for such processing? Who receives the personal data? How long do we keep the data?
Litigation
Debtors, representatives of the debtors, other persons potentially violating the rights of FQPS Name, surname, Email address, Address, Telephone number, Personal Code, Financial information, Marital Status, Assets, Income Article 6(1)(f) of GDPR (legitimate interest) Courts, Attorneys 1 year from the date of the final decision of the court
Handling inquiries, requests, claims submitted by customers or persons related to customers (representatives, etc.)
Persons who submit an inquiry, request, or claim to FQPS Name, Surname, Personal code, number, place and date of issuance of personal identity document, Telephone number, Email address, Customer’s last financial transactions performed in each Customer’s Account (date, amount, payer’s / payee’s names, trade / service company), Other data related to the particular inquiry, request, or claim Article 6(1)(c) of GDPR (legal obligation) Rules for handling complaints received by financial market participants approved by Bank of Lithuania No one 10 years from the end of calendar year during which the particular inquiry, request, or claim was received
Organising virtual events / seminars (promotion of FQPS)
Attendees to the events Name, Surname, Company, Position, Email address, Information on attendance Article 6(1)(a) of GDPR (consent) 10 working days after the end of the event
Accountability of internal risk management
Clients of FQPS (specific clients of higher risk) Name, Surname, Personal code, Internal client’s code, Account number Article 6(1)(c) of GDPR (legal obligation) Resolution No. 03176 of Bank of Lithuania on the Approval of the General Provisions on Internal Management of Banks 10 years
Archiving of paper files
Counterparties, representatives of counterparties Client files with various personal data Articles 6(1)(c)(legal obligation, 6(1)(f) (legitimate interest) Rules on archiving According to the approved documentation plan
Archiving of paper files
Counterparties, representatives of counterparties Client files with various personal data Articles 6(1)(c)(legal obligation, 6(1)(f) (legitimate interest) Rules on archiving According to the approved documentation plan
Reports to the supervisory authority
Clients of FQPS Name, Surname, Personal code, Client code, Account number GDPR 6 str. 1 d. c p. CIR Regulation 575/2013; Regulation 680/2014 – technical standards with regard to supervisory reporting of institutions European Central Bank 10 years
Independent AML audit (provision of information to the external auditors)
Clients of FQPS, persons related to the clients of FQPS (shareholders, members of management bodies), other representatives of the clients Name, Surname, Personal Code, Client’s code, Account number, other information collected for AML and KYC purposes Articles 6(1)(c) (complying with AML obligations)), 6(1)(f) (legitimate interest to improve AML procedures of FQPS) Auditors Information that has been submitted to an external audit is no longer stored. The information from which the data were extracted is stored for a further 10 years
Independent financial audit (provision of information to the external auditors)
Clients involved in an ongoing internal investigation and / or operational risk event Name and Surname, Information about services used by the client, Internal code of the client, Account number, Personal Code, Email address, Account number, Account balance, Telephone number Article 6(1)(c) of GDPR (legal obligation) Article 39 of the Law on the Audits of the Financial Statement Auditors Information that has been submitted to an external audit is no longer stored. The information from which the data were extracted is stored for a further 10 years
Debt recovery (assessment of the possibilities of debt recovery)
Persons whose payments are overdue Name, Surname, Personal Code, Address, Phone number, Email address, Property (movable and real), Employer and income Articles 6(1)(b) (contract), 6(1)(f) (legitimate interest) of GDPR Public authorities, courts, bailiffs 10 years after the end of contractual relationship
Persons whose contracts with FQPS have been terminated with outstanding liabilities; persons against whom the debt collection process has already been initiated Name, Surname, Personal code, Address, Phone number, Email address, Marital status, Account number, Transaction data, Property (movable and real), Employer and income Articles 6(1)(b) (contract), 6(1)(f) (legitimate interest) of GDPR
Owners / shareholders / managers of corporate debtors; Sureties; guarantors (including holders of promissory notes) Name, Surname, Personal code, Address, Telephone number, Email address, Transaction data, Property (movable and real) Articles 6(1)(b) (contract), 6(1)(f) (legitimate interest) of GDPR
Internal investigations and operational risk events (analysis)
Clients involved in an ongoing internal investigation and / or operational risk event Name, Surname, Email Address, ID document data, Telephone number, Address, Account numbers / extracts, Services provided by FQPS to the particular client, Internal code of the client Articles 6(1)(f) (legitimate interest), 6(1)(c) (legal obligation) of GDPR Provisions on the Organization of Internal Control and Risk Assessment (Management) of the Board of Bank of Lithuania (Resolution No. 149 of 25 September 2008). IX Operational risk management Rules for Providing Information on the Internal Management and Activities of Banks to Bank of Lithuania External auditors, Bank of Lithuania 10 years
Drafting the minutes of the meetings of Supervisory Board, Management Board and the committees of FQPS
Employees, third party service providers Name, surname, position, voting, position on the discussed item, content of the discussions, voice, image Article 6(1)(f) of GDPR (legitimate interest) No one Until the minutes are drafted (not longer than 20 days after the respective meeting)
7. PROCESSING IN THE COURSE OF EMPLOYEE SELECTION (RECRUITMENT)

For the purpose of assessing the non-executive candidates, FQPS processes the personal data as provided in the table below:

What personal data are processed? What is the legal basis for such processing? Who receives the personal data? How long do we keep the data?
Drafting the minutes of the meetings of Supervisory Board, Management Board and the committees of FQPS
Name, Surname, Personal Code, Identity document information (necessary), Address, Telephone Number, Citizenship, Information provided in CV (education, languages, qualifications, former employers) Articles 6(1)(a) (consent), 6(1)(b) of GDPR (steps prior to entering a contract) No one If no employment contract is concluded with the candidate – 3 working days after the end of the selection procedure with below exceptions: (I) If employment contract is concluded with the candidate (candidate becomes an employee) – 10 years after the termination of an employment contract (II)For Open Positions: When there is an open position and candidate applies to a specific position, the data will be stored until the end of the recruitment process without receiving consent form. The candidate shall be deemed to have voluntarily consented to the processing of such data by applying to the position. At the end of the recruitment process, candidates who have not been selected for this specific position, but whose experience, personal or other qualities would be appropriate for positions that may arise in the future will be provided with an e-mail request for storing their data in FQPS database for 2 years. The data of the candidates who provided their consent via e-mail will be stored for 2 years. In absence of consent, data will be deleted immediately.(III) CV Sending Process: From any channel (via linkedin, via e-mail, etc.), when the candidate sends his/her CV, if there is an open position the process will be same as with aforementioned open position process. If not, FQPS will inform the candidate on how it will process his/her data and ask for explicit consent via e-mail. In the request of the consent, FQPS will inform the potential candidate how the data will be processed and time period of storing such data. If the candidate provides his or her consent, then the data shall be stored in FQPS’s database for 2 years. In absence of consent, data will be deleted immediately.
Information about qualifications and reputation, sufficient experience and skills to perform the job responsibilities, avoid conflicts of interest, publicly available information (LinkedIn account data, other information found by internet search) Article 6(1)(f) of GDPR (legitimate interest)
Conviction data Articles 6(1)(c) (legal obligation), 10 of GDPR, Law of Markets in Financial Instruments of the Republic of Lithuania, Article 34(10), 34(12) of Law of Banks, Articles 8.3, 8.7 of Internal Control and Risk Assessment (Management) Regulations of Bank of Lithuania
Disability data (certificate number) Articles 6(1)(c) (legal obligation), 9(2)(b) of GDPR
Data obtained from former employer Article 6(1)(f) of GDPR (legitimate interest of FQPS to evaluate the candidate’s suitability for the job)

For the purpose of assessing the executive candidates, FQPS processes the personal data as provided in the table below:

What personal data are processed? What is the legal basis for such processing? Who receives the personal data? How long do we keep the data?
Drafting the minutes of the meetings of Supervisory Board, Management Board and the committees of FQPS
Name, Surname, Personal Code, Identity document information (necessary), Address, Telephone Number, Citizenship, Information provided in CV (education, languages, qualifications, former employers) Articles 6(1)(a) (consent), 6(1)(b) of GDPR (steps prior to entering a contract) No one If no employment contract is concluded with the candidate – 3 working days after the end of the selection procedure with below exceptions: (I)If employment contract is concluded with the candidate (candidate becomes an employee) – 10 years after the termination of an employment contract. (II)For Open Positions: When there is an open position and candidate applies to a specific position, the data will be stored until the end of the recruitment process without receiving consent form. The candidate shall be deemed to have voluntarily consented to the processing of such data by applying to the position. At the end of the recruitment process, candidates who have not been selected for this specific position, but whose experience, personal or other qualities would be appropriate for positions that may arise in the future will be provided with an e-mail request for storing their data in FQPS database for 2 years. The data of the candidates who provided their consent via e-mail will be stored for 2 years. In absence of consent, data will be deleted immediately. (III) CV Sending Process: From any channel (via LinkedIn, via e-mail, etc.), when the candidate sends his/her CV, if there is an open position the process will be same as with aforementioned open position process. If not, FQPS will inform the candidate on how it will process his/her data and ask for explicit consent via e-mail. In the request of the consent, FQPS will inform the potential candidate how the data will be processed and period of storing such data. If the candidate provides his or her consent, then the data shall be stored in FQPS’s database for 2 years. In absence of consent, data will be deleted immediately.
Financial obligations, Data about immediate relatives (degree of kinship, name, surname, year of birth, workplace, position), Information on private interests (name, surname, connection), Information of provision of services to other companies (if any), Publicly available information, Real estate, other information about an impeccable reputation, qualifications, and experience required to perform their duties properly, avoid conflicts of interest, ensure independence and be able to devote time to the performance of their duties Article 6(1)(c) of GDPR (legal obligation), Article 6(1)(f) of GDPR (legitimate interest of FQPS to ensure compliance with legal requirements when no specific data necessary to fulfil a legal obligation is listed in legislation), Article 34(10), 34(12) of Law of Banks, Articles 8.3, 8.7 of Internal Control and Risk Assessment (Management) Regulations of Bank of Lithuania
Conviction data Articles 6(1)(c) (legal obligation), 10 of GDPR, Law of Markets in Financial Instruments of the Republic of Lithuania, Article 34(10), 34(12) of Law of Banks, Articles 8.3, 8.7 of Internal Control and Risk Assessment (Management) Regulations of Bank of Lithuania
Disability data (certificate number) Articles 6(1)(c) (legal obligation), 9(2)(b) of GDPR
Data obtained from former employer Article 6(1)(f) of GDPR (legitimate interest of FQPS to evaluate the candidate’s suitability for the job)
The manager’s questionnaire and other information and documents relevant to the assessment and issuance of the permit by Bank of Lithuania approved in accordance with the requirements of Bank of Lithuania Guidelines for the assessment of the members of the managing body and key function holder of financial market participants supervised by Bank of Lithuania Bank of Lithuania

In the event you have granted your separate consents, FQPS may process your personal data after the selection procedure is over and/or contact your current employer in order to receive their feedback about you as a professional. Detailed information on the processing will be provided in the consent forms.

8. CONTACT US

There are several ways how you can contact FQPS: by phone, e-mail, text messages through Contact Us form on the Website. We personally accept, review and reply to all messages. If you contact us, we can process the following data belonging to you: name, surname, e-mail address, IP address, phone number, date, and text of messages. In the event you contact us via Contact Us form provided on the Website, you will also be asked to provide the name of the name and size of the company you represent, and your role in such company. Such data will be processed in order to prepare for the performance of agreement or to answer your questions. If you do not provide your contact details, we will not be able to contact you. Electronic messages will be stored for 1 (one) year as of the receipt of the last message of the particular conversation except for information that must be stored for other terms pursuant to the Privacy Policy or legal acts. All personal data provided by you in the course of communication with us will be used only for the aforementioned purposes and to review messages and administer and manage the communication flows. We undertake not to use your personal data without your express consent in any publications in such a way that would allow identifying you. Please note that we may have to contact you by post, e-mail or phone. Please notify us of any changes of your personal data.

9. SOCIAL MEDIA

Currently, FQPS does not have any social media accounts.

10. PERFORMANCE OF FQPS AGREEMENTS

FQPS processes personal data of employees of its suppliers or service providers (legal persons) and data of suppliers or service providers (natural persons) in order to perform the agreement concluded between FQPS and the aforementioned persons. In such case, FQPS will process the following personal data of the afore mentioned natural persons: name, surname, date of birth, phone, e-mail address, messaging content, date, and other data related to the performance of the agreement. The basis for the processing of data of customers, employees of service providers or suppliers of FQPS is the legitimate interest of FQPS. If you provide services or sell goods as a natural person, FQPS will process your personal data on the basis of performance of the agreement. Personal data indicated in this section will be processed as long as the agreement is in effect. If personal data are indicated in the agreement, they will be stored for 10 years as of the date of expiration of the agreement.

11. COOKIES

A cookie is a small text file in alphanumeric format that we place with your consent on your browser or device. We use different cookies for different purposes. Cookies also help us to differentiate you from other users of the Website, thus providing a more pleasant experience of using the Website and allowing us to improve the Website. A detailed list of the cookies we use, and information on their management is provided in our Cookie Policy. General description of the cookies we use is provided below.
(a) Mandatory/ necessary cookies. These cookies are necessary for our website to work. The basis of the data processed by such cookies is the proper execution of the contract when you visit the Website, and we ensure the quality and security of the visit. These can be cookies, which, for example, allow you to log in and access secure areas, use the shopping cart feature or e-account services, CloudFlare cookies for DNS and DDOS protection.
(b) Optional/ Non-necessary cookies. Google Tag Manager, Google Ads or other cookies for Advertising and Marketing purposed and Analytics Cookies. You can change what cookies are stored via your browser, but please be aware that disabling some of the cookies may prevent you from accessing certain features of the website.

12. DISCLOSURE OF DATA

We can disclose information about you to our employees, service providers such as debt administration or recovery companies, persons or subcontractors providing marketing and IT services if it is reasonably required for the respective purposes, as indicated in this Privacy Policy. We can also disclose information about you:

  • if we must do this under the law;
  • in order to protect our rights or interests (including the provision of your data to third parties in order to recover your debts to us);
  • in order to sell a part of FQPS activities or assets, where we disclose your personal data to the potential buyer of the activities or a part thereof;
  • having sold the activities of FQPS or a substantial part thereof to third parties.

Your personal data may be transferred to data processors (IT infrastructure context) established in the third countries. Such transfer only takes place if (i) the data processor is established in a third country with and adequate level of protection (adequacy decision has been adopted by European Commission), or (ii) other appropriate safeguards, generally, Standard Contractual Clauses, are applied. You can obtain a copy of the document specifying such appropriate safeguards by contacting the DPO of FQPS via the email provided in this notice. Except in cases provided in this Privacy Policy, we do not transfer your personal data to any third parties. The list of recipients and categories of recipients provided in the Privacy Policy may change; therefore, if you wish to be notified of any changes to the recipients of your personal data, please inform us via e-mail provided in this Privacy Policy indicating in the e-mail as follows: “I wish to receive information on the changes to the recipients of my personal data, name, surname”.

13. SECURITY OF YOUR PERSONAL DATA

Your personal data will be processed pursuant to the requirements set out in the General Data Protection Regulation, the Republic of Lithuania Law on Legal Protection of Personal Data, and other legal acts. In the course of processing of your personal data, we implement organisational and technical measures which ensure the protection of personal data from accidental or unlawful destruction, alteration, disclosure and any other unlawful processing.

14. YOUR RIGHTS

This section contains information about your rights related to the processing of your personal data carried out by us and cases where you can exercise these rights. If you would like to receive more information on your rights or to exercise them, please contact us via e-mail indicated in this Privacy Policy. FQPS will provide information on actions taken on a request with regard to implementation of your rights without undue delay and in any event within 1 (one) month of the receipt of the request. In consideration of the request complexity and the number of received requests, the aforementioned term may be extended for 2 (two) further months. In this case, we will notify you of such term extension and reasons for it within 1 (one) month as of the receipt of request. FQPS will refuse to implement your rights only in cases provided for in the legal acts.

Right to Consent Withdrawal

If you have given us your explicit consent to the processing of your data, you can withdraw it at any time.

Right to Access Your Personal Data

We want you to fully understand how we use your personal data and not to experience any inconvenience because of that. You can contact us at any time and ask if we process any of your personal data. If we store or use your personal data in any way, you have the right to access them. If you wish to do this, please submit a written request to us at the address or e-mail address indicated in this Privacy Policy and confirm your identity. Please comply with the fairness and reasonableness principles when submitting such request.

Right to Request More Information

We hope that you will understand that it is very difficult to discuss all possible methods of collection and use of personal data. We try to provide as explicit and comprehensive information as possible and undertake to update this Privacy Policy if there are any changes to the personal data use process. Nevertheless, if you have any questions about the use of your personal data, we will be happy to answer them or will provide you with all additional information that we can disclose. If you have any specific questions or did not understand the provided information, please contact us.

Additional Rights

Below, you will find information about your additional rights that you can exercise in compliance with the following procedure.

a) You have the right to request us to rectify any inaccuracies of data held by us. In this case, we may ask you to confirm the rectified information.

b) You have the right to ask us to erase your personal data. This right will be implemented in cases provided in Article 17 of the General Data Protection Regulation (EU) 2016/679.

c) You have the right to ask us to restrict the processing of your personal data or to object to their processing:

  • during the period required for us to verify the accuracy of your personal data when you submit claims with regard to data accuracy;
  • in cases of unlawful collection, storage or use of your personal data where you decide not to request the erasure of data;
  • when we do not need your personal data anymore, but you need them for the establishment, exercise or defence of legal claims;
  • during the period required to determine if we have an overriding legal basis to continue processing your personal data if you exercise your right to object to the processing of your personal data.

d) You have the right to the portability of data obtained by us under your consent or for the purpose of agreement conclusion. If you exercise this right, we will transfer a copy of the data provided by you.

e) You have the right to object to use of your personal data by us:

  • in cases where we use such data in order to implement our legitimate interests, but we do not have an overriding legal basis to continue using your personal data; or
  • at any time when we use your personal data to send newsletters or for direct marketing purposes. In such case, the data will not be used for these purposes anymore; however, they may be used for other legitimate purposes.

You can read more about your rights as a data subject and exercise them under “Data Subjects’ Rights Implementation Procedure”.

15. COMPLAINTS

If you believe that your rights of the data subject have been and/or may be violated, please promptly contact us via email indicated in this Privacy Policy. We ensure that as soon as we receive your complaint, we will contact you within the reasonable period and inform you about the complaint handling process, and then about its result. If the handling results are unsatisfactory to you, you will be able to submit a claim to the supervisory authority – the State Data Protection Inspectorate (www.ada.lt).

16. LIABILITY

You are responsible for the confidentiality of your password and submitted data and for any actions (transfer of data, submitted orders, etc.) performed on our website after logging in with your login data. You may not disclose your password to third parties. If a third party who has logged in to the Website using your login data uses services provided on our website, we consider that you are the logged in person. If you lose your login data, you must promptly notify us by post, phone, or e-mail. You are responsible for the accuracy, correctness and completeness of your data submitted to us. In case of any changes to the data submitted by you, you must promptly notify us about that by e-mail. We will in no way be responsible for the damage incurred by you due to the provision of inaccurate or incomplete personal data or failure to notify us about changes to them.

17. AMENDMENTS TO THE PRIVACY POLICY

We may update or amend this Privacy Policy at any time (at most bi-annually). Such updated or amended Privacy Policy will come into effect as of its publication on our website. You should check it from time to time and make sure that you find the current version of Privacy Policy acceptable. After making an update to the Privacy Policy, we will notify you about any changes that we consider material by publishing them on the Website. If you log in to the Website after the publication of such notice, you consent to the new requirements indicated in the update. ‘Updated on’ date indicated below shows the date of the latest update to the Privacy Policy.