At Creditco UAB we are committed to providing outstanding customer service. If you are dissatisfied please let us know. You can contact our Customer Service Team in any of the following ways:
By phone: +370 626 68977
In writing: Creditco UAB, Ratininku g. 2c-5, Vilnius, LT 09232, Lithuania
By email: info@creditco.lt
Creditco UAB is appointed as a distributor of certain services provided by Paynovate SA, a company duly established and existing under the laws of the Kingdom of Belgium, company code BE0506 763 929, with its registered address at Cantersteen 47, 1000 Brussels, Belgium, website https://www.paynovate.com/ (the Provider). The Provider is Electronic Money Institution (EMI) and is authorised and supervised by the National Bank of Belgium.
If Creditco UAB are not able to solve your query, you can contact the Provider by email support@paynovate.com.
The Provider is supervised by the National Bank of Belgium, so you may address your complaints to this authority:
by phone: +32 2 221 21 11
in writing: Bd de Berlaimont 3, 1000 Bruxelles, Belgium
by email: info@nbb.be , website: https://www.nbb.be/en/about-national-bank/national-bank-belgium/contact-us-0.
Additional information can be found in the General Terms and Conditions published on the Creditco UAB websites https://creditco.lt/ and https://hercuscard.com/.
Creditco UAB offers their customers products and services involving electronic
payment transactions. On this website, you will find information about our
products and services. The objective is to enable companies and consumers to
handle electronic transactions securely and smoothly. Security and the
protection of personal data is one of the most important aspects in the context
of handling and processing of payments. This is why we place particular
emphasis on high data protection standards. Creditco UAB (“Creditco”, “we”)
operates this website in accordance with the provisions of the European General
Data Protection Regulation 2016/679 (“GDPR”) and all other provisions with
relevance in the area of data protection law.
PLEASE READ THIS PRIVACY POLICY CAREFULLY TO UNDERSTAND OUR VIEWS AND PRACTICES REGARDING YOUR PERSONAL DATA, HOW WE USE IT AND HOW WE WILL TREAT IT. IF YOU DO NOT AGREE WITH THIS PRIVACY POLICY, PLEASE DO NOT USE OUR SERVICES.
1. Data controller
The entity responsible for your data processing, i.e., a data controller of your personal data is Creditco UAB, Raitininku str, 2c-5, LT-09232 Vilnius, Lithuania. If you have any questions about how we collect, store and use your personal information or would like to implement your data subject rights, please contact our Data Protection Officer. You can either write at the above address or e-mail to: info@creditco.lt.
2. Personal data
Personal data - means any information relating to a natural person who can be identified, directly or indirectly (‘data subject’).
We may receive your personal data directly from you, or from the third parties, such as:
- Our identification and compliance service providers;
- Other financial institutions;
- Board of the State Social Security Fund, Center of Registers, law enforcement institutions, other registers and state institutions;
- UAB Creditinfo Lietuva;
- Spouses, children, other persons related by blood or marriage, co-debtors, sureties, guarantors, insurance beneficiaries, etc.;
- Legal entities, when you are a representative, contractor, founder, shareholder, participant, owner, etc. of such legal entities;
- Partners or other legal entities using us to provide services to you or Partner’s or other legal entities which we use to provide services to you.
Please note, if you provide us with details of other persons, you should familiarize them with the present Policy. We may collect your personal information by monitoring our technological tools and services, including e-mail correspondence sent to or from us. Otherwise, we collect and generate information about you when you provide it to us, for example, by registering or providing feedback electronically. We can also obtain information about you from our suppliers.
3. How we use your information lawfully
Your personal data will only be processed for specific, explicit and legitimate purposes and in the context of lawfulness. In particular, personal data will be processed for the following purposes:
Data processing purpose
|
Legal basis |
Retention term |
To identify customers (we use ONDATO and GlobalPass as a service providers) |
The legal basis for processing is our compliance with statutory obligations.
Law on Money Laundering and Prevention of Terrorist Financing, Law on Financial Institutions
|
8 years from the termination of business relationship |
To implement obligations under the laws on money laundering and terrorist financing prevention |
The legal basis for processing is compliance with a legal obligation (Law on Money Laundering and Prevention of Terrorist Financing) to which Creditco is subject.
Before we engage into any business relationships, we will ask you to fill-in onboarding forms (customer information questionnaire) in order to fulfill our “Know your client” obligation.
|
8 years from the termination of business relationship |
To verify the suitable customers
|
The legal basis for processing is compliance with a legal obligation (Law on Money Laundering and Prevention of Terrorist Financing) to which Creditco is subject and our legitimate interest to protect our business.
The verification process shall result in the rejection of further engagement or a successful onboarding and attribution of a certain risk level (please refer to Profiling section below for more information).
|
8 years from the termination of business relationship |
To conclude and execute agreements and provide our services. For example, to provide e-money transfer or payment card services or internet banking
|
The legal basis is performance of a contract to which you are a party to.
|
10 years from the termination of business relationship |
To respond to your inquiries, fulfil your requests and provide you customer service (including troubleshooting in connection with customer issues)
|
The legal basis for data processing is our legitimate interest – to provide a good customer service.
|
3 years from the resolution of problem date |
To send administrative information to you, for example, information regarding our website and relevant changes to our services
|
The legal basis for data processing is performance of a contract to which you are a subject to.
And our legitimate interest to provide good customer service. |
3 years from the date information has been sent |
To resolve conflicts, manage litigation, respond to your data subject rights requests |
The legal basis for data processing is our legitimate interest – to provide a good customer service in connection with our administration duties.
|
Until no longer relevant for the purpose for which it was collected for. |
4. Profiling
In order to obtain internet banking services offered by Creditco, a prior onboarding procedure is carried out. Such onboarding procedure involves collection and thorough analysis of the personal data of all our potential customers. AML specialist of Creditco evaluates the information gathered from various legitimately available sources, including but not limited, from Dow Jones data base, third parties, such as risk assessment agencies, public and private registries, identification service providers (ONDATO and GlobalPass) and decides whether to engage into further business relationships with a certain potential client or not. If the decision is positive, the internet banking account is opened and a risk level is attributed. This process is completed manually.
Afterwards, your personal data can be partially automatically processed in order to evaluate certain personal aspects (profiling). For example, we apply profiling, when we are obliged to carry out money laundering prevention or financial risk management due to legal requirements. In this case, data (e.g. payment transactions) evaluations are also carried out. At the same time, these measures are intended for your protection.
5. Data sharing/ other recipients
We want to inform you that we use third parties for the provision of our services. These third parties have access to your personal data. The reason is to perform the tasks assigned to them on our behalf. However, they are obligated not to disclose or use the information for any other purpose.
Personal data will only be transferred in the following circumstances:
- To other companies that provide us services. We share personal data with other partners who perform services and functions on our behalf. These partners, for example, provide services to you as defined in our service contracts. In particular, we use Thredd (formerly Global Processing Services) as our processing provider; Idemia Latvia SIA and Thames Card Technology Ltd as our plastic card manufacturers; Crunch Payments Ltd as card management platform provider; ONDATO and GlobalPass as identification service providers; Lithuanian based IT companies providing IT services; OVH Groupe SAS and Rakrėjus UAB as our server hosting providers; Dow Jones - a private data base for risk assessment; other public data bases, AML, fraud prevention and transaction monitoring service providers;
- To financial institutions with whom we work together to develop or provide a product or service. For example, we partner with Paynovate SA (which acts as a separate data controller and our processor) for the purposes of provision of our account and payment card; please see their privacy policy under https://www.paynovate.com/privacy-policy;
- Personal data needed by other transactional participants to resolve conflicts and to investigate and prevent fraud, international sanctions and ongoing monitoring;
- Bank of Lithuania, Social Insurance Fund Board, SE Center of Registers, notaries, law enforcement agencies, other registers and state institutions;
- State Tax Inspectorate;
- Financial Crime Investigation Service, courts and other law enforcement authorities at their request or on our own initiative, if there is suspicion that criminal offense has been committed;
- Our professional advisors, auditors;
- Courts, arbitrators or other dispute resolution or law enforcement authorities, where they have the right to obtain such information in accordance with the procedure established by law;
- Other third parties as regards our sale of business, mergers, acquisitions or reorganization of our business, in whole or in part, or in connection with similar change in business (including, among other things, potential or existing business buyers and their advisers).
In other cases, we can provide your data to third parties if it necessary for our business purposes, is permitted or required by law; is necessary to protect the essential interests of a person.
6. Cookies
UAB Creditco does not use or collect cookies. Our website may include links to third-party websites, plug-ins and applications. We do not control these third-party websites and are not responsible neither for their privacy statements, nor for cookies policies. When you leave our website, we encourage you to read the privacy and cookies policies of every website you visit.
7. Is it mandatory to provide personal data?
In most cases provision of your personal data is mandatory in order for us to be able to provide services to you and for compliance reasons. Without such data we would not be able to provide services to you.
8. International data transfer
If necessary, Creditco will transmit your personal data to business partners, service providers and other companies which are located outside the European Economic Area (EEA). However, if we process your personal data outside the EEA, we take suitable measures which guarantee an adequate level of data protection.
9. Data safety
In order to protect the personal data against loss, falsification or disclosure to unauthorised third parties, we have taken adequate organisational, technical and administrative measures. Creditco uses firewalls in order to prevent unauthorised access to servers. The servers are located at safe locations in EU to which only authorised staff have access. All staff members and all persons involved in the processing of data are subject to an obligation to comply with all laws relating to data protection, and to treat personal data confidentially. Once logged into your account, all internet communication is secured using Secure Socket Layer (SSL) technology with PKCS #1 SHA-256 With RSA Encryption by Sectigo RSA Domain Validation Secure Server CA. However, this high level of protection can only be effective if you follow certain security practices yourself. You must never share your account or login details with anyone. If you are concerned that any of your login details have been compromised, you can change them any time once you are logged on, but you should always also immediately contact us and tell us why you think your login details have been compromised.
UNFORTUNATELY, THE TRANSMISSION OF INFORMATION VIA THE INTERNET IS NOT COMPLETELY SECURE. ALTHOUGH WE WILL DO OUR BEST TO PROTECT YOUR PERSONAL DATA, WE CANNOT GUARANTEE THE SECURITY OF YOUR DATA TRANSMITTED TO OUR SITE. ANY TRANSMISSION IS AT YOUR OWN RISK. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.
10. Data subjects’ rights
Under GDPR, all data subjects have certain rights. In particular: the right to access, correct, update, or request deletion of your personal data that we store about you.
You can object to processing of your personal data, ask us to restrict processing of your personal data or request portability of your personal data.
Similarly, if we have collected and processed your personal data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent.
If you wish to exercise any of these rights, you can do so at any time by contacting us via info@creditco.lt. Our data protection officer can be reached under info@creditco.lt.
You have the right to complain to a relevant data protection authority about our collection and use of your personal data, i.e. the Lithuanian State Data Protection Inspectorate (address L. Sapiegos str. 17, 10312 Vilnius, Lithuania, e-mail ada@ada.lt, website https://vdai.lrv.lt).
11. Children’s Privacy
We do not target children under age of 16 with our services. Children’s data can only be obtained with parent’s or legal guardian’s consent when child uses our product, i.e. payment card.
12. Changes to this Privacy Policy
We reserve the right to amend this Privacy Policy as necessary, for example due to technical developments or legal changes, or to update it in connection with the offer of new services or products. The updated Privacy Policy will be published on our website and we will alert you about the material changes.
Last updated on 18.07.2023