1. GENERAL PROVISIONS
1.1. Inrem finance, CJSC (org. Inrem finance, UAB), a company established and operating in accordance with the laws of the Republic of Lithuania, whose main activity is the provision of loans to business, respects Your privacy and protection of personal data, therefore pays special attention to the security of processed personal data.
2. CONCEPTS AND DEFINITIONS
2.1.1.personal data means any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
2.1.2.data subject means a natural person whose data is processed (e.g., a user of a website or a client‘s, which is a legal entity, contact person, representative, beneficiary, etc.);
2.1.3. processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
2.1.4. processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
2.1.7. regulation means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the "Regulations"). The Regulation may be accessed by clicking this link: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from.
3. PRINCIPLES OF PROCESSING OF PERSONAL DATA
3.1. Your personal data are processed in accordance with the following principles:
3.1.1. lawfulness, fairness and transparency, which mean that personal data are processed in a lawfully, fairly and in a transparent manner;
3.1.2. purpose limitation, which means that personal data must be collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes;
3.1.3. data minimisation, which means that only personal data that are adequate, relevant and only necessary for the purposes for which they are processed are collected;
3.1.4. accuracy, which means that personal data must be accurate and, where necessary, kept up to date; all reasonable steps must be taken to ensure that personal data which are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
3.1.5. storage limitation, which means that personal data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
3.1.6. integrity and confidentiality, which means that personal data are processed in such a way as to ensure adequate security of personal data through appropriate technical or organizational measures, including protection against unauthorized or unlawful processing and against unintentional loss, destruction or damage;
4. LAWFULNESS OF PROCESSING PERSONAL DATA
4.1. The Company processes personal data only on at least one of the grounds set out in Article 6 (1) of the Regulation. In most cases, the Company processes personal data in accordance with at least one of the following grounds of lawfulness:
4.1.1. with the consent of the data subject (Article 6 (1) (a) of the Regulation). If personal data are processed on the basis of the data subject's consent, the Company processes only those specific personal data for which consent has been obtained and only for the purpose (-s) for which those data were provided. The data subject has the right to withdraw his consent at any time. Withdrawal of consent must be as easy as giving it. In relation to the offer of information society services directly to a child, the processing of the personal data of a child shall be lawful where the child is at least 14 (fourteen) years old;
4.1.2. the processing of personal data is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract(Article 6 (1) (b) of the Regulation). Pursuant to this clause, the Company processes personal data when the contractual and (or) pre-contractual obligations assumed to the data subject cannot be fulfilled without have certain personal data;
4.1.3. the processing of personal data is necessary to fulfill legal obligations on the controller(Article 6 (1) (c) of the Regulation). The Company is obliged to process personal data in order to implement legal requirements established, for example, in the Law on Prevention of Money Laundering and Terrorist Financing of the Republic of Lithuania;
4.1.4. the processing of personal data is necessary for the legitimate interests of the controller or of a third party, unless such interests of the data subject or fundamental rights and freedoms necessitating the protection of personal data take precedence over them(Article 6 (1) (f) of the Regulation); While carrying out its activities, the Company faces a number of challenges, therefore it is often necessary to take measures to ensure its (in certain cases – third parties) rights and legitimate interests. It is difficult to define in advance the specific legitimate interests in the protection of which the Company processes personal data, but most often it is related to legal protection in various dispute resolution institutions, fulfillment of contractual obligations (when the data subject is not a party), improvement of the Company's services.
5. PURPOSES AND SCOPE OF PERSONAL DATA PROCESSING
5.1.1. The main purposes of using personal data processed by the Company are:
Identification of the client and the beneficiary, provision of financial services (granting of loans).
Personal data are processed on the basis of the legal obligations applicable to the financial service provider established in the Law on Prevention of Money Laundering and Terrorist Financing of the Republic of Lithuania, the Law on Financial Institutions of the Republic of Lithuania and other legal acts regulating financial services (granting loans). It should be noted that the Company must establish the identity of the customer, the beneficiary before the establishment of business relations, i.e. until the conclusion of the loan agreement.
Lawfulness: Article 6 (1) (c) of the Regulation.
Personal data that may be processed for the specified purpose: name; surname; personal code; date of birth; citizenship; address of declared place of residence, address of residence; e-mail address, telephone number; IP address; face photo; payment account number; data of the identity document and a copy of this document; data on the temporary residence permit and a copy of this document;
position held; information on whether the person and (or) close family members and (or) close assistants are going or in the last 12 (twelve) months. held important public positions in Lithuanian, EU, international or foreign institutions; information on whether the person is not included in the list of persons subject to international sanctions; details of the power of attorney and a copy of this document; other personal data that the Company must process in order to achieve the above purposes.
5.1.2. Fulfilment of other pre-contractual and contractual obligations.
Personal data shall be processed in order to properly and timely execute the contract already concluded and (or) to perform the actions necessary for the conclusion of the contract. The Company notes that the submission of an application via the website and (or) in other ways is treated as a request to enter into a contract. The Company also notes that for this purpose the Company processes personal data both in cases where the party to the contract is a data subject and in cases where the data subject is not a party to the contract but the processing of his / her personal data is necessary for the performance of the contract in order to implement legitimate interest of the Company and (or) third party. If, in accordance with the provisions of the applicable legal acts, the Company is subject to and (or) incurs a legal obligation to process additional data, personal data shall be processed to the extent, for the purposes and in accordance with the procedure required by legal acts.
Lawfulness: Article 6 (1) (b) of the Regulation; Article 6 (1) (f) of the Regulation.
Personal data that may be processed for the specified purpose: name; surname; e-mail address; telephone number; payment account number; other data specified in the contract and (or) submitted during the performance of the contract necessary for concluding and (or) implementing the contract.
5.1.3. Providing information related to services upon request
Upon receipt of the request, the Company has a legitimate interest in providing accurate and relevant information related to the services provided.
Lawfulness: Article 6 (1) (f) of the Regulation.
Personal data that may be processed for the specified purpose: name; surname; age; e-mail adress; telephone number.
Lawfulness: Article 6 (1) (a) of the Regulation.
Personal data that may be processed for the specified purpose: name; age; e-mail address; telephone number.
5.1.5. Administration, processing and execution of data subjects' requests.
The Company processes the data subjects' data in order to ensure the data subjects' rights set out in the Regulation. This purpose includes processing of personal data for the purpose of administering, examining, executing requests, providing answers and taking other actions necessary to exercise the rights of the data subject.
Lawfulness: Article 6 (1) (c) of the Regulation.
Personal data that may be processed for the specified purpose: name; surname; address of declared place of residence, address of residence; e-mail address, telephone number; data of the identity document and a copy of this document; data on the temporary residence permit and a copy of this document; other personal data that the Company must process in order to achieve the above purpose.
5.1.6. Improvement of the provided services.
Personal data are processed in pursuit of the Company's legitimate interest in order to to improve technical and organizational measures; to ensure the adaptation of the provided services to the used equipment; to increase satisfaction with existing services; to test and improve technical means and IT infrastructure.
Lawfulness: Article 6 (1) (a) of the Regulation; Article 6 (1) (f) of the Regulation.
Personal data that may be processed for the specified purpose: IP address; operating system version; settings of the device that is used to access Company’s content, services; time and duration of login session; search query terms entered through Company’s website; any other information stored in cookies (for more information about cookies check Section 11).
5.1.7. Protection of the Company's rights and legitimate interests in courts and other dispute resolution bodies and institutions.
Personal data are processed by the Company in order to exercise and (or) protect its (in certain cases - third parties) rights and legitimate interests in courts, other dispute resolution bodies, responsible institutions and bodies. The processing of personal data for this purpose includes, but is not limited to, debt management, the provision of documents for debt recovery, the submission of documents for legal or other professional advice, the submission of claims and other pre-trial and procedural documents.
Lawfulness: Article 6 (1) (f) of the Regulation.
Personal data that may be processed for the specified purpose: all the above-mentioned personal data, as well as documents sent to the data subject and their annexes, the amount of indebtedness, documents sent or submitted by the data subject and / or third parties (e.g. notaries, bailiffs, lawyers, heirs, etc.) and their annexes, procedural documents containing personal data, etc.
6. STORAGE PERIOD
The Company stores personal data to the extent necessary to achieve the stated purpose. Upon reaching the set goal, personal data are deleted, except in cases when the Company is obliged to store information by other legal acts and (or) personal data may be necessary for the performance of pre-trial investigation.
Personal data is generally stored for as long as the contractual relationship may give rise to reasonable claims or to the extent necessary to implement and protect the legitimate interests of the Company. In most cases, when the data subject stops using the services of the Company, personal data is stored for another 10 (ten) years, taking into account the general limitation period established by the Civil Code of the Republic of Lithuania.
After the expiration of the retention period, personal data are deleted in such a way that it cannot be reproduced.
7. PERSONAL DATA PROVIDERS
The Company, taking into account the basis of lawfulness of personal data processing and the purpose of processing, collects personal data from the following sources:
directly from the data subject;
from legal entities;
credit and other financial institutions and (or) their divisions;
personal document data verification databases (for example, Invalid personal document databases, etc.);
credential verification registers (such as the notarised credentials registry and other databases);
companies managing joint debtors' data files (for example, in Lithuania CJSC Creditinfo Lietuva or others);
companies maintaining registers of international sanctions;
state institutions and bodies (for example, the State Tax Inspectorate);
law enforcement agencies;
8. RECIPIENTS OF PERSONAL DATA
The Company ensures that personal data will not be provided or otherwise transferred to third parties without a legitimate basis or used for purposes other than those for which they were collected. However, in certain cases, when it is necessary for the provision of services, required by law or necessary to implement the legitimate interests of the Company, personal data may be provided to third parties.
The Company has the right to transfer personal data to processors that process personal data in accordance with the personal data processing purposes and instructions set by the Company. The processors must have the necessary technical and organizational security measures. When concluding an agreement with the data processor, the Company specifies, among other things, that the data processor must ensure the confidentiality of data transmitted by the Company for processing, and intends to obtain the prior written consent of the Company.
Personal data processed by the Company may be provided to data recipients who, after the transfer of data, process personal data for independent purposes and not in accordance with the Company's instructions. In this case, personal data are provided if such an obligation is provided by law, with the consent of the data subject, on other grounds of legality (e.g. execution of contractual obligations protection of rights and legitimate interests of the Company and others).
The provision of personal data to the recipient must be necessary to achieve the purpose for which the data were processed prior to the collection of the data, or there must be an appropriate legal basis for processing and providing the data for a new purpose. The Company may (or is obliged to) to disclose personal data to following entities (the list is not exhaustive):
banks and other undertakings providing payment services;
legal, audit and other professional service providers;
debt collection service providers;
companies processing consolidated debtor files (e.g. in Lithuania, UAB "Creditinfo Lithuania" or other);
other carefully selected buisiness partners (if necessary);
courts, pre-trial investigation bodies, prosecutors, etc.;
If the Company provides personal data to countries outside the European Economic Area, the Company ensures that one of the following security measures is applied:
the recipient of the personal data is established in a country which is recognized by the European Commission as having adequate data protection standards ("Adequacy decision“);
the contract signed with the data recipient is based on the Standard Contract Terms approved by the European Commission;
in the case of personal data transfer between group of undertakings, the rules binding on group of undertakings shall apply;
permission has been obtained from the State Data Protection Inspectorate;
the consent of the data subject to the transfer of personal data outside the European Economic Area.
9. RIGHTS AND ENFORCEMENT OF RIGHTS OF THE DATA SUBJECT
Data subjects have the following rights set out in the Regulation:
Data subjects have the following rights set out in the Regulation:
the right of access to data;
the right to request the rectification of data;
the right to erasure ("right to be forgotten");
the right to restrict data processing;
the right to data portability;
the right to object to the processing.
The Company notes that the rights of data subjects are not absolute and may be limited. This concerns in particular the right to erasure ("right to be forgotten"). This right does not apply if, for example, the personal data requested to be deleted are processed in order to fulfill a legal obligation and (or) to protect the legitimate interests of the Company and (or) the processing is necessary for the performance of the contract.
by e-mail firstname.lastname@example.org;
by registered mail to Kareiviu str. 6 - 504, Vilnius, Republic of Lithuania
by logging in to the client's account on the Company's website;
upon physical arrival at the Company's office, at the address Kareiviu str. 6 - 504, Vilnius, Republic of Lithuania by prior arrangement of the date and time of the visit.
The data subject's request must contain the following information:
data enabling the identification of the data subject;
personal data in respect of which such action is requested;
supporting documents for representation (if applicable);
supporting documents for information and / or data (if applicable).
The data subject shall be informed and the response and data shall be provided in the form in which the request was made, unless the data subject's request specifies information to be provided in another form. The Company reserves the right to provide information in the manner of its choice, if the provision of information in the form provided / requested by the data subject requires significant financial and / or time costs.
The data subject has the right to apply to the supervisory authority - the State Data Protection Inspectorate, company code 188607912, address A. Juozapaviciaus str. 6, 09310 Vilnius; tel. (8 5) 271 2804, 279 1445, fax. (8 5) 261 9494, e-mail email@example.com
10. RECORDS OF PROCESSING ACTIVITIES
The Company must compile and manage the ROPA, which are necessary for the Company to have constant and up-to-date information on the scope of its data processing activities, the persons participating in it, and the processing tools used and other neccesary information.
When managing ROPA, the Company follows the recommendation “On records of data processing activities” prepared by the State Data Protection Inspectorate (for more information: https://vdai.lrv.lt/lt/naujienos/valstybine-duomenu-apsaugos-inspekcija-parenge-rekomendacija-del-duomenu-tvarkymo-veiklos-irasu).
Data activity records are internal documents of the Company that may contain confidential information and therefore cannot be disclosed and must be kept in the same manner as other confidential information of the Community.
Cookies are small text files that a website stores on Your computer, mobile device, tablet or on other smart devices when You visit it . Cookies are used to help You browse websites and perform certain functions efficiently. You can find more information about these technologies and how they work, for example, at allaboutcookies.org.
The Company's website https://inrem.org/ may use essential, functional, performance-enhancing, targeted or promotional cookies. Cookies required for the operation of the website (essential cookies) are mandatory, as the website cannot function properly without them. The Company may use these cookies without Your consent.
Other cookies will only be stored on Your device if You consent to their use. The Company notices that without consent to the use of all cookies, some functions of the website may not work or may not work properly.
Personal data collected with the help of cookies is stored until the consent is revoked, and if the right to revoke the consent is not exercised or, in the case of necessary cookies, until the expiry of the specific cookie.
12. CONTACT DETAILS
Controller Inrem finance, CJSC (org. Inrem finance, UAB)
Legal entity code 305571479
Registered office address Kareiviu str. 6-504, Vilnius
Office address Kareiviu str. 6-504, Vilnius
Internet site https://inrem.org/
Tel. No. +370 61695480
El. Mail adress firstname.lastname@example.org
Register Register of Legal Entities of Respublic of Lithuania
Representative Director Andrey Ryabtsev
Last reviewed 07-05-2021
Kareiviu str. 6, Vilnius, LT-09117