This Privacy Policy (the Privacy Policy) describes how Personal Data is processed while visiting and using services on the Website https://www.wittix.com/. Please read it carefully as it describes our collection, use, disclosure, retention and protection of your personal information.
The capitalized definitions used in this Privacy Policy shall have the meanings ascribed to them in the General Payment Service Agreement.
Main Data Processing Information
The identity and the contact details of the Data controller: Wittix, UAB, Lvivo g. 25-104, Vilnius Lithuania, email: [email protected]
Contact details of the Data protection officer: Algirdas Rasinskas , email: [email protected], tel:+37052084498.
Our main Data processing purposes:
Profiling. Profiling is the segmentation process during which Wittix, in accordance with the information collected during the onboarding procedure, assigns all of its Customers to the Risk Rating in order to carry out a risk assessment of each such customer for anti-money laundering purposes. Such attribution to the risk levels may have negative consequences for you, for example, we may refuse to further engage into business relationship with you. Profiling carried out by Wittix contributes to semiautomated decision-making, such as risk management and transaction monitoring in the fight against fraud, including automated data collection from databases and preliminary assessments and conclusions about whether you can use our services, taking into account the relevant laws and regulations and internal procedures that apply to us. Wittix carries out profiling on the basis of the performance of a legal obligation. Wittix may process personal data and assess personal aspects, if Wittix needs to perform a risk assessment for anti- money laundering purposes. Methodology of profiling: based on the information obtained during the onboarding procedure Wittix evaluates certain risk factors attributable to you. Each such risk factor has a different value and such values of each risk factor are accumulated and the System automatically determines the applicable risk score of the Prospective Customer or the Customer. Should Wittix deem the Risk Rating of the Prospective Customer or the Customer to high, Wittix may refuse to enter into business relationship with the Prospective Customer or to continue such business relationship with the Customer. The Prospective Customer or the Customer has the right to request not to be subject to Wittix decision based solely on the automated Personal Data processing, including profiling. The Prospective Customer or the Customer may exercise this right in the event when Wittix, based on an automated decision, refuses to enter into a service agreement or to provide the Services. Upon receiving a request from the Prospective Customer or the Customer Wittix employees will re-evaluate the decision made by automated means. Your data subject rights: to obtain information from the Data controller about your stored Personal Data (right to access), the right to rectification or erasure of Personal Data or restriction of processing, right to data portability, right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal, where the processing is based on your consent. You also have a right to submit a claim to the supervisory authority. For more specific information about your personal data processing please refer to the full version of the Privacy policy below. |
Full Version of the Privacy Policy
This Website is operated by Wittix, UAB, legal entity code 304900982, address Lvivo g. 25-104, Vilnius, Lithuania (hereinafter – Data controller, Wittix or we). Wittix recognizes the importance of your privacy and is committed to protecting your Personal Data. This privacy policy explains the principles on how Wittix collects and uses information when you visit our website www.wittix.com and use any of our services.
Wittix processes your Personal Data under this Privacy Policy and in accordance with applicable legislation, including the General Data Protection Regulation (2016/679) and the applicable national data protection laws of the Republic of Lithuania, as applicable towards the personal data controller.
How We Collect Data
Personal Data is usually provided to us by yourself, collected automatically, by using cookies (for more information, please see Cookies Policy), and some information can be provided by third parties, such as notaries and registries, where Wittix performs checks required by KYC and anti-money laundering regulations to limit fraud. Please note that information provided by third parties may include Personal Data of directors, executives, ultimate beneficial owners, therefore if you are a representative of a company, creating a business account on the Website, it is your obligation to inform other directors, executives and ultimate beneficial owners that their Personal Data shall be processed by us in a way described in this Privacy Policy.
Legal Basis and Purposes for Processing the Personal Data
Wittix’s legal basis to process your Personal Data depends on the objective and context in which we collect the Personal Data. For easier understanding, we have grouped all purposes and data categories for processing the personal data with the following legal grounds:
- Performance of a legal obligation, meaning that Wittix is required to process certain Personal Data by applicable laws;
- Performance of a contract, meaning processing of Personal Data is needed for the performance of a contract to which you are a party, i.e., the terms and conditions and regulations, which you have accepted upon registration;
- Wittix’s legitimate interest to improve the Website and Wittix’s business activities;
- Your consent, if such is granted, for example, ensuring an effective user experience by adjusting the Service is only possible upon your consent, without your consent it would not be possible to tailor the Service to meet your preferences. The Personal Data collected for direct marketing purposes may be processed only with the unambiguous active consent of you which clearly indicates that you agree with the processing of your Personal Data for direct marketing. You have a right to withhold your consent or withdraw previously given consent without any adverse effect. Thus, the legal basis for data processing is your consent. In some cases, direct marketing can be performed based on our legitimate interest – to promote our business and update you with our new products and services.
The Following Depicts a Non-exhaustive List of Processing Purposes That Are Linked to The Specific Legal Basis for Processing:
Legal basis for the processing purpose |
Processing purpose |
Performance of a legal obligation |
Identification of customers and ultimate beneficial owners, identification and registration of politically exposed persons, fraud detection (performance of a legal obligation under the Lithuanian Law on Prevention of Money Laundering and Terrorist Financing, Gambling Law). Before we engage into any business relationships, we will ask you to fill-in onboarding forms (customer information questionnaire(s) in order to fulfill our “Know your customer” obligation).
|
Customer due diligence (performance of a legal obligation under the Lithuanian Law on Prevention of Money Laundering and Terrorist Financing). |
|
Entering to or performance of a contract |
Creation and administration of your account on our webpage, processing of transactions, providing other agreed services. |
Customer support and communication between you and Wittix, customer feedback registration and handling. |
|
Contacting through Contact us form on the website, chatbot, calling or emailing regarding questions, queries, support requests, comments or complaints, to become a merchant or partner. |
|
Legitimate interest |
Diagnose and repair problems with the website (Wittix’s legitimate interest in providing data security and preventing fraudulent actions related to the website and the services, also, ensure the functioning of the website and the services. |
Analysing statistical data regarding the usage of the website and service (Witix’s legitimate interest in analysing the functioning of the Website and Service for its business development). |
|
Data transfers to other data recipients for receiving verification, payment and/or fraud prevention services, for example, Wittix uses IDenfy for the purposes of customer identification (Wittix’s legitimate interest in detecting and deterring suspicious and fraudulent actions related to the website and services). |
|
Data transfers within the Wittix group (Wittix’s legitimate interest in utilizing shared administrative infrastructure and optimizing costs, including data storage). |
|
Storing materials containing Personal Data in Wittix’s backup systems (Wittix’s legitimate interest in ensuring the security of data processing operations). |
|
To resolve conflicts, manage litigation, resolve issues, and provide you customer service (including troubleshooting in connection with customer issues). The legal basis for data processing is our legitimate interest – to provide good customer service in connection with our administration duties. |
|
To secure evidence. We may record any ongoing communication (video or voice) between Wittix and the customer/user using any available technical means, and archive all the records, as well as the copies of any information and documents that Wittix will receive from the customer/user and third parties. The legal basis is the legitimate interest to secure evidence of the communication. |
|
Our internal business purposes, such as statistics, analysing and managing our businesses, business mergers and acquisitions, market research, audits, developing new products, enhancing our websites, identifying usage trends, determining the effectiveness of our promotional campaigns and gauging customer satisfaction. The legal basis for data processing is our legitimate interest – to improve our services for your needs. |
|
Protection of the legal rights and interests of Wittix, including, but not limited to, the discovery, conduct or defense of legal rights. The legal basis for processing is compliance with a legal obligation. |
|
Consent |
Direct marketing, such as customer satisfaction surveys, organization of various events and personalization of your experience on the website by presenting products and offers tailored to you. |
Analysing statistical data regarding the usage of the website and service. |
Provision of Personal Data, related to Wittix’s legal obligations, is a statutory requirement, without which the provision of services becomes impossible or substantially impeded, therefore you are obliged to provide Personal Data thereof. Providing Personal Data, related to entering to or performing a contract is a contractual requirement, without which Wittix would not be able to provide services properly. For more information about the Personal Data required for the contract, please see the General Payment Service Agreement.
The Data We Process for our Newsletter and Marketing Purposes
In case the Website offers you to fill the form to subscribe to our newsletter, doing so you indicate your consent to receive invitations to events and other advertising materials from Wittix or download content from the Website. You can at any time unsubscribe from receiving these emails by following the instructions provided in any of the newsletters.
Children’s Privacy
We do not knowingly collect personal identifiable information from or about persons under 18 years of age. In case we discover that a person under 18 has provided us with personal information, we immediately delete this from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us so that we will be able to take the necessary actions.
Data Recipients
We have to share your Personal Data with other Wittix group companies and third parties (data processors or recipients) for the reason to comply with statutory obligations or to perform the tasks assigned to third parties on our behalf, in which case they are also obliged not to disclose or use the information for any other purpose:
Wittix group companies. In order to provide you with the best service, for example, to provide customer support service;
Our service providers. We may share Personal Data with other partners who perform services and functions on our behalf: IT, banking and financial-services partners, payment service, card manufacturing and delivery, customer support, marketing and communication service providers, credit-reference and fraud-prevention agencies, etc.). In particular, we use Factiva Limited (DowJones) - a private database for risk assessment; UAB “IDenfy” as a provider of remote customer identification services, Skype for voice and video communication, UAB “Probanx Solutions” for SEPA payments proceeding, Banking Circle S.A. and IFX (UK) Ltd - for SEPA and WIRE payments proceeding, Bank of Lithuania - for safeguarding your funds, Wallester AS – for management of issuance, distribution and transactions made by your prepaid and debit cards, Wittix Ltd – for IT payment service equipment, marketing and advertisement services, cloud services, UAB NRD CS – for IT security, Proventuslaw LT, UAB – for internal audit purposes, Nexmo for SMS, Mailchimp and Amazon for email, Sentry for bug reporting, Amazon s3 for file storage, Google analytics and Facebook pixel for analytics.
Public supervisory institutions (for example, Bank of Lithuania);
Other parties when you use their services (for example, merchants and service providers of your transactions);
Other transactional participants to resolve conflicts and to investigate and prevent fraud.
In other cases, we will not share your information with any third party, unless we have your permission, unless it is allowed or obliged by applicable laws (for example, consent is not required for a potential employer to obtain information about an employee from a former employer, defend legal claims, etc.). If our business is sold or integrated with another business, personal data may be disclosed to our advisers and any prospective purchaser’s advisers and may be passed to the new owners of the business.
International Data Transfers
When data is transferred outside EU/EEE, we employ adequacy decisions to determine whether a country outside the EU offers an adequate level of data protection. We do not transfer data to countries, in respect of which no adequacy decision has been adopted.
Storage of Data
We retain personal information in an identifiable format as long as required by law or regulation, or as long your consent to process data is valid, in any way not longer than it is needed for the purposes set in this Privacy Policy. For example, data we have collected in relation to our legal obligation to verify our merchants will be kept by us for as long as we are legally obligated to, which is generally at least 8 years after end of relationship (article 19 (10) of the Law on the Prevention of Money Laundering and Terrorist Financing of the Republic of Lithuania); data about any questions, comments or support requests you have made us if you are not a merchant, will be kept for 5 years in accordance with article 19 (11) of the Law on the Prevention of Money Laundering and Terrorist Financing of the Republic of Lithuania. If we need to keep any information longer for our legitimate interest of protecting our legal rights, we will keep the necessary information for this purpose until the relevant claim(s) has/have been settled.
Social Media Buttons
We use plugins on our Website from social media networks such as Facebook, Instagram, LinkedIn and Twitter. We also use plugins for the embedded video players which can be found on our Website. Our plugins will not collect Personal Data about you, unless you click on these logos or videos. If you click on them, these plugins are activated and automatically transmit data to the plugin provider. We do not have any influence over which data these providers collect from you and we are also not aware of the extent of their data processing. If you would like more information about their data processing, this can be found in the respective privacy policies on the websites of these providers.
Your Rights as a Data Subject
You may, at any time, exercise the following rights with respect to our processing of your Personal Data by contacting us via contact information referred to in this Privacy Policy below:
Right to access: you have the right to request access to any data that can be considered your Personal Data (overview of your information or a copy). This includes the right to be informed on whether we process your Personal Data, what Personal Data categories are being processed by us, and the purpose of our data processing;
Right to rectification: you have the right to request that we correct any of your Personal Data if you believe that it is inaccurate or incomplete. We have a legal obligation to ensure that your Personal Data is kept accurate and up to date. We kindly ask you to assist us to comply with this obligation by ensuring that you inform us of any changes that have to be made to any of your Personal Data that we are processing.
Right to object: you are entitled to object to certain processing of Personal Data, including for example, making automated decisions based on your Personal Data (profiling) or when we otherwise base the processing of your Personal Data on our legitimate interest;
Right to restrict Personal Data processing: you have the right to request that we restrict the processing of your Personal Data if you wish to: (i) object the lawfulness of the processing; (ii) fix unlawful processing of Personal Data; (iii) receive or avoid deletion of Personal Data for establishing or defending against legal claims; or (iv) demand restriction of the processing until assessing the plausibility of Wittix’s legitimate interest in the specific processing activity;
Right to erasure: you may also request your Personal Data to be erased if the Personal Data is no longer necessary for the purposes for which it was collected, or if you consider that the processing is unlawful, or if you consider that the Personal Data has to be erased to enable us to comply with a legal requirement;
Right to data portability: if your Personal Data is being automatically processed with your consent or on the basis of a mutual contractual relationship, you may request that we provide you that Personal Data in a structured, commonly used and machine-readable format. Moreover, you may request that the Personal Data is transmitted to another controller. Bear in mind that the latter can only be done if that is technically feasible;
Right to withdraw your consent: in cases where the processing is based on your consent, you have the right to withdraw your consent to such processing at any time without any adverse effect;
Right to submit your claim with the supervisory authority: if you are not satisfied with our response to your request in relation to Personal Data or you believe we are processing your Personal Data not in accordance with the law, you can submit your claim with the Lithuanian State Data Protection Inspectorate at https://vdai.lrv.lt/.
Please note that you will need to provide sufficient information for us to handle your request regarding your rights. Prior to answering your request, we may ask you to provide additional information for the purposes of identifying you and evaluating your request. There are also some exceptions to these rights, for example, it will not be possible for us to delete your data if we are required by law to keep it or if we hold it in connection with a contract with you. Similarly, access to your data may be refused if making the information available would reveal personal information about another person or if we are legally prevented from disclosing such information.
How Do We Protect Your Data
We are committed to securing your Personal Data and have taken steps in this regard. In order to prevent unauthorized people or parties from being able to access your data, we have put in place a range of technical and organizational measures, such as utilizing the two-factor customer authentication and the two-factor authentication within Wittix, and implementing a user rights policy established on a "need-to-know" basis and segregation of rights.
Changes to this Privacy Policy
We reserve the right to amend this Privacy Policy as necessary, for example, due to technical developments or legal changes, or to update it in connection with the offer of new services or products. The most recent Privacy Policy will always be published on our Website.
Contact us
If you have any questions about this Privacy Policy, do not hesitate to contact our Data protection officer at [email protected] or by phone +370 5 2683303.