What does personal data mean?

Basically all information from which a person can be identified either directly or when combined with other data constitutes personal data. In addition to your name, address, personal identity code and telephone number, information such as your bank account number, phone conversation recordings or, typically, other data related to you as a natural person are also personal data.

How do we process your personal data?

We keep your data safe and process it in the manner required by law.

Handling your personal data carefully and cautiously is of primary importance to us. We will only use your data for purposes defined in advance or for purposes compatible with such predefined use. We process your personal data in compliance with the law and good data processing practice.

We always make sure that there are legal grounds for the processing of your data. The most common legal grounds used by us are legal obligation (agreement, consent, binding legislation), legitimate interest and consent.

We monitor access to and the handling of your personal data closely. Our personnel is under a confidentiality obligation not to disclose the information of our customers. We ensure the competence of our personnel who process personal data through regular training and evaluations. We also monitor the use, access rights and log data of systems that contain personal data. If we notice something wrong, we make an immediate intervention.

What personal data do we collect?

Typically, we will collect personal data when you become our customer, use our products and services, take part in marketing campaigns or surveys or otherwise use our services. We only collect data relevant to the purpose in question.

The data collected by us includes:

• personal data related to identification and authentication, such as your name, surname, personal identity code, birth date;
• contact details, such as your address, e-mail address and telephone number;
• various details related to the customer relationship and its management, such as your customer number and category and various information related to service use;
• data directly required by law, such as the data required for Know Your Customer purposes, i.e. customer’s governance structure, sources of income, origin of funds, current financial liabilities, credit history and creditworthiness, earnings and expences, financial aims etc.; and
• information on your current products and services, such as the details of investment services, vehicles and amounts, or information on the use of online services;
• various data which has come into being during the use of OP services, ie online identificators while using our websites and internet banking application, correspondence, use of services;
• call recordings in order to prove transactions made via telephone;
• data related to participating in polls and surveys.

The personal data we collect is determined by the service provision channel and product or service concerned.

We collect your personal data if you are our customer’s manager (CEO), shareholder, board or other managing or supervisory body member, beneficiary or other authorized representative as well.

Where do we obtain your personal data?

In the first instance, we obtain your information directly from you. Data may be obtained and derived from service use. In addition, we obtain data from registers maintained by the authorities and as well as from other reliable registers, third parties.

You disclose your data to us when you purchase our services, participate in our surveys or campaigns or answer questions in connection with services provided by us. We also get information by observing how you use our services.

When you use OP Financial Group services, visit our online bank, sign a financing contract or submitting KYC questionnaires, you are also providing us with your personal data.

Why do we collect your personal data and what do we use it for?

We use your personal data to be able to answer your requests and questions, process your orders and implement your agreements. We may also use your personal data in the further development of our products, services, customer service and sales and marketing.

We process your personal data in order to be able to offer and develop even better services and a better customer experience. In addition to day-to-day customer service, we use your personal data when automating our business processes and developing services in accordance with the Payment services legislation. Your data will also be used for customer communications and the fulfilment of our statutory obligations.

We analyse your personal data, for example, when performing the required client and risk categorisations, such as for granting financial services or when determining the suitability of investment products for you. The analysis may also take the form of profiling, in which we create projected profiles based on your data or otherwise anticipate your needs and actions. In some cases, such profiling is required by law, but we also create profiles in order to be able to offer better and more personalised products and services to you. Some of our operations also utilise automated decision-making, without human influence on the decision.

We use your personal data in OP Financial Group’s risk management and to fulfil obligations based on laws and official regulations and instructions, such as authenticating users and ensuring data security as well as preventing and investigating fraud.

We also use your personal data for customer communication purposes. We may send you announcements or notifications concerning our products and services or use your data for various marketing purposes, either subject to your consent or when explicitly permitted by law. In addition, we can use your personal data to recommend content or display personalised content for you in our online services. Such content can be created by OP Financial Group or reliable third parties.

When permitted by law or with your consent, we may also combine data collected in connection with a specific product and/or service with data gathered in other connections.

To whom do we disclose your personal data?

The disclosure of personal data refers to situations in which we give your personal data to third parties, i.e.:

• to OP Financial Group entities for the purposes of financial accounting, audit, risk assessment as well as when we use joint IT systems or technical equipment or it is necessary for our services provision;
• to authorities and institutions, other entities which exercise functions assigned them by law, i.e. supervisory authorities, law enforcement bodies, tax administrator, courts, bailiffs, notaries;
• to external auditors, law and financial or other professional advisers;
• to services providers which process joint debtors data files;
• to debt collection companies to which debt claims are transferred;
• to other services providers or those companies which are related to some services that we are providing (i.e. IT, post, archive etc.).

Who processes your personal data and where?

Your data will only be processed by OP Financial Group entities and employees whose duties require the processing of your data.

We use partners for service provision. For this reason, your personal data may be transferred to such parties for processing commissioned by us. Such parties are only permitted to process your data in accordance with our instructions. They are not entitled to use your data for their own purposes, such as direct marketing.

As a rule, we process and store your data within the European Union (EU) or European Economic Area (EEA), however we can transfer your personal data outside the EU/EEA in some cases. If we transfer data outside the EU/EEA, such as to the United States, we ensure a sufficient level of personal data protection in the manner required by law and use one of the following instruments implemented:

• there is an agreement in line with the standard terms and conditions approved by the European Commission;
• the European Commission has recognized the state ensures a sufficient level of personal data protection;
• we get a consent from supervisory authority.

What are your rights?

You have the right to receive open and transparent information on the processing of your personal data, check your information, demand correction of inaccurate or incomplete data and demand the deletion of unnecessary or out-of-date data.

You have the right to request to transfer your personal data to another controller or provide directly to you in a appropriate format (applicable to the personal data which you have provided yourself and which are processed by automated means on consent basis or on agreement conclusion and performance basis).

You always have the right to withdraw your consent without any impact on the use of your personal data that was performed before the withdrawal of the consent.

How will you exercise your rights?

You can submit your queries and requests related to personal data processing in person to OP Corporate Bank plc Lithuania branch or AB “OP Finance”, Konstitucijos ave. 29, Vilnius, LT-08105. If you are a NetBank user, you can also send us a NetBank message.

Our e-mail: info@opbank.lt , legal@opbank.lt ; telephone: 8 5 247 2075.

We will reply to your request within a period of not more than 30 (thirty) calendar days since the day of receipt of the request. In exceptional circumstances which require additional time, we have the right to extend the deadline for the submission of the requested data or for the consideration of claims set out in the request up to 60 (sixty) calendar days after the day of your referral.

You always have the right to lodge a complaint to the supervisory institution if you are not satisfied with our provided answer to your request or with our principles of processing personal data.

How do we protect your personal data?

We protect your personal data with appropriate technical and organisational safeguards. Such methods include proactive and reactive risk management and the use of firewalls, encryption techniques, secure data centres and access management and safety systems. We also make use of security planning, grant and supervise user rights in a controlled manner, ensure the competence of personnel who process personal data and choose our partners carefully. We are continuously updating our in-house practices and guidelines.

How do we store your personal data and for how long?

We store your data no longer than it is required for the purposes for which they have been collected or for a period as provided by legislation, e.g.:

• we process data collected from reendering services till you continue using our services and store for a futher 10 (ten) year period after you cease using them;
• to the extent it is necessary for document archiving purposes in compliance with the legal deadlines.

We seek to keep the personal data we process accurate and up to date by deleting unnecessary data and updating outdated data.

Questions regarding personal data can also be separately and additionally described in agreements concluded with client, mailing notices, filled applications, etc. Such separately and additionally described information regarding personal data shall prevail over the text published in this webpage.

More information on the processing of your personal data is provided in the Privacy notices:

OP Corporate Bank plc Lithuania branch Privacy notice (file).

The Regulation is updated on 3^rd February 2021.

We have the right to amend the Regulation within the limits of changes in the legislation and in / or OP Financial Group activities.