Data protection safeguards your privacy and is of paramount importance to us at OP Financial Group. We want you to be aware of what data protection is, what constitutes personal data, how we use your personal data and how you will benefit from trusting us with your data.
What is personal data? How do we collect and process it?
What do personal data and data protection mean?
The definition of personal data is broad. In practice, all information from which a person can be identified either directly or when combined with other data constitutes personal data. In addition to your name, address, personal identity code and telephone number, information such as your bank account number, or health details or, typically, other data related to you as a natural person are also personal data. The purpose of data protection is to safeguard personal data.
How do we process your personal data?
We will keep your data safe and process it in the manner required by law.
Handling your personal data carefully and cautiously is of primary importance to us. We will only use your data for purposes defined in advance or for purposes compatible with such predefined use. We process your personal data in compliance with the law and good data processing practice.
We always make sure that there are legal grounds for the processing of your data. The most common legal grounds used by us are agreement, consent, binding legislation and legitimate interest.
We monitor access to and the handling of your personal data closely. Our personnel is under a confidentiality obligation not to disclose the information of our customers. We ensure the competence of our personnel who process personal data through regular training and evaluations. We also monitor the use, access rights and log data of systems that contain personal data. If we notice something wrong, we make an immediate intervention.
Questions regarding personal data can also be separately and additionally described in agreements concluded with client, mailing notices, filled applications, etc. Such separately and additionally described information regarding personal data shall prevail over the text published in this webpage.
More information on the processing of your personal data is provided in the Privacy notices.
What personal data do we collect?
Typically, we will collect personal data when you become our customer, use our products and services, take part in marketing campaigns or surveys or otherwise use our services. We only collect data relevant to the purpose in question.
The data collected by us includes:
The personal data we collect is determined by the service provision channel and product or service concerned.
Where do we obtain your personal data?
In the first instance, we obtain your information directly from you. Data may be obtained and derived from service use. In addition, we obtain data from registers maintained by the authorities and as well as from other reliable registers, third parties
You disclose your data to us when you purchase our services, participate in our surveys or campaigns or answer questions in connection with services provided by us. We also get information by observing how you use our services.
When you use OP Financial Group services, visit our online bank, sign a financing contract or submitting KYC questionnaires, you are also providing us with your personal data. For online services, such data can consist of information on the services and documents you have browsed.
Why do we collect your personal data and what do we use it for?
We use your personal data to be able to answer your requests and questions, process your orders and implement your agreements. We may also use your personal data in the further development of our products, services, customer service and sales and marketing.
We process your personal data in order to be able to offer and develop even better services and a better customer experience. In addition to day-to-day customer service, we use your personal data when automating our business processes and developing services in accordance with the Payment services legislation. Your data will also be used for customer communications and the fulfilment of our statutory obligations.
We analyse your personal data, for example, when performing the required client and risk categorisations, such as for granting financial services or when determining the suitability of investment products for you. The analysis may also take the form of profiling, in which we create projected profiles based on your data or otherwise anticipate your needs and actions. In some cases, such profiling is required by law, but we also create profiles in order to be able to offer better and more personalised products and services to you. Some of our operations also utilise automated decision-making, without human influence on the decision.
We use your personal data in OP Financial Group’s risk management and to fulfil obligations based on laws and official regulations and instructions, such as authenticating users and ensuring data security as well as preventing and investigating fraud.
We also use your personal data for customer communication purposes. We may send you announcements or notifications concerning our products and services or use your data for various marketing purposes, either subject to your consent or when explicitly permitted by law. In addition, we can use your personal data to recommend content or display personalised content for you in our online services. Such content can be created by OP Financial Group or reliable third parties.
When permitted by law or with your consent, we may also combine data collected in connection with a specific product and/or service with data gathered in other connections.
To whom do we disclose your personal data?
The disclosure of personal data refers to situations in which we give your personal data to other data controllers or processors for their own, independent purposes. We can disclose your data, within the limits permitted by law to the entities belonging to OP Financial Group.
We can also disclose your personal data to the authorities to fulfil a statutory obligation (e.g. to the tax, enforcement authorities) and to registers.
We can disclose your information to parties outside OP Financial Group subject to your consent or when the disclosure constitutes a part of the product or service being offered.
Who processes your personal data and where?
Your data will only be processed by OP Financial Group entities and employees whose duties require the processing of your data.
We use partners for service provision. For this reason, your personal data may be transferred to such parties for processing commissioned by us. Such parties are only permitted to process your data in accordance with our instructions. They are not entitled to use your data for their own purposes, such as direct marketing.
We use various contractual and other arrangements to ensure that our partners process your data carefully and in accordance with good data processing practice.
As a rule, we process your data within the European Economic Area. The European Economic Area refers to EU Member States and Iceland, Liechtenstein and Norway. If we transfer data outside the European Economic Area, such as to the United States, we will ensure a sufficient level of personal data protection in the manner required by law and use data transfer mechanisms approved by the European Commission, primarily the European Commission’s standard contractual clauses.
What kinds of rights do you have and how can you utilise them?
What are your rights as our customer?
You have the right to receive open and transparent information on the processing of your personal data, check your information, demand correction of inaccurate or incomplete data and demand the deletion of unnecessary or out-of-date data.
You have the right to prohibit the use of your data for direct marketing, marketing surveys and polls. You can change your settings in the online services or ask OP Financial Group’s to make the changes.
Who can I contact?
You can submit your queries and requests related to personal data processing in person to OP Corporate Bank plc Lithuania branch or UAB “OP Finance”, Konstitucijos ave. 29, Vilnius, LT-11311. If you are a NetBank user, you can also send us a NetBank message.
Our e-mail: email@example.com; telephone: 8 5 247 2075.
How do we process our corporate customers’ personal data?
OP Financial Group operates in sectors that require particular trust, and it is essential that OP Financial Group can ensure a high level of information security and data protection in all of its operations. All personal data is processed carefully and in accordance with legislative obligations and good data processing practices. We respect bank secrecy and the confidentiality of all of our operations.
We ensure that processing is based on lawful grounds. We will only use data for purposes defined in advance or for purposes compatible with such predefined use. Any unnecessary personal data will be deleted or anonymised.
In certain situations, the companies of OP Financial Group may process the personal data of its corporate customer’s employees, such as the information of a corporate customer’s contact persons. As a general rule, an OP Financial Group company will act as a controller in these situations in which case the corporate customer’s employees are data subjects as defined in data protection legislation.
Below you can find answers to the frequently asked questions presented by our corporate customers and cooperation partners.
What kinds of measures has OP Financial Group taken to ensure that the obligations of data protection legislation are met?
The EU General Data Protection Regulation will be applied as of 25 May 2018. A project is underway at OP Financial Group in which all of its operations related to the processing of personal data are reviewed. The project will ensure that OP Financial Group is able to meet the requirements of the new regulation and, in this way, further improve customer services.
OP Financial Group has also appointed a Data Protection Officer for the Group level. The Officer is assisted by an extensive network of data protection professionals. OP Financial Group will also train all staff members so that each employee in the OP Financial Group is familiar with the requirements of data protection legislation to the extent required by their duties and able to implement personal data protection in their own operation.
How is OP Financial Group prepared for data security breaches and communicating about them?
OP Financial Group will make every effort to prevent all data security breaches. In the event of a data security breach regardless of such measures, OP Financial Group has efficient operating models in place with the help of which it can quickly react to such situations and minimise any adverse effects of the breach. OP Financial Group will make necessary notifications on data security breaches it has detected in accordance with legislation.
How is the processing of personal data agreed with corporate customers and what is agreed related to processing?
In situations in which the General Data Protection Regulation requires that contracts must partly be updated, OP Financial Group will ensure that the contracts are updated. It may not be necessary to update contracts with regard to OP Financial Group’s corporate customers.
Does OP Financial Group transfer the personal data to third countries outside the European Economic Area?
We use partners for service provision. Personal data can be transferred in connection with service provision to an OP Financial Group’s partner located in a third country, for example. OP Financial Group always follows the obligations of personal data protection legislation when data is being transferred. We use various contractual and other arrangements to ensure that our partners process personal data carefully and in accordance with good data processing practice.
When any personal data is transferred outside the European Economic Area, the transfer mechanism used must comply with data protection legislation, such as model contractual clauses approved by the European Commission.
Who is responsible for providing information on the processing of personal data?
When an OP Financial Group company acts as a controller, it is responsible for providing appropriate information on the processing of personal data to its customers and other data subjects.
How will OP Financial Group ensure that its partners operate appropriately?
When OP Financial Group uses partners for the processing of personal data, it is responsible for the operation of the partners. OP Financial Group selects all partners with particular care in order to ensure an appropriate level of data protection and information security in all of its operations. If necessary, OP Financial Group may also audit the processors of personal data used in order to ensure that their operation complies with requirements.
OP Financial Group makes an agreement with partners used regarding the processing of personal data in which the contracting party is required to operate in accordance with the General Data Protection Regulation.
How will OP Financial Group ensure the security of personal data?
We protect personal data with appropriate technical and organisational safeguards. Such methods include proactive and reactive risk management and the use of firewalls, encryption techniques, secure data centres and access management and safety systems. We also make use of security planning, grant and supervise user rights in a controlled manner, ensure the competence of personnel who process personal data and choose our partners carefully. We are continuously updating our in-house practices and guidelines.
We use different analytics services to collect data on the usage of our website and services and to target advertising. Cookies enable us to link collected data to a unique browser. We can link data on the usage of services and websites to a customer only when the visitor logs into OP Financial Group services using his/her own username and password.
We aim to provide a better and more personal customer experience
By analysing our website usage and by using cookies, we aim to provide more personal services and to maintain and develop our websites.
Cookies and analytics provide us with information, for example, on which pages visitors go to, what applications they use and how they navigate between pages or sites. In order to develop our website, we collect data on, for example, what kind of website content is most efficient and functional.
If you want to disable cookies altogether you can do it in the browser settings. You can also disable cookies from the browser and disable targeted advertising and messages based on your historical behavioural data.
How do we collect and store your data?
Information security and the storage of your data
We take information security and the protection of our customers’ data seriously. We safeguard the confidentiality, integrity and availability of your personal data by careful processing practices. We protect your personal data with appropriate technical and organisational safeguards.
How do we protect your personal data?
We protect your personal data with appropriate technical and organisational safeguards. Such methods include proactive and reactive risk management and the use of firewalls, encryption techniques, secure data centres and access management and safety systems. We also make use of security planning, grant and supervise user rights in a controlled manner, ensure the competence of personnel who process personal data and choose our partners carefully. We are continuously updating our in-house practices and guidelines.
How do we store your personal data and keep it up to date?
We will retain the data required by your customer relationship for at least the duration of the customer relationship. After the end of the customer relationship, the length of the retention period depends on the requirements of legislation. We comply with statutory obligations concerning the storage of personal data. For example, to store the details of your identity verification document for eight years after your termination of business relationship.
We seek to keep the personal data we process accurate and up to date by deleting unnecessary data and updating outdated data. You should nevertheless check your data every now and then.