FAQ  ›

Legal and AML/CTF
 

Legal and AML/CTF

As all electronic money institutions we store, process and ensure safety of our customers data. With this article, you will be able to find answers to such questions as: “What data is stored? For how long is my data kept? Is my data safe with your institution? Why are you processing my data? Can you delete all data related to me? Who do you share my data with? Who do I contact to learn more about my data with you? “

 

What kind of data do we store?

Based on Customer request for the account opening with the Company, Customer agrees with Privacy Policy, General Terms and Conditions, Card Terms and Conditions, therefore the Company starts processing the following categories of personal data:

  1. Identification data such as name, surname, personal identification code, date of birth, data regarding the identification document (such as passport or ID card number, date of issuance and expiration date, issuance country, citizenship, copy of the passport or ID card), photograph;

  2. Contact data such as telephone number, email address, the residence address, postal address;

  3. Data related to the services such as the performance of the agreements or the failure thereof, contract number, executed transactions, usage of ATMs, concluded and expired agreements, submitted applications, requests and complaints, interests and service fees, account number, card issuance date and expiration date, card number, postal address for card delivery;

  4. Professional data such as educational or professional career, occupation;

  5. Due diligence information, such as purpose of the business relationship, reasons for opening account, place of birth, source of income, self-declaration of politically exposed person, accounts with other banks; planned monthly turnover, countries for incoming payments, expected outgoing payments types, planned turnover of outgoing payments, countries for outgoing payments;

  6. Data about tax residency such as data about the country of residence for tax purposes, tax identification number, citizenship, tax resident of USA;

  7. Communication data – e-mails, messages, Handset ID;

  8. Location data – Internet Protocol (IP) address.

 

What is the basis of data processing?

Data processing has been performed on the basis of consent (GDPR Article 6, 1 (a)), contract performance (GDPR Article 6, 1(b)), legal obligation (GDPR Article 6, 1(c)) and legitimate interest (GDPR Article 6, 1 (f)).

Please find below the list of laws the Company uses for legal basis to process data:

  • Republic of Lithuania Law on the Prevention of Money Laundering and Terrorist Financing

  • Republic of Lithuania Civil Code

  • Republic of Lithuania Accounting Law

  • Republic of Lithuania Law on Payments

  • Republic of Lithuania Law on Tax Administration

  • The Order of the Head of Tax Authority of Republic of Lithuania

  • Republic of Lithuania Law on Electronic Money and Electronic Money Institutions

 

What is the purpose of data processing?
 

The Company processes personal data only for specific and necessary purposes, these are:

  • To comply with legal obligations and verification of identity. To comply with applicable law, for example related to implementing the principles to prevent, discover, investigate and report potential money laundering, terrorist financing;

  • Provide services and to execute contracts concluded;

  • Execute transactions on the system and process incoming and outgoing payments;

  • Prevent misuse of financial services and ensure adequate provisions of services. To authorize and control access to and functioning of digital channels, prevent unauthorized access and misuse of those and to ensure the safety of information based on: performance of an agreement or take steps at the request of the Customer prior to entering into an agreement;

  • Protect the interests of the Customer and/or the Company and examine the quality of services provided by the Company and for the purpose of providing proof of a commercial transaction based on performance of an agreement or in order to take steps at the request of the Customer prior entering into an agreement or compliance with a legal obligation of the Company or legitimate interests to prevent, limit and investigate any misuse or unlawful use or disturbance of financial services or quality assurance of services, establish, exercise, assign and defend legal claims;

  • Notify Customer about changes to the services;

  • Manage Customer relations in general and provide and administer access to financial services offered by the Company;

  • To improve technical systems, IT infrastructure, customizing the display of the service to the device and to develop services such as by testing and improving technical systems and IT infrastructure;

  • Administer the Company’s web pages and the App for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes; improve web pages and the App to ensure that content is presented in the most effective manner for you and for your computer;

  • Improve the Customer’s user experience of services and to develop new products and services.

 

Who can receive gathered personal data?

The Company transfers personal data to the following data recipients’ categories under such legal basis as contract performance with customer and based on legal obligation as well:

  • authorities (such as law enforcement authorities, tax authorities, supervision authorities);

  • other banks and financial institutions, providers of payment and other services involved in the performance of a transaction in order to execute transactions on Company’s system;

  • participants and/or parties related to domestic, European and international payment systems, such as SWIFT;

  • other persons related to provision of services of the Company such as payment card processing, providers of postal services or analytical services or any other services.

Who can provide personal data?

The Company receives and collects personal data from:

  • directly from customer;

  • other financial institutions;

  • open sources;

  • partners or other legal entities, what the Company uses to provide services to customers.

 

How long is the data stored?

The Company processes personal data not only for contract execution with the customer as mentioned in GDPR Article 6, 1(b), but also for such purpose as complying with legal requirements, as it is mentioned in GDPR Article 6, 1 (c) “processing is necessary for compliance with a legal obligation to which the controller is subject.”

Therefore, the exception for data erasure mentioned in GDPR Article 17, 3(b) applies “Paragraphs 1 and 2 shall not apply to the extent that processing is necessary: <…> for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject.”

The Company obliged by law to store and process the data during the relationship and after the contract termination for the period stated by law. Please find below the laws we take into consideration when evaluate data storage term:

  1. According to the Republic of Lithuania Law on the Prevention of Money Laundering and Terrorist Financing the Company must store your communication data for 5 years after the contract termination;

  2. According to the Republic of Lithuania Accounting Law and Republic of Lithuania Law on Tax Administration the Company must store data about tax residency and identification data during 5 years after the contract is terminated;

  3. According to the Republic of Lithuania Law on the Prevention of Money Laundering and Terrorist Financing the Company must store your personal data submitted for identification, contact, due diligence, data related to the services during 8 years after the contract termination;

  4. According to the Republic of Lithuania Civil Code the prescription time during which a person can defend his violated right by bringing an action is 10 years, therefore the Company must store your personal data (identification data, contact data, data related to the services, professional data, due diligence information, communication data, location data, data about tax residency) during 10 years after contract is terminated.

That means the Company will store most of your personal data during 10 years after the contract termination. In case if during the storage period there is an investigation or prescription or some legal procedures that demand the Company to store data longer, the Company will prolong the data storage period as required by law.

Although this the Company will not store the data more than it is required. After the retention period the data will be destroyed or permanently erased according to the Company internal procedure and the Company will ensure data erasure within data processors used.

 

What are the limitations?

In accordance with the Law on the Prevention of Money Laundering and Terrorist Financing, Article 24 point 4, customers are not entitled to access their data provided to law enforcement or other supervision authorities.

 

How do I consent or withdraw my consent for marketing materials?

The Company processed your personal data also based on your consent as mentioned in GDPR Article 6, 1(a), which can be freely withdrawn. In order to withdraw you consent, you can go to the Settings section of your profile in the app and turn subscription to marketing materials off, or contact our support team via chat or at [email protected]

 

What are my rights?

Please be aware that you still have the right to request access or rectification or erasure of your personal data or restriction of processing or object of processing as well as right to data portability. Please contact us by [email protected] for further information.

Just like other banks, we too have a duty to comply with regulatory requirements and follow the Know Your Customer (KYC) principle in our operations. For this reason, we ask our clients:

  • To indicate their contact information, nationality, place of residence, field of activity and other similar data.

  • Update this information time from time.

  • If necessary, to provide further details about certain transactions (e.g. about the origin of funds transferred to customer’s account).

We request this information from both local natural persons and legal entities, and from our foreign clients, who are asked to provide reliable evidence substantiating their professional, economic, social or personal connection with our country.

Relationship between VIALET and its customers is based on mutual trust. We care about our customers’ trust; we, therefore, periodically publicly announce our financial results and other performance reports. Accordingly, we ask our customers to provide certain information about them as well.

Provision of information is important for several reasons. First, VIALET must comply with very strict legal requirements which oblige us to implement the ”Know Your Customer (KYC)” principle. Implementation of this principle is related to application of international measures aimed at prevention of money laundering and terrorism financing. We must ensure that our infrastructure is not abused by malicious entities or by persons who pose threat to others.

Another important reason is that VIALET cares about their customers’ security and the security of their accounts. With up-to-date details available, we can ensure safety of accounts more easily, prevent illegal actions by fraudsters, stop suspicious transactions and thereby protect our customers from financial losses.

 

Data Security

All of the data you provide us is protected by strict security and confidentiality rules.

We disclose customer data to third persons only if we have received the customer’s written consent or if the disclosure of data is required of us pursuant to law (e.g. a notary, the police, the State Revenue Service and Customs Board).

Information is not collected with the purpose to immediately forward it to other institutions. Information you provide is stored responsibly. In certain cases, when this is necessary, authorized institutions (law enforcement, security provision, etc.) are entitled to address banks and request the provision of information about a customer. In such case in accordance with laws, we will be obliged to provide such information.

 

Income data

We ask you to provide us with revenue data so that we can better understand the origin of the funds in our clients’ accounts, as well as whether the transactions you perform match your income. This helps us get to know our customers better and makes it easier to ensure the security of our customers’ funds.

Laws and market surveillance institutions require us to know to whom we are providing our services. The Questionnaire is therefore the first step in getting to know our customers better and getting the information required by law.

 

Taxpayer Identification Number (TIN)

A Taxpayer Identification Number (TIN) is a personal identification number used for the exchange of tax information between different countries in accordance with the Common Reporting Standard (CRS) or the FATCA (Foreign Account Tax Compliant Act). In the case of a Lithuanian resident, the Taxpayer’s code coincides with the customer’s personal code. The customer must indicate all Tax Payment States and all Taxpayer Codes corresponding to the established structure. The structure of Taxpayer Codes for different countries is provided here.

 

What languages can be used to fill in the declaration/questionnaire?

Lithuanian or English

 

Why can’t VIALET get all the necessary information from other State agencies such as VMI (State Taxation Inspectorate), the Registers Centre (VĮ Registrų centras), and others?

The law obliges us to receive the information specified in the Questionnaire directly from our customers. The information available to these authorities can be used as an additional source of data to verify the information you provide.

 

Who is a Politically Exposed Person (PEP)?

We ask our clients or their representatives to provide information about the fact that they or their family members (spouse, co-habiting partner, parents, siblings, children and children’s spouses, children’s co-habiting partners), close associates (persons with whom a person has common business, keeps professional or business relationship) presently occupy or in the recent 12 months have held an important public position in any state and/or international institution since the bank has to conduct enhanced monitoring of business relationship / monetary transactions of such clients.

Important public position shall be considered the following:

  • Head of the State, Head of the Government, a minister, a vice minister or a deputy minister, State Secretary, the Chancellor of the Parliament, Government or Ministry

  • Member of the Parliament;

  • Member on the Supreme Court, the Constitutional Court or any other judicial authority, whose decisions are not subject to further appeal;

  • Mayor of the municipality, director of the municipal administration;

  • Member of the management body of the national supreme audit and control institution, the chairperson, deputy chairperson or a member of the board of the central bank;

  • Ambassador, chargés d’affaire, Chief of Defence of the Republic of Lithuania, commanders of the armed forces and units, Chief of the Defence Staff or high-ranking officer in the armed forces of foreign country;

  • Member of the management or supervisory body of a state enterprise, public company, private company all or part of shares of which awarding more than ½ of all votes in the general meeting of shareholders of these companies are held by the State by right of ownership;

  • Member of the management or supervisory body of a municipal enterprise, public company, private company all or part of shares of which awarding more than ½ of all votes in the general meeting of shareholders of these companies are held by the State by right of ownership and which are considered to be large enterprises within the meaning of the Law of the Republic of Lithuania on Financial Reporting by Undertakings;

  • Head, deputy head, member of the administrative, management or supervisory body of international intergovernmental organization;

  • Leader, deputy leader, member of the administrative, management body of the political party.

Please not that if you are a family member or immediate helper of a politically exposed person, you must supply the required information about this politically exposed person.

 

In case customer refuses to provide requested data

If we are not provided with the necessary information, in certain cases, we will no longer be able to provide its services to such a customer. This may mean restrictions in using one’s account, card, online banking. Money in your account will not disappear, however, you will have access to banking services only after you provide the required information.

We value your feedback. Awareness about the situations, which caused your disappointment, enables us to improve and assure better provision of services not only to you, but to other customers as well.

If you want to submit a customer service feedback, you may choose a method most suitable and acceptable for you:

By Chat: use in-app chat

By e-mail: to [email protected]

By Post: “VIA Payments” UAB, Konstitucijos pr.7, Vilnius, Lithuania

If you are of the opinion that your rights or terms of the agreement with “VIA Payments” UAB are breached, please contact us using one of the methods specified below:

By Chat: use in-app chat

By e-mail: to [email protected]

By Post: “VIA Payments” UAB, Konstitucijos pr.7, Vilnius, Lithuania

When submitting fill the corresponding COMPLAINT form or REQUEST form and provide following details:

  • Name, surname/ legal entity name

  • Personal code (or date of birth)/ legal entity code

  • Address

  • E-mail and phone number that your account is registered to (for existing customers)

  • Account number (for existing customers)

  • Date and time of the occurrence

  • Detailed description of the occurrence, indicate circumstances under which the occurrence took place, attach all supporting documentation

Next steps:

We will try to acknowledge your request within the next 5 business days.

In case we are unable to resolve your request in the set time of 14 days or if we need more information from you, you will receive a prompt written acknowledgment from us regarding the further process for your request.

A full and final response will be issued within 14 business days from the date we have received the complete complaint, setting out our understanding of your concerns and a possible resolution.

If we are unable to issue our full and final response within 14 business days, we will update you on the progress of your complaint and the expected resolution date, not later than 30 business days from the complete complaint receipt.

We will try to submit our response as soon as possible, but not later than within the terms specified in the legal acts.

Should you have any questions, you can always receive information on the process of the claim handling by the means specified above.

We are always aiming to reach a peaceful and mutually acceptable solution.

If you believe that we have violated your rights or lawful interests related to services aimed at satisfaction of your personal, family or household needs, we recommend that you follow the extensive advice for users announced on the website of the Bank of Lithuania, describing how to act in order to achieve smooth and efficient settlement of disputes between you and “VIA Payments” UAB. More information is available on the Internet site of the Bank of Lithuania.

We would like to draw your attention to the fact that according to legal requirements, you must first address VIA Payments” UAB not later than within three months from the day you became aware or ought to have become aware about violation of your rights or lawful interests, and only in the event the received response does not satisfy you or you receive no response, you acquire the right to address the following institutions within one year from the date of address to VIA Payments” UAB:

  • The entity of extra-judicial settlement of disputes related to financial services is the Bank of Lithuania, address Žalgirio g. 90, LT-09303, Vilnius, internet website: www.lb.lt/gincu-sistema

  • The entity of extra-judicial settlement of consumer disputes, which are not related to financial services, is the State Consumer Rights Protection Authority, address Vilniaus g. 25, LT-01402, Vilnius, internet website: www.vvtat.lt

  • The entity of extra-judicial settlement of disputes regarding personal data and (or) protection of privacy is the State Data Protection Inspectorate, address L. Sapiegos g. 17, 10312 Vilnius, internet website www.ada.lt.

In all cases you can protect your violated rights in court in line with the legal procedure.

Additional support

If you have some additional question, please contact our Help Center