Privacy Policy - FintechLab

Last updated on May 25th, 2018

1 – GENERAL PROVISIONS
This website (the “Website”) is operated and owned by “FintechLab Group UAB” (“FintechLab Group”, “we”, “us” or “our”). FintechLab Group and its affiliates are committed to protecting and respecting your privacy. This Privacy Policy together with the Terms of Service apply to your use of this Website: https://www.thefintechlab.com/ and any of the services accessible through this Website (the «Services»).
This Privacy Policy outlines the method and framework on which any personal data we collect from you, or that you provide to us, will be processed and used by us.
In the course of this Privacy Policy “personal data” (“personal data”, “personal information”, “your data”, “your information”) refers to data that relates to a natural person, who is identified or can be identified directly or indirectly, in particular by reference to the data which is provided to us by you, or collected by us from you, and therefore comes into the possession of the data controller, i.e.FintechLab Group UAB. We have been putting our best effort in order to comply with European General Data Protection Regulation (“General Data Protection Regulation”, “GDPR”) as well as with other relevant EU data protection rules. Please take your time to read this Privacy Policy carefully and make sure you understand it clearly.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
This Website may include links to third-party websites, applications or plug-ins. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.

2 – ABOUT US
FintechLab Group UAB is a legal entity registered under the laws of Lithuania with registration number 304919000, whose registered address is at Geležinio vilko g. 18A, Vilnius, LT-08104, Lithuania We act as Data Controller in respect of your personal data that we process. If you have any questions about how we collect, store or use your data, please contact us via e-mail: info@thefintechlab.com

3 – INFORMATION WE COLLECT ABOUT YOU
We collect your following personal data: name, email address, mobile telephone number, computer’s internet protocol (IP) address.
When processing your personal data we are governed by following principles:

personal data is processed lawfully, fairly and in a transparent manner in relation to you;
personal data is collected only for specified, explicit and legitimate purposes;
personal data is always adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;
personal data is accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, with regard to the purposes for which it is processed, is erased or rectified without delay.

4 – PURPOSES OF PROCESSING OF PERSONAL DATA
We may process your personal data for a number of different purposes. For each purpose we must have a legal ground for such processing.
Generally such legal grounds are as follows:

you have given us explicit consent to the processing of your personal data;
processing is necessary for the performance of a contract to which you are party or in cases you request us to process your data prior to entering into a contract;
processing is necessary for compliance with our legal obligation to which we are subject;
processing is necessary in order to protect your vital interests or the interests of another private entity;
processing is necessary for the performance of tasks carried out in the public interest or in the exercise of official authority laid upon us as upon a controller;
processing is necessary for the purposes of the legitimate interests pursued by us or by authorized third-parties.

What do we mean when we say “Legitimate interest” and “Performance of Contract”?
Legitimate Interest shall mean our interest as a business in conducting and managing our relationship with you. We hereby confirm that we consider and assess any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
Performance of contract: this means processing your data where it is necessary for the performance of a contract to which you are party, or to take steps at your request before entering into such a contract.

5 – DISCLOSURE
We may disclose your personal data if such disclosure is required or permitted by law.
In some cases personal data may be shared with certain third-party service providers, as well as between our internal departments (engineering, analytics, legal, customer and marketing etc.) for the purposes specified in this Privacy Policy.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Some of our external third-parties are based outside the European Union (EU), which means that the processing of your personal data will involve a transfer of data outside the EU.
Whenever we transfer your personal data out of the EU, we ensure that at least one of the following safeguards is implemented:

we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in the EU;
where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the EU and the USA.
If there is neither adequacy decision nor appropriate safeguards implemented we still may transfer your personal data out of the EU due to following justifications:
- we have informed you about the possible risks of transfers of your personal data and you have explicitly consented to the proposed transfer of your personal data outside of the EU;
- the transfer is necessary for the performance of a contract concluded between you and us, or if you requested us to perform any pre-contractual measures;
- the transfer is necessary for the conclusion or performance of a contract conducted between us and other natural or legal person for your benefit;
- the transfer is necessary for important reasons of public interest;
- lithe transfer is necessary for the establishment, exercise or defence of legal claims;
- the transfer is necessary in order to protect your vital interests or interests of other persons in cases where you are physically or legally incapable of giving consent;

Please feel free to contact us in case if you want to get more information on the specific mechanism used by us when transferring your personal data outside the EU.

6 – COOKIES
This Website uses cookies to keep track of what its visitors have purchased, visited or tried to purchase. Cookies are small files of letters and numbers that we store on your browser or the hard drive of your computer or mobile phone, with your prior agreement. We also use cookies to deliver specific content in order to meet your interests. If you provide your consent, cookies may save your password so you will have no need to re-enter it each time when you visit this Website. Cookies also help us to estimate the number of visitors of this Website and determine overall traffic. If you do not wish to receive any cookies you may set your browser to refuse cookies. However, it may mean you will not be able to use all the services provided by this Website or take full advantage thereof. We may also use other technologies such as web bugs to help us collect information about your usage of our Website. Any information we collect is subject to this Privacy Policy.

Used Cookies

Name	Description	Duration
_hjClosedSurveyInvites	Hotjar cookie. This cookie is set once a visitor interacts with a Survey invitation modal popup. It is used to ensure that the same invite does not re-appear if it has already been shown.	365 days
_hjDonePolls	Hotjar cookie. This cookie is set once a visitor completes a poll using the Feedback Poll widget. It is used to ensure that the same poll does not re-appear if it has already been filled in.	365 days
_hjMinimizedPolls	Hotjar cookie. This cookie is set once a visitor minimizes a Feedback Poll widget. It is used to ensure that the widget stays minimizes when the visitor navigates through your site.	365 days
_hjDoneTestersWidgets	Hotjar cookie. This cookie is set once a visitor submits their information in the Recruit User Testers widget. It is used to ensure that the same form does not re-appear if it has already been filled in.	365 days
_hjIncludedInSample	Hotjar cookie. This session cookie is set to let Hotjar know whether that visitor is included in the sample which is used to generate funnels.	365 days
_hjShownFeedbackMessage	This cookie is set when a visitor minimizes or completes Incoming Feedback. This is done so that the Incoming Feedback will load as minimized immediately if they navigate to another page where it is set to show.	365 days
_hjid	Hotjar cookie. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the Hotjar User ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.	365 days
_hjRecordingLastActivity	This should be found in sessionStorage (as opposed to cookies). This gets updated when a visitor recording starts and when data is sent through the WebSocket (the visitor performs an action that Hotjar records).	Session
hjTLDTest	When the Hotjar script executes we try to determine the most generic cookie path we should use, instead of the page hostname. This is done so that cookies can be shared across subdomains (where applicable). To determine this, we try to store the `_hjTLDTest` cookie for different URL substring alternatives until it fails. After this check, the cookie is removed.	Session
_hjUserAttributesHash	User Attributes sent through the Hotjar Identify API are cached for the duration of the session in order to know when an attribute has changed and needs to be updated.	Session
_hjCachedUserAttributes	This cookie stores User Attributes which are sent through the Hotjar Identify API, whenever the user is not in the sample. These attributes will only be saved if the user interacts with a Hotjar Feedback tool.	Session
_hjLocalStorageTest	This cookie is used to check if the Hotjar Tracking Script can use local storage. If it can, a value of 1 is set in this cookie. The data stored in_hjLocalStorageTest has no expiration time, but it is deleted immediately after creating it so the expected storage time is under 100ms.	N/A
_hjptid	This cookie is set for logged in users of Hotjar, who have Admin Team Member permissions. It is used during pricing experiments to show the Admin consistent pricing across the site.	Session
_hjAbsoluteSessionInProgress	The cookie is set so Hotjar can track the beginning of the user’s journey for a total session count. It does not contain any identifiable information.	30 minutes

7 – SECURITY
We use reasonable security precautions to protect the security and integrity of your personal data, both during transmission and once we receive it, in accordance with this Privacy Policy and applicable law. We have been making our best efforts to use all reasonable industry standards to secure your personal data. However, no method of electronic storage or Internet transmission is completely secure, and we can not guarantee that security breaches will not occur. Without limitation of the foregoing, we are not responsible for the actions of hackers and other unauthorized third parties that breach our reasonable security procedures.

8 – AGE OF CONSENT
This Website may only be used by natural persons (individuals), companies or other legal entities who have the legal capacity to enter into legally binding contracts under the law applicable in their country of residence. By agreeing to this Privacy Policy, you represent that you are of legal age in your country of residence. This Website is not intended for children and we do not intentionally collect data relating to children.

9 – YOUR LEGAL RIGHTS
Under EU data protection law you have certain rights in relation to the personal information that we hold about you. You may exercise these rights at any time by contacting us using the contact details set out in this Privacy Policy.

The right to request access to your personal data. This means that you may request us to send you a copy of the personal data we hold about you and to check that we are lawfully processing it.
The right to request correction of the personal data. This means that you may request any incomplete or inaccurate data we hold about you to be corrected.
The right to request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully, or where we are required to erase your personal data in order to comply with any relevant applicable laws. Please note that sometimes we may be unable to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
The right to object to processing. You may object to processing of your personal data where you know or have grounds to assume that such processing impacts your fundamental rights and freedoms. Also, you have the right to object processing at any time where we are processing your personal data for direct marketing purposes. We may demonstrate that we are processing your data, due to legitimate grounds which in certain circumstances override your rights and freedoms.
The right to request restriction of processing of personal data. You may request us to suspend the processing when you want us to make the processed data accurate; or the processing of data is unlawful but you do not want us to erase it; or if you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
The right to request the transfer of your personal data to you or to a third parties. It means that upon your request we will provide you, or a third party you have chosen, with your personal data in a structured, commonly used, machine-readable format. Please note that this right only applies to data which is processed by automated means and only in cases where you provided us with the relevant explicit consent to such processing or processing is used in course of performance of contract.
The right to withdraw consent at any time. You may withdraw your consent to processing of your personal data at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

If you wish to exercise any of the rights set out above, please contact us directly via email specified in this Privacy Policy.

10 – DATA RETENTION
FintechLab Group UAB will keep your personal data only as long as it is necessary in order to fulfil the purposes the personal data was collected for, including without limitation the purposes of compliance with any relevant reporting, accounting or legal requirements.
When determining how long your personal data will be kept with us, we consider the following factors: nature, sensitivity of the personal data and its amount; the potential risk of harm from unauthorised use or disclosure of your personal data; the purposes for which we collected your personal data and process it; applicable legal requirements.
Where we are processing your personal data for marketing purposes, we may contact you at least every month to ensure you agree to continue receiving our marketing communications. You may require us not to use your personal data for marketing purposes or object to such processing at any time by sending appropriate request or statement to our email address.
In some circumstances we may anonymise and/or pseudonymize your personal data for statistical research purposes. In such cases your personal data will no longer be associated with you and we may use it without further notice to you.

11 – CHANGES TO PRIVACY POLICY
We reserve the right to change, amend or modify this Privacy Policy without notice at any time and from time to time, including as needed to comply with the appropriate laws and regulations. Any changes, amendments or modifications will be posted on this page. The new provisions may be displayed on-screen and you may be required to read and accept them to continue your use of this Website or Services.

12 – REQUEST FOR INFORMATION
Sometimes we may need to request specific information from you in order to confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to access it. We may also contact you to ask you for further information in relation to your request to speed up our response.

13 – TIME LIMIT TO RESPOND
We will apply our best efforts to respond to all your legitimate requests within 1 (one) month. Sometimes it may take us longer than a 1 (one) month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

14 – QUESTIONS AND CONTACT INFORMATION
If you have any questions or concerns about this Privacy Policy or the collection, use or handling of your personal information, feel free to contact us at any time via email: info@thefintechlab.com