CONTACT US
EN
CONTACT US
Accounts
Products
Unique Solutions
Blog and News
Satchel > Privacy Policy

Satchel Privacy Policy

Updated – January 2025

1. Introduction

SatchelPay UAB ("Satchel," "we," "us," or "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains:

  • What personal data we collect
  • How we use it and why we collect it
  • Who we share it with
  • How we store and protect it
  • Your rights under the General Data Protection Regulation (GDPR) and Lithuanian data protection laws

This Privacy Policy applies to the Satchel website (www.satchel.eu), Satchel mobile application, and all payment services provided by SatchelPay UAB.

By using our services, you agree to this Privacy Policy. If you do not agree, please stop using our services.

2. Who We Are & Contact Information

Data Controller

The controller of your personal data is:
πŸ“Œ SatchelPay UAB
πŸ“ GeleΕΎinio vilko g. 18A, Vilnius, LT-08104, Lithuania
πŸ“§ Email: [email protected]

If you have questions about this Privacy Policy, you can contact our Data Protection Officer (DPO):
πŸ“§ DPO Contact: [email protected]

3. What Personal Data We Collect & Why

We collect the following categories of personal data depending on how you interact with our services:

Category
Types of Data Collected
Purpose of Processing
Legal Basis (GDPR)
Category
Identity Data
Types of Data Collected
Name, surname, date of birth, nationality, personal identification number, identity document (passport/ID), video recordings
Purpose of Processing
To verify your identity, comply with AML regulations
Legal Basis (GDPR)
Legal Obligation (Art. 6(1)(c))
Category
Contact Data
Types of Data Collected
Email, phone number, address
Purpose of Processing
To contact you for service updates, security alerts
Legal Basis (GDPR)
Contract (Art. 6(1)(b))
Category
Financial Data
Types of Data Collected
Payment details, IBAN, transaction history
Purpose of Processing
To process transactions, detect fraud
Legal Basis (GDPR)
Contract (Art. 6(1)(b)), Legitimate Interest (Art. 6(1)(f))
Category
Technical Data
Types of Data Collected
IP address, browser type, OS, cookies, device identifiers
Purpose of Processing
To prevent fraud, improve security, enhance user experience
Legal Basis (GDPR)
Legitimate Interest (Art. 6(1)(f))
Category
Regulatory Data
Types of Data Collected
KYC documents, PEP status, sanctions screening data
Purpose of Processing
To comply with AML and financial regulations
Legal Basis (GDPR)
Legal Obligation (Art. 6(1)(c))
Category
Marketing & Communication Data
Types of Data Collected
Email preferences, customer survey responses
Purpose of Processing
To send promotional messages (if consent is given)
Legal Basis (GDPR)
Consent (Art. 6(1)(a))

4. Consequences of Not Providing Data

Certain personal data is mandatory for us to provide our services. If you fail to provide the required information:

  • KYC and AML Requirements: We cannot onboard you as a customer or allow transactions.
  • Transaction Data: Without payment details, transactions cannot be processed.
  • Security & Fraud Monitoring: Missing device/IP details may trigger security blocks.
  • Marketing Communications: Without consent, we will not send promotional materials.

Failure to provide legally required data may result in account restrictions, denial of services, or regulatory reporting obligations.

5. How Long We Retain Your Data

We do not store personal data longer than necessary and comply with GDPR & Lithuanian legal requirements:

Data Category
Retention Period
Legal Basis
Data Category
KYC & Customer Data
Retention Period
8 years after account closure
Legal Basis
AML Law, GDPR Art. 6(1)(c)
Data Category
Transaction Data
Retention Period
7 years
Legal Basis
Tax & Financial Regulations
Data Category
Communication Records (Emails, Chats, Calls)
Retention Period
5 years
Legal Basis
Legitimate Interest
Data Category
Marketing Data
Retention Period
Until consent is withdrawn
Legal Basis
GDPR Art. 6(1)(a)
Data Category
Website & Cookie Data
Retention Period
Varies (see Cookie Policy)
Legal Basis
Legitimate Interest

After the retention period, we securely delete or anonymize your data unless further retention is required by law.

6. Automated Decision-Making & Profiling

We use automated systems for fraud prevention and risk management. These processes include:

  • Fraud Prevention & Risk Scoring: We analyze your transactions, IP address, and device behavior to detect suspicious activity.
  • Sanctions & PEP Screening: Your identity is automatically checked against international watchlists.
  • Account Verification & KYC: Automated checks confirm your ID and financial history before approval.

What This Means for You

  • If flagged as high-risk, your account or transactions may be blocked or delayed.
  • You have the right to request a manual review of any automated decision affecting your ability to use our services.

πŸ“© To challenge an automated decision, contact [email protected].

7. Your Rights Under GDPR

You have the following rights under GDPR:

βœ… Right to Access – Request a copy of your data (Art. 15 GDPR).
βœ… Right to Rectification – Fix inaccurate or incomplete data (Art. 16 GDPR).
βœ… Right to Erasure ("Right to be Forgotten") – Request deletion of your data in certain cases (Art. 17 GDPR).
βœ… Right to Restriction of Processing – Limit how we use your data (Art. 18 GDPR).
βœ… Right to Data Portability – Receive a machine-readable copy of your data (Art. 20 GDPR).
βœ… Right to Object – Object to processing, especially for marketing (Art. 21 GDPR).
βœ… Right to Withdraw Consent – Stop direct marketing or other processing based on consent (Art. 7(3) GDPR).

πŸ“© To exercise your rights, email us at: [email protected]

8. Right to Lodge a Complaint

If you believe we have infringed your data protection rights, you have the right to lodge a complaint with the State Data Protection Inspectorate of Lithuania:

πŸ“ ValstybinΔ— duomenΕ³ apsaugos inspekcija
πŸ”— https://vdai.lrv.lt/
πŸ“§ Email: [email protected]

Alternatively, you may contact your local supervisory authority within the European Economic Area (EEA).

9. Cookies & Tracking

We use cookies and tracking technologies to:

  • Improve security and prevent fraud.
  • Provide a personalized experience.
  • Analyze website traffic.

Your Choices

  • Manage Cookies: You can accept, reject, or adjust preferences in our Cookie Settings Panel.
  • Do Not Track (DNT): You can enable DNT settings in your browser.

For more details, see our Cookie Policy.

10. Data Security Measures

We use advanced security technologies to protect your data:

πŸ”’ Encryption – All data is encrypted in transit & storage.
πŸ”’ Multi-Factor Authentication (MFA) – Prevents unauthorized access.
πŸ”’ Regular Security Audits – Ensures compliance with GDPR & financial regulations.

11. Contact Us

πŸ“§ [email protected]
πŸ“ SatchelPay UAB, GeleΕΎinio vilko g. 18A, Vilnius, Lithuania