Updated – April 07, 2021
1. For the purpose of compliance with the relevant data protection legislation, the party controlling your personal data is SatchelPay UAB (hereinafter – “Satchel”, “us” or “we“). This policy (together with our Customer Agreement and any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please, read the following carefully to understand the types of information we collect from you, how we use that information and the circumstances under which we will share it with third parties. By visiting our website (“Website”) at www.satchel.eu or using the Satchel mobile application (“App“) you are accepting and consenting to the practices described in this policy. Unless context otherwise requires, a reference to the Website shall be deemed to also refer to the App.
2. In order to show respect to your individual rights to privacy, Satchel processes the collected personal data in accordance with the Law on Legal Protection of Personal Data of the Republic of Lithuania, the General Data Protection Regulation and other legal acts such as the Directive No. 95/46/EC of the European Parliament. The employees, agents, and other parties who have access to your personal data are committed to ensuring its safety even upon termination of the contractual relationship.
3. It is possible that Satchel may engage data processors and third-parties, who will perform certain functions on behalf of Satchel. Satchel bears the responsibility to ensure that the latter treat sensitive data in compliance with the active legislation and given instructions. Satchel can also request certain security measures, and monitor their implementation. Under those circumstances, Satchel guarantees the imposition of the non-disclosure obligation, which will prevent parties from using information beyond the scale necessary to perform the given functions.
5. Providing personal data is necessary in order to continue using the services provided by Satchel. For instance, it is a required step in the Stachel account opening procedure. Personal data you provide is processed within the system in order to complete the established identification procedures.
Purposes, Recipients, and Information we may collect about you
7. The core reason for data collection is provision of Satchel services to individuals who transact within the system. As a payment service provider, Satchel is required by law to establish and verify your identity before it begins to cooperate with you and provide any sort of financial services. Satchel has the right to store any initially and further requested information throughout the retention period estimated by the relevant legislation. Therefore, the Client is obliged to provide valid and complete information.
8. PURPOSE: identification of Client’s identity, provision of payment services (account opening, transfers of funds, payment collection and other), implementation of other legal obligations of the payment service provider.
8.1. Personal data collected for the purposes listed above is processed within the following legal framework:
8.1.1. establishing and verifying the identity of the Client;
8.1.2. concluding agreements with the Client in order to proceed with fulfilling his requests;
8.1.3. executing financial transfers in compliance with legislation;
8.1.4. following the “Know Your Client” provisions;
8.1.5. conducting systematic monitoring;
8.1.6. carrying out risk assessment;
8.1.7. ensuring the accuracy of data provided by the Client;
8.1.8. preventing possible money laundering, terrorist financing, and fraud; timely detecting, profoundly investigating and informing of such activity, acting in accordance with financial sanctions imposed on the Client;
8.1.9. effective performing of risk and organization management.
8.2. The processing of the following data is a priority in accordance with above listed provisions: name, surname, personal identification number, address, date of birth, identity document information, photo, direct video transmission recording, citizenship, email address, phone number, payment account number, IP address, current activity, current public function, and any other data required by the Law on Prevention of Money Laundering and Terrorist Financing.
8.3. The relevant information is collected and processed on the grounds of a legal obligation imposed on Satchel as the payment service provider by the Law on Payments of the Republic of Lithuania, the Law on Electronic Money and Electronic Money Institutions of the Republic of Lithuania and the Law on Prevention of Money Laundering and Terrorist Financing of the Republic of Lithuania. Therefore, in order to open an account and/or use the payment services of Satchel, the Client is obliged to provide a full set of requested documents.
8.4. Parties that might be among the recipients of Client-related data:
8.4.1. supervisory authorities;
8.4.2. credit, financial, payment and/or electronic money institutions (subject to the Customer’s consent and in the scope of the Personal data solely specified by the Customer);
8.4.3. pre-trial investigation institutions;
8.4.4. the State Tax Inspectorate;
8.4.5. payment service agents or other representatives of Satchel (if their services are essential for carrying-out an operation);
8.4.6. beneficiaries of transaction funds receiving the information in payment statements together with the funds of the transaction;
8.4.7. debt collection and recovery agencies;
8.4.8. companies processing consolidated debtor files;
8.4.9. lawyers and law firms;
8.4.11. credit / debit card processing service providers;
8.4.12. identity verification service providers;
8.4.13. sanction / PEP screening providers;
8.4.14. vendors of software development and support services;
8.4.15. transaction monitoring service providers;
8.4.16. risk management tools providers;
8.4.17. website domain hosting providers;
8.4.18. cloud service providers;
8.4.19. other Satchel suppliers with the purpose of proper fulfillment of Satchel services.
8.5. Clients’ Personal data may be transmitted to third parties not specified above for specified and legitimate purposes only, and only to third parties who have the right established by laws and other legal acts to receive personal data in the countries of the European Union and the European Economic Area. When the processing of Customer information described above may involve sending it to countries outside of the EEA, Satchel will take all reasonable steps to ensure that the Clients’ data is treated securely and in accordance with this Policy.
9. PURPOSE: Debt management.
9.1. Under this provision, Client-related information is processed in order to manage issues related to debt collection, submission of claims, demands, lawsuits and other documents.
9.2. Processing of the following data can be involved: name, surname, personal identification number, address, date of birth, data from an identity document, email address, phone number, payment account number, IP address, payment account statements.
9.3. Groups of data recipients: companies processing consolidated debtor files, credit, financial, payment and/or electronic money institutions, lawyers, courts, pre-trial investigation institutions, the State Tax Inspectorate, debt collection and recovery agencies, other entities having a legitimate interest.
9.4. Third countries may also obtain access to the data, yet only in the case it/its national is directly involved in your payment transfer execution.
10. PURPOSE: Supporting and managing relations with Clients, preventing disputes and collecting evidence (recording phone conversations), correspondence of business relations with the client.
10.1. Processing of Client’s data can be involved for reasons of:
10.1.1. protecting the interests of the Client and/or Satchel;
10.1.2. preventing disputes, providing evidence of business communication with the client (recordings of conversations, correspondence);
10.1.3. ensuring the top-level quality of services provided by Satchel;
10.1.4. executing Client’s requests, following the obligations levied by law or other legal documents.
10.2. The following Client-related information may be processed: name, surname, address, date of birth, email address, phone number, IP address, payment account statements, phone conversation recordings, correspondence with the client.
10.3. Data recipients: supervisory authorities, companies processing consolidated debtor files, lawyers, bailiffs, courts, pre-trial investigation institutions, debt collection and recovery agencies, other entities having a legitimate interest, other entities under an agreement with Satchel, strictly upon reception of a separate consent from you.
10.4. No third country may be granted access to such data.
11. PURPOSE: Informing the client about services. In this case, Client’s data is processed in order to inform the Client about the services provided by Satchel, their prices, specifics, for sending system and other messages related to the services provision by Satchel.
11.1. This provision implies processing of the following Client’s data: email address, phone number.
11.2. The Client hereby acknowledges and agrees that he/she is aware that such messages shall be perceived as necessary under the General Payment Service Agreement and/or its supplements concluded with the Client, which differentiates them from direct marketing messages.
11.3. Data recipients: no third-party shall receive access to data described in this provision.
12. PURPOSE: Direct marketing. In this case, Client’s data is processed in order to inform the Client concerning the offers related to services provided by Satchel.
12.1. This provision implies processing of the following Client’s data: email address, phone number.
12.2. With this provision the Client acknowledges and confirms that he/she is aware of the fact that the data listed above may be processed for the purpose of direct marketing. The Client maintains the right to disagree and to object this clause at any time by informing Satchel via email to firstname.lastname@example.org. The email must provide valid information necessary to identify the data subject.
12.3. Data recipients: The procedure of data processing may involve search or social networking systems (objections to data processing may be filed within the framework that the websites of these systems provide). No other persons shall receive access to data described in this provision.
14. No third-party shall be granted access to the Client-related data marked as “personal” without prior Client’s consent. Situations when it is required to do so by applicable law or for the purpose of services provision shall be viewed as exception.
15. Satchel may use automated means of personal data processing, following the provisions of risk management-related legislation, and systematic monitoring of transactions with the goal of fraud prevention; such profiling is justified by legitimate interests and legal duties of Satchel.
17. Cookies are used in order to distinguish you from other users of Satchel Website. This helps to ensure your pleasant experience when navigating Satchel Website and also allows improving its organisation. In technical terms, cookies are small files containing a string of characters that are sent to a person’s computer upon visiting the website. Cookies allow the Website to recognize a person’s browser upon the next visit to the Website, and may detect user preferences and other information.
|_hjClosedSurveyInvites||Hotjar cookie. This cookie is set once a visitor interacts with a Survey invitation modal popup. It is used to ensure that the same invite does not re-appear if it has already been shown.||365 days|
|_hjDonePolls||Hotjar cookie. This cookie is set once a visitor completes a poll using the Feedback Poll widget. It is used to ensure that the same poll does not re-appear if it has already been filled in.||365 days|
|_hjMinimizedPolls||Hotjar cookie. This cookie is set once a visitor minimizes a Feedback Poll widget. It is used to ensure that the widget stays minimizes when the visitor navigates through your site.||365 days|
|_hjDoneTestersWidgets||Hotjar cookie. This cookie is set once a visitor submits their information in the Recruit User Testers widget. It is used to ensure that the same form does not re-appear if it has already been filled in.||365 days|
|_hjIncludedInSample||Hotjar cookie. This session cookie is set to let Hotjar know whether that visitor is included in the sample which is used to generate funnels.||365 days|
|_hjShownFeedbackMessage||This cookie is set when a visitor minimizes or completes Incoming Feedback. This is done so that the Incoming Feedback will load as minimized immediately if they navigate to another page where it is set to show.||365 days|
|_hjid||Hotjar cookie. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the Hotjar User ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.||365 days|
|_hjRecordingLastActivity||This should be found in sessionStorage (as opposed to cookies). This gets updated when a visitor recording starts and when data is sent through the WebSocket (the visitor performs an action that Hotjar records).||Session|
|hjTLDTest||When the Hotjar script executes we try to determine the most generic cookie path we should use, instead of the page hostname. This is done so that cookies can be shared across subdomains (where applicable). To determine this, we try to store the
|_hjUserAttributesHash||User Attributes sent through the Hotjar Identify API are cached for the duration of the session in order to know when an attribute has changed and needs to be updated.||Session|
|_hjCachedUserAttributes||This cookie stores User Attributes which are sent through the Hotjar Identify API, whenever the user is not in the sample. These attributes will only be saved if the user interacts with a Hotjar Feedback tool.||Session|
|_hjLocalStorageTest||This cookie is used to check if the Hotjar Tracking Script can use local storage. If it can, a value of 1 is set in this cookie. The data stored in_hjLocalStorageTest has no expiration time, but it is deleted immediately after creating it so the expected storage time is under 100ms.||N/A|
|_hjptid||This cookie is set for logged in users of Hotjar, who have Admin Team Member permissions. It is used during pricing experiments to show the Admin consistent pricing across the site.||Session|
|_hjAbsoluteSessionInProgress||The cookie is set so Hotjar can track the beginning of the user’s journey for a total session count. It does not contain any identifiable information.||30 minutes|
18. Like most website managers, Satchel monitors traffic of the website and automatically collects information on the number of visitors browsing the website, the domain name of Internet service providers of visitors, etc. Such cookies are required for technical reasons in order to ensure the sound and efficient Website operation (administer the Website, maintain security, measure or understand the effectiveness of advertising etc.), as well as track and target the interests of users and Clients in order to improve their experience.
20. In case of altering the settings, the functionality of the Website may change.
Restriction of data processing
21. You have the following rights
21.1. THE RIGHT OF ACCESS TO DATA: to be informed as to whether or not Satchel is processing your personal data, and access to the related information.
21.2. THE RIGHT TO RESTRICTION OF PROCESSING: you have the right to ask us not to process your personal data for marketing purposes by contacting us at email@example.com
21.3. If, for whatever reasons, you believe that the processing of your personal data is taking place under conditions of violation of your rights and legitimate interests protected by applicable legislation, you may address the supervisory authority.
22. You are free to contact Satchel in case you are willing to learn details, or voice an objection to data processing via email at firstname.lastname@example.org. The individual communicating must provide information that will enable the identification of his/her identity, along with a copy of a personal identification document or an electronic signature.
24. It is a priority of Satchel to provide highest-level security to our Clients concerning all the information and sensitive data we receive access to. Relevant legal, administrative, technical and physical security measures are undertaken in order to protect this information from unauthorized access, use, copying, accidental or unlawful erasure, alternation, or disclosure, as well as from any other unauthorized form of processing.
Law and jurisdiction
26. For the purpose of the relevant data protection legislation, the data controller is SatchelPay UAB of Geležinio vilko g. 18A, Vilnius, LT-08104, Lithuania.