This Privacy Policy (hereinafter – the Privacy Policy) provides information on how Capitalica Asset Management UAB, registration No. 304234719, registered address: 21-1, Upės St., LT-08128 Vilnius (hereinafter – the Company) and legal the entities directly or indirectly controlled by it process personal data.
The provisions of the Privacy Policy apply to natural persons whose data is processed by the Company:
The terms and abbreviations used in this Privacy Policy have the following meanings:
• Personal data means any information relating to a directly or indirectly identifiable natural person (e.g. name, surname, contact details, etc.).
• Data subject means a natural person (data subject) whose data is processed (e.g. the Company’s customers, persons who contact the Company by submitting requests / claims, users of the Company’s website, self-service website and other portals/websites operated by the Company, etc.).
• Processing means any action taken in relation to Personal Data (e.g. collection, recording, retention, access, transfer, etc.).
• Services means any products and services provided by the Company.
• Supervisory Authority means the State Data Protection Inspectorate. Other terms used in the Privacy Policy shall be understood as defined in the personal data protection laws and regulations (General Data Protection Regulation (EU) 2016/679 (hereinafter – the Regulation), the Republic of Lithuania Law on Legal Protection of Personal Data, and others).
The Company shall process Personal Data only for specific purposes, on the legal basis established by law:
• On the basis of the performance of a contract, where the processing is necessary for the conclusion and/or performance of the Company’s obligations to the Customer under an existing contract.
• On the basis of a legal requirement where the Company is obliged to process your data, e.g. for tax accounting purposes, for the purpose of providing personal data to public authorities, etc.
• On the legal basis of consent, where you give your explicit consent to the processing of personal data for one or more specific purposes, e.g. the processing of job applicants’ personal data, sending marketing messages.
• On the basis of legitimate interest, where personal data is processed for the purposes of the Company’s legitimate interest, e.g. video surveillance for the purpose of ensuring the protection of the property and/or facilities under its control.
The main purposes pursued by the Company in processing Personal Data:
• Provision of services, conclusion and performance of contracts. The Company processes Personal Data in order to ensure the proper conclusion and performance of contracts with its customers, the contract-based provision of services or products to its customers, including the proper information of the customer on matters relating to the products, services and the contract, on the basis of the contract or legal requirements.
• Drawing-up commercial proposals. The Company processes Personal Data in order to provide the customer with a commercial offer for the service the customer wishes to purchase.
• Debt management. In the case of a debt, the Company shall process debt-related Personal Data and carry out recovery actions on the basis of the contract, legal requirements and legitimate interest.
• Addressing queries. The Company shall process Personal Data in the course of investigating and resolving queries and complaints, on the basis of contract, consent or legal requirements.
• Direct marketing and customer experience evaluation. The Company may process Personal Data (name, surname, email address, email interaction information) for the purpose of providing profiled offers and news about the Services, information about ongoing events, and enquiries about the quality of the Services. Such data shall be processed and information shall be sent to the Data Subject only if the Data Subject has consented to direct marketing and profiling. For profiling purposes, in order to identify whether the information is relevant to the Customer, and to in order to offer content tailored specifically to the Customer’s needs, the Company may process information about interaction with the direct marketing e-mails sent (whether the message was read, when and how many times).
• Anti-Money Laundering and Terrorist Financing Policy implementation. In compliance with the requirements of the Republic of Lithuania Law on the Prevention of Money Laundering and Terrorist Financing, before entering into a business relationship, and during the course of such relationship, the Company is obliged to establish the identity of its customers, their representatives and beneficiaries, as well as to obtain and process information on financial income, its sources, and ties with political parties.
• Credit and risk assessment. After obtaining the Customer’s consent, the Company may process Personal Data for the purpose of assessing credit risk and determining which Services the Company may offer to the Customer and under what conditions.
• Security of persons and objects. On the basis of the Company’s legitimate interest, the Company may carry out video surveillance, access control, automatic scanning of car number plates in order to ensure the security of its employees, its property and facilities.
• Finding and organising recruitment and selection of job candidates. On the basis of consent, the Company processes job candidates’ identity and contact data, as well as data relating to job candidates’ qualifications, professional skills and professional qualities.
• Other purposes. The Company may process Personal Data for other purposes if it has obtained the consent of the person, is obliged to process the Personal Data in order to comply with the requirements of the law, or has the right to process the data for legitimate interest.
In all of the above cases, the Company shall process Personal Data only to the extent necessary to achieve the relevant explicitly defined and legitimate purposes, taking into account the requirements of personal data protection.
The main categories of Personal Data and the data processed by the Company for the purposes and on the legal grounds listed above:
• Identity or identification data: name, surname, personal identification number, date of birth, etc.
• Contact details: address, phone number, email address, etc.
• Data relating to the provision of the Services and the conclusion and performance of contracts: contract data.• Payment data: amounts owed to the Company, outstanding debts, payment history, etc.
• Data relating to Customers’ financial income, its sources, ties with political parties, etc., are processed in the context of implementing anti money laundering procedures and the prevention of terrorist financing.
• Credit and risk assessment data: information about liabilities and debts owed to third parties where the Company assesses the solvency of a Customer before providing Services to them.
• Video surveillance, access control, automated scanning of car number plates, captured to ensure the security of the property and/or facilities under the Company’s control.
• Cookie data: information about visitor behaviour on the Company’s website or self-service portal etc. More detailed information about the cookies we use is available in the “view site information” feature of the Company’s website, but not in this Policy.
• Other data processed by the Company on the legal basis established by law.
The Company may, in accordance with the requirements of the legislation, transfer the Personal
Data to the following categories of recipients:
• Service providers. In order to ensure the proper provision, management, and development of the Company’s Services, the Company may transfer the Personal Data to third parties acting on behalf of and/or at the direction of the Company (including, but not limited to, legal entities directly or indirectly controlled by the Company) providing customer support, software maintenance, design, contracting, accounting, mailing and other services to the Company. In such cases, the Company shall take appropriate measures to ensure that the outsourced service providers (data processors) process the Personal Data only for the purposes for which it was provided, ensuring appropriate technical and organisational security measures, in accordance with the Company’s instructions and the requirements of applicable law.
• Government, law enforcement and supervisory authorities. The Company may disclose the Personal Data to public authorities or law enforcement agencies (e.g. police, prosecutor’s office, Financial Crimes Investigation Service, etc.), supervisory authorities (e.g. the Bank of Lithuania, etc.), where it is requires to do so by applicable law or in order to safeguard the legitimate interests of the Company or third parties.
• Debt collectors, persons/companies managing joint databases. If the Customer fails to duly and timely make payments under the Contract, the Company shall have the right, after informing the Client by post or e-mail 30 calendar days in advance, to provide the Customer’s personal data to controllers managing joint debtor data files, debt management and collection companies, courts, notaries, bailiffs.
• Other third parties. The Company may provide Personal Data to other recipients on the legal basis defined by law. As a general rule, the Company stores Customer Data in the territory of the European Union or the European Economic Area (EU/EEA). Should there be cases where Customer Data should have to be transferred outside the EU/EEA, this shall be done only if at least one of the following conditions is met:
• The European Commission has recognised that the country to which the data is transferred ensures an adequate level of personal data protection;
• There is a data processing contract in accordance with the standard contractual conditions approved by the European Commission;
• Codes of conduct and other safeguards in accordance with the Regulation are respected.
The Company shall not process Personal Data for longer than necessary for the stated purposes of the processing, or for longer than required by the applicable legislation, if such legislation provides for a longer retention period.
The Company’s criteria for determining the data retention period shall be in line with the obligations laid down in the legislation, taking into account the rights of the individual, e.g. they provide for a data retention period during which claims relating to the performance of the contract may be brought, if any, etc.More detailed information on the retention periods for the relevant categories of data can be obtained by contacting privatumas@capitalica.lt or by mail to Capitalica Asset Management UAB, Upės st. 21-1, LT-08128 Vilnius.
The Company shall ensure the confidentiality of Personal Data in accordance with the requirements of the applicable legislation and though the implementation of appropriate technical and organisational measures to protect Personal Data against unauthorised access, disclosure, accidental loss, alteration or destruction, as well as other unlawful processing.
The Company does not process Personal Data by way of automated individual decision-making as provided for in Article 22 of the Regulation. The Company only carries out profiling (i.e. automated processing of personal data where personal data is used for the purpose of assessing certain personal aspects relating to an individual), but this has no legal implications or similar significant effects for the Persons. The Company carries out profiling to manage the sending of unsolicited and irrelevant marketing offers by categorising customers based on the type of services, the payment method they use, etc.
Upon contacting the Company, the Person has the right to:
• Access their Personal Data processed by the Company;
• Request the rectification of incorrect, incomplete or inaccurate Personal Data;
• Request the destruction of Personal Data or the suspension of the processing of Personal
Data if it is carried out in violation of legal requirements or if the Personal Data is no longer necessary for the purposes for which it was collected or otherwise processed (except for retention purposes, if this is required by law);
• Receive their Personal Data provided by themselves in a structured, commonly used electronic format;
• Object to the processing of their Personal Data and/or, where Personal Data is processed on the basis of consent – the right to withdraw their consent to the processing of their Personal
Data at any time, without prejudice to the lawfulness of the processing based on consent prior to the withdrawal of consent. You can withdraw your consent to direct marketing:
• the right to lodge a complaint with the Supervisory Authority regarding the processing of Personal Data.
Persons may contact the Company on matters related to the processing of their personal data directly by mail to: Capitalica Asset Management UAB, 21-1, Upės St., LT-08128 Vilnius, or by visiting the Company’s registered office in person.
Contact details of the Company’s Data Protection Officer: privatumas@capitalica.lt
In order to exercise his/her rights under the Regulation, the person must submit a request to the Company in person, by post, by proxy or via electronic means.
The person making the request must prove his or her identity:
• if the request is submitted directly to a staff member, the Person shall provide his/her identity document;
• if the request is sent by post, a copy of the identity document certified with a qualifiedelectronic signature must be attached to the request;
• if the request is submitted by proxy, the representative must indicate his or her name, address and contact details by which the person’s representative wishes to receive the reply, as well as the name and personal identification number of the person represented, and provide a copy of the representative’s identity document, certified with qualified electronic signature, and a copy of the document demonstrating the representation power, or of the representation document, certified by in accordance with the procedure established by law;
• if the request is submitted by electronic communication means, the request shall be signed with a qualified electronic signature or produced by electronic means which ensure integrity and unalterability of the text.
The Company may refuse to act on a person’s request if the person’s request is manifestly unfounded or disproportionate.
The Company shall provide the person with a reply no later than one month from the date of receipt of the request, which shall include information on the action taken on the request in accordance with Articles 15 to 22 of the Regulation. If necessary, the period may be extended by a further two months, depending on the complexity of the request and the number of requests under examination. Within
one month of receipt of the request, the Company shall inform the person of the extension of the
time-limit for examining the request, stating the reasons for the extension.
By submitting their Personal Data to the Company, the persons confirm that they are duly acquainted with the terms and conditions of Personal Data processing set out in this Privacy Policy, that they do not object to the Company’s processing of the data provided by the persons, the data and information provided by the persons are accurate and truthful, and the Company is not liable for the submission and processing of redundant data if the person submits such data to the Company though oversight.The person shall inform the Company of any changes to the data provided or other relevant information.
This Privacy Policy sets out the main provisions for the processing of Personal Data. Additional information on how the Company processes Personal Data can be found in the Company’s contracts and other internal documents of the Company.
In the event of changes in the legal requirements and/or the Company’s processes, services, etc., the Company shall have the right to unilaterally review and update this Privacy Policy. The Company shall inform about any changes to the Privacy Policy by publishing such information on the Company’s website.
This Privacy Policy was last updated on: 19 December 2023.
