Privacy Policy 

Last updated: August 2024

1. Why should I read this Privacy Policy?

 

This Privacy Policy (‘Policy’) describes how Nikulipe UAB (‘Nikulipe, ‘we’, ‘us’, ‘our’) collects, uses, discloses, and stores your personal data (‘Data’) and what statutory rights you have under applicable Data protection laws. We may amend this Policy unilaterally from time to time. Any such amendments will be effective immediately upon publication. Please visit our website at www.nikulipe.com (‘Website’) regularly for the latest version of this Policy.

 

Please note that we process Data in accordance with applicable Data protection laws, including the General Data Protection Regulation (2016/679) (‘GDPR’).

 

2. Who is responsible for protecting my Data?

 

We are: Nikulipe UAB

Our company number is: 305189166

Our address: Konstitucijos av. 21C, LT-08105 Vilnius

Our e-mail address: contact@nikulipe.com

 

3. How and why do you use my Data?

 

3.1. To provide our merchant acquiring, execution of payment transactions and related services

 

If you represent a company or business that is either our current or prospective client, we will process your Data as outlined in the table below. This processing is necessary to provide you with Local Payment Methods. For a comprehensive list of our products, please visit https://nikulipe.com/payment-methods/.

 

Legal basis for the processing	The categories of Data concerned	Is the provision of Data a requirement?
Contract (Art. 6(1)(b) of the GDPR)   Legal obligation (Art. 6(1)(c) of the GDPR)	Name and surname, email address, telephone number, date of birth, country of citizenship and/or country of residence, details of the company that you represent, government-issued identification number, address, your affiliation with the company	Yes. If you do not provide your Data, we will not be able to provide you with our services.

 

3.2. Fraud prevention, Anti-Money Laundering and Counter-Terrorist Financing

 

Fraud prevention, Anti-Money Laundering (‘AML’) and Counter-Terrorist Financing (‘CTF’) legislation, requires due diligence, transaction monitoring, regular reviews, and adherence to various statutory obligations. To fulfil these requirements, we must process the Data of our clients (occasionally including their customers), ultimate beneficial owners (‘UBOs’), and directors of legal entities who are our clients, as specified in the table below.

 

Legal basis for the processing	The categories of Data concerned	Is the provision of Data a requirement?
Legal obligation (Art. 6(1)(c) of the GDPR)	Name and surname, bank account number, citizenship, the country which has issued identity, tax identification number, country, postal code, residential address, telephone number, e-mail address, information about your occupation  information on your company’s business activities or information on your individual activities,  transactions, information on the UBO and the representative of a legal entity that is our client: name, surname, personal ID number, date of birth, percentage of shares, voting rights, the country that has issued an identity document, ID information citizenship	Yes. If you do not provide your Data, we will not be able to provide you with our services.

 

3.3. Processing your payments

 

When you initiate a payment through one of our clients (for example, merchants that sell you goods or services), we process your Data, as outlined in the table below, to facilitate your payment transaction and handle related matters, such as chargebacks. This means that we do not engage directly with you, but rather obtain your Data through our clients.

 

Legal basis for the processing	The categories of Data concerned	Is the provision of Data a requirement?
Contract (Art. 6(1)(b) of the GDPR)   Legitimate interest (sanction screening & AML) (Art. 6(1)(f) of the GDPR)	Name, surname, chargeback information (in chargeback cases), the amount of the transaction and the currency in which the transaction is done, the date, time and location of the transaction, internal identification number, sanctions information (where applicable)	Yes. If you do not provide your Data, we will not be able to process your payment

 

3.4. Security and improvement of our Website

 

To ensure our Website remains secure and operates smoothly, it’s important for you to know that when you visit our site, we automatically collect certain technical information about your device and how you use our Website. This is a common practice designed to maintain the best possible functionality and safety while you’re browsing.

 

Legal basis for the processing	The categories of Data concerned	Is the provision of Data a requirement?
Legitimate interest (security and improvement of our Website) (Art. 6(1)(f) of the GDPR)	IP address, log-in information, browser type and version operating system and platform, type of device, a unique device ID, mobile network information, mobile operating system and the type of mobile browser you use, screen resolution, general information about your use of and actions on our Website	No

 

3.5. Client service

 

We’re dedicated to offering assistance and addressing any queries or concerns you may have. In order to respond to your inquiries effectively, we need to process your Data as outlined below.

 

Legal basis for the processing	The categories of Data concerned	Is the provision of Data a requirement?
Consent (Art. 6(1)(a) of the GDPR)	Email address, subject of your inquiry, date of your inquiry, content of your inquiry, attachments to your inquiry, your name and (or) surname provided in your inquiry, reply to your inquiry, other information provided by you	No

 

3.6. Keeping you informed and gathering your feedback about our services

 

When you or the company you represent used our services, consent to receive marketing communications from us, or in situations where we have a legitimate interest in informing you about our services, we will process your Data as outlined below.

 

Legal basis for the processing	The categories of Data concerned	Is the provision of Data a requirement?
Consent (Article 6(1)(a) of the GDPR)   Customer relationship (Article 81(2) of the Law on Electronic Communications of Lithuania)   Legitimate interest (direct marketing) (Article 6(1)(f) of the GDPR)	Name, surname, email address, telephone number, preferences for receiving marketing communications and details about how you engage with our marketing communications	No

 

3.7. Recruitment

 

When you apply for a position at our company or when we reach out to you regarding a job opportunity, we process your Data as part of the recruitment process as describe below.

 

Legal basis for the processing	The categories of Data concerned	Is the provision of Data a requirement?
Consent (Art. 6(1)(a) of the GDPR)   Legitimate interest (selection of employees) (Art. 6(1)(f) of the GDPR)	Full name, e-mail, phone number, CV, work experience, other information you provide us with	No

 

3.8. Administration of our social media profiles

 

By engaging with us through messaging, following our pages, or interacting with our posts on social media, your Data will be processed as outlined in the table below.

 

Legal basis for the processing	The categories of Data concerned	Is the provision of Data a requirement?
Consent (Art. 6(1)(a) of the GDPR)	Name and surname provided in your social media profile, email address, messages, message information, attachments, comments, shares, reactions, other interactions and additional Data provided	No

 

3.9. Fulfilment of statutory duties and the establishment, exercise, or defense of legal claims

 

If you enter into a contract with us, we’ll keep your Data for as long as the law requires. This helps us protect our legal rights, just in case. We also need to hold onto some of your information for legal stuff like accounting and record-keeping. And, on the off chance you’re involved in a legal case where we’re also a party, we’ll use your Data specifically for that case.

 

Legal basis for the processing	The categories of Data concerned	Is the provision of Data a requirement?
Legal obligation (Article 6(1)(c) of the GDPR)   Our legitimate interest to defend our rights and interests (Article 6(1)(f) of the GDPR)	All of the above information, legal documents, procedural documents, annexes, court documents, investigation information, criminal convictions and offenses, other Data provided.	When the processing of your Data is required under applicable laws, providing this Data becomes a legal necessity. If you are unable to provide this Data, unfortunately, we will not be in a position to offer our services to you.

 

4. How long do you store my Data?

 

We will not retain your Data for longer than is necessary for processing purposes outlined above, except when required by law, which may necessitate an extended retention period:

 

• We store copies of documents confirming the identity of the client, g. copies of client’s identity documents, beneficiary identity data, documentation of accounts and/or agreements, and other Data related to the client application and due diligence process for 8 years from the date of the end of business relations with the client.
• We store correspondence of business relations with the client for 5 years from the date of the end of the business relations with the client.
• We store records of monetary transactions, e.g. documents, data, and other legally valid information relating to the execution of monetary transactions or confirming a monetary transaction for 8 years from the date of the execution of the monetary transaction.
• We will use your Data for marketing purposes as long as you or the company you represent is our client or have given us consent, and 3 years thereafter, unless you inform us that you no longer wish to receive such information from us.
• We will retain Data in our social media profiles for no longer than 10 years.
• For managing our recruiting and processing employment applications we will retain the Data that we have obtained via our recruitment processes for as long as necessary to evaluate the application and in accordance with all relevant laws and regulations. Furthermore, we may ask for your consent to retain your Data for some time after we have evaluated your application.
• We will retain Data necessary for the protection of our legal interests for 10 years.

 

5. Where do you collect my information from?

 

We collect most of the information from you. In addition, for certain purposes, we may receive information from other sources, as explained below.

 

Information source	Purpose of collecting information
Our clients (merchants, financial institutions and other businesses)	To provide our services
Partners providing local payment methods	To provide our services
Registers of legal entities	To comply with applicable legislation
Social media service providers	To manage our social media profiles
HR service providers	To carry out the selection of potential employees
Publicly accessible government lists of restricted or sanctioned persons (such as the Specially Designated Nationals And Blocked Persons List), or politically exposed persons lists	To ensure compliance with AML, CTF and fraud prevention requirements
Public records databases (such as company registries and regulatory filings) and other publicly accessible data	To ensure compliance with AML, CTF and fraud prevention requirements
We and or our third-party verification providers may also collect information from private or commercially available sources, such as by requesting reports or information from credit bureaus and/or fraud prevention agencies, to the extent permitted under applicable law	To ensure compliance with AML, CTF and fraud prevention requirements

 

6. Who do you share my Data with?

 

Where necessary for the purposes set out above and subject to applicable laws, we share Data with the following Data recipients:

 

Data recipients or categories of Data recipients	If the Data are to be transferred to a third country or international organisation:
	Third Country	Appropriate safeguard or derogation
Hawk AI GmbH (transactions monitoring service provider)	–
iDenfy, UAB (identity check service provider)	–
Credit reference, fraud protection, risk management, and identity and verification agencies	–
Participants in the transaction processing chain (merchants, acquirers, banks or other card issuers, card associations)	EU / Worldwide	Standard Contractual Clauses (link)
Professional advisors (lawyers, bankers, auditors, and insurers)
State institutions, supervisory authorities, law enforcement authorities, and courts.
Other third parties, subject to your consent or as required to fulfil contractual obligations.
Meta Platforms, Inc. (Social media service provider)	EU/ US	Standard Contractual Clauses (link)
Microsoft Corporation (LinkedIn) (Social media service provider)	EU / US	Standard Contractual Clauses (link)

 

7. What are my rights?

 

Subject to conditions, limitations, and exceptions established by statutory data protection provisions, you have the rights listed below:

 

My right	When this right is applicable to me?
Right of access	when you seek to obtain confirmation as to whether we collect or otherwise process personal data concerning you, and, where that is the case, access to the personal data and the information about the data processing.
Right to rectification	when you seek to obtain from us the rectification of inaccurate personal data concerning you.
Right to erasure (‘right to be forgotten’)	– when personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; – when you withdraw consent on which the processing is based and there is no other legal ground for the processing; – when you object to the processing and there are no overriding legitimate grounds for the processing, or you object to the processing for direct marketing purposes; – where the personal data have been unlawfully processed; – where the personal data have to be erased for compliance with a legal obligation; – where the personal data have been collected in relation to the offer of information society services directly to a child and subject to a consent.
Right to restriction of processing	– where the accuracy of the personal data is contested by you; – where the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; – where we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims; – where you have objected to processing.
Right to data portability	where you seek to receive the data you have provided in a structured, commonly used and machine-readable form or to transmit those data to another controller, the processing is based on consent or on a contract and is carried out by automated means.
Right to object	where the collection and use is based on a task carried out in the public interest or in the exercise of official authority vested or legitimate interest, including profiling, as explained in Section 3 of this Privacy Policy, or where you object to the collection of your personal data for direct marketing purposes.
Right to withdraw consent	where the processing is based on consent, as explained in Section 3 of this Privacy Policy, and you seek to withdraw it at any time.
Right to lodge a complaint	where you want to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or of an alleged infringement of the data protection laws.

 

8. Do you engage in automated individual decision-making, including profiling?

 

No, we do not make decisions based solely on automated processing, including profiling, which would produce legal effects concerning you.

 

9. Cookies and similar technologies

 

The cookies and similar technologies listed below are used to save information or to access information that is already stored on your devices.

 

A cookie is a small piece of data saved by the Website on your computer or mobile device. Cookies facilitate the Website’s ability to remember details about your visit, thereby simplifying future visits and enhancing the site’s utility for you. Additionally, other technologies, such as unique identifiers for identifying your browser, app, or device, pixels, and local storage, may be employed for similar purposes.

 

www.nikulipe.com

 

Purpose of processing	Cookie	Category	Whether third parties will have access to the information	Duration of operation
This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site’s analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors	_ga	Analytics	Yes	2 years
This cookie is installed by Google Analytics. The cookie is used to store information on how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected includes the number of visitors, the source where they have come from, and the pages visited in an anonymous form.	_gid	Analytics	Yes	1 day
This cookie is installed by Google Analytics. The cookie is used to persist session state.	_ga_<container-id>	Analytics	Yes	2 years
This cookie is set by Google and is used to distinguish users.	_gat_gtag_UA_162751101_1	Analytics	Yes	1       minute

 

10. How can I manage cookies and similar technologies?

 

Most browsers give you the ability to manage cookie settings, including the use of cookies, and to delete cookies and browsing history. This applies to browsers such as Chrome, Safari, Firefox, Internet Explorer, and Opera.

 

11. How do I submit a request / contact your DPOs?

 

If you have any questions concerning Nikulipe’s processing of Data, you can reach us by email at contact@nikulipe.com

 

Nikulipe has appointed Data Protection Officer who can be reached at dpo@nikulipe.com.

 

12. Can this Policy be amended?

 

We update this Policy from time to time. The latest version of this Policy can be found on our websites at www.nikulipe.com.

 

Last update date: August 2024

Download the full document