Privacy policy

Privacy Policy

We understand the special importance of the protection of your personal data, therefore, we collect and process only such data that is necessary for the performance of our activities. We process personal data lawfully, transparently and fairly, for pre-determined purposes and only to the extent necessary to achieve the purposes of the processing. When we process personal data, we strive to ensure that it is accurate, secure, confidential, and is properly stored and protected.

When processing your personal data, we comply with the General Personal Data Protection Regulation (EU) 2016/679 (hereinafter referred to as GDPR) adopted on 27 April 2016, the Republic of Lithuania Law on Legal Protection of Personal Data, as well as requirements for the processing of personal data established by other legal acts and/or controlling authorities.

  1. WHAT IS THIS DOCUMENT?

1.1. By reading this Privacy Policy (hereinafter referred to as the Privacy Policy), you will learn how and for what purposes we process your personal data, where we receive it, to whom we provide it and how we store it, and what your rights are as a personal data subject.

1.2. This Privacy Policy sets out the privacy rules for using our website https://www.numai.lt/kontaktai/ (hereinafter referred to as the Website). Please read this Privacy Policy carefully, as it applies every time you visit our Website. If you do not agree to our Privacy Policy, you should stop using our Website.

1.3. The term “personal data” used in this Privacy Policy shall mean any information that can be used to identify you – directly or indirectly establish your identity. Personal data includes, for example, surname, name, e-mail address, telephone number, location data and internet identifier, your unique characteristics and other personal data as defined in the GDPR.

  1. WHO ARE WE?

2.1. UAB Mano numai, whose registered office is located at Aukštaičių st. 7, Vilnius, code 304488856, tel. No. +370 666 11277, contact e-mail info@numai.lt.

2.2. In accordance with the provisions of legal acts, UAB Mano numai is the data controller of your personal data in the cases and to the extent provided for in this Privacy Policy.

  1. WHAT PRINCIPLES DO WE FOLLOW?

3.1 When processing your personal data, we:

(a) comply with the requirements of valid and applicable legal acts, including the GDPR;

(b) process your personal data in a lawful, fair and transparent manner;

(c) will collect your personal data for specified, clearly defined and legitimate purposes and will not continue to process it in a way incompatible with those purposes, except to the extent permitted by law;

(d) take all reasonable steps to ensure that personal data which are inaccurate or incomplete, having regard to the purposes for which they are processed, are rectified, supplemented, suspended or destroyed without delay;

(e) will keep them in such a form that your identity can be established for no longer than is necessary for the purposes for which the personal data are processed;

(f) will not disclose personal data to third parties and will not make such data public, except as provided in the Privacy Policy or applicable law;

(g) will ensure that your personal data are processed in such a way as to ensure the appropriate security of personal data through appropriate technical or organisational measures, including protection against unauthorized or unlawful processing of data and against accidental loss, destruction or damage.

  1. HOW DO WE COLLECT YOUR PERSONAL DATA?

4.1. We process your personal data obtained in the following ways:

(a) When you provide them to us. You provide us with your personal data and other information through the Website, such as by registering your account, completing and sending us an inquiry or loan application, contacting us by telephone, in writing or by e-mail.

(b) When you use our Website. When you use the Website, certain information (such as the Internet address (IP), type of web browser used, number of visits, etc.) is collected automatically, as detailed in Section 6 of this Privacy Policy.

(c) When we receive your personal data from other persons in accordance with the law and/or this Privacy Policy. In such cases, when we receive data not from the data subjects themselves, we require that the data subjects be informed about the processing of the relevant personal data (purpose and other conditions and circumstances detailed in this Privacy Policy). In addition, in cases where you provide us with personal data of another subject instead of your own, we require that the data subject be made aware of this Privacy Policy.

4.2. We may combine personal data we receive from you when you use our Website with data we collect from other public and/or accessible sources (for example, we may combine personal data you provide with data obtained through the use of cookies on the Website, or with data lawfully obtained from third parties).

4.3. You will always be able to request the correction of incorrect personal data and to exercise your other rights as a personal data subject as set out in this Privacy Policy and applicable law.

4.4. Our services are not intended for individuals under the age of 16, therefore, they should not provide us with any personal data through our Website.

  1. FOR WHAT PURPOSES AND HOW DO WE PROCESS YOUR PERSONAL DATA?

5.1. Our services are intended for natural persons and legal entities, therefore, we usually process your personal data if you are the manager, representative and/or contact person of a legal entity (our potential or existing customer). We may also process your data when you are acting as the ultimate beneficial owners, persons securing customer obligations and other persons involved in the provision of services.

Categories of data
• Identity data (name, surname, date of birth, personal identification number, passport or personal identity card data, etc.);
• contact details (address of the place of residence, e-mail, telephone number, etc.);
• data on the data subject's links with legal entities (positions held, place of employment, number of shares held, etc.);
• data of the self-service profile on the website (login, password, etc.);
• financial data (available financial liabilities, income, credit rating, etc.);
• absence of adverse circumstances (debts, seizures, insolvency, etc.);
• data on available movable and immovable property to be registered, property rights, securities, and their restrictions, etc.;
• information on marital status,
• other data that you provide and/or that we collect in order to provide our services.
Legal basis for data processing
• your consent;
• our legitimate business interests;
• aim to take action to assess the risk before concluding the contract, to conclude the contract and in order to fulfil it;
• the manager is subject to a legal obligation in relation to money laundering and terrorist financing prevention requirements and other actions related to the “Know Your Customer” requirement.
Term for data processing
• If the application received does not comply with the NUMAI service provision strategy and it is refused to provide the services, the received data shall be stored for 4 months from the date of receipt, unless there is a complaint against the refusal to provide services, in which case the data shall be stored until the date on which the final decision of the competent authority takes effect or until the parties reach an amicable settlement;
• If the NUMAI offer is sent but the contract is not concluded, the data shall be stored for 2 months from the date of sending the offer;
• In the case of concluding a contract, during its validity and for 10 years from the end of the contract, unless the (legal) dispute lasts longer (in which case – until the date of the final decision of the competent authority).
We receive the data
from you or collect it from other legal and available data sources, for example, for solvency and financial risk assessment and debt reduction purposes we receive data from all credit institutions, financial companies or other persons participating in the information system INFOBANKAS administered by UAB Creditinfo Lietuva (legal entity code 111689163) or in another relevant system (information on these companies is available on the website www.creditinfo.lt), as well as in the Legal Entity Participants Information System (JADIS) administered by the State Enterprise Centre of Registers, from other state institutions, databases or systems, insurance companies or other persons to the extent necessary for the provision of our services.
We provide or transfer data
to companies providing cloud, server rental, website administration and related services, IT service providers, compliance service providers, lawyers, auditors when they provide services to us; to public authorities and other entities to the extent necessary to determine creditworthiness, financial data and potential risks of money laundering and terrorist financing; to persons administering debtors' data files, debt administration and recovery companies, insurance companies, payment service providers, other third parties to the extent necessary for the provision and implementation of our services and if they have a legal basis to obtain such data.

5.2. The exact amount of personal data and how we process it depends on the specific relationship between you and us. We may process your personal data for the following independent purposes:

(a) For the purposes of creditworthiness assessment, contract conclusion and the provision of NUMAI services.

When you, in person or as a manager or representative of a legal entity, contact us by completing a Rent to Buy application through our Website or apply for NUMAI services by e-mail or otherwise, the following data may be processed for this purpose:

(b) Created individual profiles for the purpose of administration, identification, proper provision of services in the Self-Service Customer Area of the Website. You provide us with your personal data when you use the Website through your personal account (which provides a convenient and quick way to perform electronically the functions permitted by the system accessible through the Customer Area option on the Website). We also process your personal data if you register on the Website or use it as a representative and/or contact person of a legal entity. Each account holder can view, edit and delete their personal data at any time (except for the login). The following personal data may be processed for this purpose:

Categories of data
Name, surname, e-mail, telephone number, password, login, related legal entity (position held)
Legal basis for data processing
• For the purpose of performance of the contract between our customer (on whose behalf you are acting) and us or, at your request, by taking steps to enter into such contract;
• On the basis of a legitimate interest, namely in the proper administration of the Website and our related activities.
Term for data processing
• During the term of the loan agreement and for 10 years from the end of the loan agreement, unless the (legal) dispute lasts longer (in such a case – until the date of the final decision of the competent authority).
• If the loan agreement is not concluded – for 1 year from the last login of the user.
We receive the data
From you.
We provide or transfer data
To data processors acting on behalf of the Company: persons providing Website administration, cloud or other related services, IT service providers, compliance service providers, etc.

(c) In order to improve the Website, offer better services personalized to you. We use your personal data, including the personal data we receive from you when using our Website, to improve and develop the Website and to offer better and more personalized services to you. For this purpose, we receive the data from you (by cookies when you are using the Website) and/or from third parties.

For more detailed information about the categories and specifics of the processing of personal data processed for this purpose and how we use cookies and similar technologies, please read Section 6 of this Privacy Policy.

(d) for the purpose of ensuring communication, administration, quality control of our activities (handling of complaints and/or inquiries as well as communication submitted by you, including – retention). When you contact us (or we contact you upon receipt of your request), we process information received in writing, by e-mail, through the Website or otherwise, which may include personal data:

Categories of data
Date and time of contact, subject, name, surname, e-mail, telephone number, date of letter, details of the company involved, content of the complaint and/or inquiry, telephone number, date, time and duration of the call, other communication information provided by the requesting person / which is collected in the process of the inquiry/complaint.
Legal basis for data processing
• Execution of the rules of use of the Website as a contract with you;
• our legitimate interest in evaluating our customers' feedback with a view to improve the quality of our operations and the services we provide.
Term for data processing
For this purpose, we store your data for 2 years from the date of their recording, unless: (i) there are grounds for believing that a criminal offense or other illegal activity has been recorded or that an (internal) investigation/dispute has been initiated and the data need to be processed before the final decision of the competent authority takes effect; or (ii) the relevant data relate to the concluded loan agreement, in which case the data shall be stored for 10 years from the end of the loan agreement, unless the (legal) dispute lasts longer (in such a case – until the final decision of the competent authority takes effect).
We receive the data
• from you,
• when executing a request or analysing a complaint, we may collect personal data ourselves (for example, upon receipt of your complaint, we will contact our employees regarding the actual circumstances of the complaint and record them, etc.).
• third parties: distributors, compliance service providers, or other persons involved in the performance of the activity.
We provide or transfer data
to data processors acting on behalf of the Company: to persons providing Website administration services, persons providing cloud or other related services, IT services, compliance, legal services.

(e) for other purposes specified in our Personal Data Processing Rules and/or other internal documents, when we are obliged to process your personal data by legal acts or there is a legitimate interest or other grounds for lawful processing of personal data provided by legal acts.

5.3. For the purposes of processing personal data detailed in this Privacy Policy, we do not solicit to provide or disclose to us under any circumstances and we do not process your special categories of personal data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as health data, genetic data, biometric data (in order to specifically identify you) and information about your sexual life.

5.4. Do not provide excessive personal data that is not necessary to achieve the stated purposes.

5.5. Data processors process personal data only in accordance with our instructions and only to the extent necessary to achieve the intended purposes.

  1. HOW DO WE USE COOKIES?

6.1. We collect information about you using cookies and similar technologies. Cookies are small files that are temporarily stored on your device’s hard drive and allow us to identify you during other visits to the Website, save a person’s browsing history, options, customize content, speed up searches, create a convenient and friendly environment, and make it more efficient and reliable. Usage of cookies is a common web browsing practice that makes it easier to use websites.

6.2. By using cookies on the Website, we may collect the information specified in Clause 5.2. (c) of this Privacy Policy, as detailed in Clause 6.6.

6.3. We use the information obtained from cookies:

(a) to ensure the functionality of the Website;

(b) to enable us to improve and develop the Website to better meet your needs;

(c) for the development of services and analysis of the use of the Website;

(d) for targeted promotional solutions.

6.4. We may, without violating the law, combine information obtained through the use of cookies with information obtained about a person by other means (for example, information about the use of the Website with other personal data provided by you or obtained from other sources).

6.5. Please note that the Website may use cookies such as:

(a) necessary (technical) cookies – cookies that are necessary for the operation of websites. These cookies cannot be disabled;

(b) functional cookies – cookies, which, although not necessary for the operation of websites, significantly improve their operation, quality and visitor experience. These cookies store information about your preferences and allow us to customize your experience of using the Website according to your needs;

(c) analytical (statistical) cookies – cookies used for the preparation of statistical analysis of the navigation methods of the website by visitors; the data collected by these cookies is used anonymously;

(d) targeted or promotional cookies – cookies that are used to display offers or other information that may be of interest to you.

6.6. Information about the cookies used on the Website, their purpose, validity and data used can be found here.

6.7. You can give consent to the use of cookies on our Website by clicking on the “I Agree” mark in the link (bar) on the Website.

6.8. You can revoke your permission to use cookies at any time. You can do this by changing your web browser settings so that it does not accept cookies. How you do this depends on your operating system and web browser. You can find detailed information about cookies, their use, opt-out options at http://AllAboutCookies.org or http://google.com/privacy_ads.html.

6.9. In some cases, especially disabling, opting-out or deleting technical, functional cookies may slow down the speed of Internet browsing, restrict the operation of certain functions of the Website, block access to the Website.

  1. WHO DO WE PROVIDE YOUR PERSONAL DATA TO?

7.1. We guarantee that your personal data shall not be provided or otherwise transferred to third parties without a legitimate basis, nor shall it be used for purposes other than those for which they were collected. We shall not transfer your personal data in any way other than in accordance with this Privacy Policy and the law. However, we reserve the right to provide information about you if we were required to do so by law or if required to do so by lawful authorities or prosecuting authorities.

7.2. We may transfer your personal data to partners who help us conduct business. We require such entities to process your data only in accordance with the instructions given by us and the applicable data protection legislation. We enter into agreements with these persons, which impose strict adherence to personal data protection requirements.

7.3. The use of your data by the abovementioned service providers is limited – they may not use this data for purposes other than providing services to us.

7.4. A non-exhaustive list of persons and their categories to whom we transfer your personal data is provided in Clause 5.1. of this Privacy Policy, separately for each purpose of the use of personal data.

  1. HOW LONG DO WE STORE YOUR PERSONAL DATA?

8.1. We store your personal data for no longer than required by the purposes of the processing or as required by law, if it provides for a longer retention period.

8.2. We strive not to store outdated, out-of-date personal data, so only up-to-date information is stored after it is updated (e.g. upon its revision, changing, etc.). Historical information is stored if it is required by law or for the performance of our activities.

8.3. Clause 5.2. of the Privacy Policy specifies the terms of storage of your personal data separately for each purpose of use of personal data.

  1. HOW DO WE STORE YOUR PERSONAL DATA?

9.1. The data we collect from you will be stored within the territory of the EU, but may be transferred or stored outside the territory of the EU. Such data may also be processed by our own or our suppliers’ employees working outside the territory of the EU. When transferring your data outside the territory of the EU, we shall take all necessary steps to ensure that your data is processed securely and in accordance with this Privacy Policy.

9.2. Unfortunately, the transfer of information over the Internet is not completely secure. Although we make every effort to protect your personal data, we cannot guarantee the security of your data when you transfer data to the Website – you assume the risks associated with the transfer of data to the Website. When we receive your data, we will apply statutory procedures and security measures to protect your data from unauthorized access, unauthorized processing or disclosure, accidental loss, deletion, or destruction.

9.3. If unlikely circumstances arise and we become aware of a personal data breach that could seriously jeopardize your rights or freedoms, we shall notify you immediately as soon as we become aware of it and determine what information has been accessed.

9.4. The Website uses a Letsencrypt.org SSL certificate

(a) Verified website identity (you are visiting the real domain owner’s website and you are not redirected to a hacked server)

(b) All data transferred between the server and the browser is encrypted (network hackers can no longer read it).

  1. c) Data integrity and originality are ensured (routers on the route cannot correct or censor the transferred information).

(d) More information is available at https://letsencrypt.org.

  1. EXTERNAL WEBSITES

10.1. The Website may contain links to external websites, such as our business partner websites or websites where we have accounts and which are used to promote our services. By following such links to any of the websites, please note that these websites and the services accessed through them have their own separate privacy policies and we do not accept any responsibility or liability for these policies or for personal data collected on or through these websites, such as contact or location details. We encourage you to review these policies before submitting personal data on such websites or using any services provided therein.

  1. WHAT RIGHTS DO YOU HAVE?

11.1. When processing personal data, we ensure your rights in accordance with GDPR and the Republic of Lithuania Law on Legal Protection of Personal Data. As a personal data subject, you have the following rights:

(a) to know (be informed) about the processing of your personal data;

(b) to access your personal data that we process;

(c) to demand the correction or supplementation, revision of incorrect, inaccurate, incomplete personal data;

(d) to require the destruction of personal data where they are no longer needed for the purposes for which they were collected;

(e) to demand the destruction of personal data if they are processed unlawfully or if you withdraw your consent to the processing of personal data or do not give such consent, which is necessary;

(f) to object to the processing of personal data or to withdraw your consent given previously;

(g) to demand the suspension (other than storage) of your personal data processing in the event of a dispute or verification of the lawfulness of the processing, the accuracy of the data, as well as in cases where we no longer need your personal data, but you do not want us to destroy it;

(h) to require that, where technically possible, your personal data collected with your consent or for the purposes of performing the contract be provided in an easily readable format or to request to transfer such data to another data controller.

11.2. We will endeavour to guarantee the exercise of your rights as a personal data subject and to create all conditions for the effective exercise of these rights, but we reserve the right not to comply with your requirements when it is necessary to ensure:

(a) the performance of the legal obligations imposed on us;

(b) national security or defence;

(c) public order, the prevention, investigation, detection or prosecution of criminal offenses;

(d) important economic or financial interests of the State;

(e) prevention, investigation and detection of violations of official or professional ethics;

(f) protection of your or others’ rights and freedoms.

11.3. You can submit requests related to the exercise of your rights to us in person, by post or by electronic means. Upon receipt of your request, we may ask you to provide proof of identity, as well as any additional information we require regarding your request.

11.4. Upon receipt of your request, we shall respond to you no later than within 30 calendar days from the receipt of your request and the date of submission of all documents required for the response.

11.5. If we deem it necessary, we will suspend the processing of your data, other than storage, until your request has been resolved. If you lawfully withdraw your consent, we will immediately, but not later than within 30 calendar days, terminate the processing of your personal data, except as provided in Section 11.2. of this Privacy Policy and as required by law, i.e. when we are required to further process your data by applicable law, our legal obligations, court decisions or mandatory instructions imposed on us.

11.6. If we refuse to comply with your request, we shall clearly state the grounds for such refusal.

11.7. If you do not agree with our actions or the response to your request, you may appeal against our actions and decisions to the competent public authority.

  1. HOW CAN YOU FILE A COMPLAINT?

12.1. If you wish to file a complaint about our processing of data, please provide it in writing, providing as much information as possible, using the contact details provided at the end of this policy. We shall cooperate with you and try to resolve any issues immediately.

12.2. If you think that your rights have been violated in accordance with the GDPR / other applicable personal data protection legislation, you can file a complaint with our supervisory authority – the State Data Protection Inspectorate of the Republic of Lithuania, more information and contact details can be found on the Inspectorate’s website (https://vdai.lrv.lt/). Although, above all, we seek to resolve all disputes with you promptly and amicably.

  1. HOW WILL THIS PRIVACY POLICY BE CHANGED?

13.1. All changes to our Privacy Policy shall be posted on the Website. In case of significant changes and/or if needed, we shall notify you about them. The new terms of Privacy Policy may also be posted on the Website and you may need to read and agree to them in order to continue using the Website and/or our services.

  1. HOW CAN YOU CONTACT US?

14.1. Please send all documents related to this Privacy Policy or contact us at the following contacts:

(a) by post – UAB Mano numai, with its registered office located at Aukštaičių st. 7, Vilnius;

(b) by sending an e-mail – info@numai.lt;

(c) contact telephone number – +370 666 11277.

The date of publication of the Website’s Privacy Policy is 3 March 2021.