Revision of October, 2020
PRIVACY POLICY
OF POKLET, UAB
I. GENERAL PROVISIONS
1. Poklet, UAB, company number: 305534915, registered office address: Švitrigailos st. 11K-109, Vilnius
(hereinafter referred to as the Company or Controller’, or We’) respects the privacy of all natural
persons (including its customers, other interested parties, visitors to the Company’s Website or App,
adults and children) (hereinafter referred to as the Users or You’) and undertakes to ensure the
security of Your and Your children’s/persons’ under guardianship personal data by using the Companys
mobile application Poklet (hereinafter referred to as the App’), visiting the Company’s website
www.poklet.lt (hereinafter referred to as the Website’) and/or using all services provided by the
Company, including but not limited to promoting children’s financial literacy (hereinafter referred to as
the ‘Services’), and/or contacting the Company.
2. Electronic money institution Walletto, UAB, company number: 304686884, registered office address:
A. Goštauto st. 8-107, Vilnius, Lithuania, license of an electronic money institution No 33, issued on
29/03/2018 (hereinafter referred to as the Card Provider’), is a company that issue you a payment card
related to our Services, so it is also the Controller of Your (and Your children’s/persons’ under
guardianship) data to the extent necessary for the issuance and administration of the payment card.
You can read the privacy policy of the Card Provider here: www.walletto.eu.
3. This privacy policy (hereinafter referred to as the Privacy Policy’) provides all Users with general
information on the basic principles of the collection, processing and storage of personal data and the
procedure followed by the Company.
4. The processing of the Users personal data is established by Regulation (EU) 2016/679 of the European
Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the
processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC
(General Data Protection Regulation) (hereinafter referred to as the GDPR’), the Law on Legal Protection
of Personal Data of the Republic of Lithuania, other legal acts regulating the collection of such data, as
well as the Privacy Policy. The actions of processing the personal data of a particular User may be
detailed and specified in separate agreements between the Company and the Users, as well as in the
information provided by the Company to a specific User.
5. In order to learn about how the Company processes Your (and Your children’s/persons’ under
guardianship) personal data, please read carefully the information provided in the Privacy Policy.
II. PRINCIPLES OF THE PROCESSING OF PERSONAL DATA
6. When processing personal data, the Company ensures the right to privacy of every person, strictly
complies with the requirements of the GDPR, the Law on Legal Protection of Personal Data of the
Republic of Lithuania and other legal acts, as well as the following principles:
6.1. Lawfulness, fairness and transparency;
6.2. Purpose limitation;
6.3. Data minimisation;
6.4. Accuracy;
6.5. Storage limitation;
6.6. Integrity and confidentiality;
6.7. Accountability.
III. BASIS FOR THE PROCESSING OF PERSONAL DATA
7. Your (and/or Your children’s/persons’ under guardianship) personal data may be processed when:
7.1. You give consent to the processing of Your (and Your children’s/persons’ under guardianship)
personal data for certain purposes;
7.2. You enter into/intend to enter into an agreement with the Company regarding the provision
of Services, or the agreement has already been entered into and the processing of Your
(and/or Your children’s/persons’ under guardianship) personal data is necessary for the
performance of the agreement;
7.3. it is aimed to protect Your (and/or Your children’s/persons’ under guardianship) essential
interests;
7.4. Your (and/or Your childrens/persons’ under guardianship) personal data must be processed
for the legitimate interest of the Company or of the third party to whom the personal data
are provided and if Your interests are not more important;
7.5. Your (and/or Your childrens/persons’ under guardianship) personal data must be processed
to comply by the Company with the requirements established by legal acts.
IV. METHODS OF COLLECTION AND PROCESSING OF PERSONAL DATA
8. Personal data may be collected and processed when:
8.1. You (and/or Your children/persons under guardianship) visit the Website or the App;
8.2. You fill in the documents on the App (requests, applications, questionnaires, etc.) and/or
enter into a service agreement with the Company;
8.3. You provide personal data during communication with the Company’s employees or
representatives.
V. PURPOSES OF PROCESSING OF PERSONAL DATA
9. Your (and/or Your children’s/persons’ under guardianship) personal data is processed for the following
purposes:
9.1. direct marketing,
9.2. promoting the Company,
9.3. employment of persons in the Company and administration of the related personnel,
9.4. person identification,
9.5. prevention of money laundering and terrorist financing,
9.6. implementation of the principle ‘know your customer’ (KYC),
9.7. verification of the accuracy of the personal data You provide,
9.8. provision of financial services and conclusion, execution and control of other transactions,
9.9. contracts and customer accounting,
9.10. protection and defense of the rights and legitimate interests of the Company,
9.11. appropriate provision of the Services and improvement of the user experience,
9.12. for data analytics purposes (analysing depersonalised user data),
9.13. for other purposes specified in Your agreements with the Company or in the information
provided to You separately by the Company.
VI. PROCESSING OF PERSONAL DATA FOR THE PURPOSE OF DIRECT MARKETING
10.For the purpose of direct marketing, Your (and Your children’s/persons’ under guardianship) personal
data is processed with Your consent only. For the purpose of direct marketing, including the provision of
personalised offers to You, the following Your personal data is processed: full name, telephone number,
e-mail address, as well as the following personal data of Your children/persons under guardianship:
name, telephone number.
11.You are entitled to refuse advertising messages sent by the Company at any time and to object to the
processing of Your personal data for the purpose of direct marketing without stating the reasons for the
objection. You may revoke the consent already given for the processing of personal data for the
purpose of direct marketing clearly and unambiguously expressing Your will in writing to an employee
of the Company.
12.You may also exercise the right to object to the processing of personal data for the purpose of direct
marketing in the following ways:
12.1. by clicking on the link in each e-mail sent to You;
12.2. after logging in to Your account and ticking Your objection.
13.For the purpose of direct marketing, Your personal data is processed for no longer than 5 (five) years
from the receipt of the consent or until You withdraw the consent. After the expiry of the data
processing period or if You withdraw the consent, We will keep the data on Your consent for 10 (ten)
years from the end of the data processing period specified in the consent or the withdrawal of the
consent in order to file, enforce or defend Our legal claims.
VII. PROCESSING OF PERSONAL DATA FOR THE PURPOSE OF PROMOTING THE COMPANY
14.The Company has created and manages an account/s on the social networks: Facebook, LinkedIn,
Instagram, TikTok. Information that You (or Your children/persons under guardianship) provide on the
social networks (including messages, use of the ‘Like’ and ‘Follow fields, and other communications) or
that is obtained by You (and Your children/persons under guardianship) by visiting the Companys
accounts on Facebook, LinkedIn, Instagram, TikTok (including information obtained through cookies
used by the social network) or reading the Company’s posts on the social networks is controlled by the
social network manager Facebook, LinkedIn, Instagram, TikTok.
15.As an administrator of an account on Facebook, LinkedIn, Instagram, TikTok, the Company selects the
appropriate settings based on its target audience and performance management, and promotion
objectives, but the social network manager may restrict the Companys ability to change certain
essential settings enabling the Company to create the Company’s account on a social network and
administer it. As a result, the Company cannot influence what information about You (or Your
children/persons under guardianship) will be collected by a social network manager when the Company
creates an account on a social network.
16.Generally, a social network manager processes personal data (even those collected by the Company
after selecting additional account settings) for the purposes set by the social network manager in
accordance with the privacy policy of the social network manager. The amount of data received by the
Company as an account administrator depends on the account settings selected by the Company,
agreements with the social network manager regarding ordering additional services, cookies set by the
social network manager.
17.The Company receives statistical information on the Website and the App. Statistical information is
collected and processed in Google Analytics. The Company collects the following data (for statistical
purposes) related to visitors to the Website and the App: IP address, Website/App browsing history and
date.
18.The following Your (or Your children’s/persons’ under guardianship) personal data may be processed for
the purpose of promoting the Company: Facebook, LinkedIn, Instagram, TikTok profiles and other
information, such as the date of review of the Company’s profile on Facebook, LinkedIn, Instagram or
TikTok, comments, ‘Like’ and ‘Follow’ messages.
VIII. PROCESSING OF PERSONAL DATA FOR THE PURPOSE OF EMPLOYMENT OF PERSONS IN THE
COMPANY AND ADMINISTRATION OF THE RELATED PERSONNEL
19.Personal data of potential employees in the Company is processed for the purpose of employment and
administration of the related personnel. Your personal data processed for the purpose specified in this
clause submitted for the purpose of employment with the Company shall be the following: curriculum
vitae (CV), motivation letter, full name, contact information, documents submitted by You to the
Company. Your personal data, which You provide to the Company when applying for a specific position
in the Company, are processed for the purpose of concluding an employment contract with You.
20.If You apply for a specific position by submitting the questionnaire, but the job offer is not submitted to
You, or You do not indicate that You apply for a specific position, the Company will store and process
Your personal data for future employee recruitment for no longer than 1 (one) year after the receipt of
Your consent. The Company may assess Your candidacy and provide You with job offers in the Company
within the whole period of data storage.
21.You are entitled to withdraw Your consent to the processing of personal data for the purpose specified
in this section of the Privacy Policy at any time expressly and unambiguously expressing Your will in
writing to an employee of the Company by appealing to the Company at contacts specified on the
Website or the App.
IX. PROCESSING OF PERSONAL DATA FOR OTHER PURPOSES
22.The Company processes the following Your personal data for the purpose of identification, prevention
of money laundering and terrorist financing, implementation of the principle know your customer
(KYC), verification of the accuracy of the personal data You provide, provision of financial services and
conclusion, execution and control of other transactions, contracts and customer accounting, protection
and defense of the rights and legitimate interests of the Company, appropriate provision of the Services
and improvement of the user experience, data analytics (analysing depersonalised user data): full
name, personal identification number, date of birth, registered and actual place of residence (address),
data of identification documents or data of a qualified electronic signature certificate, telephone
number, e-mail address, number of the account held by You in other electronic money or credit
institution from which You make a transfer to Poklet account, number of the electronic money account
opened with the Card Provider, the statement of this account and the money turnover therein, number
of the card issued to You by the Card Provider; as well as the following personal data of Your
children/persons under guardianship: telephone number, name, age. Before the beginning of the
business relationship, these data is processed on the basis of concluding an agreement with You as a
potential customer. After entering into the agreement, the personal data specified in this clause is
processed on the basis of the performance of the agreement concluded with You, compliance with the
requirements established by legal acts for the Company and legitimate interests of the Company.
23.Your identification shall be performed remotely in the identification system MarkID managed by Mark
ID, UAB, company number: 305098955, registered office address: Žalgirio st. 90-100, LT-09303 Vilnius.
The following data is processed: full name, date of birth, personal identification number, type and
number of ID document, copy/photo of ID document, photo of the person, IP address, date the photo
was taken. The MarkID system stores video records and photos. The Company receives data under the
agreement with Mark ID, UAB.
24.For the purposes specified in this section of the Privacy Policy, personal data is processed for as long as
the contractual relationship continues and You (and Your children/persons under guardianship) use the
Company’s services, and upon the expiry of the contractual relationship, the collected personal data is
stored for 10 (ten) years from the end of the business relationship. In the event the contractual
relationship does not start after the submission of data, the personal data is only stored for no longer
than 10 (ten) years from the date of receipt, unless the Company receives Your written request for
destruction of Your personal data processed by the Company. If such a request is received, the personal
data is destroyed immediately. If the Company refuses to enter into a transaction with You regarding
the implementation of measures for the prevention of money laundering and terrorist financing, Your
personal data is stored for 8 (eight) years from the moment of such refusal in order to meet the
requirements of the Law on Legal Protection of Personal Data of the Republic of Lithuania.
25.The Company may process Your (and/or Your children’s/persons’ under guardianship) personal data for
other purposes in accordance with the requirements and procedure of the GDPR and the Law on Legal
Protection of Personal Data of the Republic of Lithuania.
X. SUBMISSION AND RECEIPT OF PERSONAL DATA
26.The Company may submit Your (and/or Your children’s/persons’ under guardianship) personal data to
the following third parties:
26.1. personal data processors selected by the Company for the purpose of performing lawful
personal data processing actions on behalf of the Company and/or on its instructions;
26.2. electronic money institution Walletto, UAB, company number: 304686884, registered
office address: A. Goštauto st. 8-107, Vilnius, Lithuania, license of an electronic money
institution No 33, issued on 29/03/2018; due to opening an electronic money account and
issuing a payment card;
26.3. third parties involved to protect and defend the violated rights and legitimate interests of
the Company if You breach the terms and conditions of the agreement concluded with the
Company;
26.4. state institutions and establishments (the State Tax Inspectorate, the State Labor
Inspectorate, etc.), when personal data are provided in order to notify of possible illegal
activities;
26.5. third parties whose activities are related to debt collection or creation, administration or
use of a debtors database for the purpose of administering Your debt and/or recovering your
indebtedness to the Company;
26.6. other persons (lawyers, consultants, auditors, etc.) involved by the Company to provide
the necessary services to the Company and/or You;
26.7. other third parties if the data are transferred in accordance with the requirements of
legal acts of the Republic of Lithuania.
27.Your (and/or Your children’s/persons’ under guardianship) personal data may be submitted to third
parties in the following ways: in writing, by electronic means, by logging in to databases or information
systems collecting individual data or in another manner agreed by the controllers.
28.Your (and/or Your children’s/persons’ under guardianship) personal data can be obtained both directly
from You by contacting the Company, filling in applications, requests, submitting documents requested
by the Company or otherwise submitting Your data to the Company, and from third parties (such as: the
Card Provider, financial institutions, entities providing identification services, etc.).
XI. YOUR RIGHTS AND THEIR EXERCISE
29.You may submit information about Yourself or Your (and/or Your children’s/persons’ under
guardianship) personal data requested by the Company by logging in to Your user account on the
Website or the App.
30.You have all rights established by the Law on Legal Protection of Personal Data of the Republic of
Lithuania, the GDPR and other legal acts, including the right to:
30.1. get acquainted with Your personal data processed by the Company and to receive
information from which sources and what Your (and/or Your children’s/persons’ under
guardianship) personal data were collected, for what purpose they are processed and to
whom they are submitted;
30.2. request for the rectification, destruction of Your personal data or to restrict, except for
storage, the processing of Your personal data when the data are processed in violation of the
provisions of the GDPR or other laws;
30.3. do not give consent to the processing of Your (and/or Your children’s/persons’ under
guardianship) personal data for direct marketing purposes or for other purposes for which
Your consent is requested without giving reasons for the objection,
30.4. object the use of only automated data processing, including profiling;
30.5. exercise Your right to data portability;
30.6. exercise the right to be ‘forgotten’;
30.7. complain about the actions of the Company as the controller to the State Data Protection
Inspectorate of the Republic of Lithuania.
31.You can exercise Your rights at any time by sending an electronically signed application by e-mail:
info@poklet.lt.
32.You may exercise the right to request the destruction of Your personal data or to restrict, except for
storage, the processing of Your personal data in accordance with the following procedure:
32.1. If You believe that Your (and/or Your children’s/persons’ under guardianship) personal
data are processed unlawfully, unfairly, and You have applied to the Company for this, We
will check the lawfulness and fairness of the processing of personal data. Upon Your written
request and if the Company determines that the data have been collected unlawfully and
unfairly, We will destroy the unlawfully and unfairly collected personal data or will suspend
the processing of such personal data, except for storage.
32.2. We will protect personal data, the processing of which is restricted, until they are
destroyed (at the request of the data subject or upon the expiry of the data storage period),
other processing actions with such personal data may be performed only:
- for the purpose of proving the circumstances which led to the restriction of the processing of
personal data;
- if You give Your written consent to the further processing of Your personal data;
- if it is necessary to protect the rights or lawful interests of the Company or third parties.
33.We will notify You no later than within 30 (thirty) days of the destruction of Your personal data or of the
restriction of Your personal data processing actions, which has been performed or not performed at
Your request.
34.The Company, acting as a data controller, is entitled reasonably to refuse the exercise of Your right to
restrict the processing of Your personal data on the grounds set for in the GDPR, including but not
limited if further data processing is necessary for the Company to file, exercise or defend legitimate
interests.
35.The Company’s refusal to exercise Your rights as a data subject may be appealed to the State Data
Protection Inspectorate of the Republic of Lithuania.
36.These actions are performed free of charge: provision of the information about the processing of Your
(and/or Your children’s/persons’ under guardianship) personal data, verification of the lawfulness and
fairness of the data processing, termination of the data processing, the data destruction.
XIII. PROFILING AND AUTOMATED DECISION-MAKING
37.In order to monitor the transactions concluded by You, to prevent money laundering and fraud, or for
other purposes related to the legitimate interests of the Company, fulfilment of legal obligations and
execution of the agreement concluded with You, the Company may perform profiling related to Your
personal data processing in automated or in a semi-automated manner.
38.The Company also conducts profiling related to assigning the Customers to a certain loyalty group. We
divide the Customers into loyalty groups in order to offer additional benefits to our most loyal
Customers. The Customers are assigned to a certain loyalty group based on data such as activeness, etc.
XII. PROTECTION OF PERSONAL DATA
39.The goal of the Company is to ensure the highest possible security of all information received from the
User. The Company uses a variety of administrative, technical and physical security measures to protect
this information from unauthorized access, use, copying or disclosure.
40.The Company notes that data transmitted by electronic communication means are transferred using
communication networks operated by electronic communication service providers, therefore the
Company cannot guarantee and is not responsible for the security and protection of data transmitted in
this manner.
41.The User must take active measures to ensure the confidentiality of his/her personal data and must
make every effort to protect the login password to the Website or the App from access of third parties
and not to disclose it to third parties in any direct or indirect manner, and to ensure that no third
parties may use his/her data using the Website, the App and/or the services provided by the Company
and/or for other purposes. The User is responsible for any actions of third parties if they are performed
using the Users data, and all duties and responsibilities arising from or related to such actions of third
parties shall be borne by the User in full.
XIII. PERSONAL DATA COLLECTED AND PROCESSED ON THE WEBSITE OR THE APP, OR USING THE
WEBSITE OR THE APP
42.If the User wishes to start using the Services offered by the Company on the App, the Company
requests to provide the data necessary for the Users registration: the Users e-mail address and/or
telephone number, as well as his/her full name.
43.If You (and/or Your children/persons under guardianship) only browse the Website but You do not apply
to the Company for the Services, the Company collects the following data related to browsing the
Website by You (and/or Your children/persons under guardianship):
43.1. IP address;
43.2. the country from which the User logs in;
43.3. the browser and its version used by the User.
44.The data referred to in Clause 43 of this Privacy Policy is collected for security and history of use of the
Website or the App. When collecting them, the Company does not seek to identify the User.
45.Data related to the Users use of the Website or the App, browsing it and/or the Services, and which are
not considered personal data, may be processed anonymously by conducting statistical surveys or
similar actions. In any case, such data processing will not allow the direct or indirect identification of
the User.
XIV. RESPONSIBILITY AND CONSENT OF ADULTS FOR THE PROCESSING OF PERSONAL DATA OF
THEIR CHILDREN OR PERSONS UNDER GUARDIANSHIP
46.Children or persons under guardianship may start using all functions of the App:
46.1. upon the receipt of an invitation from the parent or guardian to register (i.e. You shall
download the App and shall send an invitation to join the child/guardian); or
46.2. upon the receipt of Your approval to use the App (i.e. if the child/guardian firstly
downloads the App, then he/she must send an invitation to You and will only be able to start
using the App’s functions after receiving Your approval).
47.As the parent or guardian of a child or person under guardianship who registers on the App in order to
use our Services, You:
47.1. allow and agree that Your child/person under guardianship will use our Services and You
are responsible for Your child’s use of our Services, including all taxes, expenses incurred and
purchases made;
47.2. give us informed consent to the collection, use and sharing of Your child’s/ person’s
under guardianship data in accordance with the terms and conditions of this Privacy Policy;
47.3. agree to acquaint Your child or person under guardianship with these terms and
conditions of the Privacy Policy.
48.The Company is entitled to delete a child’s profile if it is not assigned to the parents or guardian’s
profile for 6 months or more.
XV. COOKIES
49.The Company may use cookies on the Website in the future. Cookies are small files that are sent to the
Website visitors web browser and stored on the Website visitors computer hard drive. Cookies shall be
transferred to the Website visitors computer or other terminal device the first time you visit the
Website. Cookies shall be then used to identify the Website visitor's computer or other terminal device
and facilitate the Website visitors access to the Website or the information contained therein.
50.We use the automated marketing platform MailerLite to manage our subscriber list and to send emails
to the subscribers. MailerLite is a third party that may process Your (and/or Your children’s/persons’
under guardianship) personal information and record cookies using technologies that meet standards in
this field to help monitor and improve our newsletters. You can find the privacy policy of MailerLite
here: https://www.mailerlite.com/privacy-policy.
XVI. LINKS TO OTHER WEBSITES
51.The Company is not responsible for the processing of Your (and/or Your children’s/persons’ under
guardianship) personal data through third-party websites (hereinafter referred to as the Related
Websites’). For user convenience and information, the Website or the App may contain links to other
Related Websites. The Company is not responsible for the privacy policy of such websites, the content
of the information provided and activities, even in cases where Users access them through links on the
Website or the App, as the Company does not monitor or control them. Users are advised to read the
privacy policy of each Related Website separately.
XVII. CONTACTS OF THE DATA PROTECTION OFFICER
52. Contacts of the data protection officer in the Company: ph. No.: +37068769232, e-mail:
justina@poklet.lt.
XVIII. FINAL PROVISIONS
53.The law of the Republic of Lithuania shall apply to the implementation and interpretation of the
provisions of the Privacy Policy.
54. This Privacy policy is in English and Lithuanian and all communications with you will be in English
and/or in Lithuanian. The Lithuanian language version of this Privacy Policy shall be controlling in all
respects and shall prevail in case of any inconsistencies with translated versions, if any.
55.This Privacy Policy shall not be considered to be an agreement between the Company and the User
regarding the processing of the Users personal data. With this Privacy Policy, the Company informs You
about the principles of processing Your (and/or Your children’s/persons’ under guardianship) personal
data in the Company, therefore the Company is entitled unilaterally to amend and/or supplement this
Privacy Policy at any time. Any amendments and/or supplements to the Privacy Policy shall take effect
after their publication on the Website.
56.If any provision of this Privacy Policy becomes or is recognised invalid, the remaining provisions will
remain in full force and effect.