Privacy policy | Mobilly

Privacy policy

Download document

The purpose of this Privacy Policy is to provide information to a natural person (data subject) about the purpose, scope and protection of personal data processing carried out by SIA “Mobilly” (Mobilly) when processing the data subject’s personal data.

The privacy policy was developed on the basis of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and the regulatory enactments in force in the Republic of Latvia.

 

1.Information about the controller of personal data

Name: SIA “Mobilly”
Reg . No.: 40003654405
Legal address: Dzirnavu Street 91-k3, Riga, LV-1011.

 

Mobilly is a licensed electronic money institution under the supervision of the Financial and Capital Market Commission with the right to provide payment services. More information: HERE

 

 

2. Contact information for communication on personal data protection issues

In case you have questions related to this Privacy Policy or the processing of your personal data, you can contact us by phone 1859 or by writing to the electronic mail address: [email protected]

 

 

3. Why do you need to provide us with your personal data?

Mainly, we process your personal data in order to fulfill our contractual obligations, fulfill the requirements of the regulatory acts binding on us and to implement our legitimate interests. Data processing is necessary for the achievement of relevant purposes, therefore failure to provide the necessary personal data may jeopardize the initiation of business relations or the fulfillment of obligations arising from the contract. We will inform you, in cases where personal data can be provided voluntarily, however, note that providing it could help improve the quality of the service or provide you with more favorable contract conditions and/or offers.

 

 

4. How do we obtain your personal data?

We can obtain your personal data in one of the following ways:

1) When you enter into a contract with us;

2) When you communicate with us, submit documents, write e-mails, call us;

3) When you sign up for our services online;

4) When you authorize on the website www.mobilly.lv;

5) When you authorize in the Mobilly mobile app;

6) When you visit the website www.mobilly.lv using cookies;

7) When we enter into a contract with a third party who has indicated you as a contact person;

8) When we obtain information from third-party databases, for example, evaluating your compliance with the status of a politically significant person, checking you on sanctions lists (OFAC, UN, EU, etc.);

9) In specific cases, obtaining information from video surveillance recordings.

 

 

5. General description of our personal data processing

Personal data is mainly obtained when a natural person – the client, concludes a contract with Mobilly for opening an electronic money account in the Mobilly system, however, in some cases, personal data may be obtained from external sources, such as publicly available registers or third parties – Mobilly’s cooperation partners who provide services on the Mobilly platform or pays for the services for their employees.

 

The categories of personal data that we mostly, but not exclusively, collect and process are:

Identification and research data, such as name, surname, personal identification number, date of birth, status of a politically significant person, data of an identity document (such as a copy of a passport, ID card), mobile phone number.
Contact information such as address, phone number, email address.
Data on the Client’s tax residence , such as information on the country of residence, tax payer number, citizenship.
Data obtained while fulfilling obligations provided for in regulatory acts, for example, data resulting from information requests received from investigative authorities, sworn notaries, tax administration authorities, courts and sworn bailiffs, etc.
Data obtained when the customer uses Mobilly services, such as the car registration number linked to the customer’s account, the nationality of the car registration number, service payment times and dates, individual customer profile settings, technical characteristics of the mobile devices used, version number of the Mobilly mobile application used, the time of the last visit in the Mobilly app, etc.
Communication data obtained when a person communicates with Mobilly – audio recordings of calls, e-mail correspondence, messages on chat platforms (Whatsapp , Telegram , Messenger, etc.).
Data about participation in our games and promotions , such as points earned, prizes won in games or promotions, etc.

 

This Privacy Policy describes how we process the personal data of our customers, customer representatives/contact persons, raffles and lotteries participants, cooperation partners, website visitors and other persons whose data may be at our disposal as part of our commercial activities. Nevertheless, we ask you to take into account that other documents (for example, service contracts, cooperation agreements, lottery rules, etc.) may also contain additional information about the processing of your personal data.

 

We assume that before using our website or becoming our customer, you have read this Privacy Policy and have agreed to its terms. Mobilly reserves the right to amend and update this Privacy Policy as necessary, without prior special notice.
To learn more about the cookies used by Mobilly, in addition to the provisions of this Privacy Policy, you can consult the information on the use of cookies (available at www.mobilly.lv).

 

 

6. For what purposes do we process your personal data and what is the legal basis for processing personal data?

We process your personal data only in accordance with previously defined legitimate purposes, which include:

a) Initiation of contractual relations and provision of services, as well as fulfillment and provision of other contractual obligations.

Within the framework of this purpose, we need to identify you, provide an appropriate payment calculation and ensure the process of making payments, contact you about the provision of the services and/or performance of the contract in related matters, and in some cases also ensure the recovery of unpaid payments.

 

For this purpose, we may need at least the following personal data: name, surname, personal identification number, declared and/or postal address, bank account number of the customer, customer and/or cooperation partner; payment card number and expiration date, telephone number, vehicle number, e-mail address.

 

The main legal bases for the implementation of this purpose are:

– Conclusion and execution of the contract with the data subject (point (b) of Article 6(1) of the General Data Protection Regulation);

– Fulfillment of a legal obligation (point (c) of Article 6(1) of the General Data Protection Regulation);

– The controller’s legitimate interests (point (f) of Article 6(1) of the General Data Protection Regulation), for example, identifying you as a contact person of a customer and/or cooperation partner, ensuring communication with you.

 

b) Compliance with the regulatory enactment applicable to electronic money institutions, which determines the requirements regarding customer identification, research and service provision, or the fulfillment of the requirements set forth in other regulatory enactments.

Within the scope of this purpose, we must comply with the requirements of the republic of Latvia Law on Payment Services and Electronic Money, the Law on the Prevention of Money Laundering and Terrorism and Proliferation Financing, the requirements of the regulations issued by the Financial and Capital Market Commission, the Law “On Accounting”, the Law “On Taxes and fees”, the requirements of the “Archives Act” and the requirements specified in other regulatory acts.

 

For this purpose and implementing the principle “Know your customer”, we may need to process the following personal data: Name, surname, personal code, address, IP address, customer’s representative, customer’s beneficial owner, customer and/or cooperation partner compliance with the status of a politically significant person, a family member of a politically significant person or a person closely related to a politically significant person;

 

The main legal bases for the implementation of this purpose are:

– Fulfillment of a legal obligation (point (c) of Article 6(1) of the General Data Protection Regulation).

 

c) Provision of marketing activities.

Within this purpose, we could send you commercial communications about Mobilly or third-party services and other services not directly related to the provision of contracted services (e.g. customer surveys), ensure your participation in lotteries or raffles organized by us, as well as publish various types of materials from public events organized by us.

 

For this purpose, we may need at least the following personal data: name, surname, phone number, e-mail address of the customer, customer and/or cooperation partner.

 

The main legal bases for the implementation of this purpose are:

– Consent of the data subject (point (a) of Article 6(1) of the General Data Protection Regulation);

– Conclusion and execution of the contract with the data subject (point (b) of Article 6(1) of the General Data Protection Regulation);

– The controller’s legitimate interests (point (f) of Article 6(1) of the General Data Protection Regulation), for example, to ensure communication.

 

In case you do not want to receive news about our marketing activities, you have the right to opt out in the following ways:

(a) following the opt-out instructions in the relevant marketing message;

(b) by contacting us via the email set out in Section 2.

 

Please note that even if you opt out of receiving marketing messages, you may still receive administrative messages and text messages from Mobilly, such as notifications about activities in your account (account confirmation and password change or that the linked card is about to expire, etc.).

 

d) Prevention of threats to security, property interests and other important legitimate interests of us or third parties.

Within the framework of this purpose, we need to conduct video surveillance of our territory, buildings and other properties, make recordings of telephone conversations to improve the quality of services, use personal data processors to ensure various functions, in case of legal necessity, disclose information to the Control service, the State Revenue Service, the Financial and Capital Market Commission, the State police, bailiffs and other state institutions, to exchange information within the group of companies, to use the rights granted in regulatory acts to ensure their legitimate interests.

 

For this purpose, we may need to process at least the following personal data: customer, customer and/or cooperation partner contact name, surname, personal identification number, car number, place and time of receiving the service, and other data as necessary.

 

The main legal bases for the implementation of this purpose are:

– The controller’s legitimate interests (point (f) of Article 6(1) of the General Data Protection Regulation), for example, for the purposes of detecting criminal offenses, for ensuring debt recovery.

 

e) Ensuring the proper provision of services.
As part of this purpose, we need to maintain and improve technical systems and IT infrastructure, use technical and organizational solutions, which can also use your personal data (for example, by monitoring cookies), with the aim of ensuring proper service provision.

 

We would like to inform you that when you use the Mobilly services on the mobile app or website, we log data and information in order to be able to help in case of operational failures of the Mobilly systems. This data contains the following information – the internet protocol address or IP of the used device, device name, operating system, mobile application version, time and date of using Mobilly services, as well as other statistics. Most of the data is collected in Mobilly’s internal system, but we also use third-party systems to collect certain statistics.

 

Third-party systems we use to ensure the proper provision of services:

– Google Inc. tools Google Analytics and Google Play Store, more about the terms of services of these tools and their privacy policy can be found on the website: Google Analytics privacy https://policies.google.com/privacy?hl=lv and terms https://www. google.com/analytics/terms/gb.html
– Google Inc. tool Firebase Analytics, more about the terms of services of this tool and its privacy policy can be found on the website: Firebase analytics privacy https://firebase.google.com/policies/analytics/
– Apple Inc. tool Apple AppStore, more about the terms of services of this tool and its privacy policy can be found on the website: Apple App Store Privacy https://www.apple.com/lae/privacy/
– Facebook Ireland ltd. tool Meta Pixel, which ensures the collection of information about how and how often the Mobilly mobile app is used, as well as, if the user has agreed to it, allows Mobilly to display customized advertisements to its customers on social networks. You can learn more about this tool at https://developers.facebook.com/docs/meta-pixel and the privacy policy at https://www.facebook.com/privacy/policy/
– Callbell S.A.S. tool Callbell, which provides a unified chat management platform. You can find out more about the terms of service of this tool and its privacy policy at https://www.callbell.eu/en/privacy-policy-2/

 

The main legal bases for the implementation of this purpose are:

– The controller’s legitimate interests (point (f) of Article 6(1) of the General Data Protection Regulation).

 

 

7. Who could access your personal data?

We take measures to process your personal data in accordance with applicable laws and regulations and ensure that your personal data is not accessed by third parties who do not have a relevant legal basis for processing your personal data.

 

If necessary, your personal data could be accessed by:

1) our employees or directly authorized persons who need it for the performance of work duties;

2) personal data processors according to the services they provide and only to the extent necessary, such as auditors, financial management and legal consultants, database developers/technical maintainers, other persons related to the provision of Mobilly services;

3) state and municipal authorities in cases specified in the regulatory acts, for example, law enforcement authorities, municipalities, tax administrations, sworn bailiffs, etc.;

4) third parties, carefully evaluating whether there is an appropriate legal basis for such data processing, such as debt collectors, courts, out-of-court dispute resolution institutions, insolvency administrators, third parties who maintain registers (for example, registers of citizens, registers of debtors, etc.).

 

 

8. What cooperation partners do we choose for personal data processing?

We take measures to ensure the processing, protection and transfer of your personal data to data processors in accordance with applicable laws and regulations. We carefully select personal data processors and, when transferring data, we evaluate its necessity and the amount of data to be transferred. The transfer of data to processors is carried out in compliance with the requirements of confidentiality and secure processing of personal data.

 

We cooperate with the following categories of personal data processors:

1) auditors, financial management and legal consultants;

2) IT infrastructure, database technical maintainers;

3) other persons involved in the provision of our services.

 

Categories of personal data processors may change. In that case, we will make appropriate changes to this document as well.

 

 

9. Are your personal data processed outside the European Union (EU) or European Economic Area (EEA) countries?

We do not transfer data to countries outside the European Union or the European Economic Area.

 

 

10. How long will we store your personal data?

Your personal data is stored for as long as its storage is necessary for the relevant purpose of personal data processing, in accordance with the requirements of regulatory acts (for example, laws on accounting, prevention of money laundering, statute of limitations, etc.).

 

When evaluating the duration of storage of personal data, we take into account the applicable requirements of regulatory acts, aspects of the performance of contractual obligations, your instructions (e.g. in the case of consent), as well as our legitimate interests. If your personal data is no longer needed for the specified purposes, we will delete or destroy it.

 

Below we indicate the most common personal data retention periods:

– we will store personal data necessary for the fulfillment of contractual obligations at least until the fulfillment of contractual obligations, observing other, externally determined storage terms (see below);

– if personal data must be stored in order to fulfill the requirements of regulatory acts, we will store them according to the requirements set in the regulatory acts, for example, the Law “On Accounting” stipulates that documents supporting the transaction must be kept until the day they are needed to establish the beginning of each economic transaction and track its for development, but not less than 5 years;

– we will store the personal data required to prove the fulfillment of our obligations in accordance with the general limitation periods for claims (e.g. 10 years in the Civil Law, 3 years in the Commercial Law), taking into account also the time limits for bringing claims defined in the Civil Procedure Law.

– We will store the personal data required to prove the Customer’s identification in accordance with the requirements of the Law on the Prevention of Money Laundering and Terrorist Financing – for 5 years after the termination of the business relationship.

 

 

11. What are your rights as a data subject regarding the processing of your personal data?

Updating of personal data
If there has been change in the personal data that you have provided to us, for example changes in the personal code, contact or declared address, telephone number or e-mail, please contact us and submit the current data to us so that we can carry out the defined personal data processing purposes.

 

Your right to access and correct your personal data
In accordance with the provisions of the General Data Protection Regulation, you have the right to access your personal data that we have at our disposal, to request their correction, deletion, restriction of processing, to object to the processing of your data, as well as the right to data portability in the cases and procedures specified in the General Data Protection Regulation.

 

We respect your right to access and control your personal data, therefore, if we receive your request, we will respond to it within the time limits set by regulatory acts (usually no later than one month, unless there is a special request that requires a longer time to prepare a response).

 

You can obtain information about your personal data held by us or exercise your other rights as a data subject in one of the following ways:

1) by submitting a relevant request in person and identifying yourself at our office at the address: Dzirnavu iela 91 k-3, Riga, LV-1011, every working day from 9:00 a.m. to 5:00 p.m.;

2) submitting a relevant request by sending it to us by mail to the following address: Dzirnavu iela 91 k-3, Riga, LV-1011.

3) by sending a relevant electronically signed request to the e-mail address: [email protected].

Upon receiving your request, we will evaluate its content and the possibility of your identification, and depending on the relevant situation, we reserve the opportunity to ask you to identify yourself additionally in order to ensure the security and disclosure of your data only to you.

 

The data subject request form can be found here.

 

Withdrawal of Consent
If the processing of your personal data is carried out because of your consent, you have the right to withdraw it at any time, and we will no longer process your personal data, which we processed on the basis of your consent, for the relevant purpose. However, we inform you that the withdrawal of consent cannot affect the processing of personal data necessary to fulfill the requirements of regulatory acts.

 

Even if the processing of your personal data is based on legitimate interests or is used for marketing purposes (for example, for sending commercial messages or participating in sweepstakes), you have the right to object to it.

 

Important! In order to prevent money laundering, we, as a financial institution, are obliged to create and maintain personal data processing systems also for customers and persons with whom business relations have not been initiated or have been terminated, in accordance with the procedures specified in the Law on the Prevention of Money Laundering and Financing of Terrorism. Personal data processing systems may also include information about the beneficial owners and authorized persons of these persons. In such cases, the processing of personal data shall not be subject to the data subject’s right to request information on data processing, including its purposes, recipients and sources of acquisition, provided for in regulatory enactments. According to the Anti-Money Laundering and Terrorism and Proliferation Financing Law, the data subject does not have the right to access his data and request its corrections, destruction, termination of processing or prohibition.

 

The State Data Inspectorate has the right to conduct an inspection to determine the compliance of personal data processing with the requirements of regulatory acts, in cases where the controller is prohibited by law from providing information to the data subject and a relevant submission has been received from the data subject.

 

 

12. Where can you submit a complaint related to personal data processing issues?

If you have any questions or objections regarding processing of your personal data, we invite you to contact us first.

 

If you still believe that we violate your rights as a data subject and after receiving your objections we have not been able to resolve the situation, you have the right to file a complaint with the State Data Inspectorate. You can find samples of submissions to the State Data Inspectorate and other related information on the website of the State Data Inspectorate.

 

 

13. Is your personal data used in automated decision-making?

We do not use your data for automated decision-making.

 

Download document