Privacy policy

I. INTRODUCTION

1. Šios TOP EXCHANGE valiutos keityklų operatoriaus (toliau – Operatorius) asmens duomenų tvarkymo taisyklės (toliau – Taisyklės) reglamentuoja Operatoriaus darbuotojų, klientų ir naudos gavėjų asmens duomenų rinkimo, naudojimo ir saugojimo principus, nustato darbuotojų, klientų ir naudos gavėjų asmens duomenų tvarkymo tikslus ir priemones, nustato, kas ir kokiais tikslais, gali susipažinti su darbuotojų, klientų ir naudos gavėjų asmens duomenimis.
2. The rules set out in these Rules are mandatory for all the Operator's employees. The implementation of the rules is ensured by the Manager of the Operator.
3. Rules not regulated in these Rules, related to the storage of personal data of employees, customers and beneficiaries, are implemented in accordance with the provisions of the Labor Code of the Republic of Lithuania, the provisions of the Law of the Republic of Lithuania on the Prevention of Money Laundering and Terrorist Financing and other valid and applicable legal acts of the Republic of Lithuania.

II. CONCEPTS

4. Capitalized terms in these Rules have the following meanings, except for cases where the context or valid legal acts of the Republic of Lithuania give them a different meaning.
5. Responsible person - a natural or legal person appointed by the Operator to process the personal data of employees under a service or other contract, except for an employment contract.
6. Other concepts used in these Rules are understood as they are defined in the Law on Legal Protection of Personal Data of the Republic of Lithuania and other legal acts regulating the processing of personal data.

III. PRINCIPLES OF PROCESSING PERSONAL DATA OF EMPLOYEES, CUSTOMERS AND BENEFICIARIES

7. The operator, when processing personal data of employees, customers and beneficiaries, is guided by the following principles:
   • The personal data of employees, customers and beneficiaries is processed by the Operator only

to achieve the legal purposes defined in these Rules;

• Personal data of employees, customers and beneficiaries are processed accurately,

fairly and legally, in compliance with the requirements of legal acts;

• The personal data of the operator's employees, customers and beneficiaries is processed in such a way that the personal data is accurate and constantly updated in the event of a change;
• The operator performs personal data processing of employees, customers and beneficiaries only to the extent necessary to achieve the goals of personal data processing of employees and customers;
• The personal data of employees, customers and beneficiaries are stored in such a form that the identity of the data subjects can be determined for no longer than is necessary for the purposes for which these data were collected and processed.

IV. PURPOSES OF PROCESSING PERSONAL DATA OF EMPLOYEES, CUSTOMERS AND BENEFICIARIES

8. Personal data of employees is processed for the following purposes:
   • Conclusion, execution and accounting of employment contracts;
   • For the proper performance of the operator's duties as an employer, established by legislation;
   • To maintain proper communication with employees outside of working hours;
   • To ensure proper working conditions.
9. Personal data of clients and beneficiaries is processed for the following purposes:
   • When establishing the identity of the customer and the beneficiary, when the law obliges the Operator to do so

perform;

• When there are doubts about the correctness and authenticity of previously received customer or beneficiary identity data;
• In any other case where there is a suspicion that money laundering and/or terrorist financing activities are, have been or will be carried out.

10. Employees' names and surnames, residential addresses, dates of birth, bank account numbers (with the employee's consent) to which wages are deposited, and social security number are processed for the purposes of concluding, executing and accounting for employment contracts.
11. For the purpose of the proper performance of the operator's duties as an employer, established by legal acts, employees' personal codes and information about the employees' marital status are processed.
12. For the purpose of proper communication with employees outside of working hours, with the employees' consent, employees' residential addresses, personal phone numbers, and personal e-mail addresses are processed.
13. In order to ensure suitable working conditions, the employer, with the employee's consent, processes information related to the employee's health status, which directly affects the employee's work functions and the ability to perform them in accordance with the procedure established by legislation.
14. The operator processes the following personal data of clients and beneficiaries for the purposes set out in the Rules: name, surname; personal code; home address; date of birth; copies of personal identification documents; for foreigners, a valid visa of the Republic of Lithuania or a mark about the last crossing of the border of the Republic of Lithuania (except for foreigners whose passports or other travel documents do not have such a mark in accordance with the legislation of the Republic of Lithuania); signature; data on currency exchange operations performed; as required, in accordance with the provisions of the Law on Money Laundering and Terrorist Financing, data on the origin of funds.
15. The Operator, while processing the personal data of clients and beneficiaries specified above for the purposes set out in the Rules, fills in the relevant personal data registration logs specified in the Law on the Prevention of Money Laundering and Terrorist Financing of the Republic of Lithuania.
16. The personal data of employees, customers and beneficiaries are stored only to the extent and for the time required to achieve the set goals.

V. COLLECTION AND PROCESSING OF PERSONAL DATA OF EMPLOYEES, CUSTOMERS AND BENEFICIARIES

17. The name, surname, personal identification number, and date of birth of a newly hired employee or a new client and beneficiary are collected from the personal document (identity card or passport) provided by the employee, client or beneficiary, respectively.
18. The residence address, checking account number, social security number, personal contact telephone number and email address of the newly hired employee are collected from the employee after the employee submits a form to be filled out or another document determined by the Operator.
19. The residential address, personal contact phone number and e-mail address of a new customer or beneficiary, as well as other necessary personal data are collected from the customer or beneficiary after the customer or beneficiary submits a form to be filled in or another document determined by the Operator.
20. The personal data of employees, customers and beneficiaries have the right to process only those persons for whom it is necessary for the performance of functions, and only when it is necessary to achieve the respective goals.
21. Employees or other responsible persons who are authorized to process personal data of employees, customers and beneficiaries shall adhere to the principle of confidentiality and keep secret any information related to personal data that they have become familiar with in the course of their duties, unless such information is public in accordance with applicable laws or the provisions of other legal acts. The obligation to keep personal data secret also applies after moving to another position, ending the employment or contractual relationship.
22. The personal data of employees, customers and beneficiaries contained in the texts of relevant documents (contracts, orders, requests, registration logs, etc.) are stored in accordance with the terms specified in the General Document Storage Terms Index, approved by order of the Chief Archivist of Lithuania. Other personal data of employees and former employees, customers and beneficiaries are stored for no longer than is necessary to achieve the purposes set out in these Rules. The terms of storage of personal data of individual employees, customers and beneficiaries are determined by the Manager of the Operator.

VI. RIGHTS OF THE PERSONAL DATA SUBJECT

23. The Operator Manager ensures that the rights of employees, customers and beneficiaries as data subjects are ensured, properly implemented and that all information is provided in a timely manner and in a form acceptable to employees, customers and beneficiaries.
24. Rights of employees, customers and beneficiaries as data subjects and means of their implementation:
    • Know about the collection of your personal data. When collecting employee, customer and beneficiary personal data, the operator must inform the employee, customer and beneficiary of what personal data the employee, customer and beneficiary must provide, for what purpose the relevant data is collected, to whom and for what purpose it can be provided and what consequences of not providing personal data. The employee, client and beneficiary have the right to get acquainted with their personal data, to demand correction, clarification or addition of incorrect or incomplete personal data. The employee, customer and beneficiary may also object to the processing of certain non-mandatory personal data.
    • Familiarize yourself with your personal data and how it is handled. The employee, client and beneficiary have the right to contact the Operator with a request to provide information about what and for what purpose their personal data is being processed. This information is provided free of charge to the employee, customer and beneficiary once a year. If the employee, client and beneficiary apply more than once a year for the provision of such information, the fee for providing this information cannot exceed the cost of providing such information.
    • Demand correction, destruction of your personal data or suspension of processing of your personal domains.
    • Do not consent to the processing of personal data of the employee, customer and beneficiary. The employee, customer and beneficiary have the right to object to the processing of certain optional personal data. Such disagreement can be expressed by not filling out certain sections of the form or other documents to be filled out, as well as by later submitting a request to stop the processing of optional personal data. The operator provides written information on which personal data is processed on an optional basis. Upon receiving a request to stop the processing of optional personal data, the operator immediately stops such processing, unless it contradicts the requirements of legal acts, and informs the employee, customer or beneficiary accordingly.

VII. PERSONAL DATA SECURITY MEASURES

25. Access rights to personal data and authorizations to process personal data are granted, deleted and changed by order of the Operator's manager.
26. When storing personal data, the operator implements and ensures appropriate organizational and technical measures to protect personal data from accidental or illegal destruction, alteration, disclosure, as well as from any other illegal processing.
27. The operator ensures proper storage of documents and data files, takes measures to prevent accidental or illegal destruction, alteration, disclosure of personal data, as well as any other illegal processing. Copies of documents containing the personal data of employees, clients and beneficiaries must be destroyed in such a way that these documents cannot be reproduced and their contents cannot be identified.
28. Only those persons who have been authorized to access such data have the right to access the personal data of employees, customers and beneficiaries held by the Operator, and only when it is necessary to achieve the goals set forth in these Rules.
29. The operator ensures the security of the premises where personal data is stored, proper placement and review of technical equipment, compliance with fire safety rules, proper network management, maintenance of information systems and the implementation of other technical measures necessary to ensure the protection of personal data.
30. The operator takes measures to prevent accidental or illegal destruction, alteration, disclosure of personal data, as well as any other illegal processing, by properly and safely storing the documents and data files entrusted to it.
31. If an employee or other responsible person doubts the reliability of installed security measures, he must contact the Operator's manager to assess the available security measures and, if necessary, initiate the purchase and installation of additional measures.
32. Employees or other responsible persons who automatically process personal data or from which computers can access areas of the local network where personal data are stored use passwords created in accordance with the relevant rules. Passwords are changed periodically, at least once a year, as well as when certain circumstances arise (for example: when an employee changes, when there is a threat of hacking, when there is a suspicion that the password has become known to third parties, etc.).
33. An employee working on a particular computer can only know his password. The employee passes the password in a sealed envelope to the Operator's manager. Passwords are stored in a safe or other safe place and used only in case of necessity.
34. At least once a year, a designated employee or other responsible person makes copies of personal data on computers.
35. Upon detection of personal data security violations, the Operator takes immediate measures to prevent illegal processing of personal data.
36. Failure to comply with these Rules, taking into account the severity of the violation, may be considered a violation of labor discipline, for which employees may be subject to liability provided for in the Labor Code of the Republic of Lithuania.

VIII. FINAL PROVISIONS

37. These Rules are binding on all employees of the Operator.
38. Employees are familiarized with this Procedure and its amendments by signing and undertake to comply with it.