SEVEN SEAS EUROPE PRIVACY POLICY

Version 4.0

GENERAL PROVISIONS

UAB SEVEN SEAS EUROPE, a private limited liability company incorporated under Lithuanian law, listed within the Lithuanian Register of Legal Entities with the registration number 304632897 (“the Company”) is committed to protecting the privacy and security of the Client’s personal information. The Company wants to share how it treats personal information about the Client that the Company receives in connection with the Client’s use of the Company’s Platform (the “Platform”).

This Privacy Policy, together with the General Terms and Conditions and any other ancillary agreements between the Client and the Company constitute an entire legal agreement the Client accepts and consents to when visiting our Platform and/or using our Services (as defined in the General Terms and Conditions) among other things consenting to our use of the Client’s personal information as set out in this Privacy Policy. Any definitions used within this Privacy Policy shall have the meaning as defined in the General Terms and Conditions.

This Privacy Policy sets out the basis on which any personal data the Company collects from the Client, or that the Client provides to the Company, will be processed by the Company. For legal purposes, the data controller is UAB SEVEN SEAS EUROPE, with registration number 304632897 and registered office at A. Goštauto street 40-1, LT-03163 Vilnius, Republic of Lithuania. The Company for any Data Protection related issues may be contacted by email at [email protected].

Although the Company operates internationally, it is organized under the laws of the Republic of Lithuania. The servers that host this Platform and any data collected from the Client are in the European Economic Area, and any personal details the Client provides to us will be processed by the Company in the European Economic Area. If the Company transfers personal data out of the European Economic Area, the Company shall ensure that it has in place measures which provide an adequate level of protection as required by applicable laws and regulations. All information that the Client provides to the Company is stored on its secure servers. Any payment transactions carried out by the Company or its chosen third-party provider of payment processing services will be encrypted.

Where the Company has given the Client (or where the Client has chosen) a password that enables the Client to access certain parts of the Platform, the Client is responsible for keeping this password confidential. The Company asks Clients not to share the passwords with anyone. Unfortunately, the transmission of information via the Internet is not completely secure. Although the Company does its best to protect Clients’ personal data, the Company cannot guarantee its complete security. When using any social/personal interaction features (if made available by the Company), Clients must ensure that they do not submit any personal data that they do not want to be seen, collected or used by others.

PURPOSES AND LEGAL BASES FOR PROCESSING CLIENT’S DATA

Purposes of data processing

The Company processes personal data for the following main purposes:

  • Provision of banking platform services and performance of contractual obligations – i.e., contract drafting and execution, authentication of the Clients’ identity, communication with Clients and the provision of the Company’s services.
  • Implementation of money laundering prevention requirements – i.e., the Company collects and stores personal data relating to criminal convictions and offenses in order to comply with the legal requirements.
  • Processing of enquiries, complaints and requests – i.e. to respond appropriately to any enquiry, request or complaint from a Client.
  • To manage the Company's social networks (Facebook, Instagram, LinkedIn, etc.).
  • To improve the Website and the Platform, ensure its performance, increase its security and adapt its content and format to the needs of users.
  • To defend our rights (dispute resolution) – i.e. filing and pursuing claims, complaints or lawsuits, and cooperating with law enforcement regulatory authorities in accordance with the procedures and in the cases established by law.

Legal bases for data processing

The Company processes personal data based on the following legal grounds:

  • The data subject has given his or her factual consent (sent a request) to the processing of his or her personal data for one or more specified purposes (Article 6(1)(a) of the GDPR).
  • The processing is necessary for the performance of a contract to which the data subject is a party or to take action at the request of the data subject prior to the conclusion of the contract (performance of a pre-contractual relationship) (Article 6(1)(b) of the GDPR).
  • The Company has an obligation to comply with legal obligations (Article 6(1)(c) of the GDPR).
  • The processing is necessary for the legitimate interests of the Data Controller or of a third party, unless such interests are overridden by the interests of the data subject or by the fundamental rights and freedoms of the data subject, which require the protection of personal data (Article 6(1)(f) of the GDPR).

INFORMATION COMPANY COLLECTS

Information the client submits to us

This is information the Client gives the Company about the Client by filling in forms on the Platform, or by communicating with the Company. It includes information the Client provides when the Client registers to use the Platform, open an account, enter into any transaction on the Platform (such as purchase of Electronic Money, Payment Transaction and/or Redemption transaction and others), when the Client reports a problem with the Services, or the Platform.

If the Client contacts the Company, it will keep a record of that correspondence (if contacted via e-mail or any other means made available on the Platform).

The information the Client gives the Company may include: Client’s full name, Client’s billing address, date of birth, e-mail address, phone number or any other identifier for communication (like Skype name, WeChat account identifier, etc.), details of the Client’s bank account including the bank account number, IBAN, copies of identification documents (collected for “Know Your Customer” purposes as defined in the General Terms and Conditions), copies of documents required to prove source of funds, personal description and photograph and any other information the Client provides the Company in order to prove the Client’s eligibility to use the Company’s services.

Information the company collects about the client and the device

Each time the Client visits the Platform (and in some cases disregarding if the Client accesses the Client’s account on the Platform or not) the Company will automatically collect the following information:

  • Technical information: the Internet protocol (IP) address used to connect the Client’s device to the Internet, Client’s login information, browser type and version, time zone settings, browser plug-in types and versions, operating system, and platform.
  • Information about the Client’s visit: full uniform resource locators (URL), services the Client viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page.
  • Transaction details: date, time, amounts, currencies used, exchange rates, recipient details and details about other third parties involved in transactions (senders and receivers of funds from the Client’s Account).
  • Details of Client’s visits to the Platform: transaction details relating to the Client’s use of services, including who the Client has sent funds or electronic money to, foreign exchange transactions the Client has entered into, the time, date and location of the place the transaction was entered into.

Information company receives from other sources (third party information)

The Company closely works with fraud prevention agencies and uses third-party databases in order to identify possibly fraudulent transactions as well as to identify our customers, sources of funds and complete any other compliance procedures as requested by laws and regulations. By agreeing to this Privacy Policy, the Client consents that the Company may carry out various searches and checks to identify all information required for regulatory purposes. For avoidance of doubt, the Company clearly states that it will receive information about the Client from third parties the Company uses to verify the Client’s identity.

RETENTION PERIODS FOR STORING PERSONAL DATA

Personal data collected in accordance with the relevant purpose shall be stored for the following periods:

  • For the purpose of providing banking platform services and performing contractual obligations – for as long as the services provided by the Company are used and shall be stored for another 10 years after the cessation of their use.
  • For the implementation of money laundering prevention requirements – for 8 years from the date of termination of transactions or business relationships with the customer. Data retention period may be extended for up to 2 years upon a reasoned instruction of a competent authority.
  • For processing enquiries, complaints and requests – for 3 years after the end of the examination of the enquiries, complaints and requests. Personal data may be retained for a longer period of time if it is necessary for the Company to defend itself against claims, demands or lawsuits brought against it.
  • For improving the website, ensuring its performance, increasing its security and adapting its content and format to the needs of users – for more information on retention periods, please refer to the Cookie Policy adopted by the Company: https://sevenseasfinance.com/cookie-policy.
  • For defending our rights (dispute resolution) – for as long as legal proceedings are ongoing and 10 years after the relevant dispute has been settled by a non-judicial procedure or in court.
  • For the purpose of retaining evidence, if a person does not complete the registration process and there are no indications of money laundering or terrorist financing (ML/TF), the provided personal data will be stored for a period of three (3) months.
  • In cases where a person’s account is not opened (rejected) for reasons related to money laundering or terrorist financing (ML/TF), the personal data provided shall be stored for a period of five (5) years from the date of their submission.

DATA SUBJECT’S RIGHTS

Each data subject, i.e., the person whose data is being processed in the Company's activities, has the following rights:

  • Know (be informed) about the processing of their personal data (Articles 12 – 14 of the GDPR).
  • To have access to their personal data (Article 15 of the GDPR).
  • To request the rectification of inaccurate personal data relating to them (Article 16 of the GDPR).
  • To request the erasure of personal data relating to you (“right to be forgotten”) (Article 17 of the GDPR), but the right to be forgotten must be based on at least one of the following grounds:
    • the personal data are no longer necessary to achieve the purposes for which they were collected or otherwise processed;
    • the data subject withdraws his/her consent for the processing of personal data on which the processing is based and there is no other basis for processing the personal data;
    • the data subject does not consent to the processing in accordance with Article 21(1) of the GDPR and there are no overriding legitimate reasons for processing the personal data.
  • To restrict processing personal data (Article 18 of the GDPR), but restriction of processing is only possible where:
    • personal data is inaccurate;
    • the processing of the personal data is unlawful, but the person does not consent to the erasure of the data;
    • the controller no longer needs the personal data for the fulfilment of its purpose, but the data subject needs them to assert, exercise or defend legal claims;
    • the person objects to the processing in accordance with Article 21(1) of the GDPR, where the legitimate interests of the controller do not override those of the data subject.
  • To transfer your personal data where the processing is based on consent or contract and the processing is carried out by automated means (Article 20 of the GDPR).
  • To object to the processing of personal data on grounds relating to the particular case, where the processing is carried out for the legitimate interests of the controller or of a third party, unless the controller demonstrates that the processing is carried out for compelling legitimate grounds which override data subject's interests, rights and freedoms, or for the establishment, exercise or defence of legal claims (Article 21 of the GDPR).
  • File a complaint to the State Data Protection Inspectorate if a person believes that the Company is unlawfully processing his/her personal data or is not exercising his/her personal rights. The contact details of the State Data Protection Inspectorate are: L. Sapiegos g. 17, 10312 Vilnius, tel. (8 5) 271 2804, 279 1445, e-mail [email protected].

Upon receiving a request concerning the exercise of the data subject's rights, the Company shall, no later than within 1 (one) month from the date of the request, respond and perform the actions specified in the request, or shall inform the data subject of the reasons for its refusal to perform them. If necessary, the time limit may be extended by a further 2 (two) months, depending on the complexity and number of requests. In this case, the Company shall inform the person of such extension and the reasons for it within 1 (one) month from the date of receipt of the request.

To protect the Client’s security and privacy, the Company will take reasonable steps to verify the Client’s identity prior to making changes to the Client’s personal information or fulfilling a request for access to that information.

If you have any other requests or questions regarding the exercise of your rights or the processing of your personal data, please contact the Company by email: [email protected].

WHO DOES COMPANY SHARE INFORMATION WITH?

The Company will not disclose the Client’s personal information to third parties except as set out in this Privacy Policy or if the Client has consented to such sharing. The Company may share personal information about the Client that the Client provided to the Company with trusted companies. The Company has hired trusted third parties to provide services for it, such as fulfilling orders the Client may submit, or collecting and processing information on the Company’s behalf.

These companies – vendors – are contractually bound to use personal information that the Company shares with them only to perform the services the Company has hired them to provide and to have appropriate technological and organizational measures including security in place to protect such personal information.

If the Client enables third party services to be directly integrated into the Client’s account (for example Facebook Connect), the Client agrees that the Company may pass the Client’s account information to the providers of such services to enable them to provide the Client with the services which the Client has requested. The Company does not exercise any control over such service providers; such service providers process the Client’s account information independently and in accordance with the service provider’s own privacy policies.

The Company may also share the Client’s personal information if the business of the Company is transferred to another entity by way of merger, sale of the Company’s assets, or otherwise. If the Client consents, the Company may share the Client’s information with related entities and selected third parties so that they may provide the Client with or contact the Client regarding information and materials that may be of interest to the Client.

The Company may share the Client’s personal information with a third party if the Company is required to do so to comply with applicable law or a court order, or if it is reasonable to do so, to enforce the Company’s Terms and Conditions or to assist with a legitimate investigation (for example, in relation to suspected fraud or third-party intellectual property infringement). If required by law or regulation, the Company reserves the right to disclose such information without first obtaining the Client’s consent.

The Company may also share the Client’s personal information with its partners in order to provide Clients the service they have requested. These may be the partners that assist the Company in payment transactions services such as SWIFT, TARGET2, Bacs, Faster Payments, or currency exchange services.

To verify the Client's identity, the Company engages third-party service providers IDenfy (Identity Verification Service | ID Verification - iDenfy) and Sum and Substance Ltd. (SumSub). These providers capture images or video footage of the Client's face and his/her identification document via your device’s camera, either through a mobile app or a secure web platform. More details about how IDenfy processes personal data can be found in their Privacy Policy: Privacy Policy - iDenfy, and more about Sumsub’s processing can be found in their Privacy Policy: Privacy Policy – Sumsub.

The technologies used by IDenfy and Sumsub compare the live images or videos of you with your ID document. This comparison helps the Company meet legal requirements, such as those imposed by the Law on the Prevention of Money Laundering and Terrorist Financing of the Republic of Lithuania, as well as to support broader fraud prevention and risk management obligations. The outcome of the face comparison (whether a match or not) is stored only for as long as needed for verification and in line with applicable anti-money laundering laws, currently up to 8 years following the end of business relationship.

When using IDenfy’s and SumSub’s services, certain personal data is collected and shared with the Company to confirm that the individual shown in the ID matches the person in the submitted photo. If the Client prefers not to use this identification process, he/she can reach out to the Company at [email protected] to request an alternative means of verification.

COOKIES

The Company uses cookies to distinguish the Client from other users of the Platform. This helps us to provide the Client with a good experience when the Client uses the Platform and allows us to improve our services. For detailed information on the cookies the Company uses and the purposes for which the Company uses them, see our Cookie Policy: https://sevenseasfinance.com/cookie-policy.

THE NON-PERSONAL AGGREGATE DATA COMPANY COLLECT

The Company may also collect and group demographic and preferences information, responses to surveys and other personal information that the Company collects from the Client into an aggregate, anonymous form for disclosure to our existing or potential business partners, affiliates, sponsors or other third parties. However, please be assured that this aggregate data will in no way identify the Client as an individual or any other visitors to the Platform.

The Company may collect general, non-personal, statistical information about the use of the Platform, such as how many visitors visit a specific page on the Platform, how long they stay on that page and which hyperlinks, if any, they “click” on. The Company collects this information using “cookies” and other tracking technologies.

The Company collects this information to determine which areas of the Platform are most popular and to enhance the Platform for visitors. As with other aggregated data, the Company may disclose such data to its existing or potential business partners, affiliates, sponsors or other third parties, but this aggregate data will in no way identify the Client as an individual or any other visitors to the Platform.

LINKS TO OTHER PLATFORMS AND PLATFORM ACCOUNTS

For the Client’s convenience, the Platform may from time to time include links to third-party Platforms whose information practices may be different than the Company’s. Visitors should consult the other privacy policies, as the Company has no control over the information that is submitted to, or collected by, these third parties.

Platform accounts are pages on certain websites operated by other companies (for example, the Company page on Facebook), where the Company content is provided. The Terms and Conditions, this Privacy Policy and other applicable rules published on this Platform are binding on and apply to the users and visitors of Platform accounts. Users and visitors should carefully read the terms and conditions and privacy policies of such websites, over which the Company has no control. The Company has Platform accounts on the following websites: Facebook, Instagram, LinkedIn and other social networks.

SECURITY OF INFORMATION

The Company uses industry standard security measures to safeguard information concerning and submitted by the Client. The Company provides access to this data only to those persons who need it for the purposes described in this Privacy Policy. Despite the security measures employed by the Company, the Client should be aware that it is impossible to guarantee absolute security with respect to information sent through the Internet.

In this regard, although the Company is committed to doing its absolute best to protect your personal data, the Company cannot guarantee the absolute security of the personal data transmitted through its website. By transmitting any information, you assume the risks associated with the transmission of that information and you can and should protect your personal data without unreasonably disclosing it and by taking all security measures yourself.

CHANGES TO THE PRIVACY POLICY

The Platform and services may change from time to time. As a result, it may be necessary for the Company to make changes to this Privacy Policy from time to time. The Company reserves the right to update or modify this Privacy Policy at any time and from time to time without prior notice by updating the Company’s Platform.

The Company asks that the Client reviews the Privacy Policy periodically, and especially before the Client provides personal information. This Policy was last updated on the date indicated above. Client’s continued use of this Platform after any modification of this Privacy Policy shall constitute the Client’s acceptance of the modified Privacy Policy.

If you have any questions, requests or complaints regarding the information contained in this Privacy Policy, please contact us at [email protected].