Bank of Lithuania

Data at the Bank of Lithuania (hereinafter also LB) are processed for the following purposes:

[[#ex]]

To supervise the financial market 

Legal basis: Article (6)(1)(e) of Regulation (EU) 2016/679; when processing data related with personal health – Article (9)(2)(g).

Data received: from data subjects, financial market participants, foreign financial market supervisory authorities, the Information Technology and Communications Department under the Ministry of the Interior of the Republic of Lithuania, the Special Investigation Service of the Republic of Lithuania, the Financial Crime Investigation Service under the Ministry of the Interior of the Republic of Lithuania, the State Security Department of the Republic of Lithuania, the State Enterprise Centre of Registers, the State Social Insurance Fund Board under the Ministry of Social Security and Labour, other Lithuanian and foreign institutions, the LB Loan Risk Database, persons notifying of a violation, persons who have submitted documents to the Bank of Lithuania related to financial market supervision, other persons, databases, registers and information systems, public information search sources.

Data processed (sub-purposes):

- members of the management body and key function holders of financial market participants, other persons whose suitability is to be assessed under financial market legislation, persons applying for these positions or those that are holding or previously held these positions – name and surname, personal identification number, identity document information, address, telephone number, email, workplaces, signature and other data, including data related to personal health and criminal records which are required under financial market legislation for the suitability assessment of such persons and for carrying out other supervisory functions;

- persons planning to acquire, those holding, or those that previously held, directly or indirectly, the qualifying holding in the financial market participant’s authorised capital and/or voting rights, and other persons that have to be assessed when acquiring a qualifying holding in the financial market participant’s authorised capital and/or voting rights (equity package) – name and surname, personal identification number, identity document information, address, telephone number, email, signature and other data, including data related to personal health and criminal records which are required under financial market legislation for the suitability assessment of the proposed acquisition and the acquirer;

- the financial market participant’s depositors, debtors and other clients, persons that issued a guarantee, warranty, pledged their assets, payers and payees – name and surname, personal identification number, address, telephone number, data on contracts concluded with a financial market participant, deposits held, loans, investment, payment or other services received from a financial market participant, and other data which are required under financial market legislation for carrying out other supervisory functions;

- the financial market participant’s shareholders, members or other participants of a financial market participant – name and surname, personal identification number, address and other data which are required under financial market legislation for carrying out other supervisory functions;

- persons involved in trading in financial instruments – name and surname, personal identification number, address, telephone number and other personal data that are necessary for the performance of the financial market supervision function;

- acquirers of an equity package or other financial instruments giving a voting right – name and surname, address, telephone number, fax number, email, description of the concluded transaction and other submitted information required for the performance of the financial market supervision function in accordance with the provisions of legal acts;

- natural persons with a significant net short position – name and surname, address, telephone number, fax number, email and other data required by law to perform the financial market supervision function;

- the issuer's responsible persons indicated in the prospectuses or annexes thereto – name and surname, job title, signature; members of the issuer’s administrative, management and supervisory bodies – name and surname, workplaces, job titles, information on their main activities, competences, experience, family relationships, criminal records, sanctions applied, conflicts of interest, remuneration, shares (currently) held by them, equity transactions; personal data of other persons submitted in accordance with the provisions of legal acts;

- the issuer’s periodic and current information: its manager, members of the management and supervisory bodies and members of their committees – name and surname, contact details, job title, areas of activity, information on their remuneration; shareholders – name and surname, their directly or indirectly controlled shareholdings, special control rights and the description of these rights; parties to transactions with related parties – name and surname, contact details, value of the transaction; shareholders who have entered into mutual agreements – name and surname, contact details, details of the substance and terms of the agreement and other personal data provided by law;

- persons placing a takeover bid or mandatory buyout in accordance with the Republic of Lithuania Law on Securities – name and surname, address, telephone number, fax number and other personal data provided in accordance with the provisions of legal acts;

- persons subject to civil liability, sanctions or enforcement measures – name and surname, personal identification number, address, telephone number, email, place of work, information about the infringement committed, the sanction imposed and performance thereof, which is necessary for the performance of the financial market supervision function;

- persons providing explanations and other persons involved in the Bank of Lithuania’s inspections and test procurements of financial services or products (hereinafter – test procurement) – name and surname, relations with the financial market participant,  its managers or participants; audio and/or video recordings of inspections, other information obtained during inspections or test procurements, which is necessary to organise the inspection or test procurement and to ensure the completeness, integrity and usefulness for the performance of financial market supervision functions of the information obtained during the inspection or test procurement.

 - persons participating in meetings organised by the Supervision Service with the financial market participant’s management, employees or other persons, persons participating in meetings with regard to the application of enforcement measures or other statutory measures to financial market participants or other persons, and persons with whom contacts are held for supervisory purposes – name and surname, relationship with the financial market participant, its managers or participants; other information obtained during meetings or other contacts that is necessary to organise the meeting and to ensure the completeness, integrity and usefulness for the performance of financial market supervision functions of information received during meetings or other contacts.

- person reporting about an infringement and the person that is being reported – name and surname, address; audio recording of the infringement notification (conversation) given orally by telephone or at a physical meeting; other data specified in the infringement notification;

- persons who have signed documents with regard to legal disputes and other documents received by the Bank of Lithuania in relation to financial market supervision – name and surname, job title, signature and other personal data indicated in such documents.

Data stored: data contained in the files referred to in the Bank of Lithuania’s documentation plan – to the extent that the files containing documents with personal data are kept in accordance with the Bank of Lithuania’s documentation plan; other data – for 5 years from the start of their processing.

Data provided: only when carrying out functions assigned to the Bank of Lithuania (pursuant to Articles 19 and 43 of the Republic of Lithuania Law on the Bank of Lithuania) and for other purposes laid down in the Republic of Lithuania Law on the Bank of Lithuania. Data are not made public, transmitted or otherwise made available, except in the cases provided for in Articles 43 and 433(15) of the Republic of Lithuania Law on the Bank of Lithuania.


To settle disputes between consumers and financial market participants out of court

Legal basis: Article (6)(1)(e) of Regulation (EU) 2016/679.

Data received: from data subjects and other parties to the dispute.

Data processed: name and surname, address, telephone number, email and signature of the person who applied to the Bank of Lithuania for a dispute settlement; information specified in the request (including data related to personal health); information received during the investigation of the dispute; and other data that have to be processed as part of this function.

Data stored: data contained in the files referred to in the Bank of Lithuania’s documentation plan – to the extent that the files containing documents with personal data are kept in accordance with the Bank of Lithuania’s documentation plan; other data – for 5 years from the start of their processing.

Data provided: to the parties to the dispute. Data are provided to other persons only in cases when the data subject so requests or the Bank of Lithuania is obliged to provide such data by laws or other legal acts.


To issue certificates to participants of the LB e-certification system or the authorised persons of non-banking sector enterprises providing data electronically to LB information systems

Legal basis: Article (6)(1)(e) of Regulation (EU) 2016/679.

Data received: from data subjects.

Data processed: name and surname, place of work, certificate data.

Data stored: for 10 years.


To provide financial services to LB employees

Legal basis: Article (6)(1)(e) of Regulation (EU) 2016/679.

Data received: from data subjects.

Data processed: name and surname, date of birth, personal number, identity document number, its date of issue and issuing institution, place of residence (address), place of work, email, phone, data related to credit provision (number of the loan agreement and date, loan amount, etc.), collateral, data on loan repayment, recognition of the loan recipient defaulting obligations.

Data stored: for 10 years from the date of loan repayment.

Data provided: to the LB Loan Risk Database and State Tax Inspectorate.


To assess the financial situation of households with loans, and risks posed by households to the banking system and domestic financial stability

Legal basis: Article (6)(1)(e) of Regulation (EU) 2016/679.

Data received: from the LB Loan Risk Database, Centre of Registers, State Social Insurance Fund Board under the Ministry of Social Security and Labour.  

Data processed: name and surname, personal number, age, family status, number of children under 18, financial liabilities of the household – their type, purpose, amount, currency, name and type of the creditor, loan maturity, number of recipients, collateral, household income and expenses, their type, asset value, type of assets and other related information.

Data stored: encrypted personal data and identifiers – for 2 years after the end of the reporting period.


To ensure the effective functioning of the credit system and the right of LB to receive information necessary for performing supervisory, financial system stability-related policy, and monetary policy functions and for statistical purposes; to provide conditions for LB, credit institutions, consumer credit providers entered into the public list of consumer credit providers that are non-credit institutions or non-bank controlled companies, and peer-to-peer lending platform operators entered into the public list of peer-to-peer lending platform operators to assess credit recipient credibility; to allow for providing data on loans granted to loan recipients and their repayment to the LB Loan Risk Database and receiving this data from it

Legal basis: Article (6)(1)(e) of Regulation (EU) 2016/679.

Data received: from LB, banks established in the Republic of Lithuania, foreign bank branches, credit unions, Central Credit Union, consumer credit providers entered into the public list of consumer credit providers that are non-credit institutions or non-bank controlled companies, and peer-to-peer lending platform operators entered into the public list of peer-to-peer lending platform operators. 

Data processed: name and surname, age, personal number; for non-residents: number of a permit for residence in the Republic of Lithuania and its date of expiry (if it is indicated); country code, data related to loan issue, collateral, loan repayment and/or credit default for more than 60 or 90 calendar days, recognition of the loan recipient as defaulting/likely to default liabilities or recognition as again likely not to default liabilities or meeting the obligations.

Data stored: data on the loan recipient’s repaid loans, their sold (assigned) loans, also on loans issued by companies that the bank no longer controls – for 10 years from the date of loan repayment, sale (assignment) or end of the control period; data on loan written offs – until the creditor has the right of claim to these loans but no less than 10 years.

Data provided: to LB, banks established in the Republic of Lithuania, foreign bank branches, credit unions, Central Credit Union, consumer credit providers entered into the public list of consumer credit providers that are non-credit institutions or non-bank controlled companies, and peer-to-peer lending platform operators entered into the public list of peer-to-peer lending platform operators, data subjects, data controllers indicated in the Official Statistics Work Programme, State Tax Inspectorate under the Ministry of Finance of the Republic of Lithuania.


To ensure the safety of LB employees, clients and visitors, security of LB assets, transported valuables and information; security of assets of banks authorised by LB and/or foreign bank branches and other clients (video recordings)

Legal basis: Article (6)(1)(f) of Regulation (EU) 2016/679.

Data received: from data subjects.

Data processed: video recordings made on the premises or territory of LB.

Data stored: video recordings made on the premises or territory of LB (depending on the purpose of data use) – from 14 days for up to 2 years, recordings of registration officers – 1 day.


To ensure the quality of services and store information on transactions, circumstances surrounding their conclusion and the execution process (phone conversation recordings)

Legal basis: Article (6)(1)(f) of Regulation (EU) 2016/679.

Data received: from data subjects.

Data processed: phone number, date and time of the phone conversation, recording thereof.

Data stored: for 110 days (for transactions made orally); for 118 days (to ensure the quality of services).


To control access to restricted areas: biometric data (fingerprints) used as one of non-interrelated two-stage personal identification measures

Legal basis: Article (9)(2)(f) of g Regulation (EU) 2016/679.

Data received: from data subjects.

Data processed: fingerprints.

Data stored: until the employee has access to the restricted area secured with biometric authentication measures.


To provide structured and qualified consultations (recording of phone conversations during consultations)

Legal basis: Article (6)(1)(a) of Regulation (EU) 2016/679.

Data received: from data subjects.

Data processed: name and surname, email, phone number, date and time of phone conversation, recording thereof.

Data stored: for 45 days.


To receive opinions, comments or suggestions from public groups on questions related to LB functions and ensure adequate and qualified performance of LB functions

Legal basis: Article (6)(1)(a) of Regulation (EU) 2016/679.

Data received: from data subjects.

Data processed: name and surname, place of residence (address), email, phone number, answers to public consultation questions, other data (opinion) provided by the data subject.

Data stored: for 12 months from the end of the public consultation.


To process data when implementing the Eurosystem’s Household Finance and Consumption Survey, a joint project of the Eurosystem central banks, which is included into the Official Statistics Work Programme for 2016 approved by Order DĮ-329 of the Director General of Statistics Lithuania of 31 December 2015 on the approval of the Official Statistics Work Programme for 2016; to prepare statistical information and evaluate the financial situation, income and consumption trends with regard to Lithuanian households and other areas related to household finances

Legal basis: Article (6)(1)(e) of Regulation (EU) 2016/679.

Data received: from data subjects, State Enterprise Centre of Registers.

Data processed: name and surname, personal number, age, place of residence (address), family status, email, phone, survey data on household (general), household finances, current liabilities (year of contract conclusion, amount, amount yet to be repaid, interest rate, monthly payment), assets (type, year of acquisition, purpose, cost of acquisition and current market value), savings, expenses (purpose, amount), household income (type, amount) and pensions (accumulation type, amount accumulated), employment situation and socio-demographic information (education, family relations).

Data stored: for 2 years from the date of providing personal data to the State Enterprise Centre of Registers.


To protect the public interest and create equal conditions for persons and their authorised representatives to use the following services provided by LB free of charge: numismatic item order, numismatic item sale, cash changeover, acceptability examination, genuineness tests 

Legal basis: Article (6)(1)(c) of Regulation (EU) 2016/679.

Data received: from data subjects ordering numismatic items, selling them or exchanging cash.

Data processed:
- natural persons ordering items via email order – name and surname, date of birth, email, address to which the numismatic items ordered must be delivered, if the customer wishes to receive them via a postal service provider, phone, description of items ordered and amount, transaction date;
- natural persons ordering and purchasing items via LB’s e-shop – name and surname, personal number (where the natural person does not have it – date of birth or a unique sequence of symbols assigned to identify that person), address, email, phone, description of items ordered and amount, transaction date and order number;
- natural persons or natural persons authorised by a natural or legal person that exchanges suitable euro banknotes and coins, exchanges litas to euros or purchases numismatic items at the LB cash offices: personal number (if no personal identification number is available – date of birth or another unique sequence of symbols assigned to identify that person), name of the document proving the person’s identity, its number and country code, transaction date and amount;
- natural persons or natural persons authorised by a natural or legal person that presents money for acceptability examination and/or genuineness testing – name and surname, phone, bank account number, address and amount;
- natural persons as well as natural persons authorised by a natural or legal person that collects numismatic items at the LB cash offices: personal number (if no personal identification number is available – date of birth or another unique sequence of symbols assigned to identify that person), name of the document proving the person’s identity, its number and country code, order number, transaction date and amount.

Data stored: 
- natural persons ordering items via email order – for 5 years from the day of acquisition of the last numismatic item via email order;
- natural persons ordering and purchasing items via LB’s e-shop – for 2 years from the day of acquisition of the last numismatic item via the e-shop;
- natural persons or natural persons authorised by a natural or legal person that exchanges suitable euro banknotes and coins, exchanges litas to euros or purchases numismatic items at the LB cash offices: for 1 day (until the end of the day);
- natural persons or natural persons authorised by a natural or legal person that presents money for acceptability examination and/or genuineness testing – until the money is destroyed;
- natural persons or natural persons authorised by a natural or legal person that collects numismatic items at the LB cash offices – for 1 day (until the end of the day); copies of the authorisation held in document files – for 10 years according to the LB documentation plan.


To prevent money laundering and terrorist financing

Legal basis: Article (6)(1)(c) of Regulation (EU) 2016/679.

Data received: from natural persons, natural persons authorised by natural and legal persons who purchase numismatic items and exchange currency. 

Data processed: name and surname, personal number (if no personal identification number is available – date of birth or another unique sequence of symbols assigned to identify that person, date of birth), name of the document proving the person’s identity, its number, date if issue, validity; number and period of validity of a permit of temporary residence in the Republic of Lithuania (non-residents), authorisation (authorisation copy attached), income source, transaction date and amount, and currency.

Data stored: for 10 years from the date of performing monetary operations.

Data provided: to the Financial Crime Investigation Service under the Ministry of the Interior.


To administer the list of persons regarding whom requests not to allow them to conclude consumer credit agreements have been submitted

Legal basis: Article (6)(1)(e) of Regulation (EU) 2016/679.

Data received: from data providers referred to in paragraph 13 of the regulations on the information system containing the list of persons regarding whom requests not to allow them to conclude consumer credit agreements have been submitted.

Data processed: name and surname as well as personal identification number of the natural person included in or removed from the list; other data indicated in legal acts.

Data stored: for 5 years.

Data provided: to data recipients indicated in paragraphs 7.8, 15.6, 15.8 and 14 of the regulations on the information system containing the list of persons regarding whom requests not to allow them to conclude consumer credit agreements have been submitted.


To protect from unlawful disclosure any classified information that constitutes a secret of LB, sensitive information on the European System of Central Banks and Single Supervisory Mechanism, personal data processed by LB; to receive approval regarding an employee’s actions when investigating violations of legal acts; to ensure that the internet connection and email are used for work purposes, and that their use for personal purposes does not interfere with the fulfilment of employees’ duties and complies with the LB code of conduct; to protect LB’s information systems from hacking and viruses, and the computer network – from heavy traffic

Legal basis: Article (6)(1)(f) of Regulation (EU) 2016/679.

Data received: from LB employees and other persons that the employees were in contact with.

Data processed: email address, email content and traffic data (sender’s email address, email send date and time, size, subject heading and other information), internet traffic data (websites that the employee visited and other related information). 

Data stored: for 1 year.


To conduct surveys on household finances and consumption

Legal basis: Article (6)(1)(e) of Regulation (EU) 2016/679.

Data received: from data subjects, Centre of Registers, LB Loan Risk Database, State Social Insurance Fund Board under the Ministry of Social Security and Labour.

Data processed: name and surname, personal number, age, family status, place of residence (address), email, phone, data on household, household finances, current liabilities (year of contract conclusion, amount, amount yet to be repaid, interest rate, monthly payment), assets (type, year of acquisition, purpose, cost of acquisition and current market value), savings, expenses (purpose, amount), household income (type, amount) and pensions (accumulation type, amount accumulated), employment situation and socio-demographic information (education, family relations).

Data stored: for 12 years from the year the survey was conducted.


To process data of LB employees wanting to use their photographs in the email system

Legal basis: Article (6)(1)(a) of Regulation (EU) 2016/679.

Data received: from LB employees.

Data processed: personal photographs.

Data stored: until the consent to process data is revoked.


To ensure the safety of LB assets and information

Legal basis: for processing personal data of employees and visitors – Article (6)(1)(f) of Regulation (EU) 2016/679.

Data received: from data subjects.

Data processed: name and surname of the visitor, date and time of arrival, exit time; name and surname of the employee, number of the access control card issued to the employee; structural unit, photo, name of the door opened with the card and its opening time; name and surname of the employee that requested for the visitor pass; name and surname of the employee being visited.

Data stored: for 120 calendar days.


To ensure work time control of LB employees

Legal basis: Article (6)(1)(f) of Regulation (EU) 2016/679. 

Data received: from data subjects. 

Data processed: name and surname, number of the access control card issued to the employee; structural unit, photo, name of the door opened with the card and its opening time.

Data stored: for 120 calendar days.


To create the conditions for the residents of the Republic of Lithuania to electronically access personal data that are stored in the LB Loan Risk Database  

Legal basis: Article (6)(1)(a) of Regulation (EU) 2016/679.

Data received: from data subjects.

Data processed: name and surname, personal number, date of birth.

Data stored: for 1 year.


To examine complaints, applications or notifications submitted by individuals

Legal basis: Article (6)(1)(e) of Regulation (EU) 2016/679.

Data received: from persons submitting complaints, requests or notifications, data subjects, financial market participants, other persons, the information system NASIS, databases, registers and information systems.

Data processed: name and surname, address, telephone number, email and signature of the person who submitted a complaint, request or notification to the Bank of Lithuania; information specified in the complaint, request or notification (including data related to personal health); information received during the investigation of the complaint, request or notification; and other data that have to be processed by the Bank of Lithuania as part of its complaint, request or notification investigation function.

Data stored: data contained in the files referred to in the Bank of Lithuania’s documentation plan – to the extent that the files containing documents with personal data are kept in accordance with the Bank of Lithuania’s documentation plan; other data – for 5 years from the start of their processing.

Data provided: to supervised financial market participants or other persons involved in the handling of the complaint, where it is necessary for the examination of the complaint, request or notification. Data are provided to other persons only in cases when the data subject so requests or the Bank of Lithuania is obliged to provide such data by laws or other legal acts.


To ensure the performance and control of payment orders

Legal basis: Article (6)(1)(e) of Regulation (EU) 2016/679.

Data received: from  system participants – entities for which at least one FC or FC Inst account is opened in the Bank of Lithuania's payment system CENTROlink and with which the Bank of Lithuania enters into a CENTROlink participant agreement or an addressable BIC holder agreement.

Data processed: payer’s name and surname, personal number, account number; payee’s name and surname, personal number, account number; payment amount, remittance information and other information provided in payment and payment management orders.                            

Data stored: for 10 years from the date of debt repayment.

Data provided: to third parties in cases established in the EU and the Republic of Lithuania legislation. Seeking to ensure that a system participant's payment can access the entire SEPA area, the Bank of Lithuania can transfer payment orders containing personal data to the STEP2 system or other clearing systems meeting SEPA requirements.


To assess CENTROlink system participants’ compliance with the requirements applied for the activities related to the implementation of anti-money laundering and/or counter-terrorist financing measures indicated in Article 4 of the Republic of Lithuania Law on the Prevention of Money Laundering and Terrorist Financing

Legal basis: Article (6)(1)(e) of Regulation (EU) 2016/679.

Data received: from system participants – entities for which at least one FC or FC Inst account is opened in the Bank of Lithuania's payment system CENTROlink and with which the Bank of Lithuania enters into a CENTROlink participant agreement or an addressable BIC holder agreement.

Data processed: payer’s name and surname, personal number, account number; payee’s name and surname, personal number, account number; payment amount, remittance information and other information provided in payment and payment management orders; names and last names of managers and shareholders of a system participant or a company seeking to become a participant, their positions, dates of birth, data on penalties related with the provision of financial services received by shareholders and managers that were imposed by law enforcement, judicial or supervisory authorities.

Data stored: for 10 years from the date of their receipt; names and last names of managers and shareholders of a system participant or a company seeking to become a participant, their positions, dates of birth, data on penalties related with the provision of financial services received by shareholders and managers that were imposed by law enforcement, judicial or supervisory authorities – for the duration of a system participant’s participation in the system and for 10 years after their removal from the system.

Data provided: to third parties only in cases established in the EU and Republic of Lithuania legislation.


To assess the reputation of a system participant or a company seeking to become a participant

Legal basis: Article (6)(1)(e) of Regulation (EU) 2016/679.

Data received: from data subject, from entities for which at least one FC or FC Inst account is opened in the Bank of Lithuania's payment system CENTROlink and with which the Bank of Lithuania enters into a CENTROlink participant agreement or an addressable BIC holder agreement, and from publicly available sources or companies seeking to become a participant.

Data processed: names and last names of managers and shareholders of a system participant or a company seeking to become a participant, their positions, dates of birth, other received data, data on penalties related with the provision of financial services received by shareholders and managers that were imposed by law enforcement, judicial or supervisory authorities.

Data stored: for the duration of a system participant’s participation in the system and for 10 years after their removal from the system.

Data provided: to third parties only in cases established in the EU and Republic of Lithuania legislation.


To ensure the performance of the proxy data (name and surname or title, IBAN, MSISDN and/or URI) and other linked data (time stamp of granting consent and revoking consent) lookup service

Legal basis: Article (6)(1)(e) of Regulation (EU) 2016/679.

Data received: from the Proxy Lookup Service System participant.

Data processed: participant client proxy, client account number, name and surname or title, time stamp of granting consent to manage personal data and revoking consent.

Data stored: throughout the period of validity of the client’s consent and for 10 years from the date of receiving a notification on revoking consent from the system participant.

Data provided: to other PLS (Proxy Lookup Service) systems operating in EU and EEA countries.


To defend the Republic of Lithuania

Legal basis: Republic of Lithuania Law on the Legal Protection of Personal Data Processed for the Purposes of the Prevention, Investigation, Detection or Prosecution of Criminal Offences or the Execution of Criminal Penalties, or National Security and Defence; Republic of Lithuania Law on Mobilisation and Host Country Support; Resolution No 674 of the Government of the Republic of Lithuania of 6 June 2012 on the approval of the Description of the Procedure for the Establishment, Accounting and Use of the Civil Mobilisation Personnel Reserve.

Data processed: name and surname, structural unit of the Bank of Lithuania, position, personal identification number, place of residence (address), phone number.

The use of data collected for personnel management while processing personal data for the purpose of defence of the Republic of Lithuania is considered to be compatible, since following the provisions of paragraph 5 of Resolution No 674 of the Government of the Republic of Lithuania of 6 June 2012 on the approval of the Description of the Procedure for the Establishment, Accounting and Use of the Civil Mobilisation Personnel Reserve, the Chairman of the Bank of Lithuania shall ensure that the number of persons registered in the personnel reserve is sufficient to properly implement and manage the non-military measures and actions or responsibilities undertaken under a mobilisation order and/or a host country support agreement after declaring mobilisation.

Data stored: for 1 year (since the change of entries in the list).

Data provided: to the Mobilisation Department under the Ministry of National Defence of the Republic of Lithuania (name and surname, structural unit of the Bank of Lithuania, position, personal identification number).


To select candidates to a job vacancy

Legal basis: Article 6(1)(a) and (c) of Regulation (EU) 2016/679.

Data received: from data subjects.

Data processed: name (names) and surname (surnames) of the candidate (data subject), contact data, position for which the candidate is applying, data on education and qualification, information on language proficiency, information on working experience, information on the assessment of the candidate’s suitability to perform their duties and selection results. 

Data stored: for 1 year after the end of the recruitment procedure. 


To conclude and execute students’ practical training (internship) agreements

Legal basis: Article 6(1)(b) and (c) of Regulation (EU) 2016/679.

Data received: from data subjects, educational institutions.

Data processed: student’s (data subject’s) name, personal number, date of birth, address, telephone number, email address, name of the study programme, course, purpose and tasks of internship.

Data stored: for 1 year from the date of conclusion of the practical training agreement, for 3 years from the end of the practical training.

Data provided: personal data such as name and surname, personal number, name of the study programme, course, commencement and end of internship is submitted to the Board of the State Social Insurance Fund (Sodra) in compliance with legal acts. Personal data is not disclosed to other third parties.


To protect public interest and create a level playing field for buyers to use LB services for purchasing numismatic items and to present in an interactive manner possibilities for using and practically applying new technologies pertaining to collector coins issued by LB (LBCOIN)

Legal basis: Article 6(1)(e) of Regulation (EU) 2016/679.

Data received: from data subjects.

Data processed: name, surname, date of birth, email address, delivery address, phone number, data on the use of the services of the LBCOIN e-shop (digital token wallet address, information on LBCOIN purchases and payment details, information on the receipt of digital tokens, any exchange thereof with other buyers and sending them as a gift as well as other transactions with digital tokens), username, IP address, public and private keys, PIN code, password, actions performed on the LBCOIN e-shop, date and time thereof, data on correspondence between LB and the data subject on the LBCOIN e-shop.

Data stored: for 2 years counting from the end date of the LBCOIN e-shop operation.

Data provided: username, digital token wallet address and information on digital tokens are provided to other buyers or other persons with whom the buyer will swap digital tokens or to whom they will send them as a gift. Digital token wallet addresses are provided to the manager of the NEM public blockchain network (should the user choose to transfer digital tokens to the NEM public blockchain network). 


To establish and verify the buyer’s identity for the purposes of anti-money laundering and counter-terrorist financing and application of international sanctions (LBCOIN)

Legal basis: Article 6(1)(c) and Article 9(2)(g) of Regulation (EU) 2016/679.

Data received: from data subjects and the provider of the buyer identification and authentication service.

Data processed: name, surname, date of birth, email address, gender, personal identification number (if any), date of birth, ID document type, number and expiry date, ID document picture(s), facial image(s), citizenship, date and method of identification, IP address, confirmation whether the buyer is or is not included in the Specially Designated Nationals (SDN) List administered by the US Office of Foreign Assets Control (OFAC) and whether there are any sanctions imposed, facial image(s) processed during the identification and authentication procedure, biometric data (as the provider uses a facial recognition system for buyer identification and authentication procedures).

Data stored: for 8 years counting from the end date of transactions or business relations with the data subject.

Data provided: name, surname and date of birth are provided to the provider of the buyer identification and authentication service (data processor) that collects other personal data while providing this service. In legally established cases, personal data is provided to the Financial Crime Investigation Service under the Ministry of the Interior of the Republic of Lithuania.


To conclude and abide by LBCOIN purchase-sale agreements where the party thereto is the data subject or to take action requested by the data subject prior to entering into such agreements (LBCOIN)

Legal basis: Article 6(1)(b) of Regulation (EU) 2016/679.

Data received: from data subjects, the payment service provider and the service provider delivering the purchased collector coins.

Data processed: name, surname, date of birth, email address, delivery address, phone number, data on the use of the services of the LBCOIN e-shop (information on LBCOIN purchases, order and payment details, information on the receipt of digital tokens, any exchange thereof with other buyers and sending them as a gift as well as other transactions with digital tokens), username, IP address, public and private keys, PIN code, actions performed on the LBCOIN e-shop, date and time thereof, data on correspondence between LB and the data subject on the LBCOIN e-shop, payment information, information on collector coin delivery.

Data stored: for 2 years counting from the end date of the LBCOIN e-shop operation.

Data provided: name, surname and payment details are provided to the payment service provider. Name, surname, address, phone number and information on the delivery of collector coins are provided to the service provider delivering the purchased collector coins.


To ensure that accounting documents are stored for a statutory period of time as well as their authenticity and content integrity in terms of accounting documents supporting an economic operation or an economic event (LBCOIN)

Legal basis: Article 6(1)(c) of Regulation (EU) 2016/679.

Data received: from data subjects.

Data processed: name, surname, date of birth, email address, address, data confirming the performed economic operation.

Data stored: for 10 years counting from the date indicated in supporting accounting documents for the economic operation or the economic event.


To ensure the quality of services and store information on any action taken to implement the contracts concluded with a view to ascertaining LB’s legitimate interests to provide services that meet buyer needs and to have evidence and effective remedies in case of judicial disputes or claims (LBCOIN)

Legal basis: Article 6(1)(f) of Regulation (EU) 2016/679.

Data received: from data subjects, the payment service provider and the service provider delivering the purchased collector coins.

Data processed: name, surname, email address, data on the use of the services of the LBCOIN e‑shop (information on LBCOIN purchases, payment details, information on the receipt of digital tokens, any exchange thereof with other buyers and sending them as a gift as well as other transactions with digital tokens), data confirming the performed economic operation, username, IP address, actions performed on the LBCOIN e-shop, date and time thereof, data on correspondence between LB and the data subject at the LBCOIN e-shop, payment information, address, phone number, information on collector coin delivery.

Data stored: for 10 years.

Data provided: to courts and other dispute resolution entities.


To conduct surveys in order to obtain the information needed to implement macroprudential policies

Legal basis: Article (6)(1)(e) of Regulation (EU) 2016/679.

Data received: from data subjects, other branches of the Bank of Lithuania, information made publicly available on the websites of companies (where the relevant data subjects are the contact persons), financial market participants, the LB Loan Risk Database, the Register of Legal Entities managed by the State Enterprise Centre of Registers.

Data processed: name, surname, email address, telephone number, job title.

Data stored: for a maximum period of 2 years from the start of processing.


To allow the public to use statistics datasets created using the Bank of Lithuania’s online tool “My data sets” in an efficient, convenient and customised manner

Legal basis: Article (6)(1)(e) of Regulation (EU) 2016/679.

Data received: from data subjects.

Data processed: login name, email address and selected user group.

Data stored: for 2 years from the last log in to the tool.

Data provided: to service providers (data processors) that, under contractual arrangements with the Bank of Lithuania, process the user’s personal data on behalf of and as directed by the Bank of Lithuania and provide other services. No personal data is supplied to third parties.


To perform contracts for bundled euro coin exchange services

Legal basis: Article 6(1)(b) of Regulation (EU) 2016/679.

Data received: from data subjects.

Data processed: name and surname, phone number, email, bank account number, date and amount of the transaction.

Data stored: for 6 months from the day of settlement with the customer.

Data provided: to data recipients, i.e. payment service providers, in order to transfer funds for the exchanged coins to the bank account specified in the request. No personal data of the customer (their representative) are disclosed to third parties, except for third parties who have the right to access such data pursuant to the laws of the Republic of Lithuania.


To ensure the completeness, integrity and usefulness of the information received at meetings organised by the Supervision Service and to protect the interests of the Bank of Lithuania

Legal basis: Article (6)(1)(f) of Regulation (EU) 2016/679.

Data received: from data subjects.

Data processed: audio recordings of remarks by persons participating in meetings organised by the Supervision Service with the financial market participant’s management, employees or other persons, meetings with regard to the application of enforcement measures or other statutory measures, or meetings with regard to out-of-court settlement of disputes between consumers and financial market participants; and audio recordings (meeting minutes). If the meeting takes place remotely or the person attends the meeting remotely, a video and audio recording may be made.

Data stored: audio or video and audio recordings – for 60 days from the date of recording; if the relevant decision (action) has been appealed – until the end of the court proceedings.

Data provided: only when carrying out functions assigned to the Bank of Lithuania and for other purposes laid down in the Republic of Lithuania Law on the Bank of Lithuania. Data may not be made public, transmitted or otherwise made available to anyone, except in cases specified by the Republic of Lithuania Law on the Bank of Lithuania. The right to access the data obtained in the course of out-of-court settlement of disputes between consumers and financial market participants is granted only to the parties to the dispute; data are provided to other persons only in cases when requested by the data subject or when the Bank of Lithuania is required to do so by law or other legislation.

[[#ex]]

Last update: 26-11-2020