Bank of Lithuania

Data at the Bank of Lithuania (LB) are processed for purposes including, but not limited to:

[[#ex]]

To supervise the financial market 

Legal basis: Article (6)(1)(e) of Regulation (EU) 2016/679; when processing data related with personal health – Article (9)(2)(g).

Data received: from data subjects, financial market participants, foreign financial market supervisory authorities, the Information Technology and Communications Department under the Ministry of the Interior of the Republic of Lithuania, the Special Investigation Service of the Republic of Lithuania, the Financial Crime Investigation Service under the Ministry of the Interior of the Republic of Lithuania, the State Security Department of the Republic of Lithuania, the State Enterprise Centre of Registers, the State Social Insurance Fund Board under the Ministry of Social Security and Labour, other Lithuanian and foreign institutions, the LB Loan Risk Database, persons notifying of a violation, persons who have submitted documents to the Bank of Lithuania related to financial market supervision, other persons, databases, registers and information systems, public information search sources.

Data processed (sub-purposes):

- members of the management body and key function holders of financial market participants, other persons whose suitability is to be assessed under financial market legislation, persons applying for these positions or those that are holding or previously held these positions – name and surname, personal identification number, identity document information, address, telephone number, email, workplaces, signature and other data, including data related to personal health and criminal records which are required under financial market legislation for the suitability assessment of such persons and for carrying out other supervisory functions;

- persons planning to acquire, those holding, or those that previously held, directly or indirectly, the qualifying holding in the financial market participant’s authorised capital and/or voting rights, and other persons that have to be assessed when acquiring a qualifying holding in the financial market participant’s authorised capital and/or voting rights (equity package) – name and surname, personal identification number, identity document information, address, telephone number, email, signature and other data, including data related to personal health and criminal records which are required under financial market legislation for the suitability assessment of the proposed acquisition and the acquirer;

- the financial market participant’s depositors, debtors and other clients, persons that issued a guarantee, warranty, pledged their assets, payers and payees – name and surname, personal identification number, address, telephone number, data on contracts concluded with a financial market participant, deposits held, loans, investment, payment or other services received from a financial market participant, and other data which are required under financial market legislation for carrying out other supervisory functions;

- the financial market participant’s shareholders, members or other participants of a financial market participant – name and surname, personal identification number, address and other data which are required under financial market legislation for carrying out other supervisory functions;

- persons involved in trading in financial instruments – name and surname, personal identification number, address, telephone number and other personal data that are necessary for the performance of the financial market supervision function;

- acquirers of an equity package or other financial instruments giving a voting right – name and surname, address, telephone number, fax number, email, description of the concluded transaction and other submitted information required for the performance of the financial market supervision function in accordance with the provisions of legal acts;

- natural persons with a significant net short position – name and surname, address, telephone number, fax number, email and other data required by law to perform the financial market supervision function;

- the issuer's responsible persons indicated in the prospectuses or annexes thereto – name and surname, job title, signature; members of the issuer’s administrative, management and supervisory bodies – name and surname, workplaces, job titles, information on their main activities, competences, experience, family relationships, criminal records, sanctions applied, conflicts of interest, remuneration, shares (currently) held by them, equity transactions; personal data of other persons submitted in accordance with the provisions of legal acts;

- the issuer’s periodic and current information: its manager, members of the management and supervisory bodies and members of their committees – name and surname, contact details, job title, areas of activity, information on their remuneration; shareholders – name and surname, their directly or indirectly controlled shareholdings, special control rights and the description of these rights; parties to transactions with related parties – name and surname, contact details, value of the transaction; shareholders who have entered into mutual agreements – name and surname, contact details, details of the substance and terms of the agreement and other personal data provided by law;

- persons placing a takeover bid or mandatory buyout in accordance with the Republic of Lithuania Law on Securities – name and surname, address, telephone number, fax number and other personal data provided in accordance with the provisions of legal acts;

- persons subject to civil liability, sanctions or enforcement measures – name and surname, personal identification number, address, telephone number, email, place of work, information about the infringement committed, the sanction imposed and performance thereof, which is necessary for the performance of the financial market supervision function;

- persons providing explanations and other persons involved in the Bank of Lithuania’s inspections and test procurements of financial services or products (hereinafter – test procurement) – name and surname, relations with the financial market participant,  its managers or participants; audio and/or video recordings of inspections, other information obtained during inspections or test procurements, which is necessary to organise the inspection or test procurement and to ensure the completeness, integrity and usefulness for the performance of financial market supervision functions of the information obtained during the inspection or test procurement.

 - persons participating in meetings organised by the Supervision Service with the financial market participant’s management, employees or other persons, persons participating in meetings with regard to the application of enforcement measures or other statutory measures to financial market participants or other persons, and persons with whom contacts are held for supervisory purposes – name and surname, relationship with the financial market participant, its managers or participants; other information obtained during meetings or other contacts that is necessary to organise the meeting and to ensure the completeness, integrity and usefulness for the performance of financial market supervision functions of information received during meetings or other contacts.

- person reporting about an infringement and the person that is being reported – name and surname, address; audio recording of the infringement notification (conversation) given orally by telephone or at a physical meeting; other data specified in the infringement notification;

- persons who have signed documents with regard to legal disputes and other documents received by the Bank of Lithuania in relation to financial market supervision – name and surname, job title, signature and other personal data indicated in such documents.

Data stored: data contained in the files referred to in the Bank of Lithuania’s documentation plan – to the extent that the files containing documents with personal data are kept in accordance with the Bank of Lithuania’s documentation plan; other data – for 5 years from the start of their processing.

Data provided: only when carrying out functions assigned to the Bank of Lithuania (pursuant to Articles 19 and 43 of the Republic of Lithuania Law on the Bank of Lithuania) and for other purposes laid down in the Republic of Lithuania Law on the Bank of Lithuania. Data are not made public, transmitted or otherwise made available, except in the cases provided for in Articles 43 and 433(15) of the Republic of Lithuania Law on the Bank of Lithuania.


To settle disputes between consumers and financial market participants out of court

Legal basis: Article (6)(1)(e) of Regulation (EU) 2016/679.

Data received: from data subjects and other parties to the dispute.

Data processed: name and surname, address, telephone number, email and signature of the person who applied to the Bank of Lithuania for a dispute settlement; information specified in the request (including data related to personal health); information received during the investigation of the dispute; and other data that have to be processed as part of this function.

Data stored: data contained in the files referred to in the Bank of Lithuania’s documentation plan – to the extent that the files containing documents with personal data are kept in accordance with the Bank of Lithuania’s documentation plan; other data – for 5 years from the start of their processing.

Data provided: to the parties to the dispute. Data are provided to other persons only in cases when the data subject so requests or the Bank of Lithuania is obliged to provide such data by laws or other legal acts.

 


To ensure the safety of LB employees, clients and visitors, security of LB assets, transported valuables and information; security of assets of banks authorised by LB and/or foreign bank branches and other clients (video recordings)

Legal basis: Article (6)(1)(f) of Regulation (EU) 2016/679.

Data received: from data subjects.

Data processed: video recordings made on the premises or territory of LB.

Data stored: video recordings made on the premises or territory of LB (depending on the purpose of data use) – from 14 days for up to 2 years, recordings of registration officers – 1 day.


To ensure the quality of services and store information on transactions, circumstances surrounding their conclusion and the execution process (phone conversation recordings)

Legal basis: Article (6)(1)(f) of Regulation (EU) 2016/679.

Data received: from data subjects.

Data processed: phone number, date and time of the phone conversation, recording thereof.

Data stored: for 110 days (for transactions made orally); for 118 days (to ensure the quality of services).


To provide structured and qualified consultations (recording of phone conversations during consultations)

Legal basis: Article (6)(1)(a) of Regulation (EU) 2016/679.

Data received: from data subjects.

Data processed: name and surname, email, phone number, date and time of phone conversation, recording thereof.

Data stored: for 45 days.

 


To process data when implementing the Eurosystem’s Household Finance and Consumption Survey, a joint project of the Eurosystem central banks, which is included into the Official Statistics Work Programme for 2016 approved by Order DĮ-329 of the Director General of Statistics Lithuania of 31 December 2015 on the approval of the Official Statistics Work Programme for 2016; to prepare statistical information and evaluate the financial situation, income and consumption trends with regard to Lithuanian households and other areas related to household finances

Legal basis: Article (6)(1)(e) of Regulation (EU) 2016/679.

Data received: from data subjects, State Enterprise Centre of Registers.

Data processed: name and surname, personal number, age, place of residence (address), family status, email, phone, survey data on household (general), household finances, current liabilities (year of contract conclusion, amount, amount yet to be repaid, interest rate, monthly payment), assets (type, year of acquisition, purpose, cost of acquisition and current market value), savings, expenses (purpose, amount), household income (type, amount) and pensions (accumulation type, amount accumulated), employment situation and socio-demographic information (education, family relations).

Data stored: for 2 years from the date of providing personal data to the State Enterprise Centre of Registers.


To protect the public interest and create equal conditions for persons and their authorised representatives to use the following services provided by LB free of charge: numismatic item order, numismatic item sale, cash changeover, acceptability examination, genuineness tests 

Legal basis: Article (6)(1)(c) of Regulation (EU) 2016/679.

Data received: from data subjects ordering numismatic items, selling them or exchanging cash.

Data processed:
- natural persons ordering items via email order – name and surname, date of birth, email, address to which the numismatic items ordered must be delivered, if the customer wishes to receive them via a postal service provider, phone, description of items ordered and amount, transaction date;
- natural persons ordering and purchasing items via LB’s e-shop – name and surname, personal number (where the natural person does not have it – date of birth or a unique sequence of symbols assigned to identify that person), address, email, phone, description of items ordered and amount, transaction date and order number;
- natural persons or natural persons authorised by a natural or legal person that exchanges suitable euro banknotes and coins, exchanges litas to euros or purchases numismatic items at the LB cash offices: personal number (if no personal identification number is available – date of birth or another unique sequence of symbols assigned to identify that person), name of the document proving the person’s identity, its number and country code, transaction date and amount;
- natural persons or natural persons authorised by a natural or legal person that presents money for acceptability examination and/or genuineness testing – name and surname, phone, bank account number, address and amount;
- natural persons as well as natural persons authorised by a natural or legal person that collects numismatic items at the LB cash offices: personal number (if no personal identification number is available – date of birth or another unique sequence of symbols assigned to identify that person), name of the document proving the person’s identity, its number and country code, order number, transaction date and amount.

Data stored: 
- natural persons ordering items via email order – for 5 years from the day of acquisition of the last numismatic item via email order;
- natural persons ordering and purchasing items via LB’s e-shop – for 2 years from the day of acquisition of the last numismatic item via the e-shop;
- natural persons or natural persons authorised by a natural or legal person that exchanges suitable euro banknotes and coins, exchanges litas to euros or purchases numismatic items at the LB cash offices: for 1 day (until the end of the day);
- natural persons or natural persons authorised by a natural or legal person that presents money for acceptability examination and/or genuineness testing – until the money is destroyed;
- natural persons or natural persons authorised by a natural or legal person that collects numismatic items at the LB cash offices – for 1 day (until the end of the day); copies of the authorisation held in document files – for 10 years according to the LB documentation plan.


To prevent money laundering and terrorist financing

Legal basis: Article (6)(1)(c) of Regulation (EU) 2016/679.

Data received: from natural persons, natural persons authorised by natural and legal persons who purchase numismatic items and exchange currency. 

Data processed: name and surname, personal number (if no personal identification number is available – date of birth or another unique sequence of symbols assigned to identify that person, date of birth), name of the document proving the person’s identity, its number, date if issue, validity; number and period of validity of a permit of temporary residence in the Republic of Lithuania (non-residents), authorisation (authorisation copy attached), income source, transaction date and amount, and currency.

Data stored: for 10 years from the date of performing monetary operations.

Data provided: to the Financial Crime Investigation Service under the Ministry of the Interior.


To administer the list of persons regarding whom requests not to allow them to conclude consumer credit agreements have been submitted

Legal basis: Article (6)(1)(e) of Regulation (EU) 2016/679.

Data received: from data providers referred to in paragraph 13 of the regulations on the information system containing the list of persons regarding whom requests not to allow them to conclude consumer credit agreements have been submitted.

Data processed: name and surname as well as personal identification number of the natural person included in or removed from the list; other data indicated in legal acts.

Data stored: for 5 years.

Data provided: to data recipients indicated in paragraphs 7.8, 15.6, 15.8 and 14 of the regulations on the information system containing the list of persons regarding whom requests not to allow them to conclude consumer credit agreements have been submitted.

 


To conduct surveys on household finances and consumption

Legal basis: Article (6)(1)(e) of Regulation (EU) 2016/679.

Data received: from data subjects, Centre of Registers, LB Loan Risk Database, State Social Insurance Fund Board under the Ministry of Social Security and Labour.

Data processed: name and surname, personal number, age, family status, place of residence (address), email, phone, data on household, household finances, current liabilities (year of contract conclusion, amount, amount yet to be repaid, interest rate, monthly payment), assets (type, year of acquisition, purpose, cost of acquisition and current market value), savings, expenses (purpose, amount), household income (type, amount) and pensions (accumulation type, amount accumulated), employment situation and socio-demographic information (education, family relations).

Data stored: for 12 years from the year the survey was conducted.

 


To ensure the safety of LB assets and information

Legal basis: for processing personal data of employees and visitors – Article (6)(1)(f) of Regulation (EU) 2016/679.

Data received: from data subjects.

Data processed: name and surname of the visitor, date and time of arrival, exit time; name and surname of the employee, number of the access control card issued to the employee; structural unit, photo, name of the door opened with the card and its opening time; name and surname of the employee that requested for the visitor pass; name and surname of the employee being visited.

Data stored: for 120 calendar days.

 


To create the conditions for the residents of the Republic of Lithuania to electronically access personal data that are stored in the LB Loan Risk Database  

Legal basis: Article (6)(1)(a) of Regulation (EU) 2016/679.

Data received: from data subjects.

Data processed: name and surname, personal number, date of birth.

Data stored: for 1 year.


To examine complaints, applications or notifications submitted by individuals

Legal basis: Article (6)(1)(e) of Regulation (EU) 2016/679.

Data received: from persons submitting complaints, requests or notifications, data subjects, financial market participants, other persons, the information system NASIS, databases, registers and information systems.

Data processed: name and surname, address, telephone number, email and signature of the person who submitted a complaint, request or notification to the Bank of Lithuania; information specified in the complaint, request or notification (including data related to personal health); information received during the investigation of the complaint, request or notification; and other data that have to be processed by the Bank of Lithuania as part of its complaint, request or notification investigation function.

Data stored: data contained in the files referred to in the Bank of Lithuania’s documentation plan – to the extent that the files containing documents with personal data are kept in accordance with the Bank of Lithuania’s documentation plan; other data – for 5 years from the start of their processing.

Data provided: to supervised financial market participants or other persons involved in the handling of the complaint, where it is necessary for the examination of the complaint, request or notification. Data are provided to other persons only in cases when the data subject so requests or the Bank of Lithuania is obliged to provide such data by laws or other legal acts.


To ensure the performance and control of payment orders

Legal basis: Article (6)(1)(e) of Regulation (EU) 2016/679.

Data received: from  system participants – entities for which at least one FC or FC Inst account is opened in the Bank of Lithuania's payment system CENTROlink and with which the Bank of Lithuania enters into a CENTROlink participant agreement or an addressable BIC holder agreement.

Data processed: payer’s name and surname, personal number, account number; payee’s name and surname, personal number, account number; payment amount, remittance information and other information provided in payment and payment management orders.                            

Data stored: for 10 years from the date of debt repayment.

Data provided: to third parties in cases established in the EU and the Republic of Lithuania legislation. Seeking to ensure that a system participant's payment can access the entire SEPA area, the Bank of Lithuania can transfer payment orders containing personal data to the STEP2 system or other clearing systems meeting SEPA requirements.


To assess CENTROlink system participants’ compliance with the requirements applied for the activities related to the implementation of anti-money laundering and/or counter-terrorist financing measures indicated in Article 4 of the Republic of Lithuania Law on the Prevention of Money Laundering and Terrorist Financing

Legal basis: Article (6)(1)(e) of Regulation (EU) 2016/679.

Data received: from system participants – entities for which at least one FC or FC Inst account is opened in the Bank of Lithuania's payment system CENTROlink and with which the Bank of Lithuania enters into a CENTROlink participant agreement or an addressable BIC holder agreement.

Data processed: payer’s name and surname, personal number, account number; payee’s name and surname, personal number, account number; payment amount, remittance information and other information provided in payment and payment management orders; names and last names of managers and shareholders of a system participant or a company seeking to become a participant, their positions, dates of birth, data on penalties related with the provision of financial services received by shareholders and managers that were imposed by law enforcement, judicial or supervisory authorities.

Data stored: for 10 years from the date of their receipt; names and last names of managers and shareholders of a system participant or a company seeking to become a participant, their positions, dates of birth, data on penalties related with the provision of financial services received by shareholders and managers that were imposed by law enforcement, judicial or supervisory authorities – for the duration of a system participant’s participation in the system and for 10 years after their removal from the system.

Data provided: to third parties only in cases established in the EU and Republic of Lithuania legislation.


To assess the reputation of a system participant or a company seeking to become a participant

Legal basis: Article (6)(1)(e) of Regulation (EU) 2016/679.

Data received: from data subject, from entities for which at least one FC or FC Inst account is opened in the Bank of Lithuania's payment system CENTROlink and with which the Bank of Lithuania enters into a CENTROlink participant agreement or an addressable BIC holder agreement, and from publicly available sources or companies seeking to become a participant.

Data processed: names and last names of managers and shareholders of a system participant or a company seeking to become a participant, their positions, dates of birth, other received data, data on penalties related with the provision of financial services received by shareholders and managers that were imposed by law enforcement, judicial or supervisory authorities.

Data stored: for the duration of a system participant’s participation in the system and for 10 years after their removal from the system.

Data provided: to third parties only in cases established in the EU and Republic of Lithuania legislation.


To ensure the performance of the proxy data (name and surname or title, IBAN, MSISDN and/or URI) and other linked data (time stamp of granting consent and revoking consent) lookup service

Legal basis: Article (6)(1)(e) of Regulation (EU) 2016/679.

Data received: from the Proxy Lookup Service System participant.

Data processed: participant client proxy, client account number, name and surname or title, time stamp of granting consent to manage personal data and revoking consent.

Data stored: throughout the period of validity of the client’s consent and for 10 years from the date of receiving a notification on revoking consent from the system participant.

Data provided: to other PLS (Proxy Lookup Service) systems operating in EU and EEA countries.

 


To select candidates to a job vacancy

Legal basis: Article 6(1)(a) and (c) of Regulation (EU) 2016/679.

Data received: from data subjects.

Data processed: name (names) and surname (surnames) of the candidate (data subject), contact data, position for which the candidate is applying, data on education and qualification, information on language proficiency, information on working experience, information on the assessment of the candidate’s suitability to perform their duties and selection results. 

Data stored: for 1 year after the end of the recruitment procedure. 


To conclude and execute students’ practical training (internship) agreements

Legal basis: Article 6(1)(b) and (c) of Regulation (EU) 2016/679.

Data received: from data subjects, educational institutions.

Data processed: student’s (data subject’s) name, personal number, date of birth, address, telephone number, email address, name of the study programme, course, purpose and tasks of internship.

Data stored: for 1 year from the date of conclusion of the practical training agreement, for 3 years from the end of the practical training.

Data provided: personal data such as name and surname, personal number, name of the study programme, course, commencement and end of internship is submitted to the Board of the State Social Insurance Fund (Sodra) in compliance with legal acts. Personal data is not disclosed to other third parties.


To protect public interest and create a level playing field for buyers to use LB services for purchasing numismatic items and to present in an interactive manner possibilities for using and practically applying new technologies pertaining to collector coins issued by LB (LBCOIN)

Legal basis: Article 6(1)(e) of Regulation (EU) 2016/679.

Data received: from data subjects.

Data processed: name, surname, date of birth, email address, delivery address, phone number, data on the use of the services of the LBCOIN e-shop (digital token wallet address, information on LBCOIN purchases and payment details, information on the receipt of digital tokens, any exchange thereof with other buyers and sending them as a gift as well as other transactions with digital tokens), username, IP address, public and private keys, PIN code, password, actions performed on the LBCOIN e-shop, date and time thereof, data on correspondence between LB and the data subject on the LBCOIN e-shop.

Data stored: for 2 years counting from the end date of the LBCOIN e-shop operation.

Data provided: username, digital token wallet address and information on digital tokens are provided to other buyers or other persons with whom the buyer will swap digital tokens or to whom they will send them as a gift. Digital token wallet addresses are provided to the manager of the NEM public blockchain network (should the user choose to transfer digital tokens to the NEM public blockchain network). 


To establish and verify the buyer’s identity for the purposes of anti-money laundering and counter-terrorist financing and application of international sanctions (LBCOIN)

Legal basis: Article 6(1)(c) and Article 9(2)(g) of Regulation (EU) 2016/679.

Data received: from data subjects and the provider of the buyer identification and authentication service.

Data processed: name, surname, date of birth, email address, gender, personal identification number (if any), date of birth, ID document type, number and expiry date, ID document picture(s), facial image(s), citizenship, date and method of identification, IP address, confirmation whether the buyer is or is not included in the Specially Designated Nationals (SDN) List administered by the US Office of Foreign Assets Control (OFAC) and whether there are any sanctions imposed, facial image(s) processed during the identification and authentication procedure, biometric data (as the provider uses a facial recognition system for buyer identification and authentication procedures).

Data stored: for 8 years counting from the end date of transactions or business relations with the data subject.

Data provided: name, surname and date of birth are provided to the provider of the buyer identification and authentication service (data processor) that collects other personal data while providing this service. In legally established cases, personal data is provided to the Financial Crime Investigation Service under the Ministry of the Interior of the Republic of Lithuania.


To conclude and abide by LBCOIN purchase-sale agreements where the party thereto is the data subject or to take action requested by the data subject prior to entering into such agreements (LBCOIN)

Legal basis: Article 6(1)(b) of Regulation (EU) 2016/679.

Data received: from data subjects, the payment service provider and the service provider delivering the purchased collector coins.

Data processed: name, surname, date of birth, email address, delivery address, phone number, data on the use of the services of the LBCOIN e-shop (information on LBCOIN purchases, order and payment details, information on the receipt of digital tokens, any exchange thereof with other buyers and sending them as a gift as well as other transactions with digital tokens), username, IP address, public and private keys, PIN code, actions performed on the LBCOIN e-shop, date and time thereof, data on correspondence between LB and the data subject on the LBCOIN e-shop, payment information, information on collector coin delivery.

Data stored: for 2 years counting from the end date of the LBCOIN e-shop operation.

Data provided: name, surname and payment details are provided to the payment service provider. Name, surname, address, phone number and information on the delivery of collector coins are provided to the service provider delivering the purchased collector coins.


To ensure that accounting documents are stored for a statutory period of time as well as their authenticity and content integrity in terms of accounting documents supporting an economic operation or an economic event (LBCOIN)

Legal basis: Article 6(1)(c) of Regulation (EU) 2016/679.

Data received: from data subjects.

Data processed: name, surname, date of birth, email address, address, data confirming the performed economic operation.

Data stored: for 10 years counting from the date indicated in supporting accounting documents for the economic operation or the economic event.


To ensure the quality of services and store information on any action taken to implement the contracts concluded with a view to ascertaining LB’s legitimate interests to provide services that meet buyer needs and to have evidence and effective remedies in case of judicial disputes or claims (LBCOIN)

Legal basis: Article 6(1)(f) of Regulation (EU) 2016/679.

Data received: from data subjects, the payment service provider and the service provider delivering the purchased collector coins.

Data processed: name, surname, email address, data on the use of the services of the LBCOIN e‑shop (information on LBCOIN purchases, payment details, information on the receipt of digital tokens, any exchange thereof with other buyers and sending them as a gift as well as other transactions with digital tokens), data confirming the performed economic operation, username, IP address, actions performed on the LBCOIN e-shop, date and time thereof, data on correspondence between LB and the data subject at the LBCOIN e-shop, payment information, address, phone number, information on collector coin delivery.

Data stored: for 10 years.

Data provided: to courts and other dispute resolution entities.


To conduct surveys in order to obtain the information needed to implement macroprudential policies

Legal basis: Article (6)(1)(e) of Regulation (EU) 2016/679.

Data received: from data subjects, other branches of the Bank of Lithuania, information made publicly available on the websites of companies (where the relevant data subjects are the contact persons), financial market participants, the LB Loan Risk Database, the Register of Legal Entities managed by the State Enterprise Centre of Registers.

Data processed: name, surname, email address, telephone number, job title.

Data stored: for a maximum period of 2 years from the start of processing.


To allow the public to use statistics datasets created using the Bank of Lithuania’s online tool “My data sets” in an efficient, convenient and customised manner

Legal basis: Article (6)(1)(e) of Regulation (EU) 2016/679.

Data received: from data subjects.

Data processed: login name, email address and selected user group.

Data stored: for 2 years from the last log in to the tool.

Data provided: to service providers (data processors) that, under contractual arrangements with the Bank of Lithuania, process the user’s personal data on behalf of and as directed by the Bank of Lithuania and provide other services. No personal data is supplied to third parties.


To perform contracts for bundled euro coin exchange services

Legal basis: Article 6(1)(b) of Regulation (EU) 2016/679.

Data received: from data subjects.

Data processed: name and surname, phone number, email, bank account number, date and amount of the transaction.

Data stored: for 6 months from the day of settlement with the customer.

Data provided: to data recipients, i.e. payment service providers, in order to transfer funds for the exchanged coins to the bank account specified in the request. No personal data of the customer (their representative) are disclosed to third parties, except for third parties who have the right to access such data pursuant to the laws of the Republic of Lithuania.


To ensure the completeness, integrity and usefulness of the information received at meetings organised by the Supervision Service and to protect the interests of the Bank of Lithuania

Legal basis: Article (6)(1)(f) of Regulation (EU) 2016/679.

Data received: from data subjects.

Data processed: audio recordings of remarks by persons participating in meetings organised by the Supervision Service with the financial market participant’s management, employees or other persons, meetings with regard to the application of enforcement measures or other statutory measures, or meetings with regard to out-of-court settlement of disputes between consumers and financial market participants; and audio recordings (meeting minutes). If the meeting takes place remotely or the person attends the meeting remotely, a video and audio recording may be made.

Data stored: audio or video and audio recordings – for 60 days from the date of recording; if the relevant decision (action) has been appealed – until the end of the court proceedings.

Data provided: only when carrying out functions assigned to the Bank of Lithuania and for other purposes laid down in the Republic of Lithuania Law on the Bank of Lithuania. Data may not be made public, transmitted or otherwise made available to anyone, except in cases specified by the Republic of Lithuania Law on the Bank of Lithuania. The right to access the data obtained in the course of out-of-court settlement of disputes between consumers and financial market participants is granted only to the parties to the dispute; data are provided to other persons only in cases when requested by the data subject or when the Bank of Lithuania is required to do so by law or other legislation.


For the purpose of subscribing to the newsletters published on the website of the Bank of Lithuania

ON THE SUBSCRIPTION TO THE REMINDER OF THE REPORTING DEADLINE

Personal data we collect from you will be processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter – the General Data Protection Regulation, GDPR), the Republic of Lithuania Law on Legal Protection of Personal Data, the Republic of Lithuania Law on Electronic Communications and other legal acts regulating the legal protection of personal data.

The protection of your data is of utmost importance to the Bank of Lithuania (LB). We feel responsible for the collection and processing of your personal data, therefore we are committed to respecting and protecting it and ensuring the effective exercise of your rights as a data subject.

The personal data controller is the Bank of Lithuania with address at Gedimino pr. 6, Vilnius, email tl.bl@ofni, tel. +370 5 268 0029.

The reminder is sent the day after the end of the reporting period of the selected report. For example, a reminder for quarterly reporting will be sent at the end of the quarter, i.e. on the first day of the new quarter.

To receive an email reminder, a person must subscribe to the reminder by clicking on the subscription link “Reporting reminder” here https://www.lb.lt/lt/reportscalendar.

The person will have to indicate his/her email address, the type of FRD and the type of report he/she wants in a special subscription field. The registration will be effective when the person receives an email reminder about the activation of the subscription and confirms their consent to receive these notifications by clicking on the link.

What personal data do we process and why?

Personal data are processed to meet the needs of particular groups of the society for a quick and direct access to LB information.

What is the legal basis for data processing?

The legal basis for data processing:

Article 6(1)(a) GDPR: “The data subject has given his or her consent to the processing of his or her personal data for one or more specified purposes”.

Article 69(1) of the Republic of Lithuania Law on Electronic Communications: “The use of electronic communications services, including the sending of e-mail messages, for direct marketing purposes shall be permitted only with the prior consent of the subscriber or registered user of electronic communications services”.

How long do we keep your personal data?

Email addresses are stored for 2 years from the date of receipt or until the data subject withdraws consent. Each subscriber has the right to unsubscribe at any time and to select other topics from those listed on the LB website www.lb.lt, change their frequency or unsubscribe from the newsletter completely by clicking on the “Unsubscribe” link. If you unsubscribe from the newsletter, we will immediately stop processing the personal data you have provided and destroy it. Withdrawal of consent shall not affect the lawfulness of the processing of personal data based on consent carried out until the withdrawal of consent.

How do we keep your personal data?

We protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. In selecting and implementing appropriate technical and organisational measures to ensure the security of data processing, we are guided by the State Data Inspectorate Guidelines of 18 June 2020 for data controllers and processors on security measures and risk assessment of personal data processed and LB’s internal legislation governing LB’s security policy and personal data protection measures.

Do we provide your personal data outside the European Union and the European Economic Area?

In compliance with the requirements and standards set out in the legislation of the European Union, we ensure that your data is processed within the borders of the European Union and the European Economic Area.

What rights do you have and how can you exercise them?

Full details of your rights as a data subject can be found here https://www.lb.lt/lt/jusu-teises.
You can find out how to submit a Request for the exercise of the data subject’s rights here https://www.lb.lt/lt/prasymo-pateikimo-tvarka.

Whom to contact for questions related to your personal data? 

If you have any questions regarding the information contained in this Privacy Notice or the protection of your personal data and the exercise of your rights, please contact the Data Protection Officer of the Bank of Lithuania, email tl.bl@aguaspaunemoud, address: Totorių st. 4, Vilnius.

If a mutually satisfactory solution cannot be found, you have the right to contact the State Data Protection Inspectorate at: L. Sapiegos g. 17, Vilnius, or email tl.ada@ada.

ON THE SUBSCRIPTION TO THE REMINDER OF THE REPORTING DEADLINE

Personal data we collect from you will be processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter – the General Data Protection Regulation, GDPR), the Republic of Lithuania Law on Legal Protection of Personal Data, the Republic of Lithuania Law on Electronic Communications and other legal acts regulating the legal protection of personal data.

The protection of your data is of utmost importance to the Bank of Lithuania (LB). We feel responsible for the collection and processing of your personal data, therefore we are committed to respecting and protecting it and ensuring the effective exercise of your rights as a data subject.

The personal data controller is the Bank of Lithuania with address at Gedimino pr. 6, Vilnius, email tl.bl@ofni, tel. +370 5 268 0029.

The reminder is sent the day after the end of the reporting period of the selected report. For example, a reminder for quarterly reporting will be sent at the end of the quarter, i.e. on the first day of the new quarter.

To receive an email reminder, a person must subscribe to the reminder by clicking on the subscription link “Reporting reminder” here https://www.lb.lt/lt/reportscalendar.

The person will have to indicate his/her email address, the type of FRD and the type of report he/she wants in a special subscription field. The registration will be effective when the person receives an email reminder about the activation of the subscription and confirms their consent to receive these notifications by clicking on the link.

What personal data do we process and why?

Personal data are processed to meet the needs of particular groups of the society for a quick and direct access to LB information.

What is the legal basis for data processing?

The legal basis for data processing:

Article 6(1)(a) GDPR: “The data subject has given his or her consent to the processing of his or her personal data for one or more specified purposes”.

Article 69(1) of the Republic of Lithuania Law on Electronic Communications: “The use of electronic communications services, including the sending of e-mail messages, for direct marketing purposes shall be permitted only with the prior consent of the subscriber or registered user of electronic communications services”.

How long do we keep your personal data?

Email addresses are stored for 2 years from the date of receipt or until the data subject withdraws consent. Each subscriber has the right to unsubscribe at any time and to select other topics from those listed on the LB website www.lb.lt, change their frequency or unsubscribe from the newsletter completely by clicking on the “Unsubscribe” link. If you unsubscribe from the newsletter, we will immediately stop processing the personal data you have provided and destroy it. Withdrawal of consent shall not affect the lawfulness of the processing of personal data based on consent carried out until the withdrawal of consent.

How do we keep your personal data?

We protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. In selecting and implementing appropriate technical and organisational measures to ensure the security of data processing, we are guided by the State Data Inspectorate Guidelines of 18 June 2020 for data controllers and processors on security measures and risk assessment of personal data processed and LB’s internal legislation governing LB’s security policy and personal data protection measures.

Do we provide your personal data outside the European Union and the European Economic Area?

In compliance with the requirements and standards set out in the legislation of the European Union, we ensure that your data is processed within the borders of the European Union and the European Economic Area.

What rights do you have and how can you exercise them?

Full details of your rights as a data subject can be found here https://www.lb.lt/lt/jusu-teises.
You can find out how to submit a Request for the exercise of the data subject’s rights here https://www.lb.lt/lt/prasymo-pateikimo-tvarka.

Whom to contact for questions related to your personal data? 

If you have any questions regarding the information contained in this Privacy Notice or the protection of your personal data and the exercise of your rights, please contact the Data Protection Officer of the Bank of Lithuania, email tl.bl@aguaspaunemoud, address: Totorių st. 4, Vilnius.

If a mutually satisfactory solution cannot be found, you have the right to contact the State Data Protection Inspectorate at: L. Sapiegos g. 17, Vilnius, or email tl.ada@ada.

[[#ex]]

Last update: 22-06-2022