PRIVACY POLICY
Effective from 04 06 2024
This Privacy Policy applies to all customers of First Digital Trade Europe UAB, a company registered in the Republic of Lithuania with 306129492 registration number and registered address at Kaykyos 18-10 01100 Vilnius, Lithuania ("Royal Card", "CartaReale.com", "we", "us", "our"). Please read it carefully before providing us with any information about yourself. The protection of your personal data is of paramount importance to us and we are committed to treating it with the utmost care and security.
This policy demonstrates our commitment to transparency and the protection of your privacy rights and sets out the basis on which any personal information we collect from you, or that you provide to us, will be processed by us. It applies to the processing of personal data by First Digital Trade Europe UAB, in relation to:
Please note that our Services, Site and Apps are not intended for children under the age of 18 and we do not knowingly collect data relating to minors. For feedback or any privacy requests, please contact us using the details provided at the end of the policy. In order to use our services, you must agree to the terms and conditions of this Privacy Policy in its entirety.
We are committed to:
The company First Digital Trade Europe UAB is the data controller. The data controller is the legal entity that determines the means and purposes of any processing activity it performs.
We have appointed a Data Protection Officer ("DPO") who is responsible for overseeing applications in relation to this Privacy Policy. If you have any questions or complaints regarding this Privacy Policy or our privacy practices, or if you wish to exercise your legal rights, please contact our DPO at [email protected].
You have the right to lodge a complaint with a supervisory authority about the way we process your personal data. If you reside in an EEA (European Economic Area) Member State, you have the right to lodge a complaint with the supervisory authority in the EEA Member State of your habitual residence, place of work or place of the alleged infringement, or with the Lithuanian Data Protection Authority (Personal Data Protection Commission).
We would, however, appreciate the chance to address your concerns before you approach a data protection regulator. So don't hesitate to contact us in the first instance.
This Privacy Policy is intended to provide you with information about why and how we collect and process your personal data. It intends to inform you about your privacy rights and how the data protection principles set out in the EU's General Data Protection Regulation ("GDPR") and post-Brexit privacy law (known as the UK's GDPR) protect you.
This privacy policy is intended to be read in conjunction with other notices or policies that we may provide at specific times when we collect or process your personal data. This will help you fully understand why and how we use your data. This privacy policy supplements other notices and policies, not replaces them.
4. Personal Data We Collect
"Personal data" means any information about you that can be used to identify you. This data can be:
4.1. Origin of the data
We collect your personal data from a variety of sources, including:
5. Data security
We take appropriate technical and organizational measures to protect your personal data against loss, misuse, unauthorized access, disclosure, alteration, and destruction. These measures include:
6. Your rights
You have rights that we need to make you aware of. The rights available to you depend on the reason for which we process your personal data. If you need more detailed information or wish to exercise any of the rights set out below, please contact us.
6.1. Exercising Your Rights
To exercise your rights, you can contact us using the contact details provided in the "Contact Us" section of this policy. We kindly ask you to provide the following information to facilitate us in processing your request:
We will respond to your requests within one month of receiving your request, as required by the General Data Protection Regulation (GDPR). In exceptional cases, this period may be extended by a further two months if the request is particularly complex or if we receive numerous requests. In that case, we will inform you of the extension and the reasons for the delay within one month of receiving your request.
We do not charge a fee for exercising your rights, unless the request is manifestly unfounded or excessive. In such a case, we may charge a reasonable fee based on the administrative costs incurred or refuse to comply with your request.
7. Consent Processes
We will only use your personal data when applicable legislation allows us to do so. In other words, we need to make sure we have a legal basis for such use. Most commonly, we will use your personal data in the following circumstances:
8. Collection of your information
At Carta Reale, transparency is essential in the processing of users' personal information. For this reason, we would like to provide you with a clear explanation of how we collect and use your personal data.
8.1. Collection Methods
We collect your personal information in a number of ways, including:
All information collected is treated in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. We ensure that personal data is collected only for specified, explicit and legitimate purposes, and processed in a lawful, fair and transparent manner.
8.2. Sources of Collection
In some cases, we may also obtain information about you from third parties, such as credit reference agencies or fraud prevention systems. In such situations, we ensure that we comply with data protection regulations and ensure that your rights are adequately protected. For more information about third parties, please see Section 12 ("Third-Party Services Used") of this Policy.
8.3. Processing of Non-Personal Information
In addition to personal information, we may also collect and use non-personal information or anonymize personal information in order to make it non-identifiable. This non-personal information may be used for business purposes, such as trend analysis and optimization of our services.
8.4. IP Address Management
If IP addresses are considered personal information under applicable local laws, we will treat them as such and handle them in accordance with this Privacy Policy.
8.5. Application to Consumers and Companies
This Privacy Policy applies to both individual consumers and businesses. Regardless of your use of our Services, Websites, or Apps, we are committed to treating your personal information with the utmost respect. We ensure that your privacy rights are adequately protected in accordance with the General Data Protection Regulation (GDPR) and other applicable laws.
9. Categories of Personal Data
Depending on how you use our Services, Website or App, we may collect, use, store and transfer different types of personal data about you. We've broken this data down into the following categories:
Category of Personal Data |
Specific Examples of Personal Data |
Purpose of the Processing |
Legal Basis for Processing |
|||
Identity Data |
First name, last name, date of birth, gender, etc. |
Management of user accounts, provision of services, personalization of the user experience, verification of the user's identity. |
Performance of a Contract, Legitimate Interest |
|||
Social Identity Data |
Company data, connections, etc. |
Service Delivery, Risk and Compliance Assessment, Service Improvement, Personalization of Offerings. |
Legitimate Interest, Consent |
|||
Contact Information |
Email address, phone number, etc. |
Communications with users, notifications regarding services, customer support, direct marketing (with consent). |
Performance of a Contract, Consent |
|||
Financials |
Bank details, payment card details, etc. |
Payment processing, invoicing, transaction management, fraud prevention. |
Performance of a Contract, Legal Obligations |
|||
Transactional data |
Transaction details, source of funds, etc. |
Invoicing, transaction monitoring, service improvement, legal compliance. |
Performance of a Contract, Legitimate Interest |
|||
Technical Data |
IP address, internet connectivity data, etc. |
Site performance analysis, site security, user experience personalization, anonymous statistics. |
Legitimate Interest, Consent |
|||
Profile Data |
Username, password, preferences, feedback, etc. |
Personalization of the user experience, user account management, communications with users. |
Performance of a Contract, Consent |
|||
Usage Data |
Information about site usage, interaction time, etc. |
Trend analysis, site optimization, service improvement, personalization of offers. |
Legitimate Interest, Consent |
|||
Marketing and Communication Data |
Marketing preferences, survey responses, etc. |
Sending marketing communications, personalizing offers, conducting market research. |
Consent |
|||
|
Facial data, biometric data.
|
Verification against the documents provided, unique identification of the account holder. Processed and stored by Sumsub. More information in Annex 1. |
Legal obligation (European PSD2 Law) |
9.1. Special Categories of Personal Data
Certain types of sensitive personal data are subject to additional protection under the legislation applicable to you. This data is commonly known as "special categories" of personal data and includes:
As a rule, we do not collect sensitive personal data. However, if necessary, such as for the use of biometric data, we obtain your explicit consent and inform you in advance of the purpose of the collection of such data. Biometric data, such as fingerprints or facial recognition, is used solely to improve security and ensure the authenticity of logins. For further details on the biometric data used, please read Annex 1 of this Policy.
9.2. Refusal to Provide Personal Data
If we are required by law or under the terms of a contract to collect your personal data and you refuse to provide it, we may not be able to perform the contract we have or are trying to enter into with you. This may result in the inability to provide you with the Services you have requested. In such circumstances, we may need to cancel a product or service you have with us. We will inform you promptly if this happens.
10. How we use your personal data
We use the information we collect about you for a variety of purposes, including:
11. Use of Personal Data for Marketing Purposes
Direct Marketing
We may use your identity, contact, technical, transactional, usage and profile data to form an opinion about what we think may be of interest to you or you may need. This helps us decide which products, services, and offers might be relevant to you.
Legal Basis for the Processing of Marketing Data
Consent for Direct Marketing
We will ask for your explicit consent to use your personal data for direct marketing purposes. This consent can be given, for example, by ticking a checkbox when registering or during other interactions with us. You can withdraw your consent at any time by contacting us via the details provided in the "Contact Us" section of this Policy or by using the opt-out links in our marketing communications.
Data Subject's Rights Relating to Direct Marketing
You have the right to:
11.1. Third-Party Marketing
We will obtain your explicit consent before sharing your personal data with third parties for marketing purposes. We will not share your data with any third party unless you have expressly consented to such sharing.
If you decide that you no longer wish to receive marketing communications from us or from third parties with whom we have shared your data (with your consent), you can exercise your rights by contacting us directly or by using the opt-out links provided in each marketing communication.
Our Site, Apps, and applicable web browsers may include links to third-party websites, plug-ins and applications ("Third-Party Sites"). By clicking on such links or enabling those connections, it is possible for third parties to collect or share data about you. We do not control these Third-Party Sites and are not responsible for their Privacy Notices and policies. When you leave our Site or Apps, we encourage you to read the Privacy Policy of each Third Party Site you visit or use.
To provide specific features of our products and services, we use the following third-party services. Your privacy is important to us, and we are committed to ensuring that all personal data shared with these Services is treated in accordance with applicable privacy laws:
These services are essential to support various functions of our products and services.
We encourage you to read the respective privacy policies of these services to understand how they treat your personal data. Sharing data with these providers is strictly necessary to provide and improve our services, and we are committed to only working with providers who maintain high standards of data protection.
13. Use of your personal data for Other Purposes
We will only use your personal data for the purposes for which we collected it, unless we reasonably believe that we need to use it for another reason compatible with the original purpose. If you would like an explanation of how the processing for the new purpose is compatible with the original one, please contact us.
14. Sale or Transfer of Business
We may need to process your personal data during trading or in connection with any merger, financing, acquisition, bankruptcy, dissolution, transaction or proceeding involving all or a portion of our stock, business or assets. Such processing will be based on our legitimate interests in executing the transaction or to comply with our legal obligations.
15. Disclosure of Personal Data
We will not disclose your personal information to anyone, except as described in this policy. We may share your personal information with other companies in our Group or with our business partners. Your personal information (e.g., full name and email address) may be shared with the recipient/sender of a payment in the context of the specific relevant transaction. This may involve transferring your personal data outside of the European Economic Area (EEA) or the United Kingdom.
We may share your personal information with third parties to provide you with our products and services, including service providers, credit reference agencies, and financial institutions. We may also share your personal information with regulators and third parties to prevent crime, reduce risk, respond to legal proceedings, investigate violations of business terms, or protect the rights and property of Carta Reale, our customers, or others.
16. International Data Transfers
The information we collect may be transferred to, stored and processed in countries outside the European Economic Area (EEA). These countries may have different data protection standards than those in your country of residence. However, we are committed to ensuring that your data is treated securely and in accordance with applicable data protection laws.
Credential Security
If we have provided you with (or have chosen) a password, access code, or any other secure means of accessing parts of our site, it is important that you keep these credentials confidential. Don't share them with anyone. You are responsible for the activities that occur under your credentials and authorize Carta Reale to act on the instructions and information received from anyone using your credentials.
Security of Data Transmission
The transmission of information via the Internet is not completely secure. We will do our best to protect your personal information, but we cannot guarantee the security of any data transmitted to our site. Once we receive your information, we will take strict measures and security features to prevent unauthorized access.
17. Data Retention
We only retain your personal data for as long as necessary to achieve the purposes for which we collected it. To determine the appropriate shelf life, we consider various factors, including:
Here are some examples of how we apply these principles:
You have the right to ask us to delete your personal data under certain conditions. Please see the section on your legal rights for more information. We will only comply with your request for deletion if it meets the conditions set out in the law.
We use cookies and similar technologies to improve your experience on our Services and Site. Cookies are small data files that are sent to your browser from a web server and stored on your device. These cookies allow our Site to function properly and help us better understand how users interact with our Site and Services.
You can set your browser to refuse all or some cookies, or to alert you when websites set or access cookies. However, if you disable or reject cookies, please be aware that some parts of our Services or Site may become inaccessible or not function properly.
We use different types of cookies:
We take appropriate security measures to protect the data we collect through cookies and other similar technologies. By using our Site and Services, you consent to the use of cookies in accordance with our Cookie Policy.
For more information about the cookies we use and how to manage them, please see our Cookie Policy: cookie policy link
19. Updating the Privacy Policy
We reserve the right to update this privacy policy from time to time. Any changes will be posted on this page, and if the changes are significant, we will notify you by email or other appropriate means. We encourage you to review this policy regularly to be aware of any updates.
20. Contact Us
If you have any questions or requests regarding this privacy policy or would like to exercise your rights, you can contact us at:
It only takes a few minutes to register your FREE Bankio account.
Copyright © First Digital Trade Ltd | Designed by FirstDigitalTrade