On the processing of personal data when performing remote identity verification

PRIVACY NOTICE

ON THE PROCESSING OF PERSONAL DATA WHEN PERFORMING REMOTE IDENTITY VERIFICATION

This Privacy Notice explains how NEO Finance, AB processes Your personal data when You choose to verify Your identity remotely using electronic means that enable live video transmission, and where biometric personal data (facial image) are processed.

NEO Finance, AB (hereinafter – the Company, we) is Your data controller (legal entity code 303225546, address Ukmergės st. 126, Vilnius) when these data are received and processed for the purpose of remote identity verification.

What is the purpose of processing personal data?

Personal data are processed for the purpose of verifying Your identity remotely using electronic means that enable live video transmission. The Company may request You to verify Your identity in the following cases:

When You want to open an account;
If You want to change Your phone number, You have used during registration;
When You provide us with Your new identity document (after Your identity document expires);
When You want to identify as an authorized representative of legal person;
When You want to change Your password;
If You are requested to verify Your identity by Company’s representative (when we suspect that the actions are being performed by someone other than the client);
If re-identification is necessary;
When Buy Now, Pay Later (BNPL) service is used (for identity verification, signing an offer and agreement, opening a limited-use account);
When a co-borrower needs to be identified.

What categories of personal data will we process?

To become our client, or in the other cases indicated above, You must verify Your identity. When You choose to verify Your identity remotely using electronic means that enable live video transmission and yYu consent to live video transmission during remote identity verification, the Company will process the following personal data, including Your biometric data (facial image):

Your first name and last name;
Personal identification number / date of birth;
Personal data contained in Your identity document (identity document number, date of issue and validity/expiry date, photograph contained in the identity document);
Your facial image (captured in a photograph or video recording);
Biometric facial points from the photograph in the identity document and Your photo (biometric data);
Date of identity verification;
IP address.

What is the legal basis for data processing?

Your personal data are processed on the basis of:

Article 6(1)(c) of the GDPR (processing is necessary for compliance with a legal obligation applicable to the Company under the Law of the Republic of Lithuania on the Prevention of Money Laundering and Terrorist Financing);
Article 6(1)(a) of the GDPR (Your consent to live video transmission); and
Article 9(2)(a) of the GDPR (Your consent to the processing of biometric data (facial image)).

To whom may Your personal data be disclosed?

Your personal data will be disclosed only to the Company’s service provider, iDenfy, UAB, which provides remote identity verification services using electronic means that enable live video transmission and acts as the Company’s data processor.

What is the retention period of Your personal data?

The Company stores Your personal data only for as long as necessary to achieve the purposes of processing and/or as required by law. Your personal data collected during remote identity verification using electronic means that enable live video transmission will be stored:

8 years from the date of the end of transactions or the business relationship with the client (pursuant to Article 19 (11) of the Law of the Republic of Lithuania on the Prevention of Money Laundering and Terrorist Financing);
Biometric data (biometric facial points) are stored only for the duration of the verification (during comparative analysis of biometric points) – up to 2 seconds – and are deleted after verification.

What are Your rights?

You have the right to withdraw Your consent at any time; however, please note that withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal of consent, i.e., the lawfulness of verifying Your identity using biometric data (facial image). You may withdraw Your consent by contacting the Company by email at [email protected];
You have the right of access – You can obtain confirmation as to whether or not Your personal data are being processed and access to the personal data;
You have the right to rectification – request the rectification of inaccurate personal data;
You have the right to erasure (‘right to be forgotten) – request the erasure of personal data;
You have the right to restriction of processing -of personal data;
You have the right to data portability – request to receive personal data and transfer those data to another data controller;
You have the right to lodge a complaint with the State Data Protection Inspectorate.

You may submit a request to exercise Your rights by providing Your request either verbally (by visiting the Company in person) or in writing (by sending Your request by post, or by email). More information about Your data subject’s rights and how You can exercise them is available at the Privacy Policy published on the Company’s website.

If You have any questions about this Privacy Notice or the processing of personal data, You may always contact the Company’s Data Protection Officer by email at [email protected] (we recommend indicating that the correspondence is intended specifically for the Data Protection Officer).

Cookie name	Provider	Purpose	Valid period	Type
hl	paskoluklubas.lt	Used to save website language	1 year	Necessary
PHPSESSID	NEO Finance, AB	Cookie is designed to realize the functionality of a website.	Session	Necessary
cookies_warning_dismissed	neofinance.com	Remembers that you dismissed the cookies notification	Until obtaining consent.	Necessery
JSESSIONID	neofinance.com	Is a cookie in J2EE web application which is used in session tracking.	Session	Necessery
_ptref	Prezi	Cookie targets ads based on behavioural profiling and geographical location.	1 d.	Marketing

Cookie name	Provider	Purpose	Valid period	Type
_fbp	Facebook	Is used to distinguish and keep track of your unique users.	90 d.	Marketing
_clck	Microsoft Clarity	to store a unique user ID.	1 year	Marketing
_fbc	Facebook	Is only set when a user arrives at website from an Ad	90 d.	Marketing
_webpushrEndPoint	Webpushr	To store user preferences	Session	Marketing
_webpushrLastVisit	Webpushr	This cookie stores timestamp associated with the user’s last visit on the site.	Session	Marketing
aid	Google Analytics	This cookie links your activities on other devices previously logged into using your Google account.	2 y.	Marketing
rl_trait	RudderStack	To store performed actions on the website.	1 y.	Marketing
CONSENT	neofinance.com	The cookie is intended to indicate that the user has accepted cookies	1 y.	Marketing
__Secure-3PAPISID	Google	Builds a profile of website visitor interests to show relevant and personalised ads through retargeting.	2 t.	Marketing
__Secure-3PSID	Google	Builds a profile of website visitor interests to show relevant and personalised ads through retargeting.	2 y.	Marketing
BITRIX_SM_GUEST_ID	Bitrix	Stores information about the unique ID of the website authorized user	1 y.	Marketing
ANONCHK	Microsoft Clarity	This cookie ensures that clicks from advertisement on the Bing search engine are verified and it is used for reporting purposes and for personalization.	10 minutes	Marketing
MUID	Microsoft Clarity	to store and track visits across websites.	1 year	Marketing

Cookie name	Provider	Purpose	Valid period	Type
_vwo_uuid_v2	Visual Website Optimizer (VWO)	Used to track visitor movements anonymously.	366 d.	Statistics
_hjid	Hotjar	It is used to persist the Hotjar User ID	365 d.	Statistics
_gcl_au	Google Ads	Is used by Google AdSense for experimenting with advertisement efficiency	90 d.	Statistics
_ga	Google analitics	Used to distinguish users.	90 d.	Statistics
_gid	Google Analitics	Used to distinguish users.	90 d.	Statistics
_hjAbsoluteSessionInProgress	Hotjar	This cookie is used to detect the first pageview session of a user.	30 min.	Statistics
_gcl_aw	Google Ads	Is used by the conversion linker for click information	90 d.	Statistics
_gaexp	Google Analitics	To store ID's of experiments and sessions for A/B testing.	90 d.	Statistics
_ga_1QNMPY3YPM	G4 Analytics	Wordt gebruikt om de sessiestatus te behouden.	2 years	Statistic
_hjIncludedInSample	Hotjar	Helps with Hotjar features by identifying visitors during a session.	Session	Statistics
_clsk	Microsoft Clarity	To store and combine pageviews by a user into a single session recording.	1 day	Statistical
_uetsid	Microsoft Bing Ads	It allows to engage with a user that has previously visited website.	30 min. after session	Statistics
_uetvid	Microsoft Bing Ads	It allows to engage with a user that has previously visited website.	16 d.	Statistics
_hjSessionRejected	Hotjar	This cookie is only applied in extremely rare situations to prevent severe performance issues	Session	Statistics
_hjTLDTest	Hotjar	When the Hotjar script executes try to determine the most generic cookie path should use, instead of the page hostname. This is done so that cookies can be shared across subdomains (where applicable).	Session	Statistics
__utmc	Google Analitics	Information to the server sent anonymously. Cookies identify unique visitors and monitors the user sessions	6 m.	Statistics
_gat_myTracker	Google Analytics, VWO	Cookie required for testing	Session	Statistics
_hjIncludedInPageviewSample	Hotjar	This cookie is set to let Hotjar know whether that user is included in the data sampling defined by site's pageview limit.	30 min.	Statistics
__utmz	Google Analytics	This cookie stores how the user reached website, whether it is directly by.	Session	Statistics
_hjFirstSeen	Hotjar	This is set to identify a new user's first session.	Session	Statistics
__utma	Google Analytics	This cookie is typically written to the browser upon the first visit to site from that web browser.	2 y.	Statistics
__utmt	Google Analytics	To store number of service requests.	10 min.	Statistics
__utmb	Google Analytics	To store time of visit.	Session	Statistics
_vis_opt_test_cookie	Visual Website Optimizer	This is a session cookie generated to detect if the cookies are enabled on the browser of the user or not.	Session	Statistics
_uetmsclkid	Microsoft Bing Ads	The advertiser’s site to capture the Microsoft Click ID from the URL.	90 d.	Statistics
_hjIncludedInSessionSample	Hotjar	This cookie is set to let Hotjar know whether that user is included in the data sampling defined by site's daily session limit.	30 min.	Statistics
_vwo	Visual Website Optimiser (VWO)	It generates a unique id for every visitor and is used for the report segmentation feature in VWO, and it also allows you to view data in a more refined manner.	74 y.	Statistics
_v	neofinance.com	To register a unique page load ID.	Session	Statistics
OTZ	Google Analytics	Cookie used to provides an aggregate analysis of Website visitors	7 min	Statistics
_gat	Google Analitics	These cookies are used to collect information about how visitors use website.	1 d.	Statistics
_gaexp_rc	Google Analytics	This cookie is used by Google Analytics to determine if the visitor is included in campaigns.	10 sec.	Statistics
_opt_expid	Google Ads	This cookie is generated by testing the redirect page version. It stores the test ID, the variation ID, and the redirect to the page that is being redirected.	10 sek.	Statistics
prli_visitor	Pretty Links	Cookie collect information in an anonymous form, including the tracking of visitor activity across clicks, the number of clicks per link and where visitors have come to the site from.	1 y.	Statistics
ai_user	Microsoft Application	This is a unique user identifier cookie enabling counting of the number of users accessing the application over time.	1 y.	Statistics
CLID	Microsoft Clarity	The purpose of this cookie is for heatmap and session recording.	1 year	Statistical
MR	Microsoft Clarity	Indicates whether to refresh MUID.	1 week	Statistical
SM	Microsoft Clarity	Used by Microsoft's Clarity analytics service to synchronise the MUID across Microsoft domains.	end of session	Statistical