This Privacy Policy sets out and explains how Medicinos Bankas UAB (“Bank”) collects and processes your personal data.
The purpose of this Privacy Policy is to inform you about the ways your personal data are collected and processed and to ensure a fair and transparent process of personal data processing in the Bank.
It is very important that you carefully read this Privacy Policy, because its terms and conditions will apply every time you use/express an intention to use the Bank’s services at the Bank’s customer service units or in the internet banking system, browse the Bank’s website www.medbank.lt, visit the Bank’s premises, call the Bank’s contact centre and in other cases, where your data are processed.
We confirm that when processing your personal data, the Bank observes:
egulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“General Data Protection Regulation”),
Law on Legal Protection of Personal Data of the Republic of Lithuania;
Law on Electronic Communications of the Republic of Lithuania;
Other legislation governing the protection of personal data;
Instructions/recommendations of the supervisory authority and other competent authorities.
The Bank may amend this Privacy Policy in the future. Therefore, we recommend that you review it from time to time.
Terms and definitions
The terms used in this Privacy Policy shall be understood as follows:
Personal Data – any information, directly or indirectly related to you, which is received directly from you or from other sources and may be used to identify you.
Processing – any operation which is performed on personal data or on sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or other destruction.
Data Subject – you or any natural person (including the director/representative or the true beneficiary of a legal person), who is using/has expressed and intention to use the Bank’s services or is otherwise related to the Bank and/or the services provided by the Bank, and whose data is processed by the Bank.
Other terms used in this Privacy Policy shall be understood as they are defined in the General Data Protection Regulation (EU) 2016/679 and other legislation governing the protection of personal data.
What personal data do we process?
The Bank processes personal data of the following categories:
Personal identity data, such as first name, last name, national identification number, date of birth, nationality, identity document data.
Contact information, such as address, zip code, telephone number, e-mail address.
Information related to education and professional activity, such as education, employment, position, economic commercial activity.
Family information, such as marital status, number of dependents, heir information.
Financial information, such as income and its source, information about your assets and bank accounts in other financial institutions, information about concluded transactions, expenses, loans and other financial obligations.
Information about creditworthiness and its history, such as credit history, credit rating.
Information related to the provision of Bank services, such as information about the services provided to you by the Bank and related data (e.g. bank account number), information about performance of/default on contracts, concluded transactions, current and expired contracts, submitted applications.
Information needed to ensure the compliance with anti-money laundering and terrorist financing prevention requirements and implementation of international sanctions, such as information about whether you or your immediate family members and close associates are politically vulnerable/exposed individuals, information about true beneficiaries, information about business activities and parties to transactions, business relationship monitoring data.
Information supporting the source of funds or transactions, i.e. proof of source of funds, invoices, sale and purchase contracts, service contracts, payment documents.
Information needed to ensure compliance with the requirements applicable in tax administration, such as the country of residence for tax purposes, taxpayer identification number, date and place of birth.
Information about you as the director/representative and true beneficiary of a legal person who is using/expressed an intention to use Bank services.
Visual data recorded by the Bank’s surveillance equipment during your visit in the Bank’s central office and customer service units.
Information about recorded telephone conversations when calling the Bank’s contact centre, such as the caller’s telephone number, call metadata (date, time and duration of connection). The recorded telephone conversation includes the data provided by you during the telephone conversation.
Information created and/or received during performance of a legal obligation, such as information received based on inquiries of courts, law enforcement agencies, notaries, bailiffs, lawyers and tax authority about the income, financial obligations, property and outstanding debt.
Information provided or generated by the use of electronic means of communication, such as information provided by e-mail, on the website and social networks, information about traffic: the user’s IP address at the time of connection, operating system version and parameters of the device used to access content/services; login information: your session time and duration; query words entered on the Bank’s website and any information stored in cookies placed on your device.
Information related to your habits/behaviour on the Bank’s website, in the online banking system or the Bank’s mobile application.
Data related to the use of the mobile application, such as mobile device number, mobile device unique identification number, data of active accounts on the mobile device and mobile device location data (if you presented these data under a separate consent within the mobile application);
Data of individuals who have access to insider information of the Bank, such as name, surname, birth surname, work telephone number, function and reason for having access to insider information, date of birth, national identification number, personal telephone number, home address.
For what purposes do we process your personal data?
The Bank processes your personal data for the following purposes:
Personal identification and verification, implementing the Know-Your-Customer principle,
Determination and assessment of creditworthiness;
Credit risk assessment and management, including but not limited to implementation of the standard maximum loan per customer and a group of related customers;
Provision of financial services;
Fulfilment of contractual obligations;
Maintaining a relationship and communication with you;
Giving advice and assessment of your needs;
Ensuring compliance with anti-money laundering and terrorist financing prevention requirements and implementation of international sanctions;
Ensuring the quality of services and defence of Bank’s rights (recording of telephone conversations);
Ensuring the protection and safety of the Bank’s property (video surveillance);
Organisation and implementation of recruitment of employees and trainees;
Defence and protection of the Bank’s rights and legitimate interests;
Compiling and management of the list of individuals who have access to insider information;
Direct marketing.
Please be advised that you have the right to opt out of receiving direct marketing messages from the Bank by notifying the Bank of your decision at any customer service unit of the Bank, by clicking an active link “Do not send” in a received direct marketing email or by changing the direct marketing settings in the online banking system.
On what grounds do we process your personal data?
The Bank processes your personal data on the following legal grounds defined in the General Data Protection Regulation (EU) 2016/679:
When subject to a legal obligation, i.e., the applicable legislation requires that the Bank process your personal data,
In order to enter into and perform a contract with you;
In pursuit of the Bank’s legitimate interests, unless your private interests are overriding (e.g. providing Bank services, recruitment of employees and trainees, credit risk assessment, management of your debt, dispute resolution, etc.);
Your consent to the processing of your personal data.
In the public interest.
Where do we get your personal data from?
Received directly from you (provided when completing and submitting forms/inquiries/requests/claims/applications both at the central office and/or customer service unit of the Bank and in the online banking system or website www.medbank.lt, calling the Bank’s contact centre or visiting the Bank’s premises),
Obtained from other sources;
Generated automatically to the extent provided by applicable legislation (when visiting the website and/or social network account, using mobile applications).
Please note that if you provide personal data of other persons related to you (e.g. family members, company employees, shareholders, guarantor, etc.), you are required to inform those persons of the processing of their personal data by the Bank and to make them aware of this Privacy Policy.
The Bank obtains your personal data from other sources, such as:
Other banks and financial institutions,
State authorities and institutions (e.g. the Bank of Lithuania, the Ministry of Finance of the Republic of Lithuania, State Social Insurance Fund Board under the Ministry of Social Security and Labour of the Republic of Lithuania (SODRA), Statistics Lithuania, National Paying Agency, Lithuanian Agricultural Advisory Service, State Enterprise Deposit and Investment Insurance, State Enterprise Centre of Registers, State Enterprise Regitra);
Courts and law enforcement agencies;
Other persons performing the functions assigned by legislation (e.g. notaries, lawyers, bailiffs, bankruptcy administrators);
Service providers administering joint debtor data (e.g. CreditInfo Lietuva UAB);
Other natural persons/their representatives, when they provide the data of related persons (through blood or marriage), co-debtors, guarantors, collateral providers, etc.;
Other natural persons/their representatives, when they provide the data of immediate family members or close associates, who hold or were holding (over the past year) a prominent public function;
Legal persons, if you are the director/representative, employee, authorised person, true beneficiary, etc. of a legal person;
Documents submitted to the Bank for performance of a contract or fulfilment of regulatory requirements which may contain personal data (e.g. property valuation certificates, extracts from registers, etc.);
Third parties and/or publicly available sources to the extent permitted by applicable legislation (e.g. LinkedIn social network).
Who do we transfer your personal data to?
The Bank may transfer your personal data to the following entities:
State authorities and institutions, other persons performing the functions assigned by legislation (e.g., supervisory authorities, law enforcement agencies, tax administrator, bailiffs, notaries, lawyers),
Debt recovery companies, to which debt claims are transferred;
Service providers administering joint debtor data (e.g. CreditInfo Lietuva UAB);
Participants of national, European Union and international payment systems and other related persons (e.g. SWIFT);
Other persons who provide services to the Bank or are related to the services provided by the Bank (e.g. information technology service providers, postal service providers, archiving service providers, credit intermediaries, etc.).
The Bank ensures that your personal data are transmitted strictly in accordance with applicable legislation. Service providers (processors) used by the Bank process your data only for strictly defined purposes, which are set out in personal data processing contract.
In which countries are your personal data processed?
Generally, your personal data are processed and stored in the territory of the European Union (EU) and the European Economic Area (EEA). However, in some cases, we may need to transfer your personal data to other countries outside the EU and EEA, or international organisations that may apply a lower-level data protection policy. In such cases, the Bank will take all steps to ensure the security of transferred personal data.
The Bank transfers personal data to countries outside the EU and EEA, or to international organisations, if one of the following security measures is applied:
The contract is signed with the recipient of personal data based on Standard Contractual Clauses approved by the European Commission,
The recipient of personal data must be located in a country recognized by decision of the European Union as applying adequate data protection standards;
Permission from State Data Protection Inspectorate must be obtained.
Video surveillance
In order to ensure the protection of its assets and the security of the Bank’s employees and customers, the Bank carries out video surveillance. Locations where video surveillance is carried out are marked with special information signs.
The video surveillance data are recorded and stored for a minimum of thirty (30) and a maximum of ninety (90) days. If the video surveillance data are necessary for the Bank’s internal investigation, are/shall be used as evidence in a civil, administrative or criminal case or in other cases established by the legal acts of the Republic of Lithuania, the video surveillance data shall be stored to the extent necessary to achieve these purposes.
Profiling and automated decision making
In certain cases, the Bank carries out profiling and makes decisions by automated means:
If you have given consent to the processing of personal data for direct marketing purposes and have not withdrawn such consent, the Bank profiles your personal data, i.e., performs automated processing of personal data to evaluate certain personal aspects related to you, in particular to analyse your interests, behaviour, movement, economic situation, and payment habits with the purpose of anticipating your needs more accurately and provide you with offers, services and/or products that best suit your interests.
he Bank uses profiling for analysis and assessment by making automated decisions related to, for example, assessment of creditworthiness and credit risk management. Your credit rating is determined using information systems and algorithms and is used as a basis for making a decision on provision of financial services. If you do not agree with the decision taken by automated means, you have the right to demand the involvement of a Bank employee, express your position, receive an explanation of the decision and challenge the decision.
In order to ensure the implementation of anti-money laundering and terrorist financing prevention measures, the Bank carries out profiling and assigns you a risk category according to the risk associated with you, the risk of products, services and/or operations, risk of a country and/or geographical region, and the risk of the main economic activity. Depending on the assigned risk category, the available intensity of use of Bank services and the periodicity of updating your information may vary.
What personal data processing principles do we adhere to?
When processing personal data, the Bank adheres to the following principles:
Your personal data are collected and processed for explicit and legitimate purposes, established prior to beginning of the processing, and not further processed in a manner that is incompatible with those purposes (the purpose limitation principle).
Your personal data are processed fairly, lawfully and transparently, with your consent or on other legitimate basis for personal data processing (the principle of lawfulness, fairness and transparency).
Your personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (the data minimisation principle).
Your personal data are accurate and, if necessary for personal data processing, updated on a regular basis. Personal data that are inaccurate or incomplete are rectified, supplemented, deleted or their processing is suspended. All reasonable steps are taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (the principle of accuracy).
Your personal data are kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data have been collected and are processed (the principle of storage limitation).
Your personal data are processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (the principle of integrity and confidentiality).
How do we protect your personal data?
When processing your personal data, we implement various organisational and technical measures to protect your personal data against accidental or unlawful destruction, alteration, disclosure as well as from any other unauthorised form of processing. The Bank requires that the processors used by the Bank for the processing of your personal data or which have access to your personal data when providing services to the Bank take appropriate technical and organisational measures, which would ensure the security and integrity of your personal data.
However, please note that even though we take appropriate steps to protect your personal data, no website or e-mail can guarantee complete security due to reasons beyond the control of the Bank. Therefore, you should be careful and assume the risk associated with providing personal data to the Bank on the website or by e-mail.
How long do we keep your personal data?
We store your personal data for not longer than it is necessary to achieve the stated purpose. Once the set objective is achieved, your personal data are deleted, unless the applicable legislation requires that the Bank store the data for the time period prescribed by such legislation. Once this period expires, the data are deleted/destroyed so that they cannot be reproduced. Specific personal data retention periods depend on the legal grounds for processing of your personal data.
Cookies, alerts and other similar technologies
During your visit to the Bank’s website www.medbank.lt, we want to provide you with information and functions that are tailored specifically to your needs. This requires the use of cookies. Cookies are small information elements stored on your web browser. They help the Bank to recognize you as a previous visitor to the Bank’s website, save your visit history and adapt the content accordingly. Cookies also help the Bank to ensure smooth functioning of the Bank’s website, allow monitoring the duration and frequency of the visits to the website and collecting statistical information on the number of visitors to the website. Analysis of such data helps us improve the Bank’s website and make it more comfortable for your use.
Types of cookies used on the website of the Bank at www.medbank.lt:
necessary cookies required for the operation of the website of the Bank at www.medbank.lt.
functional cookies that are used to improve the operation of the website of the Bank at www.medbank.lt and user experience. These cookies help you remember your choices and settings (such as language or time zones).
statistical cookies that are used to assess and analyse the use of the website of the Bank at www.medbank.lt.
marketing cookies that are used to collect information so that the Bank can provide advertising or content suited for a specific browser, creating different target groups.
On your device, the Bank may store only necessary cookies that are necessary for the operation of the Bank’s website. For all other types of cookies, we must obtain your consent. You may withdraw your consent at any time by changing your browser settings and deleting saved cookies. You can find information on how to do this online, in the help page of your web browser.
Below is the list of cookies used on the website of the Bank at www.medbank.lt sorted by type, collected data and validity period:
Cookie name
Purpose of the cookie
Best before date
Type of the cookie
CookieConsent [x2]
The cookie used to store the visitor’s choice regarding the use of cookies.
Upon acceptance of the use of cookies
Valid for 1 year
Necessary
CookieConsentBulkSetting-#
These cookies remember the visitor’s choice regarding the use of cookies on different pages and products of Medicinos Bankas.
Permanent
Necessary
rc::c
The cookie used to determine whether the visitor is not a robot.
Session
Necessary
rc::a
The cookie used to determine whether the visitor to is not a robot in order to generate reports on the use of the website.
Permanent
Necessary
XSRF-TOKEN [x2]
The cookie used to ensure security by preventing the cross-site request forgery.
Valid for 24 hours
Necessary
medbank_prod_ls
Cookies for identification of sessions.
Session
Necessary
laravel_session
SandboxSession
medbanksess
Cookies for identification of sessions.
Session
Session
Session
Necessary
MD_SmartIdLoginSuccess
MD_SmartIdLoginSuccess
The cookie used to remember a successful user login.
3 months
3 months
Necessary
IBAType
The cookie used to remember the last authentication means selected by the user.
3 months
Necessary
MD_SmartIdPersonCode
The cookie used to remember whether a user has already entered his/her personal identification number on the same device and in the same browser.
3 months
Necessary
MD_MSignPersonPhone
The cookie used to remember whether a user has already entered his/her phone number on the same device and in the same browser.
3 months
Necessary
MedBanklettersCount
The cookie used to remember the number of unread messages.
10 minutes
Necessary
GUID [x2]
The cookie that saves the status of the visitor in all site requests.
Valid for one year
Necessary
major_type
The cookie intended to ensure the functionality of the website: saves the selected customer type.
Valid for 6 days
Functional
_dc_gtm_UA-#
The cookie used by Google Tag Manager and allows loading part of the program code.
Valid for 24 hours
Statistic
collect
The cookie collects information about the visitor’s device and behaviour and transmits the information to Google Analytics.
Valid throughout the session
Statistic
_ga
Tracking cookies of Google Analytics. The cookies collect information about the behaviour of the visitor on the website and are used to store statistical information.
Valid for 2 years
Statistic
_gid
Tracking cookies of Google Analytics. The cookies collect information about the behaviour of the visitor on the website and are used to store statistical information.
This cookie is used by Google Analytics to limit the frequency of requests.
Valid for 24 hours
Statistic
_ga_#
A tracking cookie of Google Analytics that collects information about the number of visits by the visitor and dates of the first and most recent visit.
2 years
Statistic
_gat
This cookie is used by Google Analytics to limit the frequency of requests.
Valid for 24 hours.
Statistic
_gcl_au
The cookies used by Google Adsense to personalise advertisements based on the browsing experience of the visitor and analysis thereof.
Valid for 3 months
Marketing
ads/ga-audiences
This cookie is used by Google AdWords and collects information about the behaviour of the visitor for the purpose of re-engaging the visitor.
Valid throughout the session
Marketing
_fbp
fr
tr
The cookies used to create a user and display targeted advertisements on third-party websites, such as facebook.com.
Valid for 3 months
Valid for 3 months
Valid throughout the session
Marketing
pagead/landing
The cookie collects data on visitor behaviour from multiple websites in order to present more relevant advertisement. This also allows the website to limit the number of times that they are shown the same advertisement.
Valid throughout the session
Marketing
TradeDoublerGUID
Technical server-side cookie of Tradedoubler that sores the history of user activity on the website.
Valid for 1 years
Marketing
test_cookie
The cookie used to check whether the visitor’s browser accepts cookies.
24 hours
Marketing
diffx/track/partner
The Smart Adserver system cookie used to collect statistical information for the display of advertisements.
Throughout the session
Marketing
partner-<ID>*
he cookies used by Smart Adserver collecting information for statistics and advertising purposes.
Valid from one day to several years
Marketing
Cookie name
CookieConsent [x2]
Purpose of the cookie
The cookie used to store the visitor’s choice regarding the use of cookies.
Best before date
Upon acceptance of the use of cookies
Valid for 1 year
Type of the cookie
Necessary
Cookie name
CookieConsentBulkSetting-#
Purpose of the cookie
These cookies remember the visitor’s choice regarding the use of cookies on different pages and products of Medicinos Bankas.
Best before date
Permanent
Type of the cookie
Necessary
Cookie name
rc::c
Purpose of the cookie
The cookie used to determine whether the visitor is not a robot.
Best before date
Session
Type of the cookie
Necessary
Cookie name
rc::a
Purpose of the cookie
The cookie used to determine whether the visitor to is not a robot in order to generate reports on the use of the website.
Best before date
Permanent
Type of the cookie
Necessary
Cookie name
XSRF-TOKEN [x2]
Purpose of the cookie
The cookie used to ensure security by preventing the cross-site request forgery.
Best before date
Valid for 24 hours
Type of the cookie
Necessary
Cookie name
medbank_prod_ls
Purpose of the cookie
Cookies for identification of sessions.
Best before date
Session
Type of the cookie
Necessary
Cookie name
laravel_session
SandboxSession
medbanksess
Purpose of the cookie
Cookies for identification of sessions.
Best before date
Session
Session
Session
Type of the cookie
Necessary
Cookie name
MD_SmartIdLoginSuccess
MD_SmartIdLoginSuccess
Purpose of the cookie
The cookie used to remember a successful user login.
Best before date
3 months
3 months
Type of the cookie
Necessary
Cookie name
IBAType
Purpose of the cookie
The cookie used to remember the last authentication means selected by the user.
Best before date
3 months
Type of the cookie
Necessary
Cookie name
MD_SmartIdPersonCode
Purpose of the cookie
The cookie used to remember whether a user has already entered his/her personal identification number on the same device and in the same browser.
Best before date
3 months
Type of the cookie
Necessary
Cookie name
MD_MSignPersonPhone
Purpose of the cookie
The cookie used to remember whether a user has already entered his/her phone number on the same device and in the same browser.
Best before date
3 months
Type of the cookie
Necessary
Cookie name
MedBanklettersCount
Purpose of the cookie
The cookie used to remember the number of unread messages.
Best before date
10 minutes
Type of the cookie
Necessary
Cookie name
GUID [x2]
Purpose of the cookie
The cookie that saves the status of the visitor in all site requests.
Best before date
Valid for one year
Type of the cookie
Necessary
Cookie name
major_type
Purpose of the cookie
The cookie intended to ensure the functionality of the website: saves the selected customer type.
Best before date
Valid for 6 days
Type of the cookie
Functional
Cookie name
_dc_gtm_UA-#
Purpose of the cookie
The cookie used by Google Tag Manager and allows loading part of the program code.
Best before date
Valid for 24 hours
Type of the cookie
Statistic
Cookie name
collect
Purpose of the cookie
The cookie collects information about the visitor’s device and behaviour and transmits the information to Google Analytics.
Best before date
Valid throughout the session
Type of the cookie
Statistic
Cookie name
_ga
Purpose of the cookie
Tracking cookies of Google Analytics. The cookies collect information about the behaviour of the visitor on the website and are used to store statistical information.
Best before date
Valid for 2 years
Type of the cookie
Statistic
Cookie name
_gid
Purpose of the cookie
Tracking cookies of Google Analytics. The cookies collect information about the behaviour of the visitor on the website and are used to store statistical information.
This cookie is used by Google Analytics to limit the frequency of requests.
Best before date
Valid for 24 hours
Type of the cookie
Statistic
Cookie name
_ga_#
Purpose of the cookie
A tracking cookie of Google Analytics that collects information about the number of visits by the visitor and dates of the first and most recent visit.
Best before date
2 years
Type of the cookie
Statistic
Cookie name
_gat
Purpose of the cookie
This cookie is used by Google Analytics to limit the frequency of requests.
Best before date
Valid for 24 hours.
Type of the cookie
Statistic
Cookie name
_gcl_au
Purpose of the cookie
The cookies used by Google Adsense to personalise advertisements based on the browsing experience of the visitor and analysis thereof.
Best before date
Valid for 3 months
Type of the cookie
Marketing
Cookie name
ads/ga-audiences
Purpose of the cookie
This cookie is used by Google AdWords and collects information about the behaviour of the visitor for the purpose of re-engaging the visitor.
Best before date
Valid throughout the session
Type of the cookie
Marketing
Cookie name
_fbp
fr
tr
Purpose of the cookie
The cookies used to create a user and display targeted advertisements on third-party websites, such as facebook.com.
Best before date
Valid for 3 months
Valid for 3 months
Valid throughout the session
Type of the cookie
Marketing
Cookie name
pagead/landing
Purpose of the cookie
The cookie collects data on visitor behaviour from multiple websites in order to present more relevant advertisement. This also allows the website to limit the number of times that they are shown the same advertisement.
Best before date
Valid throughout the session
Type of the cookie
Marketing
Cookie name
TradeDoublerGUID
Purpose of the cookie
Technical server-side cookie of Tradedoubler that sores the history of user activity on the website.
Best before date
Valid for 1 years
Type of the cookie
Marketing
Cookie name
test_cookie
Purpose of the cookie
The cookie used to check whether the visitor’s browser accepts cookies.
Best before date
24 hours
Type of the cookie
Marketing
Cookie name
diffx/track/partner
Purpose of the cookie
The Smart Adserver system cookie used to collect statistical information for the display of advertisements.
Best before date
Throughout the session
Type of the cookie
Marketing
Cookie name
partner-<ID>*
Purpose of the cookie
he cookies used by Smart Adserver collecting information for statistics and advertising purposes.
Best before date
Valid from one day to several years
Type of the cookie
Marketing
When using a browser to access the content provided by the Bank, you can configure it to accept all cookies, reject all cookies or alert you when a cookie is sent. All browsers are different. If you do not know how to change cookie settings, see the browser’s help menu. The operating system of your device may have additional cookie controls. If you do not want to have your information collected using cookies, use the simple procedure offered by most browsers to opt out of using cookies. For more information about managing cookies, please visit https://www.allaboutcookies.org/manage-cookies/. However, please note that some services may be designed to operate only with cookies and once cookies are disabled, you will not be able to use them or certain parts of them.
In addition to the cookies used by the Bank on its website at www.medbank.lt, certain third parties are allowed to save and access cookies on your computer. In such case, the use of cookies is subject to third-party privacy policies.
Please note that the Bank's social network accounts are subject to the cookie policy of the respective social network.
The Bank’s website at www.medbank.lt may contain links to third-party websites. Please note that the Bank is not responsible for the content or privacy protection principles of such websites. Therefore, if a link given on the Bank’s website takes you to another website, you should read its privacy policy.
Bank website www.medbank.ltcontains Facebook and LinkedIn plug-ins and using them requires transfer of your data, such as IP address, to the social network administrator. Further information about how the social network administrators are processing your personal data is available on their websites.
What are your rights?
You,
as the data subject whose personal data is processed by the Bank, have the
following rights:
The right to know/be informed about the processing of your data (the right to know).
The right to access your personal data and receive information about how it is processed (the right to access).
The right to request rectification or supplementation of incomplete personal data, taking into account the purposes of personal data processing (the right to rectification).
The right to object to the processing of your personal data, if the processing of your personal data is based on your consent.
The right to request that the processing of your personal data be restricted for a legitimate reason (the right to restrict).
The right to withdraw consent to the processing of your personal data. Such withdrawal of consent shall not affect the data processing carried out prior to withdrawal of such consent.
The right to request that your personal data be deleted/destroyed (the right to be forgotten), where such data are processed on the basis of your consent. This right does not include the cases where you request to delete your personal data, which are processed by the Bank on other legal grounds, for example, where the processing of personal data is necessary to conclude/perform a contract or subject to a legal obligation.
The right to object to be subject to fully automated decision, if such decision has legal consequences or similar significant effect.
The right to data portability.
The right to file a complaint with the State Data Protection Inspectorate, if you believe that your personal data has been processed in violation of your rights and legitimate interests in the field of personal data protection. More information is available at www.vdai.lrv.lt.
The Bank provides the opportunity to exercise the above rights upon identification and verification of your identity. You can exercise your rights by submitting a written request to the Bank at any of the Bank’s customer service units, by mail to Pamėnkalnio g. 40, LT-01114 Vilnius, by email to [email protected] (when the request is sent by email, it must be signed with a qualified electronic signature) or through the Bank’s online banking system, and, in certain cases, by using certain links provided at the bottom of the promotional content provided by the Bank.
The Bank will provide you with information about the steps taken on receipt of your request to exercise the data subject’s rights within one (1) month from receipt of your request. The time limit for the Bank’s response may be extended for two (2) months, taking into account the complexity of the request and the number of requests received by the Bank. In any case, the Bank will inform you about the extension of the time period and the reasons for such extension.
If your requests are clearly unreasonable or disproportionate (e.g. because of their repetitiveness), the Bank has the right to charge a reasonable fee, taking into account the costs of providing information
The Bank may refuse to allow you to exercise the above rights, where prevention, investigation and detection of crimes or violations of official or professional ethics and the protection of rights and freedoms of other persons must be ensured in the cases provided by law.
Contact us
Medicinos Bankas UAB
Pamėnkalnio g. 40, LT-01114 Vilnius
Tel. 19 300 (for calls from Lithuania), +370 5 264 48 00 (for calls from abroad)
If you have any questions regarding the information presented in this Privacy Policy or any other questions related to the processing of your personal data, please contact the designated Data Protection Officer of the Bank by any of the following means:
Websites of other companies in the Bank’s Group which carry out specific functions may contain additional information about privacy.
This Privacy Policy enters into force on 15 April 2021.
The Bank has the right to unilaterally amend this Privacy Policy by informing you by a notice published on the Bank’s website www.medbank.lt, by e-mail or a message sent via the online banking system.
This Privacy Policy is publicly available on the Bank’s website www.medbank.lt and can be accessed at any customer service unit of the Bank.
This Privacy Policy will be revised and updated taking into account the changes in legislation and/or Bank’s activities, but at least once every two (2) years. Once the Privacy Policy is updated, we will inform you by posting a notice on the Bank’s website at www.medbank.ltand/or by other means.
Your browser is out of date. For better experience please update it here: Chrome, Firefox, Opera, Safari.
