Privacy policy


General provisions

Terms and definitions

What personal data do we process?

For what purposes do we process your personal data?

On what grounds do we process your personal data?

Where do we get your personal data from?

Who do we transfer your personal data to?

In which countries are your personal data processed?

Video surveillance

Profiling and automated decision making

What personal data processing principles do we adhere to?

How do we protect your personal data?

How long do we keep your personal data?

Cookies, alerts and other similar technologies

What are your rights?

Final Provisions

General provisions

This Privacy Policy sets out and explains how Medicinos Bankas UAB (“Bank”) collects and processes your personal data.

The purpose of this Privacy Policy is to inform you about the ways your personal data are collected and processed and to ensure a fair and transparent process of personal data processing in the Bank.

It is very important that you carefully read this Privacy Policy, because its terms and conditions will apply every time you use/express an intention to use the Bank’s services at the Bank’s customer service units, in the internet banking system, Bank's mobile app, when you browse the Bank’s website www.medbank.lt, when you visit the Bank’s premises and when calling  the Bank’s contact centre and in other cases, where your data are processed.

We confirm that when processing your personal data, the Bank observes:

The Bank may amend this Privacy Policy in the future. Therefore, we recommend that you review it from time to time.

Terms and definitions

The terms used in this Privacy Policy shall be understood as follows:

Other terms used in this Privacy Policy shall be understood as they are defined in the General Data Protection Regulation (EU) 2016/679 and other legislation governing the protection of personal data.

What personal data do we process?

The Bank processes personal data of the following categories:

For what purposes do we process your personal data?

The Bank processes your personal data for the following purposes:

On what grounds do we process your personal data?



The Bank processes your personal data on the following legal grounds defined in the General Data Protection Regulation (EU) 2016/679:



Where do we get your personal data from?

Please note that if you provide personal data of other persons related to you (e.g. family members, company employees, shareholders, guarantor, etc.), you are required to inform those persons of the processing of their personal data by the Bank and to make them aware of this Privacy Policy.

The Bank obtains your personal data from other sources, such as:

Who do we transfer your personal data to?

The Bank may transfer your personal data to the following entities:

The Bank ensures that your personal data are transmitted strictly in accordance with applicable legislation. Service providers (processors) used by the Bank process your data only for strictly defined purposes, which are set out in personal data processing contract.

In which countries are your personal data processed?

Generally, your personal data are processed and stored in the territory of the European Union (EU) and the European Economic Area (EEA). However, in some cases, we may need to transfer your personal data to other countries outside the EU and EEA, or international organisations that may apply a lower-level data protection policy. In such cases, the Bank will take all steps to ensure the security of transferred personal data.

The Bank may, in certain cases, transfer your personal data to countries outside the EU and EEA for the following reasons:

The Bank transfers personal data to countries outside the EU and EEA, or to international organisations, if one of the following security measures is applied:

The current list of countries that are not members of the EU and EEA, but have been recognised by a decision of the European Commission as having adequate standards for the protection of personal data, is available on the European Commission’s website: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_lt.

Video surveillance

In order to ensure the protection of its assets and the security of the Bank’s employees and customers, the Bank carries out video surveillance. Locations where video surveillance is carried out are marked with special information signs.

The video surveillance data are recorded and stored for a minimum of thirty (30) and a maximum of ninety (90) days. If the video surveillance data are necessary for the Bank’s internal investigation, are/shall be used as evidence in a civil, administrative or criminal case or in other cases established by the legal acts of the Republic of Lithuania, the video surveillance data shall be stored to the extent necessary to achieve these purposes.

Profiling and automated decision making

In certain cases, the Bank carries out profiling and makes decisions by automated means:

What personal data processing principles do we adhere to?

When processing personal data, the Bank adheres to the following principles:

How do we protect your personal data?

When processing your personal data, we implement various organisational and technical measures to protect your personal data against accidental or unlawful destruction, alteration, disclosure as well as from any other unauthorised form of processing. The Bank requires that the processors used by the Bank for the processing of your personal data or which have access to your personal data when providing services to the Bank take appropriate technical and organisational measures, which would ensure the security and integrity of your personal data.

However, please note that even though we take appropriate steps to protect your personal data, no website or e-mail can guarantee complete security due to reasons beyond the control of the Bank. Therefore, you should be careful and assume the risk associated with providing personal data to the Bank on the website or by e-mail.

How long do we keep your personal data?

We store your personal data for not longer than it is necessary to achieve the stated purpose. Once the set objective is achieved, your personal data are deleted, unless the applicable legislation requires that the Bank store the data for the time period prescribed by such legislation. Once this period expires, the data are deleted/destroyed so that they cannot be reproduced. Specific personal data retention periods depend on the legal grounds for processing of your personal data.

Cookies, alerts and other similar technologies

During your visit to the Bank’s website www.medbank.lt, we want to provide you with information and functions that are tailored specifically to your needs. This requires the use of cookies. Cookies are small information elements stored on your web browser. They help the Bank to recognize you as a previous visitor to the Bank’s website, save your visit history and adapt the content accordingly. Cookies also help the Bank to ensure smooth functioning of the Bank’s website, allow monitoring the duration and frequency of the visits to the website and collecting statistical information on the number of visitors to the website. Analysis of such data helps us improve the Bank’s website and make it more comfortable for your use.

You can read more about the Cookie policy here.

What are your rights?



You,
as the data subject whose personal data is processed by the Bank, have the
following rights:



The Bank provides the opportunity to exercise the above rights upon identification and verification of your identity. You can exercise your rights by submitting a written request to the Bank at any of the Bank’s customer service units, by mail to Pamėnkalnio g. 40, LT-01114 Vilnius, by email to [email protected] (when the request is sent by email, it must be signed with a qualified electronic signature) or through the Bank’s online banking system, and, in certain cases, by using certain links provided at the bottom of the promotional content provided by the Bank.

The Bank will provide you with information about the steps taken on receipt of your request to exercise the data subject’s rights within one (1) month from receipt of your request. The time limit for the Bank’s response may be extended for two (2) months, taking into account the complexity of the request and the number of requests received by the Bank. In any case, the Bank will inform you about the extension of the time period and the reasons for such extension.

If your requests are clearly unreasonable or disproportionate (e.g. because of their repetitiveness), the Bank has the right to charge a reasonable fee, taking into account the costs of providing information

The Bank may refuse to allow you to exercise the above rights, where prevention, investigation and detection of crimes or violations of official or professional ethics and the protection of rights and freedoms of other persons must be ensured in the cases provided by law, or where these rights cannot be exercised in accordance with the requirements of General Data Protection Regulation (EU) 2016/679. In the event that you make a request to the Bank for access to your data and how it is processed and request certain information which constitutes confidential information of the Bank (for example, trade secrets), the information may be provided to you to the extent necessary to ensure that the Bank’s interests are not prejudiced or threatened.

Contact us

Medicinos Bankas UAB


Pamėnkalnio g. 40, LT-01114 Vilnius


Tel. 19 300 (for calls from Lithuania), +370 5 264 48 00 (for calls from abroad)


Email: [email protected]



Contact details of the Bank are available on the Bank’s website at

https://www.medbank.lt/lt/kontaktai.


If you have any questions regarding the information presented in this Privacy Policy or any other questions related to the processing of your personal data, please contact the designated Data Protection Officer of the Bank by any of the following means:

Final Provisions

Websites of other companies in the Bank’s Group which carry out specific functions may contain additional information about privacy.

This Privacy Policy enters into force on 22 May 2023.

The Bank has the right to unilaterally amend this Privacy Policy by informing you by a notice published on the Bank’s website www.medbank.lt, by e-mail or a message sent via the online banking system.

This Privacy Policy is publicly available on the Bank’s website www.medbank.lt and can be accessed at any customer service unit of the Bank.

This Privacy Policy will be revised and updated taking into account the changes in legislation and/or Bank’s activities, but at least once every two (2) years. Once the Privacy Policy is updated, we will inform you by posting a notice on the Bank’s website at www.medbank.ltand/or by other means.

Your browser is out of date. For better experience please update it here: Chrome, Firefox, Opera, Safari.