Privacy policy


General provisions

Terms and definitions

What personal data do we process?

For what purposes do we process your personal data?

On what grounds do we process your personal data?

Where do we get your personal data from?

Who do we transfer your personal data to?

In which countries are your personal data processed?

Video surveillance

Profiling and automated decision making

What personal data processing principles do we adhere to?

How do we protect your personal data?

How long do we keep your personal data?

Cookies, alerts and other similar technologies

What are your rights?

Final Provisions

General provisions

This Privacy Policy sets out and explains how Medicinos Bankas UAB (“Bank”) collects and processes your personal data.

The purpose of this Privacy Policy is to inform you about the ways your personal data are collected and processed and to ensure a fair and transparent process of personal data processing in the Bank.

It is very important that you carefully read this Privacy Policy, because its terms and conditions will apply every time you use/express an intention to use the Bank’s services at the Bank’s customer service units or in the internet banking system, browse the Bank’s website www.medbank.lt, visit the Bank’s premises, call the Bank’s contact centre and in other cases, where your data are processed.

We confirm that when processing your personal data, the Bank observes:

The Bank may amend this Privacy Policy in the future. Therefore, we recommend that you review it from time to time.

Terms and definitions

The terms used in this Privacy Policy shall be understood as follows:

Other terms used in this Privacy Policy shall be understood as they are defined in the General Data Protection Regulation (EU) 2016/679 and other legislation governing the protection of personal data.

What personal data do we process?

The Bank processes personal data of the following categories:

For what purposes do we process your personal data?

The Bank processes your personal data for the following purposes:

On what grounds do we process your personal data?



The Bank processes your personal data on the following legal grounds defined in the General Data Protection Regulation (EU) 2016/679:



Where do we get your personal data from?

Please note that if you provide personal data of other persons related to you (e.g. family members, company employees, shareholders, guarantor, etc.), you are required to inform those persons of the processing of their personal data by the Bank and to make them aware of this Privacy Policy.

The Bank obtains your personal data from other sources, such as:

Who do we transfer your personal data to?

The Bank may transfer your personal data to the following entities:

The Bank ensures that your personal data are transmitted strictly in accordance with applicable legislation. Service providers (processors) used by the Bank process your data only for strictly defined purposes, which are set out in personal data processing contract.

In which countries are your personal data processed?

Generally, your personal data are processed and stored in the territory of the European Union (EU) and the European Economic Area (EEA). However, in some cases, we may need to transfer your personal data to other countries outside the EU and EEA, or international organisations that may apply a lower-level data protection policy. In such cases, the Bank will take all steps to ensure the security of transferred personal data.

The Bank transfers personal data to countries outside the EU and EEA, or to international organisations, if one of the following security measures is applied:

Video surveillance

In order to ensure the protection of its assets and the security of the Bank’s employees and customers, the Bank carries out video surveillance. Locations where video surveillance is carried out are marked with special information signs.

The video surveillance data are recorded and stored for a minimum of thirty (30) and a maximum of ninety (90) days. If the video surveillance data are necessary for the Bank’s internal investigation, are/shall be used as evidence in a civil, administrative or criminal case or in other cases established by the legal acts of the Republic of Lithuania, the video surveillance data shall be stored to the extent necessary to achieve these purposes.

Profiling and automated decision making

In certain cases, the Bank carries out profiling and makes decisions by automated means:

What personal data processing principles do we adhere to?

When processing personal data, the Bank adheres to the following principles:

How do we protect your personal data?

When processing your personal data, we implement various organisational and technical measures to protect your personal data against accidental or unlawful destruction, alteration, disclosure as well as from any other unauthorised form of processing. The Bank requires that the processors used by the Bank for the processing of your personal data or which have access to your personal data when providing services to the Bank take appropriate technical and organisational measures, which would ensure the security and integrity of your personal data.

However, please note that even though we take appropriate steps to protect your personal data, no website or e-mail can guarantee complete security due to reasons beyond the control of the Bank. Therefore, you should be careful and assume the risk associated with providing personal data to the Bank on the website or by e-mail.

How long do we keep your personal data?

We store your personal data for not longer than it is necessary to achieve the stated purpose. Once the set objective is achieved, your personal data are deleted, unless the applicable legislation requires that the Bank store the data for the time period prescribed by such legislation. Once this period expires, the data are deleted/destroyed so that they cannot be reproduced. Specific personal data retention periods depend on the legal grounds for processing of your personal data.

Cookies, alerts and other similar technologies

During your visit to the Bank’s website www.medbank.lt, we want to provide you with information and functions that are tailored specifically to your needs. This requires the use of cookies. Cookies are small information elements stored on your web browser. They help the Bank to recognize you as a previous visitor to the Bank’s website, save your visit history and adapt the content accordingly. Cookies also help the Bank to ensure smooth functioning of the Bank’s website, allow monitoring the duration and frequency of the visits to the website and collecting statistical information on the number of visitors to the website. Analysis of such data helps us improve the Bank’s website and make it more comfortable for your use.

Types of cookies used on the website of the Bank at www.medbank.lt:

On your device, the Bank may store only necessary cookies that are necessary for the operation of the Bank’s website. For all other types of cookies, we must obtain your consent. You may withdraw your consent at any time by changing your browser settings and deleting saved cookies. You can find information on how to do this online, in the help page of your web browser.

Below is the list of cookies used on the website of the Bank at www.medbank.lt sorted by type, collected data and validity period:

Cookie name

Purpose of the cookie

Best before date

Type of the cookie

CookieConsent [x2]

The cookie used to store the visitor’s choice regarding the use of cookies.

Upon acceptance of the use of cookies



Valid for 1 year

Necessary

CookieConsentBulkSetting-#

These cookies remember the visitor’s choice regarding the use of cookies on different pages and products of Medicinos Bankas.

Permanent

Necessary

rc::c

The cookie used to determine whether the visitor is not a robot.

Session

Necessary

rc::a

The cookie used to determine whether the visitor to is not a robot in order to generate reports on the use of the website.

Permanent

Necessary

XSRF-TOKEN [x2]

The cookie used to ensure security by preventing the cross-site request forgery.

Valid for 24 hours

Necessary

medbank_prod_ls

Cookies for identification of sessions.

Session

Necessary

laravel_session

SandboxSession

medbanksess

Cookies for identification of sessions.

Session

Session

Session

Necessary

MD_SmartIdLoginSuccess

MD_SmartIdLoginSuccess

The cookie used to remember a successful user login.

3 months

3 months

Necessary

IBAType

The cookie used to remember the last authentication means selected by the user.

3 months

Necessary

MD_SmartIdPersonCode

The cookie used to remember whether a user has already entered his/her personal identification number on the same device and in the same browser.

3 months

Necessary

MD_MSignPersonPhone

The cookie used to remember whether a user has already entered his/her phone number on the same device and in the same browser.

3 months

Necessary

MedBanklettersCount

The cookie used to remember the number of unread messages.

10 minutes

Necessary

GUID [x2]

The cookie that saves the status of the visitor in all site requests.

Valid for one year

Necessary

major_type

The cookie intended to ensure the functionality of the website: saves the selected customer type.

Valid for 6 days

Functional

_dc_gtm_UA-#

The cookie used by Google Tag Manager and allows loading part of the program code.

Valid for 24 hours

Statistic

collect

The cookie collects information about the visitor’s device and behaviour and transmits the information to Google Analytics.

Valid throughout the session

Statistic

_ga

Tracking cookies of Google Analytics. The cookies collect information about the behaviour of the visitor on the website and are used to store statistical information.

Valid for 2 years

Statistic

_gid

Tracking cookies of Google Analytics. The cookies collect information about the behaviour of the visitor on the website and are used to store statistical information.

This cookie is used by Google Analytics to limit the frequency of requests.


Valid for 24 hours

Statistic

_ga_#

A tracking cookie of Google Analytics that collects information about the number of visits by the visitor and dates of the first and most recent visit.

2 years

Statistic

_gat

This cookie is used by Google Analytics to limit the frequency of requests.

Valid for 24 hours.

Statistic

_gcl_au

The cookies used by Google Adsense to personalise advertisements based on the browsing experience of the visitor and analysis thereof.

Valid for 3 months

Marketing

ads/ga-audiences

This cookie is used by Google AdWords and collects information about the behaviour of the visitor for the purpose of re-engaging the visitor.

Valid throughout the session

Marketing

_fbp

fr

tr

The cookies used to create a user and display targeted advertisements on third-party websites, such as facebook.com.

Valid for 3 months

Valid for 3 months

Valid throughout the session

Marketing

pagead/landing

The cookie collects data on visitor behaviour from multiple websites in order to present more relevant advertisement. This also allows the website to limit the number of times that they are shown the same advertisement.

Valid throughout the session

Marketing

TradeDoublerGUID

Technical server-side cookie of Tradedoubler that sores the history of user activity on the website.

Valid for 1 years

Marketing

test_cookie

The cookie used to check whether the visitor’s browser accepts cookies.

24 hours

Marketing

diffx/track/partner

The Smart Adserver system cookie used to collect statistical information for the display of advertisements.

Throughout the session

Marketing

partner-<ID>*

he cookies used by Smart Adserver collecting information for statistics and advertising purposes.

Valid from one day to several years

Marketing

Cookie name

CookieConsent [x2]

Purpose of the cookie

The cookie used to store the visitor’s choice regarding the use of cookies.

Best before date

Upon acceptance of the use of cookies



Valid for 1 year

Type of the cookie

Necessary

Cookie name

CookieConsentBulkSetting-#

Purpose of the cookie

These cookies remember the visitor’s choice regarding the use of cookies on different pages and products of Medicinos Bankas.

Best before date

Permanent

Type of the cookie

Necessary

Cookie name

rc::c

Purpose of the cookie

The cookie used to determine whether the visitor is not a robot.

Best before date

Session

Type of the cookie

Necessary

Cookie name

rc::a

Purpose of the cookie

The cookie used to determine whether the visitor to is not a robot in order to generate reports on the use of the website.

Best before date

Permanent

Type of the cookie

Necessary

Cookie name

XSRF-TOKEN [x2]

Purpose of the cookie

The cookie used to ensure security by preventing the cross-site request forgery.

Best before date

Valid for 24 hours

Type of the cookie

Necessary

Cookie name

medbank_prod_ls

Purpose of the cookie

Cookies for identification of sessions.

Best before date

Session

Type of the cookie

Necessary

Cookie name

laravel_session

SandboxSession

medbanksess

Purpose of the cookie

Cookies for identification of sessions.

Best before date

Session

Session

Session

Type of the cookie

Necessary

Cookie name

MD_SmartIdLoginSuccess

MD_SmartIdLoginSuccess

Purpose of the cookie

The cookie used to remember a successful user login.

Best before date

3 months

3 months

Type of the cookie

Necessary

Cookie name

IBAType

Purpose of the cookie

The cookie used to remember the last authentication means selected by the user.

Best before date

3 months

Type of the cookie

Necessary

Cookie name

MD_SmartIdPersonCode

Purpose of the cookie

The cookie used to remember whether a user has already entered his/her personal identification number on the same device and in the same browser.

Best before date

3 months

Type of the cookie

Necessary

Cookie name

MD_MSignPersonPhone

Purpose of the cookie

The cookie used to remember whether a user has already entered his/her phone number on the same device and in the same browser.

Best before date

3 months

Type of the cookie

Necessary

Cookie name

MedBanklettersCount

Purpose of the cookie

The cookie used to remember the number of unread messages.

Best before date

10 minutes

Type of the cookie

Necessary

Cookie name

GUID [x2]

Purpose of the cookie

The cookie that saves the status of the visitor in all site requests.

Best before date

Valid for one year

Type of the cookie

Necessary

Cookie name

major_type

Purpose of the cookie

The cookie intended to ensure the functionality of the website: saves the selected customer type.

Best before date

Valid for 6 days

Type of the cookie

Functional

Cookie name

_dc_gtm_UA-#

Purpose of the cookie

The cookie used by Google Tag Manager and allows loading part of the program code.

Best before date

Valid for 24 hours

Type of the cookie

Statistic

Cookie name

collect

Purpose of the cookie

The cookie collects information about the visitor’s device and behaviour and transmits the information to Google Analytics.

Best before date

Valid throughout the session

Type of the cookie

Statistic

Cookie name

_ga

Purpose of the cookie

Tracking cookies of Google Analytics. The cookies collect information about the behaviour of the visitor on the website and are used to store statistical information.

Best before date

Valid for 2 years

Type of the cookie

Statistic

Cookie name

_gid

Purpose of the cookie

Tracking cookies of Google Analytics. The cookies collect information about the behaviour of the visitor on the website and are used to store statistical information.

This cookie is used by Google Analytics to limit the frequency of requests.


Best before date

Valid for 24 hours

Type of the cookie

Statistic

Cookie name

_ga_#

Purpose of the cookie

A tracking cookie of Google Analytics that collects information about the number of visits by the visitor and dates of the first and most recent visit.

Best before date

2 years

Type of the cookie

Statistic

Cookie name

_gat

Purpose of the cookie

This cookie is used by Google Analytics to limit the frequency of requests.

Best before date

Valid for 24 hours.

Type of the cookie

Statistic

Cookie name

_gcl_au

Purpose of the cookie

The cookies used by Google Adsense to personalise advertisements based on the browsing experience of the visitor and analysis thereof.

Best before date

Valid for 3 months

Type of the cookie

Marketing

Cookie name

ads/ga-audiences

Purpose of the cookie

This cookie is used by Google AdWords and collects information about the behaviour of the visitor for the purpose of re-engaging the visitor.

Best before date

Valid throughout the session

Type of the cookie

Marketing

Cookie name

_fbp

fr

tr

Purpose of the cookie

The cookies used to create a user and display targeted advertisements on third-party websites, such as facebook.com.

Best before date

Valid for 3 months

Valid for 3 months

Valid throughout the session

Type of the cookie

Marketing

Cookie name

pagead/landing

Purpose of the cookie

The cookie collects data on visitor behaviour from multiple websites in order to present more relevant advertisement. This also allows the website to limit the number of times that they are shown the same advertisement.

Best before date

Valid throughout the session

Type of the cookie

Marketing

Cookie name

TradeDoublerGUID

Purpose of the cookie

Technical server-side cookie of Tradedoubler that sores the history of user activity on the website.

Best before date

Valid for 1 years

Type of the cookie

Marketing

Cookie name

test_cookie

Purpose of the cookie

The cookie used to check whether the visitor’s browser accepts cookies.

Best before date

24 hours

Type of the cookie

Marketing

Cookie name

diffx/track/partner

Purpose of the cookie

The Smart Adserver system cookie used to collect statistical information for the display of advertisements.

Best before date

Throughout the session

Type of the cookie

Marketing

Cookie name

partner-<ID>*

Purpose of the cookie

he cookies used by Smart Adserver collecting information for statistics and advertising purposes.

Best before date

Valid from one day to several years

Type of the cookie

Marketing

When using a browser to access the content provided by the Bank, you can configure it to accept all cookies, reject all cookies or alert you when a cookie is sent. All browsers are different. If you do not know how to change cookie settings, see the browser’s help menu. The operating system of your device may have additional cookie controls. If you do not want to have your information collected using cookies, use the simple procedure offered by most browsers to opt out of using cookies. For more information about managing cookies, please visit https://www.allaboutcookies.org/manage-cookies/. However, please note that some services may be designed to operate only with cookies and once cookies are disabled, you will not be able to use them or certain parts of them.

In addition to the cookies used by the Bank on its website at www.medbank.lt, certain third parties are allowed to save and access cookies on your computer. In such case, the use of cookies is subject to third-party privacy policies.

Please note that the Bank's social network accounts are subject to the cookie policy of the respective social network.

The Bank’s website at www.medbank.lt may contain links to third-party websites. Please note that the Bank is not responsible for the content or privacy protection principles of such websites. Therefore, if a link given on the Bank’s website takes you to another website, you should read its privacy policy.

Bank website www.medbank.ltcontains Facebook and LinkedIn plug-ins and using them requires transfer of your data, such as IP address, to the social network administrator. Further information about how the social network administrators are processing your personal data is available on their websites.

What are your rights?



You,
as the data subject whose personal data is processed by the Bank, have the
following rights:



The Bank provides the opportunity to exercise the above rights upon identification and verification of your identity. You can exercise your rights by submitting a written request to the Bank at any of the Bank’s customer service units, by mail to Pamėnkalnio g. 40, LT-01114 Vilnius, by email to dpo@medbank.lt (when the request is sent by email, it must be signed with a qualified electronic signature) or through the Bank’s online banking system, and, in certain cases, by using certain links provided at the bottom of the promotional content provided by the Bank.

The Bank will provide you with information about the steps taken on receipt of your request to exercise the data subject’s rights within one (1) month from receipt of your request. The time limit for the Bank’s response may be extended for two (2) months, taking into account the complexity of the request and the number of requests received by the Bank. In any case, the Bank will inform you about the extension of the time period and the reasons for such extension.

If your requests are clearly unreasonable or disproportionate (e.g. because of their repetitiveness), the Bank has the right to charge a reasonable fee, taking into account the costs of providing information

The Bank may refuse to allow you to exercise the above rights, where prevention, investigation and detection of crimes or violations of official or professional ethics and the protection of rights and freedoms of other persons must be ensured in the cases provided by law.

Contact us

Medicinos Bankas UAB


Pamėnkalnio g. 40, LT-01114 Vilnius


Tel. 19 300 (for calls from Lithuania), +370 5 264 48 00 (for calls from abroad)


Email: info@medbank.lt



Contact details of the Bank are available on the Bank’s website at

https://www.medbank.lt/lt/kontaktai.


If you have any questions regarding the information presented in this Privacy Policy or any other questions related to the processing of your personal data, please contact the designated Data Protection Officer of the Bank by any of the following means:

Final Provisions

Websites of other companies in the Bank’s Group which carry out specific functions may contain additional information about privacy.

This Privacy Policy enters into force on 15 April 2021.

The Bank has the right to unilaterally amend this Privacy Policy by informing you by a notice published on the Bank’s website www.medbank.lt, by e-mail or a message sent via the online banking system.

This Privacy Policy is publicly available on the Bank’s website www.medbank.lt and can be accessed at any customer service unit of the Bank.

This Privacy Policy will be revised and updated taking into account the changes in legislation and/or Bank’s activities, but at least once every two (2) years. Once the Privacy Policy is updated, we will inform you by posting a notice on the Bank’s website at www.medbank.ltand/or by other means.

Your browser is out of date. For better experience please update it here: Chrome, Firefox, Opera, Safari.