Change language:

SEB Lithuania Personal Data Processing Policy

(PDF version)

Our aim is to keep you fully informed about the processing of your personal data, whether you interact with us in person, electronically (for example, through our internet bank, mobile app, website) or in any other way you choose. This document applies to you if your data is processed by SEB companies in Lithuania.

This Personal Data Processing Policy of SEB companies in Lithuania (the "Policy") is intended to inform you about the purposes and grounds on which we process your personal data, where we obtain your personal data, to whom we provide it and for how long we store it, what security measures we use, and how you can exercise your rights as a data subject. This is to ensure fair and transparent processing of personal data.

Please take the time to review this Policy. If you have any questions, please contact us using one of the following methods. We update the Policy regularly and encourage you to review this document periodically.

Your personal data is processed in accordance with the General Data Protection Regulation (EU) 2016/679 (the "General Data Protection Regulation" or "GDPR"), the Republic of Lithuania Law on Legal Protection of Personal Data, and other legal acts regulating the legal protection of personal data and the activities of financial institutions and the services they provide.

Table of Contents

  1. Definitions
  2. Contact details of the Data Protection Office
  3. Data we process (categories of data subjects)
  4. Data we process about you (categories of data)
  5. For what purposes and on what legal grounds do we process your personal data?
  6. Where do we obtain your personal data from?
  7. Who do we provide your personal data to?
  8. Transfer of personal data to third countries
  9. How long do we process your personal data?
  10. Personal data security
  11. What are your rights?
  12. How can you exercise your data protection rights?
  13. Validity and changes to the Privacy Policy

1. Definitions

  1. Personal data means any information relating directly or indirectly to the data subject, i.e. you, such as: name, surname, telephone number, bank account number, details of payments made and received, health data, etc.
  2. Bank means AB SEB bankas, legal entity code 112021238, registered office address Konstitucijos pr. 24, Vilnius – SEB Group company providing financial services.
  3. Processing means any operation which is performed on personal data, including collection, recording, organisation, structuring, storage, adaptation or alteration, consultation, use, disclosure, erasure or destruction.
  4. Processor means a natural or legal person which processes personal data on behalf of the Controller.
  5. Controller means a natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data. In the context of this Policy, the Controller shall be deemed to be a specific SEB company in Lithuania, depending on the purposes for which it processes personal data.
  6. Data subject (you) means a natural person whose personal data we process. This may include not only you, but also your family members or third parties in the cases set out in this Policy.
  7. Customer means a natural person or a representative of a legal person who uses, has used or intends to use the services of any of the SEB companies in Lithuania, such as financial services, life insurance, pension savings.
  8. Questionnaire means a questionnaire prepared by the Bank to fulfil the Know Your Customer requirements of as set out in the legislation, to be filled in by the Customer.
  9. SEB Life and Pension Baltic SE, SEB Group company registered in Latvia which provides life insurance services providing services in Lithuania through its branch, legal entity code 305351885, registered office address Konstitucijos pr. 24, Vilnius.
  10. UAB “SEB investicijų valdymas”, legal entity code 125277981, registered office address Konstitucijos pr. 24, Vilnius. It is a SEB Group company that manages pension funds and provides investment management services.
  11. Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
  12. SEB companies in Lithuania ("SEB Lithuania") means any legal entity or its branch belonging to the SEB Group which has its registered office in Lithuania and acts as a controller or processor of personal data. A list of SEB Lithuania companies and contact details is available on the website www.seb.lt. In the context of this Policy, SEB Lithuania may refer to AB SEB bankas, UAB “SEB Investicijų valdymas”, SEB Life and Pension Baltic SE, or all of them together.
  13. SEB Group means Skandinaviska Enskilda Banken, AB (publ.), a company incorporated in Sweden, and all legal persons and their subsidiaries directly or indirectly owned by it.
  14. Other terms used in the Policy shall be understood as defined in the General Data Protection Regulation or in the laws governing the legal protection of personal data and the activities of financial institutions.

2. Contact details of the Data Protection Officer

If you have any questions regarding the processing of your personal data, please contact the Data Protection Officer of SEB Lithuania by calling the general consultation phone number +370 5 268 2800, or by email to duomenuapsauga@seb.lt, or by mail to Konstitucijos pr. 24, LT-08131, Vilnius.

3. Data we process (categories of data subjects)

SEB Lithuania processes the data of the following data subjects (natural persons) in the course of its activities:

  • Customers and their legal representatives;
  • Customer family members and close associates. 
    Close associate:
    • A natural person who is a member of the same legal person or unincorporated organisation as the politically exposed person, or who has other business relationships with the politically exposed person;
    • A natural person who is the sole beneficiary of a legal person established or acting de facto for the purpose of obtaining pecuniary or other personal gain for a politically exposed person;
  • Guarantors, co-debtors, pledgors of customers;
  • The parties to the transactions in which the customer is involved;
  • Customer debtors, creditors;
  • Persons eligible for life insurance benefits;
  • Customer successors;
  • Payers and payees (third parties who are not Customers);
  • Customers – managers, shareholders, members of the board of directors or other collegial body, ultimate beneficial owner (UBO) of legal persons, representatives of the company acting under a power of attorney or other legal basis;
  • Other persons who apply to SEB Lithuania.

 N.B. Article 14 of the General Data Protection Regulation provides for cases where we, as a controller, are exemptedfrom the obligation to provide data subjects whose data was obtained not from the data subject with informationabout the processing of his or her data, including where the provision of such information is not feasible or wouldrequire a disproportionate effort (e.g. where we do not have a business relationship with the third party, we do notknow the third party's contact details, etc). Therefore, if you provide us with the data of third parties, we recommendthat you make them aware of this Policy.

4. Data we process about you (categories of data)

In this section, we list the main categories of personal data processed by SEB Lithuania. However, given the specific nature of our activities, it is not possible to list all data categories we process in the Policy, therefore the list below is not exhaustive. The scope of the data processed may vary depending on the purposes for which SEB Lithuania processes the data of that person.

We process the following personal data:

  • personal identification data, such as name, surname, personal identification number, date of birth, data and copies of personal documents (passport, ID card, driving licence), photograph, nationality; biometric data, such as your facial image (selfie) and video, which are processed when you intend to become a customer remotely using the mobile app;
     N.B. To ensure that the data in your identity documents is accurate and correct, we automatically update thisinformation by obtaining it from the Registers of Invalid Documents and Population.
  • contact details such as telephone number, email address, residential address, registration address or mailing address;
  • identification data in the Bank systems, such as the customer's identification number in the Bank systems (customer ID), internet bank user login data (internet banking user ID);
  • data about the device used to access the internet bank, how you use it to make payments, IP address, date, time, duration of the sessions you use to access the internet bank or mobile app;
  • data on your financial literacy and investment goals, such as your education, investment knowledge and experience;
  • data about your contracts with SEB Lithuania, depending on the services provided to you by SEB Lithuania,
    e.g. bank account, pension savings, internet bank, mortgage, leasing, consumer credit, life insurance, and otherdata on your contracts with SEB Lithuania and the performance of such contracts;
  • data about contracts with third parties, such as contracts for the sale of real estate, leases, guarantees and other contracts;
  • payment data, such as the name of the sender, recipient, account number, purpose of the payment, amount and currency of the payment, payer identification code, details of payment instruments (e.g. bank card, account, Apple Pay, Google Pay, etc.) and their usage, deposits, withdrawals, etc.;
     N.B. When indicating the purpose of the payment, please do not enter special categories of data (data revealingracial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, health data, ordata concerning sex life and sexual orientation) in the field.
  • economic data, such as your current and former employment, your economic and commercial activities (being a farmer, self-employed, etc.), the stability and sources of your income, your assets, your financial liabilities, your country of residence for tax purposes, your tax payer code, whether you are a taxpayer in other countries, etc.;
  • sociodemographic data such as marital status, number of dependants, family details, whether you are a person in need;
  • data about your IP address, online behaviour and habits, which we determine based on your actions in the internet bank, the mobile app or when using other electronic channels of SEB Lithuania;
  • data about your interests, hobbies and needs, which you provide when communicating with SEB Lithuania employees or when using SEB Lithuania services;
  • audiovisual (audio-visual) data, such as video, audio recordings, when you visit SEB Lithuania branches, call the Bank on numbers that are recorded (in this case, we will inform you at the beginning of the conversation that the conversation will be recorded), use remote consultations, or intend to become a customer of SEB Lithuania by remote means;
  • data obtained from public officials and authorities, such as data obtained as a result of requests from notaries, bailiffs, law enforcement authorities, courts, decisions, etc.;
  • data on your reliability, economic activities, business relationships, planned financial transactions in order to comply with the Know Your Customer requirements and to ensure compliance with the legal requirements in the field of prevention of money laundering and terrorist financing and enforcement of international sanctions;
  • data on the assets to be acquired, such as information on the movable (e.g. car) or immovable (e.g. home) assets for which the financing is requested;
  • debt data, such as the origin of the debt, the date it was incurred, its overdue date, the amount of the debt, payment information, details of the request for deferment, etc.;
  • the identity of the representative or manager of the legal person, such as name, surname, date of birth, country of birth, personal identification number, nationality, identity document details, and contact details;
  • the identity of the legal person's ultimate beneficial owners, such as name, surname, date of birth, country of birth, personal identification number, nationality, identity document details, residential address, country of residence for tax purposes, tax payer identification number, and whether or not the person is a Politically Exposed Person (PEP);
  • special categories of data such as:
    • biometric data – a facial image (selfie) and a video, which is only processed when you intend to become a customer by remote means via the mobile app, with your consent;
    • health data:
      • in the case of life insurance, for the purpose of assessing the insurance risk and investigating the circumstances of an insured event (with your consent);
      • assessing your income when seeking to provide financing services (to comply with legal requirements), assessing customers' requests to defer mortgage or consumer credit payments, or deciding whether to write off a debt (with your consent or where required by law).

5. For what purposes and on what legal grounds do we process your personal data?

  • In order to identify you when you intend to become our customer at the Bank's branch and to fulfil the Know Your Customer requirements, we process your identity and contact details, country of origin, nationality, accounts with other banks (including foreign banks), data on the ultimate beneficial owners (where the client is a legal person), whether you or your close family member or associate is a politically exposed person, the projected income, the origin and source of the income, and whether or not you are on any international sanctions lists. We process this data on the basis of a legal obligation and legitimate interest to prevent financial crime, to properly implement anti-fraud measures and to comply with international sanctions (more information on Know Your Customer requirements).
  • In order to comply with tax evasion legislation, we process your personal identity data and information about whether you are a taxpayer in other countries, whether you have accounts with other banks, and your country of residence for tax purposes. We process this data on the basis of a legal obligation.
  • In order to identify you when you intend to become our customer through the mobile app and to fulfil the Know Your Customer requirements, we process your personal identity and other data necessary for the fulfilment of the Know Your Customer requirements; the data of the device you use to connect to the mobile app, your IP address. We process this data on the basis of a legal obligation.
    • Where a minor client is represented by a parent or guardian, we additionally process the identity data of the parent or guardian. We process this data on the basis of a legal obligation.
    • When you become a customer through the mobile app, we also process your biometric personal data such as facial recognition, voice, video. We only process this data with your consent.
  • When you become a customer by other remote means (during a video consultation with a Bank employee), we process your identity data, data on the authentication of your identity with a qualified electronic signature and other data necessary to meet the Know Your Customer requirements. We process this data on the basis of a legal obligation. We also keep a video and audio recording of your remote meeting with us on the basis of legitimate interest, so that we have evidence that you have become a customer legitimately and that there was no fraud during the video consultation. When a minor intends to become a customer and the minor's parents or guardians are present during the same remote meeting, we also process their video and audio recording.
  • In the case of a minor child (aged 7 – 13 years), when one of the parents submits an application through our internet bank, we process the personal identity data of the minor and the parent who applies for an account for the child, as well as the information on whether the applicant has the right to act as a representative of the child. This data is obtained automatically from the registers maintained by the State Enterprise Centre of Registers. We process the data on the basis of a legal obligation and legitimate interest to ensure that the minor can become a customer of the Bank and that the minor's parent has the right to represent the minor.
  • In order to enter into service agreements and other contracts, we process your identity data, contact details and other data necessary for the conclusion of a specific contract, e.g. for a bank account, internet bank, mortgage, leasing, pension savings, etc. We process this data on the basis of the conclusion and performance of a contract.
  • If you are a business customer (e.g. a farmer), we check your creditworthiness in the Bank of Lithuania's loan risk database, and the details of the land you are purchasing in the Real Estate Cadastre and Register. When you use a personal account for business related transactions, we may also process data from this personal account.
  • In order for you to participate in the loyalty programme “Mylimiausia", when you choose a payment card linked to the loyalty programme, we process your personal data, such as your name, surname, gender, date of birth, email address, telephone number, residential address (city), last four digits of the payment card number of the Mylimiausia payment card, and the expiry date, and we pass it on to the partners of the loyalty programme. This data is transferred on the basis of the conclusion or performance of a contract. If you give direct marketing consent to our loyalty programme partners, we also pass this information on to them. If you have given your direct marketing consent to loyalty programme partners, the data received will be processed by the partners not only for the purpose of running the loyalty programme (e.g. providing cash and discounts), but also for the purpose of direct marketing (e.g. sending you personalised offers).
  • In order to contact you, to provide you with consultations on the services you use, to respond to your requests, claims, etc., we process your identity data, contact details and other data related to your request, inquiry or claim. We process this data on the basis of a legal obligation, the performance of a contract or legitimate interest, depending on the nature of your request.
  • In order to prevent money laundering and terrorist financing, we regularly monitor our customers' business relationships and process data on your payment transactions and the source of funds. For this purpose, we may ask you to provide documents proving the origin of the funds (e.g. a copy of a real estate purchase agreement, a donation agreement, audited annual accounts, a copy of an invoice), queries or information provided by other banks, financial institutions or law enforcement authorities. Processing for this purpose also includes processing by automated means. In any case, automated decisions are reviewed by our staff. We may, in the circumstances, process data about persons connected to you (e.g. fund senders) to the extent necessary to comply with the requirements of the AML and CFT. We process this data on the basis of a legal obligation.
  • To ensure compliance with international sanctions, we carry out regular monitoring of our customers' payment transactions to determine whether you or a person related to you (e.g. a payee) are on international sanctions lists, and for this purpose, we process your identity data, nationality data, payment data, and whether or not you are a sanctioned person. Processing for this purpose also includes processing by automated means. In any case, automated decisions are reviewed by our staff. We process this data on the basis of a legal obligation to comply with EU and United Nations sanctions, or on the basis of legitimate interest to comply with United States sanctions, United Kingdom sanctions, and Switzerland sanctions.
  • In order to provide investment services, which include the provision of investment recommendations and portfolio management of financial instruments, we process data on your marital status, education, income, assets, existing financial commitments, financial plans and goals for using the investment services, risk tolerance, and investment experience and knowledge in order to carry out the suitability and acceptability assessment. For this purpose, we may process your data in an automated way (when you use the Robo-Advisor service). If you disagree with the automated decision, this decision will be reviewed and evaluated by a member of our staff at your request. We process this data on the basis of a legal obligation.
  • In order to comply with tax evasion legislation, we process your identity, whether you are a taxpayer in more than one country, your country of residence for tax purposes, the country from which the income will be received, and your accounts with other financial institutions. We process this data on the basis of a legal obligation.
  • To assess your creditworthiness and to be able to provide you with funding (e.g. mortgage, consumer credit, leasing, credit card with credit limit), and to meet our operational risk management requirements and to manage your debts to us, we process data about your income and its source, education, employment, job title, work experience, assets possessed, financial obligations, credit and payment history, marital status, details of debts, seizures, insolvency, etc. For this purpose, we must keep all the documents on the basis of which the decision to enter into the transaction was taken. In order to provide you with financing services, we may process your application data and data obtained from public registers and UAB Creditinfo Lietuva in an automated way (for more information see "Where we obtain your data from" and "Who we provide your data to"). If you disagree with the automated decision, the automated decision will be reviewed and evaluated by a member of our staff upon your request. We process this data on the basis of a legal obligation and a legitimate interest in managing the Bank's financial risk.
  • In order to monitor whether the financial or economic situation of our customers does not jeopardise the proper fulfilment of their obligations under the concluded contracts, we process data on your fulfilment of your contractual obligations to the Bank and other creditors, data on overdue payments, arrears, etc. We process this data on the basis of a legal obligation and a legitimate interest in managing the Bank's financial risk.
  • In order to manage our day-to-day operations and to protect our legitimate interests and those of our customers, we may process data such as information about legal or administrative proceedings in which you are involved, debts or other amounts owed by you to third parties, your assets (cash, investments in financial instruments, etc.), and any other information communicated to us by relevant authorities, bodies or individuals. We process this data on the basis of a legitimate interest to ensure the Bank's operations, to defend, exercise or assert legal claims.
  • In order to ensure the prevention of payment fraud, we process data on the transactions (purpose of the payment, amount, currency, payee, etc.), data on the time and location you connect to the internet bank from, the IP address of the device used to carry out the transaction, and the characteristics of the device or service
    used to determine whether, for example, a remote access tool has been installed on the device, etc. We process this data on the basis of a legal obligation and legitimate interest. For this purpose, we carry out automated data processing, including profiling.
    We may share information about fraud cases with SEB Group, SEB Group companies, other financial institutions and law enforcement authorities.
  • In order to provide payment services related to the application programming interfaces, in accordance with legal requirements, we process data such as your account number with another account manager, payment currency, name, type, balance and, in the case of the account information service, also a list of payment transactions on selected accounts and the details of those transactions, including amounts reserved, whether the account is subject to a credit limit etc. In the course of providing these services, we may pass on the IP address of the devices you use, information about your browser and browser version to other payment service providers that manage your accounts. We process this data on the basis of a legal obligation and the performance of a contract.
  • In order to provide the mobile app service, we process your name, personal identification number, account numbers, mobile phone number, your mobile device contact list (if this data is used for the purpose of linking an account), mobile phone numbers and other information listed in the mobile device contact list. As part of this service, we provide information to other users of the mobile app service who have your number in their contact list of mobile devices that you are a mobile app user; we may pass on the mobile app user's name, mobile phone number (in the case of a payment by phone number) and account number when executing a payment instruction or transferring a payment request.
    Please note that we do not collect or store the names, surnames, addresses or other similar data of persons in the contact list of the mobile app user's mobile device.
  • In order to provide the payment by phone number service, we process your alternate identifier (mobile phone number), payment account number, name and surname. We process this data on the basis of the performance of the contract and your consent.
  • In order to ensure and improve the quality of our services, our electronic platforms, content and services provided to you, we analyse (profile) your personal data in an automated way, including information about the services you use in SEB Lithuania, and analyse the history of your payment transactions. We process this data on the basis of our legitimate interest in ensuring and improving the quality of our services.
  • In order to carry out direct marketing – to send you tailored, relevant messages and information, to ask for your opinion on the quality of the services we provide and to invite you to participate in market research – we profile customers and for this purpose we process your identity data, country of residence, identification data in the SEB Lithuania systems (e.g. customer code), type of customer (e.g. business or private, age, etc.), contact details, information about the language you communicate in, your use of the bank's services (contracts concluded, accounts held), financial data, liabilities to SEB Lithuania, data on applications submitted, economic, socio-demographic data, information on when and where you connect to the internet bank and other electronic platforms, information on your meetings and calls (conversations) with SEB Lithuania employees (e.g. channel and date), data on past proposals to you, other data that helps us to select and provide you with offers that are relevant to you. We only profile customers and send personalised direct marketing on the basis of consent.
    With your separate consent, we may also send direct marketing offers, newsletters and surveys from our partners in Lithuania. For an up-to-date list of partners, see: https://www.seb.lt/en/partners-material.
     N.B. You can change or withdraw your direct marketing consent at any time by logging into the Customer Profile inyour internet bank account, on mobile app, by sending us an email at info@seb.lt or by phone +37052682800. We willask you if you agree to receive direct marketing when we provide you with a Questionnaire. You will also see a questionon renewal of direct marketing consent when you view this questionnaire.
     N.B. If you withdraw or change your direct marketing consent, it may take up to one working day for the withdrawalor change to be processed.
  • In order to ensure the protection of property and individuals on the territory and premises of SEB Lithuania, we carry out video surveillance and process your video data. We process this data on the basis of a legitimate interest in ensuring the security of the Bank's assets, employees and third parties.
  • In order to systematically monitor and prevent unlawful activities and continuously assess the risks involved, to protect you and your property from criminal acts (e.g. fraud, misappropriation of your data, identity), we collect and structure information on possible misuse of SEB Lithuania services, including your use of the mobile app and internet bank. For this purpose, we may also process contact information (e.g. for sending fraud prevention messages), payment instrument security data, payment transaction data. For this purpose, we may also exchange account numbers with other financial institutions that may be used for fraud. We process this data for the performance of a legal obligation and in the legitimate interest of managing the Bank's reputational risk and protecting our customers against loss.
  • In order to assert and defend our legal claims, we process your identity and the identity of persons related to you (e.g. guarantors, co-debtors, pledgors, etc.), contact data, data on services provided, contracts, payment data, financial obligations, debts owed to us, etc. For this purpose, we may transfer your data to our partners in the search for debtors in Lithuania and abroad. We process this data on the basis of our legitimate interest to manage our debts and to avoid or reduce our losses.
  • In order to (i) ensure the quality of our services, including remote services, (ii) have evidence of the conclusion or performance of a contract or other transaction that may give rise to legal consequences, (iii) be able to assert, defend or enforce legal claims, and (iv) comply with the law (e.g. to advise you on the acquisition of securities), we record and store telephone conversations between you and our employees. We process this data for the purposes of entering into a contract, performance of a legal obligation and legitimate interest.
  • In order to conclude and execute a life insurance contract, assess insurance risk and investigate insured events, we collect and provide reinsurers with data on your health, medical examinations and other medical data, life insurance services provided to you by other life insurance companies, and data from law enforcement authorities related to the investigation of insured events; in order to provide advice on life insurance services and to improve the quality of life insurance service provision processes, we may carry out automated analysis (profiling) of your personal data that you have voluntarily provided in the course of the consultation or product offering process, including health data, data on your age, gender, finances, if this is necessary for a specific purpose. We may make an automated decision based on the information we collect from you. If you disagree with the automated decision, this decision will be reviewed and evaluated by a member of our staff at your request. We process this data on the basis of consent.
  • In order to communicate with you on social media (Facebook, Youtube, Linkedin, Instagram and others), we process your name, information about your communication on your SEB Lithuania account ("like", "follow", "comment", "share", etc.), photos (profile and SEB Lithuania tags), information about messages sent to you, information about your participation in events or games organised by SEB Lithuania, and information about your rating of SEB Lithuania. This data is obtained directly from you (in your social media account) when you communicate with us (using social media tools such as "Send a message" or visiting the social media accounts we administer. Your personal data is used to communicate with each other in the public space, i.e. on social media. We process this data on the basis of a legitimate interest.
    Personal data provided on social media is processed jointly with the social media operator (e.g. Facebook, Youtube, Linkedin or Instagram platform), therefore, we suggest that you consult the privacy policies of the specific social media operator.
  • If you use mobile applications where SEB Lithuania is the developer or the holder of the developer's rights (e.g. "MyFootprint | SEB”), we process the data you provide when you use the app. We process this data on the basis of the conclusion or performance of a contract. Please read the privacy notice carefully before using the apps. You can read this message at any later time in the app settings.
  • In order to test IT systems and to carry out robotization of processes in SEB Lithuania, we may process various categories of personal data. Importantly, personal data may only be processed for testing purposes where there is no possibility to use non personal data and there is a risk that the malfunctioning of a particular system will lead to negative consequences for data subjects. The consequences of the system's inaction in such a case should outweigh the potential risk to the rights and freedoms of data subjects. We process this data on the basis of a legitimate interest in process supervision and incident management.

6. Where do we obtain your personal data from?

We process your personal data that:

  • is provided by you;
  • is provided by our Customers if you are, for example, a member of their family, co-debtor, guarantor, etc. (see section Categories of Data Subjects), or if you are a representative, employee, founder, shareholder, participant, owner of a legal person – the Customer, or if you have entered into an agreement with the Customer etc.;
  • we obtain from documents provided to us by our Customers, such as account statements, payment documents, sales and purchase contracts, court judgments, etc.;
  • we obtain from external sources, such as:
    • 6.4.1. from other banks and financial institutions;
    • 6.4.2. from other providers of payment, digital money services and other financial services;
    • 6.4.3. International card organisation “MasterCard”;
    • 6.4.4. European Payment Infrastructure Provider EBA CLEARING;
    • 6.4.5. from supervisory and other public bodies or institutions, such as the Bank of Lithuania (including the NASIS information system which contains a list of persons for whom applications have been made to prevent them from concluding consumer credit agreements, and the PRDB database which contains data on borrowers and the loans they have been granted), the Ministry of Finance, the Lithuanian Agricultural Advisory Service, the Statistics Department, the State Social Insurance Fund Board, the National Health Insurance Fund, and the National Paying Agency;
    • 6.4.6. from the State Enterprise Centre of Registers (Cadastre and Register of Real Estate, Population Register, Register of Contracts and Liens, Information System of Participants of Legal Entities (JADIS), Subsystem of Beneficiaries of Legal Entities (JANGIS), Register of Legal Entities, etc.);
    • 6.4.7. from the database of invalid personal documents managed by the Information Technology and Communications Department, the National Register of Wanted Persons;
    • 6.4.8. from State Enterprise Regitra;
    • 6.4.9. from law enforcement authorities;
    • 6.4.10. from Creditinfo Lithuania, UAB;
    • 6.4.11. from insurance companies;
    • 6.4.12. from healthcare institutions if you use SEB Lithuania's life insurance services;
    • 6.4.13. from natural or legal persons (valuers, notaries, bailiffs, lawyers, etc.) when they provide the data in the context of contractual or legal requirements (data contained in e.g. mortgage, insurance contracts, property valuation reports, certificates, etc.);
    • 6.4.14. from partners, suppliers or other legal persons that use us to provide services to you;
    • 6.4.15. we obtain when monitoring your use of our systems and services, such as when you make payments or other actions on the mobile app or internet bank.

7. Who do we provide your personal data to?

We provide your personal data to the following recipients on the basis of a legal obligation (legal requirements), legitimate interest or in order to conclude or perform a contract with you:

  • other banks and financial institutions;
  • correspondent banks, a list of which can be found here: https://www.seb.lt/privatiems/kasdienebankininkyste/pervedimai/bankai-korespondentai;
  • International card organisation “MasterCard”;
  • insurance and reinsurance undertakings and insurance intermediaries;
  • payment and digital wallet service providers and other service providers involved in your transaction with us (e.g. to process a payment, personalise a payment card, add a payment card to a digital wallet of your choice, etc);
  • stock exchanges and other trading venues for financial instruments, brokerage firms, central depositories, distributors and/or managers of funds whose units you purchase or transfer using our services, trade repositories and other entities involved in providing services to you directly or indirectly in connection with investments in financial instruments;
  • SEB Group and SEB Group companies, a list of which can be found on the website https://www.seb.lt/en/aboutseb/related-companies, as well as AS SEB Banka in Latvia, AS SEB Pank in Estonia), where this is necessary for financial accounting, auditing, credit and liquidity risk assessment, technical write-off of debts, anti-money laundering, the use of common information systems or hardware (servers) or for the provision of services;
  • a service provider which processes your biometric data (facial image, video) on our behalf and on our instructions for the purpose of remote identification and authentication using the mobile app;
  • UAB Creditinfo Lietuva, if your debt to us is older than 60 days;
  • transferring the data of the debtor who has declared their departure to a foreign country to the debt management partners selected by the Bank which will transfer it to their partners in the debtor's country of residence;
  • transferring the data of the lessee to partners selected by the Bank for the tracking and return of the leased and unreturned assets owned by the Bank;
  • sharing Customers who have concluded lease agreements, data with Bank’s partners with whom cooperation agreement was signed;
  • notaries, bailiffs, insolvency administrators, asset valuers, foreign state authorities;
  • providers of loan security (guarantors, pledgors, co-debtors) securing the customer's obligations;
  • buyers of the claim rights against the Customer (if you are the Customer or a person related to the Customer);
  • transferring personal data relating to products and services provided by SEB Life and Pension Baltic, SE or its affiliates in Lithuania and Estonia to SEB Life and Pension Baltic, SE and its affiliates where it is necessary for the provision of the services or for the performance of specific functions, e.g. data required for pension contracts, reports, analysis etc;
  • Bank of Lithuania (including the Loan Risk Database), the Ministry of Finance, the Ministry of Social Security and Labour, the Lithuanian Agricultural Advisory Service, the Statistics Department, the State Social Insurance Fund Board, the National Health Insurance Fund, the National Paying Agency, UAB Būsto paskolų draudimas, UAB Intrum Lietuva, SE Indėlių ir investicijų draudimas, the State Enterprise Centre of Registers, State Enterprise Regitra, other registers and public institutions;
  • State Tax Inspectorate in order to comply with tax laws, Agreement between the Government of the United States of America and the Government of Republic of Lithuania to Improve International Tax Compliance and to Implement FATCA, and other international obligations of the Republic of Lithuania in this area;
  • Financial Crimes Investigation Service and other authorities responsible for the implementation of the requirements for the prevention of money laundering and terrorist financing; law enforcement authorities at their request or on our initiative if there is a suspicion that a criminal offence has been committed;
  • courts, arbitration or other dispute resolution bodies, where they have the right to receive such information in accordance with the procedure laid down by law;
  • companies that run or administer loyalty programmes in which SEB Lithuania participates (e.g. Mylimiausia loyalty programme whose current list of loyalty programme partners you can find here: https://mylimiausia.lt/privatumo-politika/, section "Controllers");
  • service providers that provide services for the production of payment instruments and personalised identifiers (e.g. payment card manufacturers or payment card personalisation service providers);
  • providers of mail and postal item delivery services;
  • providers of authentication and electronic document signing services;
  • our professional advisers, lawyers, consultants and auditors;
  • other third parties in connection with the sale, merger, purchase or reorganisation of all or part of our business or similar business changes (including, but not limited to, potential or existing purchasers of our business and their advisers);
  • processors, such as providers of data centre, hosting, cloud, e-authentication and e-trust services, companies providing website administration and related services, companies providing document archiving services, companies providing advertising, marketing services (which include customer profiling, tailored messaging and marketing messages), companies developing, providing and supporting software (Amazon, Microsoft, Google, etc.), companies providing IT infrastructure services, companies providing connectivity services, companies that analyse and provide services to analyse online browsing or online activity (Amazon, Microsoft, Salesforce, etc.);
  • when you use the telephone number payment services, we provide the data to the administrator of the alternate identifier search system, the Bank of Lithuania, which provides or may provide data to the administrators of other alternate identifier search systems operating in the EU and EEA countries.

8. Transfer of personal data to third countries

We generally process and store your personal data within the territory of the European Union (EU) or the European Economic Area (EEA), but we may transfer your personal data outside the EU or EEA following a country-specific risk assessment.

We transfer your personal data outside the EU or EEA if at least one of the following measures is implemented:

  • the data is transferred to a country, territory or international organisation recognised as adequate by the European Commission (currently: Andorra, Argentina, Canada (commercial organisations), Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, Jersey, New Zealand, Republic of Korea, Switzerland, United Kingdom, Uruguay);
  • a standard data protection agreement drawn up by the European Commission is concluded with a data recipient or processor in a third country;
  • the recipient is a US company self-certified under the EU – US Data Privacy Framework, e.g. Microsoft Corporation, Google LLC, Amazon Web Services, Inc. etc.
  • the recipient or processor relies on Binding Corporate Rules, for example Mastercard Incorporated.

 N.B. The payment and other service providers involved in your transaction with us (for example, you are making atransfer to a payee based in a third country (outside the EU or EEA)) may be established or operate in a country thatdoes not have an adequate level of data protection (i.e. a country that is not a party to the European Economic AreaAgreement and that has not been listed by the European Commission as a country with an adequate data protectionlevel). We take all measures to ensure that your personal data is used securely, but there may be cases where wecannot ensure that the recipient of the data complies with the same requirements as in the European Union.

9. How long do we process your personal data?

We process your personal data for no longer than is necessary for the purposes for which it was collected.

The time limits for processing data may be laid down in specific legislation applicable to our activities. After the purpose of the processing has expired, we retain the data on the basis of legitimate interest to assert, exercise or defend legal claims.

Retention periods for data processing:

  • we process data collected in the course of providing our services, including image data collected during remote consultations or remote identification (including biometric personal data), for a period of 10 years after the end of our business relationship with you;
  • we process the data provided in the Questionnaire for 10 years after the end of our business relationship with you;
  • we store the data provided in the financial needs assessment, counselling and eligibility questionnaire for 10 years after the questionnaire is completed;
  • we process the data processed for the purpose of concluding and performing contracts with you, the data contained in the contracts and copies of the documents on the basis of which the decision to enter into a transaction with you was taken for 10 years after the end of our business relationship with you;
  • we process data contained in the applications (e.g. for mortgage, consumer credit, etc.) that have not been contracted for 1 year after the public registers have been checked;
  • we process data processed for the purpose of preventing money laundering and terrorist financing, such as documents proving the origin of funds held by you, for a period of 10 years after the end of our business relationship with you;
  • we process payment transaction data for 10 years after the end of our business relationship with you;
  • we process records of telephone conversations for 10 years from the date the conversation was recorded; we keep records of telephone conversations for which a Questionnaire was completed for 10 years from the end of the business relationship with you;
  • we process video data from SEB Lithuania premises for 60 days;
  • we process the data provided at the time of registering for an appointment with a SEB employee 1 day after the meeting with the Bank employee. If you cancel your registration, your data will be automatically deleted from our systems immediately;
  • we process the data of persons related to legal entities (managers, representatives, shareholders, etc., where this person does not have any personal contracts with SEB Lithuania) for 10 years after the end of the business relationship with the legal entity;
  • we store the data of potential customers (who have been offered a contract but the contract was not concluded) for 2 years from the date of the decision not to conclude a contract;
  • for the purpose of direct marketing, your data is processed for as long as you are a customer of SEB Lithuania or until your consent is withdrawn, whichever is earlier. You can withdraw your consent and change its settings at any time by logging in to the Questionnaire in your internet bank account, in the mobile app, by sending us a message by email to info@seb.lt or any other email address specified in this Policy, by calling +37052682800, or by visiting the Customer Service Department;
  • we store the data of the seller of the property (natural person) in case of a leasing contract for 10 years after the end of the leasing contract;
  • for a party to a pension or insurance contract that does not sign the contract directly, e.g. a beneficiary in the case of inheritance, we process the data for 10 years after the end of the contractual relationship with the policyholder;
  • we store the data processed for the purpose of concluding or performing a contract with you for the telephone number payment service for the duration of your consent to use the service and the contract and for 10 years from the date of withdrawal of consent or after the end of the business relationship with you;
  • we process the personal data you have provided in the social media network such as Facebook, Youtube, Linkedin, Instagram and others until the moment of deleting the data you have provided from your SEB Lithuania account, but no longer than until the SEB Lithuania account is deleted. Please note that personal data is only processed on the platform of the social media manager, thus the exact terms and conditions of processing are determined by the platform manager. In the case of inadmissible communications (such as defamation, disparagement of SEB Lithuania's reputation, etc.), we may keep the communication as evidence for an appropriate period of time in order to protect our violated rights or legitimate interests (i.e. for the entire duration of an out-of-court, pre-trial or court dispute).

10. Personal data security

We use a variety of security technologies and procedures to protect your personal information from unauthorised access, use or disclosure. Our suppliers are carefully selected and we require them to use appropriate measures to protect your confidentiality and ensure the security of your personal information. However, the security of information transmitted by email or user communication may sometimes be compromised for reasons beyond SEB Lithuania's control, therefore, you should be careful when submitting confidential information to us outside of the electronic systems used by SEB Lithuania.

11. What are your rights?

You have the following rights:

  • the right to have access to personal data processed by SEB Lithuania;
  • the right to have incorrect, inaccurate or incomplete data corrected;
  • the right to restrict the processing of your personal data until the lawfulness of the processing has been verified at your request;
  • the right to request erasure of personal data where this can be based on one of the conditions set out in the GDPR;
  • the right to object to the processing of personal data where the processing is carried out in our legitimate interests;
  • the right not to be subject to a fully automated decision where such decision-making has legal consequences or a similar significant effect on you. This right does not apply where such decision-making is necessary for the purpose of entering into or performance of a contract with you, is permitted by law, or where you have given your explicit consent. In the case of an automated individual decision, you have the right to ask us to review the decision by submitting a written request;
  • the right to request the transfer of your personal data to another controller or to have the data provided directly to you in a form that is convenient for you (applies to personal data provided by you and processed by automated means on the basis of consent or on the basis of the conclusion and performance of a contract);
  • the right to withdraw the consent you have given, without affecting the lawfulness of the processing of your personal data carried out prior to the withdrawal of your consent;
  • the right to lodge a complaint with the State Data Protection Inspectorate (for more information, see www.vdai.lrv.lt) if you believe that your personal data has been processed in violation of your rights or legitimate interests.

12. How can you exercise your data protection rights?

  • You may submit a request for the exercise of the rights set out above, as well as complaints, messages or requests relating to data protection (the "Requests") in the following ways:
    • write a message by logging in to the internet bank (“Messages" → "Write a new message");
    • visit your nearest Customer Service Division, and bring your passport or ID card when you apply;
    • send your request, signed with an electronic signature, to duomenuapsauga@seb.lt or info@seb.lt;
    • send your request by mail to AB SEB bankas, Konstitucijos pr. 24, LT-08131, Vilnius, in which case we will contact you to determine the most convenient and appropriate method of identification.
  • We will respond to your Request no later than 30 (thirty) calendar days from the date of receipt of the Request. In exceptional cases requiring additional time, we have the right, after notifying you, to extend the time limit for the examination of the request to 60 (sixty) calendar days from the date of your request.

13. Validity and changes to the Privacy Policy

This Policy entered into force on 25 May 2018 and was last updated on 26 June 2025. It may be amended to take account of changes in legislation and in our operations. We will notify you of changes on the website www.seb.lt.