Privacy Policy of Throo

I. INTRODUCTION

1. General

1.1. The respect of your privacy and the protection of your personal data is a priority for us. To make sure that your data is treated according to the law and that you are properly informed about the purposes and ways in which we, the company under the name “Throo Payments Europe UAB” a nd the distinctive title “THROO”, having its registered corporate seat in Vilnius, Gedimino pr. 20, LT-01103, Lithuania, company registration number 305886592 (“Throo”, “Company”, “us,”, “our,” “we”), process your personal data, we have adopted the following Privacy Policy (“Privacy Policy”), which is addressed to the users (“Users”, “you”, “your”) of our website www.throo.com (“Website”) and our overall payment services (“Services”).

1.2. Below you will find information on the terms under which your data collected through the Website is processed by Throo, including:

  1. information about us, the data controller, and the relevant contact details for any issue related to your personal data;
  2. the types of personal data we collect, store, disclose and use;
  3. the purpose and legal basis for the processing;
  4. security measures for the protection and storage of your data and retention policies;
  5. recipients of your personal data;
  6. your rights and the ways to exercise them.

2. Data Controller & Contact Details

2.1. We, the Company under the name Throo, are the Data Controller of your personal data.

2.2. Contact Email: personaldata@throo.com

2.3. Questions & inquiries: You may communicate with us using the contact details above and submit any comment, inquiries, observations or any complaints regarding this Privacy Policy and generally the collection and processing of your personal data. For further information on how to handle issues relating to your personal data, please refer to Section III.9.

2.4. This Privacy Policy, includes the Cookies Policy and therefore they should be read together. By visiting the Website, or making use of its Services, including providing any of your personal data, you accept this Privacy Policy, under which collection, storage, use and disclosure of your personal and non-personal data and information are carried out. If you do not agree with the practices described in this Privacy Policy, please do not interact with the Website

II. COLLECTION AND PROCESSING OF PERSONAL DATA

3. General

3.1. We undertake the responsibility to process your personal data fairly, lawfully and in a transparent manner. We will only collect data that are adequate, relevant and limited to what is necessary in relation to the purpose for which they are processed. Collection of data is for specified, explicit and legitimate purposes; data is not further processed in a manner that is non-compatible to these purposes.

3.2. We will not disclose your data to third parties unless this is strictly necessary for the performance of our Services; or you have priorly provided such consent; or the processing by a third party serves purposes of our legitimate interest (e.g. delivering services of others which you requested); the law so requires (for example, to execute a court order).

3.3. We take all reasonable care to ensure that the data we collect is accurate, and where necessary, kept up to date. We do not knowingly collect or process personal data of persons under the age of 18. If you are under 18, please do not use the Website, do not request the provision of a Service and do not provide us with any personal data.

3.4. The management and protection of your personal data by us is governed by the terms of this Privacy Policy and the relevant provisions of European law relating to the protection of individuals from the processing of personal data. Any possible future change to the above regulatory framework will be incorporated in this Privacy Policy.

4. WHAT data we collect about you via the Website

4.1. Via the Website, We collect different types of personal data, either directly from you or from third parties such us (indicatively):

  1. Identity data (first name, last name)
  2. Demographic Data (postal code)
  3. Professional Data (CV details)
  4. Communication Data (phone number, email address, business email)
  5. Technical data (IP address, browser type and version, operating system and platform etc.)
  6. Cookie data (see Cookies Policy).

4.2. We collect personal data directly from you:

  1. When you request the provision of our Services (i.e. request information, wish to speak with Us etc.)
  2. When you communicate with us via the Website
  3. When you apply for a job

4.3. We collect personal data about you from third parties when you voluntarily share your data to or via our social media pages.

4.3. We collect personal data about you from third parties when you voluntarily share your data to or via our social media pages.

  1. Through cookies that you accept (see Cookies Policy)

5. HOW and WHY we use your personal data collected via the Website

5.1. Any personal data that you either provide us with, either mandatorily or optionally through the Website or we collect from third parties via the Website, are being processed for the legal purposesreferred to below. Indicatively, we collect and process your data for:

  1. presenting our Services and assessing a potential cooperation
  2. recruiting purposes, when you apply for a job through our website or social media
  3. marketing purposes, promotion of our Services
  4. statistical and business analysis.

For other purposes, we will notify you about or identify you on a case-by-case basis, at the point where your information is originally collected.

5.2. The legal basis for the use of information about you is one of the following:

  1. compliance with a legal obligation to which we are subject;
  2. the performance of a contract to which you are a party, i.e. your application to receive certain Services available through our Website;
  3. a legitimate interest that is fairly balanced against your interests to the protection of your information;
  4. where none of the above applies, your consent (which we will ask for before we process the information).

5.3. When consent is the legal basis for the processing, you may withdraw your consent at any time, so that we cease processing your data for that particular purpose. Please contact us at our contact details mentioned in Section 2 to withdraw your consent at any time.

5.4. When our legitimate interest is the basis for the processing, you may oppose to such processing (opt-out) by contacting us. It should be noted, however, that the Company is entitled to demonstrate legal reasons for the processing for which data processing is fairly balanced against your rights and the protection of your privacy.

5.5. To opt-out from receiving commercial communication such as newsletter, you can click on the unsubscribe button at the bottom of the e-mail you have received.

5.6. When we process your data for statistical purposes, we take all necessary safeguards to collect and process data in a way that does not identify a particular data subject and does not affect your rights and freedoms, especially your privacy.

6. WHO do we share your information with and for what purposes?

6.1. We may transfer personal data submitted to us through our Website to other providers such as subcontractors we use to perform certain Services (e.g. our hosting service provider, our website development team etc.)

6.2. Upon request and further notice, you may be redirected to other websites operated by us, or third parties, which will collect your personal data. Once you are transferred to the other website, we do not share any of the data provided to us with the third party.

6.3. We may also transfer personal data submitted to our subsidiaries and/or affiliate companies, subject to appropriate contractual, technical and organizational safeguards.

6.4. We reserve the right to disclose your personal data to a third party that we choose to transfer all or part of our business. In addition, in the event of a merge or redemption or other change in our business, the new owners, etc. have the right to use your personal data in the same way according to this Privacy Policy.

6.5. Your data may be communicated to competent judicial, police and other administrative authorities upon their request and in accordance with the applicable laws. Moreover, in case of a statutory provision, a service order or a formal preliminary examination, our Organisation has the right to render all relevant information available to a competent authority.

6.6. Transfers: The Company generally keeps and processes your personal data within the European Economic Area (“EEA”). We do not regularly transfer data outside the EEA. When your data is to be transmitted to third countries outside the EEA or International Organizations for which no European Commission adequacy decision is available, all the appropriate safeguards provided for in the applicable data protection legislation on the transfers to third countries.

III. PROTECTION AND MANAGEMENT OF YOUR PERSONAL DATA

7. SECURITY of your personal data

7.1. We take appropriate technical and organizational measures to protect your personal data from unauthorized disclosure, use, conversion or destruction. Where appropriate, we use encryption and other technologies that can help secure any information you provide us. We also ask our service providers to comply with privacy and data protection requirements.

7.2. More specifically, your personal data are managed exclusively by specially authorized personnel of the Company under our control. To conduct the processing, the Company selects individuals or third parties with corresponding professional qualifications that provide sufficient guarantees in terms of technical knowledge and personal integrity to maintain confidentiality. Throo, through its respective contractual commitments and its partners, takes all necessary security measures to protect and secure confidentiality and integrity of personal data. In any case, the security of your personal data is subject to reasons beyond Throo’s influence, as well as to reasons resulting from technical problems of the network that are not controlled by the Company or reasons of force majeure events. When extracting reports for statistical analysis, we anonymise the respective data upon which the research is based before creating the reports.

8. HOW LONG will information about you be kept?

8.1. We will retain information about you for the period necessary to fulfil the purposes for which the information was collected. After that, we will delete it. Data retention periods may vary depending on the purposes for which the information was collected. Please note that in some circumstances, you have the right to request a deletion of the information. Yet, we are sometimes legally obliged to retain the information, for example, for tax and accounting purposes.

8.2. To determine the data retention time of your personal data, we take into account the nature of your data, the quantity, purpose, security, etc. You have the right to request from us to delete your data. To exercise your rights, please visit Section 9 of this Privacy Policy.

9. Your Rights And Your Options

Right (articles below refer to GDPR)Explanation
Right of Access (article 15)You can request to:
- Confirm that Throo processes your personal data.
- Provide you with access to any personal data that you do not already have at your disposal
- Provide you with other information about your personal data, such as what data Throo has, what it uses it for, to whom it might transfer it, whether it transfers it abroad, how it protects it, how long it retains it, what are your rights as a data subject, the process to submit a complaint, the sources of your data (to the extent such information has not already been provided in this Privacy Policy).
Right to Rectification (article 16)

You can request to rectify inaccurate personal data.

Throo may seek to verify the accuracy of the data before it rectifies it.

Right to Deletion/ Right to Erasure (article 17)You can request Throo to erase your Personal Data in case:
- you have withdrawn your consent
- at any time when they are no longer needed for the purposes of the Programme
- if they have been illegally collected
- when you object to the processing (or opt-out)
Throo is not obliged to comply with a request to erase such data if the processing is necessary:
- for compliance with a legal obligation
- for the fulfillment of another legitimate purpose or another legitimate legal basis
- for the establishment, exercise or defense of legal claims
Restriction of processing (article 18)You can ask us to restrict the processing (i.e., store but not process) of your personal data when:
- their accuracy is contested (see rectification), so that we can verify the accuracy of the personal data or
- the personal data have been unlawfully processed but you oppose to the erasure of the personal data or
- they are no longer necessary for the purposes, which they were collected for, but you still need them for the establishment, exercise or defense of legal claims or there is another legitimate purpose of processing or other legal basis.
- you have exercised you right to object and you wait for its verification
Right to Data Portability (article 20)When processing is based on your consent and is carried out by automated means, you may request that we provide your personal data in a structured, commonly used and machine-readable format, or you may request to be transferred directly to another controller. However, this right concerns only the data provided by the data subject and not any data produced by the controller based on already collected data.
Right to Object (article 21)

You may at any time object to any processing of your personal data, which is based on the legitimate interest of Throo or the performance of a task carried out for reasons of public interest.

If you exercise your right to object, Throo has the right to demonstrate compelling legitimate grounds for the processing which override the rights and freedoms of the data subject, however your fundamental rights and freedoms will not be affected.

Right not to be subject to automated individual decision-making, including profiling (article 22)Throo doesn’t make decisions based solely on automated processing of your personal data for the purposes of the Services. In any case, we inform you that you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
Opt-out (from consent)You have the right to withdraw your consent, where consent is the basis for the processing. Any withdrawal is valid for the future and any processing conducted by Throo up until the point of withdrawal, is lawful.
Right to file a complaint before the competent Supervisory Authority

You have the right to lodge a complaint with the local competent Supervisory Authority that may occur in relation to all processing activities undertaken by Throo. You may find more information on how to exercise your right to lodge a complaint here. You can find a list with all the EU Authorities here.

However, since your privacy is a top priority for us, we strongly advise you to reach out to us for any issues you may be facing regarding our use of your personal data. We would gladly try to find an amicable solution to manage your requests, so we encourage you to contact us by any means.

9.1. How to exercise your rights:

  • True & accurate data: You must always provide specific, accurate and true data and/or facts so that we can answer and/or satisfy accurately your request. Otherwise, Throo shall not be held liable for any faults that are outside of its control. Additionally, we have the right to reject requests that are unfounded, excessive, abusive, made in bad faith or are illegitimate in the framework of the legal provisions. We may also ask for clarifications to understand your concerns and expectations to address your request more effectively.
  • Identity verification: We are entitled to ask you proof of identify to fulfill your rights.
  • Cost: You will not have to pay to exercise your rights in relation to personal data unless otherwise provided by law or in cases where the request is unfounded or excessive. In that case, we may charge a reasonable fee. We will inform you for any possible charge before we carry out your request.
  • Timeframes: Throo aims at answering all valid requests the latest within one (1) month from their receipt, unless the request is extremely complicated or the data subject has submitted multiple requests, in which case we aim at answering them within three (3) months. In case we need more than one month to carry out the request for the reasons mentioned above, we will inform you accordingly.

10. Amendments

10.1. This Privacy Policy was last updated on 24 March 2022. We will routinely update this Privacy Policy to clarify our practices and to reflect new or different privacy practices, such as when we add new services, products, functionality or features to the Website.

10.2. You acknowledge and agree that any use of the Services herein, following any Amendments constitutes a confirmation of your acceptance of this Privacy Policy. Please read this Privacy Policy carefully and review it periodically for the latest information about our privacy practices.

10.3. If you wish to be provided with any clarification or information regarding the changes or have any reservation or question about them (changes), you may reach out to us at our contact details listed above. Please note that any information / clarification about changes to this Policy given to you the way described above does not constitute a substitution, or any modification of this Policy.