Privacy Notice of TransferGo Group Companies

(amending the Personal Data Protection Rules of TransferGo in force until 1 January 2025)

  1. Purpose of the Privacy Policy / Notice of TransferGo Companies

This Privacy Policy / Notice of TransferGo companies (hereinafter referred to as “TGO”, “Companies”, “TGO Companies”, or “We, Our, Us”) (hereinafter referred to as “Privacy Policy”) provides answers to the most important questions about how TGO Companies process Your Personal Data and what rights You have in relation to this.

In the context of this Privacy Policy, TGO companies mean:

UAB “TransferGo Lithuania”, “TransferGo Ltd.”, “TransferGo Tekoloji A.S.”, “GoSystems, TransferGo Lithuania Sp.z.o.o.,- hereinafter referred to as “TGO”,  “Companies”, “TGO Companies”, or “We, Our, Us” or all of the following companies together.

This Privacy Policy applies to You – current, future and/or former TGO Companies’ Clients or persons related to them who have expressed a desire to use Our services, are already using, have previously used or are otherwise related to Our services, i.e. You are a client, family member, guarantor, security provider, etc. of Our Client, or You are an agent, shareholder, member of the governing bodies of the Legal Clients, the beneficial owner or the real beneficiary of, or any other Data Subject as specified in this Privacy Policy.

You can also get acquainted with the Privacy Policy at the Client Support. Please periodically visit Full – TransferGo Privacy Policy for the most up-to­ date version of our Privacy Policy.

We invite you to familiarise yourself with this Privacy Policy and to make this Privacy Policy known to your current or future authorised representatives, persons whom you represent, beneficiaries, stakeholders, business relatives, referrals, seekers and other persons who are or may be in any way connected with our services and/or whose Personal Data You provide to us.

2. Terms used in this Privacy Policy

Personal dataAny information directly or indirectly relating to You and capable of identifying You.
Automated solutionOur decision, which has legal consequences for You or affects You, is made without the intervention of an employee of TGO Companies, i.e. in an automated way.

Joint controllers
Where two or more Data Controllers jointly determine the purposes and means of the processing of the Data, they shall be considered as Joint Data Controllers.

Data protection legislation
Any Personal Data protection legislation applicable to TGO Companies, including but not limited to: Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (abbreviated to “GDPR”), UK Data Act 2018 with other updates, the Data Bill, the Law on Legal Protection of Personal Data of the Republic of Lithuania and national legal acts implementing the GDPR and other national legal acts considering Your place.

Data recipient
A natural or legal person, government or other authority to whom TGO Companies may disclose Personal Data.
 Data SubjectThe natural person whose Personal Data is processed by TGO Companies. TGO Companies may process Personal Data of Data Subjects such as: Clients, members of the Client’s family, legal representatives, authorised representatives, counterparties, payers, collateral providers, insured persons, policyholders, premium payers, beneficiaries, representatives of TGO Companies’ Legal Clients, shareholders, members of the management bodies, beneficial owners, final beneficiaries, users of TGO Companies’ website, self-service portals, participants in TGO Companies’ events and persons visiting TGO Companies’ premises, beneficiaries, representatives and employees of TGO Companies’ business partners, as well as other persons such as followers on social networks, etc.
Data processingAny act (including collection, recording, storage, alteration, transmission, destruction, retrieval or other processing) of Personal Data.
Data ProcessorA natural or legal person who processes Personal Data on behalf of and for the benefit of the Data Controller.
Data ControllerA natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
EU/EEAEuropean Union/European Economic Area. The European Economic Area is made up of all the member countries of the European Union plus Iceland, Liechtenstein and Norway.
Legal clientMeans a legal person who uses, has used, has expressed an intention to use the TGO Companies services.
Client (or You)A natural person who has expressed an interest in using Our Services, is already using or has previously used Our Services, or is otherwise connected with the Services provided by TGO companies, the users of the Services or the business relationship with TGO companies.

Services
Any service, advice, product provided or made available by TGO Company at a customer service outlet, online bank, self-service, through any TGO Company mobile application, telephone, video transmission or other means, through Our intermediaries, as well as services and products of Our carefully selected partners.

Profiling
Processing of Personal Data by automated means in order to assess certain of Your personal characteristics and to analyse or predict, for example, Your economic situation, personal preferences, interests.

Other terms used in this Privacy Policy shall be understood as defined in the GDPR and other legislation on the protection of Personal Data.

3. Data Controller

TransferGo Lithuania and TransferGo Ltd act as a joint Data Controller(s) of Your Personal Data and those related in funds transfer, when it provides You with various e-banking services, such as normal day-to-day e-banking, wallet services, funds transfer, investment services.

GoSystems UAB, acts as a Data Controller of Your Personal Data when providing engineering parts for the electronical services (via app or website) and acts as a Data Processor during technical app or website support.

The TransferGo Lithuania and TransferGo Ltd. also act as a Data Controller or joint Data Controller when it offers and manages the provision of services on behalf of other companies that are Data Controllers in other countries, e.g.: your or recipient country bank, currency conversions provider and similar.

TGO Companies may act as joint controllers where this is necessary for financial accounting, auditing, risk assessment, or where we share information systems or hardware (servers), or where this is necessary for the provision of services.

If You have any questions, requests or comments regarding this Privacy Policy, the processing of Personal Data, complaints or any other issues related to the protection of Personal Datain whichever of TGO Companies, please contact the following contact: dpo@transfergo.com

4. Categories of Personal Data processed by TGO Companies

TGO Companies process the following categories of Your Personal Data (including but not limited to) while providing e-banking, wallet and app/website support services:

Personal identity data, such as name, surname, personal identification number, date of birth, facial image in a photograph, signature, details of the identity document (a copy of the document may be processed in certain cases).

Contact details, such as residential and/or mailing address, telephone number, email address.

Identification data, such as Your login details (user ID or username, email address), Internet Protocol (IP) address, other browsing information, including when, from where and from which device You accessed app/website or made transfer to / out connected account, Self-Service, or other electronic platform which is connected to the actions made by You or those who are related with the actions made.

Data about your transactions, depending on the services provided to You by TGO Companies, such as data about the transactions (e.g. bank account, payment card, deposit, wallet, currency exchange, offers, bonuses, special deals and other contracts/services) that You intend to enter into (by means of requests, applications) or have entered into, and the details of those transactions and related documentation including the recipients data.

Payment data, such as sender/recipient of funds, account number, purpose of payment, amount and currency of payment, payer identification code, payment instruments (e.g. bank card, internet bank, digital wallet, etc.) and the actions taken using them, funds deposits, withdrawals, credit transfers, etc.

Financial status (income/funds origin) data, such as employment income other income and assets (amounts, periods of declaration, types of economic activity), employer, length of service, dates of commencement and termination of employment, self-employment or other performed economic activity, lump-sum or periodic social benefits received or granted, type, amount, nature, sources, periods of receipt, social security insurer, beginning and end of social security insurance period, immovable and movable property owned, property rights and encumbrances, information on existing liabilities, history of indebtedness, etc.

Data about Your behavioural patterns, preferences and satisfaction with the Services, such as data about Your activity in using the Services, the Services provided to You, Your personal preferences in Your online transfer app/website, self-service or app-based feedback on the Services of TGO Companies, etc.

Data necessary for the TGO to assess Your profile while opening wallet or transferring funds in certain circumstances, such as information on Your bankruptcy status, credit rating, bank statement data, information on whether You are not included in the list of persons for whom applications have been submitted to refrain from concluding consumer credit agreements, data on incapacity or restriction of capacity, and information on Your relationships with other related natural and/or legal persons, information on profession, occupation, types and amounts of existing or former financial and/or property obligations, the time limits for the fulfilment of these obligations, details of the performance of these obligations and other information relevant for Your financial situation.

Data needed toenforce anti-money laundering, anti-terroristfinancing, anti-tax evasion measures and international sanctions, such as nationality, country of residence (for tax purposes), taxpayer identification number, links to Lithuania/UK or other TGO operating areas, other related natural and/or legal persons, sources of funds, activities, planned bank account turnover and/or investments and/or insurance premiums, political positions held and political participation of You or Your family members or close associates, publicly available information in the media, correspondence with You in business dealings, details of documents supporting a monetary operation or transaction, etc.

Data necessary for the protection and defense of rights and interests in the event of legal proceedings or the recovery of debts, such as all of the above information, documents and attachments sent to You by TGO Companies, the amount of the debt, the information held by You or by a third party (for example, documents and their attachments sent or submitted by You or third parties, documents and their attachments sent or submitted by notaries, bailiffs, attorneys, heirs, spouses, etc.), procedural documents containing Your Personal Data, information about criminal offences and convictions of You and/or third parties.

Audio visual data, such as video recordings of You visiting TGO Companies’ filmed branches/offices or using ATMs, or of You about to become a customer of TGO Companies remotely, or audio recordings of You calling customer service numbers or using remote consultations.

Special categories of Personal Data such as:

Biometric data, such as facial image (biometric data unique to the person: 3D projection of the face, result of a comparison between a photograph of the person and a photograph of the person in the ID document (expressed as matching points) when You intend to become a Client remotely, in case of such authentication applied.

Health data, such as information about Your state of health, any incapacity or restriction of capacity, or disability, medical treatment provided and other health data if shared and /or necessary to assess Your ability to enter transactions, or when the origin of funds sent with such data.

Please note! TGO Companies process special categories of Personal Data with Your consent (Article 9(2)(a) GDPR) or if such processing is provided for by legal requirements and/or is based on the necessity to comply with or assert a legal claim (Article 9(2)(g), (f) GDPR).

Please note! In this section, we have set out the main categories of Personal Data that we process. However, due to the specific nature of our activities, it is not possible to provide an exhaustive list of the categories of Personal Data processed in the Privacy Policy, and therefore this list is not exhaustive. The specific amount of Personal Data we process depends on the Services You order and use and Your relationship with TGO Companies. 

In order to use our Services, You must provide us with the information that is necessary for us to enter into or perform a Service Contract with You or to provide You with service, as well as information that we are required to collect by the requirements of law. If You do not provide the information requested by Us, We have the right not to provide the Services to You or to suspend the Services.

If You want to know what exact personal data we process about You, please contact dpo@transfergo.com in all cases.

5. Information about the purpose for which and the legal basis on which we process Your Personal Data

We process Your Personal Data in accordance with the provisions of the GDPR, UK Data Act and other data protection legislation of nationality of You, for clear and specific purposes and on the following legal grounds:

5.1 Legal basis – Consent

We process Personal Data on the basis of consent for the following purposes:

• to send You marketing offers, to ask for Your opinion about our Services. For this purpose, TGO Companies process Your name, surname, date of birth and contact details. You turn on/ off the marketing preferences in Your account, or simply by choosing “unsubscribe” option in emails or messages.

• organise and execute promotions, campaigns and events for Clients. For this purpose, TGO Companies process Your personal identity and contact data. Please note that we may additionally process other necessary Personal Data, such as demographic data, financial data, etc., depending on the promotion, campaign and/or event.

• record video or telephone conversations to ensure the quality of our Services and to protect the interests of TGO Companies and You. For this purpose, TGO Companies process Your image (while entering TGO operating offices/places physically), voice recording (over support or call conversation) and other information that You provide to TGO Companies during the conversation.

• to provide the local bank with payment information while You use TGO funds transfer services related to open banking. TGO will provide the payment initiation service provider or the account information service provider with data of Your account(s), a data of transaction(s), payment order data including receivers’ data, depending on which service You use; such personal data is also processed by the receiver’s bank on the basis of their legal obligation.

• to identify You without Your physical presence at a customer service/website/app when You intend to become an TGO Companies’ Client. For this purpose, TGO Companies process Your biometric or passport/photo data.

• To use a chat service, TGO will process your name, surname, telephone number, and/or email address, account number, funds or last service used data, receivers’ data (in case needed), bank information, transfer date, time, amount, and in certain cases: IP address. If You will provide more than requested information – the other data will count as a package of the conversation data and will be also processed by TGO for the required time per law.

Please note! You may withdraw Your consent at any time, but please note that this does not affect the processing of Your Personal Data carried out by TGO prior withdrawal, nor the data which needs to be processed according to the law or regulatory requirements.

5.2 Legal basis – Performance of contractor intention to conclude a contract

For the performance of the contract, we process Personal Data for the following purposes:

• to act at Your request prior to entering a contract for Services (e.g. account opening, payment card ordering, internet banking, funds transfer etc.), to enforce a contract entered and/or to terminate a contract to which You are party. For this purpose, TGO Companies process Your personal identity data, contact data, contractual data, financial data, health data (depending on the contract You are entering) and other data necessary for the conclusion and performance of the specific contract.

Please note! In some cases, contracts (e.g. accounts verification, cards/wallet issuing, funds transfer) may be subject to an automated decision. The automated decision to provide You with the requested Service is only made if You meet all the conditions for the provision of the requested Service. If You disagree with the automated decision, and at the end of the month, it will be reviewed and evaluated by a member of Our staff.

• to update the data, You provide to TGO Companies. For this purpose, TGO processes the personal identity and contact details You update/provide.

• to execute Your payment transactions, including one-off payment transactions where You do not have an account agreement (e.g. transferring funds without a full account, currency exchange, depositing funds into another Client’s account). For this purpose, TGO processes payment transaction data and Personal Identification Data (name, surname, nationality, IP address data, bank account holders’ data, telephone number, email address).

• when communicating with You about the Services You have selected and use in TGO Companies, providing and administering access to the Services, and monitoring the use and operation of the Services. For this purpose, TGO Companies process Your personal identity data, contact data, identification data in TGO Companies’ self-service and data on Your transactions (Contracts) depending on the services TGO Companies provide to You. This also includes chat data: name, surname, email address, telephone number, IP address, unique identifier of the chat, time and date, conversation data, any other personal data shared within chat. 

5.3 Legal basis – Performance of a legal obligation

To comply with the legal obligations imposed on TGO Companies by law, i.e. based on a legal obligation, we process Your Personal Data for the following purposes:

• to establish and verify Your identity and to maintain a business relationship (physically and remotely). For this purpose, TGO Companies process personal identity data, contact data, and, if You are a representative of our client, documents supporting Your representation (including, but not limited to, a representation agreement, power of attorney, court order, other documents supporting representation);

• implementing Know Your Customer requirements and preventing money laundering, terrorist financing, circumvention of international sanctions or other restrictive measures, or tax evasion. For this purpose, TGO Companies process Your personal identity data, contact data, as well as data necessary for the enforcement of measures to prevent money laundering, terrorist financing, tax evasion and the implementation of international sanctions. In the event that You are a Client of more than one TGO Company, the joint controllers TGO Lithuania UAB and TGO ltd., shall, on the basis of legal obligations, transfer the data collected for this purpose to the other TGO Companies in case obliged.

• to assess risk before providing Services to You. For this purpose, the TGO shall process Your personal identity data, contact data, data on Your financial status, data necessary for the TGO assess Your creditworthiness, risk, performance of obligations.

Please note! that risk assessment is carried out in an automated way (i.e. based on Your personal, financial, transfer data). Credit rating, in case it is calculated, would be assigned to a specific category. If You disagree with the automated decision, the automated decision will be reviewed and evaluated by a member of our staff at Your request.

• to record telephone and/or video conversations with You to comply with applicable law relating to the provision of financial services or remote identification. For this purpose, TGO Companies shall keep records of telephone and video conversations and/or video recordings.

• to deal with Your complaints and respond to Your requests, claims, contact You and provide advice on the services You use. For this purpose, TGO Companies process Your personal identity data, contact data, and other data related to the content of Your inquiry, request, claim. Such data may also be processed by TGO Companies based on a contract and/or legitimate interest, depending on the nature of Your request.

• to comply with other legal requirements under applicable legislation in areas such as financial markets, financial services, financial instruments, accounting, audit and tax. For this purpose, TGO Companies may process Your personal identity data, financial status data, payment data, account data, data from contracts concluded with You and other data necessary for the implementation of a specific legal requirement imposed on TGO Companies.

5.4 Legal basis – Legitimate interest

In the legitimate interests of TGO Companies and/or third parties to whom Your data is provided, We process Your Personal Data for the following purposes on the basis of legitimate interest:

• to ensure the accuracy and actuality of Your data, if You are a client of more than one of TGO company and You update Your contact details in one of the TGO companies, the Company where You have updated Your contact details shall transfer Your contact details to the other TransferGo company of which You are also a Client.

• to provide advice in response to Your requests to TGO Companies, TGO Companies process Your name and contact details and information about the advice You are seeking.

• when You check in at an TGO Companies’ Client service point (chat or other e-service point). For this purpose, TGO Companies process Your name, surname, telephone number and email address. In case of detailed request, the last funds transfer information will be processed.

• to identify You and provide You with precise information about Your requested question when You call an TGO Company, the TGO Company processes personal identification data, contact data, other additional information that may help identify You.

• to prevent fraud, identify and investigate potential fraud through the monitoring, review, assessment and remediation of payment transactions, including payment card transactions, wallet data. For this purpose, TGO Companies process personal identity data, contact data, identification data in TGO Companies’ self-service, data on Your transactions, payment transaction data, data on behavioural habits, preferences, or any other necessary data.

• for fraud prevention purposes, to send fraud alerts to TGO Clients. For this purpose, TGO Companies process Your contact details.

• to manage debts according to concluded contracts (agreements), enforce debt collection and/or transfer/sell a claim on Your debt. For this purpose, TGO Companies process personal identification data, contact data, data about Your transactions, bank account information.

• for bringing, pursuing and defending legal claims against TGO Companies, handling disputes and claims in legal proceedings. For this purpose, TGO Companies process personal identity data, contact data, data about Your transactions, payment data and other data that may be necessary to protect and defend the rights and interests of TGO Companies.

• to ensure the safety of the health, life and property of TGO Companies’ employees, TGO Companies’ Clients and other Data Subjects. For this purpose, TGO Companies keep video recordings of Your image (premises and areas subject to video surveillance are marked with special information notices).

• to carry out internal risk assessment to determine what services and under what conditions can be offered to the Client, to make decisions, to monitor the wallet, TGO Companies process personal identity data, data on Your transactions, depending on the services provided to You by the TGO Companies.

• to enter and perform contracts and business relationships with TGO’s partners, intermediaries or other legal entities. For this purpose, TGO may process the personal identity and contact details of legal entity representatives and beneficiaries.

• to maintain, develop, evaluate and improve the operations and Services of TGO Companies through Client data analysis and statistics. For this purpose, TGO Companies may process personal identity data, contact data, revenue, products available, and activity in using the Services.

•to ensure information security, improve, develop and maintain TGO Companies websites, internet bank, mobile app, technical systems and IT infrastructure. For this purpose, TGO Companies process data on behavioral habits, preferences, satisfaction with the Services, identification data in SB Companies’ self-services, chat and online e-transfer/wallet apps.

• to communicate with You in the public space (on TGO’s social media accounts). For this purpose, TGO Companies process Your account name, profile picture, information about communication on TGO Companies’ accounts (clicks (reactions) likes, follow, share, comment, sent/received messages), collected consents to participate in organised promotions/competitions, and this data is obtained directly from You (on Your social network account) when You communicate with us (via the social network tools). Personal data provided on social networks is processed separately with the social network operator (e.g. Facebook, YouTube, Linkedln and/or lnstagram platform), so we urge that You review the privacy policies of the specific social network operator for the network operator data processing rules.

Under the conditions of the applicable law, one or more of the above legal substantiations may apply to the processing of the same Personal Data about You.

6. Data sources

We receive Personal Data directly from You, but depending on the Services provided or requested, we may also receive data from external data sources such as:

  • • Registers managed by the State Enterprise Centre of Registers (e.g. Population Register, Register of Legal Entities, Securities Register, Real Estate Register, etc.).
  • • from state bodies and institutions, other persons exercising functions conferred on them by law, supervisory authorities, tax authorities, bailiffs, notaries, courts, other law enforcement authorities (e.g. Bank of Lithuania, Informatics and Communications Department; National Paying Agency; State Enterprise Regitra; State Tax Inspectorate; State Data Agency, municipalities, etc.);
  • • from other banks and financial institutions, payment service provider institutions and organisations, including the financial services intermediaries, the third parties involved in the funds transfer, exchange or other ordered service execution.
  • • Personal Data on financial commitments and their fulfilment, and debts of persons acting as intermediaries for financial institutions (UAB “Creditinfo Lietuva”)
  • • from natural or legal persons who provide services to Us, such as call handling, fraud prevention (SumSub, Veriff), remote identification, debt collection, contract administration, etc.
  • • our Clients, when they provide Your Personal Data as spouses, children, other persons related by family or affinity, guarantors, collateral providers, etc.
  • • legal persons, where You are an agent, employee, founder, shareholder, participant, beneficiary, governing body, etc. of those legal persons.
  • • when business sellers or their advisers decide to buy, merge or otherwise restructure TGO Companies or parts of their businesses.
  • • Facebook, lnstagram, YouTube, Linkedln and/or other social network administrators.

Please note! The list of external data sources is not exhaustive, depending on the specifics of our activities and services, we may obtain data from other sources. Full information regarding Your specific situation could be consulted via dpo@transfergo.com .

7. Data recipients

TGO Companies may disclose information, or part of it, about You and related persons (to whom or from whom funds transferring happens or willing to happen; Stakeholders, shareholders or other related parties) to other data recipients where permitted by law and for the reasons set out in Section 5 of this Privacy Policy.

Here is a list of the categories of recipients who may receive Personal Data in certain cases:

  • • Legal entities belonging to the TGO Group.
  • • public bodies and authorities, other persons exercising functions conferred on them by law, such as supervisory authorities, tax administrations, law enforcement authorities, bailiffs, notaries, courts, out-of-court dispute resolution bodies (e.g. State Tax Inspectorate, State Social Insurance Fund Board, Financial Crimes Investigation Service, Competition Council, etc.);
  • • The Bank of Lithuania, the European Central Bank, correspondent banks or other intermediaries (e.g. clearing houses, settlement intermediaries, brokerage firms, management companies providing card management services, etc.) that participate in and/or are involved in the processing of payment/funds transferring/currency exchange/wallet operations executed in payment systems.
  • • legal entities that act as intermediaries for financial institutions in obtaining Personal Data on financial commitments and their fulfilment and indebtedness (such as UAB “Creditinfo Lietuva”).
  • • natural or legal persons taking over rights and obligations under contracts, persons administering insolvency proceedings.
  • • financial and payment institutions or other payment service providers.
  • • persons providing financial and legal advice, audits of TGO Companies or other services.
  • • natural or legal persons who guarantee the proper performance of obligations to the TGO Group, such as guarantors, warrantors, collateral providers in case applicable.
  • • business sellers or their authorised advisers (in the event of a decision to buy, merge or otherwise restructure TGO Companies or parts of their business).
  • • other legal persons involved in the provision of services, such as postal services, chat possibilities, contract drafting and administration, debt collection, mediation, cooperation, services quality assessment, market research, promotion organisation, remote identification, fraud prevention, IT implementation, maintenance, administration, archiving, printing, technical experts, etc.

TGO Companies will not disclose Personal Data beyond what is necessary for the specific purpose of processing Personal Data. Recipients may process Personal Data in their capacity as Data Processors and/or Data Controllers. All Personal Data specific processing information which relates to Your case, could be shared by reaching dpo@transfergo.com 

8. Transfer of information about you outside the European Economic Area and/or UK

In most cases, Your Personal Data is processed in Lithuania, UK, Poland and Ireland. Only in specific cases is it transferred within the territory of the European Union and the European Economic Area (usually when the external service provider hired by TGO Companies is established in another country).

However, where necessary for the provision of certain services, data may be transferred and processed outside the aforementioned territories (e.g. in the context of audit or technical information security support processes and similar), subject to an adequate level of protection of Personal Data, where there is a lawful basis for the transfer of the Personal Data and at least one of the following conditions met:

  • • the non-EU/EEA country in which the Data Recipient is located ensures an adequate level of protection of Personal Data as determined by the European Commission.
  • • the Data Controller or Data Processor implements appropriate data security measures, such as, for example, the transfer of Personal Data is carried out in accordance with a contract containing standard terms and conditions approved by the European Commission or other standard terms and conditions approved in accordance with the established procedure, an approved code of conduct, or a certificate has been issued to the recipient of the Data;
  • • provisions allowing derogation to apply, for example, where You have expressly consented to the transfer of Personal Data, the transfer of Personal Data is necessary for the performance of a contract concluded with You, or the transfer of Personal Data is necessary for the exercise or defense of legal claims or for important reasons of public interest.

9. Time limits for keeping information about You

We keep Personal Data for no longer than is necessary to achieve the purposes of processing the Personal Data or for such period as may be prescribed/allowed by law, for example:

Storing of Business Relationship Information:

• We process and store Your Personal Data collected in the course of providing the Services for as long as You use the TGO Companies Services and for a period of 10 (ten) years after You stop using the Services (as a civil law requirement), but this period might be adapted to the national law requirements.

• TGO process Your Personal Data for 30 (thirty) days if the provision of the service is refused and/or if an agreement is not concluded for other reasons (e.g. after Your account has not been created fully).

• where the Personal Data is necessary for the purpose of preventing money laundering and terrorist financing 10 (ten) years from the end of the business relationship.

Information collected for direct marketing purposes is stored:

• for as long as any contract You have with any TGO Company is in force, or for 5 (five) years from the date of giving consent to direct marketing, whichever is longer, unless You withdraw Your consent earlier.

Telephone records are kept:

• for the purpose of ensuring the services provided correctly 5 (five) years from the date of their recording.

• for the purpose of complaining, for a period of 10 (ten) years from the date of their recording (from the date of call);

• for the purpose of ensuring the quality of service provided, for general requests – 6 months after their recording.

Video recordings are stored:

• if the surveillance is carried out in the premises or territories of the TGO Companies, the video recordings shall be kept for up to 14 (fourteen) calendar days from the date of the recording.

Consultation requests are restored:

• until the enquiry has been processed, but for a maximum period of 6 (six) months, except for enquiries relating to funds, which shall be kept for a maximum period of 4 (four) years from the date of enquiry.

Please note! Personal data may be retained for longer in the event of a dispute with You, legal proceedings or pre-trial investigation. In this case, Personal Data may be kept for as long as the dispute, investigation or legal proceedings are ongoing.

10. Security of Personal Data

In order to protect Your Personal Data from unauthorised access, use or disclosure, we use a variety of organisational and technical security measures to ensure its security. These include firewalls, high-security data encryption methods and secure equipment, access control and rights restriction, “need-to-know” principle (we only allow processing of Personal Data by employees who need it to perform their tasks and are committed to ensuring the confidentiality of the data), ongoing training of employees, and careful selection of Service Providers. By signing an Agreement, Service Providers undertake to comply with the requirements of the applicable laws, the data protection principles and the guidelines for the processing of Personal Data set out by TGO Companies. However, the security of information transmitted by email or mobile phone may sometimes be compromised for reasons beyond the control of TGO Companies, so You should take care when submitting confidential information to us outside the electronic systems used by TGO Companies.

11. Your rights regarding the processing of Personal Data

If Your Personal Data is processed by TGO Companies, You have the right to:

  • • request access to Personal Data processed by TGO Companies.
  • • request the rectification of inaccurate or incomplete Personal Data.
  • • require the restriction of the processing of excessive, inaccurate or unlawfully processed Personal Data in TGO Companies.
  • • request the erasure of Personal Data that is excessive and/or unlawfully processed (“Right to be forgotten”);
  • • object to the processing of Personal Data concerning You by TGO Companies, where the processing is carried out on the basis of legitimate interest.
  • • object to a decision based solely on automated processing, including profiling, which may lead to legal consequences for You or similarly significantly affect You. Where an automated decision is applied and You disagree with it, You have the right to request a review and evaluation of that decision by a member of our staff.
  • • withdraw Your consent at any time where processing is based on Your consent, e.g. for direct marketing. Withdrawal of consent shall not affect the lawfulness of the processing prior to the withdrawal of consent.
  • • receive the Personal Data relating to You that You have provided to the Data Controller in a structured, commonly used and computer-readable format and to request the transfer of that data to another controller (“right to data portability”);
  • • lodge a complaint with the State Data Protection Inspectorate of Your location. if You believe that Your Personal Data has been processed in breach of the GDPR and other Personal Data protection legislation, but we recommend that You contact us first and we will try to resolve all of Your requests together with You: dpo@transfergo.com

12. Information on how You can exercise Your rights as set out above

You may exercise Your rights by submitting a written request to TGO in the following ways:

  • • By sending a request by email dpo@transfergo.com . This request must be authenticated by electronic means of communication that allow the person to be properly identified (e.g. sent from registered IB account-related email, etc.);
  • • By sending a request by logging into an account and starting a chat with Agents.

In order for us to assess Your request and provide You with a response, we must identify You in one of the ways set out above. This is done for the security of Your data, to ensure that Personal Data is not disclosed to any person who is not entitled to receive it. TransferGo will never ask for a password or username to confirm identity.

13. AI Usage and Your data processing

13.1. Types of AI models are used: machine learning, neural networks. Mostly used an OpenAI solution, Chat GPT models, and AI agents adapted to TGO Company’s needs.

13.2. Personal data during AI interaction is processed also for automated decision-making reports, automated answers provision while using chat-bot, automated ways answering the request of support. All automated decision-making solutions are reviewed and supervised by TGO team.

13.3. The purpose of AI-driven data processing is fraud detection, risk scoring, chat support, technical support and report generation.

13.4. All AI usage adhere to fairness, transparency, and accountability principles.

13.5. The source of AI training data is a “synthetic”, non-real data. All datasets are diverse to prevent bias and in TGO Company it is implemented bias testing and reporting mechanisms. All AI models use verified or tested training data.

13.6. TGO clearly assigns liability for AI errors (e.g., incorrect risk assessments, biased hiring algorithms), to human driven internal TGO teams.

13.7. TGO keeps accountable for AI-related data breaches or regulatory violations and shares responsibility with other accountable parties.

13.8. TGO conducts regular AI audits to detect bias, fairness issues, and compliance gaps.

13.9. There is an ongoing monitoring of AI models to prevent drift and inaccuracies.

13.10. AI-driven decisions used in TGO Companies respect user rights, including:

  • • Right to explanation – Users can understand how AI impacts them.
  • • Right to object – Individuals can refuse automated processing where legally possible.
  • • Right to access – AI-generated personal is retrievable.

14. Deadlines for responding to Your requests

TGO Companies will provide, no later than 1 month after receipt of Your request, and after proper request sent and proper identification of the sender information on the action, they have taken in response to Your request for the exercise of the data subject’s rights, or the reasons for not taking any action. The time limit for providing the requested information may be extended by a further 2 months if necessary, depending on the complexity of the requests, the volume of data processed, and the number of services provided.

Please note! TGO Companies may refuse to process a request received from You for the exercise of the data subject’s rights or may charge an appropriate fee if the request is manifestly unfounded or disproportionate, in particular due to its repetitive nature, as well as in other cases provided for by the Data protection legislation in effect.

15. Changes and current version of the Privacy Policy

This version of the Privacy Policy is effective as of 1 January 2025.

This Privacy Policy replaces the Personal Data Protection Rules of in force until 1 January 2025, on the collection, use and storage of information, the Personal Data Protection Policy, and the Personal Data Processing Rules. All references to previous TGO Company rules and/or policies are to this Privacy Policy.

Please note that TGO Companies reserve the right to amend this Privacy Policy in the future to reflect changes in legislation and business practices. You will be informed of the changes on the website www.tgo.com and/or by private messages to app/website/email. However, we encourage You to review this Privacy Policy regularly if You have any questions about the processing of Personal Data by TGO Companies. 

As mentioned, for all requests about the exact situation of Your personal data processing within TGO Companies and related parties, please contact dpo@transfergo.com .

The Privacy Policy is available in Lithuanian and English. In case of any disputes or claims regarding the interpretation of the language of the text, the text of the Privacy Policy in the English language shall prevail.