TERMS AND CONDITIONS FOR PROVISION AND USE OF THE ODATO SERVICES
- GENERAL PROVISIONS
- Main terms and definitions:
1.1. Service provider (data manager) is Ondato UAB, company code 303342439, situated at Sporto g. 18, Vilnius. The Service provider has the right to invite third parties for provision of the Service.
1.2. Client (data subject) is a legally capable, adult natural person using the Service or applying for the use of the Service.
1.3. Services – Client’s selected Service(s) provided by the Service provider to the Client:
1.3.1. remote identification of the Client by using electronic devices enabling video streaming and provision of the established identity to the Client or Recipient.
1.3.2. Generation of the Client’s financial report and its provision to the Client or Recipient.
1.3.3. Data portability services – receipt of various Client’s personal data managed by third parties from the latter third parties and its storage in the Client’s Ondato account and its provision to the third parties specified by the Client.
1.3.4. Other Ondato services described in the Finpass mobile app and/or Ondato website.
1.4. Financial institution – Client’s chosen financial company or credit institution in the Republic of Lithuania or foreign country.
1.5. Financial company – a company or a branch of the company, the main business of which is provision of financial services in the Republic of Lithuania or foreign country.
1.6. Credit institution – a company carrying on the business of taking deposits or other repayable funds from the public and granting credits for its own account in the Republic of Lithuania or foreign country.
1.7. Recipient (data recipient) – Client’s chosen natural person, legal entity or person without legal entity’s rights in the Republic of Lithuania or foreign country.
1.8. Terms and Conditions – these Terms and Conditions for provision and use of the Ondato Services.
1.9. Parties – the Service provider and the Client.
1.10.Bank – Client’s chosen credit institution established in the Republic of Lithuania, holding the licence to carry on and carrying on the business of taking deposits or other repayable funds from unprofessional market participants and granting credits and assuming related risks and responsibility, the data of the account extracts of which is provided to the Recipient.
1.11.Bank account information – data of the accounts of the Bank chosen by the Client about the payments made at the Client’s instruction and received incomes during a certain period.
1.12.Biometric data – person’s data, i.e. digital facial image.
1.13.Digital face image – two-dimensional digital expression of an image, i.e. recorded image, photograph.
1.14.Processing of personal data – any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.
1.15.Facial recognition – data processing, i.e. automatic processing of digital images of persons’ faces for the purposes of identification and authentication of such persons.
1.16.Personal document – form approved by the legal acts containing personal data, which completely coincide with the personal data stored in the Population Register, and data in other registers, on the basis of which the records were made in the personal document, i.e. passport of the Republic of Lithuania, passport of the citizen of the Republic of Lithuania, foreign passport (hereinafter referred to as the passport), personal identity card.
- Unless otherwise established in the Terms and Conditions, words in singular shall also mean plural, words in one gender shall also mean respective words in any other gender, words meaning a person shall also include legal and non-legal persons, while reference to the whole shall also mean the reference to any part of it and vice versa in every specific case. Headings of the paragraphs and other provisions of these Terms and Conditions are used for the convenience only and do not affect the interpretation of the Terms and Conditions.
- SCOPE OF APPLICATION
- The Terms and Conditions apply to the relations between the Parties regarding provision of the Services by using both downloaded Ondato Services mobile app and Services website of the Service provider.
- During the first time registration as a Service user, the Client shall specify his/her email address and create his/her unique password. Forgotten login data is restored by using the reminding function on the Services website or Finpass mobile app.
- The Service provider will provide the Client with the right to link the Client’s social network accounts, i.e. Facebook, Twitter, Google+ and LinkedIn with the Finpass mobile app and/or Service website via applied programming interface (API) or any other software. By allowing the Finpass mobile application and/or Service website to link the social network accounts, the Client gives his/her consent to the Service provider to access information of the above-mentioned accounts, including, personally identifiable information, such as Client’s email address, profile and the list of friends. The Client understands that upon login to the Finpass mobile app and/or Service website via the above-mentioned accounts of social networks, actions carried out by the Client by using the Finpass mobile app and Service website can be published on the websites of social networks. The Service provider bears no responsibility for the services provided by the websites of social networks, safety or privacy of information collected.
- At first time registration as a Service user, the Client can access the Terms and Conditions. The Client declares that he/she agrees with these Terms and Conditions by any action of agreement to this document, including click of any button containing the words ‘I agree’ or similar syntactic combination or factual use. If the Client disagrees with the Terms and Conditions or any part thereof, he/she may not use the Services to any extent. By using the Services, the Client can also access the Terms and Conditions during every login to the Finpass mobile app or Service website.
- Invalidity or unenforceability of any provision of these Terms and Conditions does not affect validity or enforceability of the remaining provisions of the Terms and Conditions.
- The Service provider has the right to change the Terms and Conditions, if such change is necessary at the result of modification or update of the software or hardware used by the Service provider, reorganisation of work organisation processes, amendments of the legislation or adoption of new legislation, other important reasons. The Service provider shall give a notice to the Client about such changes no later than 14 days in advance by the mode chosen by the Service provider: by sending information about the changes to the Client by electronic mail and/or publishing information on the Finpass mobile app and Service website and/or on the Service provider’s website and/or other mass media. Such changes are binding to the Client and apply to the agreements signed between the Service provider and the Client. If the Client disagrees with the amendments and/or supplements of the Terms and Conditions, he/she must cease using the Services. If upon notification of the Client about the amendments and/or supplements to the Terms and Conditions, the Client continues using the Services, it will be considered that the Client agrees with the amended and/or supplemented Terms and Conditions.
III. DATA AND PURPOSES OF DATA PROCESSING
- The Client gives his/her consent to the Service provider:
9.1. to process Client’s personal data (forename, surname, personal identity number (if no personal identity number issued – personal document data), address, phone number, requested financial and/or property obligations, their types and amounts, types and amounts of the existing financial and/or property obligations, maturity terms, data about fulfilment of these obligations, data about previous financial and/or property obligations and their fulfilment, including data of data subjects stored in the joint files of debtors, as well as data about incomes, types and sources of incomes of data subjects, data about the property, marital status, position (job) and educational background of data subjects), terms and number of breaches, amounts, number of overdue payments, number of overdue contributions), personal rating bank account number, extract of a bank account, Internet protocol address (IP)), received when generating an extract of the bank account chosen by the Client.
9.2. to process the Client’s personal data specified in Paragraph 9.1, received from all credit institutions and financial companies operating in the Republic of Lithuania, which participate in the information system Infobankas administered by the contracted third party – credit bureau Creditinfo Lietuva UAB, company code 111689163, situated at A. Goštauto 40A, Vilnius, and from the system of Creditinfo credit bureau.
9.3. to transmit the Client’s personal data specified in Paragraphs 9.1- 9.2 of the Terms and Conditions to Scorify UAB, company code 302423183, situated at OlimpieÄiÅ³ g. 1A-24, Vilnius (hereinafter referred to as Scorify UAB) to process, to calculate the Client’s credit rating available on the Service provider’s Finpass mobile app or website .
9.4. to process other personal data of the Client available on the Service provider’s Finpass mobile app or website.
9.5. to collect technical data and related information on a regular basis, including but not limited to technical data about the Client’s terminal equipment, operating system, applied software and external devices, etc., and to use it for updating the software, supporting, improving the products and facilitating provision of the Services to the Client.
9.6. to receive information about any changes in the data specified in Paragraphs 9.1-9.4 of the Terms and Conditions on a regular basis, to update changed data and inform the Client about the data changes by email specified in the Client’s account or by a mobile app message.
- Purposes of processing the Client’s personal data:
10.1.the Service provider processes the Client’s personal data for the purposes of creditworthiness assessment, proper provision of the Services to the Client and in order to safeguard and defend the infringed rights and legal interests of the Service provider and/or the Client.
10.2.The Service provider processes the Client’s personal data for fulfilment of the purpose of the Client’s personal data portability, its collection, analysis and provision to the Recipients specified by the Client.
- REMOTE IDENTIFICATION OF THE CLIENT
- The Client declares and guarantees that before having a facial video record and a photo of a personal document made is informed and gives his/her consent for his/her biometric data to be processed for the purposes of remote facial recognition and identification, and for his/her facial video records, facial photo and photos of a personal document made during remote facial recognition and identification process to be included into the identification database of the Service provider.
- The remote process of facial recognition and identification consists of the following:
12.1.image retrieval. Client’s face recording during video live-streaming and its conversion into digital form (digital image). A photograph of the client’s facial image is made during video live-streaming;
12.2.Face detection. Face detection in digital image and its marking.
12.3.Standardisation. Process of minor changes in the detected facial contours by standardising the image, rotating it or harmonising colour distribution.
12.4.Distinction of features. Processing of repeating and distinctive individual data of person’s digital image.
12.5.Registration. Image saving for later comparison.
12.6.Recording of the original personal document by live photograph transmission.
12.7.Distinction of features of the person’s face recorded in the photograph of a personal document;
12.8.Comparison. Process of evaluation of the identity of the set of features, the purpose of which is person’s identification and authentication.
- Facial image during live video-transmission must meet the following requirements:
13.1.facial image must be made from the front, the whole face, both eyes and shoulders of the client must be visible in the image;
13.2.facial expression in the facial image must be natural; facial image is unsuitable if person’s facial expression is artificial, person is making faces, laughing, with his/her mouth open or frowned;
13.3. only Client must be visible, no other people must be visible in the image, the image must be clearly visible and distinguished from the surrounding objects;
13.4.no light reflections can be visible in the spectacle lenses, if generating a quality facial image of a person without the effect of light reflection in the spectacle lenses is impossible, the person must remove the spectacles, as well as head or facial cover.
- Original personal document recorded by live photo transmission must meet the following requirements:
14.1.A person’s identity card is recorded from both sides;
14.2.When recording a passport, the page of the passport with the Client’s photograph and the passport cover are recorded.
- Live transmitted photographs must be of the quality allowing easy reading of information from the submitted personal documents and ensuring clearly visible features of the person in the photograph of the personal document.
- The process of remote face recognition and identification can be checked by non-automatic means of the Service provider.
- The Client understands and guarantees that by submitting his/her data at the same time he/she confirms its accuracy. The Service provider bears no duty to check and does not check the genuineness of the data provided by the Client at his own initiative. For providing false data (personal identity theft, etc.) the Client is responsible by the laws.
- The Service provider transmits the Client’s identity data to the Recipient.
- GENERATION AND PRESENTATION OF FINANCIAL REPORT
- Financial report generation process consists of the following:
19.1.Generation of the bank account extract chosen by the Client for the period of maximum two years. In order to use the Service, the Client signs up through his/her internet banking or by any other mode allowing unambiguous identification.
19.2.Generation of credit history report is carried out by third party invited for the Service provision: Creditinfo Lietuva UAB, company code 111689163, address: Goštauto g. 40A, LT-01112, Vilnius. Credit history report consists of the following:
19.2.1. Financial obligations – amount of money payment of which is mandatory on the terms and conditions of the agreement with a financial institution;
19.2.2. Payment history – information about payments that are or were overdue to the banks, credit unions, financial leasing, telecommunications, electricity distribution companies and other creditors.
19.3.Analysis and systemisation of the data specified in Paragraphs 9.1- 9.2 of the Terms and Conditions.
19.4.Credit rating (GOscore GENERIC MODEL) calculation on the basis of the data specified in Paragraphs 9.1- 9.2 and analysed and systemised in accordance with Paragraph 9.3 of the Terms and Conditions. GOscore GENERIC MODEL is a universal credit risk model forecasting default of obligations or bankruptcy of a natural or legal person.
- At the Client’s instruction, generated personal or company financial report is presented by the Service provider to the Client and/or Client’s chosen Recipient by electronic mail, linked social network accounts or other secure automatic means.
- PARTIES’ LIABILITY
- The Client shall use the Services exclusively at his/her choice, discretion and risk. The Client is also responsible for secrecy and security of all passwords of the Bank account and other information. The Service provider is not held responsible for unlawful use of any Bank accounts or provided information or any losses that can be caused by such unlawful use, unless the Service provider was extremely negligent when providing the Service or the act was committed with intent. The Client agrees not to hold the Service provider responsible for any losses incurred due to any unlawful use of the Service to the extent permitted by the laws.
- The Client declares and guarantees that he/she will not disclose login data to internet banking system or any other him/her identifying system to any other person and will not provide any other persons with access to the Services. The Client bears sole responsibility for confidentiality of information of his/her login to internet banking system or any other him/her identifying system and bears full responsibility for all the activities carried out on his/her behalf and upon login with his/her password. The Client is held fully responsible for any unlawful use of his/her registered electronic mail address, at the result of which any other person may obtain his/her user name and/or password.
- The Client confirms that the Service provider will never receive or use internet banking login identification details. The Client must also satisfy himself/herself that all websites claiming directing the Client to the Service provider’s webpage factually do that and satisfy himself/herself that the address displayed in the Client’s browser address windows starts as follows: www.finpass.eu or www.ondato.com. The Client will not held the Service provider responsible for all activities carried out via addresses other than the specified one .
- The Client is responsible for any unlawful use of the Services, even if he/she uses automatic login option. The Client agrees not to hold the Service provider responsible for any activities carried out by using the Client’s account.
- For the Client’s convenience, links of other websites, owners and administrators of which are third parties, can be placed on the Service website. When accessing third parties’ websites, the client automatically admits and confirms that he/she is aware of the rules of the use of the latter websites and agree with them. The Client also understands and agrees that the Service provider does not control the contents of the third parties’ websites and does not assume responsibility for the information published on them. Links to other third parties’ website do not mean that the Service provider is related with the products or services mentioned on those websites.
VII. SOFTWARE AND ITS INSTALLATION
- When using the Services or applying for the use of the Services, the Client is prohibited to carry out any unlawful activities directly or indirectly, which breach or may breach the laws of the Republic of Lithuania, international treaties ratified by the Republic of Lithuania, Governmental decrees and other legal acts. Unlawful activities include but not limited to: use of third parties’ login data of internet banking system or other third parties identifying system, third parties’ access to the Services data, information of third parties’ bank
account (e.g. copying and use of third parties’ programs and data, connection to third parties’ hardware and software, and loss of third parties’ hardware and software), information forgery and presentation of forged information, etc.
- When using the Services or applying for the use of the Services, the Client is prohibited to use programs that impede or disrupt operation of the network (e.g. computer viruses, network scanning programs, network blocking programs, etc.). The Client must give an immediate notice to the Service provider about any exceptional or other important circumstances, which the Client became aware of and which can impede or disrupt operation of the Services.
- The Parties agree that the Service provider will exercise his rights and will fulfil his duties under the presumption that the data provided by the Client is true, full and accurate. The Service provider in no event will be held liable for any damage caused to the Client and/or third parties due to incorrect and/or incomplete and/or inaccurate bank data of the bank account passwords and/or other information provided by the Client.
- If the Client provides incorrect and/or incomplete and/or inaccurate data, the Service provider has the right immediately and without notification of the Client to restrict provision of all or any Services to the Client and/or to suspend provision of all or any Services to the Client and/or to deny access to the website for the Client.
- If it becomes known that the Client is engaged in unlawful activities, the Service provider will apply to competent law enforcement institutions or court in all events.
VIII. RESTRICTIONS ON THE USE OF THE SERVICE
- The Client understands that every of the below-listed acts when using the Services is unlawful and prohibited, unless the Client receives a clear, unambiguous signed written permit of the Service provider to carry out such acts:
31.1.to use an automatic device or manually-controlled process to observe or copy Services and/or functions performed by them;
31.2.to use a device, software, computer code or virus aimed at disrupting or trying to damage the Services or their connections;
31.3.to lease, sell or distribute all or any Services;
31.4.to copy, decompile, disassemble, modify the Services, their updates or parts;
31.5.to use the reverse engineering, to tray to retrieve a source code and to create derivative products on its basis or remove marks about the author and other intellectual property rights in any parts of the service;
31.6.to help or assist third parties in carrying out the actions listed in Paragraphs 31.1- 31.5 of the Terms and Conditions.
- NON–APPLICATION OF THE GUARANTEES
- The Client understands and agrees that he/she uses the Services at his/her own risk and responsibility. The Service provider does not guarantee that the Services will operate continuously, smoothly, without any errors, faults or will be secure and computer viruses or any other possible detrimental consequence will be avoided with getting connected to it.
- The Service provider does not include any other conditions, statements, guarantees or other clauses related with the provision of the Services or intention to provide them or delay in their provision, also regarding the fact that the Service will be neat, complete or modern.
- Services or the content contained in them or provided through them are presented ‘as they are’ and ‘as accessible’. The Service provider does not make any clear or alleged statements or confirmations related with the content of these Services or the services provided in them or accessible by using them.
- The Service provider has the right to change or revoke any content or services of the Services, accessible as a part of the Services, at his own discretion.
- RESPONSIBILITY RESTRICTION AND COMPENSATION FOR DAMAGE
- The Service provider bears no responsibility to the Client or other third parties for any losses, penalty (fines or interest) or other losses (e.g., loss of information, interruption or disruptions in activities, loss of incomes or assets, unearned profit, impaired reputation, damage of systems, data, or their loss, etc.), which may arise from the agreement and from tors or under any other ground, caused by the use of the Services, improper use of the Services or inability to use the Services, even if the Service provider was information about the probability of such losses.
- The Client understands and agrees that the only remedy in case of any dissatisfaction with the Services is cessation of the use of the Services. If a conflict between two or more Clients or between the Client and a third party arises, the Client will not make any claims, demands to the Service provider arising from or somehow related with such conflicts and will not claim compensation.
- The Client agrees to reimburse the Service provider and his related third parties for any damage and indemnify them from any responsibility related with the breach of the terms and conditions of the use of the Services by the Client.
- RIGHT TO THE RESULTS OF INTELLECTUAL ACTIVITY
- The |Parties agree that property and to the extent not prohibited by the laws and other legal acts non-property rights to all results of the intellectual activities used in the Services and related objects, including copyright objects, trademarks, industrial design and other objects are exclusively the property of the Service provider or third parties, which entitled the Service provider to use them.
- The Client’s access to the Ondato mobile app and/or Services website does not mean that the Client is directly or indirectly licensed or entitled to use the results of intellectual activities contained on this website, to download, collect, copy, print or otherwise use the content of the Services, to create links to it, unless a written consent signed by the Service provider is received.
XII. RESTRICTION OF THE PERMIT TO USE THE SERVICE
- On the basis of these Terms and Conditions, the Service provider grants a limited, non-exclusive, non-transferrable permit to the Client to access and use the Services and their contents.
- Unlawful use of the Services or their contents immediately eliminates the permit to use the Services. This permit is intended exclusively for accessing and using the service to its intended purpose.
- Waiver of the permit obligates the Client without any delay to destroy any information or materials downloaded, printed out or otherwise saved by using the Services.
XIII. STORAGE AND PROTECTION OF PERSONAL DATA
- Any video records and photographs made during identification process are stored by the Service provider, bear a mark stating the Client’s forename, surname, personal identity number, IP address (if the Client uses computer hardware for identification process), from which the Client applied during his/her identification, and the date of video record and photograph.
- Client’s personal data received during the identification process, as well as during financial report generation and presentation process, other than the Client’s personal data specified in Paragraph 46 of the Terms and Conditions, is stored in the Service provider’s identification database for the period of five years after the deletion of the mobile app.
- Data of the presented personal documents is stored in the Service provider’s identification database for the period of 10 years after the expiry of the personal document.
- The Service provider shall exert all necessary, reasonable and grounded measures to ensure protection of the Client’s Personal data and legality of processing.
- The Client has the right to access his/her personal data and to familiarise himself/herself with its processing, to whom and for which purposes it is provided, to request correction of his/her false, incomplete, inaccurate personal data, to disagree lawfully reasonably with data processing, to request deletion of his/her personal data or suspension, other than storage, of his/her personal data processing actions, when personal data is processed in non-compliance of the Law on Legal Protection of Personal Data of the Republic of Lithuania and other legal acts.
XIV. FINAL CLAUSES
- In case of breach of these Terms and Conditions, in particular when using the Ondato mobile app and/or Service website or separate elements of this website to other than their intended purpose, the access to the Service provider’s website can be restricted or blocked.
- The Service provider reserves the right to change fully or partially, block or cancel operation of the Ondato mobile app and/or Service website or its contents at any time for any reasons.
- The Parties agree that the Service provider can transfer his rights and duties arising from these Terms and Conditions to third parties without the Client’s consent at any time, but upon notice to the Client and publication on his website.
- The Terms and Conditions shall be governed by the law of the Republic of Lithuania. Any dispute, disagreement or claim arising and/or related with the Service provider’s Services or these Terms and Conditions and/or breach, validity or cancellation of these Terms and Conditions must be settled through amicable negotiations of the Parties. If the Parties fail to settle a dispute through amicable negotiations, the dispute will be finally settled in the courts following the procedure established by the laws of the Republic of Lithuania.