cyrexa logo blackPricingCompany
PersonalEnterprisePricing
Contact us
letter

Privacy Policy – UAB ”CYREXA”

This Privacy Policy provides an overview of how we process your personal data through the installation and usage of our mobile application (the “app”), along with your rights under data protection laws.

Responsible Party and Contact Information

Responsible Entity:
UAB “Cyrexa”
Address: Vilnius, Didžioji g. 18

For data protection inquiries, contact:
Data Protection Officer
UAB “Cyrexa”
Email: support@cyrexa.com

Sources and Data We Collect

We collect, process, and use certain data to better understand your interests and provide relevant information and offers. We process data based on either contractual obligations or consent, in accordance with GDPR regulations.

Data Collected:

  • Card Data: Card and customer numbers are used to create barcodes, ensure security, and provide additional services.
  • Usage Data: Data on card use, such as points collected, is stored.
  • Location Data: If enabled, anonymized location data is used to deliver location-based content and advertising.

With your consent, we may collect additional information:

  • Registration Data: Name, email, and optional details like phone number for registration and card processing.
  • Interface Data: Login details for access to partner interfaces, such as point statuses.
  • Personalized Offers: Shared data to deliver customized offers.
  • PAYBACK and CyrexaCard Points & Transactions: Credentials for displaying account details securely.

Purpose and Legal Basis for Processing

We process personal data in accordance with the GDPR:

  • Contract Fulfillment (Art. 6(1)(b) GDPR): Necessary for providing app services.
  • Legitimate Interest (Art. 6(1)(f) GDPR): For app customization, analytics, and operational efficiency.
  • Consent (Art. 6(1)(a) GDPR): Where explicit consent has been provided, particularly for personalized offers and partner access.

Data Sharing

We process most personal data independently but may share it under these conditions:

  • Processors and Partners: To meet contractual needs, with legitimate interest, or with user consent.
  • Categories of Recipients: Internal teams, payment services, marketing tool operators, customer service, and public authorities as required.

Access to Your Data

Only authorized personnel within Cyrexa access your data as necessary to fulfill our obligations. By consenting, you agree to allow data sharing with respective card providers or partners.

International Data Transfer

Data transfer to non-EU countries occurs only if necessary for your service, legally required, contractually stipulated, or upon consent. Third-country service providers are required to uphold EU data protection standards.

Data Retention

We retain personal data as long as necessary to meet contractual and legal obligations. Once these requirements are met, data is routinely deleted unless further retention is mandated for legal purposes.

Your Data Protection Rights

Under GDPR, you have the right to access, correct, delete, or restrict your data. You may also object to data processing and have the right to data portability and to lodge complaints with supervisory authorities.

Opt-out Notice: You may withdraw consent at any time. This does not impact data processed before the opt-out.

Data Provision Requirements

To initiate and maintain our business relationship, certain data must be provided. Without this, we may be unable to fulfill our contractual obligations.

Automated Decision-Making

We do not perform fully automated decision-making under Article 22 GDPR, although partial automation may occur for payment services.

Profiling

To enhance app experience, some data is processed automatically to recommend products and offers. Profiling supports market research and customized advertising within the app.

Privacy Policy for Payment Services

The following information is specific to our payment services:

  • Data Collection: Identity, KYC, financial and transaction data are collected for verification and service provision.
  • Third-party Sharing: Data may be shared with entities like Mastercard for tokenization and transaction processing.
  • Data Retention: Identity and transaction records are retained for up to 10 years.
  • Automated Decisions: Partially automated profiling may be used to screen for fraud, sanctions, and money laundering risks.

If you have questions regarding this policy, please contact our customer support team.

cyrexa logo black
Cyrexa UAB, Didžioji g. 18,
Vilnius 01128, Lithuania
Products
Personal
Business
Pricing
Company
About
Security
Contact
Copyright © 2024 Cyrexa UAB. All Rights Reserved.
arrow-right linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram