Privatumo politika
Investor Privacy Policy
In the present Privacy Policy, we, UAB Eika Asset Management, legal entity code 304094078, registered office address A. Goštauto g. 40A, Vilnius, Republic of Lithuania („Company” or „we”) provide information about how we process your personal data when you use our services.
We are incorporated and domiciled in Lithuania and this Privacy Policy is subject to European Union (EU) and Lithuanian data protection law. If you reside outside the EU, we cannot confirm that our collection and processing of personal data complies with your local data protection laws.
- How do we use your personal data?
The present Section of the Privacy Policy contains the following information:
· the purposes for which we process your data;
· how we use your personal data;
· categories of the data we process;
· the legal grounds for processing; and
· data retention periods.
Further details are set out below:
| PURPOSE | HOW DO WE USE YOUR PERSONAL DATA | PERSONAL DATA | LEGAL BASIS | DATA RETENTION TERM |
| Submission of an application for the conclusion of an investment unit purchase agreement | If you decide to purchase units in a mutual fund, you will need to fill in an application form with your personal details. | Where the application is filed by a natural person: name, surname, address, personal identification number, telephone number, email address, account number, bank, code, SWIFT, address, investment amount.
Where the application is filed by a legal entity: name, address, legal entity code, telephone number, e-mail address, account number, bank, code, SWIFT, address, investment amount. Where the application is filed by a representative, additionally, the name, surname, address, personal identification number, telephone number, e-mail address and the grounds for the representation. |
Performance of a contract (Article 6(1)(b) of the GDPR). | For the entire duration of the operation of the collective investment undertaking and for 3 (three) years after its termination. |
| Anti money-laundering and terrorist financing | We will process your data in order to get to know our customer and thus ensure the prevention of money laundering and terrorist financing. | Where completed by a natural person: name, surname, e-mail address, telephone number, personal identification number, date of birth (if no personal identification number available), residential address, mailing address (if different), country of residence, nationality, type of identity document, number of identity document, date of issue of identity document, date of validity, issuing authority, basis of representation, information on the client’s family members, information on the client’s experience and knowledge, income and assets, information on residency, information on the beneficial owner/beneficiary of the funds, information on the client’s political vulnerability.
Where completed by a legal person: name, legal form of the legal person, legal entity code, date of registration of the legal person, registration extract and date of issue, address of the registered office, address of the actual place of business, address for correspondence (if different), country of residence, website address, telephone number, e-mail address, name of the representative, e-mail address, telephone number, personal identification number, date of birth (in case no personal identification number is used), address of residence, correspondence address (if different), residence country, nationality, type of personal document, personal document number, date of issue, expiry date, issuing authority, basis of representation, name of the head of the legal person, personal identification number, date of birth (if no personal identification number), nationality (in case of statelessness, the country of issue of the identity document), information on the experience and knowledge of the representative, information on the client’s activities, information on financial transactions and movements of funds, information on the management structure of the client, information on the beneficiary of the client, information on political vulnerability. |
Compliance with a legal obligation (Article 6 (1) (c) of the GDPR | 8 (eight) years from the date of termination of the transaction or business relationship with the client. |
| Conclusion of an investment contract | We will process your personal data to conclude an investment contract with you. | Where the contract is concluded by a natural person: name, surname, address, personal identification number, telephone number, e-mail address, account number, bank, code, SWIFT, address, investment amount. Where the contract is concluded by a legal person: name, address, legal entity code, telephone number, e-mail address, account number, bank, code, SWIFT, address, investment amount. Where the contract is concluded by a representative, additionally, the name, surname, address, personal identification number, telephone number, e-mail address and the grounds for the representation. | Performance of a contract (Article 6(1)(b) of the GDPR). | 10 (ten) years after the termination of the contract. |
| Conclusion of a share purchase/sale agreement | We will process your personal data in order to enter into a share purchase agreement with you. | Where the contract is concluded on behalf of a natural person: name, surname, address, personal identification number, number of shares to be sold, bank account number, telephone number, email address of the previous investor and/or the new investor.
Where the contract is concluded on behalf of a legal person: name, address, personal identification number, number of shares to be sold, bank account number, telephone number, email address of the previous investor and/or the new investor. |
Performance of a contract (Article 6(1)(b) of the GDPR). | 10 (ten) years after the termination of the contract. |
| Conclusion of an investment unit purchase/sale agreement | To conclude an investment unit purchase/sale agreement with you, we process the personal data as specified herein. | Where the contract is concluded on behalf of a natural person: name, surname, address, personal identification number, number of investment units to be sold, bank account number, telephone number, e-mail address of the previous investor and/or the new investor. Where the contract is concluded on behalf of a legal entity: name, address, personal identification number, number of investment units to be sold, bank account number, telephone number, email address of the previous investor and/or the new investor. | Performance of a contract (Article 6(1)(b) of the GDPR). | 10 (ten) years after the termination of the contract. |
| Conclusion of an agreement on the assignment of obligations | To conclude an agreement on the assignment of obligations with you, we process the personal data as specified herein. | Where the contract is concluded on behalf of a natural person: name, surname, address, personal identification number, telephone number, email address, account number, bank, code, SWIFT, address, investment amount. Where the contract is concluded on behalf of a legal person: name, address, legal entity code, telephone number, e-mail address, account number, bank, code, SWIFT, address, investment amount. Where the contract is concluded by a representative, additionally, the name and surname of the agent, basis for the representation. | Performance of a contract (Article 6(1)(b) of the GDPR). | 10 (ten) years after the termination of the contract. |
| Sending of request letters | We process your personal data so that after the conclusion of the contract we can send you a request letter stating the amount to be transferred. | Name, surname, email address, residential address, amount requested to be transferred. | Performance of a contract (Article 6(1)(b) of the GDPR). | Within the term of the contract to acquire investment units (shares) in the collective investment undertaking. |
| Conclusion of a share subscription contract | We process the data in order to be able to enter into a share subscription contract with you. | Name, surname, personal identification number, residential address, number of shares to be subscribed. | Performance of a contract (Article 6(1)(b) of the GDPR). | 10 (ten) years after the termination of the contract |
| Conclusion of a shareholder contract | We process your personal data in order to conclude a shareholder contract. | Name, surname or the name of legal entity, personal identification number or legal entity code, address of residence or registered office, name and title of the representative. | Performance of a contract (Article 6(1)(b) of the GDPR). | 10 (ten) years after the termination of the contract |
| Holding of issued/redeemed units/shares in securities accounts | We will process the data in order to manage your personal securities accounts. | The investor’s name, surname, personal identification number, internal investor code assigned by the management company, address, bank account number, transaction date, settlement date, transaction type, as well as the amount to be invested/redeemed, total shares of the investment company to be subscribed/redeemed, and the unit price in euro or total units to be subscribed/redeemed and the unit price in euro. | Performance of a contract (Article 6(1)(b) of the GDPR). | Within the term of the contract to acquire investment units (shares) in the collective investment undertaking. |
| Joining the investment area | Once you become an investor, we’ll provide you the access to the investor area. | The investor is assigned a password. | Performance of a contract (Article 6(1)(b) of the GDPR). | Within the term of the contract to acquire investment units (shares) in the collective investment undertaking. |
| Managing of business correspondence with the client | If you contact us with a question of interest to you, we will process your data in order to provide you with a quality response. | Date, email address, other information will be provided in the letter. | Consent (Article 6 (1) (a) of the GDPR | 5 (five) years from the date of termination of the transaction or business relationship with the client. |
| Periodic screening of investors | We process your personal data to ensure that the information you provide is still factually correct. | Name, surname, address, email address, details of changes. | Performance of a contract (Article 6(1)(b) of the GDPR). | Within the term of the contract to acquire investment units (shares) in the collective investment undertaking. |
| Provision of data to the STI on persons who are residents or non-residents of Lithuania for tax purposes and have securities accounts in Lithuania | Where for tax purposes you are a Lithuanian or non-Lithuanian resident and wish to avail yourself of our services, we will be obliged to provide your personal data to the STI. | Account, account balance, MIN/TIN of account holder, date of birth, country of birth code, tax country of the account holder, name of the account holder, address of the account holder, country of address code, type of account holder (for legal persons only), controlling person of the account holder, type of controlling person, country of tax country code of the controlling person, name, address of the controlling person, country of address code, country of birth code. | Performance of a contract (Article 6(1)(b) of the GDPR). | Within the term of the contract to acquire investment units (shares) in the collective investment undertaking. |
| Securing shareholder rights in relation to paying the dividends. | We process personal data in order to be able to pay dividends. | Name, surname or name of the legal entity, personal identification number or legal entity code, address, telephone number, signature, bank account details. | Performance of a contract (Article 6(1)(b) of the GDPR). | 10 (ten) years after the termination of the contract |
| Securing shareholder rights when voting at a general meeting of shareholders | We process personal data to enable you to vote at a general meeting of shareholders. | Name, surname or name of the legal entity, personal identification number or legal entity code and address. | Performance of a contract (Article 6(1)(b) of the GDPR). | 10 (ten) years after the termination of the contract |
| Taking minutes of general meetings of shareholders | We take minutes of general shareholders’ meetings and therefore need to process the relevant personal data. | Decisions and minutes of the general meeting of shareholders, their annexes, early voting ballots, comments to the minutes and other documents in which the shareholder expresses his/her will as part of exercising shareholder rights, and the data recorded therein, including the shareholder’s attendance/absence at the general meeting of shareholders, the issues proposed by the shareholder at the general meeting of shareholders, the matters discussed by the shareholder, draft resolutions submitted, the shareholder’s will (vote) on the issues discussed at the general meeting of shareholders, other information contained in the decisions, the minutes and comments of the general meeting of shareholders, and other documents submitted by the shareholder to the company expressing his/her will, opinion, the power of attorney issued by the shareholder, and the signature of the shareholder. | Compliance with a legal obligation (Article 6 (1) (c) of the GDPR). | 10 (ten) years after the general meeting of shareholders. |
| Submission of shareholder lists to the State Enterprise Centre of Registers. | We process the data because we are obliged to provide personal data to the Centre of Registers. | Where the shareholder is a natural person: name, surname, personal identification number, address, date of birth and issuing country (if the shareholder is a foreigner).
Where the shareholder is a legal person: the name, legal form, code, registered office and the name, surname, personal identification number, place of residence or address for correspondence of the representative of the legal person. |
Compliance with a legal obligation (Article 6 (1) (c) of the GDPR). | Within the validity of the shareholder contract. |
| Submission of the beneficiary lists to the State Enterprise Centre of Registers. | We process the data because we are obliged to provide personal data to the Centre of Registers. | Beneficiary’s name, date of birth, personal identification number, country of issue of the identity document, place of residence, ownership and extent of ownership (percentage of shares, percentage of voting rights) or other control rights (Chairman of the Board of Directors, member of the Board of Directors, Director, senior manager, other positions, percentage of voting rights transferred). | Compliance with a legal obligation (Article 6 (1) (c) of the GDPR | Within the validity of the shareholder contract. |
| Inquiry management | We will process your data in order to respond to your inquiries. | E-mail address, inquiry text. | Consent (Article 6 (1) (a) of the GDPR | 2 (two) years after the most recent communication. |
| Direct marketing | We process your personal data in order to send you direct marketing messages. | E-mail address | Consent (Article 6 (1) (a), where direct marketing communications are sent to potential customers, and legitimate interest (Article 6(1)(f) of the GDPR) where communications are sent to existing customers. | 1 (one) year after the withdrawal of consent, for direct marketing communications sent to potential clients, or during the term of the collective investment undertaking’s investment unit (share) purchase agreement, for communications sent to existing clients. |
| Defence of legal claims | We may process the data of the persons involved in the case or their employees in order to protect our rights, including, but not limited to, in the event of civil litigation. | All data processed for the purposes set out above. | Legitimate interest (Article 6 (1) (f) of the GDPR). | 1 (one) year after the final settlement of the case and the full satisfaction of the Company’s claims (if any). |
| Audit | Our Company is subject to an audit of our activities and we may, in certain cases, process your personal data for the purpose of the audit. | All data processed for the purposes set out above. | Legitimate interest (Article 6 (1) (f) of the GDPR). | 1 (one) year after the completion of the audit. |
- cookies
Cookies are small text files that are temporarily stored on the hard drive of your device. Cookies generally do not contain any information that would allow to personally identify the user, but your personal data that we store may be linked to the information stored in and derived from cookies.
We use the following cookies:
- essential cookies: these cookies are necessary to support the basic functions of the website and cannot be disabled;
- analytical cookies: these cookies allow us to track and analyse traffic from different sources, which helps us to improve the overall performance of the website.
More information about the cookies we use is provided below:
| NAME OF THE COOKIE | PROVIDER | PURPOSE | TYPE | VALIDITY TERM |
| grav-site-* | EAM | Standard cookie used to support the user’s session | Essential cookies | Up to the end of the session |
| cookiebar | EAM | Cookie used to remember cookie preferences. | Essential cookies | Expires after 31 days |
| __gid | Google Analytics | Cookie used by Google Analytics to distinguish between users | Analytical cookie | 24 h |
| __gat | Google Analytics | Cookie used by Google Analytics to limit the inquiry frequency. | Analytical cookie | Up to the end of the session |
| __ga | Google Analytics | In most cases, this cookie is used to identify unique visitors to a page and is updated on each page view. It is also given a unique identifier which Google Analytics uses to ensure the cookie’s validity and availability as an additional security measure. | Analytical cookie | Expires after 2 years |
- Whom do we provide your personal data to?
· Swedbank or Orion Securities when we manage a securities account on your behalf.
· The State Tax Inspectorate (hereinafter, the STI) if you are a resident or non-resident of Lithuania for tax purposes.
· Persons connected with the provision of the Company’s services: (i) accounting and financial service providers; (ii) anti-money laundering and anti-terrorist financing service providers; (iii) IT, hosting, cloud computing service providers; (iv) legal and compliance service providers; and (v) auditing companies.
· Your personal data may be provided to any competent law enforcement authority, supervisory authority, government agency, court or other third party, such as, but not limited to, the police, financial supervisors, tax authorities, social security agencies, the Bank of Lithuania, the State Enterprise Centre of Registers, if the disclosure of your personal data is necessary (i) pursuant to any applicable law or regulation, or (ii) in order to enforce, establish, or defend our legal rights.
Except as provided in this Privacy Policy, we do not share your personal data with any other third parties.
The list of recipients or categories of recipients set out in this Privacy Policy is subject to change, so if you wish to be informed of changes to the recipients of your personal data, please notify us at the email address set out in this Privacy Policy, indicating „I wish to be informed of changes to the recipients of my personal data; your name and surname”.
- Data transfer to third countries
From time to time, we may need to transfer your personal data to other countries outside the European Economic Area, which may have less strict data protection policy. In such cases, we will do our best to ensure the security of the personal data transferred.
If we send your personal data to countries outside the European Economic Area, we will ensure that one of the following security measures is in place:
· the contract signed with the recipient will be based on the Standard Contractual Clauses approved by the European Commission.
· the recipient is located in a country for which an adequacy decision has been issued by the European Commission.
· the transfer of personal data has been authorised by the State Data Protection Inspectorate in accordance with the terms of the contract between the controller or processor and the controller, processor or recipient of the personal data in a third country or an international organisation.
- Security of your personal data
Your personal data will be processed in accordance with the General Data Protection Regulation, the Law on Legal Protection of Personal Data of the Republic of Lithuania and other legal requirements. When processing your personal data, we implement organisational and technical measures to ensure the protection of personal data against accidental or unlawful destruction, alteration, disclosure, as well as against any other unlawful processing. The staff involved in the processing of personal domains shall store documents and data files properly and securely and avoid making unnecessary copies. Copies of documents containing your personal data shall be destroyed in such a way that the documents can no longer be retrieved in any way or its contents identified.
The Company shall ensure the security of the premises where personal data is stored, the proper placement and review of technical equipment, compliance with fire safety rules, proper network management, maintenance of information systems and the implementation of other technical measures necessary to ensure the protection of the personal data.
Computer files containing personal data on computers are not accessible to other computer users. The computer itself is protected by a password known only to the person working on that computer with the anti-virus software regularly updated.
Paper documents (printed documents) and copies containing personal data are stored in archives. The Company keeps documents in a financial document archive and an archive of other documents.
- Your rights
This Section of the Privacy Policy contains an overview of the rights you have under data protection law. As the implementation of some rights is a challenging task, this Privacy Policy is intended to cover only the main points. We invite you to consult the relevant legislation and the supervisory authorities’ guidelines in order to be fully informed about the relevant data privacy rights.
The main rights granted to you under data protection law are: (i) data access right; (ii) the right to request data rectification; (iii) the right to erasure; (iv) the right to restrict the data processing; (v) the right to object to processing; (vi) the right to data portability; (vii) the right to lodge a complaint with a supervisory authority; (viii) the right to withdraw consent.
Data access right. You have the right to obtain confirmation from us as to whether we are processing personal data relating to you and, in the case of processing, to have access to the personal data we are processing as well as to certain supplementary information. This additional information includes the purposes of the processing, the categories of personal data and the data recipients. Unless it would infringe the rights and freedoms of others, we will provide you with a copy of your personal data upon your request. We will provide the first copy free of charge, but we may charge a reasonable fee for additional copies to cover administrative costs.
Right to request data rectification. You have the right to have inaccurate personal data rectified and, in accordance with the purposes of the processing, or supplemented in case the data is incomplete.
In certain cases, you have the right to have your personal data erased. These situations include the cases when: (i) the personal data is no longer necessary for the purposes for which it was processed; (ii) you withdraw your consent and there is no other legal basis for the processing; (iii) you object to the processing on the basis of the provisions of the applicable law; (iv) the data is processed for the purpose of direct marketing; or (v) the data processing is unlawful. However, please note that in some cases you may not be able to exercise this right due to exceptions. These exceptions include cases where the data is necessary: (i) to exercise freedom of expression and information; (ii) to comply with legal obligations to which we are subject; or (iii) to assert, exercise or defend legal claims.
In some cases you have a right to restrict the data processing. These situations include the cases when: (i) you contest the accuracy of the data; (ii) the processing is unlawful, but you do not want the data to be erased; (iii) we no longer need the personal data, but you need the data to establish, exercise or defend legal claims; (iv) you object to the processing on grounds of public interest or legitimate interest, pending an assessment of the validity of the objection. In the event of a restriction on the processing of your data, we will continue to protect your data, but will no longer process it, unless:
(i) we have your consent; (ii) for the establishment, exercise or defence of legal claims; (iii) for the protection of the rights of others; (iv) for important public interest purposes.
You have the right to object to the processing of your personal data on the basis of your particular situation where we process your personal data for public interest purposes or on the basis of our legitimate interest or that of third parties. If you object to such processing of your personal data, we will no longer process your relevant personal data unless we can demonstrate that such processing is carried out for compelling legitimate reasons which override your interests, rights and freedoms. We may also continue to process such data in order to assert, exercise or defend legal claims.
You have the right to object at any time to the processing of your personal data for direct marketing purposes. If you object to such processing of your personal data, we will no longer process your relevant personal data for this purpose.
Right to data portability. To the extent that the legal basis for processing our data is: (I) your consent, or (ii) the performance of a contract or pre-contractual actions carried out at your request, you have the right to receive your personal data in a structured, commonly used and machine-readable format. However, you will not be able to exercise this right if that can adversely affect the rights and freedoms of others.
In case you believe that we are violating data protection legislation by processing your personal data, you have the right to lodge a complaint with the State Data Protection Inspectorate, whose registered office is located at L. Sapiegos g. 17, 10312 Vilnius, tel. (8 5) 271 28 04, 279 1445, fax: (8 5) 261 9494, e-mail: ada@ada.lt, website address: https://vdai.lrv.lt/.
In cases where the data is processed based on your consent, you have the right to withdraw your consent at any time. The withdrawal of the consent will not affect the lawfulness of the processing of your data prior to the withdrawal.
- Liability
You are responsible for maintaining the confidentiality of the data you provide to us and for ensuring that the data you provide to us is accurate, correct and complete. If there are any changes to the data you have provided, you must notify us immediately by e-mail. In no event shall we be liable for any damage caused to you as a result of you providing incorrect or incomplete personal data or failing to inform us of any changes to such data.
- Changes to the Privacy Policy
We will notify you of any material changes to this Privacy Policy by e-mail. Last amended on 10-02-2025
- Contacts
We will make every effort to answer any questions or quickly resolve any issues related to your privacy.
We welcome all comments, queries and requests relating to the use of your personal data. You can contact us by e-mail: info@eam.lt