Privacy Policy

Download Privacy Policy (PDF)




This Privacy Policy (hereinafter referred to as the Policy) contains basic information about the processing of your personal data when you communicate with UAB SME Finance (hereinafter referred to as the Company or we) or when you intend to use or already use our services, as well as when you apply for the job positions we offer.


We are the data controller of your personal data, i.e.:


UAB SME Finance
Legal entity code 304254910
Registered office address Antano Tumėno St. 4-15, Vilnius, Lithuania
E-mail address [email protected]
Telephone number (8-634) 11 115
Data Protection Officer (DPO) e-mail [email protected]


The subject of the personal data we process is you, i.e. a natural person (a person applying for the job positions offered by us, an employee, an employee’s family member, a member of a management body, a shareholder) and a representative of a legal entity seeking to conclude a contract with us for the services we provide, a company manager, a shareholder, a board or other collegial body member, guarantor, beneficial owner, etc.


Personal data shall be understood as any information about yourself that you have provided yourself, or that has been obtained from other sources, and due to which we are able to identify you. Most often, but not always, such information includes your name, surname, personal identification number or date of birth, contact information, data on the contracts you have concluded with us and the account information contained therein, data on the use of electronic banking, records of conversations when you call us for consultation, or your video data recorded by video surveillance cameras, etc.

If you have any questions related to the processing, use, protection of your personal data or this Policy, please contact the Data Protection Officer of UAB SME Finance. We assure you that we make every effort to protect your personal data.


This Policy may be updated. In such cases, the updated version of the Policy shall be published on the Company’s website.



We process personal data in accordance with this Policy, the General Data Protection Regulation, the Republic of Lithuania Law on Legal Protection of Personal Data, the Republic of Lithuania Law on Electronic Communications and other applicable legal acts, instructions and recommendations of supervisory authorities.


When processing your personal data, we adhere to the principles of legality, fairness, transparency, limitation (reduction) of the scope and time of data processing, accuracy, we do not collect, do not require data subjects to provide, and do not process data that is not necessary.



Procedure for the prevention of money laundering and terrorist financing


We are a financial institution, therefore we must properly implement the requirements for the prevention of money laundering and terrorist financing established by legislation. For this purpose, we shall process your data – representatives of our customers and/or beneficiaries. We carry out money laundering and terrorist financing prevention procedures in accordance with the provisions of legal acts and the Company’s internal procedures.

Before establishing a business relationship with a customer, we determine the identity of such customer’s representative and/or beneficiary.

The personal data required for the purpose of preventing money laundering and terrorist financing must normally be provided directly by you (e.g. the data of your personal identity document, etc.). Nevertheless, we have the right to receive personal data related to you from other legal sources for the aforementioned purpose (e.g. state registers administered by SE Centre of Registers, other databases used for the aforementioned purpose).

For this specific purpose, we store your personal data for up to 8 years from the date of implementation of the transaction or the date of termination of the relationship with the customer.


What data we collect about you


We try to collect as little information about you as possible. In order to carry out activities and provide high quality services, we shall collect the following basic personal data about you (including, but not limited to):


  • Basic personal data: name, surname, personal identification number, date of birth, telephone number, e-mail address, residential address or address for correspondence;
  • Identification data: personal document data, face photograph, IP address, internet bank login data and other browsing information, including data on when and from where you accessed our internet bank and website or other electronic platforms;
  • Data about your transactions and other concluded contracts with our partners UAB SME Bank and our group companies, depending on what services are provided to you;
  • Financial data: origin of funds, country of residence for tax purposes, bank accounts, payment documents, financial obligations, assets, their types and value, credit history and creditworthiness, expenses and income, financial goals;
  • Economic data: your current/former workplace, your economic and commercial activities (the fact that you are a farmer, self-employed, etc.), the stability of your income and other sources of income;
  • Sociodemographic data: sex, marital status, number of dependents and family data;
  • Data about your online behaviour and habits that we determine based on your behaviour on our website, self-service website or using other electronic channels of our group companies or our partners SME Bank (with your consent);
  • Data obtained in compliance with the requirements of legal acts, such as data obtained as a result of inquiries from courts, notaries, bailiffs, law enforcement authorities, etc.
  • Other data, which may be about your debtors/creditors, beneficial owners, data obtained during the transfer of claim rights, as well as, if it is necessary for the service provided, health data shall be collected with your consent, but no other special categories of personal data shall be collected unless you voluntarily disclose them to us.

Provision of services and administration of concluded contracts


When providing our services to our customer, we process your data – the representatives of our customers and/or persons who have provided security measures and beneficiaries – for the purpose and basis of entering into contracts and executing the concluded contracts. Among other things, we strictly comply with the requirements of the legal acts that are applicable to us.


When providing our services to our customers, we may process your personal data specified in the application (e.g. contact data) of the customer whose representative or beneficiary you are, data related to transactions and the conclusion and execution of contracts, and other personal data necessary for the provision of our services. In all cases, we shall process the data of our customers’ representatives (or persons who have provided security measures, or beneficiaries) only to the extent and in the manner necessary for the proper provision of services and the implementation of our legal obligations.

In cases where, according to the concluded contracts, the customer, whose representative you are, shall not properly fulfil its obligations to us, as a creditor, we shall have the right to initiate debt collection and administration procedures. For the aforementioned purpose, we may process additional data about our borrowers, their representatives, persons who have provided security measures, e.g. check their creditworthiness, employment, financial situation, available assets, property liens. We may obtain this data from legal sources, such as databases administered by SE Centre of Registers, SODRA, Bank of Lithuania, UAB Creditinfo Lietuva or other sources. Please note that in the event of a delay in fulfilling financial obligations, we may transfer data about the debt of our customer or the guarantor to the credit bureau UAB Creditinfo Lietuva and/or the Bank of Lithuania.


We shall store the data of our customer representatives and other specified natural persons for 10 years from the date of execution of the relevant contract. We may store the data for a longer period of time, if a longer period of storage of the relevant data is established in the legislation, it is necessary to store the personal data for a longer period in order to protect our interests or it is necessary for the proper administration and collection of the debt.


When the Company provides certain services (such as leasing or leaseback services), we may ask you to install a global positioning system (GPS) on the asset you use and which is owned by the Company, and to provide us with access that allows the Company, as a careful owner of that asset, during the period of provision of the relevant services, to check the location of the asset. In the latter case, we shall be able to check the location of the asset belonging to the Company in exceptional cases, if we have knowledge / reasonable suspicion that the asset is at risk (e.g. if we suspect that the asset is being used illegally, is stolen, etc.) and/or the contract concluded with us is not properly performed. In any case, we shall not continuously store data about the location of the asset, and the location of the asset shall be checked in real time. Among other things, if the Company’s suspicions are confirmed and the asset is in fact threatened, the Company may transfer available information about the location of the asset to law enforcement authorities.



You may subscribe to newsletters related to our activities and services on our website. In the latter case, we shall process your personal data for the purpose of direct marketing, i.e. for the purpose of sending relevant newsletters. The basis of data processing shall be your consent, expressed by subscribing to newsletters on our website. For the aforementioned purpose, we shall process your name and e-mail address.

The period of storage of your personal data shall be 3 years from the date of receipt of your consent, unless you withdraw such consent before the end of the specified storage period.

The Company, in accordance with Article 69 (2) of the Republic of Lithuania Law on Electronic Communications, may also process the data of existing customers and their representatives or providers of collateral and for the purpose of direct marketing on the basis of the legitimate interest of the Company.


You shall have the right to unsubscribe from our newsletters at any time. You may do this by clicking on the dedicated link at the bottom of the sent newsletters or by informing us by e-mail at [email protected].



You shall have the option to contact us by e-mail or telephone, as well as submit requests through social media accounts and/or other ways to contact us. In such cases, we shall process the data provided by you in order to administer the requests received from you, ensure the quality of the services provided, among other things, and fulfil various legal requirements and protect our legitimate interests. The basis for the processing of personal data provided by you together with requests shall be the legitimate interest of the Company.


When submitting requests, please comply with at least the minimum requirements for the protection of personal information and do not disclose redundant personal data that is not necessary for the purpose you are aiming for (for processing a request, complaint, request or any other appeal to the Company).


We shall store your data submitted with requests for up to 3 years. However, please note that this period may vary depending on the content, nature and other circumstances of the personal data provided to the Company. Your personal data may be stored by the Company for a longer period if this is necessary for the protection of the Company’s (or other persons’) rights and legitimate interests, the proper administration of your requests, the examination of a complaint or the resolution of a dispute, among other things, and in other cases specified in legal acts.



We may process your personal data that you submit when applying for a job position offered by the Company (e.g. CV, cover letter, etc.). We shall process your personal data on the basis of your consent, which you express by submitting the relevant data.


We shall store your personal data submitted for the purpose of applying for a job position offered by the Company depending on the duration of the specific selection. After the selection is over, the Company shall process your personal data only if you provide separate consent.


If you provide us with your personal data when no selection has been announced, we may store your relevant personal data for up to 1 year, with the aim of using them for the purposes of subsequent personnel selections. You may withdraw your consent to process the data provided by you at any time by informing us by e-mail at [email protected].


When submitting your personal data to us for the use of current or future selections, we would ask you to comply with at least the minimum data protection requirements, i.e. do not provide redundant information that is not relevant or necessary for the evaluation of your candidacy.



When you visit our website or, we may process your IP address, as well as other network data, if you provide it. Such data shall be collected with the help of cookies and/or similar technological solutions on the basis of user consent. Cookies are small files that are sent to the Internet browser you are using and stored on your device (e.g. computer or telephone). Cookies are transferred to your computer the first time you visit our website.


For this reason, our website may “remember” your actions, options, and operations for a certain period of time. Thus, the purpose of cookies is to ensure convenient, safe operation of the website, as well as to analyse the habits of website visitors. This allows us to better adapt the website to the needs of its visitors. Some types of cookies (necessary and analytical cookies) are necessary for the proper functioning of the website, therefore if these cookies are refused, the website may not function properly.


According to their duration, cookies are divided into short-term session cookies (deleted after the visitor ends the browsing session) and long-term cookies (stored for a longer period of time). Cookies may also be classified according to whether they belong to a first party (e.g. a website administrator) or another – a third party (e.g. organisers of online advertising).



The following cookies shall be used on the company’s website:


Necessary technical (mandatory) cookies – cookies which are necessary for the accessibility and operation of the website, helping to analyse the content of the website and mobile application on the visitor’s device. Necessary technical cookies ensure the functionality of the website and mobile application, adapting to the visitor’s needs. Without these cookies, the operation of the website may be disrupted and without them it is impossible to use the website properly, therefore there is no possibility to refuse them. Necessary technical cookies do not collect information about visitors that may be used for marketing.

Analytical – statistical cookies are used to better understand the visitors of the website and to adjust its operation according to the needs of the visitors. These cookies allow you to see the most popular viewed offers, news and similar useful information on the website, help analyse the website’s activity, assess what is done correctly, what works well, and what should be improved, therefore you cannot refuse them. The information collected by analytical cookies is not individualised, it is used in aggregate, but such cookies may be used to assess the effectiveness of advertising campaigns on the website.


The cookies we use are detailed in our Cookie Policy, which you can find on our websites listed above.


You can control the use of cookies by changing your web browser settings. Every browser is different, so if you do not know how to change your cookie settings, we recommend that you get acquainted with its user manuals and instructions.


If you do not want cookies to collect information, refuse the use of cookies in the browser settings. However, some types of cookies (e.g. necessary cookies) are necessary for the proper functioning of the website, therefore if these cookies are refused, the website may lose functionality. More useful information about cookies, how to control and remove them, can be found on the website



In the course of our activities, we may use certain service providers (e.g. companies providing data storage services, companies developing and supporting software, companies providing debt administration services, companies providing communication services, etc.) to whom your personal data may be transferred. We shall transfer your personal data to these relevant persons only when and to the extent necessary for the provision of their respective services.


The Company may also provide your personal data to the following data recipients:


  • state institutions and registers (Bank of Lithuania, Department of Statistics, notaries, courts, bailiffs, law enforcement institutions, etc.);
  • persons administering joint data files of debtors (e.g. UAB Creditinfo Lietuva);
  • other companies when it is necessary for financial accounting, auditing, risk assessment or service provision;
  • The Company belongs to the SME Finance Group group of companies, therefore, in certain cases, the recipients of your personal data may also be other companies related to the Company, belonging to the same group of companies. For example:
    • in the event that, when applying for the Company’s services, you expressed your consent that other companies belonging to the same group of companies (e.g. UAB SME Leasing or UAB SME Loans) could provide you with additional offers for similar services, we may provide your data for the aforementioned purpose (to the extent necessary for that) to this related company (for the submission of the offer). Please note that you may withdraw such consent at any time;
    • in the event that you use various data not only of the Company, but of other companies of the same group of companies and this is necessary for the proper provision of services, the Company may safely transfer your certain data to another related company for the aforementioned purpose (e.g. about a known violation of obligations to a company of the group companies or existing basic data required for the conclusion of the contract, etc.);
  • other third parties related to the provision of our services and/or who have a legal basis to receive such data.

In cases where we have to transfer a certain amount of your personal data to a data recipient located outside the EU/EEA, we aim to ensure that at least one of the following measures is implemented:

  • it is recognised by the decision of the European Commission that the state (in which the data recipient is located) ensures a sufficient level of personal data protection (a decision on suitability has been adopted);
  • a contract is concluded with the recipient of the data in accordance with the standard contract conditions approved by the European Commission;
  • safeguards are implemented in accordance with the applicable codes of conduct or certification mechanism, other safeguards are ensured in accordance with the General Data Protection Regulation.

In all cases, reasonable efforts are made to ensure that personal data is not lost or used illegally while implementing the requirements of legal acts.



As a data subject, you shall have the following rights:


  • To get acquainted with your personal data and how it is processed;
  • To require the correction of incorrect, inaccurate or incomplete data;
  • To request deletion of your personal data;
  • To request the restriction of the processing of your personal data;
  • To request the transfer of your personal data to another data controller or submit it directly in a form convenient for you;
  • To disagree with the processing of your personal data, if they are processed on the basis of legitimate interest;
  • To revoke the given consent to the processing of your personal data.

In order to exercise your rights as a data subject, please contact us in writing by e-mail at [email protected] In your request, please provide information from which we could accurately identify you (e.g. indicate your name, surname, other contact details) and indicate which of your rights you wish to exercise and to what exact extent. If you seek to exercise your rights through a representative, please provide the representative’s name, surname, contact details and attach documents supporting the fact of representation.


If you believe that we process your personal data illegally or otherwise violate your rights related to the processing of personal data, you shall have the right to contact the State Data Protection Inspectorate.


However, before contacting the State Data Protection Inspectorate, we encourage you to contact us immediately (e-mail [email protected]). In this way, we will be able to find the most operative and optimal solution to the problem for both parties together.