INFORMATION NOTICE ON CONSENT TO TRANSFER PERSONAL DATA

This information notice explains how NEO Finance, AB (which operates the payment initiation and Neopay account information service) processes your personal data when you give your consent to transfer account information service (AIS) data to third parties.

NEO Finance, AB (hereinafter referred to as the Company, we) is the controller of your personal data (legal entity code 303225546, address Ukmergės St. 126, Vilnius) when this data is obtained and processed in the course of providing the account information service (AIS).

What personal data will we transfer?

When you initiate the provision of the Account Information Service and agree to give us access to your account information, and by your active actions express your consent to the transfer of your account data to third parties, the Company may process the following categories of data:

• Payment account numbers and balances, other data provided by the account management institution (e.g., name, surname);

• Transaction history and details of payment recipients;

• Identification details of the bank where the account is held;

• Details related to your consent (date, duration, purpose of transfer).

What is the legal basis for data transfer?

Your data will only be transferred to third parties with your explicit consent, given freely in accordance with Article 6(1)(a) of the GDPR (consent of the data subject), which you express in the account information service initiation window (by ticking the appropriate box).

Due to the principle of data minimization, we do not ask you to identify yourself or provide your identification data to the Company, therefore we are unable to determine whether you are a customer of the Company and ensure a secure channel through which the account data could be transferred directly to you. In this case, the only legal and technically feasible way to transfer the received data is with your explicit consent for the Company to transfer it using a secure channel to the third party from whose environment you were redirected to the environment of the Company for the provision of the account information service. If such consent is not given, the Company has no legal basis to perform the transfer, and therefore the Account Information Service cannot be provided.

To whom may your personal data be transferred?

Your personal data will only be disclosed to the specific data recipient specified in the consent form (usually a third party from whose environment you were redirected to the environment of the Company for the provision of account information services and to whom you must provide information so that they can provide you with specific services).

Third parties to whom data may be transferred include:

• financial technology companies (providing budget analysis tools, credit assessment platforms);

• credit institutions or other payment service providers;

• Other third parties for whose services you initiate the account information service.

• Catego SIA, (https://catego.app/, registration number of the company 40203507934) – if the data recipient (third party) has entered into an agreement with Catego to categorize your account data according to criteria agreed with the data recipient (Catego acts as the processor of data for the data recipient and processes your data according to the instructions of the third party).

Please note that each data recipient will process the data transferred by the Company as an independent data controller or data processor, as defined in its Privacy Policies or other documents providing for the processing of personal data, and it is responsible for determining the purposes and means of data processing (it must ensure appropriate technical and organisational data protection measures).

How long will the data be stored?

The Company stores your data only for as long as necessary:

• for as long as your consent to the transfer of data is valid, and

• for 3 years after the withdrawal of consent or the expiry of its validity – in order to demonstrate compliance with the GDPR and regulatory requirements.

What are your rights?

• You have the right to withdraw your consent at any time using the e-banking system of your bank where you have an account, but please note that withdrawing your consent does not affect the lawfulness of data transfers to recipients that took place before the withdrawal of consent.

• You have the right to access your processed data;

• You have the right to request the rectification of inaccurate personal data;

• You have the right to request the erasure of personal data;

• You have the right to request restriction of the processing of personal data;

• You have the right to transfer (forward) personal data to another data controller;

• You have the right to submit a complaint with the State Data Protection Inspectorate.

You may submit a request to exercise your rights verbally or in writing by visiting the Company at Ukmergės St. 126, Vilnius, or by sending your request by post or using electronic means (by e-mail). For more information about your rights as data subjects and the exercise of those rights, please refer to the Privacy Policy published on our website: https://www.neopay.online/lt/legal/privacy-policy .

If you have any questions about this notice or the processing of personal data, you can always contact the data protection officer of the Company by e-mail: asmensduomenys@neofinance.lt (we recommend specifying that the correspondence is addressed specifically to the data protection officer of the Company)

Your gateway to high conversions and enormous transactions volume

NEO Finance, AB

Ukmerges str. 126, Vilnius

info@neopay.online

Stay ahead with Neopay updates!
Products
Payment InitiationCountries & Banks
Company
AboutContact usBlog
Support & Resources
API DocumentationDemo
Legals
Terms of serviceCookie policyPrivacy policyComplaints procedureLicense
Copyright © 2025 Neopay | All Rights Reserved