Privacy Policy
Last updated: 05.12.2024.
This Privacy Policy defines the purpose and scope of processing personal data of Lova service users and describes how we collect, use, process, and disclose user personal data, including personal data related to your access and use of the Lova digital wallet.
By accepting the Business Rules and Terms of Use for the Lova.ba payment transaction module, along with this Privacy Policy, the User agrees to the collection, use, processing, storage, and disclosure of data in accordance with this Privacy Policy.
The personal data we collect, use, process, and store is used to improve the use of the Lova.ba application and modules. We will not use, share, or disclose any personal data of the User to any third party, except as described in this Privacy Policy.
PERSONAL DATA PROCESSOR INFORMATION
Business Name: "Digital Money Transfer" Limited Liability Company Banja Luka.
Abbreviated Business Name: "Digital Money Transfer" d.o.o. Banja Luka (hereinafter: DMT)
Translation: "Digitalni prenos novca" d.o.o. Banja Luka
Registered Office: Banja Luka, Braće Pantića Street 2
Registration ID: 11209505
JIB: 4404773650002
PIB: 404773650002
Account Number: 572-106-00016375-55 with "MF Banka" a.d. Banja Luka
Registration Number: 057-0-Reg-21-001578 at the District Commercial Court in Banja Luka
Primary Activity: 66.19
Tel/Fax: +387 51 981 444
Website: www.lova.ba
email: info@lova.ba
Privacy Contact Person: Boris Majstorović
e-mail: boris.majstorovic@lova.ba
LEGAL BASIS FOR PERSONAL DATA PROCESSING
All personal data processing must be lawful, and data collected for precisely defined processing purposes.
a) Processing is necessary for compliance with a legal obligation
DMT is subject to special regulations under which we are obliged to collect certain data about the data subject. The collection, retention, processing, and use of personal data are carried out in accordance with the Law on Personal Data Protection ("Official Gazette of BiH" numbers 49/06, 76/11, and 89/11), the Law on Electronic Money of the Republic of Srpska ("Official Gazette of the Republic of Srpska", number 1/24), and the Law on Prevention of Money Laundering and Financing of Terrorist Activities ("Official Gazette of BiH" no. 13/24). Personal data will not be used outside the purpose for which it was collected, except for the needs of criminal proceedings or other proceedings, in the manner prescribed and regulated by law.
b) Processing is necessary for the performance of a contract or for taking pre-contractual steps
A natural and legal person has the right to refuse consent for the processing of personal data, which will result in the inability to establish a business relationship with DMT, and if one has already been established, it may lead to the termination of the business relationship. The user has the right to access personal data and the right to request the correction of personal data relating to them.
c) Processing is necessary for the fulfillment of legitimate interests
DMT has legitimate interests in processing personal data when it is necessary for risk management, achieving the highest level of information security and protection of confidential information, individuals, and assets, for administrative and other legitimate business needs. When determining legitimate interests, DMT always ensures that these interests do not override the rights and freedoms of the User.
d) Significant public interest
DMT processes biometric data (specifically processed fingerprints and facial scans) when necessary for the unambiguous identification of the user in case of a mobile phone change or loss. DMT is obliged to prevent fraud and provide support to application users if they become victims of fraud.
e) Processing is based on consent
Consent is not always required for data processing to be lawful. With consent, the data subject freely and voluntarily agrees to data processing and can withdraw consent at any time without negative consequences.
CONSENT FOR PERSONAL DATA PROCESSING
The data subject accesses registration at their own request to fulfill obligations regarding payment transaction intermediation, in accordance with Article 6 of the BiH Personal Data Protection Law.
By using the website and mobile application and by registering, the user voluntarily provides consent for the processing of their registered personal data.
The user expressly agrees and authorizes DMT to collect, store, update, verify, and process their personal data, the personal data of their authorized representatives and other related persons (based on their consent), as well as all other information necessary for the purpose of fulfilling business relationships.
*Please note that minors cannot be users of the application.
Employees of Digital Money Transfer d.o.o. Banja Luka access personal data in accordance with their authorizations and assigned data access rights.
The Processor may disclose personal data to third parties if such an obligation to transfer and/or disclose data is imposed by positive legal regulations (e.g., criminal legislation, anti-money laundering and counter-terrorism financing regulations, regulatory bodies, etc.).
CATEGORIES OF PERSONAL DATA PROCESSED BY DMT
For easier understanding, we have grouped the personal data we process into the following categories:
a) Identification data:
For legal entities: name of the legal entity, registered office of the legal entity, registration number of the legal entity, first and last name of the authorized representative of the legal entity, residential address of the authorized representative of the legal entity, date and place of birth of the authorized representative of the legal entity, and JMBG (Unique Master Citizen Number) of the authorized representative of the legal entity.
For natural persons: first and last name, residential address, date and place of birth, citizenship, JMBG (Unique Master Citizen Number), identification document number, name of the issuing authority for the identification document.
- KYC data: data on the origin of money or assets, employment data, user's annual income, investment goals, account funding method, frequency and amount of deposits and withdrawals, place of tax payment, tax identification number, whether the user is a politically exposed person, as well as other data related to the User that may be relevant for the business relationship to be established.
- Contact information: phone number, email address
- Biometric data: fingerprint or facial scan processed by special technical means that enable or confirm unique User identification.
- Bank account and transaction data: User's transaction account number and bank name, data on transactions within the Lova application related to deposits, sending and/or receiving money, payment for services of contractual partners, other payments, and cash withdrawals. Data includes transaction date and time, amount, currency, details of the person (legal or natural) being paid, details of the merchant, partner/distributor, or payout location associated with the transaction, sender's and recipient's name.
- Data on system technical settings and Lova application usage: IP address, operating system used, type of mobile device and/or computer, browser type and version, browser and/or mobile device language, etc.
- Geolocation:approximate or precise location of the User
- Anonymous data: DMT also collects and processes non-personal data (your internet browser type, your internet service provider's name, websites you have visited, etc.) to ensure the highest quality of service. For these purposes, various technologies are used, such as cookies, Google Analytics, etc., which enable the personalization of provided services or the processing of anonymized data. Cookies are generally classified as "session" cookies or "persistent" cookies. Session cookies are not retained on your computer after you close your browser. Persistent cookies remain on your computer until you delete them or until their expiration date.
ACCESS AND USE OF PERMISSIONS ON YOUR MOBILE DEVICE
The mobile application does not share or disclose data to third parties, except for the data required for registration, digitization, payment, and processing of transaction details as described below.
For the Lova mobile application to function correctly, it requires access to the user's mobile device data and components as described below.
Find accounts on the mobile device
Account access is required for the mobile application due to compatibility.
Read device status and identity
The application requests this permission for security reasons.
View network connections, full network access, view Wi-Fi connections, and retrieve data from the Internet
Internet access is required for the mobile application to function.
Preventing the device from entering standby mode
The mobile application requests access to this permission to prevent the device from entering standby mode during the payment process.
Vibration control
The mobile application requests this permission to send feedback to the User.
Using the fingerprint or facial recognition option on the device
The app requests this permission to enable fingerprint or facial recognition authentication for logging into the application.
Access to the mobile device's camera
The application requests permission to access the mobile device's camera to enable the QR code scanning function.
NFC Management
The application requests permission to communicate using NFC technology for communication with a POS terminal.
Geolocation
The application requests permission to access the user's device GPS location.
HOW WE USE THE DATA WE COLLECT
DMT uses, stores, and processes data, including personal data, about you and your device to provide the following services:
- Confirming and verifying data or identification information you have provided;
- Authenticating your access to the mobile application;
- Registration of an electronic wallet within the mobile application;
- Executing and monitoring your payment transactions;
- Enforcement of our legal rights.
DATA PROCESSING SECURITY
DMT implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, which includes:
- encryption of personal data;
- ensuring the ongoing confidentiality, integrity, availability, and resilience of processing systems and services;
- the ability to timely restore the availability of and access to personal data in the event of a physical or technical incident;
- regular testing of technical and organizational measures to ensure processing security.
RECIPIENTS OF PERSONAL DATA
Personal data will be provided to competent authorities as part of their supervisory and other duties, e.g., the Financial Intelligence Department (FID) - SIPA or the Banking Agency of the Republic of Srpska.
In specific situations, DMT will, upon request, provide the requested data to other authorized public bodies within the scope of investigations and other official procedures, e.g., the Ministry of Internal Affairs of the Republic of Srpska.
For the execution of financial transactions, DMT collaborates with verified partners for processing payment and card transactions.
DMT also uses other services necessary for proper business operations, such as IT support, consulting and legal services, postal services, etc. In certain situations, specific personal data may be provided to the providers of these and similar services.
Special personal data processing agreements have been concluded with all business partners and service providers, defining mandatory protection measures to ensure the confidentiality, integrity, and availability of personal data and other confidential information.
PERSONAL DATA RETENTION PERIOD
The retention period for certain categories of personal data primarily depends on DMT's legal obligations.
In accordance with the Law on Prevention of Money Laundering and Financing of Terrorist Activities, DMT is obliged to store data collected for the purpose of user identity verification for 10 years after the termination of the business relationship.
In accordance with the Law on Prevention of Money Laundering and Financing of Terrorist Activities and the Law on Electronic Money of RS, DMT is obliged to store data collected for the purpose of recording user transactions for 10 years after the termination of the business relationship.
Other data necessary for providing the service and ensuring the smooth use of the Lova application are stored for the duration of the business relationship between DMT and the User.
Data collected and processed based on DMT's legitimate interests are stored for a limited period, exclusively until the purpose for which they were collected has been achieved.
RIGHTS OF DATA SUBJECTS/USERS
Data subjects have the following rights regarding the processing of personal data:
- Right to information about processing, as well as access to and a copy of the data;
- Right to rectification of inaccurate and/or completion of incomplete data;
- Right to erasure of data (if there is no longer a legal basis for further processing or storage)
If applicable, depending on the method of data processing and legal basis, data subjects also have the following rights:
- The right to restriction of processing;
- The right to data portability;
- The right to object to processing based on DMT's legitimate interest;
- The right to withdraw previously given consent for data processing;
- The right to object to decisions based solely on automated processing that have a significant legal impact on the data subject.
For exercising other available rights or for other related inquiries and information, Users can contact customer support at the email address: podrska@lova.ba
Users can also file a complaint with the Personal Data Protection Agency in Bosnia and Herzegovina, Kralja Petra I Karađorđevića, 78 000 Banja Luka, at the email address azlpinfo@azlp.ba.
LOCATION OF PERSONAL DATA PROCESSING
DMT uses its servers located in Bosnia and Herzegovina to store users' personal data and does not intend to transfer it outside of Bosnia and Herzegovina.
FINAL PROVISIONS
Any use of the Lova mobile application and website is subject to the terms and conditions described on this page.
If you have any questions or concerns regarding our collection, use, or disclosure of your personal data, please contact us at info@lova.ba.
DMT may change the content of this privacy statement at any time without prior notice or user consent. Any changes to the privacy statement will be published on this page and in the mobile application. In this regard, we may occasionally send you push notifications to your device for important application updates or other information related to the use of the application.
DOCUMENT VERSION
Last updated: 05.12.2024.