MAMANEY ELECTRONIC WALLET FOR PROMISSORY NOTES
Last Updated: February 4, 2026
1. INTRODUCTION
MB Delta analitika (company code 306278454, address V. Nagevičiaus g. 3, Vilnius, Lithuania), operating under the brand name "Mamaney" ("we," "us," or "our"), is committed to protecting your privacy and complying with applicable data protection laws, including Regulation (EU) 2016/679 (General Data Protection Regulation or "GDPR") and the Law on Legal Protection of Personal Data of the Republic of Lithuania.
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our electronic wallet platform for promissory notes. We act as the data controller with respect to the processing of your personal data.
Please read this Privacy Policy carefully. By accessing or using Mamaney, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our policies and practices, please do not use our services.
2. INFORMATION WE COLLECT
2.1 Personal Identification Information
To comply with regulatory requirements, including the Law on the Prevention of Money Laundering and Terrorist Financing of the Republic of Lithuania, and to provide our services, we collect:
● Full name
● Date of birth
● Residential address
● Email address
● Phone number
● National identification number or tax ID
● Copies of identification documents (passport, ID card, driving license)
● Images or videos for biometric verification (if applicable)
● For business users: business registration information, legal representatives' information, ownership structure, and beneficial owners' information
2.2 Financial Information
● Bank account details (Bank account name and Bank account IBAN)
● Information about promissory notes created, transferred, or managed through our platform
● Transaction history
● Payment information
● Financial status information relevant for credit scoring
● Source of funds information (as required by AML regulations)
2.3 Usage Information
● Log data (IP address, browser type, pages visited, time and date of visits)
● Device information (hardware model, operating system, unique device identifiers)
● Location data
● Usage patterns and preferences
● Authentication data
2.4 Communications
● Customer service communications
● Responses to surveys or questionnaires
● Other communications you initiate with us
3. HOW WE COLLECT INFORMATION
We collect information through:
● Direct submission when you register for an account, complete KYC verification, or use our services
● Automated technologies when you visit our website or use our platform, through cookies and similar technologies in accordance with the Law on Electronic Communications of the Republic of Lithuania and the ePrivacy Directive (2002/58/EC)
● Third-party sources, including credit reference agencies, identity verification services, and public databases, in compliance with Article 14 of the GDPR
● Your interactions with our customer service team
4. LEGAL BASIS FOR PROCESSING
In accordance with Article 6 of the GDPR, we process your personal data on the following legal grounds:
● Performance of a contract (Art. 6(1)(b) GDPR): Processing necessary to provide our services under our Terms and Conditions, including account creation, facilitating promissory note transactions, and providing customer support
● Legal obligation (Art. 6(1)(c) GDPR): Processing required to comply with our legal obligations, particularly under the Law on the Prevention of Money Laundering and Terrorist Financing of the Republic of Lithuania, tax laws, and accounting regulations
● Legitimate interests (Art. 6(1)(f) GDPR): Processing necessary for our legitimate interests, such as:
○ Improving our services
○ Preventing fraud and ensuring platform security
○ Developing our credit scoring model
○ Direct marketing to existing customers (subject to your right to object)
● Consent (Art. 6(1)(a) GDPR): Processing based on your specific consent, such as for:
○ Marketing communications to non-customers
○ Processing of certain categories of personal data not necessary for the contract or legal obligations
○ Use of certain cookies not necessary for the functioning of the website
Where we process special categories of personal data (Article 9 GDPR), we do so based on explicit consent or because the processing is necessary for the establishment, exercise or defense of legal claims, or where authorized by Union or Member State law.
5. HOW WE USE YOUR INFORMATION
We use your information for the following purposes:
5.1 Providing and Improving Our Services
● Creating and managing your account
● Processing transactions related to promissory notes
● Facilitating the creation, transfer, and management of e-promissory notes
● Improving and developing our services
● Providing customer support
● Ensuring the technical functionality and security of our platform
5.2 Compliance and Security
● Verifying your identity (KYC procedures) in accordance with the Law on the Prevention of Money Laundering and Terrorist Financing
● Preventing fraud and monitoring for suspicious activities
● Complying with legal obligations, including anti-money laundering regulations, tax laws, and accounting requirements
● Enforcing our Terms and Conditions
● Protecting our rights, privacy, safety, or property
● Responding to legitimate requests from public authorities
5.3 Analytics and Credit Scoring
● Analyzing usage patterns to enhance user experience
● Developing and refining our credit scoring model in compliance with applicable regulations
● Conducting statistical analysis and research
● Creating anonymized or aggregated data sets
5.4 Marketing and Communications
● Sending promotional materials about our services (subject to your consent where required)
● Communicating about updates or changes to our services
● Providing news and information we think may interest you
● Measuring the effectiveness of our marketing campaigns
For each purpose, we process only the personal data that is necessary and proportionate to achieve that purpose, in accordance with the principle of data minimization (Article 5(1)(c) GDPR).
6. DATA SHARING AND DISCLOSURE
We may share your information with:
6.1 Service Providers
● Identity verification services
● Payment processors
● Cloud hosting providers
● IT and system maintenance providers
● Customer support services
● Marketing and communication service providers
All service providers act as our data processors and process data only on our documented instructions and in compliance with this Privacy Policy, the GDPR, and applicable laws.
6.2 Legal Requirements
● Regulatory authorities, including the Bank of Lithuania and the Financial Crime Investigation Service
● Law enforcement agencies
● Courts and tribunals
● Other third parties when required by law
We only disclose personal data to public authorities based on a legal obligation or in response to a legitimate request in accordance with applicable laws.
6.3 Business Transfers
● In connection with a merger, acquisition, or sale of assets, subject to appropriate confidentiality arrangements and in compliance with Article 14 of the GDPR
6.4 Other Users
● Limited information may be visible to other Mamaney users as necessary for the functioning of the platform (e.g., when transferring promissory notes)
We do not sell your personal information to third parties.
7. INTERNATIONAL DATA TRANSFERS
We primarily store and process your data within the European Economic Area (EEA). However, we may transfer your data to service providers or partners outside the EEA. When we do, we ensure appropriate safeguards are in place in accordance with Chapter V of the GDPR, such as:
● EU Standard Contractual Clauses approved by the European Commission
● Adequacy decisions by the European Commission
● Binding Corporate Rules
● Other legally approved transfer mechanisms
We implement appropriate technical and organizational measures to ensure that transfers of personal data outside the EEA receive an equivalent level of protection as within the EEA.
8. DATA RETENTION
We retain your information for as long as:
● Your account remains active
● Necessary to provide our services
● Required to comply with legal obligations
● Needed to resolve disputes or enforce our agreements
Specifically:
● Account information: For the duration of your account plus 8 years (based on civil claims limitation period in Lithuania)
● Transaction data: At least 8 years from the transaction date, as required by accounting and tax laws
● KYC information: At least 8 years after the end of the business relationship, as required by the Law on the Prevention of Money Laundering and Terrorist Financing
● Marketing data: Until you withdraw your consent or object to the processing
After this period, we will securely delete or anonymize your information in accordance with Article 5(1)(e) of the GDPR and our data retention policy.
9. DATA SECURITY
We implement appropriate technical and organizational measures to protect your information, as required by Article 32 of the GDPR, including:
● Encryption of sensitive data
● Multi-factor authentication
● Access controls and permissions
● Regular security assessments and penetration testing
● Staff training on data protection and security
● Incident detection and response procedures
● Business continuity and disaster recovery plans
While we strive to use commercially acceptable means to protect your information, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.
10. YOUR RIGHTS
Under the GDPR and the Law on Legal Protection of Personal Data of the Republic of Lithuania, you have the following rights regarding your personal data:
● Right to information (Articles 13-14 GDPR): Right to be informed about the collection and use of your personal data
● Right of access (Article 15 GDPR): Right to request a copy of the personal data we hold about you
● Right to rectification (Article 16 GDPR): Right to request correction of inaccurate or incomplete data
● Right to erasure (Article 17 GDPR): Right to request deletion of your personal data in certain circumstances
● Right to restriction of processing (Article 18 GDPR): Right to request limitation of processing in specific situations
● Right to data portability (Article 20 GDPR): Right to request transfer of your data to you or a third party in a structured, commonly used, machine-readable format
● Right to object (Article 21 GDPR): Right to object to processing based on legitimate interests, including profiling, and to direct marketing
● Rights related to automated decision making (Article 22 GDPR): Right not to be subject to automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you, unless certain conditions apply
● Right to withdraw consent (Article 7(3) GDPR): Right to withdraw consent where processing is based on consent
To exercise these rights, please contact us at info@mamaney.com. We will respond to your request within one month, with a possible extension of two additional months in complex cases, as provided by Article 12(3) of the GDPR.
If you believe your data protection rights have been violated, you have the right to lodge a complaint with the State Data Protection Inspectorate of the Republic of Lithuania (https://vdai.lrv.lt/) or another EU data protection authority where you reside or work, or where the alleged infringement took place.
11. MARKETING COMMUNICATIONS
11.1 Email Marketing
When you register for Mamaney, you may consent to receive marketing communications via email. In accordance with the Law on Electronic Communications of the Republic of Lithuania and the ePrivacy Directive (2002/58/EC), we will only send you marketing emails if:
● You have given your prior consent, or
● We are marketing similar products or services to existing customers and you have been given the opportunity to opt out
You may opt out of receiving marketing emails at any time by:
● Clicking the "unsubscribe" link in our marketing emails
● Contacting us at info@mamaney.com
11.2 SMS Marketing
When you register for Mamaney, you may consent to receive marketing communications via SMS. In accordance with the Law on Electronic Communications of the Republic of Lithuania and the ePrivacy Directive (2002/58/EC), we will only send you marketing SMS messages if:
● You have given your prior consent, or
● We are marketing similar products or services to existing customers and you have been given the opportunity to opt out
You may opt out of receiving marketing SMS at any time by:
● Replying "STOP" to our marketing SMS
● Contacting us at info@mamaney.com
Even if you opt out of marketing communications, we will still send you service-related communications necessary for the functioning of your account and fulfillment of our contract with you.
12. CREDIT SCORING MODEL
12.1 Information Use in Credit Scoring
With your consent or based on our legitimate interests, we may collect and use your data to develop and operate our credit scoring model, including:
● Payment history of promissory notes
● Transaction patterns
● User behavior on the platform
● Financial information you provide
12.2 Purpose of Credit Scoring
Our credit scoring model is designed to:
● Assess creditworthiness of platform users
● Provide statistical risk assessments to other users
● Improve the overall functionality and security of the platform
12.3 Automated Decision-Making
Our credit scoring may involve automated decision-making, including profiling. In accordance with Article 22 of the GDPR, where such processing produces legal effects or similarly significantly affects you, we ensure that:
● The processing is necessary for the performance of a contract between you and us
● You have given explicit consent to the processing
● You have the right to obtain human intervention on our part, to express your point of view, and to contest the decision
13. COOKIES AND SIMILAR TECHNOLOGIES
We use cookies and similar technologies to collect information about your browsing activities and to distinguish you from other users of our platform, in accordance with the Law on Electronic Communications of the Republic of Lithuania and the ePrivacy Directive (2002/58/EC).
13.1 Types of Cookies We Use
● Essential cookies: Necessary for the functioning of our website. These cookies enable basic functions like page navigation and access to secure areas of the website.
● Preference cookies: Enable our website to remember information that changes the way the website behaves or looks, like your preferred language or region.
● Statistical cookies: Help us understand how visitors interact with our website by collecting and reporting information anonymously.
● Marketing cookies: Used to track visitors across websites to display relevant advertisements.
13.2 Cookie Management
You can control and manage cookies in various ways:
● On first visit, you will be presented with a detailed cookie banner allowing you to accept or reject non-essential cookies
● You can change your cookie preferences at any time through our cookie preference center
● You can configure your browser to refuse all cookies or to indicate when a cookie is being sent
● For more detailed information about how we use cookies, see our Cookie Policy
14. CHILDREN'S PRIVACY
Mamaney is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at info@mamaney.com, and we will take steps to delete such information and terminate the child's account in accordance with the GDPR and other applicable laws.
15. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new Privacy Policy on our platform and/or sending you a notification at least 30 days before the changes take effect. You are advised to review this Privacy Policy periodically for any changes.
The date of the last update will always be displayed at the top of this Privacy Policy.
16. DATA PROTECTION OFFICER
We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions concerning this Privacy Policy. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact our DPO using the details set out below:
Data Protection Officer MB Delta analitika V. Nagevičiaus g. 3 Vilnius, Lithuania Email: info@mamaney.com
17. CONTACT INFORMATION
If you have any questions about this Privacy Policy or our data practices, please contact us at:
MB Delta analitika V. Nagevičiaus g. 3 Vilnius, Lithuania Phone: +370 699 21735 Email: info@mamaney.com
18. COMPLAINTS
If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with:
State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija) L. Sapiegos str. 17, LT-10312 Vilnius, Lithuania Phone: +370 5 271 2804 Email: ada@ada.lt Website: https://vdai.lrv.lt/
You also have the right to lodge a complaint with the supervisory authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement if different from Lithuania.
19. ADDITIONAL INFORMATION FOR EU RESIDENTS
19.1 Legal Basis for Processing
We provide additional transparency regarding the legal basis for processing your personal data:
Category of Personal Data
Purpose of Processing
Legal Basis
Account information
Account creation and management
Performance of a contract (Art. 6(1)(b) GDPR)
Identification documents
KYC verification
Legal obligation (Art. 6(1)(c) GDPR) - AML/CTF laws
Transaction data
Processing promissory note transactions
Performance of a contract (Art. 6(1)(b) GDPR)
Financial information
Credit scoring
Legitimate interest (Art. 6(1)(f) GDPR) or consent (Art. 6(1)(a) GDPR)
Contact information
Customer support
Performance of a contract (Art. 6(1)(b) GDPR)
Contact information
Marketing communications
Consent (Art. 6(1)(a) GDPR) or legitimate interest for existing customers (Art. 6(1)(f) GDPR)
Usage data
Security and fraud prevention
Legitimate interest (Art. 6(1)(f) GDPR)
All data
Compliance with legal obligations
Legal obligation (Art. 6(1)(c) GDPR)
19.2 Data Protection Impact Assessment
For processing activities that may result in a high risk to your rights and freedoms, such as our credit scoring model, we conduct Data Protection Impact Assessments (DPIAs) in accordance with Article 35 of the GDPR to identify and minimize privacy risks.
19.3 Privacy by Design and by Default
In accordance with Article 25 of the GDPR, we implement appropriate technical and organizational measures to integrate data protection principles into our processing activities from the earliest stage (privacy by design) and to ensure that, by default, only personal data necessary for each specific purpose is processed (privacy by default).
20. SPECIFIC INFORMATION FOR BUSINESS USERS
If you are using Mamaney on behalf of a business entity:
● You must ensure that you have the authority to provide personal data of representatives, employees, or beneficial owners of the business entity
● You must inform these individuals about the processing of their personal data and provide them with a copy of this Privacy Policy
● The business entity is responsible for ensuring compliance with applicable data protection laws when providing personal data to us
We may collect additional information specific to business users, including:
● Company registration documents
● Financial statements
● Information about directors, officers, and beneficial owners
● Business-related contact information
● Tax identification information
21. DEFINITIONS
● "Controller": The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
● "Data subject": An identified or identifiable natural person to whom the personal data relates.
● "GDPR": Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of
personal data and on the free movement of such data (General Data Protection Regulation).
● "Personal data": Any information relating to an identified or identifiable natural person ('data subject').
● "Processing": Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means.
● "Processor": A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
● "Profiling": Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person.
● "Special categories of personal data": Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation.