CHILDREN’S PRIVACY POLICY

UAB „Travel Union (hereinafter – TU or “we”, “us”) is concerned about children’s privacy. The TU mobile application that we operate provide a forum for all family members, including children, from 7 years of old to 18 years of old, dispose of TU Card, to pay for things and learn how to use money. While we encourage children to participate appropriately in TU services, but their privacy is extremely important to us.

The document provides parents and/or with important information about privacy and data protection that you should take into account when deciding whether to allow your child to access TU services. Your child’s ability to have TU Account or TU Card requires your permission to collect, use child information as described in this document (including the Privacy Notice for Parents) and the TU Privacy Policy

Your parent will look after your opened TU Wallet and manage TU Card for you. Your parents will have put money on your TU Wallet and/or TU Card so you can use it to pay for things.

TU mission is to take the stress out of giving cash to children. The primary benefits for parents of the TU products are:

• Information about where and how much their child is spending.
• Caring a card is safer than cash.
• Child can only spend what is loaded onto the Card.
• Teaching your children financial responsibility and money management skills.
• No need to borrow a parent’s card to make a purchase online.

This Children’s Privacy Policy explains our information practices in connection with information provided by all children under the age of 18 whose parent’s consent we require for certain uses of their information (“Child” or “Children”) on TU Mobile App that link to this Children’s Privacy Policy.

Before you start using TU Wallet and/or TU Card, we need to stress out about how we use information about you (your data). Your parent will open your TU Wallet and/or TU Card for you and they can check how you use your account, what you’re spending your money on and how much money is in your account (so they know when to top it up), they can see your data. TU can also see your data because we need to use it to run your account. We do not want other people or companies to see your data if you do not want them to.

Our goal is to minimize the information gathered from and disseminated about Children while permitting them active participation in the trustworthy information.

The TU App are controlled and operated by us from Lithuania. Data controller - TU.

Children’s Privacy Policy explains how we collect, store and use the personal data you provide to us. We’ll keep it updated so that you can be confident when sharing your data with us that it will only be used in accordance with this policy. If you have any questions concerning your personal data and how we look after it or you would like to update how you would prefer to hear from us then please email dpo@travelunion.eu

A. How and Why We Collect and Use Information from Children

Children can register (with certain limitations and permit of parent), explore TU Mobile App, and can use TU Card to pay for things, gain financial literacy skills while using TU Mobile App functionalities. TU collect information including the date, where you are and the amount you spend while providing only the limited personal information set out below:

Account set-up and Maintenance. If a Child wants to register to become a member of TU Mobile App, we require the Child to submit the following information:

• Name, Surname
• ID card, Passport or birth certificate;
• Birth date, month and year;
• Phone number; email;
• Children’s or their parent’s email, phone which we use to ask for that parent’s consent;
• Custodian documents.

We may use information collected from Children during the registration process and in TU Wallet and/or TU Card configuration in the following manner:

• To create and maintain the Child’s TU Wallet and/or TU Card;
• To determine the Child’s current age;
• We do not collect this analytics information for logged in Children;
• When your parent opened the TU Wallet and/or card for you, they gave us your data. We need this data to be able to set up your account.
• We need to use your data to let you use your TU Wallet. We can only let you use your account if we have your data.
• The law tells us we need to collect and store some of your data
• We use your data to work out how to make our product better.

Use of anonymous information. If the information collected from a Child does not identify or allow contact with him or her or his or her device (including, for example, aggregated information), we may use and disclose it for any purpose, to the extent permitted by applicable law.

No advertisements! We do not display advertising based on information collected from Children.

No newsletters! Our email newsletters are for adults only – they are not designed for, or targeted at, Children. Children should not attempt to sign up for our email newsletters. We encourage parents to discuss with their Children the importance of not signing up to receive our email newsletters.

Persistent Identifiers. When client interact with the TU Mobile App, certain technical information may automatically be collected, to make TU Mobile App more interesting and useful, to track analytics, to keep them free of spam, and for various internal purposes related to our business. Examples of information that is automatically collected include: the type of computer operating system, the device’s IP address or mobile device identifier, the web browser, the frequency with which the user visits various parts of our TU Mobile App, and information regarding the online or mobile service provider — however, we do not collect any of this information from Children. Analytics and Personalization Cookies are turned off for logged-in children.

Personal data collected and processed by us may be used for the following key purposes:

• to provide you with the services, support, products or information you have requested;
• for administrative purposes, allow you to use your card to pay for the things you buy;
• administration: to make sure it is you using the account (we will use your name, birthday and, sometimes, other information like your passport);
• responding to requests for support;
• to send you a welcome pack and information like tips on how to use your account to save money;;
• to analyse and improve the services we offer;
• for internal record keeping, such as the management of feedback or complaints;
• where we are required or authorised by law.

B. What Information About Children Is Shared?

We do not disclose to third parties any Children’s personal information that we collect other than as follows, consistent with applicable law: (a) with a parent’s permission, (b) as required by any applicable law, © to third-party service providers who help us operate or manage TU Mobile App, (d) as part of aggregated data shared with third-party service providers, our Board of Directors, funders and other partners, as described in the Privacy Policy, (e) to comply with legal process, (f) to respond to governmental requests, (g) to enforce our Terms of Service, (h) to protect our operations, (i) for assistance in fraud detection and prevention; (j) to protect the rights, privacy, safety or property your Child or others, (k) to permit us to pursue available remedies or limit the damages that we may sustain, and (l) in connection with a disposition of all or a substantial portion of our business, assets or stock, such as a sale, merger, consolidation, reorganization, joint venture, assignment, or bankruptcy or similar proceedings.(m) to share your data with people who help us run our business (like lawyers and accountants who help us to make sure we’re following the law and doing things right). (n) to share your data with official people who keep an eye on what we do to make sure we are looking after you properly. There are laws that make us do this.

C. How do we get parental consent when we are required to do so?

If parental consent is required in respect of our use of a Child’s personal information, when setting up an account and making registration in TU Mobile App, the Child must:

• The children who has reached the age of 14 or above he/she must download TU Mobile App, make selfie/ID, fulfil the registration questionnaires in the TU App. TU than provide QR code in his/her phone, parent scans QR code, provide custody document and approve by signing electronic consent for data processing.
• The children who are below 14 years of old he/she must download the TU Mobile App, make selfie/ID. TU than provide QR code in his/her phone, parent scans QR code, provide custody document and fill kids registration questionnaires and submit it on behalf of the kid.
• In both cases parental consent for managing and/or processing children’s personal data is provided after Selfie/ID stage (when children’s age is detected). Parents also can find the service privacy notice for children data management in TU Mobile App registration procedure.
• In case of children account if all the above mentioned questionnaires and confirmations provided/approved by children and/or parent or custodian the agreement shall be valid and legally binding upon children.
• If at this stage, the parent gives us their consent, TU will carry out the activity for which that consent was required. If not, we won’t provide any services.

D. How May Parents Access, Change or Delete Information About Their Children?

Deleting your Children’s information and their account.

If you are a parent, and we need your consent to certain processing of your Children’s personal information, if you:

• wish us to cease further collection of personal information from your Children;
• believe your Children are participating in an activity on the TU Mobile App that uses their personal information without the parental consent required by law;
• wish us to make no further use of, or delete, the personal information we have collected online from your Children; and/or
• no longer wish for your Children to hold TU account and/or TU card,

TU will delete your Child’s Profile, and any parental contact information we may hold, on request.

Parents of Children can exercise these rights through our data protection officer, contacting by dpo@travelunion.eu

Accessing or changing your Children’s account and any personal information we have collected.

Parents may at any time:

• access or make changes to their Children’s account or card;
• make changes to the personal information that we have collected online from their children,

by clicking on their Child’s “My Account” link, by contacting us at support@travelunion.eu, or by writing to us at the address provided below.

For your Child’s protection, we may need to verify your identity before implementing any request described in this Section E. We will try to comply with your request as soon as reasonably practicable.

E. How May Parents Raise Other Questions or Concerns?

If a parent has any questions or concerns about his or her Child’s use of the Sites, we encourage the parent to contact us at dpo@travelunion.eu

What do we mean by “Personal Data”? Under European data protection law, “Personal Data” refers to information about an identified or identifiable natural person. For European Children, references to “personal information” or “information” elsewhere in this Children’s Privacy Policy should be read as including reference to their Personal Data.

EU-specific rights. Under certain circumstances, Children may have certain rights – including those set out below:

• Access. Request access to their Personal Data.
• Correction. Request correction of inaccurate or incomplete Personal Data that we hold about them.
• Erasure. Request erasure of their Personal Data.
• Objection. Object to our reliance on our Legitimate Interests as the legal basis of processing of their Personal Data
• Restriction. Request the restriction of processing of their Personal Data until we address their request establish its accuracy or our reasons for processing it.
• Portability. Request the transfer of their Personal Data in a portable format.
• Withdraw consent. Withdraw their consent to any Processing that relies on it as a legal basis. Their parent’s have the same right to withdraw any parental consents that we have been given.

How to exercise these rights? These rights can be exercised by using our TU Mobile App. There is no fee for this. We may need to ask for information in relation to any request to help us confirm the identity of the person making it and to speed up our response.

The right to complain. We would love to be able to resolve all questions, requests and complaints about Personal Data directly. However, if a Child or their parent feels we have not been able to satisfactorily resolve an issue, they may contact their local data protection supervisory authority. For the contact information of the Data Protection Authorities, please click https://vdai.lrv.lt/ .

What Personal Data do we use? The Personal Data that we use is set out in Section A of this Children’s Privacy Policy.

Our “Legal Bases” for using Personal Data. The GDPR requires us to have a “legal basis” for each way that we use Personal Data. Most commonly, we will rely on one of the following legal bases:

• Where we need to perform a contract we are about to enter into or have entered into with a Child (“Contractual Necessity”).

• Where it is necessary for our legitimate interests and the Child’s interests and fundamental rights do not override those interests (“Legitimate Interests”).

• Where we need to comply with a legal or regulatory obligation (“Compliance with Law”).

• Where we have specific consent to carry out the processing for the Purpose in question (“Consent”), in these cases we would need to get a Child’s parent’s consent.

Purposes for Processing. We have set out below, in a table format, the legal bases we rely on in respect of the relevant Purposes for which we use Children’s Personal Data:

• For the purpose of TU Wallet and/or Card set-up and Maintenance, (To register a Child’s TU Wallet and/or Сard on the TU Mobile App, and to populate their profile. To provide the core elements of the TU Mobile App.) Legal basis Contractual Necessity
• For the purpose of Security, (We might use the Personal Data we collect to keep TU Mobile App and associated systems operational and secure) Legal basis Compliance with Law, Legitimate Interests
• For the purpose of Troubleshooting and Service improvement, (We might use the information associated with the Persistent Identifiers above to track issues that might be occurring on TU Mobile App and systems, or to test and improve them) Legal basis Legitimate Interests, It is in our legitimate interests that we are able to monitor and ensure the proper operation of our TU Mobile App and associated systems and services.
• For the purpose of Contract, (the processing is necessary to perform a contract with, or to take steps requested by you before entering into this contract) Legal basis Contractual Necessity

Purpose limitation. We will only use Children’s Personal Data for the purposes for which we collected, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use Children’s Personal Data for an unrelated purpose, we will update this Privacy Policy. Please note that we may process Children’s Personal Data without their or their Parent’s knowledge or consent, in compliance with the above rules, where this is required or permitted by law (including the GDPR).

What happens when you do not provide necessary Personal Data or you withdraw consent? Where we need to process a Child’s Personal Data either to comply with law, or to perform the terms of a contract we have with them and they fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into. Similarly, if we rely on Consent to process Children’s Personal Data, they or their parent may withdraw that Consent, but if this happens, we may not be able to provide certain services or features.

International transfers. We are headquartered in the Lithuania. The Personal Data information that we collect from and about Children will be stored and processed in the EU and may not be stored and processed in other countries outside of Europe. However, it is our policy to ensure that adequate contractual or other safeguards are applied to Personal Data transferred outside of the European Union where required by European data protection law. If you have questions about the safeguards applied to Children’s Personal Data, you may contact us at dpo@travelunion.eu

Data security and retention. Our data security and retention practices are described in our general Privacy Policy – please see https://www.travelunion.eu/privacy.html

Personal Data from Third Party Sources. We do not collect any Personal Data about Children from any third parties or publicly-available sources, other than from their parents (where they choose to give it to us).

How long we can keep your data for

We need to keep your data while you have TU Wallet and/or Card.

We may need to keep your data for longer if the law says we have to. So even if you ask us to destroy your data, we may not be able to do that straight away.

If you close your TU Wallet, we’ll keep your data for up to ten years. We may need to keep it even longer if we need to use it in a court case because some person or company says that we have broken the law but we don’t think we have.

Contact

If you have any questions about your data, email us at dpo@travelunion.eu or support@travelunion.eu Your parent can also get in touch with us about your account.

If you are unhappy with how we use your data, or you have a complaint that you don’t think we have answered properly, you (or your parent or guardian) can contact your local data protection authority.