Last updated: February 4, 2026.
UAB “Florinus” (the Company, we), being one of the largest distributors of investment precious metals in the Baltic States, understands the importance of personal data protection and respects every individual’s right to the protection of their personal data and its responsible processing. Therefore, when processing your personal data, we responsibly comply with applicable data protection laws, including, among others, the EU General Data Protection Regulation (GDPR) 2016/679.
This Privacy Policy of the Company (Privacy Policy) provides information about how the Company processes your personal data. Please read this Privacy Policy very carefully.
This Privacy Policy applies when using the Company’s services by visiting the Company’s physical currency exchange offices and in other cases described in this Privacy Policy. When the Company applies other privacy notices, you will be informed separately.
Your personal data controller is UAB “Florinus”, legal entity code: 303169364, address: Šeimyniškių g. 24-1, Vilnius, Lithuania. Contact phone number: +37061688225, email address: florinus@florinus.lt.
For the purpose of carrying out trade
In cases where you purchase goods in our physical store and wish to be registered in our customer relationship management system, we process your name, surname, contact details, and the legal entity you represent.
For this purpose, we process your personal data based on the necessity to conclude and perform a contract with you (GDPR Article 6(1)(b)).
In cases where you represent a legal entity, we may also process your personal data based on our legitimate interest in maintaining appropriate relations with the legal entity you represent (GDPR Article 6(1)(f)).
For the purpose of providing currency exchange services
If you reserve an exchange rate on our website www.florinus.lt, we process your email address, phone number, and information about the currency you purchase.
When preparing reports on currency exchange activities for the Bank of Lithuania, we may also process customers’ personal data to the extent necessary to determine the amounts of individual transactions, their frequency, and related transactions.
For this purpose, we process your personal data based on the necessity to conclude and perform a contract with you (GDPR Article 6(1)(b)) and to comply with a legal obligation applicable to us (GDPR Article 6(1)(c)).
In cases where you represent a legal entity, we may also process your personal data based on our legitimate interest (GDPR Article 6(1)(f)).
For the purpose of providing safe deposit box rental services
In order to provide you with safe deposit box rental services, we process the following personal data: personal identification number (or another identification number from an identity document if unavailable), issuing country code of the document, type of document (passport, identity card, residence permit), date of birth and nationality, name, surname, permanent residence address, data about the representative, account details (financial institution code, account number, type, currency, opening and closing dates), as well as safe deposit box rental data (identification number, rental start and end dates, actual end date).
In cases where you represent a legal entity, we process the legal entity code or other identification number, country code of registration, name of the legal entity, account details (financial institution code, account number, type, currency, opening and closing dates), and data about beneficial owners.
For this purpose, we process your personal data based on the necessity to conclude and perform a contract (GDPR Article 6(1)(b)) and to comply with legal obligations (GDPR Article 6(1)(c)).
In cases where you represent a legal entity, we may also process your personal data based on legitimate interest (GDPR Article 6(1)(f)).
For the purpose of implementing anti-money laundering and counter-terrorist financing requirements
If payment, including for currency exchange operations and works of art, is carried out in cash and the total amount of related transactions exceeds the threshold set by law, as well as in all cases of providing safe deposit box rental services, the Company is required to collect and store additional information in accordance with legal requirements to ensure compliance with anti-money laundering and counter-terrorist financing regulations.
The collected data may include identification and contact data of the client (natural or legal person): name, surname, company name, legal form, personal or legal entity code, date of birth (for foreign nationals), nationality, registration and/or residential address, business or actual address, tax residence country and taxpayer identification number, contact details (phone, email), website address.
Information is also collected about the services selected by the client, the planned amount and currency, and the client’s activities: nature and description of activities, countries of operation, turnover, use of cash, licensing or regulatory status, main business partners, sources of funds, accounts in other financial institutions, and planned monthly turnover. If the client is represented by another person (or if data about managers or beneficial owners is provided), their identification and contact data, identity document details, basis of representation, and, if necessary, information about shareholding or voting rights are collected. It is also determined whether the client, their representative, or beneficial owner is a politically exposed person (PEP), and if so, data about position, country, organization, and relationship are collected. Additionally, confirmations are recorded – name, surname, details of the signing representative, date, and signatures.
For this purpose, your personal data is processed based on a legal obligation (GDPR Article 6(1)(c)).
To whom may we disclose your personal data?
We may disclose your personal data to our data processors who provide services or perform work for us (IT services, software maintenance and administration, security services, document archiving, etc.) and process your data on our behalf as a data controller. Data processors may process personal data only in accordance with our instructions and only to the extent necessary for the provision of services or performance of tasks. When engaging data processors, we take all necessary measures to ensure that they have implemented appropriate organizational and technical measures to ensure the security of personal data and maintain confidentiality.
Your personal data may also be transferred to other service providers, such as payment service providers, legal service providers, and others, who act not as data processors.
Personal data may be transferred to law enforcement authorities, such as the Financial Crime Investigation Service, as well as to other state or municipal institutions, such as the State Tax Inspectorate, and other authorities conducting investigations, inspections, or handling administrative, civil, or criminal cases, as evidence to assist such authorities in properly performing their functions or in other cases provided by law.
We may also disclose personal data to potential investors or buyers where necessary for negotiations, company restructuring, sale, attracting investments, or similar purposes. In such cases, we ensure that such recipients undertake to protect the transferred data in accordance with applicable data protection laws and use it only for the specified purposes.
Some of our service providers may be located in third countries, i.e., outside the European Economic Area. These service providers may use personal data for the purposes described in this Privacy Policy. We continuously take measures to ensure that such providers have implemented appropriate safeguards to ensure the security of your personal data. Such data transfers are based on adequacy decisions of the European Commission (GDPR Article 45), standard contractual clauses approved by the European Commission (GDPR Article 46), or derogations (GDPR Article 49). If you wish to learn more about these safeguards, please contact us by email at florinus@florinus.lt.
The Company will in all cases retain your personal data no longer than required for the purposes of data processing set out in this Privacy Policy or as required by the laws of the Republic of Lithuania, if a longer retention period is established therein.
In cases where your personal data is included in the texts of relevant documents (contracts, powers of attorney, etc.), we will archive and store it in accordance with the retention periods specified in the General Document Retention Schedule approved by the Chief Archivist of Lithuania.
If you would like to know the specific retention periods applicable to personal data processed for each purpose, please contact us by email at florinus@florinus.lt.
You have the right to:
Please note that not all of the above data subject rights are absolute – some of them may be exercised only under the conditions set out in the GDPR. If we are unable to fulfill your request, we will provide you with a reasoned response in any case.
In order to exercise your rights, submit requests, complaints, or claims, you must provide them to us in writing by email: florinus@florinus.lt.
We will respond to your requests, complaints, or claims no later than within one month from the receipt of your request. Depending on the complexity and number of requests received, this period may be extended by an additional two months; in such a case, we will inform you within one month of receiving the request about the extension and the reasons for it.
We may update or modify this Privacy Policy at any time. Such updated or modified Privacy Policy shall enter into force upon its publication on our website. We will inform you separately about any significant changes to the Privacy Policy.
If you have any questions regarding this Privacy Policy or the processing of your personal data, please contact us using the details below or by sending an inquiry via email or registered mail:
Email: florinus@florinus.lt
UAB “Florinus”
Legal entity code: 303169364
Registered address: Šeimyniškių g. 24-1, Vilnius, LT-09312, Lithuania
