Privacy Policy

This Privacy Notice (the “Privacy Notice”) is designed in order to provide the user (the “ user”, “you”) the explanations on how your personal data is being processed when you visit our website https://autokyc.com (the “Website”).

UAB AutoKYC, company code 305247388, registered at Rinktinės str. 5, LT-03224 Vilnius, the Republic of Lithuania (the Company” or “we”) process your personal data in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR“) and other applicable laws.

The Company mainly operates as a data processor, whereas during the provision of its automated know your customer solution (the “Services”) to the Company’s customers, it may collect, store and process personal data of customers of Company’s customers. In such a case, the Company’s customers shall be considered as the data controllers of the personal data of their customers and are responsible for complying with laws and regulations applicable to the processing of such personal data. Company’s customers which use the Services in this way are responsible for ensuring the lawfulness of the personal data processing and shall comply with other requirements of GDPR, e.g., provide the necessary information under Article 13 of GDPR to their customers.

However, there may be cases when the Company acts as a sole and independent data controller – the purposes of such personal data processing are indicated below in this Privacy Notice.

I. Purposes and retention period of your personal data processing

• Support/advise services

We process your personal data so that we could provide you the necessary consultation based on your expressed request and / or answer any inquiry you may have.

We may process your personal data throughout the provision of the support services and for 3 (three) years after our last actual contact with each other (e.g., our last e-mail to you answering your request). In case the provided support/advise services evolves into contractual relationship, your personal data will be further processed in relation with the provision of Services executed by the Company and for as long as it is determined by the applicable law.

• Recruitment

We process candidate’s personal data in order to assess his / her skills and qualifications in relation to the desired position, communicate during the ongoing recruitment process, keep records about its process and conclude a contract with the selected candidate.

The candidate’s personal data shall be actively processed until the recruitment procedure for the specific position ends (i.e. the Company selects the preferred candidate and concludes a contract with him / her), except in cases where the candidate gives a separate consent for the purpose of administration of candidate database for another 12 (twelve) months in order to receive future job offers from the Company. In case the candidate has been selected by the Company, the information he / she has provided will be further processed for internal administration purposes for as long as it is necessary according to the applicable laws.

• Proper and secure operation of the Website

We may process some of your personal data in order to ensure Website functions smoothly, securely and provides you with the best experience. For more information, please check the paragraph Cookies below.

If you do not provide the Company with the personal data necessary in order to achieve the above indicated purposes, the Company may not be able to advise you regarding the Services or provide you with any other consultation, consider your application in the organized recruitment process, or ensure proper and secure operation of the Website.

II. Personal data we collect

For the purposes indicated above we may process the below indicated categories of your personal data including but not limited to:
• Personal data: first name, last name, represented company, job title;
• Contact data: phone number, residential address, e-mail;
• Communication data: correspondence, chats, date, time;
• History data: your experience using the Website, time-stamped correspondence;
• Recruitment data: resume (CV), motivational letter, data on candidate’s education and qualification, career social network profile (i.e., Linkedin), candidate’s assessment data;
• Information related to your use of the Website: browser and device data (IP address(es), time zone, time, data, browser information, screen resolution, electronic device‘s operational system information, location data (country (code), city), internet service provider (ISP), etc.) and usage data (time spent on the Website, pages visited, links clicked, etc.)).

We never knowingly process personal data from minors (children that according to the laws of the Republic of Lithuania are under 14 years old or any other age defined by the applicable law). If we become aware of such processing executed by us as a data controller, we will notify the respective underaged user and remove his / her data.

III. How we collect your personal data

The Company collects your personal data directly from you or from the third parties when:
• you contact us;
• you use our Website.

IV. Legal basis for personal data processing

We process your personal data based on at least one of the following grounds:
• you have given a consent;
• your personal data processing is necessary for the performance of a contract or in order to take steps at the request of you prior to entering into a contract;
• your personal data processing is necessary for compliance with a legal obligation to which the controller is a subject;
• your personal data is necessary for the purpose of the legitimate interests pursued by us or the third party.

V. Personal data recipients

We may disclose your personal data under initiative of our own or upon respective request to the below indicated personal data recipients which are also obliged to comply with the requirements of GDPR, laws and other mandatory legal requirements:
• service providers, i.e. marketing service providers, IT service providers, recruitment service providers;
• other service providers which services may include, or which are engaged in personal data processing executed by the Company.

Personal data may also be provided to other recipients if:
• the Company has to comply with a legal obligation to which it is a subject; or
• such requested personal data is necessary for the concrete data recipient to carry out a particular inquiry in the general interest, in accordance with the European Union or Member State law; or • the data requesting party has a legitimate interest to request for such information.

In general, the Company process your personal data within the European Union (“EU”) or European Economic Area (“EEA”). In case there is a need for the Company to cooperate with the recipients outside EU or EEA, the Company makes all reasonable efforts to ensure that at least one of the following GDPR requirements is complied:
• the personal data transfer is made to the country which the European Commission has acknowledged as ensuring the adequate level of protection;
• the personal data transfer is made subject to appropriate safeguards designated by law (such as standard data protection clauses);
• the personal data transfer is made in relation with the binding corporate rules approved by competent supervisory authority;
• other security measures under GDPR has been complied.

VI. Security measures

The Company takes various security ensuring technologies and procedures in order to protect your personal data against unauthorised or unlawful processing, accidental loss, misuse, unauthorized access, illegal usage, destruction, disclosure, damage, etc. This includes legal, organisational, technical, and physical security measures, such as the latest security systems, working only with trustworthy service providers, ability to detect cyber security attacks and other threats to the integrity of the Website. However, no transmission of information via email or other telecommunication channels through the internet could be fully secured. Therefore, you should take due care when you are sharing confidential information via e-mail or other telecommunication channels.

VII. Your data protection rights

You have certain legal rights in relation to the processing of your personal data:
• the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, if so, access to the personal data and the information regarding its processing as set out in article 15 of GDPR;
• the right to obtain from us without undue delay the rectification of inaccurate personal data as set out in article 16 of GDPR;
• the right to obtain from us the erasure of personal data concerning you without undue delay as set out in article 17 of GDPR;
• the right to obtain from us restriction of processing as set out in article 18 of GDPR;
• the right to data portability as set out in article 20 of GDPR;
• the right to object at any time to processing of your personal data as set out in article 21 of GDPR;
• the right not to be subject to an automated individual decision-making, including profiling, as set out in article 22 of GDPR.

This Privacy Notice does not deprive you of any other legal rights you may enforce under the applicable law.

You may be able to exercise your rights only after the Company has successfully identified you. If the Company is not sure about the identity of the person sending the request, the Company may not provide the requested information to him / her, unless his / her identity is confirmed.

You may be provided with information related to the exercise of your rights free of charge. However, your request for the exercise of rights may be waived or may be subject to an appropriate fee if the request is manifestly unfounded or excessive, in particular because of their repetitive character.

The Company shall provide you with information on the actions taken upon receipt of your request for the exercise of your rights or the reasons for the inaction no later than within 1 month from the receipt of the request. The period for submitting the requested information may be extended, if necessary, for 2 more months, depending on the complexity and number of requests. If you have submitted the request by electronic means, the information shall also be provided by electronic means.

If you consider that your personal data is being processed in violation of your rights and legitimate interests in accordance with applicable law, you shall have the right to file a complaint against the processing of personal data to the State Data Protection Inspectorate of the Republic of Lithuania.

VIII. Final provisions

If you have any questions regarding this Privacy Notice or if you want to execute your rights you may contact us via e-mail: [email protected]

This Privacy Notice shall be viewed and applied in accordance with GDPR and other applicable laws.

By contacting us via options available on the Website or by using this Website and available services you confirm you have read, understood and accepted this Privacy Notice

The Company reserves the right to revise this Privacy Notice from time to time in order to correspond with the changes of its business practice, applied legal requirements or based on some other relevant reasons. The revised Privacy Notice will be effective upon the posting of it on the Website and you have a sole responsibility to review it. Your continued use of the Website and available services following any such revisions to the Privacy Notice will constitute your acceptance of such changes.