GDPR POLICY
Updated: 06-04-2022
This notice on the processing of personal data (hereinafter referred to as the Privacy Notice) has been prepared in accordance with the requirements of the General Data Protection Regulation (hereinafter referred to as the GDPR) and other legal acts, in order to inform you on how the NFQ Technologies companies collect and process your data.
We recommend you to take the time and read this Privacy Notice in detail.
General Provisions
Personal Data (hereinafter referred to as the Personal Data) shall mean any information or set of information by which we may directly or indirectly identify you, in particular by means of an identifier, such as name, e-mail address, telephone number, etc.
The data controller of personal data shall be, in a specific case, one or more of the following NFQ Technologies companies, the customer of which you are, with whom you communicate or have other relationships with:
- UAB NFQ Technologies, a private limited liability company established and operating in accordance with the laws of the Republic of Lithuania, legal entity code 135867375, address: Brastos st. 15, Kaunas, Kaunas city municipality, Republic of Lithuania;
- NFQ Technologies Sp. z o.o., a private limited liability company established and operating in accordance with the laws of the Republic of Poland, legal entity number 0000930105, address ul. Pilotów 2E, 31-462 Kraków, the Republic of Poland.
If you have any questions about this Privacy Notice or have any questions, observations or requests concerning the protection or processing of your Personal Data, please contact our Data Protection Officer at ph. No.: 8 37 333 053 or by e-mail: info@nfq.lt.
This Privacy Notice may be updated and amended. You can constantly find the current version of the Privacy Notice on our website https://www.nfq.lt/gdpr-policy.
The Privacy Notice shall explain how the NFQ Technologies companies collects and uses your Personal Data when you:
- register and/or participate in events and other activities organised by us;
- subscribe to ours newsletters, information about the provided services and/or events or such notices are sent to you on other legal grounds;
- contact us and provide us with an inquiry, request, complaint or feedback;
- communicate or cooperate with us as a client, customer, consumer, supplier, contractor or other person who has a business, consumer, professional and/or other civil-contractual relationship with us.
What kind of your data do we process and why do we process it?
Registration and/or participation in events and other activities organised by the NFQ Technologies companies
When you register and/or participate in events and other activities organised by us, we may collect and process the following of your Personal Data:
- Name
- Surname
- Telephone number
- E-mail address
- Photograph
- Image in video footage
If you provide us with other Personal Data during registration and/or at an event, we shall process it in accordance with the information provided in this Privacy Notice.
The purpose of the processing of personal data shall be the organisation and execution of an event or other activity. Legal basis – your consent (Article 6 (1) (a) of GDPR).
The term of storage of personal data shall be 1 year after the end of the event or other activity or a longer term specified in your consent.
Direct Marketing
Your Personal Data may be processed for direct marketing purposes in the following ways:
- you may receive a newsletter with offers of services and/or goods from us and/or our partners, information about news, promotions, discounts, etc. by e-mail and/or SMS messages;
- you may receive an invitation to our events and/or other activities by e-mail and/or SMS messages;
- we can contact you by e-mail or telephone, asking for your opinion on our services, your needs and preferences.
For direct marketing purposes, we shall process your Personal Data in the following cases:
- when we obtain your consent to such data processing. In such a case, the processing of personal data shall be based on your consent (Article 6 (1) (a) of the GDPR) and the data shall be processed until you withdraw your consent or for 5 years;
- when you purchase our services or participate in our event or other activities, we may provide you with offers for similar services and/or invitations to other events, unless and until you object to such offers. In such a case, the processing of Personal Data shall be based on our legitimate interest in informing our customers about the services, events and/or other activities offered (Article 6 (1) (f) of the GDPR) and Personal Data may be processed for this purpose for 2 years after the last order of your services and/or participation in an event or other activity of the Company.
You may opt out of our newsletters or other marketing information at any time and/or withdraw your consent to the processing of Personal Data for direct marketing purposes by notifying us in a manner convenient to you:
- by simply by clicking the opt-out link in the newsletter or e-mail, or
- by sending a letter to info@nfq.lt.
For direct marketing purposes, we may process the following personal data about you: name, surname, e-mail address, telephone number, service orders, participation in our events and/or other activities and the history of other types of cooperation between us.
We shall also collect statistical information about e-mail newsletters and marketing communications: we shall monitor whether you read the newsletter or message, when and how many times you read it or opened links, or forwarded it to others, what operating system and e-mail server (its location) you have used.
Inquiry Administration
By receiving, analysing and responding to your e-mails, inquiries, wishes, requests, suggestions, complaints, feedback, etc. (hereinafter collectively referred to as the Inquiry), we may process the following of your data:
- Identification and contact information stated in your Inquiry: name, surname, telephone number, e-mail address, address of the place of residence, date of birth;
- Content of your Inquiry: the issue in regards of which you are contacting us, your application, request or feedback, other information provided in or with the Inquiry;
- The information collected by us is necessary for the examination of the Inquiry and decision-making, e.g. for the purpose of ordering services, service history, information about other types of cooperation between us, etc.;
- a recording of the telephone conversation if you contact us by telephone and the conversation is recorded.
The purpose of personal data processing shall be to properly and objectively examine your Inquiry, provide you with the necessary information, answer your questions, resolve your applications or requests. We may also analyse the request data in order to improve the quality of our activities, services and/or customer service, taking into account your opinion and suggestions.
The legal basis for data processing shall be the fulfilment of our legal obligation to examine and respond to consumer Inquiries (Article 6 (1) (c) of the GDPR) as well as our legitimate interest in evaluating our customers’ feedback with a view to improving the quality of our operations, services and/or customer service (Article 6 (1) (f) of the GDPR).
We shall process and store your Inquiry and related Personal Data of us until we examine the Inquiry, provide you with an answer and execute the decisions made, as well as for another 2 (two) years after the Inquiry has been resolved. We shall store the records of telephone conversations, if any, for a maximum of 90 calendar days.
Cooperation with Suppliers, Partners, Counterparties, Conclusion and Execution of Contracts
In its activities, the Company shall process the personal data of different categories of data subjects (business partners, suppliers, other counterparties, as well as their employees, managers, shareholders, representatives and/or agents). The scope of personal data processed depends on the nature and purposes of the business or other legal relationship, but in general, may be processed:
- When the data subject acts as an individual business partner of the Company, supplier, counterparty: name, surname, personal identification number, date of birth, address, telephone number, e-mail address, bank account details, date of transfer of funds or conclusion of a transaction, amount, currency, data contained in the business certificate, individual activity certificate number, VAT identification data, other transaction or business relationship data;
- When the data subject acts as an employee, manager, shareholder, representative and/or agent of a business partner, supplier, counterparty: name, surname, workplace and position or other basis of operation, business telephone number, business e-mail address, as well as date/personal identification number and address of residence if acting on the basis of a power of attorney or representation/agency agreement and these data are necessary to identify the person, or where the data subject is a manager or shareholder.
This Personal Data shall be collected and processed for the following purposes:
- when the aforementioned persons establish, maintain and develop business, professional and/or other legal relations with the Company;
- upon conclusion, execution, administration of transactions, contracts and agreements;
- upon development and assurance of the legitimate interests of the Company;
- upon our defence against claims, requests and complaints brought against it;
- in the performance of the Company’s obligations and responsibilities under applicable law.
The legal basis for the processing of Personal Data for the purpose in question may be:
- conclusion and performance of a contract (legal basis of Article 6 (1) (b) of the GDPR);
- fulfilment of a legal obligation imposed on the Company (Article 6 (1) (c) of the GDPR);
- our legitimate interest (Article 6 (1) (f) of the GDPR).
We shall retain such data to the extent necessary to achieve the purposes for which they are processed, as well as in accordance with such data retention requirements established by law, during limitation periods to make or defend against legal claims and, if they are brought forward, to the extent necessary for such purpose.
Longer Storage of Personal Data
In the cases provided below, we may store your Personal Data for longer terms than those provided in this Privacy Notice. Longer storage of Personal Data may take place when:
- it is necessary for us to be able to defend ourselves against requests, complaints or claims and to exercise our rights;
- there are reasonable grounds for suspecting that an unlawful act is under investigation;
- your data is necessary for the proper resolution of a dispute or complaint;
- for the purpose of backups and for other similar purposes;
- on other grounds provided for in the legislation.
In other cases, your Personal Data shall be destroyed or irreversibly depersonalised within a reasonable period of time after the expiry of the storage period.
From what sources do we obtain your Personal Data?
Depending on the nature, form, goals and other circumstances of the relationship we have with you, we shall collect and process:
- data provided by you when you order the Company’s services, register and/or participate in the Company’s events or other activities, subscribe to newsletters, contact us for information, enter into or execute a contract, supply goods and services, etc.;
- data obtained from other legitimate sources – contracting parties and contractors (e.g. data on the representatives, employees, etc. of the contracting parties), our partners, if you have provided them with your information, consenting to our processing in this Privacy Notice or your public professional social networks, public databases, public registers and information systems.
How do we use your Personal Data and what principles do we follow?
We only collect and process Personal Data that is necessary to achieve the purposes for which it is collected.
When processing your Personal Data, we:
- shall comply with valid and applicable legislation, including the requirements of the GDPR;
- we shall process your Personal Data in a lawful, fair and transparent manner;
- we shall collect your Personal Data for specified, clearly defined and legitimate purposes and shall not process it in a way incompatible with those purposes, except to the extent permitted by law;
- we shall take reasonable steps to ensure that Personal Data that is inaccurate or incomplete in relation to the purposes for which it is processed are rectified, supplemented, suspended or destroyed without delay;
- we shall process and store your Personal Data for no longer than is necessary for the purposes for which the Personal Data is collected and processed;
- we shall not provide or disclose Personal Data to third parties except for cases provided for in this Privacy Notice or applicable law;
- we shall take appropriate technical or organisational measures to ensure the security of Personal Data, including protection against unauthorized processing and unintentional loss, destruction or damage.
To whom shall we transfer your Personal Data?
We may transfer your Personal Data to:
- Personal data processors used by the Company (for example, companies providing IT, server services, website administration services, accounting companies, call service companies, analysis companies, advertising and/or marketing companies, etc.). We have entered into appropriate agreements with all Personal Data processors we use and require them to store, process and treat Personal Data as responsibly as we do and only in accordance with our instructions;
- other NFQ Technologies companies that provide or assist in providing services to you and/or for internal administration purposes, when in a specific case the company receiving the Personal Data acts as an independent Personal Data controller;
- other carefully selected trusted partners that assist us in carrying out our activities and/or providing services when, in a particular case, they act as independent controllers of Personal Data;
- state institutions and establishments, law enforcement institutions, courts, other persons performing the functions assigned by law, in accordance with the procedure provided for in the legal acts of the Republic of Lithuania. We shall provide these entities with mandatory information required by law or specified by the entities themselves;
- debt collection companies to which claims on a customer’s debt are transferred, courts, out-of-court dispute resolution bodies and bankruptcy administrators;
- in other cases, if you have given your consent for the disclosure or transfer of Personal Data.
We do not currently transfer your Personal Data outside the European Union or the European Economic Area. However, should such a need arise, your data shall only be able to be transferred under the following conditions:
- Data shall be transferred only to our reliable partners who ensure our activities and provision of services to you;
- Data processing agreements have been signed with such partners, by which they ensure the security of your Personal Data in accordance with the requirements of the law, or;
- The Commission of the European Union has decided on the suitability of the country in which our partner is established, i.e. an adequate level of security is ensured.
What rights do you have under the legal acts regulating Personal Data Protection?
With regard to your Personal Data, you have the right to:
- Ask to provide you with information about the processing of your Personal Data and how such data is processed;
- Request to correct your Personal Data and/or suspend the processing of such Personal Data, except for storage – in the event that upon getting acquainted with the Personal Data, you determine that the data is incorrect, incomplete or inaccurate;
- Request the destruction of Personal Data or the suspension of the processing of such Personal Data, except for storage – in the event that upon getting acquainted your Personal Data, you determine that the Personal Data is being processed unlawfully or fraudulently;
- Disagree and/or object to the processing of your Personal Data when it is processed or intended to be processed for direct marketing purposes or for a legitimate interest which we seek or which is sought by a third party to whom the Personal Data is provided;
- in cases where your Personal Data is processed on the basis of a separate consent, you have the right to revoke the given consent to the processing of your Personal Data at any time;
- Request the transfer of your Personal Data to another data controller or provide it directly in a form convenient for you (applicable to those Personal Data which you have provided and which are processed by automated means on the basis of a contract or consent).
You can exercise your rights by giving us written notice and specifying what action you wish us to take with respect to your Personal Data. You can submit the notice in any way convenient for you by the contacts below, if your request can be identified from such a request and the documents accompanying it.
- By e-mail: info@nfq.lt
- By telephone No.: +370 37 333 053
- To the registered office of the NFQ Technologies company that acts as the controller of your Personal Data.
You may also contact these contacts if you believe that we have not complied with our obligations concerning your Personal Data as set out in this Privacy Notice. We shall take immediate action to enforce your rights.
If you are unable to resolve your issues directly with us, you have the right to contact Data Protection Authority, which is responsible for the supervision and control of personal data protection legislation:
• In the Republic of Lithuania: State Data Protection Inspectorate, https://vdai.lrv.lt/;
• In the Republic of Poland: Personal Data Protection Office, https://uodo.gov.pl/.