Kontaras, UAB (hereinafter referred as „we“) is the owner and operator of EasyBuilder.Pro online services as well as a partner in a number of private-label services in conjunction with other partners. This Statement is intended to inform our customers and partners about the framework of data protection controls put in place in order to comply with applicable legislation, including, among others, EU General Data Protection Regulation (GDPR).
We are a private limited liability company incorporated under Law of Lithuania, registered Vilnius, Lithuania, legal entity code 302898803. The e-mail address for reporting data protection breaches and concerns: data.protection@easybuilder.pro.
EU General Data Protection Regulation (GDPR) means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
Customer Data means data provided by or on behalf of Customer or Customer End Users via the Services under the Account.
The following are definitions of terms as prescribed by GDPR.
Data Subject: a natural person.
Personal Data: any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, by reference to an identifier: ID number, location data, online identifier, or factors specific to physical, physiological, genetic, mental, economic, cultural or social identity of that person.
Data Controller: is the natural or legal person, public authority, agency or other body which alone, or jointly with others, determines the purpose and means of the processing of personal data; where the purposes and means of processing are determined by European Union law or Member State law, the controller or the specific criteria for his nomination may be designated by European Union law or by Member State law.
Data Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Data Processing: any operation or set of operations performed upon personal data, or sets of it, be it by automated systems or not. Examples of data processing explicitly listed in the text of the GDPR are: collection, recording, organising, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing by transmission, disseminating or otherwise making available, aligning or combining, restricting, erasure or destruction.
Special Categories of Personal Data: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
We confirm that we will collect personal data from you as a Customer in accordance with applicable law in Lithuania and European Union, as well as any regulations issued by supervising authorities. We shall apply every reasonable technical and organisational measures to protect Customer Data from loss, improper use and/or unauthorised change. Our staff is contractually obligated to protect Customer Data from disclosure to third parties or other unauthorised staff.
We shall collect, transfer, analyse, process or present Customer Data solely at consent of the Customer, and will cease doing so at Customer‘s request. In the latter case, it is understood that in some cases we will not be able to provide all the advertised services.
In order to fulfil our obligation, we are required to restrict collection of personal data, which means that we will not knowingly collect, request or encourage providing personal data of the following categories:
Any submission of personal data from these categories by Customer is not recommended, will not be monitored or responded and done at Customer‘s own risk, and we will revert any liability back to the Customer for any infringement on the rights of third parties caused by these actions.
For avoidance of doubt, online services provided by Easybuilder.Pro platform are meant and intended for publishing of digital content to a wide audience. Any such activity is actively executed by Customer, rather than Us, and We do not consider this publishing activity personal data processing, regardless of the content published.
Your personal data may be used and collected in order to:
The ways we collect personal data are limited to:
We reserve the right to add other ways of collecting personal data, of which data subjects will be duly informed in advance.
Your personal data may be collected/processed on one or more of the following legal basis:
The above list may change, in which case we will notify our customers and partners.
We may transfer your data to these third parties:
We may need to transfer personal data to data processors outside of European Economic Area, as part of our collaboration with Google Cloud Platform, our chosen provider of hosting services.
Personal data of our customers will be stored on this platformas per data processing agreement between Kontaras, UAB and Google LLC, with data centre located in outside of European Economic Area or countries designated as providing adequate level of data protection by European Commission. In order to comply with the GDPR requirements for cross-border transfers, a risk assessment study has been performed to determine whether Appropriate Safeguards (art. 46 of GDPR) are available for transfer of customer data to Google Cloud Platform. The risk assessment study has determined presence of sufficient Appropriate Safeguards for this scenario, including, but not limited, to the following:
Based on the above, Kontaras, UAB consideres Appropriate Safeguards sufficient to maintain secure and responsible transfers to Google Cloud Platform as a part of our service offering.
We do not conduct any other cross-border of personal data for EU natural persons.
In order to secure your data, we exercise the following technical and organisational measures required by Regulation:
Secure Hosting Service. Google Cloud Platform is a platform of choice that is a standard in itself for ensuring data confidentiality and integrity. Please refer to Google Data Processing and Security Terms for description of applied technical and organisational measures to protect your data on the Cloud Platform.
Access Control. Your content, with exception of the part that is intended for publication, is protected from eavesdropping by a third party, and only authorised staff can access it. You are allowed to access your data by means of password protection.
Development Data. No real-life personal identifiable data is shared with development and testing teams, they are using anonymised pseudonyms instead.
Data minimisation. We do not store any personal data we are not intending to use. We do not keep any credit card or account details, so customers are only sending them to trusted payment gateways. This minimizes the risk of data theft from our systems.
Data retention. We wipe personal data from our servers according to established schedule (may change with a notice):
Personal data | Retention period |
---|---|
Financial transaction records | 10 years from the transaction date |
Sites and credentials of deleted users | 1 year after deactivation of user |
Other personal data | 3 years after deactivation of user |
We are committed to ensuring the following indispensable rights of data subjects granted by GDPR:
While some of the toolsets required to simplify your abilty to exercise these rights are still in the making, you are always welcome to contact our Data Protection Officer by e-mail specified in „General Information“ section.
Where you have provided consent to our use of your data, you also have the right to withdraw that consent at any time. This means that we will stop processing your data.
You have the right to report any data protection breaches to a government authority responsible for supervising applicable data protection laws in Lithuania. In order to get more information, please visit http://www.ada.lt.
This Statement is due for updates at least once in two years. Any changes to this Statement, as well as Terms of Service, will be posted on the website http://www.easybuilder.pro/. Using online services after having been able to read the content of these documents is considered a consent to this Statemen and Terms of Service.