EasyBuilder.Pro Data Protection Statement for Customers

General Information

Kontaras, UAB (hereinafter referred as „we“) is the owner and operator of EasyBuilder.Pro online services as well as a partner in a number of private-label services in conjunction with other partners. This Statement is intended to inform our customers and partners about the framework of data protection controls put in place in order to comply with applicable legislation, including, among others, EU General Data Protection Regulation (GDPR).

We are a private limited liability company incorporated under Law of Lithuania, registered Vilnius, Lithuania, legal entity code 302898803. The e-mail address for reporting data protection breaches and concerns: data.protection@easybuilder.pro.

Terms and Abbreviations

EU General Data Protection Regulation (GDPR) means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

Customer Data means data provided by or on behalf of Customer or Customer End Users via the Services under the Account.

The following are definitions of terms as prescribed by GDPR.

Data Subject: a natural person.

Personal Data: any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, by reference to an identifier: ID number, location data, online identifier, or factors specific to physical, physiological, genetic, mental, economic, cultural or social identity of that person.

Data Controller: is the natural or legal person, public authority, agency or other body which alone, or jointly with others, determines the purpose and means of the processing of personal data; where the purposes and means of processing are determined by European Union law or Member State law, the controller or the specific criteria for his nomination may be designated by European Union law or by Member State law.

Data Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Data Processing: any operation or set of operations performed upon personal data, or sets of it, be it by automated systems or not. Examples of data processing explicitly listed in the text of the GDPR are: collection, recording, organising, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing by transmission, disseminating or otherwise making available, aligning or combining, restricting, erasure or destruction.

Special Categories of Personal Data: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

Principles of Data Protection at EasyBuilder.Pro

We confirm that we will collect personal data from you as a Customer in accordance with applicable law in Lithuania and European Union, as well as any regulations issued by supervising authorities. We shall apply every reasonable technical and organisational measures to protect Customer Data from loss, improper use and/or unauthorised change. Our staff is contractually obligated to protect Customer Data from disclosure to third parties or other unauthorised staff.

We shall collect, transfer, analyse, process or present Customer Data solely at consent of the Customer, and will cease doing so at Customer‘s request. In the latter case, it is understood that in some cases we will not be able to provide all the advertised services.

In order to fulfil our obligation, we are required to restrict collection of personal data, which means that we will not knowingly collect, request or encourage providing personal data of the following categories:

• Personal data of minors that are less that consent age determined by GDPR or, where applicable, the local law;
• Special categories of personal data as defined by GDPR.
• Personal data of any other natural persons rather than Customer‘s.

Any submission of personal data from these categories by Customer is not recommended, will not be monitored or responded and done at Customer‘s own risk, and we will revert any liability back to the Customer for any infringement on the rights of third parties caused by these actions.

For avoidance of doubt, online services provided by Easybuilder.Pro platform are meant and intended for publishing of digital content to a wide audience. Any such activity is actively executed by Customer, rather than Us, and We do not consider this publishing activity personal data processing, regardless of the content published.

Objectives of Data Collection and Processing

Your personal data may be used and collected in order to:

• operate and improve our internal operations, systems, and Services;
• facilitate financial settlement for services provided, directly or via our partners;
• offer more convenient, more individualised content based on demographical data, preferences or geography (such as language preference).
• understand you and your preferences to improve your experience and enjoyment using our Services;
• respond to your comments, questions, and support queries, and provide customer service;
• provide the Services you request, whether you request them directly from us or from one of our channel partners;
• provide our channel partners with information to facilitate their provision of Services to you as resellers;
• send you and channel partners information related to Services such as confirmations, invoices, expiration and renewal notices, technical notices, Service updates and security feeds, security alerts, and support and administrative messages;
• communicate with you about new products and services, upcoming events, promotions, rewards, and other news about products and services offered by us and our selected partners;
• process and deliver contest entries and rewards;
• link or combine information about you with other personal information we get from third parties, to help understand your needs and provide you with better and more personalized service; and
• protect, investigate, and deter against fraudulent, unauthorized, or illegal activity.

The ways we collect personal data are limited to:

• Information collected from our customers through our web application or by other electronic channels;
• Information received from our business partners or other third parties.

We reserve the right to add other ways of collecting personal data, of which data subjects will be duly informed in advance.

The Legal Basis for Data Collection and Processing

Your personal data may be collected/processed on one or more of the following legal basis:

• Compliance to applicable legislation or regulation;
• Fulfillment of our obligations as per contract with you;
• Your consent.

The above list may change, in which case we will notify our customers and partners.

Transfer of Your Personal Data

We may transfer your data to these third parties:

• our partners that participate in provision of our services;
• Google Cloud Platform, which is used to support our online platform;
• Banks and payment processors participating in settlement of payments for provided services;
• Our business partners, wherever the services provided to you are co-branded;
• Other responsibly selected third parties;
• Supervisory and law enforcement authorities;
• Any other third parties, when it is required by law or in order to protect our lawful interests.

Cross-Border Transfers of Personal Data

We may need to transfer personal data to data processors outside of European Economic Area, as part of our collaboration with Google Cloud Platform, our chosen provider of hosting services.

Personal data of our customers will be stored on this platformas per data processing agreement between Kontaras, UAB and Google LLC, with data centre located in outside of European Economic Area or countries designated as providing adequate level of data protection by European Commission. In order to comply with the GDPR requirements for cross-border transfers, a risk assessment study has been performed to determine whether Appropriate Safeguards (art. 46 of GDPR) are available for transfer of customer data to Google Cloud Platform. The risk assessment study has determined presence of sufficient Appropriate Safeguards for this scenario, including, but not limited, to the following:

• We entered EU Model Contract Clauses with Google LLC as the importer;
• Google LLC holds certifications to ISO 27001 and ISO 27018, which include all applicable data centres used by EasyBuilder.Pro, which demonstrate company commitment to compliance to Regulation;
• Google owns the Code of Conduct, which makes it a requirement for its staff to demonstrate commitment to data protection laws.

Based on the above, Kontaras, UAB consideres Appropriate Safeguards sufficient to maintain secure and responsible transfers to Google Cloud Platform as a part of our service offering.

We do not conduct any other cross-border of personal data for EU natural persons.

What We Do to Protect Your Data

In order to secure your data, we exercise the following technical and organisational measures required by Regulation:

Secure Hosting Service. Google Cloud Platform is a platform of choice that is a standard in itself for ensuring data confidentiality and integrity. Please refer to Google Data Processing and Security Terms for description of applied technical and organisational measures to protect your data on the Cloud Platform.

Access Control. Your content, with exception of the part that is intended for publication, is protected from eavesdropping by a third party, and only authorised staff can access it. You are allowed to access your data by means of password protection.

Development Data. No real-life personal identifiable data is shared with development and testing teams, they are using anonymised pseudonyms instead.

Data minimisation. We do not store any personal data we are not intending to use. We do not keep any credit card or account details, so customers are only sending them to trusted payment gateways. This minimizes the risk of data theft from our systems.

Data retention. We wipe personal data from our servers according to established schedule (may change with a notice):

Your Rights as Data Subject

We are committed to ensuring the following indispensable rights of data subjects granted by GDPR:

• the right to be informed about the data we hold on you and what we do with it;
• the right of access to the data we hold on you;
• the right for any inaccuracies in the data we hold on you, however they come to light, to be corrected, also known as ‘rectification’;
• the right to have data deleted in certain circumstances. This is also known as ‘erasure’;
• the right to restrict the processing of the data;
• the right to transfer the data we hold on you to another party. This is also known as ‘portability’;
• the right to object to the inclusion of any information;
• the right to regulate any automated decision-making and profiling of personal data.

While some of the toolsets required to simplify your abilty to exercise these rights are still in the making, you are always welcome to contact our Data Protection Officer by e-mail specified in „General Information“ section.

Your Consent

Where you have provided consent to our use of your data, you also have the right to withdraw that consent at any time. This means that we will stop processing your data.

Making a Data Protection Complaint

You have the right to report any data protection breaches to a government authority responsible for supervising applicable data protection laws in Lithuania. In order to get more information, please visit http://www.ada.lt.

Closing Remarks

This Statement is due for updates at least once in two years. Any changes to this Statement, as well as Terms of Service, will be posted on the website http://www.easybuilder.pro/. Using online services after having been able to read the content of these documents is considered a consent to this Statemen and Terms of Service.