Privacy policy

1. General provisions

This Privacy Policy (hereinafter – “Privacy Policy”) provides information about how Cyber upgrade, UAB, Legal entity code: 306422641, address Laičių g. 92, Laičiai, LT-21342 Elektrėnai (hereinafter – “CyberUpgrade” or “we”) processes personal data when you use the website www.cyberupgrade.net (hereinafter – the “Website”) or otherwise provide personal data to CyberUpgrade.

Personal data means any information that relates to an identified or identifiable living individual. Different pieces of information that, when collected together, may also lead to the identification of a particular person, also constitute personal data.

The Privacy Policy describes the personal data we collect, how we obtain the data, on what grounds, for what purposes, and how we use it, how long we store your personal data, with whom it is shared, how we ensure the protection of your personal data, and what your rights have.

It is very important that you read this Privacy Policy carefully, because every time you visit Website or otherwise provide personal data to CyberUpgrade, you will give your consent to the terms and conditions described in this Privacy Policy. This means that you are legally committed to complying with this Privacy Policy. If you do not agree to these conditions, you should not provide your personal data to CyberUpgrade.

We respect your privacy and seek to protect your personal data. CyberUpgrade will process your personal data in accordance with the applicable legal requirements of the European Union and the Republic of Lithuania, including Regulation (EU) No 2016/679 (General Data Protection Regulation, hereinafter – “GDPR”) and other applicable legislation on the protection of personal data, and instructions from competent authorities. The terms used in the Privacy Policy are understood as they are defined in the GDPR.

2. Data controller of your personal data

CyberUpgrade is the data controller of your personal data specified in this Privacy Policy:
Name: Cyber upgrade, UAB
Legal entity code: 306422641
Address: Laičių g. 92, Laičiai, LT-21342 Elektrėnai
Email: privacy@cyberupgrade.net

3. The purposes for processing your personal data

CyberUpgrade processes your personal data for the following purposes:

3.1 Provision of services

Purpose

CyberUpgrade has the purpose of providing you with the services you have ordered and ensuring the smooth provision of such services (e.g. quick and secure payment or informing you about changes in the services).

Data subjects

The representatives of business clients who purchase these services.

Personal data

First name, surname, represented company;

Email address;

Other contact details, such as an address, phone number (if you provide them on a voluntary basis);

Information on acquired CyberUpgrade services (purchase history);

Payment details (amount, selected payment method, and related information, e.g. a bank account number);

Your communication with CyberUpgrade on purchased services.

Source of personal data

CyberUpgrade receives personal data directly from you, or:

From payment collection or administration service providers, financial institutions, or other payment intermediaries, depending on your chosen method of payment for services.

Legal basis

Performance of the contract between you and CyberUpgrade regarding the provision of the services (Article 6(1)(b) of the GDPR) or our legitimate interest to conclude a contract regarding the provision of the relevant services with the legal person you represent (Article 6(1)(f) of the GDPR).

If you do not provide this personal data, CyberUpgrade will not be able to provide the services you request.

Storage

The data contained in the documents for which minimum retention periods are provided in legal acts (e.g. Index for Retention Terms of General Documents), will be stored for the retention periods set in the relevant legal acts, e.g. accounting documents certifying an economic operation or an economic event (invoices, payment orders, etc.), and the personal data contained therein will be stored for 10 years.

In individual cases, in accordance with the applicable requirements of legal acts, or in the case specified in Paragraph 3.6 of this Privacy Policy, your personal data may be stored for a longer period.

3.2 Direct marketing

Purpose

CyberUpgrade has the purpose of providing news and other information about our goods and/or offers to you.

Data subjects

• Persons who have purchased CyberUpgrade services and at that time or at any time thereafter did not object to the use of their personal data for direct marketing purposes in the context of marketing similar goods and/or services by CyberUpgrade;
• Persons who have provided their consent to the processing of their personal data for the purpose of direct marketing.

Personal data

• First name, surname, represented company;
• Email address;
• Phone number;
• Information about similar CyberUpgrade services (purchase history) acquired.

Source of personal data

CyberUpgrade obtains personal data directly from you.

Legal basis

• Your consent to the processing of personal data for direct marketing purposes (Article 6(1)(a) of the GDPR), or
• Our legitimate interest to notify our customers about similar goods and/or services offered by CyberUpgrade (Article 6(1)(f) of the GDPR).
• Based on our legitimate interest in notifying customers about similar goods and/or services offered by CyberUpgrade, CyberUpgrade will process your personal data for direct marketing purposes only if all of the following conditions are present:
  • When you purchase a product and/or service at Website, you do not expressly disagree with being sent direct marketing communications;
  • Every time we send a direct marketing notification, you will be able to refuse direct marketing communications by notifying this via a specified email or other means specified in this Privacy Policy;
  • Your personal data will be processed on this basis only for marketing similar goods and/or services offered by CyberUpgrade.

Storage

Your personal data will be processed for the purpose specified in this Paragraph for 2 years from the date of its collection, or until you object to such processing of personal data, or until your consent to the processing of personal data for this purpose is withdrawn, whichever of these circumstances occurs first.

In individual cases, your personal data may be stored for a longer period in accordance with the requirements of applicable legal acts or in the case specified in Paragraph 3.6 of this Privacy Policy.

3.3 Direct communication

Purpose

CyberUpgrade has the purpose of responding to your inquiries which you provide by email or standard mail, writing or calling by phone using a special form at Website, or contacting us directly.

Data subjects

Persons who submit inquiries to CyberUpgrade by email or standard mail, by writing or calling by phone, using a special form at Website, or by contacting us directly in person.

Personal data

• First name, surname, represented company;
• Address;
• Email address;
• Phone number;
• Content of the correspondence with CyberUpgrade.

Based on your chosen means of communication with CyberUpgrade, CyberUpgrade may process only part of your personal data listed above.

Source of personal data

CyberUpgrade receives personal data directly from you.

Legal basis

Our legitimate interest to respond to your inquiries and/or provide you with detailed information about CyberUpgrade services (Article 6(1)(f) of the GDPR).

Storage

Your personal data will be processed for the purpose specified in this Paragraph for 2 years from the date of its collection.

In individual cases, your personal data may be stored for a longer period in accordance with the requirements of applicable legal acts or in the case specified in Paragraph 3.6 of this Privacy Policy.

3.4 Social networks

Purpose

CyberUpgrade has a purpose to manage its social network accounts and to communicate with users of social networks.

Data subjects

Users of social networks (Facebook, LinkedIn) who interact with us through CyberUpgrade accounts.

Personal data

• Name of the profile on the social network, or first name and surname;
• Profile photo;
• Public comments and other forms of interaction with CyberUpgrade social network accounts;
• Content of the correspondence with CyberUpgrade, if any.
• Based on your chosen means of communication with CyberUpgrade, CyberUpgrade may process only part of your personal data listed above.

Source of personal data

CyberUpgrade obtains personal data directly from you and/or from the relevant social network.

Legal basis

Our legitimate interest to communicate with the users of our social network accounts (Article 6(1)(f) of the GDPR).

Storage

Given that CyberUpgrade does not administer the above social networks, but only its accounts on these networks, and acts as a joint data controller together with the companies that administer the said social networks, please familiarize yourself with the information about the storage of your personal data in the privacy documents of the following social networks:

• Facebook (https://www.facebook.com/privacy/explanation);
• LinkedIn (https://www.linkedin.com/legal/privacy-policy).

3.5 Functions of the website

You can find all the information about the tools we use to ensure the functioning of Website (including cookies) and the data privacy issues associated with them in our Cookie Policy.

3.6 Legal requirements and dispute resolution

CyberUpgrade may process all the above personal data in order to make claims, and enforce or defend itself against legal claims. For this purpose, we will process personal data on the basis of our legitimate interest for the purpose of the establishment, exercise, or defense of legal claims (Article 6(1)(f) of the GDPR). We will process the data for this purpose for 1 year after the end of the relevant legal procedures (e.g. the examination of the claim, the final ruling of the court, or arbitration).

4. Data recipients

We may disclose information about you to our employees, representatives, intermediaries, suppliers, or subcontractors if this is reasonably necessary, e.g. to our providers of payment services who administer financial operations at Website, Website hosting service providers, providers of maintenance services of servers, email service providers, etc.

In addition, we may disclose information about you to:

• courts, arbitrators, mediators, counterparties, and their lawyers (if required for the purpose of judicial or other similar proceedings);
• police, law enforcement authorities, tax authorities, other state or municipal authorities (if it is expressly required by the relevant legal acts), or other persons performing official duties assigned to them (e.g. notaries, debt recovery companies);
• professional consultants, such as lawyers, advisers, auditors, or accountants (if this is necessary to ensure our legitimate interests);
• service providers who provide information technology, cloud computing, and system administration services, payment collection or administration, marketing, and accounting services, postal or courier services only to the extent necessary for the proper provision of services;
• other entities within the same group of companies, only to the extent this is necessary for the proper administration of the group of companies;
• when performing business transactions (sale of CyberUpgrade, its assets (part thereof) or its shares (part thereof), merger or division of CyberUpgrade, etc.), to potential or final acquirers (their representatives), persons performing inspection of CyberUpgrade or otherwise participating in the relevant business transaction. In this case, CyberUpgrade will transfer only as much personal data as is necessary for the purposes of the business transaction and will ensure the confidentiality of personal data.

Also, in each case, if we transfer your personal data to a third country (outside the EU/EEA), one of the following conditions must be met:

• the data shall be transferred to the country, with respect to which the decision on adequacy has been adopted;
• the transfer of data is carried out using appropriate safeguards as specified in legal acts;
• the derogations provided for in legal acts are complied with if it is not possible to transfer the data under the above conditions.

CyberUpgrade will make every effort to ensure that the transfer of data takes place in accordance with the GDPR requirements and will take appropriate measures to ensure that your personal data is secure. For more information about such measures, please contact us directly using the contact details specified in Paragraph 2 of this Privacy Policy.

5. Security of your personal data

Your personal data will be processed in accordance with the GDPR requirements, the Law on Legal Protection of Personal Data of the Republic of Lithuania, and other applicable legal acts. When processing your personal data, we implement organizational and technical measures that ensure the protection of personal data against accidental or unlawful destruction, alteration, disclosure, and any other unlawful processing.

Although CyberUpgrade aims to protect your personal data, the transfer of data via the internet is not 100% secure, so we cannot fully guarantee the secure transfer of data via the internet.

6. Your rights

You have the following rights:

The right to be informed and to have access to personal data

You have the right to receive information about the processing of your personal data in a transparent, intelligible, and easily accessible form, using clear and plain language. This is provided for in this Privacy Policy. If any part of this Privacy Policy is not clear to you, please contact us using the contact details specified in Paragraph 2 of this Privacy Policy.

You also have the right to receive CyberUpgrade confirmation as to whether the data relating to you is processed and, if such data is processed, you have the right to access your personal data and the following information:

• purposes for data processing;
• categories of personal data;
• data recipients or categories of data recipients;
• the period of retention of personal data or the criteria used to determine that period;
• the right to request CyberUpgrade to rectify or delete your personal data or to restrict the processing of personal data relating to you or object to such processing, and the right to file a complaint with a supervisory authority;
• information about the sources of your personal data;
• where personal data is transferred to a third country or an international organization, information about appropriate safeguards relating to the transfer of data.

In addition, you have the right to receive a copy of the personal data that we have about you. We have the right to charge a reasonable fee based on administrative costs for any additional copies requested by you.

Right to have personal data rectified

You have the right to request that CyberUpgrade correct inaccurate or incomplete personal data about you.

You are responsible for ensuring that the data you provide to us is accurate, correct, and complete. If the data you provide changes, you must notify us immediately by amending the relevant data in the registration form or, if the data is not specified in the registration form, by notifying us about it by email. In no event will we be liable for any damage caused to you because you have indicated incorrect or incomplete personal data or have not informed us of changes.

Right to erasure (“right to be forgotten”)

You have the right to request us to erase or delete your personal data if there is no reasonable reason why we should continue to process it if personal data is no longer necessary for the purposes for which it was collected or processed or if you withdraw your consent on the basis of which the personal data was processed and there is no other legal basis for processing it or on other grounds set out in Article 17 of the GDPR.

Please note that in order to ensure the security of information systems and personal data, CyberUpgrade makes personal data backup copies. We will then delete or remove your personal data, except the data from such backup copies, within the terms specified below. If, before the expiry of the term specified in this paragraph, we are forced to restore the backup copy containing your personal data, we will immediately delete such data and will not use it for any other purpose.

Please note that Article 17(3) of the GDPR provides for exemptions to the cases above, where the data must be processed. If any such exceptions are valid in your case, we will inform you accordingly.

The right to restrict the processing of personal data

You have the right to request CyberUpgrade to restrict (or suspend) the processing of your personal data if:

• you contest the accuracy of your personal data – until its accuracy is verified;
• your data has been unlawfully processed but rather than request erasure, you wish to restrict processing;
• we no longer need the personal data but you need us to keep the data in order to establish, exercise, or defend against a legal claim;
• you have objected to us processing your data – until it is verified whether our legitimate grounds override yours.

After restricting the processing of personal data, such personal data may be processed (except for its storage) only with your consent or only for the purpose of the establishment, exercise, or defense of legal claims, protection of the rights of another natural or legal person or for reasons of important public interest.

The right to data portability

You have the right to receive your personal data provided by CyberUpgrade, in a structured common machine-readable format, as well as the right to transfer this data to another controller, provided that:

• the data is processed on the basis of the consent or contract; and
• the data is processed by automated means.

You also have the right to request that CyberUpgrade transfer your personal data directly to another controller if it is technically possible.

Right to object

You have the right to object at any time to the processing of your personal data for the purpose of public interest or the legitimate interest of CyberUpgrade.

In this case, CyberUpgrade will no longer process your personal data unless we can prove the legitimate grounds on which your personal data is processed and which are more important than your interests, rights, and freedoms, or if this is necessary to establish, exercise, or defend a legal claim.

When personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for this purpose and it will no longer be processed for this purpose.

The right to withdraw consent

If your personal data is processed on the basis of your consent, you have the right to withdraw such consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent prior to its withdrawal.

The right to file a complaint with a supervisory authority

If you believe that the processing of your personal data violates the provisions of the GDPR, you have the right to lodge a complaint with the supervisory authority of the EU Member State of your habitual residence, your place of work, or the place of the alleged infringement.

The supervisory authority in Lithuania is the State Data Protection Inspectorate, address: L. Sapiegos str. 17, 10312 Vilnius, Lithuania, email: ada@ada.lt, website: https://vdai.lrv.lt/.

Before submitting a complaint to the supervisory authority, we would appreciate it if you would contact us and explain your concerns to us. We will make maximum efforts to resolve your question expeditiously and carefully.

CyberUpgrade will examine your request to exercise the rights of the data subject within 1 month. This period may be extended, if necessary, for a further period of 2 months, taking into account the complexity and number of requests. In this case, CyberUpgrade will notify you of any such extension within 1 month of receipt of the request, together with the reasons for the delay.

If upon the receipt of a request, complaint, or claim, we have suspicions regarding your identity, we have the right to request additional information necessary to confirm your identity.

7. Privacy Policy updates

We have the right to update or change this Privacy Policy at any time. Such an updated or amended Privacy Policy will enter into force upon its publication at Website. If substantial changes to the Privacy Policy are made, this will also be communicated.