Last update: 3rd May 2023
The following phrases are to be understood as follows:
- Client – should be understood as a Customer, a Visitor, an Interested Person in the services provided by Mobilum or companies with equity or personal ties to Mobilum.
- Customer – a natural person acting on their own behalf and on their own account, or a board member or another person authorised to represent a legal person, a partner or an actual beneficiary of a legal person who was subject to Verification on the Website and was positively assessed in this Verification process and has started using the Mobilum’s services.
- Interested person – a natural person making an enquiry to the Mobilum, a natural person acting on their own behalf or a natural person who is a board member or other person authorised to represent a legal person, acting on their behalf, regarding the use of the Mobilum’s services.
- Website – Mobilum’s website available at: https://mobilum.com.
- Verification – a process consisting of actual activities, performed by Mobilum and the Cooperating Entities (defined below in Section III), consisting in defining and verifying the correctness and authenticity of data of the Interested Person, in order to attribute the Customer status to the Interested Person.
- Visitor – a person visiting the Mobilum’s Website using an Internet browser.
- WHO CONTROLS YOUR PERSONAL DATA?
In accordance with Article 13 section 1 and 2 of the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as “GDPR”), we wish to inform you that the controller of clients’ personal data is UAB Mobilum Tech with its registered seat in Kaunas, A. Mickevičius str. 56-2, Lithuania, entered in the Lithuanian e-Business Register maintained by The Register of Legal Entities of the Republic of Lithuania under No. 306247099, e-mail address: [email protected], telephone: +3726346244 (the “Controller”).
In case of any issues regarding personal data protection please contact the Personal Data Protection Officer appointed by the Controller – e-mail: [email protected], telephone: +3726346244.
- WHO MIGHT RECEIVE YOUR PERSONAL DATA?
A Client’s personal data might be shared with the Controller’s employees, contractors or associates who are authorised to process the data at the request of the Controller; they might also be shared with entities which the Controller entrusts with the processing of personal data, including entities providing accounting, IT, marketing or organisational services enabling the Controller to provide services, maintain the website, prepare and distribute the newsletter (“Cooperating Entities”). In particular, personal data is entrusted to entities providing Verification services as part of the Know Your Customer process (“KYC”) in accordance with the AML Policy in force in the Controller’s company and due to the obligations introduced by the Lithuanian Money Laundering and Terrorist Financing Prevention Act.
Your data might be provided to relevant authorities (the Police, Prosecutor’s office, Courts) in line with the jurisdiction of the conducted proceedings within the scope of execution of their statutory tasks, on their demand, reported in compliance with the relevant procedure implementing a final decision, sentence, ruling or other equivalent judgment, maintaining all guarantees ensuring the security of the transferred data.
Your personal data might be transferred to entities from the Controller’s capital group, that is to entities with capital and personal ties to the Controller, especially within the scope necessary for the Controller to provide the services included in the contracts concluded with the Client.
In particular, the Controller exercises due diligence in selecting its Cooperating Entities, and then at the stage of concluding contracts makes sure that these entities guarantee an adequate level of personal data protection.
- WHERE DO WE STORE YOUR PERSONAL DATA?
If data are transferred outside of the EEA, also if, at the Client’s request, the product is to be delivered or the services are to be provided outside of the EEA, the Controller uses all the available technical means in respect of the countries, where the European Commission did not determine the right level of data protection and processes the Client’s data only based on their voluntary consent.
- THE CONTROLLER’S GUARANTEES AND REPRESENTATIONS
The Controller guarantees personal data protection and processing of personal data in compliance with the GDPR. The Controller collects only the data which are necessary for performance of the contract or delivery of ordered services. The Controller does not process data without the Client’s consent outside of the scope which is necessary to execute the contract, provide electronic services or the Controller’s legal obligation without the Client’s prior consent.
The Controller exercises due diligence in order to protect the interests of the data subjects, in particular the Controller ensures that the collected data are processed in compliance with the law; the data are collected for the specified purposes compliant with the law and are not processed further in a way inconsistent with these purposes; the data are relevant and adequate to the purposes for which they are processed and stored in a form which permits identification of the data subjects no longer than it is necessary to achieve the purpose of their processing.
In view of the nature of the Controller’s services, the Controller does not process any data of natural persons which are under 18 years old or which do not have full legal capacity due to a relevant declaration of total incapacitation, or who should act through a statutory representative due to partial incapacitation.
- ON WHAT BASIS DOES THE CONTROLLER PROCESS YOUR PERSONAL DATA?
- Processing of personal data takes place for the following purposes and is based on the following legal bases:
- within the scope in which the processing takes place as a result of the Controller conducting an activity and providing services for the Client, i.e. in regard of collecting and archiving the Client’s declarations of intent in respect of undertaking activity on the Website, using the mobilum.com website, a concluded contract regarding the provision services within the object of the license granted to the Controller and for the performance of a contract for the provision of electronic services, in order to execute these contracts or to execute the contracts regarding the provision of electronic services, and so in order to enable the Website’s functionality to be used and to perform the other electronic services, and also in order to perform other contracts to which the Client is a party or to undertake activities on the client’s demand before concluding a contract, in order to consider potential complaints – Article 6 (1) (b) of the GDPR;
- in regard to keeping accounting books and settlements in connection with the performance of the concluded contract, the Controller processes the personal data as a part of the legal obligations to which they are subject, including the value-added tax regarding to the Controller issuing a VAT invoice – Article 6 (1) (c) of the GDPR;
- in order to consider potential complaints or reported claims, in regard to pursuing claims for conducting an economic activity, for archiving (evidence) purposes in pursuit of our legitimate interest of securing information in case of the legal need to present facts to competent state authorities, for analytical purposes (optimising our products based also on the client’s comments and the client’s interest, optimising service processes based on the service processes experienced by the Client) – in our opinion processing of these data is beneficial also for the user, as it improves their experience and allows us to offer them services of better quality – Article 6 (1) (f) of the GDPR;
- After giving a separate consent under Article 6 (1) (a) of the GDPR, allowing us to offer products and services directly (direct marketing), including tailoring them to the client’s needs, sending newsletters through communication channels indicated by the Client (including text and multimedia messages sent to the phone number provided by the Client) – only if you consent to it.
BASIS FOR PROCESSING
Registration on the Controller’s website is compulsory; if you fail to register and provide the data required therein, the Administrator will not provide services to you.
The processing of your data is necessary for the Controller to fulfil the terms and conditions of the Service Account Agreement governing the use of the Controller’s Website. In order to allow the Customer to register on the Website, the Controller needs to process personal data, otherwise managing the registration and maintaining the Customer’s access to his/her account on the Website would be impossible.
The processing of your data is necessary and results from legal obligations imposed on the Controller by a number of legal acts – Republic of Lithuania law on the prevention of money laundering and terrorist financing, the Directive (EU) 201/843 of the European Parliament and the of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU, Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial systems for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC (Text with EEA relevance).
The aforementioned acts of law oblige the Controller to carry out Verification of the Client – this Verification includes in particular establishing the identity and its proper confirmation, specifying the Client’s address of residence, including the verification of sources used by the Client to finance their business, which is within the scope of the services provided by the Controller.
For the purposes of Verification and making decisions about whether or not to admit a Client to the functionalities of the Controller’s Website, the Controller may use tools that enable automated management of this process. Automated Verification may lead to (1) approval of the Client for admission to the Site and use of the Controller’s services, (2) submission for manual Verification of the Client by the Controller, (3) rejection of the Client.
Automatic Verification is necessary to enable the Client to use the services and the Site of the Controller. Without automatic Verification, it would not be possible for the Administrator to provide services. The Administrator is technically capable of verifying a decision made in an automated manner and of influencing the content of such decision at each stage of its making.
Processing the Client’s data is necessary for performance of the service provision –contract and granting access to the Website.
We believe that we have a legitimate interest to perform necessary verifications to detect and prevent abuse while providing the Client with services. In our opinion, the processing of the data is beneficial for all parties involved in the process of paying for services, in particular for the Client, as it allows us to take relevant measures to protect them from third party abuse attempts.
Moreover, the Controller processes the personal data concerning services provided in the scope necessary to keep the records, in order to demonstrate the facts of purchases made by the Client to the relevant state authorities, and in particular to perform the obligations resulting from the Estonian Value Added Tax Act of 10 December 2003.
The Controller has a legitimate interest to manage requests and enquiries made by the Clients through various available means of contact. In the Controller’s understanding, processing of this data is beneficial for Clients because of the possibility of providing them with proper services and the possibility to answer their questions.
When the Client contacts the Controller, especially in order to manage actions relating to the Verification or the product/service purchased via the Website, data processing is necessary for the performance of the service provision contract.
If the Client’s enquiry concerns exercising the rights described later herein, or a complaint about our services, we are authorised to process the Client’s data by the Controller’s obligation to perform its legal obligations.
The Controller has a legitimate interest to conduct Website usability testing and test the Client satisfaction level, as in its opinion, the processing of these data is also beneficial for the Client. It allows for improving the Client’s experience as the user and offering them higher-quality services.
All marketing activities are conducted by the Controller on the basis of your explicit consent with a precise reason for processing.
The legal basis for processing the Client’s data for marketing purposes is their explicit consent given, for example, while accepting the receiving of information adjusted to your individual preferences through different means of communication or, when you accept the legal basis of participation in a given promotional campaign, or when you accept the settings of third-category cookies collected by the Website.
The Controller’s actions within this scope aim at presenting the Client with an offer to purchase the Controller’s products or services, corresponding to the Clients preferences as much as possible.
The Controller ensures that providing any data is voluntary, but in scopes other than receiving the newsletter or for direct marketing (the grounds for data processing are defined in point 1(4)), providing the data is necessary for creating an account on the Website, concluding the service provision contract and the supply of the services. Failure to provide personal data or demanding their deletion or restricting its processing will render providing the services impossible in the aforementioned scope.
- HOW LONG DOES THE CONTROLLER STORE YOUR PERSONAL DATA? (“Processing Periods”)
The Controller stores personal data which are processed in the case of:
- Visitors – personal data of a Visitor will be processed as long as the Visitor remains on the Controller’s Website or in the case a consent to the processing of cookie files for marketing purposes is granted, until the Visitor withdraws such a consent.
- Interested persons – personal data of the Interested person will be processed until the Interested person’s question is answered or until the completed Verification which is (a) positive – in which case the Interested person’s data will be processed in line with the processing periods for the Customer, (b) negative – then the Interested Person’s personal data will not be processed further.
- Customers – the Customer’s personal data will be processed during the period of providing the Customer with the services or until the legal obligation based on the Act of prevention of money laundering and financing terrorism expires, i.e. for 8 years from the termination of the last relation with the Client, pursuant to Article No. 19 of the aforementioned Act.
- WHAT ARE YOUR RIGHTS?
The Controller stores personal data on secured servers. Only selected employees and associates listed above have access to the data. The place and manner of storing the data are to ensure their full security. The Clients’ rights related to personal data processing are as follows:
- the right to withdraw consent to data processing,
- the right to access data and obtain a copy of them,
- the right to demand that personal data are rectified (corrected),
- the right to demand that personal data are erased,
- the right to demand that personal data processing is restricted,
- the right to object to data processing due to a particular situation, which justifies discontinuation of the processing of data which is the subject of the objection,
- the right to transfer personal data, i.e. the right to receive the personal data in a structured, commonly used machine-readable format. The right to transfer personal data applies only to the data which are processed under a contract or a consent.
To exercise the above-listed rights, the Client should contact the Controller. To make sure that the Controller is contacted by a person authorised to submit an application, the Controller might ask for additional information, which will allow for effective authentication and identification.
Within the scope in which the data are processed on the basis of a consent, the consent can be withdrawn at any time. The withdrawal of the consent does not affect the lawfulness of the processing performed on the basis of the consent before its withdrawal. The consent can be withdrawn by sending a statement about the consent withdrawal to our mailing address or e-mail address.
- COOKIES POLICY
- We want to address our Client’s needs as closely as possible and that is why we analyse anonymised data about how our Website is used. For this purpose, we use the Google Analytics code. It is an Internet analysis tool which helps us improve the Website’s functionality. The Google Analytics service collects anonymous information, registers trends occurring on websites without identifying individual Users. Like many other services, the Google Analytics tool uses its own Cookie files to analyse the Users’ actions. These files are used for storing information, for example the starting time of the current visit or if the User had used the Website before, which website directed them to our Website, what is the screen resolution of their device, what products they browsed on the Website, etc. We also use Sumome to create click maps, scroll maps (which show us at which point visitors stop scrolling down the website), panels to share on social media or pop-ups and sidebars with information on discounts/offers. We also use integration with Facebook, the social media channel, which allows us to display Facebook advertisements to people who had visited our Website before.
- Internet browsers allow for storing and accessing cookies by default. By modifying the settings of their Internet browser, each person browsing through the Website can prevent the Cookie files from being saved on their device or can delete the saved files permanently. You decide about cookie processing by choosing the settings of your Internet browser.
- By using the Controller’s website without changing the settings of the Internet browser in order to turn off the usage of Cookie files, the user agrees to cookies being stored on their device and to access to the user’s end device. Users can change the settings of the Internet browser at any point to turn off the usage of cookie files. The above applies to cookies of the first and second categories.
- Collecting, processing and using Cookie files of the third category takes place on the basis of the Client’s prior consent to process data for marketing purposes. The consent to process cookies of the third category is voluntary and can be withdrawn at any time. The withdrawal of the consent does not affect the lawfulness of the processing performed before its withdrawal.
- We would like to inform you that restrictions on cookie usage can have a negative impact on the correctness and convenience of using the Website for the Clients. The Controller does not ensure the Website’s full functionality and correctness in the case when consent to the processing of cookies of the first and second categories is not granted.
- Cookies do not constitute personal data such as the user’s address, password, credit card data; instead, they are only data received by the website in an automated way.
- The Controller does not bear any responsibility for the contents or the reliability of third-party websites.
- The Controller collects Cookie files in 3 categories:
Basis for data processing
The purpose of data processing
Withdrawing consent to the processing will result in lack of possibility to ensure correct functioning of the Controller’s Website.
Required to allow for performance of the contract or to take actions on the Client’s demand – Article 6 (1) (b) of the GDPR.
They are necessary for the Controller’s Website to function correctly. They are used to maintain the Client’s session while visiting the website and for logging into the Account.
They ensure that the Website is displayed correctly and adjust technical aspects of the services to the Client’s preferences.
They identify the user’s http session. They are commonly used in all Internet applications in order to identify users’ requests during sessions.
They allow for identifying the user’s navigation status on the Website.
Legitimate interest of the Controller – Article 6 (1) (f) of the GDPR.
Google Analytics – Third Party
Controller – within the remaining scope
This way the Controller measures movement on the website, studies the effectiveness of actions and also improves the website’s functioning, and also prevents undesirable activities (e.g. bot movements, endangering users by exposing them to undesired contents).
The User’s consent – Article 6 (1)(a) of the GPDR
The Controller and Third Parties
The Controller uses them to personalise the advertisements displayed on the website and on external websites, taking into consideration the Client’s actions and preferences on the Website, adjusting the contents of advertising messages to the Clients’ preferences.
If you believe that the processing of your personal data violates the provisions of the GDPR, pursuant to Article 56 of the GDPR you have the right to file a complaint to the chief supervisory authority, i.e. the Director General of the Estonian Data Protection Inspectorate, or in the case of processing significantly impacting persons in a different Member State, the supervisory authority relevant for that Member State.