Privacy policy
1. GENERAL INFORMATION
1.1. UAB Epicus IT, corporate code 304459986, head office address – Italu str. 32B, LT-13282 Vilnius, Lithuania, (hereinafter – Data Controller), by this privacy policy (hereinafter – the Privacy Policy) establishes the terms and conditions for personal data processing at the company managed by the Data Controller, when using the software application Einpix and when using the website https://einpix.com (hereinafter – Website). The terms and conditions established in the Privacy Policy shall apply each time when the website is visited, regardless of the device (computer, mobile phone, tablet, TV, etc.) you use.
1.2. You must read the Privacy Policy carefully, because each time when you use the software application Einpix or visit the Data Controller’s Website, you agree with the terms and conditions described in this Privacy Policy.
1.3. By submitting his (her) personal data (including data provided directly or indirectly when visiting the Website and using the software application Einpix and other services), the Data Subject agrees and does not object to their control and processing by the Data Controller for the purposes and according to the procedure specified in this Privacy Policy and the Data Subject’s consent and provided for by legal acts.
1.4. Persons younger than 16 years may not submit any personal data through the software application Einpix and the Website of the Data Controller. If you are a person younger than 16, before submitting personal information you must obtain the consent of your parents or other lawful guardians.
1.5. The Data Controller shall collect personal data following requirements of applicable legal acts of the European Union and the Republic of Lithuania, as well as for instructions of controlling authorities. All reasonable technical and administrative measures shall be applied to protect data collected on Data Subjects against loss, unauthorized use, or alterations.
1.6. This Privacy Policy has been drawn up in compliance with Regulation (EU) 2016/679 of the European Parliament and the Council (of 27 April 2016) on the protection of natural persons concerning the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EB (hereinafter – the General Data Protection Regulation), the Law of the Republic of Lithuania on Legal Protection of Personal Data, other legal acts of the European Union and the Republic of Lithuania. The terms used in the Privacy Policy shall be understood as they are defined in the General Data Protection Regulation and the Law of the Republic of Lithuania on the Legal Protection of Personal Data.
2. DEFINITIONS
Personal data – any information relating to an identified or identifiable natural person (‘Data subject’); an identifiable natural person can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, religious, economic, cultural or social identity of that natural person.
Representative – a person representing Clients, the Data Controller’s Partners, Service providers, and both natural and legal persons.
Applicant – a person who shows interest in the EINPIX software administrated by the Data Controller or wishes to contact the Data Controller on other matters.
Data Subject – for this Privacy Policy – the Representative, Applicant, Client, Candidate, Partner, Service Provider, Persons calling by phone, or any other natural person whose personal data are processed by the Data Controller.
Data Subject’s consent – any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Einpix software – the Einpix solution downloaded by Users enabling the recording, creating, and managing of visual tasks and other individual elements of the content according to functionality and rights granted to individual Users.
Einpix software user – a natural person who has a User account in Einpix software and is the Client’s employee or a person to whom the Client issues an additional license to use the Einpix software based on the agreement with the Client.
Candidate – a person participating or intending to participate in staff selection carried out by the Data Controller.
Client – a person who concludes the agreement (including online) with the Data Controller for the use (purchase) of the EINPIX software.
Partner – a natural or legal person cooperating with the Data Controller or concluding a cooperation agreement with the Data Controller (e.g., on IT tool development).
Service Provider – a natural or legal person who can offer or offers goods, services, or works to the Data Controller and who cooperates with the Data Controller or has concluded an agreement with the latter on the sale of goods, services, or works.
The person calling by phone – a person who calls at the published contact phone number regarding the use (purchase) of the EINPIX software administrated by the Data Controller and(or) other matters.
Direct marketing – activities aimed at offering to persons the goods or services by post, phone, or directly and/or at obtaining their opinion regarding the offered goods or services.
Personal data processing – any operation or set of operations that are performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Venue – the place where the tasks allocated to Einpix users have to be performed.
3. WHAT INFORMATION DO WE COLLECT ABOUT YOU
3.1. The information directly provided by you.
3.2. The information about how you use our Website:
- If you visit our Website, we also collect information that discloses the specifics of the use of the services provided by us or automatically generated statistics on visits. More information is provided in the ‘Cookies Policy’.
3.3. Web push notifications:
- We provide notifications about the new tasks and updates to the existing tasks' information via web push notifications.
- To benefit from this free service, operated with our push provider WonderPush (https://www.wonderpush.com/), you must first subscribe by clicking on an authorization request controlled by your browser and/or your device when you visit or install Einpix software. The notifications may include the name and surname of the task assignor and assignee.
- The related data that we store and process to operate this service and send you relevant messages is anonymized and kept on WonderPush servers for a maximum of 90 days and never shared with third parties. We do not store any recognizable data, neither IP address about you or your device in connection with the push notification service.
- You can stop receiving our web push notifications at any time by unsubscribing.
- Here is how to manage your web push subscription and delete associated data: https://docs.wonderpush.com/docs/manage-your-data-and-unsubscribe-from-web-push-notifications
3.4. Information from sources of third parties:
- We can obtain information about you from public and commercial sources (to the extent permitted by applicable legal acts) and link it with other information that we receive from or about you. In addition, we can obtain information about you from third-party social network services when you connect to them, e.g. through Facebook network accounts.
3.5. Other information collected by us:
- We can also collect other information about you, your device, or your use of our website’s content with your consent.
3.6. You may decide not to provide us with certain information; however, in such a case, you may be denied access to the service offered by us.
4. PERSONAL DATA PROCESSING FOR THE PURPOSE OF USE OF EINPIX SOFTWARE AND PROVISION OF ITS MAINTENANCE SERVICES
4.1. Processing of personal data of Clients (Representatives) and other users of Einpix software. The Data Controller shall process the following personal data of Clients (Representatives) and other users of Einpix software (collected only when Einpix software is used – active app):
- Forename.
- Surname.
- Represented person (connection with the represented person).
- Position.
- Workplace.
- Phone number.
- E-mail address.
- Date and time of Einpix software use.
- Location data of a device with Einpix software (if switched on by the Client – Licensee).
- Other information on the software use and maintenance services.
4.2. Data are obtained directly from Clients when performing the agreement concluded with the Client and/or from other third parties connected with the Data Subject.
4.3. We undertake not to transfer your personal data to any unrelated parties, except for the following cases:
- Having obtained the Client’s consent for personal data disclosure.
- The data subject data - Einpix User data, collected when the Einpix Software is used, is available to the Licensee holder – Client of Einpix - for the period of use of Einpix software, as described in Paragraph 64, for use of Einpix software, time tracking (if such option is switched on) and task performance of Einpix users.
- In implementing the legitimate interests of the Data Controller (e.g., in the case of debt collection).
- Disclosure of the data to authorized bodies (e.g., STI, SODRA) according to the procedure established by legal acts.
4.4. Gathering and use of your location data:
- Gathering of location data shall be performed only if the Licensee switches on this function and the user expressly agrees with location data collection.
- Check-in to the closest venue allows you to sort Venues by distance closest to your location and suggests check-in at the closest venue when you open the app while being near it. This functionality only uses your location when the app is open and active. Your location is never stored or transferred anywhere.
- The Einpix time tracking module allows you to track work time. Your location will be collected, stored, and sent to the server only when you have started tracking time - as long as the timer is running, your location will be collected even when the app is closed or not in use.
4.5. This data will be used for:
- Real-time location use. Your real-time location will be visible on the map.
- Task route use. When you track time your positions and movement route will be stored on a mobile app and sent to the server.
- Track task time within the venue location. For some tasks, you might be limited to tracking the time only while you are physically within the allowed venue location. At this time no location data will be sent to the server.
4.6. Please note that if you are not tracking time, none of your locations will be used.
4.7. The Data Controller may transfer personal data of Clients and other Data Subjects to Data Processors not specified in this Policy who provide services (carry out works) to the Data Controller and process personal data of Clients and Data Subjects on behalf of the Data Controller (e.g., companies providing accounting services). Data Processors may process personal data only according to the Data Controller’s instructions and only to the extent necessary for the proper fulfillment of contractual obligations. If the Data Controller involves data processors, the Data Controller shall take all necessary measures to ensure that the data processors have in place appropriate organizational and technical security measures and maintain the secrecy of personal data.
4.8. Personal data processed based on the Data Subject’s consent expressed when submitting personal data, and/or performance of the agreement concluded with the Data Subject (Article 6(1) (a) and (b) of the General Data Protection Regulation).
5. PERSONAL DATA PROCESSING FOR THE PURPOSES OF CONSULTATION OR FULFILMENT OF A QUERY
5.1. Processing of personal data of Applicants, including Persons calling the Data Controller phone, for consultation, submission of a query, and/or for other purposes. The Data Controller shall process the following personal data of Applicants, including Persons calling by phone:
- Forename.
- Surname.
- Phone number.
- E-mail address.
- Position.
- Workplace.
5.2. Personal data of Applicants shall not be communicated to third parties.
5.3. Personal data for consultation and submission of a query shall be processed based on consent expressed when submitting personal data (Article 6(1)(a) of the General Data Protection Regulation).
6. PERSONAL DATA PROCESSING TO PERFORM AGREEMENTS WITH PARTNERS, SERVICE PROVIDERS
6.1. When cooperating with Partners and Service Providers the Data Controller shall process the following personal data of natural persons or Representatives:
- Forename.
- Surname.
- Personal ID number.
- Address.
- Data of the document supporting activities (the individual activity certificate number, date of issue, etc.).
- In the case of e-commerce – data of a payment order.
- Power of attorney.
- Authorization term.
- Represented person (connection with the represented person).
- Position.
- Workplace.
- Phone number.
- E-mail address.
- Other information is provided during the cooperation or performance of the contract.
6.2. Data obtained directly from natural persons, Representatives, and/or represented persons.
6.3. We undertake not to transfer your personal data to any unrelated third parties, except in the following cases:
- Having obtained the Client’s consent for personal data disclosure.
- In implementing our, as the Data Controller’s, obligations (e.g., the data may be transferred to (courier), logistics companies providing services of delivery of goods, companies providing postal, archiving, audit, legal, financial services, service providers, and/or parties related with national, European and international payment systems, e.g., SWIFT).
- In implementing the legitimate interests of the Data Controller (e.g., in the case of debt collection).
- Disclosure of the data to authorized bodies (e.g., STI, SODRA) according to the procedure established by legal acts).
6.4. The Data Controller may transfer personal data of natural persons, or Representatives to Data Processors not specified in this Policy who provide services (carry out works) to the Data Controller and process personal data of natural persons, Representatives on behalf of the Data Controller (e.g., companies providing accounting services)).
6.5. Processing of personal data in performing agreements with Service Providers and Suppliers shall be carried out based on the performance of the agreement and/or of the legitimate interest of the Data Controller (Article 6(1)(b) and (f) of the General Data Protection Regulation).
7. PERSONAL DATA PROCESSING FOR THE PURPOSE OF DIRECT MARKETING
7.1. The Data Controller seeks to share with recipients of newsletters only relevant news and other useful information in observance of this Privacy Policy.
7.2. The following personal data of Clients and other Data Subjects may be processed for direct marketing:
- Forename.
- Surname.
- E-mail address.
7.3. Having sent a newsletter, the Data Controller may collect statistics on the Data Subject’s behavior related to the use and content of the newsletter (e.g., whether the newsletter was read, what links were opened by the Data Subject).
7.4. The Data Subject’s e-mail address may be used for providing advertising on Facebook, Google, and other advertising platforms, adapting the advertising to the targeted audience.
7.5. Personal data obtained directly from Data Subjects. The Data Controller may transfer Personal data only to third parties who provide specialized services to send e-messages and adapt the type of advertising ordered through advertising platforms.
7.6. Personal data of Clients and other Data Subjects processed based on consent expressed when submitting personal data and agreeing with their processing for direct marketing or based on the Data Controller’s legitimate interest (Article 6(1)(b) and (f) of the General Data Protection Regulation and Article 69(2) of the Law of the Republic of Lithuania on Electronic Communications when personal data are processed based on the Data Controller’s legitimate interest).
7.7. Please be informed that the Data Subject shall have the right to disagree or to withdraw the consent to process his (her) personal data for direct marketing purposes at any time without specifying the motives of the disagreement, notified by e-mail: support@einpix.com.
7.8. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
8. PERSONAL DATA PROCESSING FOR THE PURPOSES OF SELECTION OF CANDIDATES FOR JOB VACANCIES
8.1. For staff selection purposes the Data Controller shall process personal data voluntarily provided by the Candidate to the extent to which such personal data were provided. The Data Controller may process the below-specified data of Candidates:
- Forename.
- Surname.
- Date of birth.
- Phone number.
- E-mail address.
- Residence address.
- Education.
- Workplace.
- Completed courses.
- Language skills.
- Computer skills.
- Person’s photo (only if it is submitted by the Candidate with his (her) CV; the Data Controller shall not require the submission of the photo).
- Recommendations.
- Other data voluntarily submitted by the Candidate specified in his (her) CV or other presented documents.
8.2. Data obtained directly from Candidates and/or third parties providing job search, selection, and/or intermediation services (e.g., employment agencies, job search online portals, career social networks (e.g., LinkedIn), etc.). These data shall not be transferred to third parties.
8.3. Data of Candidates shall be processed based on consent declared when submitting personal data and/or based on the Candidate’s request before the conclusion of the contract (Article 6(1)(b) and (b) of the General Data Protection Regulation).
9. WHAT WE DO TO PROTECT YOUR INFORMATION
9.1. Personal data shall be protected against loss, unauthorized use, and changes. We have implemented organizational and technical measures to protect all information collected by us for the provision of services. Please be reminded that despite appropriate actions taken by us to protect your information, no website, online transaction, computer system or wireless communication is completely secure.
9.2. The Data Controller shall apply different periods of storage of Personal Data in observance of requirements of legal acts and according to personal data processing purposes.
9.3. Personal data storage period:
Personal data processing purpose |
Period of storage |
Processing of Data Subjects’ personal data for consultation, the fulfillment of a query |
1 (one) year from the day of the consultation, fulfillment of the query, except where the Data Subject applies for the provision of the Data Controller’s services. In such a case, the general time limit of 10 (ten) years shall apply. |
Processing of personal data of Clients |
The term of validity of the agreement and 10 (ten) years after its expiration. |
Personal data of Einpix software users to the extent related to the use of Einpix software (except for GPS data) |
The period during which the User’s account is active and 30 (thirty) days after cancellation of the user account. Later the data shall be depersonalized (anonymized). |
GPS data of Einpix software users (if switched on by the Client – Licensee) |
3 months. Later the data shall be depersonalized (anonymized). |
Web push notifications about new tasks and updates to the existing tasks, which may include the assignor or assignee's name and surname
|
90 days
|
Processing of personal data of natural persons, Representatives for the performance of agreements with Partners, Service Providers |
The term of validity of the agreement and 10 (ten) years after its expiration. |
Processing of personal data of Data Subjects for direct marketing purposes |
5 (five) years from the day on which the consent is given unless the Data Subject requests the extension of this time limit. When the Data Subject’s personal data are processed for the direct marketing purpose based on consent or legitimate interest of the Data Controller, the Data Controller shall stop processing the Data Subject’s personal data for the direct marketing purpose (shall immediately destroy them) as soon as the Data Subject objects the processing of personal data for such purpose. |
Processing of personal data of Candidates for staff selection purposes |
6 (six) months after the end of staff selection. For longer retention of Candidates’ CVs and other data, the Candidate’s consent shall be required |
9.4. Exemptions from the periods of storage may be applied to the extent they do not infringe the rights of Data Subjects and comply with legal requirements.
9.5. On the expiration of the established time limits, unless they have been extended, the data shall be destroyed in a manner that prevents them from being recovered.
10. YOUR RIGHTS
10.1. The Data Subject whose data are processed in the Data Controller’s activities shall have the following rights:
- The right to know (be informed) about the processing of his (her) data.
- Right, to access own data and know how they are processed.
- Right to rectification of personal data or to supplement incomplete personal data having regard to the purposes of their processing.
- Right to erasure (‘right to be forgotten), i.e., to stop actions of processing of own data (except for storage).
- Right to restriction of processing of personal data under a valid reason.
- Right to data portability, where the Data Subject has provided his (her) personal data to the Data Controller in a structured, commonly used, and machine-readable format.
- Right to object to the processing of personal data when they are processed or intended to be processed for direct marketing purposes including profiling to the extent related to such direct marketing.
- Right to complain with the State Data Protection Inspectorate of the Republic of Lithuania.
10.2. The Data Subject shall have the right to submit to the Data Controller in writing any request or order concerning the processing of personal data in one of the following ways: deliver directly to the address: UAB Epicus IT, Italu str. 12A-1, Vilnius; by post: UAB Epicus IT, Italu str. 12A-1, Vilnius; by e-mail: support@einpix.com.
10.3. Having received such a request or order the Data Controller shall, not later than within one month from the date of request, submit the answer and carry out or refuse to carry out the actions specified in the request. Where appropriate, the specified time limit may be extended for two more months, considering the complexity and number of requests. In such case, the Data Controller shall notify the Data Subject about such extension within one month from the date of request, also specifying the reasons for the refusal.
10.4. The Data Controller may refuse to enable data subjects to implement the above-specified rights, except for disagreement with personal data processing for direct marketing purposes when in the cases established by laws it is necessary to ensure the prevention, investigation, and identification of crimes, infringements of business or professional ethics, and the protection of rights and freedoms of the Data Subject or other persons.
11. THIRD-PARTY WEBSITES, SERVICES, AND PRODUCTS ON OUR WEBSITE
11.1. The Data Controller’s Website may contain advertising banners of third parties, links to their websites, and services that are not controlled by the Data Controller, e.g., a link to the Data Controller’s Facebook profile. The Data Controller shall not be responsible for the safety and privacy of the information collected by third parties. You must read the privacy provisions applicable to third-party websites and services that you use.
11.2. If you provide your personal data using Facebook, we understand that you give your consent to us to get in touch with you by the specified contact phone number or e-mail and to submit the offers of services.
12. FINAL PROVISIONS
12.1. Supplements or amendments to the Privacy Policy shall enter into force from the day of their publication on the Website.
12.2. When the Data Subject uses the Website and services provided by the Data Controller after supplementing or amending the Privacy Policy, it shall be considered that the Data Subject does not object to such supplements and/or amendments.
CONTACT US
If you have any questions concerning the information provided in this Privacy Policy, you are kindly invited to get in touch with us in any manner convenient for you:
E-mail: support@einpix.com
Post: UAB “Epicus IT", Italu str. 12A-1, LT-13282 Vilnius, Lithuania