Polityka prywatności
Effective starting: 27.05.2022
1.GENERAL PROVISIONS
- We care about your privacy and the security of your personal data (“Personal Data”), so we have developed this privacy policy (the “Privacy Policy”), which explains how we process and protect your Personal Data, what your rights we ensure, and provides other information about the processing of your Personal Data.
- In this Privacy Policy, the term “Personal Data” means any information or set of information by which we may directly or indirectly identify you, such as your name, email address, telephone number, etc.
- We process Personal Data in accordance with the provisions of the General Data Protection Regulation No. 2016/679 (EU) (the “GDPR”) and the requirements of the legal acts of the Republic of Lithuania, as well as the instructions of the authorities.
- The Privacy Policy applies when you use our tools and resources, available at https://app.omnisend.com (the „Platform“), you request and use information, services or functionalities available on the Platform (the „Services“), you act as a marketing agency, freelancer or affiliate partner and use specific services accessible via the partner portal (the „Partners Portal“) (the „Partners Portal Services“), visit our website, available at https://www.omnisend.com/, and our blog available at https://blog.omnisend.com/ (jointly the „Website“), subscribe for our newsletters or visit our social network accounts on LinkedIn, Facebook, Twitter, Instagram and YouTube (the „Social Accounts“), contact us by e-mail, phone, other electronic communication means, apply for a job, etc.
- We may use specific software to register certain customers or partners (e.g. we may use affiliate management software for registering and managing our Affiliate partners). We want to inform you that our customers or partners will be made aware that we use such platforms upon registration and that such platforms have separate privacy policies.
- In this Privacy Policy a representative of the legal person, which registers to the Platform, Partners Portal, uses the Partners Portal Services or Services shall be called a “Customer”. Persons using the Website, Social Accounts, or contacting us shall be referred to as “you” (this definition also applies to the Customer when the specific Section of the Privacy Policy applies to both the Customer and other Data Subjects).
- The Platform, Partners Portal, Website and Social Accounts may contain links to external websites, such as our partner websites, websites promoting our Services. When you follow links to any of these websites, please note that these sites and the services accessed through them have their own separate privacy policies and that we assume no responsibility or liability for this policy or for the collection of Personal Data on these sites. Before submitting Personal Data there or using related services, it is important to review their privacy policy.
- If you use the Services, Partners Portal Services, Platform, Partners Portal, Website or Social Accounts, subscribe to our newsletters, or contact or address us on any other issues, we assume that you have read and agreed to the terms of this Privacy Policy and the purposes, methods, and procedures for the use of your Personal Data specified therein. If you do not agree with the Privacy Policy, you may not use our Services or otherwise interact with us.
- Capitalized definitions that are not specifically defined in this Privacy Policy shall have the meanings set out in the Omnisend Terms and Conditions (the “Terms”), other documentation available at the Platform and Website and the GDPR.
- This Privacy Policy is subject to change, so please visit the Website from time to time and read the latest version of the Privacy Policy.
2.WHO ARE WE?
- We are Omnisend and we act as a group of private limited liability companies, in most cases acting as joint Controllers of your Personal Data (the “Omnisend”, “Company” or “we”). This Privacy Policy applies to all the legal entities (the “Affiliates”) listed below:
Name of the Company | UAB Omnisend | |||
Legal entity code: | 302530363 | |||
Address: | Verkių g. 25C-1, LT-08223 Vilnius, Republic of Lithuania. | |||
Contact details | E-mail: info@omnisend.com
| |||
Contacts of the DPO. | E-mail:info@omnisend.com Address: Verkių g. 25C-1, LT-08223 Vilnius, Republic of Lithuania |
- We act as a Personal Data Controller in offering and providing Services, Partners Portal Services, Platform and the Partners Portal, managing the Website and Social Accounts, performing the Companies’ day-to-day operations, complying with legal requirements, etc.
- When we receive and process Personal Data on behalf of our Customers that use our Services and the Platform, we conduct such processing only in accordance with the terms set forth in the Data Processing Agreement (the “DPA”) concluded between us and the Customer. In such scenario we act as a Personal Data Processor for our Customers as it is stipulated in Article 28 of GDPR.
- We also offer various integrations, i.e. technical solutions, such as plug-ins, that allow you to integrate our Services on other platforms (e.g. eCommerce platforms, social networks, etc). These integrations help you to analyze the flow of your customers (by providing anonymized statistical data), etc. You can see a list of integrations we offer here. For more information on how providers of those integrations processes Personal Data please see their own privacy policies.
- When offering Partners Portal Services, we act as a Sub-Processor of Personal Data and we only subprocess Personal Data on behalf of the Customer solely according to the agreement signed between Omnisend and the delegating Customer who uses Partners Portal Services, for example, to help its clients to perform marketing campaigns and manage their accounts on the Platform. In such a scenario, again, we only process Personal Data on behalf of our Customer and strictly according to the DPA signed between us and such Customer. Our representatives, who are bound by a confidentiality agreement, may also log into such Partners Portal Services account to help them with the issues they face while using Partners Portal Services, adjust their account settings, etc. We assure you that such logins wouldn’t be performed without prior notice or regularly.
3.WHAT PERSONAL DATA DO WE PROCESS?
- We process your Personal Data obtained in the following ways:
3.1 When you provide Personal Data to us, for example, when you register to and use the Platform, Partners Portal, Services, Partners Portal Services, contact us, subscribe to our newsletter, apply for a job position offered by us, etc.;
3.2 When we collect your Personal Data when you use our Services, Partners Portal Services, Platform, Partners Portal, Website, Social Accounts, such as usage history, your IP address, cookies, preferences, open URL links, etc.;
3.3 When we receive Personal Data from other parties, for example, when we receive information from public registers, state or local government institutions or bodies, our partners, other third parties, such as payment institutions, about payments made, etc.;
3.4 When your Personal Data, with your consent, is provided to us by other persons, including companies using our Services, for example, when such companies indicate your contacts, refer to you as an authorized person, etc.
- We process Personal Data to offer and provide Services, Partners Portal Services, Platform and Partners Portal, to fulfil our contractual obligations, as well as pursuing our or third parties’ legitimate interest, in compliance with legal regulations or obligations.
- The person providing Personal Data to us is responsible for the correctness, completeness, and relevance of such Personal Data, as well as for the consent of the person whose data is provided to submit his/her Personal Data to us. We may ask you to confirm that the person has the right to provide us with Personal Data (for example, by filling in service order or registration forms). If necessary (e. g. a person inquires to us about receiving their Personal Data), we will indicate the provider of such Personal Data.
- We process your Personal Data for the following purposes and under the following conditions:
Purpose of the processing of Personal Data | Personal Data being processed | Personal Data processing period | Legal basis for the processing of Personal Data |
Registration to and use of the Platform, user identification, provision of the Services. | Name, surname, email, phone number, username, password, used email or marketing automation software, platform used for online store, workplace and job information, position, relationship with the represented legal entity, billing name and address, Services and account usage history and data, marketing campaigns data, content associated with Services and account information about the Services ordered and used and changes therein. | During the period of use of the account and 5 years after the last login to the account. Where the Personal data is processed based on consent during the validity term of the consent and in case of revocation of the consent – until the expiry of the consent. | Data processing is necessary for the conclusion and performance of the contract (Article 6(1)(b) GDPR). Consent of the data subject to the processing of such data (Article 6(1)(a) GDPR). Legitimate interests of the data controller or a third party (Article 6(1)(f) GDPR). |
Agency/freelancer registration to and use of the Partners Portal Services, identification, provision of the Partners Portal Services. | Name, surname, email, phone number, username, password, workplace and job information, partner client’s data , location data, Partners Portal Services and account usage history, marketing campaigns data, content associated with Services and account, other information about the Partner. | During the period of use of the account and 5 years after the last login to the account. Where the Personal data is processed based on consent during the validity term of the consent and in case of revocation of the consent – until the expiry of the consent. | Data processing is necessary for the conclusion and performance of the contract (Article 6(1)(b) GDPR). Consent of the data subject to the processing of such data (Article 6(1)(a) GDPR). Legitimate interests of the data controller or a third party (Article 6(1)(f) GDPR). |
Affiliate partner registration to and use of the affiliate management software, identification of the Affiliate partner, , maintenance of the business relations and communication with the Affiliate partner | Name, surname, email, phone number, username, password, workplace and job information, position, relationship with the represented legal entity, self-employment certificate data, payments data, billing name and address, affiliate link sharing data, affiliate link analytical data, marketing campaigns data, content associated with account. | During the period of use of the account and 5 years after the last login to the account. Where the Personal data is processed based on consent during the validity term of the consent and in case of revocation of the consent – until the expiry of the consent. | Data processing is necessary for the conclusion and performance of the contract (Article 6(1)(b) GDPR). Consent of the data subject to the processing of such data (Article 6(1)(a) GDPR). Legitimate interests of the data controller or a third party (Article 6(1)(f) GDPR). |
Services, Partners Portal Services quality management and services related communication. | Name, surname, email, phone number, username, password, workplace and job information, position, relationship with the represented legal entity, subscribed Services or Partners Portal Services, information needed to address quality issues, content of the request and response to the request. | During the administration of the question and 5 years after the end of the administration of the question or the last contact. | Consent of the data subject to the processing of such data (Article 6(1)(a) GDPR). Legitimate interests of the data controller or a third party (Article 6(1)(f) GDPR). |
Conclusion and execution of contracts necessary for the Omnisend’s activities, other internal management. | Name, surname, phone number, e-mail, workplace and job information, position, relationship with the represented legal entity, self-employment certificate data, other data required for cooperation. | During the period of provision of Services/cooperation and 5 years after the end of provision of Services/cooperation unless a longer storage period is mandatory in accordance with the Index of General Document Storage Periods approved by order No. V-100 of the Chief Archivist of the Republic of Lithuania of 9 March 2011. | Data processing is necessary for the conclusion and performance of the contract (Article 6(1)(b) GDPR). Legitimate interests of the data controller or a third party (Article 6(1)(f) GDPR). |
Execution of financial operations, accounting, debt management. | Name, surname, e-mail, phone number, address, workplace and job information, position, relationship with the represented legal entity, account number, credit institution, payment information, debt information, data transferred by the company collecting the contributions and confirmations of payments. | According to the regulatory legal acts, as well as in accordance with the Index of General Document Storage Periods approved by order No. V-100 of the Chief Archivist of the Republic of Lithuania of 9 March 2011. When the data does not fall within the above-mentioned storage area – the period of validity of the contract/cooperation between the parties and 10 years after the end of the contract/relationship (last contact). | Data processing is necessary for the conclusion and performance of the contract (Article 6(1)(b) GDPR). Data processing is necessary to fulfill a legal obligation imposed on the data controller (Article 6(1)(c) GDPR). Legitimate interests of the data controller or a third party (Article 6(1)(f) GDPR). |
Evaluation and selection of candidates for the offered job. | Name, surname, e-mail, phone number, address, education and activity data, content of the CV, other information required for the selection/evaluation of the candidate or provided by the candidate. | During the recruitment campaign period and 3 months after the selection if the candidate’s consent to the retention of data after the selection has been obtained. When data are received not for a specific recruitment campaign, they shall be stored for 3 months after the date of their receipt. | Consent of the data subject to the processing of such data (Article 6(1)(a) GDPR). Legitimate interests of the data controller or a third party (Article 6(1)(f) GDPR). |
Management of electronic information channels (Platform, Partners Portal, Social Accounts, Website), ensuring functionality and security and improving quality. | IP address, data collected with the help of cookies and settings, browser used, date and time of login, mobile device model and manufacturer, mobile device operating system (iOS, Android), password usage information. Data collected through the integration of Social Accounts. | Website, Platform and Partners Portal data are stored as described in the section of this Privacy Policy “How Do We Use Analytical Data, Cookies and Other Tracking Technologies”. Website, Platform and Partners Portal data that is not included in the cookie information is stored for a maximum of 1 year from the date of collection, unless the person revokes his/her consent (when the data are processed on the basis of consent. Information in Social Accounts is stored according to the conditions set by the owner of this network. | Consent of the data subject to the processing of such data (Article 6(1)(a) GDPR); Legitimate interests of the data controller or a third party (Article 6(1)(f) GDPR). |
Sending news, conducting surveys, direct marketing, advertising campaigns. | Name, e-mail address, phone number, the data requested in the survey announcement/questionnaire, marketing, advertising campaign analytics. | Data are processed for 5 years from the receipt of consent. | Consent of the data subject to the processing of such data (Article 6(1)(a) GDPR). Legitimate interests of the data controller or a third party (Article 6(1)(f) GDPR). |
Settlement of out-of-court or judicial disputes and claims. | Name, surname, workplace address, workplace and job information, position, relationship with the represented legal entity, phone number, e-mail, the content of the claim or other similar document, information/documents related to the dispute/claim. | The entire period of the dispute/claim and 3 years after the end of the out-of-court dispute/claim resolution and 10 years after the end of judicial proceedings. | Data processing is necessary to fulfill a legal obligation imposed on the data controller (Article 6(1)(c) GDPR). Legitimate interests of the data controller or a third party (Article 6(1)(f) GDPR). |
Platform, Services, Partners Portal and Partners Portal Services personalization and quality assurance, protection of our IP and other rights. | Name, surname, email, phone number, username, password, workplace and job information, position, relationship with the represented legal entity, Platform, Partners Portal, Partners Portal Services and Services usage data. | Data are stored for a maximum of 1 year from the date of collection. | Legitimate interests of the data controller or a third party (Article 6(1)(f) GDPR). |
You have the right to refuse or withdraw your consent to the processing of your Personal Data at any time when these are processed based on your consent.
- In Social Accounts we can share information about ourselves, our content, events, news, surveys, as well information about the employees we are looking for. Social accounts users are also subject to the privacy policies of the social networks owners. When you contact us on Social Accounts, depending on the privacy settings you choose, we may see certain user account information such as profile first name, surname, image, sex, e-mail address, location, etc. (the list is not exhaustive). If a user posts information by communicating with us on our Social Accounts (e. g. posts a comment in the comments section of our Social Account or posts a message on our Social Account profile), depending on the privacy settings chosen, the posted information may be made public (for example, visible on our Social Account to other users).
- In some cases, we may send messages related to the ordering or provision of our Services or Partners Platform Services through the contact data provided by you, for example, to inform you about the confirmation of the order, the expiration date of the ordered Services, temporary or permanent changes to the Services, including, but not limited to, planned outages, new features offered, version updates, point releases, major releases, abuse warnings, and changes to our Terms, Privacy Policy and other documents and agreements. Such communications are necessary for the proper provision of our contractual obligations and Services and are not considered marketing communications.
- You have the right to change and update your information provided to us by changing it on the Platform or by contacting us. In some cases, we need to have accurate and up-to-date information about you, so we may ask you to periodically confirm that the information we have about you is correct.
- We assure you that Omnisend does not share, sell, rent, or trade any Personal Data with third parties for their marketing or commercial purposes.
- We use Stripe as a payment intermediary service to receive payments and to manage credit card processing. Stripe is not permitted to store, retain, or use billing Information except for the sole purpose of credit card processing on our behalf. For more information about the processing of your payment data, please refer to the privacy policy of the Stripe.
- When providing our Services or Partners Portal Services, we may, in certain cases, apply automated data decision-making, for example to clarify your needs and compliance with the requirements. Automated decision-making refers to the processing of Personal Data using, for example, a software code or algorithm that does not require human intervention. We regularly review the criteria and models used in automated decision-making to ensure their integrity, efficiency, and impartiality. We do not use profiling-based automated decision-making processes that may have legal consequences or similarly have a significant impact on the rights or freedoms of Data Subjects. Nevertheless, you have the right to request human intervention to express your opinion or object to the results of an automated decision-making, in which case your situation will be assessed by our specialist.
- To protect children’s rights, we do not knowingly collect any Personal Data from Data Subjects under the age of eighteen (18) that can be used to specifically identify them, and we do not permit Data Subjects under the age of eighteen (18) to use any of Omnisend’s Services. If you believe we might have any information from or about underage children, please contact us at privacy@omnisend.com.
We may, in certain cases, process Personal Data longer than indicated in this Privacy Policy, e. g. when we are required to do so by law, when we are engaged in litigation, arbitration, pre-trial investigation, etc. The Company assures that in such cases your Personal Data will be deleted immediately as soon as it becomes unnecessary for such purposes.
4.HOW DO WE USE YOUR PERSONAL DATA AND WHAT PRINCIPLES DO WE KEEP?
- We collect and process only such Personal Data as it is necessary to achieve the Personal Data processing purposes we have specified.
- When processing your Personal Data:
4.1. We comply with the requirements of current and applicable legislation, including the GDPR;
4.2. We process your Personal Data in a lawful, fair, and transparent manner;
4.3. We collect your Personal Data for specified, clearly defined and legitimate purposes and do not process them in a way incompatible with those purposes, except to the extent permitted by law;
4.4. We take all reasonable steps to ensure that Personal Data that is inaccurate or incomplete, in accordance with the purposes for which they are processed, would be rectified, supplemented, suspended, or destroyed without delay;
4.5. We hold them in such a form that your identity can be established for no longer than is necessary for the purposes for which the Personal Data are processed;
4.6. We do not provide Personal Data to third parties or disclose them, other than as set forth in the Privacy Policy or applicable law;
4.7. We ensure that your Personal Data is processed securely, we ensure technical and organizational security measures, as well as we provide access to Personal Data only to those of our employees who need such access due to their work functions.
5.TO WHOM AND WHEN DO WE TRANSFER YOUR PERSONAL DATA?
- We will only transfer your Personal Data as described in this Privacy Policy.
- We may transfer your Personal Data to:
5.1. Our business partners, suppliers, sub-contractors, or agents who perform services for it, or consultants such as auditors, lawyers, tax advisors, analytics and search engine providers that assist us in the improvement and optimization of the Platform, etc., as well as the Personal Data Processors we use, such as ancillary service providers, IT companies, advertising and marketing companies, accounting companies, etc. We require data processors to store, process and treat Personal Data as responsibly as we do and only in accordance with our instructions. The list of our partners and data processors is provided to you on demand (you shall ask for this list separately, via the contacts provided in this Privacy Policy). We have such partners and data processors:
5.1.1. State or local government institutions and authorities, law enforcement and pre-trial investigation institutions, courts and other dispute resolution institutions, other persons performing functions assigned by law, in accordance with the procedure provided for by legislation of the Republic of Lithuania. We provide these entities with mandatory information required by law or specified by the entities themselves.
5.2. Other third parties, such as payment institutions, etc.
5.3. If necessary, to companies that intend to buy or would buy the Company’s business or would conduct joint activities with us or would cooperate in another form.
5.4. To Affiliates with whom we are under common corporate control. In case such Affiliate is established outside the EEA we will conduct such Personal Data transfer only following conditions set out in the subsections 5.4.1. – 5.4.5. of the Privacy Policy (e. g. will sign EU Standard Contractual Clauses approved by the European Commission for the transfer of data outside the EEA with such Affiliate).
- We normally process Personal Data within the EEA, but in some cases your Personal Data may be transferred outside the EEA. The Company will always take steps to ensure any transfer of such information to entities based outside the EEA is carefully managed to protect your rights and interests by implementing appropriate safeguards to protect Personal Data.
- Your Personal Data will only be transferred outside the EEA under the following conditions:
5.1. EU Standard Contractual Clauses approved by the European Commission, which ensure the security of transfers of your Personal Data, have been signed with such partners. We use and have incorporated European Commission approved Standard Contractual Clauses into our DPA.
5.2. The Commission of the European Union has decided on the eligibility of the country in which our partner is established, i.e., an adequate level of security is ensured;
5.3. You have given your consent to the transfer of your Personal Data outside the EEA; or
5.4. A special permit of the State Data Protection Inspectorate of the Republic of Lithuania was obtained to carry out such transfer.
6.WHAT RIGHTS DO YOU HAVE?
- As a data subject, you have the following rights regarding your Personal Data
6.1. To know (to be informed) about the processing of your Personal Data (right to know);
6.2. To access your Personal Data and the way they are processed (right of access);
6.3. To request the correction or, depending on the purposes of the processing of Personal Data, supplementation of incomplete Personal Data (right to rectification);
6.4. To request the erasure of your Personal Data or the suspension of your Personal Data processing activities (excluding storage) (right to erase and right to “be forgotten”);
6.5.To request us to restrict the processing of Personal Data for one of the legitimate reasons (right to restrict);
6.6.The right to transfer data (right to transfer). This right may be exercised only if there are grounds for its exercise and appropriate technical measures to ensure that the transfer of the requested Personal Data does not pose a risk of security breach to the data of other Data Subjects;
6.7.The right to object the processing of your Personal Data when we process Personal Data based on a legitimate interest of the Company or a third party, including profiling. If you object, we will only be able to further process your Personal Data for compelling legitimate reasons that take precedence over your interests, rights, and freedoms, or to make, enforce or defend legal claims;
6.8.Revoke your consent to the processing of your Personal Data when this data are processed or intended to be processed for direct marketing purposes, including profiling as far as such direct marketing is concerned (based on the Personal Data you provide, profiling may be carried out for direct marketing purposes to offer you individually tailored solutions and proposals. You can revoke your consent to the processing of Personal Data by automated processing, including profiling, or object to it at any time).
- If you do not want your Personal Data to be processed for direct marketing purposes, for the purposes of direct marketing, competitions, the organization of surveys, including profiling, you can refuse such processing without giving reasons for refusal (disagreement), by writing an e-mail to security@omnisend.com, or in another way specified in the message provided to you (for example, by clicking on the link in the newsletter).
- We may refuse to exercise your rights listed above, except for refusal to process your Personal Data for direct marketing purposes, competitions or in other cases when Personal Data is processed with your consent, when your request is allowed to us not to comply with the provision of the GDPR, or when, in cases provided for by law, it is necessary to ensure the prevention, investigation and detection of crimes, violations of official or professional ethics, as well as the protection of the rights and freedoms of the Data Subject, us and other persons.
- You can exercise part of your rights as a Data Subject by changing the user account settings in the Platform or Partners Portal and the information contained therein. You may submit any request or instruction related to the processing of Personal Data to us in writing by e-mail privacy@omnisend.com. When submitting such a request, we may ask you to fill in the necessary forms, as well as provide an identification document or other information that will help us to verify your identity, to better understand the content of your request. Upon request by e-mail, depending on its content, we may ask you to come to us or submit a written request.
- Upon receipt of your request or instruction regarding the processing of Personal Data, no later than within 1 month from the date of the request, we will provide a response and perform the actions specified in the request or inform you why we refuse to perform them. If necessary, the specified period may be extended by a further 2 months, considering the complexity and number of requests. In such a case, within 1 month from the date of receipt of the request, we will inform you of such extension.
- If Personal Data is deleted upon your request, we will only store copies of information that are necessary to protect our legitimate interests and those of others, to comply with the obligations of state institutions, to resolve disputes, to recognize interference or to comply with any agreements you have entered with us.
7.WILL WE SEND YOU NEWS?
- With your consent, we may use your Personal Data for direct marketing purposes to provide you with newsletters, offers and information about our Services, as well as to inquire about the quality of our Services.
- The above content can be sent by e-mail, messages to the phone number specified by you, as well as messages in your account in the Platform or Partners Portal. Your contacts may be transferred to our partners who provide us with news sending or quality assessment services.
- After sending such content, we can collect information about the people who received it, for example, which message people opened, what links they clicked on, etc. Such information is collected to offer you relevant and more tailored news and content.
- Even if you have given your consent to the processing of Personal Data for direct marketing purposes, you can easily withdraw this consent for all or part of the Personal Data processing activities at any time. To do this, you can:
7.1. notify us of your withdrawal in the manner specified in the provided message (e. g. by clicking on the “unsubscribe” link in the newsletter, etc.); or
7.2. send us a notification to the e-mail address specified in this Privacy Policy. If you so request withdrawal of consent, we may ask you to verify your identity.
- If you withdraw your consent, we will try to stop sending such content to you immediately.
- Withdrawal of consent does not automatically oblige us to destroy your Personal Data or provide you with information about the Personal Data processed by us, therefore, for these actions you should submit a separate request.
- To show you more relevant personalized advertising, our advertising partners use various mobile and online cookies. Personalized advertising will only be shown to you with your consent. Advertising personalization cookies are used to measure a group, activate contextual advertising, and/or target campaigns. If you are authorized to use cookies, a user profile with an alias will be generated, but it will not be possible to identify the person. We do not control these third-party monitoring technologies and their use. Third-party cookies are governed by the privacy policies of third parties. You can opt out of personalized cookies by changing your browser settings or by other means that are listed in Section 9 of the Privacy Policy.
8.HOW WE PROTECT YOUR PERSONAL DATA?
- Your Personal Data are processed responsibly, securely and are protected from loss, unauthorized use, and alteration. We have put in place physical and technical measures to protect the information we collect from an accidental or unlawful destruction, damage, alteration, loss, disclosure, as well as from any other unlawful processing. Security measures for Personal Data shall be determined considering the risks arising from the processing of Personal Data.
- Our employees are under a written obligation not to disclose or distribute your Personal Data to third parties, unauthorized persons.
- We will strive not to store outdated and irrelevant Personal Data, therefore, when updated (e. g. after adjusting or changing information in your account, etc.), the only relevant information is stored. Historical information is stored, if necessary, following the law or during our business activities.
9.HOW WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
- Cookies are a small text file that stores information (often consisting only of a sequence of numbers and letters that identifies the device but may also contain other information) that is used in the browser of the device (computer, tablet, mobile phone, etc.) (e. g. Google Chrome, Internet Explorer, Firefox, Mozilla, Opera, etc.) according to its settings and stored on the device’s hard drive. In our Privacy Policy, we use the term „cookies” to describe cookies and other similar technologies, such as Pixel Tags, Web Beacons, Network Data Collectors. The use of cookies ensures better and more efficient operation of the Platform, Partners Portal, and the Website.
- We use cookies to analyze information flows and user behavior, promote trust and ensure security, as well as to ensure the proper functioning of the Platform, Partners Portal, and the Website, improve it, remember your chosen settings to personalize the content displayed to you, link the Website, Platform and Partners Portal to Social Accounts.
- You can choose whether you want to accept cookies. If you do not agree to cookies being stored in the browser or memory of your device, you can mark it in the cookie consent bar, change the settings of the browser you are using, and disable cookies (all at once or one at a time, or in groups) or follow the official instructions for the device. Please note that in some cases, the refusal of cookies may slow down browsing speed, limit the functioning of certain functions of the Platform, Partners Portal or the Website, or block access to the afore-mentioned channels. Further information on the refusal of cookies can be found at the www.AllAboutCookies.org or https://www.google.com/privacy_ads.html.
- We may use mandatory cookies that are necessary for the operation of the Platform, Partners Portal and the Website, analytical cookies, functional cookies, which are intended to analyze the visitors of the Platform, Partners Portal, and the Website, memorize users’ preferences, and apply them to the Platform, Partners Portal or Website, performance cookies, third-party cookies used by third parties, advertising cookies, which are intended to show you personalized and general advertising.
- We use these Google Inc. tools:
9.1. Google Analytics – which allows you to analyze the use of the Platform, Partners Portal or Website, compile reports, plan and predict the activity of the Platform, Partners Portal or Website. Data collected by Google Analytics is typically stored on a Google Inc. server in the U.S. You can change your browser settings to prevent Google Analytics from analyzing information by changing your browser settings. In this case, you will be entered with an opt-out cookie. However, if you delete all cookies, the opt-out cookie may also be deleted. You can also prevent Google from capturing data created by a cookie based on your use of the Platform or the Website and from processing such data by downloading and installing a browser plug-in from https://tools.google.com/dlpage/gaoptout?hl=en.
9.2. Google Ads – which allows you to evaluate the use of the Platform, Partners Portal, and the Website in relation to the advertisements displayed, to draw up reports. All this information is anonymous. Data collected by Google Ads is typically stored on a Google server in the U.S. If you don’t want to receive tailor-made advertising and/or want to opt out of Google Inc. cookies, you can turn off Google Inc. advertising settings at the https://www.google.com/settings/ads by changing your settings as needed. In this case, an opt-out cookie may be entered for you. However, if you delete all cookies, the opt-out cookie may also be deleted.
9.3. Google Remarketing – allows users to re-receive ads on Google partner network sites. If you don’t want to receive tailor-made advertising and/or want to opt out of Google Inc. cookies, you can turn off Google Inc. advertising settings at the https://www.google.com/settings/ads by changing your settings as needed. In this case, an opt-out cookie may be entered for you. However, if you delete all cookies, the opt-out cookie may also be deleted.
Cookies used by us can be found here: https://www.omnisend.com/cookies/
10.HOW DO WE PROCESS PERSONAL DATA WHEN WE ACT AS A DATA PROCESSOR
- We act as Data Processor when we provide Services to our Customers (in this case we process their Lists, receive their campaign’s analytical data, etc.). We receive this Personal Data directly from a Customer or collect it during the provision of the Services and process it to properly provide our Services. Data are processed when we administer the Platform, solve tasks related to the proper functioning of the Platform and similar.
- The Personal Data processed by us as a Personal Data Processor may, among others, include identification and contact data (name, surname, phone, e-mail, username), data received during the provision of Services (IP address, correspondence, campaign’s analytical data).
- We process Personal Data for no longer than the duration of the agreement between us and the Customer to provide Services unless such data should be processed for a longer period to prove the proper provision of Services.
- We ensure that data trusted to us by the Customers remain private and confidential. We, however, may scan the content of your campaigns to ensure it complies with the Terms and applicable laws. We need to perform such actions to create blacklists, to develop and test algorithms, heuristics and other methods and tools for detecting violations and to apply those methods and tools to the Services. We will not sell, rent, loan, or invite external access to any data trusted to us. We also undertake not to use the Personal Data trusted to us for any other purposes than those specified in the DPA.
- Acting as a Data Processor, we undertake to:
10.1. To process Personal Data in accordance with the DPA and only to the extent necessary for the performance of agreement and the provision of Services under it;
10.2. Immediately inform Customer if we are unable to process Personal Data for any reason;
10.3. Entrust the processing of Personal Data only to authorized persons who have assumed the duty of confidentiality to the extent necessary;
10.4. Upon receipt of a request from the Data Subject, the supervisory authority or any other person to provide the processed Personal Data, transmit such request to the Customer;
10.5. Not to use Personal Data for purposes other than the performance of agreement and DPA, take measures to prevent accidental or unlawful destruction, alteration, disclosure of Personal Data, as well as any other unlawful processing;
10.6. Apply appropriate technical and organizational security measures to protect Personal Data in accordance with the GDPR;
10.7. Taking into account the nature of the Personal Data provided, the manner in which it is provided, to enable the Customer to access, correct, delete, restrict and transfer the Personal Data processed by us;
10.8. considering the nature of the processing of Personal Data, the way it is provided, and the technical and organizational measures applied, at the request of the Customer, to assist:
10.8.1. To fulfil the Customer’s obligation to respond to requests to exercise the rights of the Data Subject to the extent that such rights are applied taking into account the Services provided and the conditions for the processing of Personal Data;
10.8.2. To fulfil specific obligations applicable to the Customer under the GDPR or other laws regulating the protection of Personal Data, such as reporting a Personal Data breach, providing information in the context of a data protection impact assessment and prior consultations.
- If, because of an instruction or request submitted by the Customer, we incur additional costs not provided for in agreement between us and the Customer, we will immediately inform the Customer and we may suspend the processing of Personal Data (except storage) until the issue of compensation of additional costs is resolved.
- If we notice Personal Data breaches (actions or omissions that may cause or threaten the security of Personal Data), we will immediately inform the Customer in writing, providing the information required by the GDPR.
- At the Customer’s request, we will provide the information necessary to prove compliance with the applicable Personal Data processing obligations, as well as allow the Customer to perform audits and inspections on our activities while processing data on Customer’s behalf and cooperate in their performance.
- We allow the Customer to carry out a verification related to the processing of Personal Data, which is obligated to be carried out by the supervisory authority in accordance with the Personal Data protection legislation. Verification may be carried out only to the extent defined by law and, in any event, the confidentiality of the information obtained during the inspection must be ensured, unless the law requires such information to be made public. We may ask the Customer to reimburse reasonable costs incurred because of such verification.
- Where the processing of Personal Data is not necessary for the performance of our obligations under the agreement or the DPA, or when the contractual relationship between us and the Customer expires, we will destroy or return all Personal Data processed on behalf of the Customer and delete copies of this data, unless otherwise provided for in the applicable laws.
- Liabilities of the Customer:
10.1. The Customer ensures that the Personal Data submitted to us for processing is collected and processed lawfully, for legitimate purposes and on the grounds, and the Customer has all necessary consents and the right to transfer Personal Data. The Customer undertakes to properly inform Data Subjects about the processing and transfer of their Personal Data to us. The Customer shall be liable for all damages suffered by Data Subjects due to improper processing of Personal Data by the Customer;
10.2. We do not individually verify the lawfulness of the transfer of such data. If any person indicates that Personal Data transferred to us is collected or processed unlawfully, we will immediately suspend the processing of such Personal Data until the Customer denies these circumstances. The Customer bears all the costs and negative consequences associated with such denial, including delays in the supply of Services. We will not be liable for such consequences;
10.3. The Customer undertakes to provide the necessary and lawful instructions regarding the processing of Personal Data in a timely and proper manner, as well as all information and documents necessary for the processing of Personal Data. Instructions are provided in writing, including by email or by filling in our prepared forms.
You can learn more about how we process Personal Data when we act as a Data Processor in the DPA.
11.CONTACT US
- If you have any questions regarding the information provided in this Privacy Policy, please contact us by:
Email: privacy@omnisend.com; - If you wish to submit a complaint regarding our processing of Personal Data, please provide it to us in writing, giving as much information as possible. We will cooperate with you and try to resolve all issues immediately.
- If you believe that your rights have been violated in accordance with the GDPR, you can lodge a complaint with our supervisory authority – the State Data Protection Inspectorate of the Republic of Lithuania, you can find more information and contact details on the website of the inspectorate (https://vdai.lrv.lt/). We strive to resolve all disputes expeditiously and peacefully, so first of all we invite you to contact us.
- All disputes and disagreements arising between us and our Customer while we act as Personal Data Processors or Sub-Processors shall be settled by negotiation between us. If no agreement is reached within 30 days from the date of receipt of the written notification of the disputed issue, disputes and disagreements shall be settled in the courts of the Republic of Lithuania, in accordance with the law of the Republic of Lithuania. In the event of disagreement between us and the Customer, the guilty party shall indemnify the other party for the direct losses it has suffered. Our liability in all cases shall be limited to the amount payable by the Customer for 1 month of the Services unless liability cannot be limited in accordance with the requirements of applicable law. Loss of Personal Data is considered an indirect loss.
12.FINAL PROVISIONS
- We may change this Privacy Policy. We will notify you of the changes by placing an updated Privacy Policy on the Website, or by other common means of communication. Additions or changes to the Privacy Policy shall take effect from the date of renewal specified in the Privacy Policy unless another effective date is specified.
- If you continue to use the Platform, Partners Portal, the Services, visit the Website, contact us, etc. it is deemed that you have accepted the amended terms of the Privacy Policy.