Privacy Policy for UAB AFServices
Effective Date: 2024-10-14
Under applicable data protection laws, we are obligated to inform individuals about their personal data processing. This Privacy Policy explains how UAB AFServices (“we” or “AFServices”) collects, uses, and protects personal data in accordance with the General Data Protection Regulation No. 2016/679 (“GDPR”) and/or other applicable statutory regulations.
This Privacy Policy covers the information UAB AFServices collects about you when you use our services or otherwise interact with us (for example, by attending our premises or events or by communicating with us), unless a different policy is displayed. We offer a range of services, and we refer to all of our services and our website as “Services” in this policy.
Definitions
- Agreement – Service agreement, Terms of Service, and all schedules, order forms, and addenda specifically referenced therein, concluded by UAB AFServices and Client.
- Client – A contracting entity identified in the Agreement.
- Data Controller – Natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
- Personal Data – Any information relating to an identified or identifiable natural person. Within the context of this Privacy Policy, “Personal Data” is synonymous with “Personally Identifiable Information” (PII).
- Services – Any and all services provided by UAB AFServices in accordance with, and as defined in, the Agreement.
Data Controller
UAB AFServices is the Data Controller in respect of personal data described in this Privacy Policy unless specified otherwise. Our contact details are:
UAB AFServices
Legal Entity Number: 304416230
Address: Juozo Balčikonio g. 3-8, LT-08247 Vilnius
Email: admin@afservices.net
What Personal Data Do We Collect and Why?
Purpose | Type of Data | Legal Basis | Retention Period |
Provision of AFServices services. UAB AFServices acts as a Data Processor. | We collect the following data: Client data: sales data for the respective period; product name, quantities, codes, amounts, categories, etc.; VAT codes available to the client; sales invoice numbers; names and contact details of representatives of the client (e.g., employees); other personal data required in terms of the specific legal regulations stated in local legislation. End-user data: For B2B: name and VAT code of the organization; For B2C: delivery location details. | The processing of this data is necessary to fulfill our contractual obligations while providing our services (Article 6(1)(b) of the GDPR). | We retain this data as long as it is necessary for the proper provision of services in accordance with the Agreement. We may continue to retain some information even after this time if required by applicable laws or justified interests (e.g., retention for asserting claims). |
Compliance with regulatory requirements (KYC/AML procedures). UAB AFServices acts as a Data Controller. | We collect the following UBO (Ultimate Beneficial Owner) and company’s director data: Name, Surname, Gender;Date of birth; Personal code or other identification number; Country, date of issuance and validity of the document, type and number of personal document; Citizenship (if indicated); Picture of a person and picture of personal document; IP address; Address (if indicated); Processing of biometric data: a photograph of a person’s face and a photograph contained in an identity document are compared using automated means and it is established, if it is the same person. Biometric data is not recorded and stored. The result of the comparison between the photo of the person and the photo of the person in the identity document (expressed in points of coincidence) is stored;Utility bill or another document, which includes the address of a person;Information, if sanctions to the person are applied, if person is politically exposed person, if there is negative media information about the person, if a person is listed by financial and other regulatory authorities, disciplinary bodies and anti-corruption agencies. Please note, that personal data listed above may be collected from a variety of sources. Sometimes directly from you, but also through the company or organization for who you are working or affiliated with, for example as an UBO. If your company or organization transfers your personal data to us, we expect your business or organization to inform you about this. | Public interest (Article 6(1)(e) of the GDPR) for implementing measures for money laundering and terrorist financing (Law on the Prevention of Money Laundering and Terrorist Financing of Republic of Lithuania). | We retain this data for 8 years from the date of termination of transactions or business relationships with the client. Data retention period may be extended for up to 2 years upon a reasoned instruction of a competent authority (Art. 9(1), 19(10) and (14) of the Law on the Prevention of Money Laundering and Terrorist Financing of Republic of Lithuania) |
To handle questions, requests, and complaints submitted by you. UAB AFServices acts as a Data Controller. | We collect all data along with any communication and messages you send to us (including the time they were received/submitted). | We have a legitimate interest to respond to submitted questions and requests in accordance with Article 6(1)(f) of the GDPR. | If Personal Data is part of your query, this data is deleted once your query is closed. Other data (not Personal Data) is retained for 5 years after your query is closed. We may continue to retain some information, even after this time if we are required to do so in order to comply with applicable laws or on the basis of justified interests (e.g., retention for asserting claims). |
Direct marketing communication. UAB AFServices acts as a Data Controller. | We collect your email address. | The processing of this data is based on your consent (Article 6(1)(a) of the GDPR) or Opt-Out as per Art. 81(2) of the Law on Electronic Communications of the Republic of Lithuania For others: the processing of this data is based on your consent (Article 6(1)(a) of the GDPR). | We retain this data for as long as your consent is valid but not longer than for 5 years. |
To improve our website, ensure its performance, increase security, and adapt content. UAB AFServices acts as a Data Controller. | When you visit our website, we collect the following data automatically: IP address, operating system, user ID, and other information about your activities on our and other websites. We collect and store this information as part of log entries or through the use of cookies. Please refer to our Cookie Policy for more details about cookies. | Personal data collected via cookies is processed on the basis of our legitimate interest (Article 6(1)(f) of the GDPR) while cookies are set on your device only with your consent (Article 6(1)(a) of the GDPR). | Please refer to our Cookie Policy for details about retention periods for cookies. |
To select a suitable candidate for an open job vacancy. UAB AFServices acts as a Data Controller. | We collect Candidate’s first name, last name, email address and (or) telephone number, information about the Candidate’s work experience (job title, duration of work, job positions, responsibilities and/or achievements), information about the Candidate’s education and qualifications, information on proficiency on languages and other competences required for an open job vacancy, a summary of the interview with the Candidate (including the results, feedback and insights from the interviewer), other information provided by the Candidate voluntarily in his/her CV, cover letter or other application documents (e. g. recommendations, references, etc.) which will be processed in the same manner as personal data of the candidate that has been collected by us. Special categories of personal data (e.g., health-related information, information about criminal records) may only be collected if necessary for a specific job position and only to the extent necessary and permitted by the applicable law. We may also collect personal data relating to the Candidate’s qualifications, professional abilities and personal qualities from one’s former employer, after informing the Candidate in advance, and from one’s current employer only with the consent of the Candidate. | We have a legitimate interest to select the best possible candidate (Article 6(1)(f) of the GDPR). | We retain this personal data for 6 months after the end of the selection process. |
To reach out to candidates with future job opportunities. UAB AFServices acts as a Data Controller. | We collect Candidate’s CV along with a summary of the interview with the Candidate (including the results, feedback and insights from the interviewer). | The processing of this data is based on the candidate’s consent (Article 6(1)(a) of the GDPR). | We retain this personal data for 3 years from the moment of giving consent. |
Dispute resolution and cooperation with law enforcement. UAB AFServices acts as a Data Controller. | All information provided, documents, court rulings, and related data. | We process this data based on our legitimate interest to defend our rights in legal proceedings (Article 6(1)(f) of the GDPR). We also process this data so we could assert, exercise, or defend legal claims (Article 9(2)(f) of the GDPR). | This processing continues during legal proceedings and up to 10 years after their conclusion. |
Who Do We Disclose Your Personal Data To Within and Outside the EEA?
Where necessary, we may transfer and/or otherwise disclose your personal data to law enforcement authorities, regulatory bodies, courts, and other authorized governmental bodies.
To ensure the proper provision of our services, we may also disclose personal data to third parties involved in processing activities, including:
- KYC compliance platform service provider
- Workplace collaboration and productivity tools provider
- Customer service software provider
- Ecommerce, email marketing, and SMS platform provider
- Other partners and external service providers (e.g., software, IT infrastructure maintenance, cloud service providers, web hosting and web support, servers rent and maintenance, electronic communications, archiving, etc.).
For all of these service providers, we will only provide as much data as is necessary to perform a particular service.
We may transfer your personal data outside the EEA but only based on appropriate safeguards and compliance measures to ensure an adequate level of protection. This may include the use of Standard Contractual Clauses (SCCs) or other safeguards as allowed by applicable laws. Please reach out to us at admin@afservices.net for more information about your personal data transfers outside of the EEA.
Please note! When you communicate with us via social networks, you should review their applicable data protection terms and conditions.
How Do We Protect Your Personal Data?
We implement organizational and technical measures to ensure that personal data is protected against accidental or unlawful destruction, alteration, disclosure, and any other unlawful processing.
Your Rights
Under the GDPR, you have the following rights:
- Know about the processing of your personal data (Articles 12-14 of the GDPR).
- Access your personal data being processed (Article 15 of the GDPR).
- Request correction of inaccurate personal data (Article 16 of the GDPR).
- Request deletion of personal data (“the right to be forgotten”) (Article 17 of the GDPR).
- Restrict data processing (Article 18 of the GDPR).
- Transfer your personal data when the processing is based on consent or contract and the data is processed by automated means (Article 20 of the GDPR).
- Object to processing for reasons specific to your case (Article 21 of the GDPR).
If you believe we are unlawfully processing your personal data, you have the right to file a complaint with the competent Data Protection Authority or make a claim against us with a competent court.
Contact details for the State Data Protection Inspectorate in Lithuania:
L. Sapiegos Street 17, 10312 Vilnius
Phone: (8 5) 271 2804, 279 1445
Email: ada@ada.lt
You can exercise your rights over your data by contacting us at admin@afservices.net.
Contact Us
If you have any questions about this Privacy Policy or your personal data processing, please contact us by email at admin@afservices.net.