4. What rights do you have and how can you exercise them?

In this section we provide information about your rights related to our processing of your personal data and the cases in which you can exercise these rights. If you would like more information about your rights or to exercise them, please contact us at the email address specified in this Privacy Policy.

The Company will provide you with information on the actions taken upon receipt of your request regarding the exercise of your rights without undue delay, but no later than within 1 (one) month from the receipt of the request. Depending on the complexity of the request and the number of requests received, the aforementioned period may be extended by a further 2 (two) months. In such a case, we will inform you about such an extension and its reasons within 1 (one) month from the receipt of the request. The Company will refuse to exercise your rights only in cases provided for by legal acts.

4.1. Right of access to your personal data

We aim for you to fully understand how we use your personal data and to ensure you experience no inconvenience as a result. We primarily provide information on how we process your personal data in this Privacy Policy (right to be informed). You can contact us at any time and inquire whether we process any of your personal data. If we store or use your personal data in any way, you have the right to access it. To do this, please submit a written request to us at the email address specified in this Privacy Policy and confirm your identity (if such confirmation is required in the specific case).

4.2. Right to withdraw consent

If you have provided us with explicit consent for the processing of your data, you can withdraw it at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

4.3. Additional rights

Below we provide information about additional rights you have, which you can exercise in accordance with the procedure described below.

(a) You have the right to request that we rectify any inaccuracies in the data we hold. In such a case, we may ask you to confirm the rectified information.

(b) You have the right to request that we erase your personal data. This right is exercised in the cases provided for in Article 17 of the GDPR.

(c) You have the right to request that we restrict the processing of your personal data or not process it:

• for a period necessary to verify the accuracy of your personal data when you submit claims regarding data accuracy;

• when our collection, storage or use of your personal data is unlawful, but you decide not to request the erasure of the data;

• when we no longer need your personal data, but you require it for the establishment, exercise or defence of legal claims;

• for a period necessary to determine whether we have an overriding legal basis to continue processing your personal data if you have exercised your right to object to the processing of personal data.

(d) You have the right to data portability for data processed by automated means and which we received from you in a structured, commonly used and machine-readable format with your consent or for the purpose of concluding a contract. Upon exercising this right, at your request, we will transfer a copy of the data provided by you to you or to a data controller of your choice.

(e) You have the right to object to our use of your personal data in accordance with the procedure established in Article 21 of the GDPR. You have the right to object when your personal data is processed on the basis of legitimate interest (the basis for data processing is indicated next to each data processing purpose specified in the Privacy Policy) or for direct marketing purposes.

4.4. Right to request further information

We hope you understand that it is very difficult to discuss all possible methods of personal data collection and use. We strive to provide the clearest and most comprehensive information possible and undertake to update this Privacy Policy if the personal data use process changes. However, if you have any questions about the use of your personal data, we will be happy to answer them or provide any additional information we can disclose. If you have any specific questions or do not understand the information provided, please contact us.

5. Processing of personal data for the purpose of concluding contracts with clients and providing services

Purpose of processing: Conclusion and performance of contracts with client natural persons

Personal data:
Name, surname, contact details (telephone number, email address, address) of the client natural person, information about the services, their price, payment details (bank account number, payment method, time, etc.), date and content of correspondence, and other data obtained during the performance of the contract.

Legal basis:
Article 6(1)(b) of the GDPR (contract)

Storage period:
During the validity period of the contract

Other remarks:
We will store personal data for a longer storage period (10 years from the expiration of the contract) only when fulfilling an archiving obligation (Article 6(1)(c) of the GDPR) for archiving purposes or for the purposes of defending the Company’s rights and legitimate interests on the basis of the Company’s legitimate interest (Article 6(1)(f) of the GDPR).
Data recipients: electronic signature service providers, as well as data processors engaged by the Company providing systems to the Company intended for the processing of your personal data, and banks.
Data about your payment is obtained from the bank.
All data is necessary; without it, we will not be able to conclude or properly perform the contract.

Purpose of processing: Conclusion and performance of contracts with client legal entities

Personal data:
Name, surname, position, basis and scope of representation of employees or authorised persons, details of the representation document, email address, telephone number, content and date of correspondence.

Legal basis:
Article 6(1)(f) of the GDPR (legitimate interest)

Storage period:
During the validity period of the contract

Other remarks:
We will store personal data for a longer storage period (10 years from the expiration of the contract) only when fulfilling an archiving obligation (Article 6(1)(c) of the GDPR) for archiving purposes or for the purposes of defending the Company’s rights and legitimate interests (Article 6(1)(f) of the GDPR).
Data recipients: electronic signature service providers, as well as data processors engaged by the Company providing systems to the Company intended for the processing of your personal data, and banks.
We may obtain data directly from you, your employer or your authorising person.
All data is necessary; without it, we will not be able to conclude or properly perform the contract.

6. Processing of personal data related to debt recovery and assignment

6.2. Assignment of debt

We may decide to assign the claim to the debt to third parties in accordance with the provisions of the Civil Code of the Republic of Lithuania. Having assigned the claim to the debt, in accordance with Article 6.104 of the aforementioned code, we will be obliged to also transfer the personal data confirming the right of claim and additional rights, including the right to interest.

7. Information on the processing of personal data carried out for purposes related to the acquisition of goods or services from other persons

Purpose of processing: Conclusion and performance of contracts with supplier natural persons (contractor data)

Personal data:
Name, surname, personal code, address, business licence / individual activity certificate number of the service provider natural person (service provider), bank account number, personal data specified in the contract performance documents, email address, telephone number, content and date of correspondence.

Legal basis:
Article 6(1)(b) of the GDPR (contract)

Storage period:
During the validity period of the contract

Other remarks:
We will store personal data for a longer storage period (10 years from the expiration of the contract) only when fulfilling an archiving obligation (Article 6(1)(c) of the GDPR) for archiving purposes or for the purposes of defending the Company’s rights and legitimate interests on the basis of the Company’s legitimate interest (Article 6(1)(f) of the GDPR).
Data recipients: electronic signature service providers, as well as data processors engaged by the Company providing systems to the Company intended for the processing of your personal data, and banks.

Purpose of processing: Conclusion and performance of contracts with supplier legal entities (data of contractors and persons related to them)

Personal data:
Name, surname, position, basis of representation of the employee or authorised person, email address, telephone number, content and date of correspondence.

Legal basis:
Article 6(1)(f) of the GDPR (legitimate interest)

Storage period:
During the validity period of the contract

Other remarks:
We will store personal data for a longer storage period (10 years from the expiration of the contract) only when fulfilling an archiving obligation (Article 6(1)(c) of the GDPR) for archiving purposes or for the purposes of defending the Company’s rights and legitimate interests (Article 6(1)(f) of the GDPR).
Data recipients: electronic signature service providers, as well as data processors engaged by the Company providing systems to the Company intended for the processing of your personal data.
We may obtain data directly from you, your employer or your authorizing person.

8. Direct marketing

To persons aged 14 and over who have provided their contact details and expressed a desire to receive information about our services, activities, etc., or who are our existing clients (client exception), we will send newsletters, information about our services, events and activity news via electronic means of communication, ask for their opinion on the services provided and share other promotional material. For direct marketing purposes, we will process the following personal data of yours: name, surname, email address, represented company and inquiry.

Your data will be processed for direct marketing purposes for 3 years from the granting of consent, and if we use the client exception – for 3 years from the purchase of the service (the date of conclusion of the contract). Direct marketing messages are sent (your contact data is processed) on the basis of consent (Article 6(1)(a) of the GDPR), and when we use the client exception – on the basis of legitimate interest (to promote sales) (Article 6(1)(f) of the GDPR).

You have the right to opt out of receiving direct marketing messages or to withdraw your consent by contacting us at the email address specified in Clause 2 of the Privacy Policy or by clicking the unsubscribe link in the direct marketing message.

9. Candidate selection

We collect and process your personal data: workplace, email address, date of birth, address, education, surname, telephone number, name, desired job, date of receipt of the CV, information about your personal qualities, work experience (last workplace, length of service at the workplace, position held, other work experience), information on foreign language skills (language, reading, writing and speaking levels), computer literacy, and other information provided in the CV, recommendation and/or cover letter; desired salary, during your participation in the selection process for the purpose of conducting the job selection on the basis of your consent, which you express to the Company or its service provider by sending your CV and/or cover letter or by filling in the application form on the website. If you do not submit your CV and/or cover letter, we will not be able to assess your suitability for the proposed position.

With your consent, we will contact your current employer, and we will contact your former employer on the basis of our legitimate interest (to select a suitable candidate) and Article 5(3) of the Law on Legal Protection of Personal Data of the Republic of Lithuania in order to verify information about your qualifications, professional abilities and business qualities (for example, work results, relations with clients and/or colleagues, your performance review, etc.). On the basis of our legitimate interest (to select a suitable candidate), we will also collect information from public professional social media network profiles. You can withdraw your consent or object to us contacting your former employer at any time by notifying us at the email address specified in Clause 2 of the Policy.

In the event that you do not express your separate consent to process your personal data, after the end of the specific job selection, we undertake to erase and/or destroy your personal data within 3 working days after signing the contract with the selected candidate or making a decision to end the selection, except in cases where separate consent is given for the storage of the candidate’s personal data for a specified period. If your candidacy is not selected, but you have given consent to process your personal data for the purpose of offering a job in the future, we will store the data on the basis of your consent for 5 years from the end of the selection.

On the basis of our legitimate interest, we will process data about the person specified by the candidate (name, surname, email, telephone, information provided by the person) – a former or current employer or a person providing a recommendation, and the information provided by them – for the purpose of candidate selection. In this case, our legitimate interest is to select a suitable candidate for the sought position. We will destroy this data within 3 days after signing the contract with the selected candidate or making a decision to end the selection.

The Company also searches for candidates on the LinkedIn social network and other websites/portals intended for employee search. For the purpose of searching for candidates on the LinkedIn social network, job advertisement portals and other public sources, the Company processes the following personal data of potential candidates (persons meeting the search criteria): name, surname, other information provided in the profile of the LinkedIn social network or another search platform. Personal data is processed on the basis of the Company’s legitimate interest (Article 6(1)(f) of the GDPR). Personal data is not stored separately; selected persons are simply asked for their consent to participate in the Company’s employee selection.

We obtain data directly from you, public information sources or other iToGroup companies if you give them explicit consent for us to process your data for the purposes specified in the consent.

10. Protection of the Company’s confidential information and business continuity

In order to pursue its legitimate interest in ensuring the protection of the Company’s confidential information and the Company’s business continuity by protecting the Company’s information systems against hacking and data theft, viruses, dangerous websites, malware and copyright infringement via technical and internet access, and the computer network against heavy loads, the Company may review the correspondence of its employees with contractors and the information stored on the Company’s electronic equipment. To achieve these purposes, the Company processes the following personal data of its employees and persons who send or receive employees’ emails: email address, name and surname of the sender or recipient, date, and content of the information contained in the electronic work tools.

Data collected for the purposes of protecting confidential information and the Company’s information systems against hacking and data theft, viruses, dangerous websites, malware and copyright infringement via technical and internet access, and the computer network against heavy loads, is stored for the purpose of defending legal claims for 4 years, taking into account the provision established in Article 1.125(9) of the Civil Code of the Republic of Lithuania. When defending legal claims, data may be provided to such data recipients (data controllers) as courts, law enforcement institutions, state institutions resolving disputes, parties to the dispute, lawyers and other subjects providing legal services.

11. Defence of legitimate interests

On the basis of its legitimate interest (Article 6(1)(f) of the GDPR) to defend its rights, including in the event of civil disputes, the Company processes the names, surnames, personal codes of persons participating in the case or their employees, the circumstances of the case, other information related to the case and publicly available information.

On the basis of the Company’s legitimate interests (Article 6(1)(f) of the GDPR), it also processes any personal data specified in this Privacy Policy that is necessary for the conclusion and performance of contracts and for the defence of the Company’s rights and legitimate interests. Taking into account that the general limitation period is 10 years, personal data that we process for the purposes of concluding and performing contracts will be stored for 10 years from the expiration of the contracts.

The Company also, on the basis of legitimate interests (Article 6(1)(f) of the GDPR), processes your personal data specified in the consents for the processing of personal data and data confirming the fact of consent; personal data specified in documents implementing the rights of the data subject or by which the Company refuses to implement them, for the purposes of defending the Company’s rights and legitimate interests, and stores them for 3 years from the end of the current year in which the processing of personal data was completed and/or the rights of data subjects were implemented (or refused to be implemented).

When fulfilling an archiving obligation (Article 6(1)(c) of the GDPR), for archiving purposes, personal data processed for the purposes of defending the Company’s rights and legitimate interests is stored for 5 years from the adoption of the final decision.

When processing personal data for the discussed purpose, data recipients are: courts, law enforcement institutions, state institutions resolving disputes, parties to the dispute, lawyers and other subjects providing legal services.

12. Internal administration of the Company (implementation of shareholders’ rights)

For the purpose of internal administration (having received a shareholder’s request regarding the implementation of the right to information), the Company may transfer any personal data (which is recorded in the documents provided to the shareholder) to the shareholder. The transfer is carried out in fulfilling a legal obligation applicable to the Company (Article 6(1)(c) of the GDPR); personal data is processed only until it is transferred to the shareholder.

13. Contact us

There are several ways you can contact the Company: by telephone, email, through social network accounts, using the contact form on the website or by sending a letter to the company’s registered office address. We receive, review and provide answers to all messages ourselves or through our service providers. If you contact us, we may process the data you provide to us, i.e. email address, name, surname (if provided), username (if the inquiry is sent via a social network account), workplace (if indicated), date and time of sent and received messages, recipient, sender (when the message is addressed to you) and content.

Such data will be processed on the basis of your consent (Article 6(1)(a) of the GDPR) in order to answer your questions and examine your proposals. You can withdraw your consent at any time. If you do not provide your contact details or withdraw your consent, it will not be possible to contact you and answer your inquiries. What data is mandatory may also be indicated in the inquiry forms themselves.

Correspondence is stored for 1 year from the receipt of the message, except for information for which other storage periods are set in the Privacy Policy or legal acts.

All personal data you provide when communicating with us is used only for the purposes specified above and to review messages and administer and manage communication flows. We undertake not to use your personal data in any publications without your explicit consent in such a way that it would be possible to identify you.

Please note that we may need to contact you by post, email or telephone. Please inform us of any changes to your personal data.

14. Website, cookies

Cookies may be used on our website. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer with your consent. We use different cookies for different purposes. Cookies also help us distinguish you from other users of the website, thus ensuring a more pleasant browsing experience and allowing us to improve the website.

We may use the types of cookies described in CookieYes addon, but you can find a detailed and up-to-date list of the cookies by clicking the CookieYes icon at the bottom left icon.

Strictly necessary cookies.

These cookies are necessary for our website to function. The basis for using such cookies is Article 73(4) of the Law on Electronic Communications of the Republic of Lithuania. These cookies are essential for the operation of the website and cannot be switched off in our systems. They are usually only set in response to actions made by you on the website, such as starting to browse or setting your privacy preferences. These cookies do not store any personally identifiable information and are deleted as soon as you close the website.

Analytical and/or performance cookies.

These cookies allow us to count the number of visits to the website and monitor traffic sources so that we can improve the performance of the website. They allow us to know which pages of the website are the most and least popular and to see how visitors move around the website. For this purpose, we use ‘Google Analytics’. The collected data is not accessible to any other party. The information collected by the cookies is anonymous; it is not intended to identify you or affect your browsing experience while you visit the website. If you do not consent to the use of these cookies, you will not be included in the visit statistics. The basis for processing the data collected by these cookies is your consent.

Commercial (marketing) cookies.

These cookies, used by us and third parties, are designed to show you offers or other promotional information that might interest you. We use cookies that collect data about your browsing history and identify your areas of interest so that we can show you relevant marketing information. The basis for processing the data collected by these cookies is your consent.

LinkedIn icon plugins

LinkedIn icon plugins are used on this page.

Refusal of cookies, withdrawal of consent to use cookies

You can choose the most acceptable way for you to refuse cookies:

(a) By changing the cookie settings on the Website:

You can change your choice regarding the use of cookies and withdraw your consent at any time by clicking on this link.

(b) By changing the settings in your browser:

You can change the browser settings on your computer, tablet or smartphone at any time so that cookies are not accepted or are deleted if cookies have already been stored. The detailed instructions depend on the browser and device you are using; you can find more detailed information here:

• Internet Explorer: https://support.microsoft.com/en-us/windows/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d#ie=ie-11

• Microsoft Edge: https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09

• Mozzila Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox?redirectslug=delete-cookies-remove-info-websites-stored&redirectlocale=en-US

• Google Chrome: https://support.google.com/chrome/answer/95647?hl=en

• Opera: https://help.opera.com/en/latest/web-preferences/#cookies

• Safari: https://support.apple.com/en-us/HT201265

• Apple: https://support.apple.com/en-us/HT201265

• Android: https://turbofuture.com/cell-phones/How-to-delete-internet-cookies-on-your-Droid-or-any-Android-device

• Chrome browser Android: https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DAndroid&hl=en

IMPORTANT! Please note that rejecting all cookies may have a negative impact on the use of the Website, for example, by slowing down the internet browsing speed, restricting the operation of certain Website functions or blocking access to the Website.

15. Social media tools

Information that you provide to us via social media tools (including messages, the use of ‘Like’ and ‘Follow’ buttons, and other communication) is controlled by the social network controller.

Our Website contains links to our accounts on social media tools (hereinafter referred to as Social Accounts). We currently administer the following Social Accounts:

• The account https://www.linkedin.com/company/cargo-sign/ on LinkedIn.

We process the information contained in the Social Accounts for the purpose of administering the accounts on the basis of your consent. We do not store the information contained in the Social Accounts separately (when the data is processed for the purpose of administering the Social Accounts, however, the data may be saved if it needs to be processed for another purpose, for example, the defence of rights).

When you visit the Social Accounts, social network administrators store cookies on your device, which collect personal data. Cookies are stored both if you are a registered user of social networks and if you do not have an account on the relevant social network. We do not have access to your collected personal data and can only receive statistical information about the traffic of the Social Accounts from the social network administrators.

We recommend reading the privacy notices of third parties and contacting the service providers directly if you have any questions about how they use your personal data.

16. Provision of data to third countries

The Company does not transfer personal data outside the European Union / European Economic Area.

17. Receipt and disclosure of data

We receive your data from you, your devices, our employees, service providers and from our contract contractors.

We disclose information about you to data processors engaged by us (IT service providers, marketing service providers, group companies providing services to us, etc.).

Furthermore, we may disclose information about you:

• if we are required to do so by law or other legal act;

• to companies providing auditing and related services for the Company, and to providers of legal and financial consulting services;

• to a company providing accounting services;

• in the event of an intention to sell the Company, its business or part of its assets, by disclosing your personal data to a potential buyer of the business or part of it;

• after selling the Company’s business or a substantial part of its assets to third parties.

Except as provided for in this Privacy Policy, we do not provide your personal data to any third parties.

The list of recipients or categories of recipients specified in the Privacy Policy may change, so if you wish to be informed about changes to the recipients of your personal data, please notify us at the email address specified in this Privacy Policy, stating in the text of the letter ‘I wish to receive information about the change of recipients of my personal data, name, surname’.

18. Security of your personal data

Your personal data will be processed in compliance with the requirements established by the General Data Protection Regulation, the Law on Legal Protection of Personal Data of the Republic of Lithuania and other legal acts. When processing your personal data, we implement organisational and technical measures that ensure the protection of personal data against accidental or unlawful destruction, alteration, disclosure, as well as against any other unlawful processing.

19. Complaints

If you believe that your rights as a data subject have been and/or may be violated, please contact us immediately at the email address specified in this Privacy Policy. We ensure that upon receipt of your complaint, we will contact you within a reasonable period and inform you about the progress of the complaint investigation, and subsequently about the result.

If you are not satisfied with the results of the investigation, you will be able to submit a complaint to the supervisory authority – the State Data Protection Inspectorate: https://vdai.lrv.lt/or to the supervisory authority of another state, primarily in the Member State of your habitual residence, place of work or place of the alleged infringement.

20. Liability

You are responsible for the confidentiality of the data you provide, as well as for ensuring that the data you provide to us is accurate, correct and complete. If the data you have provided changes, you must immediately inform us of this by email. We will in no case be liable for damage caused to you because you provided incorrect or incomplete personal data or failed to inform us when it changed.