Processing Terms and Conditions (“Data Processing Terms”)

Preamble

These Data Processing Terms and Conditions represent a binding agreement (“Agreement”) between STACKFLOWS UAB, code 306108391, Jurbarko g. 2A, Kaunas, Lithuania (hereinafter “we”, “us”, “our”, “StackFlows” etc. as required by the context) and You in relation to the use of this Service. “You” (“You”, “Your”, “User” etc. as required by the context) refers to any individual who has created an account on the Service, or, if the Service is used on behalf of a subject by an individual authorized to agree to these Terms and Conditions on behalf of that subject, then “You” refers to such a subject.

StackFlows, being the Provider, shall provide the User services under the Legal Terms of Service found at www.stackflows.com (hereinafter “Provision of Services”).

This Data Processing Agreement is concluded between the Provider and the User by the User creating a user account (i.e. completing and submitting the registration form, including the checkmark for the User’s consent with the Legal Terms of Service) and the User thereby accedes to the Privacy Policy available at www.stackflows.com.

Be assured that we handle Your personal data with special care and in accordance with the applicable laws and regulations. We protect Your personal data to the maximum extent permitted by the available technologies. The company applies strict rules that define which specific employee may access Your personal data, what personal data may be processed by such an employee, and under what particular conditions the processing is permitted.

Personal Data Processing

  • The Provider shall process personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation – “GDPR”), the terms and conditions specified herein, and the Provider’s Privacy Policy.
  • The Provider shall not use the personal data for any purpose other than that of the Provision of Services. The Provider shall inform the User about any such purposes as are not foreseen in the Provision of Services.
  • The Provider shall not adopt any unilateral decisions regarding the processing of personal data for other purposes, including decisions concerning the provision of such personal data to third parties or concerning the data retention period.
  • All the personal data You provide to us is secured with standard procedures and technologies. We regularly check the system for weaknesses and prior attacks and we use such security measures as we can, to the feasible extent, to prevent unauthorized access to Your personal data and provide adequate, state-of-the-art security. The security measures used are regularly updated.
  • However, we are unable to ensure the security of Your data fully without Your help and responsible behavior. Therefore, help us ensure the security of Your data by keeping Your unique passwords and other access details regarding our services confidential and following basic security principles. Please always keep in mind that e-mails, quick chat messages, blogs and other types of communication with other users of the website are not encrypted. We therefore strongly recommend that You do not use these forms of communication to provide confidential information.

Legal Basis for Personal Data Processing

  • The processing of personal data is necessary for compliance with a legal obligation.
  • We only process the personal data You provide to use in connection with the use of our services.

Purpose of Processing

  • The purpose of processing is for the administration of the sales of services and the operation of the StackFlows.com platform.
  • The accounting records of all business cases are kept and are archived along with the primary documents.

Personal Data Processing Period

  • The personal data are stored by the Provider for only as long as it is necessary for the purpose for which they are processed, i.e. for the duration of the user account, and they are deleted upon when the account is cancelled or when the Provider ceases to exist and has no legal successor.

The Obligations of StackFlows

  • Your data are safe with us. The protection of Your data is our priority. All of our partners are bound by non-disclosure obligations and must not use the transmitted data for any purposes other than those for which we have made the data available to them.
  • The Provider shall take into account the state of the art, the implementation costs, the nature, extent, context and purpose of the processing and the varying probability and severity of the risks to the rights and freedoms of individuals to implement and adopt the adequate technical and organizational measures to ensure that the level of security corresponds to the relevant risk. Such technical and organizational security measures refer to measures aimed at protecting personal data from accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular, if the processing involves the transmission of the data via networks, and from any other unlawful forms of processing.
  • StackFlows shall ensure the personal data is:
  • processed fairly, lawfully and transparently in relation to the User;
  • collected only for specified, legitimate purposes and not further processed in a manner that is incompatible with those purposes;
  • adequate, relevant and limited to what is necessary in relation to the purpose for which the data are processed;
  • accurate and, where necessary, kept up to date.
  • In particular, the Provider ensures this level of security by:
  • the pseudonymization and encryption of personal data;
  • ensuring the ongoing integrity, availability and resilience of the processing systems and services;
  • restoring the availability of, and access to, personal data in a timely manner in the event of physical or technical incidents;
  • regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.

Notification Obligation

  • We shall notify You of any security breach and/or data leak as accurately as possible and without delay.
  • Where so required by the law and/or by the regulation, the Provider shall work with the competent authorities in this notification.
  • The notification obligation includes the obligation to communicate the fact that there has been a breach/leak, including the details regarding:
  • the (presumed) cause of the breach/leak;
  • its impact (currently known and/or expected);
  • the (proposed) solution;
  • the measures already adopted.

Rights of the Data Subjects

  • As a data subject, You have the following rights:
  • Request access to the personal data we process about You within the meaning of Articles 13, 14, and 15 of the GDPR;
  • Request rectification or erasure of Your personal data within the meaning of Articles 16 and 17 of the GDPR;
  • Request restriction of the processing of Your personal data within the meaning of Article 18 of the GDPR;
  • Object to the processing of Your personal data within the meaning of Article 21 of the GDPR;
  • Right to the portability of Your personal data within the meaning of Article 20 of the GDPR;
  • Right not to be subject to automated decision-making, including profiling, within the meaning of Article 22 of the GDPR;
  • Withdraw Your consent at any time if You have given Your consent with the processing of Your personal data;
  • Right to the communication of a personal data breach within the meaning of Article 34 of the GDPR;
  • Right to lodge a complaint with the competent supervisory authority according to Articles 13, 14, and 15 of the GDPR.

Non-disclosure and Confidentiality

  • All the personal data the Provider has obtained from the User and/or collected in connection with these Data Processing Terms are subject to non-disclosure with regard to third parties.
  • This confidentiality obligation does not apply to any cases where the disclosure of such information to a third party has been approved by the User or where there is a legal obligation to disclose such information to a third party.

How we collect your personal data

We collect information you provide directly to us when you:

  1. Fill out any forms on our website, platform and/or mobile application;
  2. Communicate with our customer support team;
  3. Contact us with via our website or by using other means of communication (e.g., via our social network accounts);
  4. Use our Services.

We may also receive your personal data from third parties. In particular:

  1. We may receive personal data from a third party which is connected to you or is dealing with us, for example, business partners, sub–contractors, service providers, merchants, etc.;
  2. We may collect personal data from banks or other financial institutions in case the personal data is received while executing payment operations;
  3. We may receive personal data from other entities that we collaborate with.

Direct marketing

In case you are our existing client (i.e. You already use our Services), we may use your e-mail address for direct marketing purposes, but only with regard to products and/or services that are similar or related to the Services, and only if you do not object to such use of your e-mail address. You are also granted with a clear, free of charge and easily realisable possibility to object or withdraw from such use of your contact details.

In other cases, we may use your personal data for the purposes of direct marketing, only if you give us your prior consent regarding such use of the data.

We provide a clear, free of charge and easily realisable possibility not to give your consent or, at any time, to withdraw your consent to receive our marketing communications. We shall state in each communication sent by e-mail that you are entitled to object to such processing of your personal data, and to refuse receiving communications from us. You shall be able to refuse receiving our marketing communications by clicking on the respective link in each marketing e-mail received from us.

How we share your personal data

We may disclose your personal data to the recipients of the following categories:

  1. Public authorities, institutions, organisations, courts and other third parties, but only upon request and only when required by applicable laws, or in cases and under procedures provided for by applicable laws, e. G. For the purposes to secure and/or defend Company’s legitimate interests;
  2. Third parties providing services to the Company including providers of legal, financial, auditing, tax, business management, personnel administration, accounting, advertising (including online advertising), direct marketing, communications, data centers, hosting, cloud and/or other services. In each case, we provide such third parties with only as much data as necessary to provide their services. Service providers engaged by us may process your personal data only in accordance with our instructions and may not use them for other purposes;
  3. Third parties for the purpose of performance of the contract concluded with you;
  4. Our affiliate companies – i.e., other companies belonging to the same group;
  5. Third parties, when the Company intends to enter into a business sale transaction and/or to perform legal and/or financial due diligence of the Company prior to such transaction;
  6. Other persons with your consent.

International data transfers

In case your personal data is transferred outside the European Economic Area (EEA), we will take necessary steps to ensure that your data is treated securely and in accordance with this Policy and we will ensure that it is protected and transferred in a manner consistent with the legal requirements applicable to the personal data. This can be done in a number of different ways, for example:

  1. The third country to which we send the personal data, a territory or one or more specified sectors within that third country, or the international organization is approved by the European Commission as having an adequate level of protection;
  2. The recipient has signed or contains in its terms of service (service agreement) the standard contractual clauses (SCC) adopted by the European Commission (for more information please see here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en);
  3. Special permission has been obtained from a supervisory authority.

We may transfer personal data to a third country by taking other measures if it ensures appropriate safeguards as indicated in the GDPR or on the basis of derogations.

How long we keep your personal data

We will keep your personal data for as long as it is needed for the purposes for which your data was collected and processed, but not longer than it is required by the applicable laws and regulations, including for the purposes to comply with any legal, regulatory, tax, accounting or reporting obligations. If the legislation of the Republic of Lithuania does not provide any applicable data retention period, it shall be determined by us, taking into account the legitimate purpose of the data retention, the legal basis and the principles of lawful processing of personal data. Personal data that is important for the contractual relationship between you and Company is normally stored for as long as the contractual relationship lasts and thereafter for a maximum period of 10 years after the relationship.

If you do not enter into a contract with us, the personal data are normally stored for a maximum of […] Months. We may retain your personal data for a longer period when:

  1. It is necessary for the Company to be able to defend itself against existing or threatened claims or to exercise its rights, or for the proper resolution of dispute, complaint or claim;
  2. There is a suspicion of illegal activity;
  3. It is required by applicable laws.

Upon expiration of the retention period, we will delete and/or reliably and irrevocably depersonalize your data as soon as possible, within a reasonable time required to perform such action.

Your rights

  1. The right to be informed. You have the right to be provided with a clear, transparent and easily understandable information about how we process your personal data.
  2. The right to access. You have the right to request from us the copy of your personal data. Where your requests are excessive, in particular if they are a repetitive, we may refuse to act on the request, or charge a reasonable fee taking into account the administrative costs for providing the information.
  3. The right to rectification. You have the right to request us to correct or update your personal data at any time, in particular if your personal data is incomplete or incorrect.
  4. The right to data portability. When a legal basis for data processing is consent or contract, you have the right to request that we transfer your data that we have collected to another organization, or directly to you, under certain conditions.
  5. The right to be forgotten. When there is no good reason for us to process your personal data anymore, you can ask us to delete your data. We will take reasonable steps to respond to your request.
  6. The right to restrict processing. You have the right to restrict the processing of your personal data in certain situations (e.g., when you want us to investigate whether that data is accurate; we no longer need your personal data, but you want us to continue holding it for you in connection with a legal claim).
  7. The right to object to processing. Under certain circumstances, you have the right to object to certain types of processing (e.g., to receive our marketing communications).
  8. The right to lodge a complaint with a supervisory authority. You have the right to lodge a complaint with a competent supervisory authority if you believe that your personal data is processed in a way that violates your rights and legitimate interests stipulated by applicable legislation. Our data processing is supervised by the State Data Protection Inspectorate of the Republic of Lithuania (address: L. Sapiegos St. 17, LT-10312 Vilnius, phone No.: +370 5 271 2804 / 279 1445, e-mail address: ada@ada.lt, for more information, visit https://vdai.lrv.lt/en/).
  9. Right to withdraw your consent. If personal data is processed on the basis of your consent, you can withdraw it at any time. Withdrawal will not affect the lawfulness of processing of your data before the withdrawal.

If you would like to exercise any of these rights, please contact us via e-mail: […].

Your request shall be fulfilled, or fulfillment of your requests shall be refused by specifying the reasons for such refusal, within 30 (thirty) calendar days from the date of submission of the request that complies with our internal rules and the GDPR. The afore-mentioned term may be extended by 60 (sixty) calendar days taking into account the complexity and number of the requests. The Company will inform you of any such extension within 30 (thirty) calendar days of receipt of the request, together with the reasons for the delay.

We may refuse to satisfy your request if the exceptions and/or limitations to the exercise of data subjects’ rights set out in the GDPR apply, and/or if your request is found to be manifestly unfounded or disproportionate. If we refuse to satisfy your request, we will give you our reasons for such refusal in writing.

How we protect your personal data

Please note that, although no system of technology is completely secure, we have implemented security measures to minimize the risk of unauthorized access to or improper use of your personal information.

We and our third-party service providers that may be engaged in the processing of personal data on our behalf (for the purposes indicated above) are contractually obligated to respect the confidentiality of the personal data.

Cookie Policy

If you access our information or Services through our website, you should be aware that we use cookies.

For more information on how to control your cookie settings and related browser settings, or how to delete Cookie from your device, please read the Cookie Policy available on our website.

Links to other websites

Our website may contain links to other websites which are not operated by the Company. When you decide to click on these links and be led to such websites, we recommend familiarizing yourself with their privacy policies or notices, cookie policies, and/or other documents. The Company assumes no responsibility for the content, policies, or practices of such third-party websites or services.

Changes to this policy

We regularly review this Policy and reserve the right to modify it at any time in accordance with applicable laws and regulations. Any changes will take effect immediately upon their publication on our website.

Please review this Policy from time to time to stay updated regarding any changes.

Contact us

You may contact us by writing an e-mail to policy@stackflows.com Or post by address Jurbarko g.2A, Kaunas, Lithuania.

Our data protection officer (DPO)

You may contact our DPO regarding all issues relating to the Company’s processing of your personal data and the exercise of your data protection rights by sending an e-mail to the address: data@stackflows.com

Last revision: May 14, 2023.