Privacy Policy

Revision: 20 September 2024

1. General provisions

This document (hereinafter referred to as the “Privacy Policy”) outlines the main principles established by AVAD Baltic UAB (data are collected at the Register of Legal Entities of the Republic of Lithuania, legal entity code 301060619, with a registered office at Raudondvario Pl. 131B, LT-47191 Kaunas, Lithuania; email: info@avad.lt) (hereinafter referred to as the “Company”) regarding the collection, processing, and storage of your (hereinafter referred to as the “Customer”) Personal Data on the website www.smartcare.lt.

The purpose of this Privacy Policy is to secure and protect the Customer’s Personal Data against unauthorised use.

The Company shall process Personal Data in accordance with the provisions of the General Data Protection Regulation, the Republic of Lithuania Law on Legal Protection of Personal Data, the Republic of Lithuania Law on Electronic Communications, and other directly applicable legal acts regulating personal data protection, as well as with the instructions and recommendations of competent authorities.

2. Privacy Policy terms

Personal Data refers to any information relating to a natural person (data subject) whose identity is known or can be established directly or indirectly by means of relevant data.

Customer refers to any individual who orders, purchases, or uses our Services, expresses an intention to use or otherwise uses the Company’s services, intends to purchase or is buying the Company’s products, or is otherwise associated with the services or products provided by the Company.

Processing means any operation on Personal Data (including the collection, recording, storage, modification, granting of access, submission of requests, transmission, etc.).

Login Data includes the Internet Protocol (IP) address, the Internet Service Provider (ISP) used to connect the device to the internet, browser type and version, time zone settings, browser plugin type and version, operating system and platform, connection location, font encryption, the full Uniform Resource Locator (URL) address, and the products viewed by the Customer.

Regulation means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data, the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

3. Principles of Personal Data processing

In its operations, the Company shall follow the following main principles of Personal Data processing:

– Personal Data are collected for defined and legitimate purposes

– Personal Data are processed accurately and fairly

– The processing of Personal Data is lawful only in the following cases:

(a) The Personal Data subject provides consent, such as for receiving promotional information

(b) A contract is concluded or implemented, whereby one of the parties is the Personal Data subject

(d) The processing of Personal Data is necessary for the legitimate interests pursued by the Company or a third party to whom the data is provided, provided that the interests of the data subject are not overridden

– Personal Data are constantly updated

– Personal Data are stored for no longer than what the data processing objectives require

– Personal Data are processed only by employees who have the appropriate authorisation

– All information about the processing of Personal Data is confidential

4. Types of information collected

Depending on the nature of the products and services offered, the Company may collect the following Customer information:

– Basic Customer information: name, surname, personal identification number, address, a copy of an identity document (if provided), telephone number, and email address

– Information about the products/services purchased by the Customer: details regarding the selected or provided services and their duration of use, information related to the quality of the products or services, information about returns, after-sales service, and data assessing the Customer’s insolvency risk

– Information on payments for products/services: details of invoices provided to the Customer, information on payments made by the Customer or by others, and details regarding debt management (including the transfer of data to third parties)

– Information regarding the Customer’s consent for direct marketing: details about the Customer’s consent or non-consent to receive promotional information (such as news, program offers, promotions, etc.), participation in opinion surveys, the use of the Customer’s data, the sharing of their data with third parties, and consent for assessing insolvency risk

– Communication and customer service information: browsing data from the Company’s websites and self-service portals (collected through cookies and similar technologies), recordings of telephone conversations with the Company’s representatives, and correspondence with the Company (via self-service, email, custom applications, etc.)

– Other data: information about prize winners, survey participants, and newsletter subscribers

5. Purposes of data processing

The Company uses the collected data to provide its services/products; assist the Customer; send notifications, offers, and information about promotions; protect its rights and interests as well as those of third parties; and comply with the applicable laws.

Purposes of information processing:

– Conclusion and performance of the contract (provision of products/services), quality assurance, customer service, and the provision of information. Failure to provide Personal Data will result in the inability to enter into the Contract and fulfil the obligations under it

– Direct marketing and providing general information about new products and services (unless the Customer has opted out of these communications)

– Accounting

– Fulfilment of legal obligations, including debt management and debt collection

– To administer and improve the Company’s website, maintain its security, and ensure that content is delivered to the Customer’s device in the most effective way

– Fulfilment of statutory obligations

– Other purposes for which the Company is authorised to process the Customer’s Personal Data, including instances where the Customer has provided consent, where processing is necessary for the Company’s legitimate interests, or where the Company is required to process the data under applicable laws We may also process Personal Data for other purposes if we have obtained the data subject’s consent or if we are authorised to process the data based on legitimate interest.

6. Methods of data collection

We collect information about the Customer in the following ways:

– When the Customer provides information to the Company directly (e.g., by completing the Company’s applications, contracts, and/or other documents—either through our partners, on our website, electronically, by submitting inquiries, by post, by email, by telephone, by live video chat, or through other means of communication)

– Through information received about the Customer from third parties with whom we collaborate (e.g., partners, public authorities, etc.)

7. Duration of processing

The Company shall process Personal Data only for the period necessary to achieve the purposes outlined in this Privacy Policy, taking into account the nature of the goods and services provided to Customers and the contracts concluded with them, unless a longer retention period for Personal Data and related documents is mandated or permitted by applicable regulations, such as mandatory document retention periods, statutes of limitations, etc.

8. Transfer of data

For the purposes outlined in the Privacy Policy, the Company may transfer the Customer’s data to the following recipients:

– Data processors refers to those who provide services and process data on behalf of the Company and in its interests (e.g., IT service providers, auditors, consultants, etc.). Data processors shall process the Customer’s Personal Data only in accordance with the explicit instructions provided to them and are obligated to ensure adequate protection and confidentiality of, as well as implement organisational and technical measures that meet the security requirements for the Personal Data received from the Company for processing, as specified in the contracts between the Company and data processing subcontractors.

– Entities involved in managing the database of debts and debtors. The data shall be provided only to the extent and under the conditions allowed by law.

– Entities entitled to receive information in accordance with legal requirements (e.g., courts, state and municipal authorities, etc.) but only to the extent necessary for the proper enforcement of applicable law.

– Companies of the ACME Group, which the Company is part of, when necessary to ensure the proper provision of services.

– Other third parties based on any other lawful basis or with the Customer’s consent, which may be obtained on a case-by-case basis.

The data processors to whom the Company transfers the Customer’s Personal Data may be located outside the Republic of Lithuania, the European Union, or the European Economic Area. The transfer of data to such processors is permitted only by law and only if appropriate safeguards and measures are implemented to ensure the protection of the Customer’s privacy.

9. What rights does the Customer have?

The Customer has the following rights:

– To contact us to discuss any questions they may have regarding the Company’s processing of Personal Data

– To obtain confirmation from the Company regarding whether Personal Data relating to them is being processed, and if such Personal Data is being processed, the Customer may request access to the processed Personal Data and related information

– To receive Personal Data provided by them that is processed based on their consent or for the performance of a contract, either in writing or in a commonly used electronic format, and, where feasible, to request the transfer of such data to another service provider

– To request the rectification of their Personal Data, if it is inaccurate, or to complete any incomplete data

– To request the deletion of their Personal Data as a Customer of the Company, which is processed based on the Customer’s consent, if the Customer withdraws that consent. This right shall not apply if the Customer’s Personal Data requested for erasure is also being processed on another legal basis, such as processing necessary for the performance of a contract or to fulfil an obligation under an applicable law

– To request the restriction of the processing of their Personal Data, for example, during the period in which the Company analyses whether the Customer has the right to request the erasure of their Personal Data and whether it is practicable to fulfil it

– To object to the processing of their Personal Data for the legitimate interests of the Company or third parties when the processing is based on legitimate interests, as well as when the Personal Data is processed for direct marketing purposes, including profiling for such purposes

– Not to agree to be subject to a fully automated decision, including profiling if such decision-making has legal consequences or a similar significant impact on the Customer. This right shall not apply when such decision-making is necessary for entering into or performing a contract with the Customer, permitted under applicable law, or the Customer has expressly consented to it

– To withdraw their consent to the processing of Personal Data

The Customer may exercise their rights by submitting a specific request to the contact details provided in this Privacy Policy. Information for customers regarding the exercise of their rights is provided free of charge. The Company shall provide the Customer with information on the actions taken in response to their request to exercise their rights, or the reasons for any inaction, no later than one month after receiving the request.

That period for providing requested information may be extended by a further two months if necessary, depending on the complexity and number of requests. If the Customer submits a request electronically, the information will also be provided to the Customer through electronic means.

A request for the exercise of rights received from a Customer may be refused or subject to an appropriate fee if the request is manifestly unfounded or excessive, as well as in other cases specified in the regulatory framework.

If the Customer believes that their Personal Data is being processed in violation of their rights and legitimate interests under an applicable law, they have the right to lodge a complaint with the State Data Protection Inspectorate regarding the processing of their Personal Data.

10. Updates of the Privacy Policy

The Privacy Policy may be updated as needed. The Company reserves the right to change the terms and conditions of the Privacy Policy for valid reasons. After any updates, the information will be published on the websites managed by the Company, indicating the date of the updated Privacy Policy version.

11. Contact details

Please feel free to contact us with any questions, requests, or comments regarding the Company’s Privacy Policy or the processing of Personal Data at help@smartcare.lt.

12. Other information

The Company’s websites and products may include links to third-party websites. When you use third-party applications, services, or websites, even if they are accessible through the Company’s websites and products, this Privacy Policy does not apply to the data processing, applications, services, or websites of said third parties. The processing and collection of data by third parties and their services are governed by the privacy policies and terms of service of said third parties. We recommend that you read these documents before taking any action.

13. Information about cookies

Cookies are small text files containing limited information that are sent to your browser from a server and stored on your computer, mobile phone, or other device when you visit a website. Each time you visit the same website, cookies send information back to that site. We use cookies to personalise content and ads, provide access to protected areas, enable social media features, and analyse traffic. We share website usage information with social media, advertising, and analytics partners, who may add it to other information you provide or information that is collected through the usage of services. Cookies are used to manage your IP address, browsing information, such as areas of the website you have visited, time spent on the website, etc. Some cookies are set by third-party services used on our webpages.

We may store cookies on your device in accordance with the law only if they are essential for the functioning of this website. For all other types of cookies, we require your consent.