- DATA PROCESSOR
UAB Mark ID, legal entity code 305098955, address Žalgirio str. 90, Vilnius, phone number +370 672 89813, e-mail address firstname.lastname@example.org, website www.markid.eu .
1. DEFINITIONS USED
1.1. Personal data - any information relating to a natural person - data subject, whose identity is known or may be directly or indirectly identified using such data as a personal identification number, one or more physical, physiological, psychological, economic, cultural or social features, specific to that person, location data, and Internet identifier.
1.2. Company - UAB Mark ID, legal entity code 305098955, address Žalgirio str. 90, LT-09303 Vilnius.
1.3. Data Subject - A natural person or legal entity representative, who uses the services of the Company, or a person who visits the Website.
1.4. IP Address - a unique number that identifies your computer, phone, tablet, or other device that connects to the Internet. The IP address can be used to identify the country where the computer is connected to the Internet.
1.6. Website - The Company's website www.markid.eu , which provides services of remote identification and search for politically vulnerable persons and searching in financial sanctions databases (data sources: PEP Desk ™ Database, Sanction Lists, Database manager: Info4c AG, Schneckenmannstr. 27, CH-8044 Zurich).
1.7. Regulation - 27 April 2016 Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation).
2. GENERAL PROVISIONS
2.3. By providing a remote Person identification service on the Website, the Company records the image of a specific person in real time and the image of their identity documents. The Company performs remote identification by providing the service to third parties. In such a case, the Company acts as a third party personal data processor with respect to the data subjects and the Company has to conclude a personal data processing agreement with the third parties.
2.4. During the remote identification process, images and photographs are recorded, an identification report is generated, and will be transmitted to third parties who have ordered the Data subject-'s remote identification service. You can only start Identification on the Website after you consent to the recording of video, photo capture and identification report generation, and their transmission to third parties who have ordered the Data subject's remote identification service.
2.5. If the Data subject disagrees with the recording of an image, capture of photos, generating an identification report, the data is transferred to third parties, the image is not recorded, photos are not captured, data is not transferred or processed by the Company and the Data subject can perform identification via other ways in a manner acceptable to third parties, such as arriving and submitting their identity documents.
2.6. Third parties, who order the remote identification service, provided by the Company, may receive and provide to the Company the consent of the data subject for the creation of video recordings, photo capture and identification report generation and their transmission to third parties, who have ordered the data subject's remote identification service. In this case, the persons who ordered the remote identification service are responsible for the validity of the data subject's consent.
2.7. By providing a database search service, the Company performs searches in the databases of politically vulnerable individuals and financial sanctions (data sources: PEP Desk ™ Database, Sanction Lists, Database Manager: Info4c AG, Schneckenmannstr. 27, CH-8044 Zurich). The company performs a search in databases by providing a service to third parties according to a contract for the provision of personal data, under which the recipient of the data undertakes to store the personal data received and use it only for the purpose of preventing money laundering and preventing terrorist financing through Know Your Client procedure (KYC). The company and the third party who ordered the services act as independent data controllers.
2.9. The processing of personal data in the Company is regulated by the Regulation, the Law on Legal Protection of Personal Data of the Republic of Lithuania and other legal acts, as well as the Company's local acts.
3. PRINCIPLES FOR PROCESSING PERSONAL DATA
3.1. Data is processed only under the criterion of lawful processing - in order to ensure the provision of the services on the Company's Website; with the consent of the person; when processing of personal data by the Company is ordered by the relevant legal acts or data processing agreements; where personal data should be processed for the lawful interest of the Company or a third party (including creditors).
3.2. We strive to ensure that Personal data is processed accurately, fairly and lawfully, for the sole purpose of being collected in accordance with clear and transparent principles and requirements for the processing of personal data established by the legislation.
3.3. You do not need to provide any Personal data, but certain services may not be available unless Personal data is provided.
4. VOLUME, OBJECTIVES, BASIS OF PERSONAL DATA PROCESSING
4.1. On the Website, the Company collects the following personal data: name, surname, personal identification number, date of birth, copy of the identity card or passport, and the data contained therein, including the subject's photo and signature, the data subject's picture photos and the real-time video, personal identification report generated on the Website after face recognition and matching, video and photo date, IP address. The basis is the consent of the data subject, the purpose is to carry out the identification of the person in a remote fashion.
4.2. Personal data is processed on the Company's server until the data controller has ordered that the data be deleted. Personal data is transferred by secure connection to third parties who have ordered the remote identification service. Upon transfer of the data to third parties, they shall no longer be processed, except for storage, while the Company only retains the fact of ordering a specific data subject's remote identification service, the consent of the data subject and an identification report confirming the provision of the service for 10 (ten) years to claim, execute or defend the legal demands of the Company or until the Data controller's order to terminate processed data.
4.4. The company processes the following personal data when providing the service of searching in politically vulnerable persons' and financial sanctions databases: name, surname, date of birth, the fact of (non)presence of a politically vulnerable person status or (not)having financial sanctions and related information, including but not limited to the name of the workplace and the country of residence, the position, the country that applied the financial sanction, the record date and other information provided by the database managers about the data subject.
4.5. The Website also collects name, surname, phone number, e-mail address, whenever the the potential client is addressing the Company, by filling in the inquiry form on the website, the objectives - to provide preliminary consultation according to the submitted request, to offer the services provided by the Company. Personal data is processed while the Services published on the Site are provided; then the data is stored for 10 (ten) years in order to claim, execute or defend the Company's legal requirements and the Company's obligation to archive documents as provided for in legal acts.
4.7. Other objectives. The Company may process your personal data for other purposes in accordance with the requirements and procedures of the Regulation and the Law on Legal Protection of Personal Data of the Republic of Lithuania.
5. PROVIDING PROCESSED DATA TO OTHER ENTITIES, DATA CONTROLLERS AND PROCESSORS
5.1. Personal data is transferred through secure communication to third parties who have ordered the services, provided by the Company.
5.2. Video records, photos, identification report, data subject's consent to data processing, as well as results of searches of politically vulnerable persons and financial sanctions databases may be allowed to be reviewed and, if necessary, transmitted to law enforcement or other competent authorities upon written request of law enforcement or other competent authorities. If personal data is reviewed outside the law enforcement or other competent authorities premises or the courtroom, the review of personal data must take place in the closed premises of the Company. The data subject, remote identification service customers, responsible Company employee and law enforcement agencies are entitled to participate in such a listening.
5.3. The data subject shall have the right to review the videos, photos, identification report, the results of searches in politically vulnerable persons and financial sanctions databases relating to the processing of his data during the period of retention of such data.
5.4. Your Personal data may be processed by processors who provide the Company with bookkeeping, Web site hosting, data center and / or server rental, IT maintenance, external audit and other services.
5.5. Data processors shall have the right to process Personal Data only in accordance with the instructions of the Company and to the extent necessary for the proper performance of the contractual obligations. While using the services of data processors, we strive to ensure that they also implement appropriate organizational and technical security measures and maintain the confidentiality of personal data.
5.6. Your personal data may be provided to third parties in the following ways: in writing, by electronic means of communication, by connecting to separate data collecting databases or information systems, or by any other means agreed by personal data controllers.
6. SECURITY OF PERSONAL DATA
6.1. The Company makes every reasonable effort to ensure that Personal Data is protected from any unauthorized action through its internal organizational and technical measures, All Personal Data and other information provided by the Data Subject is considered confidential. Access to Personal Data shall be restricted to those employees of the Company and to the Company's processors for whom such access is necessary to perform work functions or provide services.
7. RIGHTS OF DATA SUBJECTS
7.1. Each data subject has the following rights:
7.1.1. to access his Personal Data submitted to the Company at any time;
7.1.2. by submitting a written request for information, to know from which sources and what Personal Data has been collected, for what purpose they are processed, to whom they are provided;
7.1.3. by a written request via e-mail to correct inaccurate, incomplete, incorrect personal data and / or suspend the processing of such personal data.
7.1.4. disagree with the processing of his Personal Data, except where such personal data is processed for a legitimate interest, pursued by the data controller or a third party to whom the personal data are disclosed and where the interests of the data subject are not more important;
7.1.5. to require that the provided Personal Data be destroyed;
7.1.6. to require action to limit the processing of personal data;
7.1.7. to require that personal data provided by himself, if processed on the basis of his consent or contract, and, if processed by automated means, be transferred by the data controller to a different data controller, in case this is technically possible (data transferability);
7.1.8. the right to object to the use of only automated data processing;
7.1.9. the right to object to the processing of personal data for direct marketing purposes;
7.1.10. the right to revoke the consent given for the processing of personal data;
7.1.11. the right to file a complaint with the State Data Protection Inspectorate regarding the processing of personal data.
7.2. The data subject has the right to claim the rights of the data subject, either orally or in writing, by means of a personal application, by post or by electronic means. In case the data subject claims his rights by writing via post, then a copy of the identity document certified either by a notary or according to another order, provided for in the legal acts, must be submitted together with the application. If the personal data of the data subject, such as name or surname have changed, copies of the documents confirming the change of such data should be provided together with the application; if they are sent by post, then a copy of the identity document certified either by a notary or according to another order, provided for in the legal acts, must be submitted together with the application. When submitting an application by electronic means, the application must be signed by a qualified electronic signature or by electronic means which allow to ensure the integrity and indispensability of the text.
7.3. The request for the implementation of the data subject's rights must be readable, signed by the person, and must contain the name, address and / or other contact details of the data subject for the purpose of maintaining the contact or providing a response regarding the implementation of the data subject's rights.
7.4. The data subject may implement his rights himself or through a representative. In his application, the person's representative must indicate his / her name, address and / or other contact details to be used by the person's representative to receive a response, as well as the name of the person represented and any other data necessary for the proper identification of the data subject and to provide a document or a copy thereof, confirming the representation. In case of doubt about the identity of the data subject, the Company requests additional information, which is necessary to ascertain its identity.
7.5. Upon receipt of the Application, we will provide a response no later than in 30 calendar days from the date of receipt of the Application.
7.6. The Company, acting as Data controller, has the right to refuse to exercise your rights in a reasoned manner under the grounds set out in the Regulation.
7.7. Information about the processing of your data is provided to you, the lawfulness and integrity of the data processing is checked, the processing operations are terminated and the data is destroyed free of charge.
7.8. You can send your application in following ways: by e-mail email@example.com , or visit the office at Zalgirio str. 90, LT-09303 Vilnius.
8. DATA PROTECTION OFFICER
8.1. A data protection officer has been appointed in the Company.
8.2. If you would like to check or find out how the company processes your personal data, or if you are going to exercise your rights as data subjects, please contact the Company appointed data protection officer, email: firstname.lastname@example.org , or by phone +370 672 89813.
9. FINAL PROVISIONS