Privacy Policy

This Privacy Policy was last updated and is valid from 2023, July 10th.

This privacy policy specifies what information is collected and used about you and what information is shared with third parties. Our goal and priority is to protect the privacy and integrity of your personal data.

This privacy policy includes basic information about the processing of your personal data when you log in to the Mark ID UAB (hereinafter referred to as Mark ID) portal at https://www.marksign.lt and/or use your existing user account, or intend to use (are already using) our services.

I. Definitions

Company shall mean Mark ID UAB, legal entity code 305098955, address Žygio g. 97A, Vilnius LT-08236, e-mail address info@markid.lt, website https://www.markid.eu/.

Portal/website shall mean web portal at www.marksign.lt.

The administrator of the portal shall mean Mark ID, UAB, legal entity code 305098955, registered office address Žygio g. 97A, Vilnius LT-08236.

User shall mean a natural or legal person using the website who has registered and provided his/her personal data or who has provided his/her data without registration.

Personal data shall mean any information relating to a natural person whose identity is known or can be established, directly or indirectly, by reference to data such as a personal identification number or to one or more factors specific to that person, whether of a physical, psychological, economic, cultural or social nature.

Device shall mean a computer, phone, tablet, or other device used to visit the Portal/Website and/or use the services provided on the Portal/Website.

IP address shall mean a unique number that identifies the device that connects to the internet. An IP address can be used to identify the location where a computer connects to the internet.

Browser shall mean an application that helps to access websites on a personal device.

Account shall mean a link on the Portal based on the User’s logins, which the User accesses by logging in with his/her identification (login) data.

Identification Data or Login Data shall mean User’s identification data that is transmitted through third parties – SMART ID, Bitė Lietuva UAB, Telia Lietuva, AB, Tele2 UAB, Teledema UAB, ZealiD AB.

Privacy Policy shall mean this document, which sets out the rules for the collection, processing and storage of Personal Data applicable to Users.

Cookies shall mean small files placed on the User’s device when the User visits the Portal, by means of which the Portal recognises the User’s device. This includes not only cookies, but also the use of similar tools (e.g. Flash cookies, Web beacons).

II. Sources of Personal Data

Personal data may be obtained from you directly, for example, when you use our services or otherwise contact us, communicate with us via social networks or simply follow our activities on social networks, visit the Company or browse our websites.

We may also receive your personal data indirectly, for example, from data processors of persons you represent.

We may receive your personal data from information systems when you use the Company’s services, e.g. when you browse the Company’s website or when you open newsletters sent to you.

Please note that you are not obliged to provide any personal data, but this may prevent us from being able to provide you with our services and achieve our other objectives.

III. General Provisions

The provisions of this Privacy Policy apply to all actions Users may take on the Portal, including, but not limited to, logging into the Portal, uploading, verifying, signing, renaming, downloading, inviting others to sign documents and deleting documents.

You shall be able to access the terms and conditions of the Privacy Policy on the Portal at any time, whether during your visit to the Portal, while logged in to your Account or afterwards.

The Personal Data provided by Users is processed by the Company. Personal data shall not be transferred to third parties without the User’s consent, except as provided for by the legislation of the Republic of Lithuania.

IV. Social Media accounts administered by the Company

The Company administers a social media account on Facebook and LinkedIn. The information that a person submits to a social media platform (including messages, the use of “Like” and “Follow” boxes and other communications) or that a person receives after visiting the Company’s account on a social media platform is controlled by the operator of the social network. The administrator of a Linkedin social network collects information about the type of content that a person views, what he or she does on the social network, who he or she interacts with and other information. Therefore, the Company recommends that you read the privacy statements of the social network operator.

For more information on Linkedin privacy policy, click here: https://www.linkedin.com/legal/privacy-policy.

For more information on Facebook privacy policy, click here: https://www.facebook.com/privacy/policy/.

The Company, as the administrator of the social media account, selects the appropriate settings taking into account its target audience and its objectives for activity management and promotion. The social network administrator may have limited the ability of the Company to modify certain essential settings by allowing the Company to create and administer a social network account, and thus the Company may not be able to influence what information about the data subject will be collected by the social network administrator after the Company has created the social network account.

Such settings may affect the processing of personal data when the data subject uses social media, visits the Company’s accounts or reads the Company’s posts on social media. As a general rule, the social network administrator shall process the data subject’s personal data (even those collected by the Company through the optional account settings) for the objectives set by the social network administrator, in accordance with the social network administrator’s privacy policy. However, when the data subject uses a social network, communicates with the Company via a social network, visits the Company’s account on a social network, or monitors posts therein, the Company receives information about the data subject. The amount of data received depends on the account settings selected by the Company, the agreements with the social network administrator for ordering additional services, and the cookies set by the social network administrator.

V. Cookies

The Mark ID website uses cookies and similar technologies. Cookies are text files that are stored on your computer system via your web browser. By using cookies, we provide a more user-friendly experience for users of this website.

We use various tracking technologies, including pixels, in our marketing emails to collect statistical data about the opening of our email messages. Tracking pixels, also known as web beacons or clear GIFs, are small graphical files embedded in our marketing emails. These pixels allow us to collect information about your interaction with the email, such as whether you have opened the message, clicked on links in the email, or taken other related actions.

Many websites and servers use cookies. Many cookies contain a so-called cookie ID. The cookie ID is a unique identifier for the cookie. It consists of a string of characters that allows web pages and servers to be assigned to the specific web browser where the cookie was stored. This allows the web pages and servers visited to identify the individual’s browser from other web browsers that contain other cookies. A specific web browser can be recognised and identified by a unique cookie ID.

By using a cookie, we optimise the information and offers on our website for the user. Cookies allow us to recognise users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, websites that use cookies do not require the user to re-enter his/her access data each time he/she visits the website, as this is handled by the website and the cookie is stored on the user’s computer system.

You can disable the setting of cookies on our website at any time by using the appropriate setting on the web browser you are using and thus permanently object to the setting of cookies. In addition, cookies that have already been set can be deleted at any time via your web browser or other software applications. This can be done using standard web browsers. If you disable the cookie setting on the web browser you are using, you may not be able to use the complete functionality of our website.

Your personal data collected by cookies is processed in accordance with the provisions of the Law on Legal Protection of Personal Data of the Republic of Lithuania, the Law on Electronic Communications of the Republic of Lithuania and other legal acts regulating the protection of personal data. In accordance with legal requirements, we apply security measures to prevent the unauthorized disclosure and unauthorized use of your personal data.

https://www.marksign.lt website uses the following cookies:

VI. Collection, processing and storage of personal data

To use the services provided by the Portal, you must register (login) and provide your personal data. Registration/login and data submission can be done via Smart-ID / Mobile-ID / ZealiD / USB key or chip card. For more information on logging in, click here: https://pagalba.marksign.lt/article/70-kaip-pasirasyti-el-dokumenta

The IP address of the Device provided by you when logging in to the Portal and/or using your Account may be used to determine your location.

Personal data shall only be processed under one or more of the following criteria for lawful processing: (i) for the purpose of ensuring the provision of services in accordance with a contract (i.e. for the performance of the contract or for the purpose of taking action at your request prior to the conclusion of the contract); (ii) where we have received your consent; (iii) where the processing is necessary for compliance with a legal obligation to which Mark ID is subject; and (iv) where the processing is necessary for the purposes of Mark ID’s legitimate interest or that of a third party.

We will keep the information you provide in your Account with your personal data for as long as you use the Account. Personal data will only be processed if the processing is lawful.

We do not keep personal data for longer than required by the purposes of the processing, Users and/or the law. Personal data shall normally (unless otherwise specified) be processed for a period of 10 (ten) years from its receipt. If you request that we restrict the processing of your data and we comply with your request, we will no longer process the personal information collected, except for the retention of the collected data for the periods set out in the Privacy Policy.

In the event that you do not log in to your Account during a period of one (1) year, your login data and the data contained in your Account shall be deleted and shall no longer be stored.

Personal data shall be collected, processed and stored for the purposes set out in this paragraph, but not limited to:

• to provide access to the Account and to the services provided by the Portal;
• to ensure the continuous improvement and development of the Portal;
• to offer specialised services;
• aggregated data is used for statistical analysis of registered/logged-in persons, their activity, general characteristics, the effectiveness of the Portal’s services, etc.;
• to initiate and execute the ordering and purchasing of the Services provided on the Portal;
• to diagnose malfunctions the Portal Administrator may use IP addresses.

The contact information may be used to contact you and to inform you of updates on the Portal regarding the services offered and changes to the provision of services.

For direct marketing purposes, the use of data is subject to your prior consent expressed on the Portal. You may withdraw your consent to the use of your Personal Data for Direct Marketing purposes at any time.

The Company may also send direct marketing communications to its customers at the email addresses provided by you in order to fulfil the Company’s legitimate interest in informing you about applicable promotions, similar services, unless you have expressed your objection to the processing of your personal data for the purpose of direct marketing, either prior to the provision of the service or afterwards.

When we send direct marketing messages, we use tracking pixels, such as email pixels in our direct marketing emails, and similar technologies to collect data on email opening for statistical purposes and to better understand user engagement. The information collected includes whether the email sent to the Applicant has been opened and/or whether the link has been opened, if any, and the date and time when the email was opened. The legal basis for processing this data is our legitimate interest in evaluating the effectiveness of our email communications and providing a more personalised experience. Third-party service providers may help us to analyse data securely and only for predetermined purposes.

You can unsubscribe from direct marketing messages at any time via the unsubscribe link at the bottom of the newsletter. Withdrawal of consent shall not invalidate the lawfulness of the processing of your personal data that was carried out prior to such withdrawal of consent. For the purpose of direct marketing, personal data is processed for a period of 5 years from the date of subscription to the newsletter or the date of the last provision of the service.

If you wish to prevent your Personal Data from being used on the Portal, you may at any time request the Portal Administrator to delete that Account.

The Portal Administrator is not responsible for ensuring the privacy of Personal Data on third-party websites, including where those websites are accessible via links on the Portal.

VI. Data Collection

In order to provide document signing services, we need to collect certain information about Users in order to properly provide our services.

Account Information – we collect and associate with your User Account the information you provide. These data are processed in accordance with the data protection legislation of the Republic of Lithuania and international legal acts.

User data – we store, process and transmit the documents you upload and the information related to them. This data shall only be processed in accordance with your (the User’s) instructions in accordance with the data protection legislation of the Republic of Lithuania and international legal acts.

Usage information – we collect information related to the scope of the services we provide. We may collect information such as IP addresses, browser type, device, operating system used, actions you take when using our services. We use this information to improve our services, develop new products, features and functionality, and to keep your Account and data secure.

Payment data for services rendered – we collect the payment card data you provide (payment card validity date, payment card number, CVV, CVC, CVC2 codes (three digits on the reverse side of the card), payment card type, payment amount. We get this information directly from you. You provide this information when you register on the Portal, select a service plan and make a payment to use the selected service plan. We use this information to enable you to pay for the services we provide and to use the service plan you choose. We use Stripe services to accept and process card payments. Information on how Stripe processes your personal data can be found here: https://stripe.com/en-lt/privacy. For payments by bank transfer we use NeoFinance’s Neopay service https://neopay.online/lt.

Other information – your personal data may be obtained from third parties (sub-processors) (e.g. qualified trust service providers). We store and process this information as personal data in accordance with the provisions of this privacy policy, the data processing agreement and data protection legislation of the Republic of Lithuania and international legal acts.

Where we process personal data of you as an Account User (personal identification number, telephone number and other data necessary to log in to your Account), we act as the controller of your personal data.

Where we process the documents and data you have uploaded to your Account, we act as a processor of the personal data you have provided.

In cases where you provide personal data of third parties when using the Company’s services, you are responsible for informing the persons whose data you provide to the Company about the processing of their personal data and making them aware of this Privacy Policy.

You can find information on the security of the data processed by the Company, your rights as a data subject and other information related to the processing of personal data by the Company in the privacy policy published on the website https://markid.eu/.

VIII. Recipients of Personal Data

We may provide your personal data to the following persons, taking into account the basis for providing the data and ensuring the security of the transmitted data:

• to companies belonging to the same group of companies;
• to state authorities, law enforcement agencies and other persons in accordance with the procedure established by the legislation of the Republic of Lithuania or when the provision of data is necessary to assert, exercise or defend the Company’s legal claims;
• to business partners;
• to State Data Protection Inspectorate;
• to payment service providers;
• to the data processors involved (server administrators, cloud service providers, IT service providers, etc.).

If we disclose your personal data to other groups of data recipients than those specified in this Privacy Policy, we will inform you of this no later than at the time of the first disclosure of the data, unless we have already provided such information to you previously. With your consent, we may also provide personal data to other parties.

We may also provide your data to protect your vital interests (for example, if you feel unwell on our premises and we need to seek medical help).

We may use data processors who will process personal data in accordance with our instructions and within the scope determined by us to the extent necessary to achieve the objectives of the processing. When we use data processors, we aim to ensure that they also have appropriate organisational and technical security measures in place and maintain the confidentiality of personal data.

IX. Transfer of Personal Data outside the EU/EEA

Your data may be transferred outside the European Union, subject to the signing of agreements with data processors that comply with European Union legislation.

Data may be transferred outside the European Union where the transfer is necessary for the conclusion and performance of contracts and the proper provision of services to the Company’s customers. In this case, the Company shall take steps to ensure that any transfer of personal data outside the EU/EEA is properly executed and that the privacy rights of data subjects are fully protected. When transferring personal data outside the EU/EEA, the Company shall comply with:

• a decision taken by the European Commission on the eligibility of a foreign country;
• a certification mechanism approved in a foreign country;
• a decision adopted by the European Commission on standard contractual clauses.

The third country outside the EU/EEA in which the recipient of the personal data is located is required by a decision of the European Commission to ensure an adequate level of protection of personal data.

X. Profiling and automated decision making

The Company does not carry out profiling and automated decision-making that would expose you to legal consequences or similarly significantly affect you.

XI. Your rights as a Data Subject

We would like to inform you about your rights under the General Data Protection Regulation:

• right of access to data. You have the right to request confirmation as to whether data relating to you are being processed and to request information about these data in accordance with Article 15 of the Regulation;
• right to rectify personal data. In accordance with the provisions of Article 16 of the Regulation, you have the right to have any inaccurate data relating to you completed or rectified;
• right to erasure of personal data. In accordance with the provisions of Article 17 of the Regulation, you have the right to request the erasure of specific data in the circumstances set out in the Article;
• right to restrict data processing. In accordance with the provisions of Article 18 of the Regulation, you may request the restriction of processing under the circumstances set out in the Article;
• right to data portability. In accordance with the provisions of Article 20 of the Regulation, you have the right to request receipt of the data you have provided to us and, in addition, to request its transfer to other processors;
• right to object. In accordance with the provisions of Article 21 of the Regulation, you may object to future processing at any time;
• right to withdraw consent. Under Article 7(3) of the Regulation, you have the right to withdraw your consent at any time;
• right to lodge a complaint with a supervisory authority. Under Article 77 of the GDPR, you have the right to lodge a complaint with the competent supervisory authority, the State Data Protection Inspectorate;
• right to compensation for damages suffered as a result of a breach of the data subject’s rights. Under Article 82 of the Regulation, you have the right to compensation from the controller for the damage suffered.

You may request the exercise of the data subject’s rights verbally or in writing by submitting your request in person, by post or by electronic means to the contacts specified in this Privacy Policy.

You must prove your identity by providing a document proving your identity. Failure to do so will prevent us from accepting your requests and the data subject’s rights will not be exercised.

XII. Contact us

If you have any comments, questions or complaints about this privacy policy, you can contact us at info@markid.lt.

Data Protection Officer of the Company is Rusnė Juozapaitienė. She can be contacted at rusne@duomenuapsauga.eu.