Version applicable as of 28 April 2022
1. WHY SHOULD I READ THIS PRIVACY POLICY?
This Privacy Policy ('policy') describes how Rebilita, UAB (hereinafter referred to as the "Company", "We", "Us", "Our") collects, uses, discloses, and stores your personal information and what statutory rights you do have. We protect your personal information under the EU General Data Protection Regulation (2016/679) ('GDPR') and other applicable laws. We may amend this policy from time to time. Therefore, please visit our website regularly for the latest version of this policy.
2. WHO IS RESPONSIBLE FOR PROTECTING MY INFORMATION?
We are: Rebilita, UAB
Our company number is: 304912714
Our address: Gedimino g. 45-7, Kaunas, Lithuania
Our e-mail address: support@brainety.com
3. WHY AND HOW DO YOU COLLECT MY INFORMATION?
3.1. TO PROVIDE YOU WITH OUR ONLINE SERVICES AND / OR PRODUCTS
| When is this relevant for me? | What information do you collect about me? | What is your legal basis to collect my information? | Where do you collect the information from? | Am I obliged to provide this information? | How long do you store information about me? |
|---|---|---|---|---|---|
| When you use / receive our online services and / or products | First name, last name, email address, password, other data that you provide while registering, date of account creation, date of user’s most recent log in, selected account settings, online services and/ or products received by user, tests’ results, games’ scores | Contract (Art. 6 (1) (b) of GDPR) | From yourself | It is a requirement necessary to enter into a contract. If you do not provide this information, you will not be able to use / receive our online services and / or products | 5 years from the last login to your account |
3.2. TO PROCESS YOUR ORDERS AND RECEIVE PAYMENTS
| When is this relevant for me? | What information do you collect about me? | What is your legal basis to collect my information? | Where do you collect the information from? | Am I obliged to provide this information? | How long do you store information about me? |
|---|---|---|---|---|---|
| When you make a payment at our website/app | First name, last name, email, subscription plan, ordered services and / or products, paid amount, currency, payment information (card number, expiration date, CVC number, postal code) | Contract (Art. 6 (1) (b) of GDPR) | From yourself | It is a requirement necessary to enter into a contract. If you do not provide this information, you will not be able to use our services | 10 years from the moment you made a purchase |
3.3. TO ENSURE SECURITY OF OUR WEBSITE/APP AND CONTINUOUSLY IMPROVE IT FOR YOU
| When is this relevant for me? | What information do you collect about me? | What is your legal basis to collect my information? | Where do you collect the information from? | Am I obliged to provide this information? | How long do you store information about me? |
|---|---|---|---|---|---|
| When you use our website/apps | IP address or other device address or ID, web browser and/or device type, hardware and software settings and configurations, the web pages or sites that you visit just before or just after visiting the Site, the pages you view on the Site, your actions on the Site, and the dates and times that you visit, access, or use the Services. When you use the Site on a mobile device, we may also collect the physical location of your device by, for example, using satellite, cell phone tower or wireless local area network signals | Legitimate interest (security and improvement of our website) (Art. 6 (1) (f) of GDPR) | From yourself | No | 2 years after you visit our website/apps |
3.4. TO PROVIDE YOU WITH CUSTOMER SUPPORT
| When is this relevant for me? | What information do you collect about me? | What is your legal basis to collect my information? | Where do you collect the information from? | Am I obliged to provide this information? | How long do you store information about me? |
|---|---|---|---|---|---|
| When you submit an inquiry or file a complaint to our customer support | First name, last name, e-mail address, country, telephone number, subject of your inquiry, date of your inquiry, content of your inquiry, attachments to your inquiry, reply to your inquiry | Consent (Art. 6 (1) (a) of GDPR)) | From yourself | No | 5 years from the moment your last inquiry was received |
3.5. TO INFORM YOU ABOUT OUR ONLINE SERVICE AND / OR PRODUCTS OR SHOW YOU INTERNET ADS
| When is this relevant for me? | What information do you collect about me? | What is your legal basis to collect my information? | Where do you collect the information from? | Am I obliged to provide this information? | How long do you store information about me? |
|---|---|---|---|---|---|
| When we want to inform you or ask your opinion about our products or show you internet ads | Full name, e-mail, telephone number, IP address, order information, country, postback information, website that directed the company’s website, your interaction with internet add | Consent (Art. 6 (1) (a) of GDPR)(Art. 69 (1) of Lithuanian Law on Electronic Communications) Customer relationship(Art. 69 (2) of Lithuanian Law on Electronic Communications) Legitimate interest(to send direct marketing communications)(Art. 6 (1) (f) of GDPR) |
From yourself Social media service providers Marketing service providers |
No | 5 years after you use our services or after you give your consent, unless you withdraw your consent earlier |
3.6. TO INTERACT WITH YOU VIA SOCIAL MEDIA
| When is this relevant for me? | What information do you collect about me? | What is your legal basis to collect my information? | Where do you collect the information from? | Am I obliged to provide this information? | How long do you store information about me? |
|---|---|---|---|---|---|
| If you interact with our social media profiles (e.g., send a message, follow our profiles, share a post, react to a post) | Name and surname, e-mail address, gender, country, picture, message, time and date the message was received, content of the message, message attachments, response to the message, time of response to the message, information about Company’s rating, comments on a post, post shares, information about post reactions | Consent (Art. 6 (1) (a) of GDPR) |
From yourself and social media platforms | No | 10 years from the moment you interact with our social media profiles |
3.7. TO CARRY OUT THE SELECTION OF POTENTIAL EMPLOYEES
| When is this relevant for me? | What information do you collect about me? | What is your legal basis to collect my information? | Where do you collect the information from? | Am I obliged to provide this information? | How long do you store information about me? |
|---|---|---|---|---|---|
| When we receive your application for a job position, when you give us your consent, or we contact you based on the information you publicly disclose on professional social media platform | Full name, e-mail, phone number, CV, work experience, other information you provide us with | Consent (Art. 6 (1) (f) of GDPR) Contract(Art. 6 (1) (b) of GDPR) Legitimate interest (to contact you when you publicly disclose your information on professional social media platforms) (Art. 6 (1) (f) of GDPR) |
From yourself and professional social media platforms | It is a requirement necessary to enter into a contract only where we intend to enter into an employment contract with you. If you do not provide this information, we will not be able to enter into an employment contract with you | 6 months after the end of the relevant recruitment process, or 5 years after you give us your consent or publicly disclose your information on professional social media platforms |
3.8. TO FULFIL STATUTORY ACCOUNTING REQUIREMENTS
| When is this relevant for me? | What information do you collect about me? | What is your legal basis to collect my information? | Where do you collect the information from? | Am I obliged to provide this information? | How long do you store information about me? |
|---|---|---|---|---|---|
| When you order our products | Full name, e-mail address, telephone number, bank account number, address, signature, invoices, reports, accounting documents, payments, paid amounts, other information we are statutorily required to collect | Legal obligation (Art. 6 (1) (c) of GDPR) Law on Accounting of the Republic of Lithuania |
From yourself | It is a statutory requirement. If you do not provide this information, you will not be able to buy goods or services from us | 10 years from a transaction |
3.9. TO FULFIL STATUTORY ACCOUNTING REQUIREMENTS
| When is this relevant for me? | What information do you collect about me? | What is your legal basis to collect my information? | Where do you collect the information from? | Am I obliged to provide this information? | How long do you store information about me? |
|---|---|---|---|---|---|
| In case we become a party or concerned party in legal process which you are subject to or we are statutorily required to collect and/or provide information about you in order to comply with the law | All of the afore-mentioned information, accounting and legal case files, legal documents, other information you provide us with, other information that we are statutorily required to collect and/or provide If the case arises - information about criminal offenses and convictions |
Legal obligation (Art. 6 (1) (c) of GDPR) Legitimate interest (to protect our rights and interests) (Art. 6 (1) (f) of GDPR). Establishment, exercise, or defence of legal claims (Art. 9 (2) (f) of the GDPR) |
From afore-mentioned sources, law enforcement authorities, parties that are subject to legal process, courts | You are statutorily obliged to provide personal information. In other cases, we will collect your personal information when we have a legitimate interest to defend our rights and interests | 10 years following the end of contractual relationship with us or, whichever is longer, for the duration of legal process and 3 years following the date of entry into force or full enforcement of a judgment of a court or authority |
4. WHO DO YOU SHARE MY INFORMATION WITH?
We share your information with information recipients, both within and outside European Economic Area (EEA), in cases where necessary for the above-describe purposes and allowed in accordance with applicable laws.
| Information recipient or category of information recipient | Purpose of information transfer | Country of the recipient | European Commission decision on whether a non-EEA country has an adequate level of information protection | Suitable safeguards that protect my information, when it is transferred to non-EEA countries |
|---|---|---|---|---|
| Accounting and audit service providers | To fulfil statutory accounting requirements | EU | N/A | N/A |
| Archiving service providers | To keep our archive | EU | N/A | N/A |
| Electronic communication service providers | To operate our electronic communications | EU | N/A | N/A |
| Attorneys, notaries, bailiffs, auditors, data protection officers, consultants | To ensure our compliance, defend our rights and interests | EU | N/A | N/A |
| E-mail and cloud hosting service providers | To operate IT resources | Worldwide | N/A, including non-EEA countries | EU Standard Contractual Clauses |
| Potential or actual acquirers of the Company's business/ part of the business, also their authorized consultants or other persons | To evaluate and/ or execute transactions concerning the ownership of the Company | EU | N/A | N/A |
| Banking, payment processing and other financial service providers | To process payments | Worldwide | N/A, including non-EEA countries | EU Standard Contractual Clauses |
| Marketing and telemarketing service providers | To market our services | Worldwide | N/A, including non-EEA countries | EU Standard Contractual Clauses |
| Customer support service providers | To provide customer support | Worldwide | N/A, including non-EEA countries | EU Standard Contractual Clauses |
| Social media service providers | To manage our social media profiles | Worldwide | N/A, including non-EEA countries | EU Standard Contractual Clauses |
5. WHAT STATUTORY RIGHTS DO I HAVE REGARDING MY INFORMATION?
Subject to conditions, limitations, and exceptions established by statutory data protection provisions, you have the rights listed below:
| My right | When this right is applicable to me? |
|---|---|
| Right of access | when you seek to obtain confirmation as to whether we collect or otherwise process personal data concerning you, and, where that is the case, access to the personal data and the information about the data processing. |
| Right to rectification | when you seek to obtain from us the rectification of inaccurate personal data concerning you. |
| Right to erasure ('right to be forgotten') | - when personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- when you withdraw consent on which the processing is based and there is no other legal ground for the processing; - when you object to the processing and there are no overriding legitimate grounds for the processing, or you object to the processing for direct marketing purposes; - where the personal data have been unlawfully processed; - where the personal data have to be erased for compliance with a legal obligation; - where the personal data have been collected in relation to the offer of information society services directly to a child and subject to a consent. |
| Right to restriction of processing | - where the accuracy of the personal data is contested by you;
- where the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; - where we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; - where you have objected to processing. |
| Right to data portability | where you seek to receive the data you have provided in a structured, commonly used and machine-readable form or to transmit those data to another controller, the processing is based on consent or on a contract and is carried out by automated means. |
| Right to object | where the collection and use is based on a task carried out in the public interest or in the exercise of official authority vested or legitimate interest, including profiling, as explained in Section 3 of this Privacy Policy, or where you object to the collection of your personal data for direct marketing purposes. |
| Right to withdraw consent | where the processing is based on consent, as explained in Section 3 of this Privacy Policy, and you seek to withdraw it at any time. |
| Right to lodge a complaint | where you want to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or of an alleged infringement of the GDPR. |
6. HOW DO I SUBMIT A REQUEST?
If you would like to exercise your rights described above, please submit a request to us via e-mail at support@brainety.com.
7. CAN I USE AN AUTHORIZED AGENT?
Sure. You may use an authorized agent to submit a request to opt-out on your behalf if you provide us with the authorized agent written permission to do so. If this is the case, please provide us with a copy of the said permission as instructed under the Section 18 of this policy below. We may deny a request from an authorized agent that does not submit proof that they have been authorized by you to act on your behalf. You may also make a request on behalf of your minor child.
8. DO YOU ENGAGE IN AUTOMATED INDIVIDUAL DECISION-MAKING, INCLUDING PROFILING?
No, we do not make decisions based solely on automated processing, including profiling, which would produce legal effects concerning you.
9. DO YOU USE COOKIES?
Yes, we use cookies on our website as described in the table below.
| Cookie Name | Cookie Expiry | |
|---|---|---|
| Strictly Necessary & Statistics Cookies | ||
| XSRF-TOKEN | 1 day | |
| enence_session | During the browsing session | |
| _ga | 2 years | |
| Marketing Cookies | ||
| _gat | During the browsing session | |
| _gid | 24 hours | |
| _hjAbsoluteSessionInProgress | 1 day | |
| _hjFirstSeen | 1 day | |
| _hjid | 1 year | |
| _hjIncludedInPageviewSample | 1 day | |
| soundestID | During the browsing session | |
| soundest-views | During the browsing session | |
| Targeting Cookies | ||
| _fw_crm_v | 1 year | |
| ads/ga-audiences | During the browsing session | |
| REST/webTracking/v1/event | During the browsing session | |
10. HOW CAN I MANAGE COOKIES?
You can configure your browser to decline some or all cookies or to ask for your permission before accepting them. Please note that by deleting cookies or disabling future cookies you may be unable to access certain areas or features of our website. You can control the use of functionality cookies, targeting cookies or advertising cookies by adjusting your browser settings. To find out how to manage cookies in your browser, please visit one of the links below:
• Mozilla Firefox:
https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences• Google Chrome:
https://support.google.com/chrome/answer/9564711. HOW CAN I CONTACT YOU?
If you have any questions, comments, or complaints regarding how we collect, use, and store your personal information, please contact us by e-mail at support@brainety.com at any time
