Privacy policy

Effective from 1 July 2024

This Cofive.lt Privacy Policy (the “Policy”) covers any data processing operations performed by UAB “CoFive” (“CoFive”, the “Company”, “we”, or “us”), i.e. the Policy describes and informs how we collect, use and otherwise process personal data visitors of our website (the “Website”) (“Visitors”, „You“). The Policy describes principles, rules, and requirements of personal data processing that the Company implements to ensure appropriate security of personal data and right of the data subjects.

WHO WE ARE

Data controller, UAB “CoFive” a company incorporated and registered under the laws of Lithuania, with legal entity code 306626131, with its registered office Gamyklos St. 31C, LT-89103 Mažeikiai, Lithuania, email info@cofive.lt, phone +370 613 52331), a provider of innovative B2B human resource management platform designed to optimize training and internal communication.

We respect the privacy of our customers, potential customers, and random visitors to our Website, and we are committed to protecting Your Personal Data and we process Your Personal Data only in line with principles relating to processing of Personal Data and we ensure confidentiality and security of Your Personal Data by implementing appropriate technical and organizational measures. The Policy is applied in conjunction with our Cookie policy. Please take some time to read through this Policy and get acquainted with the terms and conditions of processing of Your Personal Data, and information about Your privacy rights. If You have further questions, please contact us at info@cofive.lt.

DEFINITIONS

Customer	A legal entity to whom the Company provides CoFive Training Platform services, and which uses the Training Platform to organize and conduct trainings for its employees.
Data Controller	CoFive which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
Data Processor	the person engaged by CoFive and which, processes Personal Data on behalf of the Company in accordance with its instructions.
Data Subject	Any natural person that visits the Website and provides own Personal Data to the Company for the particular purpose.
GDPR	Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons regarding the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
Personal Data	any information relating to a Person who is identified or can be identified directly or indirectly by one or more identifiers based on one or more characteristics of that Person’s physical, physiological, genetic, mental, economic, cultural, or social identity.
Processing	any operation involving Personal Data or sets of Personal Data, whether by automated means or non-automated, such as collection, recording, organization, structuring, storage, adaptation or modification, search, consultation, use, disclosure by transmission, dissemination and access, combination, restriction, erasure or destruction.
Training Platform	a training platform managed by CoFive to facilitate the day-to-day business management processes by training employees (organizing and conducting training both using training content from CoFive or our partners, as well as training content uploaded by each Customer) and sending news and updates to employees.
Website	Company’s website www.cofive.lt

Other definitions used in the Policy are understood as they are defined in the GDPR, or the Law on the Legal Protection of Personal Data of the Republic of Lithuania and other legal acts regulating the processing and security of Personal Data.

WHAT PRINCIPLES DO WE FOLLOW WHEN PROCESSING PERSONAL DATA?

We respect Your privacy and collecting and processing only Personal Data that are necessary for the specified processing purposes. When processing Personal Data, we comply with applicable legal acts, including the requirements of the GDPR, the Law on Legal Protection of Personal Data of the Republic of Lithuania and other laws regulating the security of personal data. When processing Personal Data, we adhere to the principles relating to the processing of personal data established in the GDPR:

We process Personal Data in a lawful, fair and transparent manner;
We collect Personal Data for specified, explicit and legitimate purposes and do not further process them in a manner that is incompatible with those purposes;
We ensure that Personal Data is adequate, relevant and limited to what is necessary in relation to the purposes of data processing specified by us, i.e. we do not collect or store redundant or unnecessary data;
We take all necessary measures to correct or delete Personal Data that is not accurate or correct;
We store data only for the period that is necessary for the purposes for which the Personal Data are processed;
We use appropriate technical and organizational security measures that ensure the security of Personal Data, including protection against unauthorized or unlawful data processing and against accidental loss, destruction or damage, including providing access to data or transferring data only to those employees or service providers, for whom such access is necessary due to the work functions they perform or the services they provide.

HOW WE PROCESS YOUR PERSONAL DATA?

We process (collect, use, store) only Personal Data when we have legitimate grounds and for a lawful specific purpose. Most commonly, we will collect and process Your Personal Data in the following circumstances:

When You consented to data collection and processing for a particular purpose;
When we need to fulfil the contract, we have entered with You, or are about to enter into a contract, and we need to take certain steps at Your request;
When we need to comply with a legal or regulatory obligation;
When it is necessary for the purposes of the legitimate interests pursued by the Company or by the third party and Your interests and fundamental rights do not override them.

We may use different methods to collect data from and about You, including directly collected from You (when You give us data by filling in forms, asking for additional information, or by corresponding with us) or automated technologies or interactions (when You interact with our Website, we may automatically collect data about Your equipment, browsing actions and patterns. We collect this Personal Data using cookies and similar technologies, so please read our Cookie policy).

WHAT PERSONAL DATA DO WE PROCESS?

When You visit our Website and fill out a form to receive an offer for the Training Platform services, or ask for more detailed information about the Training Platform, its prices and other services, or You express an interest in trying the Training Platform, in order to contact You and provide You with information of interest, we process:

Your name (first name, last name)
Phone number
E-mail address
Company name
Other personal information You provide in Your communication with us or that is necessary to respond to Your request

The purpose of processing	to contact You and provide information You are interested in and/or asked (including proposal for the Training platform services, additional information about the Training platform, answer to Your questions)
Legal basis for processing	Your consent which You give by filling out and submiting forms on our Website and/or sending Your requests (as per Article 6 Paragraph 1 (a) of the GDPR)
The period of data storage	5 years after You give consent

Links to other sites

Our Website may contain links to other sites, e.g., social media websites. This Privacy Policy applies only to our Website but not any other third-party websites; therefore, we strongly recommend reviewing the privacy policies of any websites You may reach by following links on our Website. We have no control or responsibilities regarding any content or data processing by controllers of such third-party websites.

WHO CAN WE SHARE YOUR DATA WITH?

We make every effort to keep Your data safe and always require a high level of security and confidentiality from our employees and partners.

We may share Your Personal Data with our trusted service providers. We use third-party service providers to undertake processing operations on our behalf, and this may require us to share Your Personal Data with them when they provide services to us. If our service providers need access to Your Personal Data to provide services to us, this will be done only according to the Data processing agreements we shall sign with all our data processors. Nevertheless, we will control and shall always remain responsible for using Your Personal Data. The categories of entities that may have access to Your Personal Data are data centres and/or website hosting service providers, IT support and maintenance providers, advertising and marketing service providers, other professional service providers such as accountants, legal consultants, audit firms, etc. to whom Your Personal Data is disclosed only to the extent it is necessary to provide specific services.

We may also disclose Your data if required by law or where it is necessary for the establishment, exercise, or defense of legal claims, whether in court proceedings or an administrative or out-of-court procedure.

DATA TRANSFERS

We process (store) Your Personal Data only in the territory of the European Union / European Economic Area (EU/EEA). Currently we do not transfer Personal; Data to third countries. Whenever we will have to transfer Your data outside the EU/EEA, we will inform You about this before the transfer takes place and we ensure that that an adequate degree of protection is afforded to Your data by ensuring at least one of the following safeguards is implemented:

transfer Your data to countries that ensure an adequate level of protection of personal data by decision of the European Commission (“Adequacy Decision countries”);
transfer of Your data based on appropriate safeguards implemented by data controllers or processors, i.e. at least we will enter into agreements, such as standard contractual clauses (SCC) and require data receivers to provide the appropriate level of protection for the data;
we may seek Your consent for transfers of Your Personal Data for specific purposes.

WHAT ARE YOUR RIGHTS?

As a data subject, You have certain rights regarding Your Personal Data.

The right of access – You may, at any time, request access to the Personal Data that we hold and receive a copy of Your Personal Data. This includes the right to be informed whether we process Your Personal Data, what data categories are being processed by us, the purpose of processing etc.
The right to rectification – You may, at any time, request us to correct Personal Data that we hold about You which You believe is incorrect or inaccurate. We may ask You to verify any new data that You provide to us and may take our own steps to check that the new data You have supplied us with is right.
The right to restrict processing – in those situations when processing of Your Personal Data is based on our legitimate interest You are entitled to ask us to stop processing it in that way if You feel that our continuing to do so impacts on Your fundamental rights and freedoms or if You feel that those legitimate interests are not valid. You may also ask us to stop processing Your Personal Data in these situations:
- if You dispute the accuracy of Personal Data we are processing and want us to verify that data’s accuracy
- where it has been established that our use of the data is unlawful, but You do not want us to erase it
- where we no longer need to process Your Personal Data (and would otherwise dispose of it) but You wish for us to continue storing it to enable You to establish, exercise or defend legal claims
The right to erasure (“right to be forgotten”) – You may also ask us to erase Personal Data if You do not believe that we need to continue retaining it. We are not always obliged to erase Personal Data when asked to do so; if, for any reason, we believe that we have a good legal ground to continue processing of Your Personal Data that You have asked us to erase (e.g. Your Personal Data is still processed for other legitimate purposes or we have to comply with a legal obligation or for the establishment, exercise or defense of legal claims). If Personal Data is erased under Your request, we will only retain such copies of the information as are necessary for us to protect our or third parties’ legitimate interests, comply with governmental orders, resolve disputes, troubleshoot problems, or enforce any agreement You have entered with us.
the right to data portability – You may request to provide Your Personal Data or transmit that data to another data controller in a structured, commonly used, and machine-readable format if Your Personal Data is being processed by automated means based on Your consent or a mutual contractual relationship, but only when it is technically feasible.
The right to object – You have the right to be informed about the existence of any automated decision making and profiling of Your Personal Data and where appropriate, be provided with meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing that affects You.
The right to withdraw consent regarding the processing of personal data – – You may withdraw Your given consent for processing of Personal Data for particular purposes at any time by clicking a link at the end of our message sent by email or informing us at info@cofive.lt.
The right to lodge a complaint with a supervisory authority – if You think that Your rights have been violated, You may file a complaint to a Supervisory Authority – a State Data Protection Inspectorate (https://vdai.lrv.lt/lt/)

HOW CAN YOU EXERCISE YOUR RIGHTS?

You can exercise Your rights personally or through Your authorized representatives – You can submit a request by e-mail at info@cofive.lt. The request must provide sufficient details that allow us to properly understand, evaluate, and respond to it (should be clear, include Your name, information about what rights and to what extent You wish to exercise, and how You would like to receive a response and the request must be signed). If You submit Your application electronically, the information will also be provided electronically, unless You request in advance to provide it in different way.

Your request must also provide sufficient information that allows us to reasonably verify You are the person or an authorized representative of a person whose personal data we are processing. When submitting a request, You can confirm Your identity in one of the following ways: if the application is submitted by means of electronic communication, it must be signed with an electronic signature or it must be submitted from the e-mail that You provided when You submitted request on our Website and/or which we have in our database and can identify You. If Your request is submitted by an authorized representative, a written authorization (power of attorney) and information that verifies the identity of the representative must be enclosed with the request.

We cannot provide You with the information or exercise Your other rights if we cannot verify Your identity. If we cannot identify You from the information provided or if we have reasonable doubts about Your identity, we may request to provide additional information about Yourself to confirm Your identity.

We will endeavor to process requests for exercising data subject rights and provide You with the information as soon as possible, but no later than 30 calendar days from the date of receipt of request. If due to certain circumstances, such as the complexity of the submitted request (e.g. if it is necessary to seek the assistance of data processors) or the large number of other requests processed by the Company, the period may be extended up to two further months. In such case we will inform You of any extension within one month of the receipt of Your request together with the reasons for the delay.

Requests are processed and information and data are provided free of charge, but we reserve the right, in certain cases, to either waive Your rights (where the request is unreasonable or disproportionate or repetitive), or the provision of information may be subject to charges – a reasonable fee considering the administrative costs of providing information or communication.

UPDATES OF THE PRIVACY POLICY

This Policy is effective from 1 July 2024.

We may change Privacy Policy from time to time based on changes to applicable laws and regulations or other requirements applicable to us, changes in technology, or changes to our business. Any changes we make to the Privacy Policy in the future will be posted on our Website at https://cofive.lt/privatumo-politika/. We encourage You to review the information and any changes to our Privacy Policy regularly.