Privacy policy

Valid as of 8 July 2019, version 1.0

  1. PURPOSE AND SCOPE OF PRIVACY POLICY
    1. This privacy policy ("Privacy Policy") documents principles followed by Privasfer when processing Personal Data and provides general Processing information to Privasfer users so contributing to Privasfer compliance with the General Data Protection Regulation and other applicable data privacy legislation.
    2. The Privacy Policy applies to the Processing performed during the delivery of Privasfer services provided online via www.privasfer.com website (software as a service) application and application programming interface integrated in a third party software as well as, when applicable, through a mobile application ("Services").
    3. Services offer Privasfer account owner, manager and/or user (natural and/or legal persons) to transfer or receive digital files, information, messages or other digital content ("Content") online.
    4. By using Services, you as Privasfer account owner, manager and/or user agree to be legally bound by this Privacy Policy.
    5. The Privacy Policy also applies to Privasfer, its employees, associated contractors and third-party service providers, unless otherwise stated in this Privacy Policy or in the applicable privacy rules of contracted service providers (references to such rules might be included in this Privacy Policy, however, Privasfer has no obligation to include all the references).
    6. Due to the global reach of Privasfer operations applicable data protection regulations vary. Privasfer aims to follow the country specific Personal Data protection regulations and in case of discrepancies or inconsistencies between particular local data privacy requirement and this Privacy Policy aims to adhere to the requirement which is more stringent.


  2. DEFINITIONS
    1. Definitions in this Privacy Policy have the following meanings:
      1. "Controller" – Personal Data controller as defined in the GDPR, which, alone or jointly with others, determines the purposes and means of Data Processing.
      2. "Data Processing" or "Processing" - means any automated or non-automated operation performed with regard to Personal Data, e.g. collection, recording, organization, structuring, storage, adaptation or alteration, consultation, use, disclosure, restriction, erasure or destruction.
      3. "Data Subject" – means any natural person who is identified or whose identity is directly or indirectly identifiable and whose Personal Data is being processed by Privasfer Services while delivering Services or by Privasfer account owners, managers and/or users while using Services.
      4. "GDPR" – means the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
      5. "Personal Data" - means any information processed in the course of Service delivery in Privasfer systems about a Data Subject.
      6. "Privasfer" is website www.privasfer.com administrator delivering Services - UAB "IT Solutions", company code: 300899746, company registered address: Dariaus ir Gireno str. 149, Vilnius, Lithuania.
      7. "Processor" – means any natural or legal person which processes Personal Data on behalf of and under instructions of the Controller.
      8. "Supervisory Authority" – means a public authority of the Republic of Lithuania established to supervise data privacy compliance as well as to perform other rights and duties stated in the GDPR. When applicable, the lead Supervisory Authority for Privasfer will be the State Data Protection Inspectorate of the Republic of Lithuania (https://vdai.lrv.lt/).


  3. GENERAL PROVISIONS ON DATA PROCESSING
    1. Privasfer acts in the role of Processor to Privasfer account owner (manager or user, as assigned representatives of the owner) when they upload, store, transfer or receive Personal Data through Privasfer Services. By using Privasfer Services and accepting this Privacy Policy Privasfer account owner (manager or user, as assigned representatives of the owner) is also considered concluding a Personal Data processing agreement with Privasfer under the terms of this Privacy Policy. If Privasfer account owner (manager or user, as assigned representatives of the owner) uses Privasfer account essentially for Personal Data transfers, Privasfer account owner (manager or user, as assigned representatives of the owner) may request for separate Personal Data processing agreement from Privasfer by sending an email to policy@privasfer.com. Privasfer acts as an independent Controller when Processing Personal Data of Privasfer account owner, manager or user to the extent needed to identify and maintain the Privasfer account as well as when Processing Personal Data for purposes mentioned in items 5.2.2.-5.2.5. of this Privacy Policy.
    2. When Processing Personal Data, Privasfer complies with GDPR principles: purpose limitation (Data Processing only in a manner that is compatible with the purposes originally determined); data minimization (Processing limited to Personal Data which is needed for particular purposes); lawfulness, fairness, transparency, accuracy of Data Processing; storage limitation (Personal Data retained for no longer than necessary for particular Data Processing purpose); Personal Data integrity, confidentiality; accountability (Privasfer shall be able to demonstrate compliance with its obligations); protection of Personal Data by default and by design.
    3. Employees and/or contractors of Privasfer undertake to comply with principles of Privacy Policy and confidentiality for Processing activities. Personal Data may be processed by Privasfer employees and/or contractors strictly to the extent needed for due Service delivery.
    4. Privasfer commits to confidentiality of Personal Data Processing unless according to the applicable legal acts: such information is or ought to be public, or the Data Subject has consented to particular Personal Data publication or disclosure, or where necessary for the prevention of criminal or other illegal acts, as well as in other cases defined by applicable laws.
    5. Privasfer platform is designed for transfers of Personal Data, including special categories thereof, e.g. criminal records, health information, membership in trade unions, etc.
    6. Personal data will be processed via automatic means. Non-automatic Personal Data Processing may be performed in exceptional circumstances (e.g. communication with regulatory authorities regarding Personal Data transfers on Privasfer).
    7. Privasfer implements Privacy Policy by establishing appropriate technical and organizational measures and by monitoring compliance of Processing activities with it. Privasfer implements all appropriate technical and organizational measures to ensure Personal Data protection is embedded in Personal Data Processing, to meet requirements of the GDPR and to protect Data Subjects rights.
    8. On upload, at rest and on download, Privasfer keeps the content of Privasfer account owner, manager or user encrypted with state-of-the-art algorithm (AES-256-CBC) and uses a secure internet connection (SSL) to that end. Privasfer uses GDPR compliant and secure servers to store Personal Data. 2-factor (password and user IP address) account access verification is applied – Privasfer account may not be accessed from an IP address which was not previously used for user verification by the same web browser). Privasfer performs regular risk assessment and respectively updates its security measures.
    9. By using Privasfer Services Privasfer account owner, manager and/or user confirms and undertakes to be solely and individually liable for the legality of the Content and of Personal Data Processing via Privasfer account. In particular, Privasfer account owner, manager and/or user must possess legal basis for respective Personal Data transfer and must have independently notified respective Data Subjects in advance to their Personal Data Processing according to this Privacy Policy. Privasfer as a Service provider is not able to verify whether data transferred via Privasfer involves personal Data. As such, Privasfer excludes its liability for: 1) Personal Data Processing by Privasfer account owner, manager or user without having a proper legal basis; 2) notifying Data Subjects whose Personal Data is incorporated in the Content processed by Privasfer account owner, manager and/or user while using Services.


  4. INFORMATION ON PRIVASFER DATA PROCESSING
    1. The section describes how Privasfer processes Personal Data in the course of Service delivery.
    2. Privasfer processes Personal Data for the following Processing purposes:
      1. to deliver Services and their technical support as defined in Privasfer Terms and conditions available on www.privasfer.com and this Privacy Policy;
      2. to perform accounting and billing activities;
      3. to ensure Privasfer Service security and compliance with applicable legal and regulatory requirements. On exceptional situations Processing of Personal Data may be needed for Privasfer to verify reasonable suspicion of or to react to the infringement of Privasfer Terms and condition or this Privacy Policy, to ensure continuity and safety of Privasfer Services, to report to or to comply with the request of law enforcement or regulatory agency;
      4. to market and advertise Services, including newly developed Services similar to the ones already provided, including by using cookies;
      5. to enforce Privasfer legal rights in relation to or as a result of use of Services. Privasfer rights and obligations are prescribed by Privasfer Terms and conditions, Privacy Policy or applicable laws. Personal data may be used to prevent, launch or rebut legal claims of or against Privacy account owner, manager, user or other third party or following a court or other governmental authority order.
    3. Privasfer Service development and Service analytics are conducted based on statistical data and do not involve Personal Data Processing.
    4. Privasfer invokes the following legal basis for Personal Data Processing:
      1. for the purpose specified under Privacy policy item 4.2.1.: 1) whenever natural person is the owner.manager/user of the Privasfer account and transfers its own Personal Data, such Personal Data is processed under the legal basis of contractual necessity (in order to execute the contract concluded with the Data Subject); 2) whenever the Privasfer account is used to transfer Personal Data of other Data Subjects other than the owner/manager/user of the particular Privasfer account so used, Personal Data is processed for Privasfer legitimate interest (to deliver and develop Privasfer services);
      2. for the purpose specified under Privacy policy item 4.2.4. Data Subject consent may be required. Consent may also be collected to use certain cookies on the device. Data Subject will be given an opportunity to provide informed, active and unambiguous consent via automated means (e.g. via Privasfer platform or email);
      3. for the purpose specified under Privacy policy item 4.2.3. and 4.2.5. Privasfer may invoke Privasfer legitimate interest to ensure security of Services and to enforce its rights. When Privasfer uses Personal Data based on Privasfer or a third party’s legitimate interest, Privasfer will make sure to balance Data Subject’s rights and freedoms against said legitimate interest. If, to the extent applicable, Data Subject wishes to object to the activities based on Privasfer legitimate interest and there’s no opt-out available in the registered account settings or received communication, please contact Privasfer via email policy@privasfer.com in order to object data processing;
      4. for the purpose specified under Privacy policy item 4.2.2. Privasfer will process Personal Data as required by law;
      5. Privasfer may invoke other legal basis as may be appropriate and following due notification to the Data Subject and/or Privasfer account owner, manager or user.
    5. Privasfer processes Personal Data of the following Data Subjects: 1) Privasfer account owner, manager and/or user; 2) Data Subjects whose Personal data is incorporated in the Content and provided by Privasfer account owner, manager and/or user.
    6. Different types of Personal Data are processed when delivering Service and depends on the way and type Services are used:
      1. Personal data processed when Privasfer is used without creating an account: email address, telephone number, PIN code (stored in encrypted format);
      2. Account and account access information when non-chargeable Service plan is used: email address, telephone number, password/PIN code (stored in encrypted format), team profile information (team name, email address, IP address, country, name of team members, role and actions taken), timezone, email verification data, notification/announcement data, account preferences set by the account owner/manager, files count, storage space count, API requests count (no other API data is collected), account owner/manager/user photo (if uploaded);
      3. Account and account access information when chargeable Service plan is used: email address, telephone number, password/PIN code (stored in encrypted format), team profile information (team name, email address, IP address, VAT ID, country, name of team members, role and actions taken), invoice data (creation date, amount, actions taken), credit card requisites (holder name and surname, processed only to the extent they are needed to transfer to payment service provided Cardinity (stored only until their transfer to Cardinity); timezone, email verification data, notification/announcement data, account preferences set by the account owner/manager, files count, storage count, API requests count (no other API data is collected), type of Service plan ordered, Service plan expiry date, automatic data deletion term, account owner/manager/user photo (if uploaded);
      4. Content and metadata: filename, size of transferred files, filetype, date of the sent/received file or message sent along with the file transfer; action taken in relation to the sent/received file or sent message; sender and recipient email addresses, transfer message subject and message content; attachments sent; integration keys (if “Dropbox” or “Digital Ocean S3 Spaces” are added by Privasfer account owner/manager).
    7. Privasfer account owner, manager and/or user determines the type of information to upload, send, share and whether data includes Personal Data.
    8. Access rights. Privasfer manage and control access rights to Privasfer account as follows:
      1. Limited number of authorised system administrator may access identity of Privasfer account owner, manager and/or user, may block upon due cause Privasfer account, may review ordered paid Service plans. Privasfer controls and supervises Privasfer system administrator activity. The Content cannot be accessed by Privasfer authorised system administrator unless required by law enforcement agency in the manner prescribed by law. On exceptional occasions (e.g. when so requested by competent governmental and/or legal enforcement authorities, and upon request of the Content owner) Privasfer may provide access to the encrypted Content;
      2. Privasfer account owner (the person or entity who or which has registered the account) and manager (the person or entity to whom or to which account owner has delegated account management function) have identical rights: may change account settings, may order paid Service plans, may transfer/receive data via Privasfer account, may access all data transferred/received through Privasfer account, may add own “Dropbox” or “Digital Ocean S3 Spaces” accounts, may set automated data deleted term for the account;
      3. Privasfer account user (the person/entity who/which was invited by account owner or manager to use the account) may transfer/receive data via the account, may access only data that was sent/received by him.
    9. When Privasfer account owner, manager or user sending Content deletes the Content from the account, this data will be automatically deleted from the account of the Content recipient. Whenever the recipient deleted received data/files, such data/files will still remain in the account of the sender.
    10. Privasfer may collect Personal Data from Data Subjects from several Personal Data sources. Privasfer account owner, manager or user may submit Personal Data to Privasfer when using Services. Privasfer will generate Personal Data when Privasfer Services are used. Also, Privasfer may receive Personal Data from third parties, such as:
      1. Integration information: Privasfer account owner or manager can choose to integrate some of Privasfer Services with “Google” account, “Dropbox”, “Digital Ocean S3” (more information available under: https://www.digitalocean.com/legal/terms-of-service-agreement/ ; https://www.digitalocean.com/legal/privacy-policy/), “Vertexsms” (more information available under https://vertexsms.com/termsofuse/), “Sendinblue” (more information available under: https://www.sendinblue.com/legal/termsofuse/);
      2. Identity information (name, email, timezone, country, photo) of Privasfer account owner may be received from Google Inc. via use of “Google” account authorisation function;
      3. Marketing information: marketing partners may provide additional (aggregated) information in order for Privasfer to personalize advertisements and to find the right audience for Privasfer advertisements;
      4. Legal Information: when law enforcement agencies or courts order Privasfer to take disclose transferred content, Privasfer may initially receive Personal Data;
      5. Payment information: when Privasfer account owner or manager wishes to receive paid Services, payment data will be processed and stored in "Cardinity" system (more information available under: https://cardinity.com/legal/terms-and-conditions and https://cardinity.com/privacy-policy). In such a case Privasfer will store (until transfer to Cardinity) cardholder’s name and surname, key for initiating payment via Cardinity system, the fact that the payment was made for the Privasfer account, however, credit card data and payment data are stored and processed in the "Cardinity" system.
    11. Personal Data retention period varies depending on Data Processing objective. Privasfer retains Personal data for the following periods:
      1. for the purpose specified under Privacy policy item 4.2.1. Personal Data and the Content incorporating Personal data is retained for:
        1. in case “free” Service plan is used - for 30 days after the data transfer via the Privasfer account;
        2. in case paid Service plan is used – so long Service subscription plan fee is active (paid up in full). So long the User keeps active paid Privasfer account Content is stored until User decides to delete files from the account or until Privasfer Service or account is deleted or until the expiry date set manually (i.e. account owner or manager sets term after which all data will be automatically deleted from the account).

          After the period set in item 4.10.1. of this Privacy Policy expires, Content is automatically deleted from Privasfer servers, however, Privasfer account remains (regardless whether paid Privasfer Services are ordered or whether Content has been deleted) until account owner deletes such account.
      2. for the purpose specified under Privacy policy item 4.2.2. is retained for the period prescribed by law which is usually 10 years after the end of the current financial year;
      3. or the purpose specified under Privacy policy item 4.2.3. is retained for the investigation period and for 3 years thereafter unless applicable law requires to retain longer;
      4. for the purpose specified under Privacy policy item 4.2.4. is retained for the period of particular cookie (see section 6 for further details);
      5. for the purpose specified under Privacy policy item 4.2.5. is retained for the period of litigation and for 10 years thereafter.
    12. Privasfer does not delete accounts - after the expiry of paid Service plan, the account turns automatically into the account with functionality of the unpaid Privasfer account.


  5. COOKIE POLICY
    1. A cookie is a small text file that is stored on visitor’s computer or mobile device when visiting a website. Due to cookies a website can "remember" for a certain period of time visitor’s (Data Subject’s) actions and preferences (e.g. login, language, font size and other display options) so that you do not have to repeatedly enter them each time visitors visit the website www.privasfer.com.
    2. It is important to note that this Cookies Policy will be applied not only for the use of cookies, but also for the use of similar technologies designed for information storage on end devices (e.g. computers, mobile phones, smartphones) of a subscriber or a factual user of electronic communications services (e.g. local storage technology), for example on computers, mobile phones, smartphones. The term “cookies” in this Cookies Policy includes also similar technologies used in the website www.privasfer.com.
    3. Cookies perform various functions:
      1. Functional cookies for provision of services (P1). Cookies are very important for the operation of the websites and electronic services. Cookies ensure smooth user experience. For example, if the user wishes, he/she does not have to enter name, surname, password and other data for each of his/her connections.
      2. Service development and quality assurance (P2). Monitoring the use of cookies can improve the functioning of the website and the electronic services and eliminate errors when they occur. For example, gathering information about the most popular parts of the website, about which other websites are accessed from the website and about how much time visitors spend on website.
      3. Use analysis (P3). Cookies are used to obtain statistics about the number of users who visited the website, about the usage of electronic services as well as to evaluate the effectiveness of advertising. Information may be collected, for example, from email in order to establish, whether emails have been opened and whether they have prompted users to take any action (e. g. whether the user clicked on a link).
      4. Targeted Marketing Orientation (P4). Using cookies, allows us also to collect information in order to provide advertisements or content for a specific browser by creating different target groups.
    4. Please note that cookies may also be used for purposes of their own choice by Privasfer partners and other third parties whom the controller of the website www.privasfer.com does not control. Privasfer is not and will not be liable for the actions of such persons. Visitors should contact the respective partner or other third party if visitors suspect that Privasfer partners or third parties use cookies without visitor’s consent.
    5. Accessing the website www.privasfer.com for the first time each visitor will receive a notification with a reference to this Cookies Policy "Read more" that will lead visitor to this Privacy Policy. If visitor clicks on the reference visitor will be provided with all the information on cookies installed and used on the website www.privasfer.com. In any case, visitor controls the cookies – each visitor can at any time reject or delete (de-install) them.
    6. By using the website www.privasfer.com and by clicking on the button "AGREE" in the notification message visitor confirms that he/she agrees and allows Privasfer, being the website controller, to install cookies on visitor’s end device (computer, tablet, smartphone, etc.). In case visitor does not press the button in the notification message mentioned and continues to browse the website, then only the cookies required for the proper functioning of the website www.privasfer.com will be installed on visitor’s end device (functional cookies are listed in the table below).
    7. By using the website www.privasfer.com visitor also consents and confirms that all data related to visitor’s activities in the website may be used also by third parties for the purposes listed in this Section 6 "Cookie Policy".
    8. Visitor can control and/or delete cookies if he/she wishes. All cookies already stored on visitor’s computer can be deleted and visitor can set most browsers to prevent cookies from being stored on visitor’s device. However, in this case, visitor may have to manually adjust some preferences on your internet browser every time he/she visits the website www.privasfer.com and some services and features may not work, also this may affect visitor’s use of the services available via the website www.privasfer.com. The actions to be performed depend on the type of the browser visitor uses. The browser may be set separately for each device visitor uses. More details are available at www.AllAboutCookies.org or www.google.com/privacy_ads.html.
    9. Cookies may be "session cookies" that are used only while visitor is browsing the internet and that are automatically deleted after closing the browser. Other cookies used are "persistent cookies", i.e. such cookies are stored on visitor’s end device (computer, tablet, smartphone, etc.) until the cookie's lifespan expires or until visitor deletes the cookie using one of the options described above. "Third-party cookies" are those cookies used by a person other than Privasfer. In addition, as mentioned above, other similar technologies, performing cookies’ functions are used on the website www.privasfer.com, for example Local storage technology.
    10. All cookies used on the website www.privasfer.com and related information are shown in the table below:

      Name Data processing purpose. Publisher Moment created Expiration time Data used
      privasfer_session P1. For a normal application functioning. When opening of the website When closing of the website Session key
      XSRF-TOKEN P1 – in order to identify unauthorised users and reject their queries, Privasfer. When opening of the website When closing of the website User session ID and time stamp identifier
      cookies_agree P1. To identify if user already consent with cookies policy, Privasfer. Upon consent for cookies storage After 2 days. ID of the cookiestos_agree consent
      tos_agree P1. To identify if user consent with terms of use, Privasfer. Upon consent with the Terms and Conditions of service provision in the page of file transfer. After 1 day. ID of the consent with terms and Conditions.
      1P_JAR P3. Third party cookie – publisher is google.com When opening of the website After 1 month Information about the visitor
      CONSENT P3. Third party cookie – publisher is google.com When opening of the website Unlimited - until deletion of the cookies using browser settings. Information about the visitor
      DV P3. Third party cookie – publisher is google.com When opening of the website When closing of the website Information about the visitor
      NID P3. Third party cookie – publisher is google.com When opening of the website When closing of the website Information about the visitor
      Google tag manager P2, P3, P4. Third party technology – publisher is google.com By using tags available via Google tag manager, visitors of the website www.privasfer.com may be followed (actions performed in the website are recorded and analysed). Use of the Google Tag Manager (the "Service") is subject to this Google Tag Manager Use Policy (the "GTM Use Policy"). To the extent Privasfer use of the Service is within scope, Privasfer and Google agree to the Google Ads Data Processing Terms at https://privacy.google.com/businesses/processorterms (the "Processing Terms").


  6. RIGHTS OF DATA SUBJECTS
    1. Privasfer will ensure that the rights of the Data Subjects under the GDPR are fully respected and will use reasonable measures to comply with them. These rights include following Data Subject’s rights:
      1. to be informed or notified of the intended Data Processing activity;
      2. to access Personal Data;
      3. to request rectification;
      4. to request erasure;
      5. to restrict Data Processing in certain circumstances;
      6. to Personal Data portability;
      7. not to be subject to a decision based solely on automated processing which may have a legal or similarly significant effect on the Data Subject;
      8. to object to Data Processing;
      9. to lodge a complaint with Supervisory Authority or, when appropriate, the court.
    2. When the Personal Data is no longer necessary for the Data Processing purposes or when Data Subject submits a valid request to erase Personal Data and in the absence of any regulatory requirements to keep processing Personal data, Privasfer erases Personal Data according to the procedure established by Privasfer in a way that securely precludes restoration or recognition of the content.
    3. The Data Subject may at any time exercise his/her rights (in a manner compliant with the GDPR) by filing the request, submitted in person, via regular post to Privasfer registered address or via email mentioned above in this Privacy Policy. Such request is handled free of charge within 30 days (term extensions possible under specific circumstances) and either satisfied (if Privasfer finds that the request is justified) or rejected with reasons. Privasfer will have to verify Data Subject’s identity before implementing Data Subject’s right and to this end may ask for a copy of identification document or other information.
    4. If the Data Subject believes that his/her rights related to Data Processing were violated, he/she can lodge a complaint with the lead Supervisory Authority. In any case, with regard to the violation of his/her rights, a Data Subject may also address the concerned Supervisory Authority in another EU member state which will transfer the claim to or investigate it together with the lead Supervisory Authority following the procedure established under the GDPR.
    5. Subject to certain limitations under California Civil Code, being a California (the USA) resident, Privasfer owner, manager or user may ask Privasfer to provide: 1) a list of certain Personal Data categories that Privasfer has disclosed to certain third parties for their direct marketing purposes during the immediately preceding calendar year and (ii) the identity of certain third parties that received Personal Data from Privasfer for their direct marketing purposes during that calendar year. Privasfer does not disclose Personal Data to marketers in the sense of the California Civil Code.


  7. PERSONAL DATA TRANSFER
    1. Personal Data is transferred when it is required in order to provide Services, to protect Privasfer or third-party legitimate interests (e.g. to prevent or to facilitate investigation of criminal or illegal acts) as well as in other cases foreseen by legal acts.
    2. Personal Data recipients. Privasfer may provide Personal Data to the following recipients and Privasfer account owner, manager or user using Services for Personal Data Processing agrees to such a Personal data transfer:
      1. law enforcement agencies: courts, law enforcement authorities, lawyers, state and municipal authorities, companies, institutions and organizations and to other similar recipients. Privasfer is obliged to share or delete Personal Data or other data processed while using Services in case of a legal request based on applicable laws, including based on copyright, privacy, commercial secrets, criminal and administrative laws;
      2. Privasfer account team members: the information sent via Services by Privacy account user will be accessible to Privasfer account owner and manager;
      3. service providers which in relation to Privasfer may act as data processors (e.g. storage server provider, email service processors, the accountant, advertising partners, marketing and communication agencies which may implement their own cookies which fall under their terms of services and privacy policies) or data recipients (e.g. Privasfer payment processors). In order to provide integrated Services (where Privasfer Services are integrated with another service, such as “Google” account, “Dropbox”, “Digital Ocean S3 Spaces”, “Vertexsms”, “Sendinblue”, “Cardinity”) Privasfer will connect that service with Privasfer service and consequently Privasfer will need to share some of Personal Data with such service provider involved. The terms and privacy statement of these third parties applies, at least for their part of Processing;
    3. Privasfer may engage Processors. The Processor’s activities and obligations are governed by the contract between the Controller and the Processor, except in cases, in which Data Processing on behalf of the Controller is performed in accordance with legal act, that is binding on the Processor or, where there is no possibility to conclude specific separate contract on Data Processing with particular service provider (Processor) publicly available rules will be followed (e.g. Terms and Conditions available via website of particular service provider). The same rules apply to Data Processing performed in the course of the Processor engaging the sub-processor.
    4. Processed Personal Data may be transferred to other parties only according to the procedure set out in the GDPR, other applicable legal acts, and to the extent specified under the Privacy Policy. Personal Data is transferred only to the extent it is necessary for the purpose Personal Data is transferred for. Currently Privasfer does not transfer Personal Data outside the European Union. Operating on global level Privasfer may decide to expand its Processing activities to countries outside of the European Economic Area (e.g. storage USA client Personal Data in servers located in the USA). Those countries may apply different data protection standards. If Privasfer transfers and stores Personal Data in countries outside of the European Economic Area, Privasfer will apply appropriate security safeguards to ensure adequate level of personal Data protection to the one within the EEA (e.g. by verifying that the recipient is EU-US Privacy Shield certified or by signing EU Standard Contractual Clauses).


  8. MISCELLANEOUS
    1. Privasfer can occasionally update this Privacy Policy to reflect changes in Privasfer practices and Services. In case of any material changes in the way Privasfer processes Personal Data, a notice of the changes will be posted on the website www.privasfer.com to notify website users and visitors. Please check website www.privasfer.com regularly to be aware of any changes in this Privacy Policy.
    2. If you have questions about the Privacy Policy, Data Processing performed by Privasfer or measures Privasfer applies to keep Content secure, please contact the Privasfer at policy@privasfer.com. Our preferred languages for communication with clients are English and Lithuanian.