Privacy Policy for Clients Who Sign a Contract with Mainlink

Effective Date: 10-April- 2026
Updated on: 10- April – 2026

Privacy Policy

This privacy policy (the “Privacy Policy”) is designed to help you understand what information is collected about you, and how Mainlink uses that information. Under all circumstances, Mainlink undertakes to uphold the basic principles – you remain in control of your Personal Data and your data will be processed in a secure manner with transparency and confidentiality.

DEFINITIONS.

• Account: this means account created on the Platform in the interests of the Client following procedure under the General Terms of Use, (https://mainlink.net/general-terms-of-use/) including (a) the primary account created for the Primary User, with the meaning under the General Terms of Use, and (b) any other account created by the Primary User for the assigned user.
• Client: this means a business or entity that enters a contractual relationship with Mainlink under the Mainlink Service Agreement and, if applicable, the Sale-Purchase Agreement.
• Data Controller: this means an entity that determines the purposes and means of the processing of Personal Data.
• Data Processor: this means an entity that processes Personal Data on behalf of a Data Controller.
• Data Protection Laws: this means all applicable mandatory laws and regulations relating to the processing of Personal Data, as may be in force from time to time in the relevant jurisdiction, e.g. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”).
• Datasets: this means different data files transmitted to or processed within the Platform automatically from the Object by or on behalf of the Client, entered manually by the Client or, in exceptional circumstances, by Mainlink on behalf of the Client, and controlled by the Client for use within the Services. Datasets may include different types of data, including Personal Data.
• Object: this means a unit of hardware device (including Products, if applicable) installed at the premises of the Client’s end user and connected to the Platform or a virtual instance (including software-based or cloud-based components) that is integrated with and accessible via the Platform.
• Order: this means a purchase order submitted by the Client for the delivery of Products under a Service Order.
• Personal Data: this means any information about, or related to, an identifiable individual. It includes any information that can be linked to an individual or used to directly or indirectly identify an individual, natural person.
• Platform: thismeans a cloud-based Mainlink system, including its software, interfaces, databases, data processing tools, smart technologies, aimed at data collection and structuring, analysis, integration, monitoring, visualization and identifying of alerts, preparation of reports.
• Products: this means hardware devices or other tangible goods supplied by Mainlink under the Sale-Purchase Agreement, which may be used to collect, process, or transmit data to the Platform, but are not part of the Services.
• Services: this means all services provided or made available to the Client under Mainlink Service Agreement, including access to the Platform and related services, as further described in the applicable Service Order.  For the avoidance of doubt, Services do not include any sale of the Products.
• Service Order: this means a document executed between the Client and Mainlink under Mainlink Service Agreement specifying the scope of Services and, where applicable, Products.
• User: this means all categories of Account users described under the General Terms of Use.

THE DATA CONTROLLER’S IDENTITY.

Mainlink acts as the independent Data Controller in respect of:

(a) Personal Data of the Client or its authorized representatives collected and processed in connection with the conclusion and performance of Mainlink Service Agreement, the Sale-Purchase Agreement, and any related Service Orders or Orders;

(b) Personal Data of the User collected during the registration process for creation and administering of the Accounts;

(c) Personal Data of the User in connection with the ongoing administration and use of the Account and the Platform;

(d) Mainlink marketing programmes.

With respect to the Datasets transmitted to the Platform automatically, entered manually by the Client or, in exceptional circumstances, by Mainlink on behalf of the Client, Mainlink acts solely as a Data Processor. In such cases, the Client acts as the Data Controller, as it determines the purposes and means of the processing of the Personal Data contained in the Datasets. Mainlink processes such data only on behalf of the Client and in accordance with the Client’s documented instructions. The processing of such data is governed by the Data Processing Agreement (https://mainlink.net/contract-data-processing-agreement/)  which forms as a part of Mainlink Service Agreement and which sets out the subject matter, duration, nature and purpose of the processing, the types of Personal Data processed, and the obligations and rights of the Client as Data Controller and Mainlink as Data Processor. For the avoidance of doubt, this includes Personal Data collected through or generated by the use of the Products, where such data is transmitted to and processed within the Platform on behalf of the Client.

The contact details of Mainlink are indicated at the end of this Privacy Policy.

PURPOSES, LEGAL BASIS AND PERIOD FOR DATA PROCESSING.

Legal basis for collecting, using and processing the Personal Data will depend on the Personal Data concerned and the specific context in which Mainlink collects it. Mainlink as the Data Controller will normally collect Personal Data for the following purposes:

Purpose	Legal basis	Types of data processed	Retention period
Conclusion and performance of contracts	Performance of a contract – negotiation, conclusion and signing of Mainlink Service Agreement, Sale-Purchase Agreement, Service Orders and Orders, communication in relation to the provision of Services and delivery of Products, invoicing, accounting and payment processing. Legitimate interests – administration and performance of contractual relationships, service quality assurance.	Identification data (name, surname), position in the company, contact details (e-mail address, phone number, business address), signature data. Above data is collected and processed of representatives, contact persons, employees, authorized signatories and other individuals acting on behalf of the Client.	Personal Data is retained for as long as needed to provide the Services to the Client, and no longer than 10 years after termination of the contractual relationship, unless longer retention is required by applicable law. If Mainlink is involved in litigation or a governmental or regulatory investigation, then personal information is kept throughout the period of litigation or investigation and for a reasonable amount of time thereafter. If a settlement means that Mainlink has to keep personal information for longer, then Mainlink keeps personal information for the period required to administer the settlement.
Registration and creation of User Accounts	Performance of a contract – creation and activation of the Account, verification of User identity and authorization, administration and management of access rights, maintenance, modification, suspension or deactivation of Accounts, communication relating to Account administration and technical matters. Legitimate interests – , ensuring security, integrity and stability of the Platform, preventing fraudulent registrations.	Identification data (name, surname), position in the company, business contact details (e-mail address, phone number), Account data and authentication details (username, password, other login credentials), access rights and Account-related administrative data (e.g. User’s roles).   Above data is collected and processed of employees, representatives, authorized users and other individuals entitled by the Client to access and use the Platform, via Account, on behalf of the Client.	Personal Data is retained for as long as the User Account remains active or as needed to perform contractual obligations, resolve disputes, preserve legal rights. Mainlink will delete information or anonymize it once it is no longer necessary to fulfill the purposes for which it was collected and processed.
Administration and use of the Platform and Accounts	Performance of a contract – administration and maintenance of the Accounts, monitoring authorized use of the Platform, detection and prevention of unauthorized access, security incidents, provision of technical support and handling the requests relating to functioning of the Platform. Legitimate interests – ensuring security, integrity and stability of the Platform, fraud prevention and service improvement.	Identification data (name, surname), position in the company, business contact details (e-mail address, phone number), account data and authentication details (username, password, other login credentials), access logs, user activity data, technical identifiers (IP address, device information), support related communications (email inquiries, phone call records, support tickets, chat history). Above data is collected and processed of employees, representatives, authorized users and other individuals entitled by the Client to access and use the Platform, via Account, on behalf of the Client.	Personal Data is retained for as long as the User Account remains active or as needed to perform contractual obligations, resolve disputes, preserve legal rights. Mainlink will delete information or anonymize it once it is no longer necessary to fulfill the purposes for which it was collected and processed.
Mainlink marketing programs	Consent or legitimate interests (where permitted by applicable law) – promotion of the Services and Products, and provision of related information, maintenance of business relationships, carrying out direct marketing communications.	Identification data (name, surname), position in the company, contact details (e-mail address, phone number, business address). Above data is collected and processed of employees, representatives, and other individuals acting on behalf of the existing or potential client.	Personal Data is retained until the individual withdraws consent or objects to receiving marketing communications, unless a longer retention period is required to demonstrate compliance with applicable laws.

WHO RECEIVES THE DATA.

The access to the Personal Data collected and processed in connection with the Services and the sale of Products will be given to authorized personnel of Mainlink.

Mainlink does not sell, trade, or otherwise transfer the information it collects to unaffiliated third parties. Mainlink does, however, share the information it collects with trusted third parties who assist in operating the Services, supplying Products, conducting the business, or servicing the Client, provided that those parties agree to keep such information confidential and secure. These trusted third parties include:

• Subcontractors and others that help Mainlink with any of the purposes in this Privacy Policy, including by performing Services on Mainlink’s behalf. These parties are not permitted to use the information collected on Mainlink’s behalf except to help to conduct and improve the business;
• Mainlink affiliates, parent companies, subsidiaries, and other related companies, all for the purposes in this Privacy Policy;
• Third parties to respond or comply with, in Mainlink sole discretion, a court order, subpoena, law enforcement, or other government request (with or without notice to the Client, in Mainlink discretion) under applicable law;
• Third parties, in Mainlink discretion, to: (i) satisfy any applicable law or regulation, (ii) enforce this Privacy Policy, including the investigation of potential violations thereof, (iii) investigate and defend Mainlink against any third party claims or allegations, or (iv) protect against harm to the rights, property or safety of Mainlink, the Services, other Users of the Services, or third parties; and
• Other third parties with the Client’s consent.

Mainlink processes and stores Personal Data within the European Economic Area (EEA). Where Mainlink engages cloud service providers or other subcontractors for hosting or technical infrastructure, such providers are contractually bound to process Personal Data exclusively within the EEA and in compliance with the Data Protection Laws.

YOUR RIGHTS TO PERSONAL DATA.

When Mainlink acts as the Data Controller, you can exercise the following rights under the GDPR directly with Mainlink:

• A right to withdraw your consent at any time (GDPR Article 13-2c);
• A right to access (GDPR Article 15), rectify (GDPR Article 16), update, and complete your data;
• A right to lock or erase your Personal Data (GDPR Article 17) if it is inaccurate, incomplete, dubious, obsolete or are prohibited from being collected, used, shared or retained;
• A right to restrict the processing of your data (GDPR Article 18);
• A right of portability of the data you have provided to Mainlink when your data have undergone automated processing based on your consent or a contract (GDPR Article 20);
• A right to object to the processing of your data (GDPR Article 21);
• A right to determine what happens to your data after your death;
• A right to submit a complaint against Mainlink to the supervisory authority. A list of supervisory authorities depending on your location is listed here: Our Members | European Data Protection Board (europa.eu) or with the State Data Protection Inspectorate as a Lithuanian supervisory authority (www.vdai.lrv.lt).

When Mainlink acts as the Data Processor, Mainlink will direct the person concerned to the Data Controller under the applicable Data Protection Laws and Data Processing Agreement for the exercise of the rights listed above.

SECURITY.

Mainlink makes every technical and organizational effort to ensure that processing of Personal Data is secure and the Personal Data remains confidential. As such, in terms of the nature of the data and the risks processing pose, Mainlink takes every necessary precaution to protect the security of the data and specifically to prevent them from being distorted, damaged or accessed by an unauthorized third party (physical protection of the premises, authentication procedures for people with access to the data with personal secure access using confidential usernames and passwords, encryption of certain data, etc.). Mainlink also contractually requires that its subcontractors protect such information from accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access.

CHANGES TO PRIVACY POLICY.

If Mainlink decides to change this Privacy Policy, Mainlink will post those changes on this page.

The continued use of the Platform after publication of an updated Privacy Policy constitutes your acknowledgment of the changes.

CONTACT INFORMATION.

Please contact Mainlink by email at support@mainlink.net if you have any concerns with respect to your privacy or prefer to exercise your rights provided under this Privacy Policy. Mainlink is committed to working with you to resolve any complaint or concern you may have with respect to your privacy.

Mainlink assures you that after receipt of your request or complaint, Mainlink will inform you without undue delay, and in no event later than within 1 (one) month, about the progress of Mainlink’s investigation in response to your request regarding the exercise of your rights. The above period may be extended for another 2 (two) months depending on how complicated the request is and how many of such requests have been received. Should that be the case, Mainlink will let you know if the period has been extended and for what reasons within 1 (one) month after receiving your request.

Futher contact details of Mainlink:

UAB “Mainlink”
Code of a legal person: 305625336
Registered address: Ozo str. 12A-1, LT-08200 Vilnius, Lithuania
VAT number: LT100013405616