Privacy Policy

Last Updated on June 27, 2022

Privacy Policy

This privacy policy (the “Privacy Policy”) is designed to help you understand what information is collected about you, including Personal Data and other information that directly identifies you or makes you identifiable, and how we use that information. Under all circumstances, we undertake to uphold the basic principles – you remain in control of your Personal Data and your data will be processed in a secure manner with transparency and confidentiality.

Definitions

  • Account: this means account created on the Platform by Mainlink in the interests of the Client following procedure under the General Terms of Use and controlled by Primary User, with the meaning under the General Terms of Use, also created by Mainlink.
  • Client: this means an entity that has subscribed to the Services offered by Mainlink under the separate agreement.
  • Data Controller: this means an entity that determines the purposes and means of the processing of Personal Data.
  • Data Processor: this means an entity that processes Personal Data on behalf of a Data Controller.
  • Data Protection Laws: this means all mandatory laws applicable to the processing of Personal Data, e.g. General Data Protection Regulation (“GDPR”).
  • Datasets: this means different data files transmitted to the Platform, as well as, controlled by the Client and used within the Services.
  • Personal Data: this means any information about, or related to, an identifiable individual. It includes any information that can be linked to an individual or used to directly or indirectly identify an individual, natural person.
  • Platform: this means cloud platform (Mainhive) offered by Mainlink utilizing smart tech aimed at secure data collection and implementation of automatization.
  • Services: this means subscription to the Platform under the separate agreement signed with the Client.
  • User: this means all categories of Account users described under the General Terms of Use.

The data controller’s identity

Mainlink acts as the Data Controller of any Personal Data of the Client’s authorized representatives collected and processed when the Client enters into the agreement for the Services. The Personal Data is also collected of any User who performs the registration procedure in order to access the Account and use the Services.

However, Mainlink acts as the Data Processor of the Personal Data collected and processed through the Client’s Account. As such, each Client will have the Data Controller status for the data carried out from his/her Account and any Datasets published on said Account. The processing of such data is governed by the Data Processing Agreement attached to the General Terms of Use.

The contact details of Mainlink are indicated at the end of this Privacy Policy.

Purposes, legal basis and period for data processing

Legal basis for collecting, using and processing the Personal Data will depend on the personal information concerned and the specific context in which Mainlink collects it. Mainlink as the Data Controller will normally collect personal information for the following purposes:

  • For concluding and performing the contracts by Mainlink.

The legal basis are:
1. contractual: data processing is required in order to execute pre-contractual measures, to manage and execute the contract, interact with the Client, manage the payments, etc.;
2. legitimate interests: data processing is required in order to ensure the best quality of the Services, for administrative purposes, etc.

The types of data to be processed: information about the Client, its authorized representatives’ identity, their contact details, information about the requests received, technical information, payment data.

Mainlink retains collected Personal Data for as long as needed to provide the Services to the Client and no longer than 10 years after termination of agreement signed between Mainlink and the Client. If Mainlink is involved in litigation or a governmental or regulatory investigation, then personal information is kept throughout the period of litigation or investigation and for a reasonable amount of time thereafter. If a settlement means that Mainlink has to keep personal information for longer, then Mainlink keeps personal information for the period required to administer the settlement.

  • For creation of Account and use of the Services.

The legal basis are:
1. contractual: data processing is required in order to perform, improve and develop the Services, interact with the Client and Users;
2. legitimate interests: data processing is required in order to ensure the best quality of the Services, as well as, for administrative, security, fraud prevention purposes.

The types of data to be processed: information about the Client, its authorized representatives’ identity, Users, their contact details, login data, login history, information about the Client’s customers, their contact details, IP address and other technical information.

Mainlink retains collected Personal Data for as long as the Account of the Client is active or as needed to perform contractual obligations, resolve disputes, preserve legal rights. Mainlink will delete information or anonymize it once it is no longer necessary to fulfill the purposes for which it was collected and processed.

  • For communication with Users.

The legal basis are:
1. contractual: data processing is required in order to perform, improve and develop the Services, interact with the Users, provide support services;
2. legitimate interests: data processing is required in order to ensure the best quality of the Services, as well as, for administrative, security, fraud prevention purposes.

The types of data to be processed: information about Users identity, their contact details, login data, login history, information about requests received.

Mainlink retains collected Personal Data for as long as needed to provide the Services to the Client.

  • For marketing purposes.

The legal basis are:
1. your consent: data processing is required for certain direct marketing purposes.

The types of data to be processed: information about the Client, its authorized representatives’ identity, their contact details, information about the offers to the Client.

Mainlink retains collected Personal Data for as long as needed to provide the Services to the Client.

In all cases, and with respect to the data processing for which Mainlink alone determines the reasons, Mainlink undertake to process all data collected in compliance with the Data Protection Laws.

Who receives the data

The access to the Personal Data collected and processed during provision of the Services will be given to authorized personnel of Mainlink.

Mainlink does not sell, trade, or otherwise transfer the information it collects to unaffiliated third parties. Mainlink does, however, share the information it collects with trusted third parties who assist in operating the Services, conducting the business, or servicing the Client, provided that those parties agree to keep such information confidential and secure. These trusted third parties include:

  • Subcontractors and others that help Mainlink with any of the purposes in this Privacy Policy, including by performing Services on Mainlink’s behalf. These parties are not permitted to use the information collected on Mainlink’s behalf except to help to conduct and improve the business;
  • Mainlink affiliates, parent companies, subsidiaries, and other related companies, all for the purposes in this Privacy Policy;
  • Third parties to respond or comply with, in Mainlink sole discretion, a court order, subpoena, law enforcement, or other government request (with or without notice to the Client, in Mainlink discretion) under applicable law;
  • Third parties, in Mainlink discretion, to: (i) satisfy any applicable law or regulation, (ii) enforce this Privacy Policy, including the investigation of potential violations thereof, (iii) investigate and defend Mainlink against any third party claims or allegations, or (iv) protect against harm to the rights, property or safety of Mainlink, the Services, other Users of the Services, or third parties; and
  • Other third parties with the Client’s consent.

Your rights to personal data

When Mainlink acts as the Data Controller, you can exercise the following rights under the GDPR directly with Mainlink:

  • A right to withdraw your consent at any time (GDPR Article 13-2c);
  • A right to access (GDPR Article 15), rectify (GDPR Article 16), update, and complete your data;
  • A right to lock or erase your Personal Data (GDPR Article 17) if it is inaccurate, incomplete, dubious, obsolete or are prohibited from being collected, used, shared or retained;
  • A right to restrict the processing of your data (GDPR Article 18);
  • A right of portability of the data you have provided to Mainlink when your data have undergone automated processing based on your consent or a contract (GDPR Article 20);
  • A right to object to the processing of your data (GDPR Article 21);
  • A right to determine what happens to your data after your death;
  • A right to submit a complaint against Mainlink to the supervisory authority. A list of supervisory authorities depending on your location is listed here: Our Members | European Data Protection Board (europa.eu) or with the State Data Protection Inspectorate as a Lithuanian supervisory authority (vdai.lrv.lt).

When Mainlink acts as the Data Processor, Mainlink will direct the person concerned to the Data Controller under the applicable Data Protection Laws for the exercise of the rights listed above.

Security

Mainlink makes every technical and organizational effort to ensure that processing of Personal Data is secure and the Personal Data remains confidential. As such, in terms of the nature of the data and the risks processing pose, Mainlink takes every necessary precaution to protect the security of the data and specifically to prevent them from being distorted, damaged or accessed by an unauthorized third party (physical protection of the premises, authentication procedures for people with access to the data with personal secure access using confidential usernames and passwords, encryption of certain data, etc.). Mainlink also contractually requires that its subcontractors protect such information from accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access.

Changes to privacy policy

If Mainlink decides to change this Privacy Policy, Mainlink will post those changes on this page.

The continued use of the Services after an updated Privacy Policy is posted constitutes the consent to the revised Privacy Policy.

Contact information

Please contact Mainlink by email at support@mainlink.net  if you have any concerns with respect to your privacy or prefer to exercise your rights provided under this Privacy Policy. Mainlink is committed to working with you to resolve any complaint or concern you may have with respect to your privacy.

We assure you that having received your request or complaint, we will inform you without undue delay, and in no event later than within 1 (one) month, about the progress of our investigation in response to your request regarding the exercise of your rights. The above period may be extended for another 2 (two) months depending on how complicated the request is and how many of such requests have been received. Should that be the case, we will let you know if the period has been extended and for what reasons within 1 (one) month after receiving your request.

Futher contact details of Mainlink:
UAB “Mainlink”
Code of a legal person: 305625336
Registered address: Ozo str. 12A-1, LT-08200 Vilnius, Lithuania
VAT number: LT100013405616