This privacy policy (hereinafter the ‘Privacy Policy’) provides information on how AB “Zebracloud” (hereinafter the ‘Company’, ‘we’ or ‘us’) processes personal data of its customers and their representatives, providers, partners and their representatives, visitors and users of the website www.zebrasign.com and the Company’s smart device apps “ZebraSign Signature Pad”, “ZebraSign Mobile” and “ZebraSign Spausdintuvas” (hereinafter the ‘Platform’), as well as personal data of interested parties who contact us by phone, email and using other means, that are received, collected and stored when you visit the Platform, use the services provided by the Company, or otherwise provide your personal data to us.
It is important that you read this Privacy Policy carefully, because each time you visit our Platform, order or use the services of the Company, or otherwise provide personal data to us, you must familiarise yourself with the terms and conditions described in this Privacy Policy. This means that you are legally obliged to comply with the provisions of this Privacy Policy. If these terms and conditions are not acceptable to you, you should not use the Platform and/or provide us with your personal data.
This Privacy Policy describes the personal data we collect about you, how we obtain them, on what basis and for what purposes we use them, how we use them, how long we store your personal data, with whom we share them, how we take care of your personal data, as well as what rights you have in the context of your personal data processing. We respect your privacy and aim to protect your personal data.
| Personal data | Means any information relating to a living individual who is or may be directly or indirectly identified. Separate parts of the information, which, when obtained together, can also help identify a specific person, also constitute personal data. In the context of this Privacy Policy, personal data shall be understood as provided for in Section 4. |
| GDPR | Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation). |
| Data Processor | Means the entity that processes personal data on behalf of the Data Controller. |
| Identification Data or Login Data | User identification data (email address and password) provided by the User or transmitted through third parties – Apple, Inc. (Apple), Meta Platforms, Inc. (Facebook) and Google LLC (Google). Please note that when registering or logging in to the Account with the assistance of the aforementioned third parties, the User will be suggested with an option to choose to link these third-party platforms to the Account so that the next time the User logs in to the Account, the User will no longer needs to enter a password. |
| Internet protocol (IP) address | A unique number identifying the Smart Device that connects to the internet. An IP address can be used to identify the location where your Smart Device is connected to the internet. |
| Smart Device | A computer, phone, tablet, or other smart device that is used to access the Platform and/or use the services provided by the Company. |
| Data uploaded by you to the Account | Electronic documents uploaded by the User to the Account and related information, including personal data (such as personal data of the User signing the document or personal data contained in the content of the document, which may be entered when filling in the assigned fields of the relevant document in the Account, as well as data for the compilation of a VAT invoice) or data otherwise provided to us. This data shall be processed solely in accordance with the instructions provided by you. We are acting as the processor for this information. All this information is stored and processed within the European Union/European Economic Area (EU/EEA). |
| Customer or User, you | Any natural or legal person using the Platform and/or the Company’s Services, regardless of whether such person has created the Account. This term also includes the Account administrator (if such a role has been assigned to any User in the Account), who will have full access to your Account. The Account administrator is able to access all electronic documents and data uploaded by you to the Account, suspend or terminate access to your User Account and obtain your Platform usage information. |
| Browser | A software application that helps User to access web pages on the web on the User’s Smart Device. |
| Account | The User’s account on the Platform that the User creates by logging in with Identification (or Login) Data to use the Company’s Services provided on the Platform. |
| Services | Services that provide the Customer with an ability, including, but not limited to, to upload, store, process, sign with a qualified electronic signature and/or handwritten signature, and archive electronic documents and/or data, as provided for in the Terms of Service, for example, the ability to: ■ compile electronic documents in various formats and sign them using qualified electronic signature tools: “Smart-ID” and “Mobile-ID” (mobile signature); ■ compile electronic documents in various formats and sign them with a handwritten signature (using both a simple handwritten signature and a handwritten signature with an electronic seal and a time stamp); ■ invite other persons to sign electronic documents; ■ track the process of signing electronic documents; ■ save and archive signed electronic documents; ■ share signed electronic documents with other persons; ■ create electronic documents in the Account by filling in the relevant fields, categorise them, divide them into catalogues according to the type of the electronic document; ■ create templates of electronic documents in the Account; ■ form a list of contacts in the Account and use it for more convenient creation of the electronic document signing sequence; ■ verify the data of a qualified electronic certificate; ■ mark electronic documents with electronic time stamps; ■ purchase additional qualified signatures in units without purchasing the respective Services Plan; ■ perform a multi-party signing by inviting a business partner to sign an electronic document. Specific functionalities, the scope of Services and/or specific terms and conditions for the provision of Services may be defined by: ■ standard Services and pricing plans offered by us on our website and/or provided to the Customer through other means of electronic communication and accepted (ordered, subscribed) by the Customer; ■ specific Services at a special price offered by us to the Customer by other means of electronic communication and accepted (ordered, subscribed) by the Customer. For the avoidance of doubt, such specific Services may be provided upon your acceptance (order, subscription) in addition to (on top of) any Services and pricing plans already ordered and used by you; ■ special terms and conditions for the provision of services agreed between the Customer and the Company. Services can be provided on a one-time basis, as well as on a subscription basis for a certain period of time. |
| Platform | Website www.zebrasign.com and Smart Device apps “ZebraSign Signature Pad”, “ZebraSign Mobile” and “ZebraSign Printer”. A more detailed definition is provided in the Terms of Service. |
| Cookies | Computer data (usually small text files) that the Platform may store in your Smart Device Browser. As a result, the Platform may ‘remember’ your actions and preferences (such as your login name, language and other display options) for the period specified in each cookie settings, so that you do not have to re-enter them each time you visit the Platform. This term includes not only cookies, but also the use of similar tools (e.g. Flash cookies, Web beacons, Pixel Tags, clear GIFs). |
| Agreement with the Customer, Terms of Service | This means the General Terms of Service. |
The Company is the Data Controller of your personal data specified in this Privacy Policy:
| Name | Zebracloud, AB |
| Legal person number | 305694624 |
| Address | Verkių g. 34-2, LT-08221 Vilnius, Lithuania |
| info@zebrasign.com | |
| Phone | +370 619 61444 |
While you are using the Platform and the services offered on it, we obtain and process your Personal data. When processing your Personal data, we comply with the provisions of the GDPR, the Law on Legal Protection of Personal Data of the Republic of Lithuania, the Law on Electronic Communications of the Republic of Lithuania and other directly applicable personal data protection regulations, as well as the instructions of data protection supervisory authorities.
! In cases where we process Data uploaded by you to the Account, including their storage and archiving, we act as the Data Processor of the personal data you have provided. We do not assume responsibility for any personal data stored in the Account at your discretion (Data uploaded by you to the Account), including, but not limited to, electronic documents, personal data of the other party signatory of the electronic document, and other information provided by you in the Account. We also do not assume responsibility for the manner in which you collect, handle, disclose, distribute or otherwise process such data.
Please note that in cases where we act as the Data Processor, we are guided by the terms and conditions of the Personal Data Processing Agreement concluded with you, and establish security measures that are no less extensive than those provided for in the GDPR.
If you have any questions about the information set out in this Privacy Policy, you may contact the Company at any time using the contact details provided above.
The Platform and/or the Services provided by the Company may be used by persons at least 18 years old. If you are between 14 and 18 years old, please read this Privacy Policy carefully with your parent or guardian to understand and comply with it. The Company does not collect personal data of persons under the age of 14, so if you are younger than 14, you should not provide your personal information to the Company.
Please do not provide the Company with any personal data about you if you do not want such information to be used in any way.
In cases where you provide personal data of third parties when using the Platform and/or the Company Services, you are responsible for notifying the persons whose data you provide to the Company about the processing of their personal data and familiarising them with this Privacy Policy.
When you use the Platform and/or the Services provided by the Company, the Company processes your personal data for the following purposes and on the legal bases related to them:
| Purpose | In order for you to receive the Service, it is necessary that you create an Account on the Platform through which the Services of the Company are ordered, for example: ■ creating an Account by entering an email address and the desired password in the section of the Platform called “Register”; ■ creating an Account by using the accounts on the platforms of third parties, i.e. Apple, Facebook and Google, and by providing the Platform with access to the data of these third party accounts; ■ adjustment of Account settings and data. |
| Data subjects | Persons who have created an Account on the Platform or their representatives (e.g. representatives of business customers). |
| Personal data | ■ name, surname; ■ password; ■ email address; ■ city, country (if you submit this information yourself); ■ position (if you are a representative of business customers and you submit this information yourself); ■ company name (if an Account is registered on behalf of the company); ■ additional Account information provided by the User; ■ unique User token if you are using “ZebraSign Mobile”; ■ Apple, Facebook, and Google account IDs, including name and surname, and email address, if the Account is registered through Apple, Facebook, and Google platform accounts. Please note that the amount of personal data provided by you and processed by us may vary depending on the method of registration on the Platform chosen by you and the functions you use on the Platform; therefore, the volume of your personal data that is actually processed may be lower than specified above. Registration of the Account on the Platform requires only your email address and password, or the above-mentioned data of Apple, Facebook and Google accounts, if you choose this method of registration. |
| Data sources | Persons who have created an Account on the Platform or their representatives and, if the Account is registered through the use of accounts on the platforms of third parties, i.e. Apple, Facebook and Google, these third parties. |
| Legal basis | We process personal data in order to conclude and perform the Agreement with you, i.e. in order to allow you to create and manage an Account on the Platform (Article 6(1)(b) of the GDPR), or to allow you to create and manage an Account for the legal person you represent (Article 6(1)(f) of the GDPR). We will only receive data from your Apple, Facebook and Google accounts if you choose to register using this method. In the event that you fail to provide the above data required to register an Account, we will unfortunately not be able to provide you with the possibility to create an Account or use all or part of its functions. |
| Data storage | The personal data referred to in this Section will be stored until your Account is deleted. In the event that you no longer wish to use the Account, you have the right to delete it (and the Data uploaded by you to the Account) at any time – you must select the “Other Settings” section of the Account and click the “Delete Account” button, or contact the Company at info@zebrasign.com. Once you delete your User Account, its content (Data uploaded by you to the Account) will be deleted within 14 calendar days of the date of removal of the Account. Please note that inactive free accounts are deleted along with the Data uploaded by you to the Account without the possibility of reproducing them if you have not used the Platform Services for a period of two years as of the date of your last visit to the Platform. This does not apply to paid accounts. Please note that if you have ordered the relevant Platform Services using the Account, the relevant personal data will be stored for the periods set out in Section 4.2 of this Privacy Policy. If we have a legal obligation to store your personal data for a longer period, the relevant personal data will be stored for the periods specified in Sections 4.3 to 4.4 of this Privacy Policy. In individual cases, in accordance with the requirements of the applicable legislation or in the case specified in Section 4.14 of this Privacy Policy, your personal data may be stored for a longer period. |
| Purpose | Use of the Platform and provision of the Services to the Users of the Platform and enabling them to use the Platform functions, such as: ■ uploading of electronic documents; ■ signing of electronic documents; ■ creation of electronic document templates in the Account; ■ purchase of additional qualified signatures in units without purchasing the respective Services Plan; ■ ordering of and payment for additional paid services or plans on the Platform; ■ submission of notifications to the Users of the Platform using their contact details on important aspects related to the Services (not for direct marketing purposes). You can manage this type of incoming system notifications in your Smart Device settings. |
| Data subjects | Persons who use the Platform Services or their representatives (e.g. representatives of business customers). |
| Personal data | ■ name, surname; ■ email address; ■ mobile phone number; ■ personal identification number (please note that the Company does not store this personal data unit – when you sign an electronic document using the qualified electronic signature tools “Smart-ID” or “Mobile-ID”, it is transferred to the qualified trust service provider); ■ country (if you wish to sign electronic documents with a qualified electronic signature using “Smart-ID”, you will be asked to specify the country at the time of signing the electronic document); ■ billing information (e.g. payment card information (e.g. payment amount), payment method, other related information such as purpose, date, IP address) in the event where you use the paid Services provided on the Platform in accordance with the selected service plan; ■ bank account data; ■ information about your activities on the Platform (e.g. uploaded electronic documents and their content, time of last login); ■ data on the purchased Services of the Company (purchase history); ■ system settings, Platform notification language; ■ your communication with the Company regarding the purchased Services; ■ special category (biometric) personal data (handwritten signature coordinates, pressure strength of electronic writing measure, speed) – these data are processed whenever the User signs an electronic document with a handwritten signature. In the event that the electronic document is not signed with an electronic writing measure, only the speed and coordinates of the handwritten signature will be processed. Please note that the processing of these personal data may be relevant in cases of authentication of the handwritten signature in the institutions performing this function; ■ additional information provided by the User. Given that the Company Services are provided through the Account on the Platform, the Account data specified in Section 4.1 of this Privacy Policy are also processed. Please note that the amount of personal data provided by you and processed by us may vary depending on the Platform functions you use; therefore, the volume of your personal data that is actually processed may be lower than specified above. |
| Data sources | The Company obtains personal data directly from persons using the Platform Services or their representatives (e.g. representatives of business customers). If you make payments on the Platform, we may also obtain (as well as provide) relevant data from payment collection or administration service providers, financial institutions, or other payment intermediaries, depending on your chosen method of payment for services, for example, we use Stripe, Inc. and “Montonio Finance” services to accept and process payments by card and/or wire transfer. You can learn how Stripe, Inc. processes your personal data here: https://stripe.com/en-lt/privacy, and how UAB “Montonio Finance” processes your personal data here: Privacy Policy – Montonio. We may also obtain your personal data from the Apple, Google or Facebook platforms if you purchase the Services through the Platform Account associated with the accounts of these platforms. |
| Legal basis | We process personal data in order to conclude and perform the Agreement with you, i.e. to provide you with access to the Platform and additional services if you order them and to ensure proper performance of the Agreement with you (Article 6(1)(b) of the GDPR), and in order to pursue our legitimate interest to conclude the Agreement for the provision of relevant services with the legal person represented by you, and to administer the operation of the Platform and ensure compliance with the Terms of Service (Article 6(1)(f) of the GDPR). Special categories of personal data (biometric data) shall be processed only with your given explicit consent (Article 9(2)(a) of the GDPR). In the event that you do not provide the data referred to in this Clause, we may not be able to provide the Platform Services to you. |
| Data storage | Data that must be stored for the minimum terms set out in the legislation (e.g. the Index of the Terms for Storage of General Documents) will be stored in accordance with the terms set out in the relevant legal act, e.g. accounting documents confirming a business transaction or business event (invoices, payment orders, etc.) and personal data contained therein, billing information (if you had chosen a paid Services package) will be stored for 10 years. Biometric personal data will be processed, including storage thereof, until your consent is withdrawn or for 1 year after the deletion of your Account, whichever circumstance occurs first. In individual cases, in accordance with the requirements of the applicable legislation or in the case specified in Section 4.14 of this Privacy Policy, your personal data may be stored for a longer period. |
| Purpose | Compliance with the legal requirements applicable to the Platform and the Company (e.g. legal acts regulating the organisation and management of payment accounting). |
| Data subjects | Persons using the Platform Services or their representatives. |
| Personal data | ■ name, surname; ■ email address; ■ mobile phone number; ■ personal identification number; ■ billing information (e.g. payment card information (e.g. payment amount), payment method, other related information such as purpose, date) in the event where you use the paid Services provided on the Platform in accordance with the selected service plan; ■ bank account data; ■ taxpayer identification numbers and the countries that issued them (e.g. for Lithuanian citizens this is a personal identification number). If the taxpayer identification number has not been issued, the taxpayer’s place of birth – country and city; ■ VAT number, if available; ■ address; ■ country of residence; ■ additional information provided by the User; ■ other personal data relating to you provided for the purposes of personal data processing specified in Section 4 of the Privacy Policy, but only to the extent it is reasonably necessary to implement the legal requirements applicable to the Company. Please note that the amount of personal data provided by you and processed by us may vary depending on the Platform functions you use; therefore, the volume of your personal data that is actually processed may be lower than specified above. |
| Data sources | Persons using the Platform Services and their activities on the Platform. If you make payments on the Platform, we may also obtain relevant data from payment collection or administration service providers, financial institutions or other payment intermediaries, depending on the payment method you have chosen. The Company also has the right to request additional information from you as specified in the Terms of Service. |
| Legal basis | We process personal data in order to comply with the legal requirements applicable to us (Article 6(1)(c) of the GDPR). In the event that you do not provide the data referred to in this Section, we may not be able to provide the Platform Services to you or other statutory consequences may apply. |
| Data storage | Data contained in electronic documents that must be stored for the minimum terms set out in the legislation (e.g. the Index of the Terms for Storage of General Documents) will be stored for the terms set out in the relevant legal act. In individual cases, in accordance with the requirements of the applicable legislation or in the case specified in Section 4.14 of this Privacy Policy, your personal data may be stored for a longer period. |
| Purpose | The Company has the purpose of ensuring that the Platform and the Platform Users’ activities shall comply with applicable legislation and the Terms of Service and that the Platform is secure, including: ■ ensuring that Users of the Platform do not use it in a manner incompatible with the applicable legislation and the Terms of Service; ■ application of measures set out in the Terms of Service, e.g. Account deletion or temporary suspension and notifying Users of the application of such measures. |
| Data subjects | Persons who have created an Account on the Platform or their representatives. |
| Personal data | ■ name, surname; ■ email address; ■ mobile phone number; ■ billing information (e.g. payment card information (e.g. payment amount), payment method, other related information such as purpose, date) in the event where you use the paid Services provided on the Platform in accordance with the selected service plan; ■ Smart Device information (e.g. device identifier); ■ IP address; ■ additional information provided by the User. Please note that the amount of personal data provided by you and processed by us may vary depending on your activities on the Platform; therefore, the volume of your personal data that is actually processed may be lower than specified above. |
| Data sources | Persons using the Platform Services or their representatives. |
| Legal basis | We process personal data in order to comply with legal obligations applicable to us (Article 6(1)(c) of the GDPR), to properly perform the Agreement (the Terms of Service) (Article 6(1)(b) of the GDPR) and in order to pursue our legitimate interest to ensure the security of the Platform and the compliance of the Platform Users’ activities with the Terms of Service and legislation (Article 6(1)(f) of the GDPR). |
| Data storage | Personal data provided for the purposes specified in this Section will be stored until your account is deleted and for another 2 years. In individual cases, in accordance with the requirements of the applicable legislation or in the cases specified in Section 4.14 of this Privacy Policy, your personal data may be stored for a longer period. |
| Purpose | Conclusion and execution of agreements with the Company’s Customers or actions to conclude these agreements. |
| Data subjects | Customers and potential Customers and their representatives. |
| Personal data | ■ name and surname; ■ email address; ■ mobile phone number; ■ address (if you submit this information yourself); ■ position (if you submit this information yourself); ■ the represented person (e.g. name, surname or legal person’s name, contact details of such person and information about your relations with them, if the agreement is concluded with a legal person); ■ billing information (e.g. payment card information (e.g. payment amount), payment method, other related information such as purpose, date) in the event where you use the paid Services provided on the Platform in accordance with the selected service plan; ■ bank account data; ■ text of correspondence with the Company. Please note that the amount of personal data provided by you and processed by us may vary depending on your activities on the Platform; therefore, the volume of your personal data that is actually processed may be lower than specified above. |
| Data sources | The Company obtains personal data directly from you or collects them in the context of the execution of the agreement with you. |
| Legal basis | We process personal data in order to conclude, when concluding, or executing agreements with our Customers (Article 6(1)(b) of the GDPR), or having a legitimate interest to maintain contact with Customers and ensure proper execution of contractual obligations (Article 6(1)(f) of the GDPR). In the event that you do not provide the data referred to in this Section, you may unfortunately lose the possibility to enter into an agreement with the Company or certain restrictions may apply. |
| Data storage | Your personal data are stored for 10 years as of the expiry of the agreement. In the absence of an agreement, the data related to the communication will be stored for 2 years after the respective submission of the data. In individual cases, in accordance with the requirements of the applicable legislation or in the cases specified in Section 4.14 of this Privacy Policy, your personal data may be stored for a longer period. |
| Purpose | Conclusion and execution of agreements with partners and service providers or actions to conclude these agreements. |
| Data subjects | Service providers and partners, potential service providers and partners and their representatives. |
| Personal data | ■ name, surname; ■ position (if you submit this information yourself); ■ email address; ■ phone number; ■ the represented person (e.g. name, surname or legal person’s name, contact details of such person and information about your relations with them, if the agreement is concluded with a legal person); ■ information related to payments, including bank account number, according to concluded agreements; ■ content of correspondence or other information related to the conclusion or performance of the agreement. Please note that the amount of personal data provided by you and processed by us may vary depending on your activities on the Platform; therefore, the volume of your personal data that is actually processed may be lower than specified above. |
| Data sources | The Company obtains personal data directly from the Data subject or collects them in the context of the performance of the agreement with the Data subject. |
| Legal basis | Fulfilment of our legal obligations (for example, accounting requirements) (Article 6(1)(c) of the GDPR), conclusion and performance of an agreement with a partner or service provider (natural person) (Article 6(1)(b) of the GDPR) and our legitimate interest to conclude and perform agreements and maintain contact with partners or service providers (legal persons) and ensure proper execution of contractual obligations (Article 6(1)(f) of the GDPR). In the event that you do not provide the relevant personal data, we may not be able to conclude and/or execute the agreement concluded with the respective partner or service provider. |
| Data storage | Your personal data are stored for 10 years as of the expiry of the agreement. In the absence of an agreement, the data related to the communication will be stored for 2 years after the respective submission of the data. In individual cases, in accordance with the requirements of the applicable legislation or in the cases specified in Section 4.14 of this Privacy Policy, your personal data may be stored for a longer period. |
| Purpose | The Company has the purpose to administer its social media (Facebook and LinkedIn) accounts and communicate with social media users. |
| Data subjects | Users of the Facebook and LinkedIn social media networks communicating with the Platform accounts. |
| Personal data | ■ name and/or surname of the profile in the social media network; ■ profile picture; ■ public comments and other interactions with the Platform’s social media accounts; ■ the content of correspondence with the Company, if any. Please note that the amount of personal data provided by you and processed by us may vary depending on your chosen method of communication; therefore, the volume of your personal data that is actually processed may be lower than specified above. |
| Data sources | The Company receives personal data directly from you and/or from the relevant social network mentioned above. |
| Legal basis | Our legitimate interest to communicate with Facebook and LinkedIn users in the Platform accounts (Article 6(1)(f) of the GDPR). |
| Data storage | Taking into account that the Company does not administer the aforementioned social networks, but only its own accounts therein, and acts as a joint data controller together with the companies administering the aforementioned social networks, we invite you to get acquainted with information about the processing of your personal data provided in the privacy documents of these social networks: ■ Facebook (https://www.facebook.com/privacy/explanation), ■ LinkedIn (LinkedIn Privacy Policy) |
| Purpose | Recording of actions on the Company’s Platform in order to ensure the security of information systems and compliance with the established information security requirements and the ability for the User to check the actions performed by the User (e.g. to check whether an electronic document has been signed, which parties have signed, reviewed or downloaded this document). |
| Data subjects | Persons who log in to the Platform, as well as persons invited by the Account User to sign an electronic document. |
| Personal data | ■ IP addresses of the signatories of the electronic document; ■ unique User token if you are using “ZebraSign Mobile”; ■ login data (e.g. time stamp, type and version of used Browser, used operating system); ■ information about your visit to the Platform and/or the Account (e.g. date and time when you last visited the Platform, were logged in to your Account, number of visits, viewed pages of our website); ■ data on the status of the electronic document and the actions taken with it (e.g. who initiated, viewed or signed the electronic documents); ■ special category (biometric) personal data (handwritten signature coordinates, pressure strength of electronic writing measure, speed) – these data are processed whenever the User signs an electronic document with a handwritten signature. In the event that the electronic document is not signed with an electronic writing measure, only the speed and coordinates of the handwritten signature will be processed. Please note that the processing of these personal data may be relevant in cases of authentication of the handwritten signature in the institutions performing this function; ■ data related to the use of a digital certificate or digital signature (e.g. identifiers and contact information (e.g. electronic signature)), metadata of signed electronic documents; ■ Smart Device information (e.g. device identifier). Please note that the amount of personal data provided by you and processed by us may vary depending on your chosen method of communication; therefore, the volume of your personal data that is actually processed may be lower than specified above. |
| Data sources | Persons logging in to the Platform. |
| Legal basis | We process personal data in order to pursue the legitimate interest of the Company to ensure the security of the Platform and compliance with the established information security requirements, to analyse the availability and quality of our Services and individual functions of the Platform, to improve the Services, and to develop new products, features and functions (Article 6(1)(f) of the GDPR). Special categories of personal data (biometric data) will be processed only with your given explicit consent (Article 9(2)(a) of the GDPR). |
| Data storage | In order to ensure reliable and secure provision of the Services, we store information about your activities (actions you take when using the Services) in the records of IT systems. Such information related to your activities may contain personal data as provided for in this Section. Such information is stored in our backups for 90 days. The aforementioned information will be removed from our backups within one week of the end of the storage period. Biometric personal data will be processed, including storage thereof, until your consent is withdrawn or for 1 year after the deletion of your Account, whichever circumstance occurs first. In individual cases, in accordance with the requirements of the applicable legislation or in the cases specified in Section 4.14 of this Privacy Policy, your personal data may be stored for a longer period. |
| Purpose | The Company has the purpose to notify you of news and provide other information about the offered services and/or proposals. |
| Data subjects | ■ persons who use the Platform services and at that time or at any time thereafter did not object to the use of their personal data for the purpose of direct marketing in cases where marketing of similar services of the Company is carried out; ■ persons who have given their consent to the processing of their personal data for the purpose of direct marketing. |
| Personal data | ■ name; ■ surname; ■ email address; ■ phone number; ■ information about the Platform services you use. Please note that the amount of personal data provided by you and processed by us may vary depending on your direct marketing choices; therefore, the volume of your personal data that is actually processed may be lower than specified above. |
| Data sources | Data subjects. |
| Legal basis | ■ Your consent to the processing of personal data for the purpose of direct marketing (Article 6(1)(a) of the GDPR); or ■ our legitimate interest to notify the Users of the Platform about the similar services of the Company (Article 6(1)(f) of the GDPR). Pursuant to our legitimate interest to notify the Users of the Platform about the similar services of the Company, the Company will process your personal data for the purpose of direct marketing only when all of the following conditions are met: ■ when ordering a service on the Platform, you did not expressly object to the sending of direct marketing messages; ■ each time we send a direct marketing message, you will be given the opportunity to opt out of receiving direct marketing messages by notifying us on the specified email or by other means specified in this Privacy Policy; ■ your personal data will only be processed on this basis for the marketing of similar services of the Company. |
| Data storage | Your personal data will be processed for the purpose specified in this Section for 2 years as of the date of their collection or until your objection to such processing of personal data, or until the withdrawal of your consent to the processing of personal data for this purpose, whichever circumstance occurs first. In individual cases, in accordance with the requirements of the applicable legislation or in the cases specified in Section 4.14 of this Privacy Policy, your personal data may be stored for a longer period. |
| Purpose | The Company has the purpose of conducting surveys on the quality of the Platform and the Services provided thereon. |
| Data subjects | Persons who have given their consent to the processing of their personal data for the purpose of conducting surveys. |
| Personal data | ■ name, surname; ■ email address; ■ phone number; ■ information about the Platform services you use. Please note that the amount of personal data provided by you and processed by us may vary depending on your survey choices; therefore, the volume of your personal data that is actually processed may be lower than specified above. |
| Data sources | Data subjects. |
| Legal basis | Your consent to the processing of personal data for the purpose of conducting surveys (Article 6(1)(a) of the GDPR). |
| Data storage | Your personal data will be processed for the purpose specified in this Section for 2 years as of the date of their collection or until the withdrawal of your consent to the processing of personal data for this purpose, whichever circumstance occurs first. In individual cases, in accordance with the requirements of the applicable legislation or in the cases specified in Section 4.14 of this Privacy Policy, your personal data may be stored for a longer period. |
| Purpose | Publishing of news and relevant information related to the Company’s partners, service providers and/or other persons in public spaces (for example, on the Platform, in social media). |
| Data subjects | ■ partners/service providers; ■ customers; ■ other persons related to the activities of the Company. |
| Personal data | ■ name, surname, position held, represented entity; ■ person’s image (photo); ■ content of the feedback on the services provided by the Company; ■ other information specified in the relevant news or notification. Please note that the amount of personal data provided by you and processed by us may vary depending on your choices; therefore, the volume of your personal data that is actually processed may be lower than specified above. |
| Data sources | The Company receives personal data directly from you. |
| Legal basis | Consent of the Data subject (Article 6(1)(a) of the GDPR) |
| Data storage | Personal data will be processed for 5 years after posting them in the public space as provided for in this Section or until the revocation of the data subject’s consent, whichever circumstance occurs first. |
| Purpose | Selection of candidates who seek to be employed in the Company. |
| Data subjects | Candidates who seek to be employed in the Company. |
| Personal data | ■ name, surname; ■ email address; ■ phone number; ■ address (if the candidate provides it); ■ text of correspondence with the Company; ■ information about the candidate’s education (qualification), work experience, foreign language skills and other information that the candidate provides in CV and/or other documents; ■ information on the results of the selection. Please note that the amount of personal data provided by you and processed by us may vary depending on the information you provide yourself (e.g. contained in your CV); therefore, the volume of your personal data that is actually processed may be lower than specified above. |
| Data sources | Candidates who seek to be employed in the Company. |
| Legal basis | We process personal data to pursue our legitimate interest to find new employees (Article 6(1)(f) of the GDPR) and in order to take action at your request before concluding an employment contract with you (Article 6(1)(b) of the GDPR), or with your consent if you want us to retain these personal data for future selections (Article 6(1)(a) of the GDPR). |
| Data storage | Your personal data will be stored for the duration of the selection process for the specific position or, with your given explicit consent, for a period of 1 year after the end of the selection process. |
| Purpose | The Company has the purpose to respond to your inquiries that you submit to us by email or ordinary post, in writing or by calling on the phone, or providing in person at the Company’s office. |
| Data subjects | Persons submitting inquiries to the Company regarding the Platform and/or the Services provided by the Company via email or phone, or otherwise communicating directly with the Company. |
| Personal data | ■ name, surname; ■ position (if you submit this information yourself); ■ email address; ■ phone number; ■ content of correspondence with the Company. Please note that the amount of personal data provided by you and processed by us may vary depending on your chosen method of submission of the inquiry and its content; therefore, the volume of your personal data that is actually processed may be lower than specified above. |
| Data sources | Persons submitting inquiries to the Company regarding the Platform and/or the Services provided by the Company via email or phone, or otherwise communicating directly with the Company. |
| Legal basis | We process personal data in order to comply with the requirements of the legislation applicable to us, if we have a legal obligation to respond to your inquiry (Article 6(1)(c) of the GDPR), to properly perform the agreement if your inquiry is related to our services (Article 6(1)(b) of the GDPR) and in order to pursue our legitimate interest to respond to your inquiries and/or provide you with detailed information about the Services provided on the Platform and/or by the Company (Article 6(1)(f) of the GDPR). |
| Data storage | Your personal data will be processed for the purpose specified in this Section for 2 years as of the date of their collection. In individual cases, in accordance with the requirements of the applicable legislation or in the cases specified in Section 4.2 (e.g. if your inquiry concerns a contractual relationship between you or the entity you represent and the Company) and Section 4.14 of this Privacy Policy, your personal data may be stored for a longer period of time. |
All aforementioned personal data may be processed by the Company for the purpose of presenting, enforcing or defending against legal claims. For this purpose, we will process personal data on the basis of our legitimate interest to present, enforce, defend against legal claims (Article 6(1)(f) of the GDPR). We will process them for this purpose for 1 year after the conclusion of the relevant legal proceedings (for example, settlement of a claim, entry into force of a final court or arbitral decision).
You can find full details of the tools we use to ensure the operation of our Platform (including cookies) and related data privacy issues in Section 5 of this Privacy Policy.
In this section, we inform you about technologies used on the Platform that help to ensure the proper functioning of the Platform or monitor and analyse the behaviour of visitors to the Platform while browsing.
According to the functions, cookies are divided into the following categories:
■ Strictly necessary cookies. These cookies activate the basic functionalities of websites or ensure compliance with legal requirements (e.g. cookies that ensure the proper fnctioning of the cookie banner).
■ Functionality cookies. With the assistance of these cookies, websites remember the visitor’s preferences, such as the selected language, region, or other settings, so they will not need to be repeated when the visitor visits the website again.
■ Statistics or analytics cookies. These cookies collect anonymous information about the activity of visitors to the website and statistics that helps to find out how visitors use the website.
■ Marketing or advertising cookies. These cookies are designed to deliver personalised ads to visitors and measure the effectiveness of promotions.
Based on the expiration date, cookies are divided into session and persistent cookies. Cookies may be first-party, e.g. created on our website, or third-party, e.g. created on other websites.
Flash cookies are text files that the website server sends to the User when the web browser requests content supported by the Adobe Flash plug-in. These cookies allow the website to recognize the User’s browser when he or she returns to the website.
Web beacons, uXDT or Ultrasonic tracking technology works in such a way that when you visit a website, your computer generates an ultrasound signal that is not audible to humans, but that is received by other smart devices that are running a particular app at the same time.
Pixel tags are a tool by which a pixel image is inserted into a website or email and helps to determine whether a particular User has visited the Company website or read the email. Data such as the operating system used by the User, user ID, IP address, etc. may be collected.
Clear GIFs are small image files on the website page that can be used to collect information about the User’s computer, including the IP address, time of visit, and type of web browser and to determine previously saved cookies of the same server.
We currently use the following cookies on the Company website www.zebrasign.com:
| zebracloud_session | Unclassified | XXX | 2 hours |
| _GRECAPTCHA | Strictly necessary | A cookie designed to identify bots and protect the website from malicious unwanted (spam) attacks. | 6 month |
| HISTORY | Unclassified | XXX | 1 year 1 month |
| PAGES | Unclassified | XXX | 1 year 1 month |
| _fbp | Not necessary, marketing | Facebook sets this cookie to show ads on Facebook or on a digital platform that uses Facebook advertising after visiting the website. The cookie helps to select and offer targeted advertising to the user. | 3 month |
| _ga | Not necessary, statistics | This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in every website page request and is used to calculate visitor, session, and campaign data in website analytics reports. The cookie is provided by Google Analytics. | 1 year 1 month |
| _ga_G39XMEE5PH | Not necessary, statistics | This cookie is installed by Google Analytics. This cookie is used to calculate visitor, session, campaign data and track website usage to produce a website analytics report. Cookies store information anonymously and assign a randomly generated number to identify unique visitors. | 1 year 1 month |
| _gid | Not necessary, statistics | Google Analytics sets this cookie to store information about how visitors use the website and, at the same time, create an analytics report on the performance of the website. Some of the data collected include the number of visitors, their source, and pages visited anonymously. | 1 day after User’s last activity |
| hjSessionUser* | Not necessary, statistics | This cookie is set by Hotjar to assign data from subsequent visits to the same website to the same user ID. | 1 year |
| hjSession* | Not necessary, statistics | A cookie that stores data for the current session. This ensures that subsequent requests in the session window will be assigned to the same Hotjar session. | 30 minutes |
| Cookie_notice_accepted | Not necessary, statistics | The cookie is used to determine whether cookies can be saved. | 1 month |
| _gat_UA-185112977-1 | Not necessary, statistics | Google Analytics sets this cookie to monitor Users’ behaviour. This is a variant of the _gat cookie, which is used to limit the amount of data Google saves on high-traffic websites. | 1 minute |
We use Google Analytics software from Google LLC and Hotjar to optimise our marketing messages. They allow us to track online behaviour: time spent on the website, geolocation, and use of the website. This information is collected using cookies. The information obtained through cookies is anonymous and not linked to personal data. Google and Hotjar process personal information on their servers in various countries around the world. Personal information may be processed on a server that is not in the country where the user resides. We do not share this information with any third parties who would be able to use it freely.
If you do not agree to the analysis, you can choose not to save cookies in our cookie banner or you can submit your refusal to process your data here:
■ Google Analytics – https://tools.google.com/dlpage/gaoptout;
You can learn more about Google Analytics cookies here: https://support.google.com/analytics/answer/6004245?hl=en.
■ Hotjar – https://www.hotjar.com/policies/do-not-track/
You can learn more about Hotjar cookies here: Cookies on hotjar.com – Hotjar Documentation.
This website is linked to the third-party communication channel Facebook where we host information about the Company activities and that acts as a separate data controller. The cookies used by these channels allow us to obtain aggregate statistics and insights about how visitors interact with our posts, ads, this website, videos and other content on this social media. You can learn more about Facebook and Facebook Messenger cookies here:
■ https://www.facebook.com /policies/cookies
Strictly necessary cookies, which are required for the proper operation of the Platform, are used in order to pursue our legitimate interest to ensure the smooth operation of the Platform, its legal compliance and the security of the Platform (Article 6(1)(f) of the GDPR). Other cookies, such as functionality, analytics, statistics or marketing cookies, are used only with your prior consent (Article 6(1)(a) of the GDPR).
In any case, the processing of personal data with the help of cookies and other technology used on the Platform is based on your explicit choice using Platform’s cookie banner which you can change at any time. To do this, click Manage cookie selection.
Cookies can be controlled or deleted directly in your web browser settings on your Smart Device, regardless of your use of our Platform. Most browsers allow you to decline all cookies, but some browsers only allow you to decline third-party cookies. So, you can use these options. However, please note that blocking all cookies may have a negative impact on your use of the Platform and you will not be able to use all the services provided by the Platform without cookies.
If you need more information, please visit www.aboutcookies.org. On this website you will find detailed information prepared by independent experts on how you can disable cookies in your web browser and how you can remove those cookies that are already stored on your computer. To remove cookies on your mobile phone, you should refer to your phone’s user instructions for relevant information.
The Company may disclose information about you and share your personal data with third parties (data processors) providing services to the Company and acting on its behalf (e.g., IT service providers, accounting service providers, etc.), if reasonably necessary. The Company shall ensure that the processing of personal data by such third parties is carried out only in accordance with the Company’s lawful instructions and in accordance with the requirements of the GDPR and other applicable law, and that the personal data is transferred to them only when and to the extent necessary to provide the relevant services.
In addition, personal data may be transferred to relevant recipients / independent third parties, i.e. independent data controllers, if this is necessary to ensure the proper fulfilment of the purposes of the processing of the personal data referred to above or to comply with statutory obligations (e.g. public institutions acting in the performance of their official duties, etc.).
The Company may share personal data with the following categories of third parties (data processors or individual data controllers) when necessary:
■ courts, arbitrators, mediators, opposing parties and their attorneys (if required for the purposes of judicial or other similar proceedings);
■ banks and other financial institutions, payment service companies (if the processing of your personal data is related to our payments to you or your payments to us);
■ police, law enforcement agencies, tax inspectorates, other state or municipal institutions (if expressly required by the relevant legislation) or other persons performing official duties assigned to them (for example, notaries, debt collection companies);
■ professional consultants, such as attorneys, advisers, auditors or accountants (to the extent necessary to safeguard and protect our legitimate interests);
■ service providers providing information technology, cloud computing, database storage in data centres and/or system administration services, payment collection or administration, marketing, accounting, postal or courier and other services – only to the extent necessary for the proper provision of services;
■ our payment service providers managing financial transactions on the Platform, providers of servers and their maintenance services, email service providers, etc.;
■ qualified trust service providers (e.g. SK ID Solutions AS);
■ when carrying out business transactions (selling the Company, its assets (part thereof) or its shares (part thereof), merging, consolidating or separating the Company, etc.) – potential or final acquirers (their representatives) and persons carrying out inspection of the Company or otherwise participating in the relevant business transaction. In this case, the Company will transfer only as much personal data as is necessary for the purposes of the relevant business transaction and will ensure the confidentiality of personal data;
■ other natural or legal persons, only if it is necessary to ensure the proper implementation of the above-mentioned purposes of the processing of personal data.
The Company shall not transfer your personal data to third countries (outside the EU/EEA) unless it is considered necessary (e.g. in the context of card payment processing services), but this is done in compliance with an adequate level of protection of personal data, when there is a legal basis for the transfer of personal data and at least one of the following conditions is met:
■ the country outside of the EU/EEA where the Data recipient is located has adequate level of personal data protection as decided by the European Commission;
■ the Data controller or Data processor has implemented appropriate safeguards, for example, the transfer of personal data is performed on the basis of an agreement that includes the Standard Contractual Clauses approved by the European Commission or other standard clauses approved in accordance with the established procedure, approved codes of conduct or certification mechanisms;
■ derogations apply, for example, where you have expressly consented to the transfer of personal data, the transfer of personal data is necessary for the performance of an agreement concluded with you, or the transfer of personal data is necessary for the exercise or defence of legal claims, or for important reasons of public interest.
The Company makes every effort to ensure that the requirements of the GDPR are complied with when transferring data in this way and implements appropriate measures to ensure that your personal data are safe. You can learn more about such measures by contacting us directly using the contact details indicated above.
The Company implements appropriate and GDPR compliant technical and organisational measures to protect your personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or use, and against all other unlawful forms of processing.
The Company has implemented the ISO/IEC 27001 standard for information security management systems (hereinafter the ‘Standard’). Certification under this Standard ensures the confidentiality, integrity and security of the Company’s information by applying strict information security assurance methodologies that help reduce risks and protect against security breaches. More information about the Standard can be accessed here.
While the Company aims to protect the personal data it processes, please understand that the Company cannot ensure or warrant the security of any information that you transmit to us since these days no method of data transmission or storage can be 100 per cent secure.
You have the following rights associated with your personal data processed by us:
| Right to information and access to personal data | You have the right to receive information about the processing of your personal data in a transparent, understandable and easily accessible form, in clear and plain language. This is provided for in this Privacy Policy. If any part of this Privacy Policy is unclear to you, please do not hesitate to contact us using the contact details above. You also have the right to obtain confirmation from the Company if your personal data are being processed and, in such a case, to access information about how we process your personal data, including the right to receive a copy of such data. |
| Right to rectification | You have the right to request the Company to correct or supplement your inaccurate or incomplete personal data. |
| Right to erasure (‘right to be forgotten’) | You have the right to ask us to erase or remove personal data if there is no valid reason why we should continue to process them, if the personal data are no longer necessary for the purposes for which they were collected or processed, if you withdraw your consent on the basis of which the personal data were processed, and if there are no other legal bases for processing them or if there are other grounds set out in Article 17 of the GDPR. Please note that Article 17(3) of the GDPR provides for exceptions to the above cases where the processing of personal data is necessary. If such exceptions apply to you, we will notify you accordingly. |
| Right to demand the restriction of processing of personal data | You have the right to demand the Company to restrict (suspend) the processing of your personal data if: ■ you dispute the accuracy of the personal data – until their accuracy is verified, ■ the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead, ■ we no longer need the personal data for their processing purposes, but you need them in order to establish, exercise or defend legal claims, ■ you object to the processing of your personal data pursuant to the indicated procedure – until it has been verified whether our legitimate reasons override your legitimate reasons. If the processing of personal data has been restricted, such personal data may be processed (except for their storage) only with your consent or only for the purpose of establishing, exercising or defending legal claims, protecting the rights of another natural or legal person or for reasons of important public interest. |
| Right to data portability | You have the right to receive your personal data that you have provided to the Company in a structured, commonly used and machine-readable format, as well as the right to transfer these data to another controller, if: ■ the data are processed on the basis of consent or agreement; and ■ the processing is carried out by automated means. You also have the right to request the Company to transfer your personal data directly to another Data controller, if technically feasible. |
| Right to object | You have the right to object at any time to the processing of your personal data that are processed in order to fulfil a task in the public interest or for the legitimate interest of the Company. In such a case, the Company will no longer process your personal data unless we are able to demonstrate legitimate bases for processing your personal data that override your interests, rights and freedoms or if it is necessary for the establishment, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such purpose and we will discontinue processing them. |
| Right to withdraw the consent | If your personal data are processed on the basis of your consent, you have the right to withdraw such consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. |
| Right to lodge a complaint with a supervisory authority | If you believe that the processing of your personal data infringes the provisions of the GDPR, you have the right to lodge a complaint with the supervisory authority of the EU member state of your permanent establishment, place of work or the place where the alleged infringement took place. The supervisory authority in Lithuania is the State Data Protection Inspectorate of the Republic of Lithuania, address L. Sapiegos g. 17, 10312 Vilnius, Lithuania, email ada@ada.lt, website https://vdai.lrv.lt/. We would be grateful if you contacted us with your concerns before lodging a complaint with the relevant supervisory authority. We will make every effort to resolve your issue promptly and diligently. |
To exercise these rights, please send a written request to at info@zebrasign.com. The Company must, no later than within 1 month as of the date of receipt of your request, exercise your rights and notify you thereof or refuse in writing to comply with the request stating the reasons for the refusal. This period may be extended by a further 2 months if necessary, depending on the complexity and number of requests, in which case we will notify you of such extension within 1 month of receipt of the request and state the reasons for the delay.
In order to ensure data protection and to enable you to exercise your rights, the Company has the right to request additional information necessary to verify your identity.
The Company has the right to amend this Privacy Policy at its discretion. A notice to that effect will be posted on the Platform. In the event of material changes to the Privacy Policy, the Company will notify them separately prior to their entry into force. If such amendments to the Privacy Policy are not acceptable to you, you may always delete your Account (if you are a Customer) or not visit the Company Platform.
Your continued use of our Services and/or the Platform after we have posted or sent notice of amendments to this Privacy Policy means that the processing of your personal data is subject to the updated Privacy Policy.
The Privacy Policy was last updated on: 10 May 2024.
The Platform and the materials contained therein are provided for informational purposes only. The Company shall not be liable, to the maximum extent permitted by legislation, for any consequences arising from the use of the information and material contained on the Platform.
The Company respects and protects the confidentiality of your data uploaded to the Account. The Company does not verify, monitor or control the content of the documents uploaded by Users. We will not review, verify or read any data you have uploaded to your Account. We can only do this in very exceptional and strictly limited cases as follows:
■ a court order and/or a decision of a competent authority was made obliging the Company to disclose such data;
■ if the User expressly requires the provision of the necessary technical assistance, the data uploaded by the User to the Account may be reviewed by authorised employees of the Company in strict compliance with confidentiality obligations and the ‘need to know’ principle. This function is extremely limited and is only possible with an express, specific and reasonable purpose of the User. Only certain dedicated employees of the Company have access to such an Account in the Company – the Company applies the principle of restriction of access rights.
The User who uploaded the document is responsible for the content of electronic documents, its legality and compliance with copyright.
The Company shall not be liable for possible malfunctioning of the Platform in cases where the Platform User uses inappropriate computer equipment or software or this equipment operates improperly on the consumer’s side for other reasons beyond the Company’s control (e.g. malicious software on the User’s computer).
The Company shall not be liable for the availability and quality of services of third parties (such as mobile signature, Smart-ID, other electronic signature services or other service providers, being trust service providers or not) although they are essential for successful provision of the Services (ability to sign the document with a particular type of electronic signature, validate the electronic signature and/or seal, etc.). The Company shall not be liable or responsible for any failure to perform or any delay in performance of any of our obligations under our Terms of Service that is caused by any other act or event beyond our reasonable control, including non-availability of the Service caused by the unavailability of third-party Services (as described above), network problems or outages.
