General Information
Personal data is any information collected by QuaDigi about a data subject that may be used to identify the data subject and which is stored in electronic or any other form. Personal data is any informationabout data subjects, including but not limited to the name, surname, address, gender, e-mail, andphone number of the data subject, that QuaDigi collects for the purposes set out in this Privacy Policyor a consent given by a data subject, or in a bilateral agreement with the data subject.
Whose Personal Data QuaDigi Collects?
Privacy Policy specifies what to expect when QuaDigi collects personal data on:
• Individuals who work with us (partners/external service providers).
• Website visitors.
• Individuals who made inquiries to us.
• Candidates/trainees for the job/traineeship.
• Visitors of Company’s premises.
• Other.
How does QuaDigi receive Personal Data?
QuaDigi collects personal data, which data subject provides when:
• Concludes service provision/joint activity/other agreements.
• Provides through website.
• Applies by e-mail to the e-mail address provided by the Company.
• Agrees with the installation of cookies on the device.
• Applies for vacancies in jobs/internships.
• Visits Company on site. Or data is received from third parties.
What Personal Data is processed and for what purpose?
The following personal data of partners/external service providers are processed for cooperation partnership with QuaDigi:
• Name, surname, telephone number, city, e-mail address, bank account number, and data of the legal entity.
The following personal data of website visitors are processed for administration and submission of the request received through the QuaDigi website:
• Name, e-mail, subject, and free text.It should be noted that QuaDigi deletes redundant personal data provided by data subjects that are not necessary for making a request and receiving a response.
The following personal data of candidates and trainees are processed to select new staff/trainees:
• Name, surname, CV, tel. no., e-mail, certificates, diploma, image, qualifications, work experience (previous jobs).
When a data subject visits Company’s premises:
• Data collected by video cameras.
Legal Basis for Processing and How Much Is Protected?
Legal basis for processing:
• Contract (service provision/joint activities).
• Legitimate interest - to respond to your inquiries, provide the information you are asking us for, the rights to protect Company’s assets etc.
• Fulfilment of obligations established by legal acts (fulfillment of the requirements of healthcare legal acts, accounting, archiving, etc.).
• Consent (e.g. for the processing of personal data, participation in the selection of staff/trainees, etc.).
QuaDigi protects personal data for as long as necessary to achieve and implement the purposes set out in this Privacy Policy, depending on the nature of the services or cooperation provided, unless longer retention of personal data and related documents is required by applicable law and required (e.g. mandatory terms of keeping accounting and other documents, etc.) or conditioned by the protection of the legitimate interests of the data controller in judicial or other state institutions.
Participation in Employee Recruitment for Job Vacancies
Based on the consent that the data subject gives as a participant in the recruitment of candidates to get employed at QuaDigi, the Company collects and processes the CV and/or motivation letter and/orother information that is provided.
At the end of the selection of employees/trainees, QuaDigi undertakes to delete and/or destroy personal data 1 month after the employment/traineeship agreement has been signed with thes elected candidate unless data subject agrees that personal data will continue to be used for the purposes specified in the consent.
With your consent, we will include your application data in a talent pool for a period of 5 years. In thistalent pool, we store your contact and application data in order to find potentially suitable candidatesfor positions that become vacant. If necessary, QuaDigi will match vacancies with your applicationdata in order to be able to offer you job opportunities that match your personal profile. If we consider the position to be potentially suitable for you based on your application data, we will contact you fromour end. For users from the European Union: The legal basis for the processing is your consent is Art.6 (1) (a) GDPR.
How does QuaDigi process data on social media sites?
In addition to its website content, QuaDigi also has an online presences within social networks and platforms.
Data Processing on LinkedIn
LinkedIn Ireland Unlimited Company is generally the controller of personal data when data subject visits QuaDigi LinkedIn company page. However, if data subject interact with QuaDigi’s LinkedIn page, LinkedIn evaluates these interactions to provide Company with statistics in anonymized form (so-called "page insights"). This concerns in particular interactions with followers, visitors, employees, and competitors. In particular, information such as job function, country, industry, seniority, company size, and employment status is evaluated. QuaDigi receives the page insights only in anonymized form. It is not possible to conclude individual users from the information in the page insights. Further information on analysis data can be found here: https://www.linkedin.com/help/linkedin/answer/a547077/linkedin-page-analytics-overview?lang=de
The processing of personal data on Company’s site for the creation of page insights is carried out by QuaDigi and LinkedIn as joint controllers. For users from the European Union, the legal basis for the processing of personal data is Company’s legitimate interest in the evaluation and the improvement of Company’s LinkedIn page based on the following Art. 6 (1) (f) GDPR. Data protection obligations between QuaDigi and LinkedIn can be accessed at: https://legal.linkedin.com/pages-joint-controller-addendum
Disclosure of Data
QuaDigi may disclose the information about data subject to employees or service providers if it is justifiable for the purposes defined in this Policy. In certain circumstances, QuaDigi may be required to transfer personal data when:
a) must disclose information by the law, including when it is required to disclose personal data to a tax administrator and law enforcement authorities for crime prevention and detection.
b) must disclose personal data in connection with legal proceedings or to obtain legal advice, or such disclosure is necessary to establish, enforce, or defend our rights.
c) the information must be disclosed to protect the Company’s interests or the interests of others (for example, to prevent fraud).
d) the information must be disclosed to a third party that provides administrative or data processing services on the Company’s behalf. In such circumstances, QuaDigi undertakes to take measures to ensure that third parties store personal data in the same way as QuaDigi protects them and to notify the data subject of any changes to this Policy.
e) the information must be disclosed to a potential purchaser of the Company’s assets or organization.If personal data is transferred to a third country and/or international organization, QuaDigi will inform the data subjects in advance with the right to agree/disagree and ensure that the data is transferred by the requirements of the applicable legal acts.
Data transferred to countries outside the EU or the EEA
Processing of personal data by QuaDigi takes place within the EU or the European Economic Area, However, sometimes it is necessary for the Company to transfer information to recipients in so-called "third countries". "Third countries" are countries outside the European Union or the Agreement on the European Economic Area in which it cannot be assumed without further ado that the level of data protection is comparable to that in the European Union. If the information transferred also includes personal data, Company will ensure before such transfer that the required adequate level of data protection is guaranteed in the respective third country or at the recipient in the third country. This may result in particular from a so-called "adequacy decision" of the European Commission, which establishes an adequate level of data protection for a specific third country as a whole. Alternatively, Company may also base the data transfer on the so-called EU standard contractual clauses agreed with a recipient or on a declaration of consent provided by data subject accordingly. QuaDigi will be happy to provide data subject with further information on the appropriate and adequate safeguards for compliance with an adequate level of data protection upon request. Information on the so-called EU standard contractual clauses at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en and information on the adequacy decisions at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en.
Security of Personal Data
Personal data will be processed by the General Data Protection Regulation, the Law on Legal Protection of Personal Data of the Republic of Lithuania, and other statutory requirements. When processing personal data, QuaDigi implements organizational and technical measures that ensure the protection of personal data against accidental or unlawful destruction, alteration, disclosure, or any other illegal processing.
Data Subject’s Rights
This section contains information about rights regarding the processing of personal data conducted by QuaDigi and how data subjects may exercise those rights. If the data subject wish to obtain more information about rights or how to enforce them, contact QuaDigi via email address: compliance@quadigi.com.
Unreasonably immediately, but not later than within 1 (one) month from the receipt of the request, QuaDigi will provide information on the action taken upon receipt of request for the exercise of rights.
Depending on the complexity of the request and the number of requests received, this deadline maybe extended for a further 2 (two) months. QuaDigi may refuse to implement rights only in the cases stipulated by the law.
Right to Withdraw a Consent
If the data subject has provided QuaDigi with explicit consent to the processing of data, he/she canwithdraw it at any time by notifying QuaDigi at compliance@quadigi.com.
Right of Access to Personal Data
QuaDigi strives that data subject fully understand how we use personal data and would not experienceany inconvenience. Data subject may contact QuaDigi at any point to inquire if the Company processes any of data subject’s personal data. If QuaDigi do store or use personal data in any other way, data subject has the right to access it. To do so, provide QuaDigi with a written request to the e-mail address: compliance@quadigi.com.
Right to Request Further Information
QuaDigi hopes that the data subject understands that it is very difficult to discuss all possible ways to collect and use personal data. The Company strives to provide as clear and comprehensive information as possible and commits to updating this Privacy Policy once there are changes in the ways the Company processes personal data. However, if the data subject has any questions about the use of personal data, QuaDigi will happily respond to them or provide any additional information it is allowed to disclose by the law. If the data subject has any specific questions or has not understood the information QuaDigi has provided, contact compliance@quadigi.com.
Additional Rights
Below is information about additional rights that the data subject has and that can be implementedby the procedure:
(a) Data subject has the right to ask QuaDigi to rectify any inaccuracies in the available data. In thiscase, the Company may ask to confirm the corrected information.
(b) Data subject has the right to ask to delete personal data. Note that QuaDigi will only be able to comply with such a request if:
• Personal data is no longer needed for the purposes for which it was collected (for example, to respond to letters);
• QuaDigi is prohibited by law from collecting, storing, or using personal data;
• Personal data is not needed to establish, enforce, or defend a legal requirement, such as in legal proceedings.
(c) Data subject has the right to ask QuaDigi to limit the processing of personal data or to stop processing it:
• For the period required to make sure that personal data is accurate when data submits claims regarding the accuracy of data;
• When collection, storage, or use of personal data is unlawful but the data subject decides not to request the erasure of the data;
• When QuaDigi no longer needs personal data but the data subject needs it to identify, enforce, or defend a legal claim;
• For the period necessary to determine if QuaDigi’s legitimate interests to continue with data processing overrides the data subject’s rights, if he/she has exercised the right to object to the processing of personal data.
(d) the data subject has the right to transfer the data QuaDigi has received with the data subject’s consent or to conclude the contract. Once the data subject has exercised this right, as per instruction in the request QuaDigi will transfer a copy of the data subject’s data.
(e) Data subject has the right to object to QuaDigi’s processing of personal data:
• When QuaDigi processes data on the grounds of legitimate interest but it is not sufficient to form a lawful basis for QuaDigi to continue using the data subject’s personal data.
• Whenever QuaDigi uses personal data to send newsletters or for direct marketing purposes. In this case, the data will no longer be used for these purposes but may be used for other legitimate purposes.
DATA retention period
QuaDigi stores personal data as long as this is necessary for processing or the Company has a legitimate interest in this storage and the data subject’s interests in not continuing the storage or processing do not outweigh. This means that QuaDigi generally only stores personal data for as long as this is necessary to provide our website and the associated services, or the Company is legally obliged to store this data. QuaDigi also deletes personal data without any action on the part of the respective data subject as soon as it is no longer required for the processing purpose or the storage is otherwise legally inadmissible.
Complaints
Data subjects are important to QuaDigi and it is important to ensure the protection of personal data. QuaDigi applies strict standards to the collection and use of personal data. So, QuaDigi takes any complaints about the use of personal data very seriously. If the data subject believes that his/her rights are and/or may be violated, he/she should contact QuaDigi immediately by email: compliance@quadigi.com. QuaDigi ensures that once the Company receives a complaint, QuaDigi will contact you within a reasonable timeframe and inform of the progress of the complaint investigation and then about its findings.
When the data subject contacts QuaDigi to make a complaint, the Company only uses personal data to investigate and respond to complaints and to assess the quality of the services provided. Upon receiving a complaint against a member of the Company’s team, QuaDigi may need to disclose the identity to that person. The data subject can indicate that he/she does not want personally identifiable information to be disclosed and QuaDigi will endeavor to comply with the request.
However, dealing with a complaint anonymously may not always be possible. If the data subject finds the results of the investigation not satisfactory, he/she can submit a complaint directly to the State Data Protection Inspectorate. The data subject also has the right to lodge a complaint with the supervisory authority in the Member State in which he/she has habitual residence, place of work or the place where the alleged infringement was committed.
Responsibility
The data subject is responsible for the confidentiality of personal data, as well as the accuracy, correctness, and comprehensiveness of the data provided to QuaDigi. If the data provided changes, the data subject must immediately notify QuaDigi by email. QuaDigi will not be liable, in any event, for any damages caused to the data subject by the fact that he/she has indicated incorrect or incomplete personal data or has not informed QuaDigi of any changes.
