Privacy Policy for Spendo UAB

Effective Date: 14-10-2024

1. Introduction

Welcome to Spendo UAB’s Privacy Policy. At Spendo UAB ("we," "our," "us"), we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information when you visit our website (spendo.com) or engage with us through other channels.

2. Information We Collect

We collect various types of information to provide and improve our services, including:

a. Personal Information:

• Name

• Email address

• Phone number

• Postal address

• Any other information you voluntarily provide to us

b. Usage Data:

• IP address

• Browser type and version

• Pages visited

• Time and date of visits

• Referring website

c. Cookies and Tracking Technologies:

We use cookies and similar tracking technologies to enhance your experience on our website. Cookies are small files stored on your device that help us understand how you interact with our site. You can control cookie settings through your browser.

3. How We Use Your Information

We use your information for a variety of purposes, including:

• Providing, operating, and maintaining our website

• Improving our website and services

• Personalizing your experience

• Communicating with you, including responding to inquiries and sending updates

• Analyzing website usage and trends

• Complying with legal obligations

4. Sharing Your Information

We may share your information with third parties under the following circumstances:

• Service Providers: We may share information with third-party service providers who assist us in operating our website or providing services on our behalf.

• Legal Requirements: We may disclose information if required to do so by law or in response to valid requests by public authorities.

• Business Transfers: In the event of a merger, acquisition, or any other business reorganization, your information may be transferred as part of the transaction.

5. Data Security

We implement reasonable technical and organizational measures to protect your personal information from unauthorized access, disclosure, alteration, and destruction. However, no method of transmission over the Internet or electronic storage is completely secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Roles and Responsibilities in Data Processing

When processing personal data under the direct instruction of Striga Technology OU (16298772), we act as a Data Processor in compliance with applicable data protection laws. This means we process such personal data solely on Striga’s behalf and in accordance with their instructions.

However, when we process personal data for our own purposes (for instance, to comply with legal obligations or for business analytics), we act as a Data Controller. In this role, we determine the purposes and means of processing and ensure compliance with all relevant data protection laws and regulations.

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal, regulatory, or contractual obligations.

Specific Retention Periods:

• Customer account information: Retained for 3 years after account closure, in line with legal and regulatory requirements.

• Transaction data: Retained for 3 years in line with legal requirements.

Criteria for Determining Retention Periods:

• The purpose(s) for which the personal data is processed.

• The nature of the personal data.

• The potential risk of harm from unauthorized use or disclosure.

• Legal, contractual, or regulatory obligations requiring the retention of personal data.

• The necessity of the data for the establishment, exercise, or defense of legal claims.

Once the retention period has expired, or the personal data is no longer necessary for the purposes for which it was collected, we will securely delete or anonymize the data in accordance with our data retention policies.

8. Your Rights

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

• Right to Access: You can request access to the personal data we hold about you.

• Right to Rectification: You can request that we correct or update your personal data.

• Right to Erasure: You can request that we delete your personal data under certain conditions.

• Right to Restriction: You can request that we restrict the processing of your personal data.

• Right to Object: You can object to the processing of your personal data based on legitimate interests.

• Right to Data Portability: You can request that we transfer your data to another organization or to you in a structured, commonly used format.

To exercise these rights, please contact us using the details provided in the "Contact Us" section below.

9. International Data Transfers

As Spendo UAB is based in Lithuania, your information may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure that any such transfers comply with applicable data protection laws and that adequate safeguards are in place to protect your information.

10. Links to Other Websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page, and the updated Privacy Policy will be effective as of the date of posting. We encourage you to review this Privacy Policy periodically for any updates.

12. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

Spendo UAB
J. Savickio g. 4-7, Vilnius, Lithuania
Email: info@spendo.com

Thank you for trusting Spendo UAB with your personal information.