Privacy Policy

Effective as of 1st of September 2022

1. General Provisions

1.1 This document uses the same terminology and abbreviations as our Terms document. This Privacy Policy governs the collection, use and storage of personal data obtained from Users through the use of our Platform and Podbase’s social media accounts such as https://www.facebook.com/PodbaseOfficial, https://www.instagram.com/podbase (“Social Media Accounts”).

1.2 Personal data is such kind of data that (directly or indirectly) can identify the User as a specific person. Information about legal persons does not fall within the scope of personal data.

1.3 If you are using our Platform, you acknowledge that you have read this Privacy Policy and you are informed about the purpose, manner, and procedures for processing your personal data set out therein.

2. Data Controller

2.1 UAB Podbase, Leičių g. 9-100, LT-12109 Vilnius has a position of a data controller as defined in the European Union Regulation 2016/679 (EU GDPR), and we shall be responsible for, and be able to demonstrate compliance with, the principles relating to processing of personal data.

2.2 We can be contacted by sending an e-mail to hello@podbase.com.

3. Principles of data processing

3.1 While processing your personal data we: a) will comply with the requirements of the applicable legislation, including EU GDPR; b) will process your personal data lawfully, fairly and in a transparent manner; c) will collect your personal data for specified, explicit and legitimate purposes and will not further process them in a manner that is incompatible with those purposes, except to the extent permitted by law; d) will take all reasonable steps to ensure that personal data which is inaccurate or incomplete in regard to the purposes for which it is processed, are rectified, supplemented, suspended or destroyed without delay; e) will keep it in a form which permits identification of you for no longer than is necessary for the purposes for which the personal data are processed; f) will not disclose your personal data to third parties except as provided in this Privacy Policy or applicable law; g) will ensure that your personal data are processed in a manner that ensures appropriate security of it, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.

4. Collection of personal data

4.1 We process your personal data obtained in the following ways: a) when you provide personal data to us (e.g. by writing to us, by using our Services and etc.). b) when you use the Site. When you are using the Site, certain information (e.g. the type of web browser and/or device used, the operating system you use, the IP address, the number of visits on the Platform, etc.) is collected automatically.

4.2. In accordance with the relevant laws, we may combine personal data we receive from you when you use the Platform with data collected by us from other available sources (for example, we may combine personal data you provide with data obtained through the use of cookies on the Site).

5. Collection and Use of Personal data

5.1 We process your personal data for the following purposes: a) for you to be able to register an account and to use our Services. Personal data that are processed for this purpose:

Personal data categories

If the customer is a consumer: first and the last name; address; email address; payment information.

If the customer is a business party (a business entity): first and the last name, email address of the representative of a business entity; customer’s (a business entity’s) clients’ names, surnames, email addresses, payment information.

If the customer is a business party (an individual): first and the last name; address; email address; payment information.

Legal basis for processing the personal data

Conclusion and execution of the agreement (Terms) (Article 6 (1)(b) of the GDPR).

Time limit for processing of the personal data

Personal data is processed for the duration of the Terms and for 2 years after the last login to your personal account.

We receive the personal data from

Directly from the data subjects.

We provide or transfer the personal data to

Data storage service providers; payment service providers.

5.2 If our customers (business entities) provide us with its’ clients personal data, we process such data for the purpose of providing our Services and do not process it for any other purposes. Our customers (business entities) who transfer personal data of their clients to us confirm that they transfer this data legally, having all the consents of their clients or other legal basis for processing personal data of clients. We do not assume any responsibility (legal, financial, etc.) if such personal data was transferred to us unlawfully and therefore processed by us unlawfully.

5.3 All payments on the Platform are conducted through Third-Party service providers: Stripe Inc. or PayPal Inc, depending on the method of payment. You hereby understand that by making purchase through our Platform your personal information is being processed and handled in accordance with Stripe’s privacy policy available here https://stripe.com/us/privacy, and PayPal’s privacy policy available here https://www.paypal.com/webapps/mpp/ua/privacy-full. Your personal data will be transferred outside the territory of the European Economic Area (EEA), therefore, we will implement appropriate and suitable safeguards regarding the security of personal data and other necessary requirements, including Standard Contractual Clauses. b) to assure quality and communication. You provide us your personal data by writing to us or by contacting us by phone, submitting your complaints and inquiries about the Platform. Personal data that are processed for this purpose:

Personal data categories

Name; email address; the content of a request, complaint or other message; date and time of contacting us.

Legal basis for processing the personal data

Consent of the data subject (Article 6 (1)(a) of the GDPR).

Time limit for processing of the personal data

Personal data is processed as long as the data subject's consent is valid, but no longer than 2 (two) years.

We receive the personal data from

Directly from the data subjects.

We provide or transfer the personal data to

Data storage service providers.

5.4 We keep records of any questions, complaints or compliments made by you and the response, if any. Whenever you contact us, we shall collect any information which you chose to provide. We shall store and use this information only for the purpose of responding to your enquiries. Information contained within the enquiry, free from any personally identifiable information, will be stored on our servers for the purpose of improving our Services and providing the best customer support possible. c) for direct marketing purposes. With your consent we process your personal data to provide you with newsletters, offers and information about the Platform or other commercial information:

Personal data categories

Name; email address.

Legal basis for processing the personal data

Consent of the data subject (Article 6 (1)(a) of the GDPR).

Time limit for processing of the personal data

Personal data is processed as long as the data subject's consent is valid, but no longer than 2 (two) years.

We receive the personal data from

Directly from the data subjects.

We provide or transfer the personal data to

Marketing service providers.

5.5 We use a Third-Party data processor called The Rocket Science Group LLC d/b/a MailChimp for sending the emails. We may transfer your email address to MailChimp to process your personal data on our behalf. MailChimp has a position of a “data processor” within the meaning of the EU GDPR while we still remain data controllers with regard to your personal data. Your personal data will be transferred outside the territory of the European Economic Area (EEA), therefore, we will implement appropriate and suitable safeguards regarding the security of personal data and other necessary requirements, including Standard Contractual Clauses. You can find MailChimp policies and procedures with regard to your personal data on the following link https://mailchimp.com/legal/privacy/.

5.6 We can use your personal data for profiling only after receiving your prior written consent.

5.7 When processing your personal data for the purposes specified in this Privacy Policy, we do not use such automated decision-making, including profiling, which may have legal consequences for you or may have a significant impact on you.

5.8 With your consent, we can process your personal data automatically in order to assign you to the appropriate customer category and present individual commercial offers that meet your needs, therefore you have the right to demand human intervention in order to express your opinion or object to such assignment. d) to ensure the functionality of the Site, administration of the Site and diagnosis of possible malfunctions of the Site, to ensure safety of the Site, to ensure proper breach investigation, to ensure statistical analysis in order to find out the needs of data subjects related to certain functions and to analyze how and where to use the available resources most effectively. Personal data that are processed for this purpose:

Personal data categories

Data that is generated through the use of communication tools and the Site, including, but not limited to, traffic data - connection start date, time, duration, Internet Protocol (IP) address used by the internet user during connection, server log files, the software and browser types and versions used; the operating system used by the accessing system; the internet service provider of the accessing system; any other similar data and information that may be used in the event of attacks on our information technology systems.

Site usage data, including, but not limited to, data collected through internet browsers, such as Media Access Control (MAC), computer type, screen resolution, operating systems, etc. data, collected using cookies and similar technologies related to web browsing.

Legal basis for processing the personal data

Our legitimate interest (Article 6 (1)(f) of the GDPR).

Consent of the data subject (Article 6 (1)(a) of the GDPR).

Time limit for processing of the personal data

Personal data is processed as long as the data subject's consent is valid, but no longer than 2 (two) years.

We receive the personal data from

Directly from the data subjects.

We provide or transfer the personal data to

Marketing service providers.

5.9 We integrate security systems on our Platform to prevent malicious attempts and exploits of the Site. We scan IP addresses and ban IP addresses that show malicious signs such as too many password failures, seeking exploits and similar. We process this information in the interest of protecting the integrity of the Site and of the databases connected with it.

5.10 Also, we collect the information for breach investigation purposes. When using the information indicated in the above table, we may connect specific log files with specific Users provided that Users are logged in their Podbase accounts when accessing the Site. This information is needed to (1) troubleshoot problems and correct system bugs, (2) deliver the content of our Platform correctly, (3) optimize the content of our Platform as well as its advertisement, (4) ensure the long-term viability of our information technology systems and website technology, and (5) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack.

f) To manage and administrate our social network (Facebook, Instagram) accounts. Personal data that are processed for this purpose:

Personal data categories

The name of the person's social network account; a photo of the person; individual reactions to the content generated by us (likes, comments, shares).

Legal basis for processing the personal data

Consent of the data subject (Article 6 (1)(a) of the GDPR).

Our legitimate interest (Article 6 (1)(f) of the GDPR).

Time limit for processing of the personal data

Personal data is processed as long as our or the data subject's social network account is valid, unless the data subject expresses a wish to delete its data in our social network accounts earlier.

We receive the personal data from

Directly from the data subjects.

We provide or transfer the personal data to

Marketing service providers; data storage service providers.

5.11 You may at some point choose to provide other information which is not required for the proper functioning of the Services. In all such cases we will use this information on your consent and only for the purpose for which you disclosed it.

5.12 We do not collect or process your specific categories of personal data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as health data or data about your sexual life and sexual orientation. If you provide this personal data to us using the Platform or in any other way (in writing, by e-mail, telephone), this data will be deemed to have been provided with your consent. We will delete this data immediately.

6. Podbase as a processor - Collection and Use of PERSONAL DATA

6.1 Podbase collects names, addresses, and other information about Product recipients as provided by the Merchants in order to create and deliver the Product.

6.2 Regarding personal data we collect from Merchants during the process of creating and sending the Product, Podbase acts as a processor to comply with the Merchants’ request for Services. Podbase may not use collected personal data for their own use and only collects such personal data on behalf of the Merchants. Regarding such personal data, Merchants have the position of a data controller with the meaning of EU GDPR.

6.3 By transferring recipients’ personal data to us, Merchants confirm that they have received and processed recipients’ personal data in accordance with EU GDPR and other data protection laws.

7. Data transfer

7.1 We do not sell or rent your personal data to any Third-Party. We use collected personal data for the established purposes and only in accordance with this Privacy Policy. In some instances, we are obliged to comply with court orders and government requests and provide personal data or parts of it to authorized bodies.

7.2 We may disclose your personal information to our partners, agents and operators under confidentiality or similar agreements, including payment processors and shipping companies who we believe reasonably need to come into contact with your personal data: (i) to provide Services per your request; (ii) to administer our business or the Site; (iii) to provide customer support; (iv) to update account information; (v) to forward updates, announcements, and newsletters; (vi) to respond to your communications, and communicate with you about the Site and other activities related to the Site; (vii) in the event of any reorganization, merger, sale, joint venture, assignment, transfer or disposition of all or any portion of the Site’s business or operations (including without limitation in connection with bankruptcy or any similar proceedings); or (viii) as otherwise authorized by you.

7.3 We ensure that data processing agreements and other confidentiality agreements are concluded with third parties (data processors) to whom personal data is transferred.

2. Security of personal data

8.1 We have implemented security procedures and measures in order to ensure appropriate protection of personal data we process, against any misuse, unauthorized access, disclosure or modification.

8.2 We acknowledge that the safety of your personal data is one of the highest priorities and therefore only authorized processors have access to your information. Although we take all appropriate measures in respect to keeping your information secure, you understand that no data security measures in the world can offer 100% protection. If we ever find or suspect a personal data breach we will without delay, within seventy-two (72) hours after becoming aware of it, notify the appropriate supervisory authority about the breach and Users where necessary.

8.3 The processing of the personal data is being performed automatically, without human intervention. However, whenever you contact us through email or phone, the personal within the email or phone will be handled and processed by a real person in order to provide you with the answer to the email or questions provided by phone.

9. Storage and transfer of personal data

9.1 Personal data will be stored on secure locally hosted servers which are located in EU. Hosted servers are controlled and maintained in accordance with sufficient privacy safeguards. We may store or transfer personal data on data subjects located in the EEA to servers located in countries deemed adequate by the European Commission, or in countries which the European Commission has not deemed inadequate, provided that such countries implement appropriate and suitable safeguards regarding the security of personal information and other necessary requirements (e.g. Standard Contractual Clauses) are met.

9.2 Personal data is stored on the servers only for the duration necessary for ensuring data processing purposes. We will maintain records of processing activities for the purpose of demonstrating compliance with EU GDPR.

10. Third-Party Websites, Services, and Cookies

10.1 Some services require the use of Third-Party solutions. When you are redirected from our Site to the Third-Party website you are no longer interacting with our Site. Any information that you provide through Third-Party websites will be handled and processed in accordance with their privacy policies and other applicable terms.

10.2 The Site or e-mails may contain links to other external websites that do not fall under our domain. We are not responsible for the privacy practices or the content of such external websites. If you choose to follow such links to external websites, you do so at your risk.

11. Third-Party Services and Cookies

11.1 We collect information about you using cookies and similar technologies. Cookies are small files that are temporarily stored on your device's hard drive and allow to identify you during other visits to the Site, save your browsing history, options, customize content, speed up searches on the Site, create a convenient and friendly Site environment, make it more efficient and reliable. CoAokies help us optimize and improve the user experience of the Site by helping us deliver crucial functionalities. The cookies we use may vary over time as we continuously update and improve our Site and Services.

11.2 By visiting the Site, you have the right to express your consent if you want to use cookies. If you do not consent to the use of cookies, cookies that are not necessary for the proper functioning of the Site will not be stored on your device.

11.3 You can manage your cookies preferences at any time. This is done in your browser or device settings. Depending on which browser and device you use you may be able to control which cookies you allow, which cookies you want to block in the future, and delete cookies. For more information about these settings visit your browser or device´s help page. Note that some of our Services might not work as intended if you choose to disable cookies.

11.4 Using cookies we may collect the following information: IP address, number of visits to the Site, pages viewed on the Sits, time spent on the Site, type of web browser used, demographic data, etc.

11.5 We use the information we receive from cookies for the following purposes: a) to ensure the functionality of the Site; b) so that we can improve and develop the Site to better meet your needs; c) to develop our Services and analyze the use of the Site; d) after you specifically consent – for marketing purposes.

11.6 The following cookies may be used on the Site: a) Necessary / technical cookies - help to show you the Site and ensure its functionality. These technical cookies are necessary for the proper functioning of the Site. They ensure that information and Services are provided securely and optimally. b) Analytical cookies - help to understand how our visitors use the Site. Helps to optimize and improve the Site, understand the effectiveness of advertisements and communications. c) Commercial cookies - our and Third-Party cookies are designed to display personalized advertising on our and Third-Parties’ websites based on browsing actions, such as the products you search for and view.

11.7 All information about the cookies used on the Site, their purpose, validity is provided in the table below:

Necessary / technical cookies:

NameDomainExpirationDescription
"shopify_oauth_nonce"www.podbase.com5 minutesPrevent CSRF attacks during the Shopify OAuth flow
"token"www.podbase.comup to 10 hours
Stripe www.podbase.com, https://stripe.com/en-lt/legal/cookies-policy https://stripe.com/en-lt/docs/disputes/prevention/advanced-fraud-detection Helps Stripe assess the risk associated with an attempted transaction
Google ReCAPTCHAwww.google.com https://cloud.google.com/recaptcha-enterprise/docs/faq#does_use_cookies prevent malicious/automated registration attempts

Analytical cookies:

NameDomainExpirationDescription
GA4 (google analytics)https://analytics.google.com/ https://developers.google.com/analytics/devguides/collection/gtagjs/cookie-usage Tracks website statistics for SEO and marketing purposes

Commercial cookies

NameDomainExpirationDescription
Tawk.towww.podbase.com https://help.tawk.to/article/what-are-tawkto-cookies-and-what-do-they-do Enables the functionality of the Tawk support chat widget
Microsoft Application Insightswww.podbase.com https://learn.microsoft.com/en-us/azure/azure-monitor/app/data-retention-privacy Helps Podbase developers monitor website performance, detect errors and other problems
Hotjarpodbase.com; hotjar.com https://help.hotjar.com/hc/en-us/articles/6952777582999-Cookies-Set-by-the-Hotjar-Tracking-Code implement website visitor behavior analytics

11.8 Podbase Site uses third-party services, such as Google Analytics. Google Analytics is used to monitor and analyze web traffic and to keep track of Merchant behavior. Any data collected will be used in accordance with our Privacy Policy and Google's Privacy Policy. More information on how Merchants may opt out of Google Analytics's use of cookies can be found at the Google Analytics Opt-out Page. For more information about cookies used by Google Analytics please see the original document: Google Analytics Cookie Usage on Websites.

11.9 Podbase may use other third-party Services such as Pixel and Analytics services by Facebook (Meta Platforms Inc.), to help us target our ads more effectively. The collected data remains anonymous. This means that we cannot see the personal data of any individual user. However, the collected data is saved and processed by Facebook. We are informing you on this matter according to our information at this time. Facebook is able to connect the data with your Facebook account and use the data for their own advertising purposes, in accordance with Facebook’s Data Use Policy found under <https: //www.facebook.com/about/privacy>. You may opt-out of Facebook tracking option by visiting the following link < https://www.facebook.com/ads/website_custom_audiences /> and for other types of third-party ad tracking, by visiting the Network Advertising Initiative Opt-out Page.

11.10 When we use Google Analytics, Pixel and Analytics services provided by Facebook (Meta Platforms Inc.), we transfer your personal data to Google Inc. and Meta Platforms Inc. and, thus, outside the territory of European Economic Area (EEA). In this case, we will implement appropriate and suitable safeguards regarding the security of personal data and other necessary requirements, including Standard Contractual Clauses, if possible.

12. User’s Rights

12.1 When processing personal data, we ensure your rights in accordance with the EU GDPR. As a personal data subject, you have the following rights: a) to be informed about the processing of your personal data; b) to access your personal data that we process; c) to request the correction or supplementation of incorrect, inaccurate, incomplete personal data; d) to require the destruction of your personal data when they are no longer needed for the purposes for which they were collected; e) to demand the destruction of personal data if they are processed unlawfully or if you withdraw your consent to the processing of personal data or do not give such consent, which is necessary; f) to object to the processing of personal data or to withdraw prior consent; g) to demand the suspension (other than storage) of your personal data processing in the event of a dispute or verification of the lawfulness of the processing, the accuracy of the data, as well as in cases when we no longer need your personal data but you do not want us to destroy them; h) to require the submission, if technically possible, of your personal data collected with your consent or for the purposes of the performance of the agreement in an easy-to-read format or request their transfer to another controller. i) to file a complaint with a supervisory authority.

12.2 These rights might be limited if they are subject to regulatory requirements.

12.3 You can submit requests related to the exercise of your rights to us in person, by post, or by electronic means. Upon receipt of your request, we may ask you to provide proof of identity, as well as any additional information we require regarding your request.

12.4 Upon receipt of your request, we will respond to you no later than within 30 calendar days from the receipt of your request and the date of submission of all documents required for the response. This period may be extended by two further months where necessary, taking into account the complexity and number of the requests. We will inform you of any such extension within one month of receipt of the request, together with the reasons for the delay.

12.5 If we refuse to comply with your request, we will clearly state the grounds for such refusal.

12.6 If you do not agree with our actions or the response to your request, you may appeal against our actions and decisions to the competent supervisory authority.

13. Complaint

13.1 If you wish to make a complaint about our processing of your personal data, please provide it in writing, providing as much information as possible, using the contact details indicated at the end of this Privacy Policy. We will immediately try to resolve any issues.

13.2 If you think that your rights have been violated, you can file a complaint with supervisory authority – State Data Protection Inspectorate (www.vdai.lrv.lt) or a supervisory authority in another Member State of the European Union in which you have habitual residence or place of work (list of supervisory authorities is available here: https://edpb.europa.eu/about-edpb/about-edpb/members_lt#member-lt ).

14. Changes to the Privacy Policy

14.1 We reserve the right to change our Privacy Policy at any time. The current version of our Privacy Policy is available through the Site, indicating the effective date. You are encouraged to periodically check our Privacy Policy.

15. Contact Information

15.1. If you have any queries or concerns regarding our Privacy Policy and how the information is handled, or you wish to access, retrieve, amend, or update your personal data feel free to contact us: Podbase, UAB Leičių g. 9-100, LT-12109 Vilnius support@podbase.com

Let's grow your business together!