This privacy policy describes how EFS Europe, UAB referred to as Kernolab, Processes Personal Data. Your privacy is our top priority. We respect and protect your privacy and undertake to Process your Personal Data in a fair and lawful manner. We ensure the confidentiality of Personal Data and implement appropriate technical and organisational measures to safeguard Personal Data from unauthorized access, unlawful disclosure, accidental loss, modification, destruction or any other unlawful Processing. We use latest technologies to protect you from Personal Data thievery, one of those is an HTTPS secure network protocol. We are striving to create a safe environment, where you can feel secure and protected.

‍

We go above and beyond to protect the confidentiality of our clients and make sure that everything said at the therapy sessions stays between the client and the therapist. 

‍

The privacy policy can be amended from time to time due to legislative changes, changes in the activities of Kernolab and other factors. We will inform you about the amendments by publishing the amended text of the privacy policy on our website www.Kernolab.com. We advise you to regularly visit our website and review the relevant privacy policy.

‍

1. Definitions

• “Data Subject” means any natural person who uses, has used or has expressed a wish to use the Services. The definition of the Data Subject also covers therapists who provide, have provided or intend to provide the Services.
• “Data Controller” means anyone who alone or jointly with others determines the purposes and means of the Processing of Personal Data. For the Processing described in this document Kernolab is the Data Controller. 
• “Data Processor” means anyone who Processes Personal Data on behalf of the Data Controller.
• “GDPR” means Regulation (EU) 2016/679 (General Data Protection Regulation). 
• “Personal Data” means any information that, directly or indirectly, can identify a living natural person. 
• “Processing” means any operation or set of operations performed with regard to Personal Data, whether or not performed by automated means, for example collection, recording, organisation, storage, adaptation, alteration, retrieval, gathering, use, combination, erasure or destruction. 
• “Recipient” means a natural or legal person, public authority or another body, to whom Personal Data may be disclosed by Kernolab. 
• “Services” means online therapy services, provided by Kernolab. 

‍

2. What type of Personal Data we have?

We currently collect and Process the following information:

• Identification & contact data, such as name (nickname), age, email address;
• General information about the Services, such as topics of interests, possible symptoms, amount of Services ordered and rendered;   
• Financial data, such as payment card details, account details, amounts paid and due;
• Data obtained and/or created while performing an obligation arising from law, such as data that Kernolab may be required to report to authorities, such as courts, law enforcement agencies (e.g. details of debt);
• Communication & services data collected when the Data Subject visits our website, also, related to communication and provision of Services through our website.

‍

3. How we get the Personal Data?

Most of the Personal Data we Process is provided to us directly by the Data Subject. Kernolab collects from and Processes Personal Data about Data Subjects whom have entered into or wish to enter into an agreement with Kernolab.

‍

4. Legal grounds and purposes of Processing Personal Data 

Performance of agreements 

The main purpose of Processing the Personal Data is to document, execute and administer contracts with the Data Subjects. Examples of purposes for Processing include:

• to provide and administer access to the Services;
• to manage the relationships with the Data Subject;
• to authorize and control access to the Services.

‍

Compliance with legal obligations

Kernolab needs to comply with legal obligations, therefore we are required to Process Personal Data in accordance with applicable laws. Examples of purposes for Processing are:

• to comply with rules and regulations relating to accounting, tax information management; 
• to fulfil the obligations of applicable litigation laws.

‍

Legitimate interest 

Kernolab Processes the Data Subject’s Personal Data for legitimate interest. This Processing is necessary for the purposes of the legitimate interest pursued by Kernolab, which we have considered outweighing the Data Subject’s interest of protection of the Personal Data. Examples of purposes for Processing are: 

• to develop, examine and improve the Services and the Data Subject’s user experience by performing analyses, statistics;
• to reply to the Data Subject’s requests;
• to establish and defend legal claims.

‍

Consent 

Kernolab Processes Data Subject’s Personal Data for marketing purpose (newsletters) based on the Data Subject’s consent. Consent can always be withdrawn by contacting Kernolab at [email protected].

‍

5. Whom we disclose the Personal Data?

Kernolab may share some Personal Data with Recipients, such as competent authorities. Kernolab does not disclose more Personal Data than is necessary for the purpose of disclosure. Recipients may Process the Personal Data acting as Data Processors and/or as Data Controllers. When Recipient is Processing Personal Data on its own behalf as a Data Controller, the Recipient is responsible for providing information on such Processing of Personal Data. 

‍

Kernolab may disclose Personal Data to Recipients, such as:   

• employees, who are providing or may provide the Services;
• competent authorities, such as tax authorities and law enforcement agencies;
• debt collectors, bailiffs, notaries or insolvency administrators;  
• financial and legal consultants, auditors or any other service providers of Kernolab, to whom disclosing of the Personal Data is necessary and lawful.

‍

As a general rule Data Subject’s Personal Data is Processed within the EU/EEA. The transfer and Processing of Personal Data outside of the EU/EEA will only take place if there is a legal basis and appropriate safeguards. 

‍

6. How we store the Personal Data?

Personal Data is securely stored within our internal databases in EU/EEA. 

We keep Personal Data for a limited time period and in any event no longer than necessary for the purposes for which the Personal Data was collected. The retention periods are defined by the laws or legitimate interests of Kernolab. After retention period comes to an end Kernolab will then delete the Personal Data.

‍

7. Data protection rights and how to complain?

Under GDPR, you have the following rights:

• Your right of access – you have the right to ask us for copies of your personal information. 
• Your right to rectification – you have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. 
• Your right to erasure – you have the right to ask us to erase your personal information in certain circumstances. 
• Your right to restriction of Processing – you have the right to ask us to restrict the Processing of your information in certain circumstances. 
• Your right to object to Processing – you have the the right to object to the Processing of your personal data in certain circumstances.
• Your right to data portability – you have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.

‍

If you make a request, we have one month to respond to you.

‍

Please contact us at [email protected] if you wish to make a request.

‍

You can also complain to the Lithuanian State Data Protection Inspectorate (website address: www.vdai.lrv.lt) if you are unhappy with how we have used your Personal Data.