Privacy Policy


  1. Introduction
  2. Definitions
  3. The legal basis of the processing of Personal data in the Company
  4. The objectives and scope of the processing of Personal data in the Company
  5. Children’s personal information
  6. The sources of data obtained and processed by the Company
  7. Retention period of processing Personal data in the Company
  8. The cases and grounds for transfer and disclosure of Personal data to the third parties
  9. Jurisdiction and territory of the processed Personal data
  10. The security of data processed by the Company
  11. Data subject’s rights
  12. Company contacts and communication methods
  13. Examination procedure of requests
  14. Final provision


1. Introduction

1.1. UAB AMLYZE (hereinafter Company or we) respects your privacy and is committed to protecting it through compliance with this Privacy policy (hereinafter Privacy policy).
1.2. In the Privacy Policy, we explain how we process the Personal data of our clients (you) when you use the Company website, when you communicate with us by phone, e-mail, social media and otherwise.
1.3. In this Privacy policy we provide information on how we process clients’ Personal data while carrying out the Company’s business, concluding and executing agreements, and providing services.
1.4. We commit ourselves to be transparent with you by providing clear information about what Personal data we process, the purpose of the processing, the retention period of the Personal data as well as the legal basis for the processing, your rights, and other information that we are required to provide under applicable legislation.
1.5. If you use the Website, it means you have read this Privacy policy and understood the purposes, methods, and procedures for processing your Personal data specified herein. If you do not agree with the Privacy policy, do not use the Website.

2. Definitions

Company (or we / us) UAB AMLYZE, business address Žalgirio str. 90, B entrance, Vilnius, Lithuanian Republic, legal entity code 305393628, email address
Consent of the data subject any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by clear affirmative action, signifies agreement to the processing of Personal data relating to him.
Data controller natural or legal person, public authority, agency, or other body which alone or jointly with others determines the purposes and means of the processing of Personal data. In this Privacy policy, the Data controller is the Company.
Data processing any operation or set of operations performed with Personal data carried out with or without automated means, such as collection, registration, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, distribution or otherwise making available, alignment or combination, restriction, erasure, or destruction.
Data processor a natural or legal person, public authority, agency, or other body which processes Personal data on behalf of and for the account of the Data controller.
Data recipient means a natural or legal person, public authority, agency, or another body, to which the Personal data are disclosed, whether a third party or not.
Data subject (or you) An identified or identifiable natural person whose Personal data are being processed. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as his or her name, identification number, location, online identifier, or one or more factors specific to the physical, physiological, genetic, religious, economic, cultural or social identity of that natural person.
Direct marketing an activity aimed at offering goods or services by post, telephone, or other direct means and/or inquiring about their opinion on goods or services offered.
Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “General Data Protection Regulation”).
Personal data any information relating to an identified or identifiable natural person.
Website the Company’s website

2.1. Other terms shall have the meanings assigned to them and defined in the Regulation.

3. The legal basis of the processing of Personal data in the Company

3.1. The Company collects and processes Personal data in compliance with European Union legal acts which regulate the protection of Personal data.   

3.2. The Company process your Personal data on these bases:

3.2.1. Data subjects’ consent.

Which is expressed by your active actions, when you contact us and provide Personal data, or by other proactive actions. When we have your consent, we send information about our services, proposals, and advertising for consumers or client’s businesses, and organizations and we collect information on whether the information we send is relevant. 

We collect the data regarding newsletter interaction (whether the newsletter was read, when it was read, how many times it was read (or opened), whether it was forwarded to someone, what operating system was used, what email server was used, including server location).

3.2.2. For pursuing the legitimate interests of the Company.

To monitor and guarantee the proper functionality of the Company’s website, for instance. When the Company conducts its own operations. To protect the Company’s rights, for instance to guarantee the collection of debts and other fees.  

3.2.3. For the conclusion, execution, management, and modification of agreements, contracts, and other comparable documents. 

3.2.4. To comply with legal obligations imposed by legal acts applicable to the Company and to safeguard your or another individual’s vital interests.

4. The objectives and scope of the processing of Personal data in the Company

4.1. The Company is committed to ensuring that Personal Data is processed accurately, lawfully, and only for the purposes for which it was collected. Personal data shall only be processed for the explicit and lawful purposes outlined in the applicable legislation.
4.2. The Company processes your Personal data for these objectives:

4.2.1. For the conclusion and performance of the agreement.

4.2.2. We are processing your Personal data in order: to conclude the agreement with you; to supervise the performance of the agreement; to manage the payments under the agreement; to settle the complaints related to concluding, performing, or terminating the agreement. 

4.2.3. The legitimate interests of the Company.

4.2.4. The data we are processing under this objective: to ensure legal requirements, including a collection of the debts applying out-of-court dispute settlements procedures; to protect against lawsuits, legal demands and claims; Personal data processed for prevention of fraud, misuse of the services or money laundering and damage to your physical safety; to secure information systems and our network; to ensure convenient and friendly use of the equipment and services of the Company. 

4.2.5. The legal requirements applicable to the Company.

4.2.6. In instances where the processing of Personal data is mandated by legal acts of the European Union, the legal obligation to process Personal data applies.  The information we process for this purpose: by issuing invoices and other financial documents on goods and services; to ensure the truthful implementation of the taxation obligations, issuing accounting documentation and declaration to the government institutions; when you purchase or order services from us, we are obliged to be able to issue and administer finance documents, such as invoices. 

4.2.7. Direct marketing.

4.2.8. We process your Personal data in order to provide you with general and personalised offers (including offers from our partners) and other information. We can send you notifications, offers, and other information via e-mail. To select notifications and offers to be sent to you, to better understand your needs, to improve your experience while using our services, to automate the use of marketing tools for the most effective customer engagement, to expand the range of services we offer, and to continually improve them, and to provide you with relevant, interesting, and useful offers and other information about our services, we analyse data relating to customers’ behaviour on the Website, patterns of service use, and demographic information. We use sophisticated data analytics tools based on automated data analysis for these purposes.

4.2.9. The Company processes your Personal data for Direct Marketing purposes only after receiving permission for such processing, i.e., when you order services or confirm your consent to receive our newsletter. You can unsubscribe from our marketing communications at any time by selecting the link at the bottom of our emails.

4.3. Due to the objective of the scope of processing your Personal data by the Company.

4.3.1. For the objective of direct marketing, we process your Personal data: name, surname (only if you submit the surname); email address, telephone number, and address; Newsletter interaction (whether the newsletter was read, when it was read, how many times it was read (or opened), whether it was forwarded to someone, what operating system was used, what email server was used, including server location).

4.3.2. For the objective of concluding and performing the agreement, we process your Personal data: name, surname; bank account number; position; VAT code; business address; other contact details: email address and telephone number; IP address;

4.3.3. Under the legitimate interest we process the data about your device. the information that you provide when you are browsing our website. IP address and device type; the screen resolution and the operating system of your device and (if you choose to share information with us) your location and information on how you browse the Website.

5. Children’s personal information 

5.1. If a user suspected of being younger than 18 years old submits personal information, we will remove the information as soon as possible. Please inform us if you are aware of any individuals under the age of 18 who are using the Website, so we can take steps to prevent their access.

6. The sources of data obtained and processed by the Company

6.1. We receive your Personal data from you when we enter into an agreement with you or when you use the Website. We will not enter into an agreement with you or provide you with any of our products if you do not provide us with all the required information.

6.2. When you communicate with the Company, we receive the data from you:

6.2.1. When you use the Company’s services or products;

6.2.2. When you have a legal relationship with the Company;

6.2.3. When you are ordering the newsletters;

6.2.4. When you submit your request for information.

6.3. We process your Personal data when we receive the data from legitimate sources:

6.3.1. Public registers;

6.3.2. Government information systems; 

6.3.3. Parties of the agreement and contracting partners (the data about the representatives and employees); 

6.3.4. Public professional social media;

6.3.5. Public databases;

6.3.6. Third persons;

6.3.7. Other legal sources.

7. Retention period of processing Personal data in the Company

7.1. We collect and process your Personal data no longer than it is necessary to implement the purposes for which the data was collected or for a period to be determined by applicable law. 

7.2. We determine the Personal data storage period based on the following principles:

7.2.1. how long such information is needed for the objectives for which it was collected and processed;

7.2.2. how long such information is needed for us in complying with the legal requirements applicable to us;

7.2.3. how long is such information needed for us in complying with our obligations under the agreement;

7.2.4. how long you allow us (with your consent or otherwise) to use such information about you.  

7.3. With your consent, for the purpose of Direct marketing, the Personal data will be stored until you unsubscribe from the newsletter, but no longer than 2 (two) years after the agreement expires. 

7.4. If the agreement was concluded, your Personal data will be stored for 10 (ten) years after the agreement expires or is terminated. 

7.5. If the agreement provides for a warranty period that exceeds the processing term of 10 (ten) years, then all Personal data relating to the agreement will be stored until the warranty period expires.

7.6. If the agreement is required during the court proceedings, due to which the specified processing period of 10 (ten) years is extended, then all Personal data related to the concluded agreement will be processed for 1 (one) year from the final decision of the relevant institutions. 

7.7. If the agreement was not concluded, your Personal data won’t be stored for the purpose of performing the agreement, however, the data may be stored under the consent or other legitimate basis.  

7.8. We will process your data related to your payments for a maximum of 10 (ten) years from the date of the transaction or the expiration of the agreement (depending on whichever is later).

7.9. We will process the data of your communication with us history, for example, communication by email or telephone. Such communication data for this purpose will be stored for a maximum of 4 (four) years from the date of the last communication event. 

7.10. Information about your device. The information that you provide when you are browsing our Website, including the IP address and device type, the screen resolution and the operating system of your device, and (if you choose to share information with us) your location and information on how you browse the Website. For this purpose, we will store your data for a maximum of 2 (two) years from the last connection to our Website.  

8. The cases and grounds for transfer and disclosure of Personal data to the third parties 

8.1. Since our goal is to earn and maintain your trust, we will only transfer your Personal data when necessary. Your Personal data will not be disclosed to third parties without your prior consent, except as described below.

8.2. We can disclose your Personal data to:

8.2.1. auditors, financial and legal advisers;

8.2.2. companies providing courier services;

8.2.3. processors, such as an archiving company;

8.2.4. the company we use to send newsletters, systems maintenance companies, and other similar companies;

8.2.5. banks or payment service providers;

8.2.6. public authorities and law enforcement agencies;

8.2.7. companies for the purposes of debt management or debt recovery;

8.2.8. data protection officer service providers. 

8.3. In order to secure appropriate security lever, in such a manner that processing Personal data will meet the requirements of the Regulation and ensure the protection of the rights of the Data subject which data is processed, we are cooperating only with those service providers who are obliged to implement necessary technical and organizational measures.  

9. Jurisdiction and territory of the processed Personal data

9.1. We process your Personal data in the territory of the European Union, except for the exceptions below. We have no intention to transfer, and we are not transferring your Personal data to third countries.  

9.2. Please note, that some of the data we collect when you are browsing our Website, or data generated by visiting our Website, may be transferred or available to the companies acting both in the European Economic Area (EEA) and the third countries such as United States of America and other non-EEA countries (such as Google Analytics, Facebook Ads or other similar services, functionalities, and goods). The data which we collect when you visit our Website in certain cases can be transferred to third countries:

9.2.1. IP address

9.2.2. location;

9.2.3. cookies (see Cookies policy);

9.2.4. The information related to your browser or device settings (browsing date, time, duration, other browsers, or device information related to your activity on the Website). 

9.3. To ensure an adequate level of data security and to guarantee the lawful transfer of data outside the EU and the EEA, we are following the terms and conditions set out in the Regulation.

10. The security of data processed by the Company

10.1. To ensure the security of your data, we take the necessary organisational and technical measures. The data is stored securely and is only accessible to those who require it to fulfil their responsibilities and duties. We also require our business partners to implement the necessary technical and organisational measures to protect your data.  

11. Data subject’s rights 

11.1. You as the Data subject have the rights under the Regulation and law and you can freely exercise your rights. In this Privacy policy, we are delivering your rights guaranteed to you by Regulation and the main ways how to implement your rights.  

11.2. Your rights:

11.2.1. The right to obtain information regarding processing Personal data: At the moment when we collect your data, we provide you with information regarding processing your Personal data. You can always find the information on how we process your Personal data in this Privacy policy or by submitting your request by email

11.2.2. The right to access data processed: You have the right to access the Personal data and obtain confirmation from us on how we process your Personal data, including the basis for processing data, categories, data processors, and other information. We will provide a copy of your data. You have the right to obtain your Personal data in a structured, commonly used, and computer-readable format. However, you will not be able to exercise this right in cases where it may adversely affect the rights and freedoms of third persons. We have the right to refuse to provide the data we process if there are legal grounds set out in the law under which the Personal data are not provided.

11.2.3. The right to rectify your Personal data: You have the right to rectify or modify, amend, or correct your Personal data. 

11.2.4. The right to request the erasure (right to be forgotten): You can exercise this right when: the Personal data are no longer necessary in relation to the objectives for which they were collected or otherwise processed; You withdraw consent and there is no other legal ground for the processing; You object to the processing pursuant to our legitimate interest or third-party interest; data is processed for direct marketing purposes; the Personal data have been unlawfully processed; Personal data must be erased in accordance with the requirements of the law that applies to us. Due to certain exceptions, you will not always be able to exercise your right to be forgotten. These exceptions encompass situations in which the processing of Personal data is required to: for exercising the right of freedom of expression and information; for compliance with our legal obligation; for the establishment, exercise, or defense of legal claims.

11.2.5. Right to restriction of your Personal data processing. You can exercise this right: when you challenge data accuracy; when Personal data is processed unlawfully, however, you don’t want to delete your Personal data; when there is no need to process your Personal data, however, you request data in order to establish, exercise, or defend against legal claims. When you restrict processing your Personal data based on our or third-party legitimate interest, the data will be processed until the ground of your restriction is verified. We must point out, that because of the restriction of data processing, during the period of such restriction, we may be continuing to store your data, without processing data, except: for the establishment, exercise, or defense of legal claims; to protect the rights of natural or legal persons; for important reasons of public interest.

11.2.6. Right to object to data processing. You have the right to object to Personal data processing when Personal data is processed based on our legitimate interests. To exercise the right specified in this paragraph, please submit a written request by e-mail

11.2.7. Right to object to data processing, when direct marketing is the basis for processing. When you withdraw your consent to process your Personal data for direct marketing purposes, we won’t process data based on your consent for this purpose. 

11.2.8. Right to data portability. You can exercise this right when we process your data by automated measures (computers, etc.) and the legal basis for processing is: Your consent; The performance of the agreement or our actions made with your request before concluding the agreement. With your request and where technically possible we will move your data to another data controller.

11.2.9. Right to withdraw the consent to process your Personal data. In those cases, where we process your data based on your consent, you have the right to withdraw your consent at any time, and data processing based on your consent will be stopped. Withdrawal of consent will not affect the lawfulness of the processing prior to the withdrawal.

11.2.10. Right to lodge a complaint to the supervisor authority. If you think that we process your data in breach of the requirements of Personal data protection legal acts, we always ask that you contact us directly first. If you are not satisfied with a problem solution, you will have the right to lodge a complaint with the State Data Protection Inspectorate (, address L. Sapiegos str. 17, LT-10312 Vilnius, Lithuania, phone (8 5) 271 2804, 279 1445, fax. (8 5) 261 9494, e-mail

12. Company contacts and communication methods

12.1. If you have any questions about how we process data or if you will have any requests or remarks, please contact us by e-mail

13. Examination procedure of requests

13.1. To protect our client’s Personal data from illegal disclosure, upon receipt of your request to present data or implement other rights of yours, we will have to verify your identity.  To verify your identity, we may ask you to indicate relevant data (e.g., name, surname, date of birth, e-mail address, or telephone number, etc.). In the performance of this verification, we may also send a control notification to the last known contact address (SMS or e-mail), asking to take authorization action, we may also request additional documents or data. If the verification procedure fails, we will be forced to state that you are not the Data subject of the requested data, and we will have to reject your request.

13.2. Upon receipt of your request regarding the implementation of any of your rights and having successfully completed the above-mentioned verification procedure, we will inform you of the actions we took in response to your request without undue delay, but no later than one month after receipt of your request and completion of the verification procedure. Regarding the complexity and quantity of requests, we reserve the right to extend the one-month period by two months, notifying you before the end of the first month and providing justification for the extension.

13.3. If your request is submitted electronically, we will give the answer to you electronically, too, unless it is impossible (e.g., due to a particularly large scope of information) or when you request us to answer you in some other way.

13.4. We reserve the right to deny your request with a reasoned written response in accordance with the conditions and grounds specified in legal acts. We will provide you with information at no cost; however, if your requests are manifestly unfounded or disproportionate, especially due to their repetitive nature, we may charge a reasonable fee to cover administrative costs or refuse to act on your request.

14. Final provisions

14.1. We reserve the right to periodically update this Privacy policy to accurately reflect how we handle your Personal data. 

14.2. If we make substantial changes, we will notify you by publishing them on the Website or by other methods, such as email, so that you can review the changes before accessing our Website. 

14.3. If any provision of the Privacy policy is determined to be invalid or unenforceable, this does not affect the legality and enforceability of the remaining provisions.

14.4. Privacy policy is effective as of 3 of July 2023.