Privacy Policy

1. Who we are?

As used herein, “Commody” refers to the company Commody, UAB, company code 306224588, address Jogailos str. 3-12, LT-01116 Vilnius, Republic of Lithuania, including without limitation thereby, its owners, directors, investors, employees or other related parties. Commody, UAB is a company with limited liability, incorporated under the laws of Lithuania. Commody is committed to protecting your privacy. This Privacy Policy („Policy“) of Commody, informs and explains how Commody processes Personal Data Commody receives, when you are accessing and/or using the Website, contacting us, or concluding a contract with us.

It is important that you familiarize with the provisions of this Privacy Policy together with our Terms of Service and any other privacy notices we may provide on specific occasions when we are collecting or processing Personal Data so that you are fully aware of how and why we are using your data.

2. What are the meanings of main definitions of this Policy? 
  • “Data Subject” means a natural person whose Personal Data is processed by the Commody.
  • “Data Controller“ means a company which determines purposes and means of Personal Data Processing.
  • “Data Processor“ means a company which Processes Personal Data on behalf and upon instructions of the Data Controller.
  • “Personal Data“ means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • “Processing“ means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether by automated means or not, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
3. What kind of Personal data Commody collects?

Commody collects certain Personal Data about you. Such Personal Data falls into 3 primary categories:

a. information you provide to us;
b. information we collect from you automatically; and
c. information we collect from third parties.

3.1. Information you provide to us

This information is either required for communication between us, in order to conclude a contract, necessary by law, or are relevant for our legitimate interests. Your actions will determine the kind of Personal Data we might ask for, but may include:

a. Identification data: name, surname, date of birth;
b. Correspondence data: including requests, inquiries, survey responses, information provided to Us by mail, e-mail, social networks;
c. Marketing and Communications data includes your consent and preferences in receiving direct marketing from us and our third parties and your communication preferences.

Please note that if you are acting as an authorized individual on behalf of a Data Subject and are providing Personal Data for such Data Subject, you are responsible for ensuring that you have all required permissions and consents to provide such Personal Data to us and that our use of such Personal Data you provide to the Website does not violate any applicable law, rule, regulation or order.

3.2. Which Personal Data we collect from you automatically?

This information is collected automatically by your actions using the Website which helps us to improve the Website, address any customer support issues, provide you with a streamlined and personalized experience.

Each time you access or visit the Website, the following technical personal data may be automatically collected: IP address, access date and time, webpage name and URL, device operating system data, information about the internet provider, language settings and other relevant data. Such data is collected by cookies and / or similar technology solutions on the basis of users’ consent.

Please read our Cookie Policy for more information.

3.3. Which Personal Data we collect from third parties?

This includes information we may obtain about you from third party sources (e.g. Service providers (analytics, advertising, search information) based inside or outside the EU: information to better understand which of the services may be of interest to You or to conclude and perform a contract.

4. What are the purposes and legal bases for Personal Data Processing?

We rely on legal basis for Processing Personal Data under the relevant data protection legislation. This means we will only Process Personal Data where we are legally allowed or required to.

We process your Personal Data using one of the following legal bases:

  • Performance of a contract means Processing your Personal Data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract;
  • Legitimate interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your Personal Data for our legitimate interests. We do not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us;
  • Legal requirement means processing your Personal Data where it is necessary for compliance with a legal or regulatory obligation that we are subject to;
  • Consent means processing your Personal Data using your written consent.

Note that we may process your Personal Data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground, we are relying on to process your Personal Data.

Generally, we do not rely on consent as a legal basis for processing your Personal Data other than in relation to sending third party direct marketing communications to you via email or text message.

Commody may Process Personal Data for the following purposes:

  • Compliance with legal obligations: Commody may need to Process Personal Data in order to comply with relevant applicable laws;
  • To provide communications and support services: According to your preferences and in compliance with applicable law, we may send you marketing communications that we believe may be of interest to you;
  • Our legitimate business interests: sometimes the Processing of Personal Data is necessary for our legitimate business interests, such as:
    • quality control;
    • to enhance security, monitor Website access, and to combat spam or other malware or security risks; or
    • to facilitate corporate acquisitions, mergers, and transactions.

5. On what conditions we would disclose Personal Data?

Commody will not disclose your Personal Data to anyone without legal basis. Commody only shares the Personal Data when Commody has a valid reason for it, namely, to perform a contract concluded with you and when Commody is legally permitted to do so, including:

  • We may share Personal Data between and among subsidiaries and affiliated companies of Commody for purposes of customer support, and other business purposes;
  • We may disclose Personal Data to third parties that we use to execute a contract or perform our obligations. These parties have been rigorously assessed and offer a guarantee of compliance with the legislation on the Processing of Personal Data. These parties carry out their activities according to the instructions given by us and under our control. Such third parties include providers of support services such as secure website hosting, cloud storage, information technology maintenance, network infrastructure, payment processing, customer support and analytics;
  • If you request or authorize it;
  • as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties (acquirer, successor, or assignee) as one of our business assets to. In such case, Commody makes sure that your rights and conditions as a Data Subject shall not be decreased;
  • to protect our legal rights;
  • to address disputes, claims, or to persons demonstrating legal authority to act on your behalf.
6. What are your rights regarding Personal Data?

To the extent required by applicable data protection law, you have all the rights of a data subject as regards to own Personal Data.

  • Request access to your Personal Data. This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
  • Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your Personal Data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  • Request restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of your Personal Data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  • Request the transfer of your Personal Data to you or to a third party. We will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Withdraw consent at any time where we are relying on consent to process your Personal Data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
  • Not to be the subject only to automated processing, including profiling. You have a right to demand that processing of your Personal Data would be reviewed by a real person and to object to the decision made by automated means.
  • To submit an appeal on the actions or inactions of us, related to the implementation of the data subject’s rights to the Data Protection authority that is located in member state of the European Union where you reside; and
  • You are entitled to compensation, which you must apply for to the competent court that is located in member state of the European Union where you reside, if you have suffered damage as a result of a violation of the data subject’s rights.

Please note that notwithstanding the foregoing, there may be circumstances in which we are unable to accommodate a request to edit, update, access, or delete Personal Data. This includes but is not limited to:

  • any basis where such request can be denied under applicable law;
  • where we need to retain the information to comply with international or national laws or for accounting or tax purposes;
  • where we need to comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by state, or local authorities;
  • where we need to cooperate with law enforcement agencies concerning conduct or activity that the business, service provider, or third party reasonably and in good faith believes may violate laws;
  • where we need to retain information to exercise or defend legal claims;
  • where the information contains legal privilege or proprietary information of another party; or where complying with the request would compromise others’ privacy or other legitimate rights.

If we determine that we cannot respond to any request in any particular instance, we will provide you with an explanation of why that determination has been made and a contact point for any further inquiries. To protect your privacy, we will take commercially reasonable steps to verify your identity before responding to any request under this provision, including complying with any applicable legal requirement for verifying your identity.

You do not need to pay a fee to access information or other rights, but Commody may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive or refuse to comply with your request in these circumstances.

In case of your rights violation, you have the right to ask State Data Protection Inspectorate or court to protect your rights.

State Data Protection Inspectorate can be contacted as follows: tel. +370 5 271 2804 / +370 5 279 1445,  fax: +370 261 9494, e-mail [email protected], address: L. Sapiegos g. 17 , LT-10312 Vilnius, Lithuania.

7. How we retain Personal Data?

The Personal Data retention period will vary. The retention period will be determined by the following criteria:

  • the purpose for which we are using Personal Data –We will need to keep the information for as long as is necessary for that purpose; and
  • legal obligations – laws or regulation may set a minimum period for which we have to keep Personal Data.

We will cease to retain Personal Data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the Personal Data was collected, and is no longer necessary for legal or business purposes. For more information on Personal Data retention please contact us using the contact details listed in this Policy.

8. How we secure Personal Data and when can We transfer Personal Data internationally?

Although generally the Personal Data is processed within the European Economic Area, certain activities may result in the transferring of Personal Data to third countries, meaning countries located outside the EU/EEA. We only transfer the Personal Data to the third countries if we have a legal ground for this and we implemented necessary additional security measures, as stipulated in the data protection laws.

Commody takes all necessary measures to protect the data against unauthorized access, modification, disclosure or destruction. Commody has implemented various technical and organizational measures to be compliant with applicable Personal Data, privacy, and data security legislation. Commody has put in place procedures to deal with any suspected Personal Data breach and will notify you and any relevant regulator of a breach where Commody is required to do so by law.

We have to inform you that the transmission of information via the Internet is not completely secure. We cannot guarantee the security of your data transmitted to our Website, so that any transmission is at your own risk. Commody is not responsible for the Personal Data protection measures violations if such violations caused by actions performed by you or a third person. If you have a reason to believe that your Personal Data is no longer secure, please contact us immediately using the contact details listed below.

We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

9. Third-party links

The Website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and we are not responsible for their privacy policies. We strongly encourage you to read the privacy policy of every website you visit, particularly when leaving the Website.

10. The Processing of Personal Data for direct marketing purposes

Commody Processes your Personal Data for direct marketing purposes when you subscribe to our newsletter through the Website. Our newsletter may include information about Commody offers and other news.

The basis for the Processing of your Personal Data for direct marketing purposes is your consent expressed by subscribing to our newsletter.

In any case you have the right to retract your consent for us to send you our newsletters at any time. You can do this by clicking on an interactive link at the bottom of our newsletters or by informing us by e-mail at [email protected].

11. Will this Policy change?

This Policy is current as of the Last Update Date set forth below. We may change this Policy from time to time, so please be sure to check back periodically. We will post any changes to this Policy on the Website. If we make any changes to this Policy that materially affect our practices with regard to the Personal Data we have previously collected from you, we will endeavour to provide you with notice in advance of such change by providing a push notification through the Website, or sending you an e-mail.

11. How you can contact us

Any questions about this Policy, the Processing of Personal Data or Data Subject’s requests please contact us via email [email protected].

Latest Privacy Policy Update: 06/13/2024