Recognito

Recognito.io Privacy Policy

Last update date: 17-04-2025

At Recognito.io, safeguarding your personal data is our top priority. We believe in complete transparency, so we have created a detailed MB Recognito’s Privacy Policy to clarify what data we collect, how we use it, and the rights you have over your information (“Privacy Policy”).

The controller of your personal data is MB Recognito, entity number 306382766, address: Žarijų g. 6A, LT-02300 Vilnius (“Recognito”). For more information on how to contact us, please see the end of this Privacy Policy.

We respect your privacy and ensure the security of your personal data. All data is collected, stored, and processed in accordance with the European Union General Data Protection Regulation (EU) 2016/679 (the GDPR) and other applicable legislation.

Our Service require collection and processing of certain data concerning you (e.g., the name, date of birth, address, e-mail address). It also contains important information about the protection of your data and the rights you have under the law.

1. Sources of personal data

We collect your personal data from the following sources:

  • Directly from you: when you provide your data by registering on our system, filling in forms, contacting us or using our Service.
  • Automatically through your use of our Service: when you use our Service, we automatically collect certain information, such as your IP address, browser type, usage statistics, etc., by using cookies and similar technologies.
  • From third-party sources: we may receive your data from publicly available sources or from our partners in accordance with applicable law.

If you do not provide us with your personal data, other than for processing which requires your consent, we will not be able to provide you with our Service or enter a contract with you. In some cases, this may limit your ability to use our Service or features.

2. How and why do we process your personal data?

2.1. User registration and Account management

For you to create an Account and use our Service in accordance with our Terms, we need to process your personal data. This includes identifying you, managing your login details and granting you access to the system. When you register, you provide your name, surname, e-mail address and password (if you do not use third-party authentication services). We process this data directly from the information you provide. Without this data, we would not be able to ensure the registration and management of your Account. In the case of any modifications to the information, you need to update your Account information.

Your personal data is necessary for the performance of a contract concluded with you or to act prior to the conclusion of a contract (Article 6(1)(b) of the GDPR). If you are a representative of an entity, the legal basis for processing your data is legitimate interest (Article 6(1)(f) of the GDPR).

If you use third-party authentication Services such as Google, Facebook or Apple ID for registration, your authentication data transmitted by these platforms is processed. This may include your name, surname, e-mail address and unique identifier. In this case, the legal basis for the processing is your consent (Article 6(1)(a) of the GDPR). If you do not consent to this processing, you may choose to register directly through our system by entering the required data manually.

We will retain this data for as long as your Account is active or for a maximum of 2 years after your last login.

2.2. Provision of Service

To provide you with our Service, to ensure their proper functioning and to process documents efficiently, it is necessary to process your personal data. Our system allows us to automatically process various documents, such as invoices, contracts, applications, or bank statements, to extract, structure and provide you with the necessary data. Without this processing, we would not be able to provide you with our Service, including uploading the documents, extracting the data, and integrating them with the systems you use.

Personal data processed for the purpose of providing the Service is collected directly from you when you upload documents to our system, use our Service or provide the necessary information. Certain data may also be collected automatically, such as the Service usage history, IP address, device information and login data.

Your personal data processed for this purpose includes your name, e-mail address, contact information, content of uploaded documents, history of use of the Service, IP address, device information and other data related to the use of our Service.

The legal basis for processing is the need to perform a contract with you or to act at your request prior to entering a contract (Article 6(1)(b) of the GDPR). In addition, certain data related to the analysis and optimisation of the use of the Service may be processed based on our legitimate interest (Article 6(1)(f) of the GDPR) for the purpose of improving the Service and ensuring their efficiency.

2.3. Administration of payments

To be able to effectively manage payments for our Service, it is necessary to process certain personal data concerning you. This includes processing of payments, billing, keeping the payment history and fulfilling accounting requirements. Without this data, we would not be able to ensure that the payments you make are properly recorded and the Service provided are activated.

Your personal data for this purpose is collected directly from you when you make a payment, as well as from the payment Service providers which process your payments.

The data processed includes your name, surname, e-mail address, payment method, payment amount, Account details, transaction date, purpose, and payment history. We may receive this data from you directly or from third-party payment Service providers which process transactions on our behalf.

The legal basis for processing the data is the need to perform a contract with you or to act at your request prior to entering a contract or legitimate interest (Article 6(1)(f) of the GDPR). In addition, certain data may be processed to comply with legal obligations related to accounting and financial control (Article 6(1)(c) of the GDPR).

Your data may be transferred to third parties, such as payment processing Service providers, banks, accounting Service providers and other financial institutions which are subject to statutory requirements.

We will retain this data for as long as is necessary to fulfil our contractual obligations, but at least for the statutory retention period for financial data, which is 10 years.

2.4. Provision of User services

To provide you with quality assistance and to respond to your requests, it is necessary to process your personal data. This includes processing your referral, providing technical support, and keeping a history of communications. If the request relates to the processing of your personal data and your rights under the GDPR, we must process your personal data to process and fulfil your request properly, including confirming your identity, analysing the request, and providing a response.

Your personal data is collected directly from you when you contact our User service team via e-mail, chat function or other communication channels. We may also use data that is already associated with your Account and use of our Service.

The data we process includes your name, e-mail address, the content of your request, your communication history, and other information that you provide to us to get help or resolve problems.

If you have an Account, your data is processed based on a legal obligation (Article 6(1)(c) of the GDPR). If you do not have an Account, your data is processed based on our legitimate interest (Article 6(1)(f) of the GDPR) to ensure efficient customer Service and proper administration of enquiries or requests.

Your data may be transferred to third parties which provide Users’ support service, communication tools or legal services necessary for the processing and implementation of your requests.

Data relating to communication with Users’ service and the processing of personal data requests shall be kept for a maximum period of 3 years from the date of the last resolution of the enquiry unless a longer retention period is required by law.

2.5 Maintaining system operation and ensuring security

To ensure the operation of our system, to protect our Users and to maintain the quality of our Service, we process certain personal data about you. This includes analysing data, identifying technical problems, implementing cybersecurity measures, and preventing fraud and other abuses.

We also provide password recovery options when the user receives an e-mail with a password recovery link. The data processed may include the e-mail address, date of registration.

In the event of any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to User Data, Recognito will promptly assess the risk to User’s rights and freedoms and, if appropriate, report this data breach the relevant authorities and Users (Article 33(1) of the GDPR).

If a user is found to be violating our rules or engaging in conduct that threatens the security of the system or the interests of other users, we may issue a warning or restrict use of the Account. In this case, the data processed includes the username of the user, the type of warning received and its date.

The legal basis for such processing is our legitimate interest in ensuring the security and stable operation of the system, as well as protection of the interests of our users (Article 6(1)(f) of the GDPR).

Data collected for security purposes is retained for 6 months and infringement warnings are retained for a maximum of 5 years after the last user activity.

2.6. Marketing and communication

Your personal data may be used to inform you of changes to our Terms, Privacy Policy, or other relevant documents. Such communication is necessary for the provision of our Service and to ensure that you are informed of relevant changes. In such cases, the legal basis for processing is the compliance with a legal obligation ((b) and (c) of Article 6(1) of the GDPR).

If you have given your consent, we may also use your data for marketing purposes, i.e., to send you newsletters, notifications about new Service, special offers and other promotional information. Marketing communications may be sent by e-mail or other means of communication. In such cases, the legal basis for processing the data is your consent (Article 6(1)(a) of the GDPR). You can withdraw your consent at any time by clicking the unsubscribe link in the e-mail you receive or by contacting us.

The data processed may include your name, e-mail address and other contact information that you provide when you register or use our Service. We also process information about your interaction with our newsletters, including whether you have opened the e-mail and whether you have clicked on the link. This data is used to measure the effectiveness of our communications and to optimise the messages we send. This processing is based on our legitimate interest (Article 6(1)(f) of the GDPR).

Your data may be transferred to third parties that provide marketing and communication Service, such as e-mail or analytics platforms.

Personal data processed for marketing purposes will be kept for as long as your consent is valid or until you opt out of receiving marketing communications.

2.7. Protecting the rights and interests of the company

If you are involved in a dispute with Recognito, if you are in breach of a contractual obligation, or if we are required to enforce our Terms, defend, enforce or uphold your rights, we may collect and use any of your personal data that we hold in order to find a specific solution to the situation. In certain cases, your data may be transferred to lawyers, auditors or other organisations providing legal services if this is necessary for the protection of our rights or to comply with legal requirements. If you are late in making payments or are otherwise in breach of your financial obligations, we may pass your data to debt collection companies to collect the debt and safeguard our financial interests.

The legal basis for such processing is our legitimate interest to protect the rights and interests of Recognito, to prevent abuse, to recover debts and to protect our legal claims (Article 6(1)(f) of the GDPR).

The personal data collected and used for this purpose shall be stored for a period of 5 (five) years from the time we establish the need to protect our specific rights and interests and, in the case of a dispute or the recovery of a debt, until the final execution of a binding decision of an authorised body.

2.8. Providing information to law enforcement and other public authorities

If we have reasonable grounds to suspect that you are involved in illegal activities, or if we receive an official request from a public authority, we will collect and use the necessary data to provide information to or comply with instructions from law enforcement and other public authorities.

In addition, if we receive a request from law enforcement or other public authorities, we may provide personal data during investigations or administrative procedures.

The legal basis for such processing is our legal obligation (Article 6(1)(c) of the GDPR).

Personal data processed for this purpose shall be retained for as long as necessary for ongoing administrative or judicial proceedings, but no longer than for 3 years from the last reply to the competent authority, unless a longer retention period is required by law or by the requirements of the authority.

2.9. Maintaining business relations and contracts

We process the personal data of business entities’ representatives and employees in connection with the conclusion and performance of contracts, and cooperation. This may include the following data: the name, position, job title, contact details (e-mail address, telephone number) and other information provided in contracts or related documents.

The data is processed to ensure the proper management of contractual relations, communication with business partners, invoicing, fulfilment of obligations and compliance with legal requirements. It may also be used for negotiation, monitoring performance of contractual obligations and the development of business relationships.

This data may be provided to third parties, including lawyers, auditors, banks, financial institutions, and regulatory authorities, as necessary to enforce contracts or legal obligations.

The legal basis for such processing is our legitimate interest in maintaining business relationships and fulfilling our contractual obligations (Article 6(1)(f) of the GDPR).

Data collected for this purpose is retained for 10 years after the end of the contract or longer if required by applicable law.

2.10. Recruitment

For the purposes of recruitment and conclusion of employment contracts, personal data provided by candidates, including the name, surname, contact details (e-mail, telephone number), curriculum vitae (CV), work experience, education and any other information provided at the time of application, is processed.

The personal data is collected from applications submitted directly by candidates, from online job boards or from recruitment agencies that transmit data under recruitment service contracts. Recruitment agencies may also be recipients of this data.

Candidates’ data used only for a specific selection shall be kept until the end of the selection. If the data are kept for longer periods to offer future suitable job opportunities, this requires the consent of the candidate, in which case the data shall be kept for a maximum of 2 years.

For recruitment, personal data are processed for the purpose of concluding a contract of employment (Article 6(1)(b) of the GDPR). If the data are kept for longer periods for the purpose of offering job opportunities, the processing is based on consent (Article 6(1)(a) of the GDPR). Consent may be withdrawn at any time by notifying the contact details of the company.

3. Recipients of personal data

Personal data may be transferred to the recipients listed above for the specific purposes of the processing, considering the basis for the provision of the data and ensuring their security.

In addition, data may be provided to the following recipients: law enforcement authorities, legal service providers, accountants, payment service providers, legal and regulatory authorities, various service providers (including but not limited to insurance companies, IT Service providers, cloud storage and business travel providers), agencies and other persons in connection with the performance of contractual obligations.

All processing is carried out on our instructions and in accordance with data processing agreements or applicable law, with access limited to what is necessary.

Personal data is processed and stored in the territory of the European Union (EU) or the European Economic Area (EEA).

However, in certain cases, data may be transferred, stored, and processed outside the EEA, where data protection rules may differ from those applicable within the EEA. In such cases, it is ensured that the data will be transferred in accordance with the requirements of Chapter V of the GDPR.

4. Cookie Policy

Our website uses cookies which are small pieces of text information that are automatically created when you browse the website and stored on your computer or other terminal device. The information collected by cookies enables us to provide you with a more user-friendly browsing experience, to make suggestions and learn more about the behaviour of users of our website, to analyse trends and to improve the website. If our website contains links to other websites that also use cookies, these are not described here.

We use cookies and other tracking technologies to analyse usage patterns, optimize the performance of our Service, tailor content and provide personalized offers. We also collect technical data about your device, the browser you use, your IP address and your website usage behaviour.

We ask for your consent when we record functional, tracking, advertising, and/or third-party cookies. Where we use essential cookies, we use them based on legitimate interest and do not ask for your consent to the use of such cookies.

We use the following types of cookies on our website:

  • Strictly necessary cookies. Cookies are necessary to use the website features and to log in to your user Account. Without these cookies, you would not be able to use the electronic Service we provide.
  • Functional cookies. Using these cookies allows visitors to avoid having to change their settings each time they visit the website. These cookies help to remember your preferences and settings (such as the language or time zone). These cookies help visitors to avoid changing their settings each time they visit the website.
  • Analytical cookies. Allow us to identify and count visitors to the website and to track how visitors move around the website as they use it. This helps to improve the performance of the website, for example to ensure that users can easily find what they are looking for.
  • Promotional cookies. These are used to show you advertisements that should be of interest to you and relevant to your interests. They can also be used to help measure the effectiveness of an advertising campaign.

The data collected through cookies and similar technologies is used to ensure the proper functioning of the Service, to protect against unauthorised activities and to improve the user experience.

The legal basis for this processing is legitimate interest (Article 6(1)(f) of the GDPR). If cookies are used for marketing or analytical purposes, their use is based on consent pursuant to Article 6(1)(a) of the GDPR.

For full information about cookies, their types, storage life and management options, please see the cookie notice. It contains information about specific cookies, the third parties involved and the basis for storing data. You can change your cookie settings at any time in your browser settings or by using the cookie management tools.

5. Rights of Data Subjects

Data Subjects have the following rights:

  • The right to be informed about the processing of their personal data.
  • The right to have access to the personal data processed and to be informed of the ways in which they are processed.
  • The right to request rectification or erasure of data and to restrict processing.
  • The right to object to processing on the grounds of legitimate interest unless the interests of the data controller or of a third party are overriding.
  • The right to withdraw consent to processing at any time.
  • The right to data portability in the case of processing based on consent or contract and by automated means.
  • The right to lodge a complaint with the State Data Protection Inspectorate concerning infringements of the processing of personal data.

A request to exercise Data Subjects’ rights may be made in person or through an authorised representative using the contact details provided in the “Contact details” section of this Privacy Policy.

If a representative makes the request, the request must be accompanied by a power of attorney issued by the Data Subject.

The request must include:

  • Sufficient information to verify your identity (the name, public profile URL, e-mail address or other necessary information).
  • A clearly worded request so that we can accurately assess it and respond to it.
  • If the request is made by an authorised representative, written authorisation and supporting information about the representative must be provided.

If we are unable to confirm the identity of the person making the request or his/her authority to act on behalf of the Data Subject, we will not be able to provide the information or enable exercising of the rights requested.

In certain cases, we may ask for additional information to confirm identity. This data will be used only for this purpose and will not be processed for any other purpose.

6. Contact details

If you have any questions about how we collect and use data when you use Recongito.io or if you wish to find out your rights, please contact us at info@recognito.io.

7. Final provisions

Legal disputes associated with this Privacy Policy shall be governed by the law of the Republic of Lithuania.

The company shall not be liable for damages, including the damages caused by interruptions in the use of the website, loss or corruption of data caused by your own actions or omissions or those of third parties acting with your knowledge, including erroneous data entry, other errors, intentional damage, or other misuse of the website. We also do not assume liability for any interruptions to access and (or) use of the website and (or) any damage caused by such interruptions and/or damage caused by the acts or omissions of third parties not affiliated with us or you, including interruptions in electricity, internet access, etc.

We have the right to change the Privacy Policy in part or in full. Amendments or changes to the Privacy Policy shall take effect from the date of their posting on the website.

If the Data Subject continues to use the website and/or the Service provided by the data controller after the Privacy Policy is supplemented or modified, it shall be considered that the Data Subject has not objected to such additions and (or) modifications. It is your responsibility to regularly review this Privacy Policy and keep up to date with the changes.

The website may contain links to third-party websites, to legislation, as well as links to social networks (the possibility of sharing the content of the website on the social networks Facebook, Instagram, and LinkedIn). It should be noted that the third-party websites linked to our website are subject to the Privacy Policies of those websites and we are not responsible for the content of the information provided by those websites, their activities, and the provisions of their Privacy Policies.