Privacy Policy

General provisions

UAB “Reefo,” legal entity code 305914091 (hereinafter referred to as the Company), understands that the protection of personal data is important to our clients, suppliers, partners, and other individuals whose personal data we process (hereinafter referred to as data subjects). Therefore, we take a particularly responsible and diligent approach to matters related to the protection of personal data and take all necessary measures to ensure the privacy and security of data subjects.

This privacy notice outlines how the Company processes the personal data of data subjects, including information on what personal data is processed, how it is collected and further processed, how long it is stored, to whom it is provided, what rights data subjects have, and where to address for their implementation or for other matters related to the processing of personal data.

The privacy notice is prepared based on the following legal acts:

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the GDPR or Regulation);
Law No. XIII-1426 of the Republic of Lithuania on Legal Protection of Personal Data of 30 June 2018 (hereinafter referred to as the ADTAĮ);
Law No. IX-2135 of the Republic of Lithuania on Electronic Communications of 15 April 2004.

How do we collect your data?

How we collect your data depends on the services we provide to you or the nature of our collaboration. The company processes data:

Received directly from the Data Subject (you), for example, when you send us inquiries or messages using the provided contacts, or when you register for inspections on our website;

Generated when you use our services, for example, when you use our network and services, such as making phone calls, sending text messages (SMS), browsing the internet, visiting our websites, etc.;

Received from data registers when we need to prepare a contract for you.

For what purposes and what personal data do we process?

Data collection purpose	Legal basis for data collection	Description of categories of personal data	Data storage periods
Conclusion and execution of contracts with clients”	Execution of contract GDPR Article 6(1)(b	Name, surname, phone number, address, bank details, personal identification number, individual activity certificate number, personal code, VAT number, email, content of correspondence and information provided therein, data from the register center	10 years after the end of the contract validity
Registration for property viewing purposes	Consent. GDPR Article 6(1)(a)	Name, phone number, message content	2 years
Monitoring website visitor habits	Legitimate interest GDPR Article 6(1)(f)	Collected cookie information, registration data: name, surname, phone number, email	Until consent is withdrawn
Handling complaints and inquiries	Legitimate interest GDPR Article 6(1)(f)	Name, surname, email address, residential address, phone number, apartment address, inquiry content	5 years after the complaint is resolved
Sending newsletters for direct marketing purposes	Consent GDPR Article 6(1)(a)	Email address, phone, name, surname	Until consent is withdrawn
Social networks administration	Legitimate interest, Article 6(1)(f) of the GDPR	Comments, messages, name, surname	The information is stored on social networks until the person deletes the data themselves.
Search for potential clients	Legitimate interest Article 6(1)(f) of the GDPR	Name, phone number and/or email	2 years

Who do we provide the data to?

The Company engages only those data processors who ensure compliance with the GDPR and the same level of personal data security as specified in the Company’s data protection policy.

Here is a list of categories of data recipients engaged by the Company:

Real estate sales partners engaged by the Company;
Banks, when transactions between us require bank financing;
Notaries, if the contract with you requires notarial form;
Bailiffs, legal and/or debt collection service providers, entities acquiring the right to claim debts, joint debtors data file managers;
Data centers, hosting, cloud, website administration, and related services providers, companies developing, providing, supporting, and developing software, companies providing information technology infrastructure services, companies providing communication services;
Companies providing advertising, marketing services;
Companies providing archiving, physical and/or electronic security, asset management, and/or other business services;
Other third parties, as far as it is related to the sale of our business, mergers, acquisitions, or the entire business or part thereof reorganization, or similar changes;
State institutions in accordance with the law: State Tax Inspectorate, Register Center, Sodra (State Social Insurance Fund Board), Labor Exchange, etc.;
Law enforcement institutions upon their request or at our initiative if there are suspicions of criminal activity, as well as courts and other dispute resolution institutions; tax administrators.

Data transfer to third parties

In case of the need for data provision to Third Countries by our partners, it is carried out based on the lawful grounds for data transfer provided in the General Data Protection Regulation.
We recommend familiarizing yourself with the privacy notices provided by our partners:
Privacy notices of social network administrators:
Facebook: https://lt-lt.facebook.com/privacy/explanation;
Facebook cookie policy: https://lt-lt.facebook.com/policies/cookies/;
Instagram data policy: https://help.instagram.com/155833707900388;
Privacy notices of message delivery and statistics tracking service providers:
Google Analytics: https://www.google.com/analytics/terms/dpa/dataprocessingamendment_20160909.html

How do we protect your data?

In order to ensure an appropriate level of security when processing data, the Company has implemented suitable technical and organizational measures. When selecting and implementing appropriate technical and organizational measures to ensure data processing security, the Company adheres to ENISA guidelines, good information security practices, guidelines prepared by the State Data Protection Inspectorate (VDAI), and recommendations.

What rights do you have?

According to the provisions of the GDPR, as a data subject, you have the following rights:

1. Right to access personal data. This means you can request information about whether your personal data is being processed, and if so, you have the right to access the personal data being processed.
2. Right to rectify personal data. This means you can request correction of your personal data if you find that the personal data we process is incorrect, incomplete, or inaccurate.
3. Right to erasure (right to be forgotten). This means you can request deletion of your personal data if you believe that your data is being processed unlawfully or unfairly.
4. Right to restrict data processing. This means you can request to restrict (suspend) the processing of your personal data, except for storage – for example, when you request correction of your personal data (while the accuracy of personal data is being verified and/or corrected), it is determined that personal data is being processed unlawfully and you do not consent to the deletion of data, you have objected to the processing of your personal data, etc.
5. Right to data portability. This means you can request the transfer of your personal data processed by automated means to you and/or another data controller in a structured, commonly used, and machine-readable format.
6. Right to object to data processing. This means you can object to the processing of personal data when data is processed by the Company on the legal basis of legitimate interest or public interest.
7. Right to demand that automated decision-making and profiling based on data processing that affects your legal rights or significantly affects you be excluded;
8. Right to withdraw consent given to us at any time for the processing of personal data – for example, you can unsubscribe from direct marketing messages at any time by clicking on the “Unsubscribe from the list” option.
9. You have the right to refuse to provide your personal data, but the provision of your personal data is necessary and essential for the purposes stated in this privacy notice. Therefore, if you do not provide your personal data, the Company may fail to achieve the stated purposes.

How can you execute your rights?

You can execute your rights by:

1. Sending us a free-form request to the email address hello@reefo.lt. The request must be signed with a valid electronic signature or accompanied by a copy of a notarized identity document to verify your identity.
2. Sending a request by registered mail to the address Švitrigailos g. 11K-212, Vilnius, indicating that the letter is addressed to the data protection officer. The request must be signed. A copy of your identity document must be attached to the request, certified by a notary.

The request must be in writing, signed, and include the data subject’s name, surname, place of residence, and other data necessary for communication in the desired format, information about which of the data subject’s rights and to what extent the data subject wishes to exercise.

In exceptional cases, if there are suspicions regarding the identity of the data subject, we reserve the right to request additional information to help verify the identity of the applicant, for example, by answering additional questions related to our cooperation, providing notarized documents, etc.

We will respond to your request no later than 30 (thirty) calendar days from the date of receipt of the request. In exceptional cases requiring additional time, we reserve the right to extend the deadline for the provision of requested data or the examination of other requirements specified in your request for up to 60 (sixty) calendar days from the date of your inquiry, after notifying you accordingly.

The Company reserves the right to refuse to consider a data subject’s request if it is found that the requests are obviously unfounded or disproportionate, especially due to their repetitive content.

If no solution can be reached together, you have the right to contact the State Data Protection Inspectorate (www.vdai.lrv.lt), which is responsible for the supervision and control of the legislation regulating the protection of personal data.

Where can you address questions related to data protection?

If you have any questions regarding the information provided in this privacy notice or the protection of your personal data and the exercise of your rights within the Company, including reports of observed personal data breaches, please feel free to contact the Company’s Data Protection Officer in any way convenient for you:
Email: hello@reefo.lt.

What cookies do we use and how do we use them?

Cookie is a small text file that a website saves on your computer or mobile device’s browser when you visit the site. Because of it, the website can “remember” your actions and preferences (such as login, language, font size, and other display options) for a certain period so that you don’t have to re-enter them every time you visit the site or browse its pages.
The information collected by cookies allows us to ensure your browsing convenience and learn more about user behavior on the website, analyze trends, and improve the site.

List of cookies used on the website:

Purpose	Cookie name	Cookie expiration date	Data used
The “arrival time” cookie records the time when the user arrives	October_session	Until the end of the browser session	Unique ID
Google Analytics: identifies users	_ga	2 years	Short randomly generated ID
Google Analytics: identifies users	_gid	1 day	Short randomly generated ID
The Google Analytics cookie thats is necessary for connecting to a Google Analytics account	_utmt_UA_XXX	6 months
Google Analytics: stores information about where the user came from, which search engine was used, which link was clicked, and what keyword was used.	__utma, _utmb, _utmc	2 years

Thank you!