2. What data we collect

The scope of data collected depends on which service is ordered and what information you provide. We may collect the following categories of personal data:

3. Why we process data

We process your data for the following purposes:

• order acceptance, administration and service provision (recovery, protection, consultations);
• communication with you (including status updates, clarification of questions);
• execution of automated processes for service provision (see section 4);
• payment processing, accounting, tax and legal obligations;
• system and website security (abuse prevention, fraud risk reduction);
• service quality improvement and internal analytics (when applicable);
• legal requirements and dispute resolution.

4. Automated system and profiling

The Service Provider uses its own automated system to help deliver services more efficiently. Depending on the service, the system may:

• automatically fill Platform (e.g. Meta) appeal or other help forms from your submitted form data;
• prepare and/or send standardised letters/requests to Platform support channels for your case review;
• create an action log and status information in the client portal.

These automated actions are for contract performance (service provision) and are generally not used to make decisions with significant legal effects for you solely by automated means. If different automated decisions were to apply in a specific case – we would inform you separately.

Automated processing is used as a service delivery tool; final decisions (e.g. account restoration) depend on Platforms and are not made solely by automated means in the Service Provider's system.

5. Legal bases

We process your personal data only when we have a legal basis:

• Contract performance – when data is necessary for service provision or to take steps at your request before concluding a contract.
• Legal obligation – accounting, tax, legal requirements.
• Legitimate interest – website and system security, abuse prevention, service quality improvement, dispute resolution.
• Consent – when required by law (e.g. non-essential cookies, certain marketing actions). You may withdraw consent at any time.

When data (e.g. login information) is provided at your initiative and is necessary for a specific task, processing is usually based on contract performance and your request for the service.

6. Who we may disclose data to

We may disclose data only as necessary for the stated purposes to these recipients:

• Platforms (e.g. Meta/Facebook/Instagram, Google) – when necessary for your case review (e.g. appeal forms, requests, confirmations).
• Payment service providers (Stripe) – for payment processing and related risk control.
• IT and hosting providers – for database, servers, email, security and infrastructure services (under contracts).
• Legal and accounting providers – when necessary for legal requirements or dispute resolution.
• State institutions – when required by law.

We do not sell or rent data to third parties for marketing purposes.

7. International data transfer

As the Platforms and service providers used (e.g. Meta, Google, Stripe, hosting providers) may operate outside the European Economic Area (EEA), your data may be transferred and processed outside the EEA.

In such cases we aim for appropriate safeguards to apply (e.g. Standard Contractual Clauses (SCC) or other measures provided by law), as far as this depends on the specific provider and nature of processing.

8. Data security

We apply reasonable organisational and technical security measures to protect data from unauthorised access, disclosure, alteration or destruction. Examples may include access control, logs, password protection, encryption in transit, etc.

However, no system is 100% secure. The client is also responsible for the security of their devices and email, changing passwords after the service and storing recovery codes.

9. Data retention periods

We retain data only as long as necessary for the purposes or as required by law. Typical retention periods:

• Service cases and correspondence – up to 24 months from the last action to ensure continuity, history and dispute prevention (unless longer required by law).
• Accounting documents (invoices, payment records) – as required by law (usually 10 years).
• Subscription and payment statuses – during the subscription and a reasonable period after (e.g. up to 24 months) for disputes and accounting.
• Login data (if provided) – retained only as long as objectively necessary for the service, then removed or anonymised according to internal procedures where possible.
• Technical logs – up to 12 months, unless longer needed for security incidents or abuse investigation.

In specific cases retention periods may differ (e.g. if there is a dispute, legal process or authority request).

10. Your rights

Under applicable data protection law (including GDPR) you have the right to:

• obtain information about data processing;
• access your data;
• request correction of inaccurate data;
• request erasure of data ("right to be forgotten") where applicable;
• restrict processing where applicable;
• object to processing based on legitimate interest;
• data portability where applicable;
• withdraw consent (where processing is based on consent) without affecting the lawfulness of processing before withdrawal;
• lodge a complaint with a supervisory authority (in Lithuania – the State Data Protection Inspectorate).

To protect your data, we may ask you to verify your identity or provide additional information before fulfilling a request.

11. Privacy policy changes

The Policy may be updated when services, technology, legal requirements or the business model change (e.g. international expansion). The latest version is always published on the Website.

12. Contact

If you have questions about this Policy or wish to exercise your rights, contact:

• Data controller: Stanislovas Kalašnikovas
• Email: relyshield@gmail.com
• Website: www.relyshield.com