UAB Eldrive Lithuania 
PRIVACY POLICY

‍(version of 1 October 2024)

This Policy sets out the principles and procedures for processing personal data. This Policy applies when you use our, UAB Eldrive Lithuania, legal entity code 305829082, address Aukštaičių str. 7, LT-11341 Vilnius, Republic of Lithuania, e-mail info@eldrive.lt, phone +370 664 44505 website www.eldrive.eu (hereinafter referred to as the "Website"), the Eldrive Lithuania mobile application (hereinafter referred to as the "App"), our accounts on the social networks Facebook, Instagram and LinkedIn (hereinafter referred to as the "Social Network Accounts"), when you view the information provided by us, when you use our electric vehicle charging station services (hereinafter referred to as the "Services"), when you contact us by telephone, email and other electronic means, when you express your interest in our offers and news or when you make a query about other issues.

1. DEFINITIONS

1. The person responsible for processing means an employee of the controller who, by virtue of the nature of his or her work, is entitled to perform certain functions relating to the processing of data.
2. GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
3. Data or personal data means any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, a personal identification number, location data and an online identifier, or to one or more factors specific to the natural person's physical, physiological, genetic, mental, economic, cultural or social identity.
4. The DPA is a data processing agreement that will be signed with each processor in accordance with the terms set out in this Policy.
5. Data subject or you means a customer, potential customer, user of the website and/or the Eldrive app, or any other person whose data is processed by the Data Controller (Eldrive Lithuania).
6. Processing means any operation or sequence of operations which is performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, sorting, organisation, storage, adaptation or alteration, retrieval, access, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination with other data, restriction, erasure or destruction.
7. Data Processor means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the Data Controller (Eldrive Lithuania).
8. The data controller or we - UAB Eldrive Lithuania, a private limited liability company incorporated in the Republic of Lithuania, legal entity code 305829082, address: Aukštaičių str. 7, LT-11341 Vilnius, Republic of Lithuania, the data shall be collected and processed by the Register of Legal Entities of the State Enterprise Centre of Registers.
9. Customer means a person who uses or has used the services provided by the Data Controller.
10. Policy means this Privacy Policy.
11. All other terms used in this Policy shall have the meaning as defined in the GDPR and the Law on Legal Protection of Personal Data of the Republic of Lithuania (hereinafter referred to as the "LPPD").

2. GENERAL PROVISIONS

1. You must read this Policy carefully and familiarize yourself with its provisions before using the website, app, using our services, etc. By doing the above on the website and by ticking the relevant check box in the App, you confirm that you agree to be bound by this Policy. 
2. The data subject shall not be entitled to use the website, app, services, etc. unless he/she has read this Policy and indicated his/her acceptance of its provisions. In cases where the Data Subject does not agree with this Policy or the relevant part of it, he/she shall not be able to use the website, app, services, etc.
3. Our website and app may contain links to third party websites, apps or social media accounts. This Policy does not apply to third-party websites, apps or services. Before providing your personal data to such third parties, be sure to read their privacy policies. We have no control over, and accept no responsibility for, the content, services or processing of data published by third parties.
4. The processor must comply with the following basic data protection principles:

1. The processing of personal data is lawful, fair and transparent in relation to the data subject (principles of lawfulness, fairness and transparency);
2. Personal data are collected for specified, explicit and legitimate purposes and are not processed in a manner incompatible with those purposes (purpose limitation principle);
3. Personal data must be adequate, relevant and only necessary for the purposes for which they are processed (principle of data minimisation);
4. Personal data must be accurate and, where necessary, kept up-to-date, and all reasonable steps must be taken to ensure that personal data which are not accurate, having regard to the purposes for which they are processed, are erased or rectified without delay (the accuracy principle);
5. Personal data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (the principle of limitation of storage time);
6. Personal data must be processed in such a way as to ensure, through appropriate technical or organisational measures, adequate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage (integrity and confidentiality principle);
7. The controller is responsible for ensuring compliance with the principles set out above and must be able to demonstrate compliance with them (the accountability principle).

3. WHAT PERSONAL DATA DO WE PROCESS?

1. We process your personal data that we have received in the following ways:

‍

1. when you provide us with your personal data, for example when you register on the app, use our services, contact us by email or phone, etc.;
2. when you use the app and website, social accounts, we collect the following personal data from you: your service usage history, your IP address, your website visit history, your preferences, open URLs and more;
3. when we receive personal data from third parties, for example when we receive information from public registers, state or local authorities or bodies, our partners, other third parties such as payment institutions, etc.;
4. where your personal data is provided to us with your consent by other persons, including companies that use our services, for example where such companies provide your personal data as an agent, etc.

‍

2. We process your personal data in order to offer and provide our services to you, to fulfil our contractual obligations and to pursue our legitimate interests or the legitimate interests of third parties. We always process data in accordance with the legal requirements. 
3. With your consent, we may collect data about your geographical location in the App. This data helps us to provide better, more personalised services, to enable certain functionalities of our services and to offer you content that is more relevant to you. You can withdraw your consent to the sharing of your geolocation data at any time by changing the settings in the app or on your mobile device. You may be able to use the app and services even if you have not given your consent, but this will be subject to certain functionality limitations.
4. We use a third-party payment service provider, Worldline, to process all payments you make through the App. We do not collect or store any payment data. We receive limited information from Worldline, such as the last four digits of your card, the name of the country of issuance and the expiry date. Worldline processes such data in accordance with its privacy policy, which can be found here: https://worldline.com/en/compliancy/privacy.
5. The person who provides us with personal data (both when providing his or her own personal data and when providing the personal data of others, such as employees, representatives) is responsible for ensuring that such data is accurate, complete and up-to-date, and for obtaining the consent of the relevant data subject to provide us with his or her personal data. We may ask you to confirm that such a person has the right to provide us with personal data (for example, by completing service order or registration forms). If necessary (for example, if a person makes a request for us to give them their personal data), we will indicate who provided such data. 
6. In some cases, personal data may be retained for a longer period of time if the retention of personal data is required to protect our legitimate interests or the legitimate interests of any third parties, for example in the event of legal disputes, or if we are required by law to retain that data. After the retention periods set out in this Policy have expired, the data will be anonymised or securely destroyed by erasing it from information systems and, if it was on paper, by destroying it with a document shredder.
7. We share information about ourselves, our events, news, surveys and recruitment information on our social media accounts. Users of our social media accounts are also subject to the privacy policies of the owners of the social media networks on which our social media accounts are created. When you interact with us through our social media accounts, depending on the privacy settings we have chosen, we may be able to see certain information about the user's account, such as the name, surname, photo, gender, email address and location of the user's profile. If a user posts information to our social networking account when interacting with us (e.g., posts a comment in the comments section of our social networking account or posts to our social networking account profile), depending on the privacy settings we have chosen, the posted information may be made public (e.g., visible to other users of our social networking account).
8. In some cases, we may send you notifications and/or reminders in connection with the ordering or provision of our services, such as service changes, app updates etc. Such notifications are necessary for us to provide our services properly and do not constitute promotional communications.
9. You have the right to change or update the information you provide to us. In some cases, we need your accurate and up-to-date information, and we may ask you periodically to confirm that the information we hold about you is correct.
10. We process your personal data for the following purposes and under the following conditions

‍

1. PROCESSING FOR DIRECT MARKETING PURPOSES

1. The Data Controller carries out direct marketing. In order to receive offers related to the services provided by the Data Controller, the Customer must consent to the processing of his/her data for direct marketing purposes at the time of registration, or by logging in to his/her account in the App, he/she must opt-in to receive direct marketing communications.
2. The Data Controller carries out direct marketing (sending newsletters and offers by email, sending push notifications in the app) to persons who have entered their email address on the Data Controller's website and/or app and have consented to receive such notifications. In this case, the Data Controller also attributes the e-mail address of the person concerned to the processed data.
3. The data subject may withdraw his or her consent and unsubscribe from newsletters and other direct marketing communications at any time. To do so, you can either click on the link provided in the email notifications we send you, change the notification settings in your account, or send a specific message to us at info@eldrive.lt requesting the corresponding change.
4. Withdrawal of consent does not mean that we are automatically obliged to destroy your personal data or to provide you with information about the processing of your personal data. In order for us to do so, you must make a separate request to us.
5. It is possible that when we send you a direct marketing message, we will collect information about the people who received it, such as what message people opened, what links they clicked on, etc. We collect this information so that we can offer you relevant and more personalised newsletters.
6. We may pass on your contact details to our partners or data processors who provide us with newsletter mailing or quality assessment services.

2. SHARING DATA WITH PARTNERS AND DATA PROCESSORS

1. The transfer of your personal data to third parties will only be carried out as described in this Policy.
2. We may transfer your personal data to our partners or consultants (e.g. professional service providers such as accountants, legal advisors, audit firms, etc.) and to our trusted service providers when they are providing services to us, and to you on our behalf and on our behalf and on our instructions (IT, cloud, security providers, providers of other core operating systems such as banking modules, etc.). We will always control and remain responsible for how your personal data is used. Below is a list of our service providers and partners:

1. Accounting and financial services - Ernst & Young Baltic UAB (Lithuania);
2. Apps and other IT solutions - Ampeco LTD (Bulgaria), Onesignal (USA) (data is transferred securely to the service provider through EU standard contractual clauses approved by the European Commission for data transfers outside the EEA);
3. Cloud and hosting services - Amazon Web Services EMEA SARL (Luxembourg), Amazon Web Services, Inc. (US) (data is transferred securely to the service provider, subject to the EU Standard Contractual Clauses for data transfers outside the EEA, approved by the European Commission);
4. Payments - Worldline S.A. (France);
5. Insurance - AAS "BTA Baltic Insurance Company" (Lithuania);
6. The data about your use of the services is processed and stored by the owner of the charging station management platform, Fortum Charge and Drive B.V., company code 61499897, address: Claudius Prinsenlaan 136, 4818CP Breda, Kingdom of the Netherlands. The Data Controller has entered into a DPA with this partner and ensures that the processing of the data is carried out in accordance with the GDPR. More information about Fortum Charge and Drive B.V. privacy policy can be found on this website https://www.fortum.com/we-care-about-your-privacy.

3. In accordance with the procedure established by the laws of the Republic of Lithuania, your personal data may be transferred to state or local authorities and bodies, law enforcement and pre-trial investigation authorities, courts and other dispute resolution authorities, other persons who perform functions assigned to them by law. We transmit to these entities the mandatory information that we are required to transmit by law or that the aforementioned bodies or authorities themselves have specified.
4. Where necessary, data may be transferred to companies that intend to buy or would buy the Controller's business, or that would engage in joint economic activity or any other form of cooperation with us, as well as to companies established by us.
5. The Data Controller confirms that all technical and organisational data protection measures have been properly implemented to ensure data protection.
6. The Data Controller shall enter into a DPA with all Data Processors and shall ensure that the Data Processors process personal data only on behalf of the Data Controller and only for the purposes specified in the DPA. Each Processor should:

1. process personal data only in accordance with the documented instructions of the Data Controller, including in relation to the transfer of personal data to a third country or an international organisation, unless a derogation from such instructions is required by the legal requirements applicable to the Data Processor. In such case, the Processor shall notify the Controller of such legal requirement before processing the personal data;
2. ensuring that those authorised to process personal data are committed to confidentiality and to comply with applicable EU data protection law;
3. assist the Data Controller, at the express written request of the Data Controller, to ensure compliance with its legal obligations, such as those relating to the security of the Data Controller's data, the data protection impact assessment and the prior consultation required by the GDPR, and in particular to put in place appropriate technical and organisational measures to protect the personal data referred to in the DPA against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or unauthorised access to, such personal data in accordance with the GDPR;
4. to assist the controller in fulfilling its obligation as a data controller, namely, to comply with the requirements regarding the availability of data subject rights under the GDPR to individuals, by means of appropriate technical and organisational measures. The processor must immediately notify the controller of any request made by a data subject and must not respond to any such request without being instructed by the controller to do so;
5. provide the Data Controller with all information necessary to demonstrate the Data Processor's compliance with its obligations under the DPA and the GDPR, and to permit and assist audits, including inspections by the Data Controller or another auditor authorised by the Data Controller;
6. keep accurate records of all data processing activities under the DPA in accordance with the requirements set out in the GDPR and provide the relevant records to the Data Controller within ten (10) working days upon request of the Data Controller;
7. ensure that no personal data is transferred, made available for use, transferred, disclosed or otherwise communicated to any third party without the prior express written consent of the controller;
8. ensure that data protection obligations similar to those set out in this document are also imposed on other Data Processors contracted by the Data Processor. The Processor is responsible to the Data Controller for ensuring that those other Processors comply with those obligations;
9. in the event that the Data Controller's instructions violate the GDPR, or if personal data are or will be processed in breach of the GDPR or the DPA, to immediately inform the Data Controller thereof. Also to inform the Data Controller without delay of any complaints received from data supervisory authorities in relation to the processing of data or of any audits carried out by such authorities in relation to the processing of data;
10. upon becoming aware of a personal data breach, which means that a data breach has occurred which has resulted in the unintentional or unauthorised destruction, loss, alteration, unauthorised disclosure, unauthorised transmission, unauthorised storage, unauthorised access or unauthorised processing of personal data, to notify the Data Controller without undue delay (but no later than 48 hours). The notification must describe the nature of the personal data breach, the number of data subjects concerned, the likely consequences of the personal data breach, the measures taken or proposed to be taken, and the other data listed in Article 33(3) of the GDPR relevant to the breach; and
11. upon termination of the DPA or upon written request by the controller, destroy or return all personal data, unless otherwise provided for in the GDPR or in the EU national law applicable to the processor.

7. In order to ensure the quality of the services provided and to respond promptly to Client questions, the Data Controller's employees acting as Customer Service Specialists are responsible for answering Client calls and providing telephone consultations 24 hours a day, 7 days a week. The Data Processor shall record conversations between the Data Processor and the Customer, which shall be retained for a period of 180 (one hundred and eighty) days. 

3. DATA TRANSFER OUTSIDE EEA

1. We generally process personal data in countries within the European Economic Area ("EEA"), but in some cases your personal data may be transferred outside the EEA. Outside the EEA, your personal data will only be transferred if the following conditions are met:

1. The company must be based in the United States and certified under the US-EU Privacy Shield (https://www.privacyshield.gov).
2. There is a European Commission decision on the adequate level of protection of personal data by the third country where the data is received;
3. The data subject has given his/her explicit consent after having been informed of the potential risks associated with the transfer, in the absence of a decision on the adequate level of protection and appropriate safeguards;
4. The transfer is necessary for the performance of a contract between the Data Subject and the Data Controller or for the performance of pre-contractual measures taken at the request of the Data Subject;
5. The transfer of data is necessary for the conclusion or performance of a contract concluded in the interests of the data subject between Eldrive / Group and another natural or legal person;
6. A transfer is necessary for the establishment, exercise or defense of legal claims.

2. Currently, data transfers outside the European Union (EU) are only necessary for our trusted partners who provide newsletter and hosting services in the United States. They are certified under the EU-U.S. Data Protection Shield and provide an adequate level of protection for personal data that meets the requirements of the General Data Protection Regulation.

4. RIGHTS OF DATA SUBJECTS

1. The data subject shall have the right to exercise such rights in accordance with the procedures set out in the GDPR:

1. The right to be informed implies that, before starting to process data, the Data Controller is obliged to provide the data subject, in the form of a privacy notice, with information on the personal data it collects, the grounds and purposes for which it uses the collected data, the persons with whom it shares the data, as well as on its intention to transfer the personal data to third countries outside the EEA, the retention period and the safeguards, the consequences of nondisclosure of the data, the existence of automated decision-making, the rights of the data subjects, including the right to lodge a complaint with a supervisory authority.
2. The right of access to data enables the data subject to obtain a copy of the personal data held by the Data Controller and information relating to the processing of the data. Access to information on the services used by the data subject and the data provided by the data subject at the time of registration may be obtained through the Customer Account in the App and by making a specific request for access to the data in question.
3. The right to have your data erased ("right to be forgotten"). This right enables the Data Subject to request the Data Controller to erase his/her personal data if the Data Controller no longer has reasonable grounds to continue processing them, e.g. if the purpose for which the data were collected has been achieved or if the Data Subject has withdrawn his/her consent. If the legal claims are met, the Data Controller should delete the personal data within 1 month, unless it is subject to an obligation to continue to process the data or it is necessary to preserve the data in order to assert, exercise or defend legal claims.
4. The right to rectification enables the data subject to request the rectification of any inaccurate or incomplete data relating to him or her. The data subject must make timely changes to his or her personal data in his or her own account or notify us of any changes to his or her data.
5. The right to restrict processing enables the Data Subject to request the Data Controller to temporarily suspend the processing of personal data if, for example, the Data Subject wishes to establish the accuracy of the data or the reasons for the processing of those data.
6. The right to data portability is limited to cases where the data are processed by automated means and the Data Subject has provided them with his/her consent or for the performance of a contract. This right allows the Data Controller to transfer to a third party those personal data of the Data Subject that are stored in electronic form.
7. The right to object means that, where the Data Controller has legitimate interests as the basis for processing, the Data Subject has the right to object to the processing of his or her personal data on grounds relating to his or her particular case. In addition, he/she has the right to object to the processing of his/her personal data also when the data is processed for direct marketing purposes or for statistical purposes.
8. Rights relating to processing by automated means and profiling. The Data Subject shall have the right to have decisions taken on the basis of the results of processing carried out solely by automated means, including profiling, which produce legal effects concerning the Data Subject, or similarly significantly affect the Data Subject, disapplied.
9. Right to withdraw consent. The data subject shall have the right to withdraw the consent given at any time. If the consent was given for direct marketing purposes, the data subject may unsubscribe from the newsletters sent to him or her at any time by clicking on the "Unsubscribe" link provided in the e-mail messages we send to him or her or by changing the relevant settings in the application. If the data subject has granted access to his or her geographical location via a mobile device in order to find charging stations for electric vehicles nearby, he or she may change the relevant settings in the app.
10. Right to lodge a complaint with a supervisory authority. If the Data Subject considers that any of the aforementioned rights have been infringed, he/she has the right to lodge a complaint with the supervisory authority, the State Data Protection Inspectorate. Further information and contact details can be found on the website of the DPAI https://vdai.lrv.lt/.

2. You can exercise some of your rights as a data subject by changing the settings and information in your account. You may submit any request or instruction relating to the processing of your personal data to us in writing by sending an email to info@eldrive.lt. When you make such a request, we may ask you to fill in necessary forms to better understand the content of your request and to provide proof of your identification or other information that will help us verify your identity.
3. Upon receipt of your request, we will provide you with a reply within no later than 1 month of receiving your request and will carry out the actions requested in the request or inform you why we refuse to do so. If necessary, this time limit may be extended by a further 2 months, depending on the complexity and number of requests. In this case, we will notify you of the extension within 1 month of receipt of the request.
4. If personal data is erased at your request, we will only retain a copy of the information that is necessary to protect our legitimate interests and those of others, to comply with obligations imposed by public authorities, to resolve disputes, to detect breaches, or to comply with any agreements you have entered into with us.
5. The Data Controller shall have the right to deny the Data Subject the exercise of his/her rights on reasonable grounds, or to charge a reasonable fee under the conditions provided for in Article 12(5)(b) of GDPR.

5. MANAGING DATA BREACHES

1. If the Controller's employees who have access to the data observe or are notified of a breach of data security (omissions or actions of individuals that may compromise data security), they are required to report it to the person responsible for processing the data and to their direct supervisor.
2. Taking into account the risk factors for data breaches, the degree of impact of the breach, the damage caused and the consequences of the breach, the Data Controller shall decide on the necessary measures to remedy the data breach and its consequences in accordance with the relevant internal procedures and shall notify the persons concerned thereof.

6. TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF PERSONAL DATA

1. The organisational and technical data protection measures implemented by the controller shall ensure a level of security appropriate to the nature of the data processed by the controller and the risks arising from the processing, including measures which go beyond those set out in this Section.
2. Personal data security measures include:

1. Administrative measures (establishing and organising procedures for the security of documents and computer data and their archives in the various areas of activity, mandatory training for new staff and instructions on the protection of personal data upon resignation/dismissal, declarations of confidentiality and prohibition of disclosure of personal data, procedures for granting access to information systems, etc);
2. Hardware and software security measures (administration of servers, information systems and databases, maintenance of workstations, protection of operating systems, monitoring/controlling user access, protection against computer viruses, etc.);
3. Information systems and database administration, workstation maintenance, operating system protection, computer virus protection, etc;
4. Protecting communications and computer networks (hardware and software tools to encrypt and transmit shared data, applications, personal data, filtering of unwanted data packets, etc.);
5. Two-Factor Authentication (2FA), which acts as an additional security measure to ensure that the Customer is the only person who can log in to his/her account, even if third parties learn the Customer's password.

‍

3. The above personal data protection measures shall provide: (1) storage facilities for copies of operating systems and databases, control over the maintenance of the copying equipment; (2) technology for the continuous handling of data (data processing); (3) a strategy for the recovery of the systems' functioning in case of emergency (contingency management); (4) a system of individual user identification and password system; a physical (logical) separation of the application testing environment and the state of the operational process; (6) data use with registration and data privacy.
4. The controller shall back up the data in the system. The data shall be extracted from the backup library in accordance with internal procedures and using Amazon Web Services software. In all cases, the data backups shall be kept within the data retention period specified in the Policy.
5. The controller shall also apply other measures to ensure the security of personal data:

‍

1. VPN technology is used to connect remotely to the Controller's internal network and to identify the user by means of a digital certificate;
2. Access to personal data through organisational and technical data security measures that record and control attempts to register and acquire rights shall be adequately controlled;
3. When accessing the database, the following data are recorded for persons who have been granted the right to process personal data: login identifier, date, time, duration, and the result of the login (successful, unsuccessful). The aforementioned records shall be kept for at least 1 (one) year;
4. Protection of the premises where personal data are stored (access to the relevant premises is restricted to authorised persons, etc.);
5. Data is only provided on the basis of requests made after identification; 
6. Steps shall be taken to ensure the use of security protocols and/or passwords when personal data are made available via external data networks;
7. Ensuring security controls over the transmission of personal data to databases via external storage media and email and the erasure of personal data after use;
8. Recording of urgent actions to recover personal data (when and by whom data recovery actions were carried out by automated and non-automated means);
9. Ensure that testing of information systems does not involve the use of genuine personal data, unless organisational and technical measures are in place to protect the personal data and to ensure the effective security of such data;
10. If the laptops are not used in the controller's data network, the personal data contained in such laptops shall be protected by appropriate measures, taking into account the risks involved in the processing.

‍

6. Although the Data Controller makes every effort to protect personal data, we cannot guarantee the complete security of personal data that is shared or transmitted through the website or app. However, once we have received your information, we will apply strict procedures and security measures to prevent unauthorised access. The Controller's employees and partners working with us have signed a written undertaking not to disclose or distribute your personal data to third parties.

7. COOKIES

1. Cookies are small files that are stored on a website user's device when you browse websites. Other technologies such as hotspots, local storage, etc. may be used for similar purposes. Cookies are widely used to enable websites to work or function better and more efficiently. For the purposes of this Policy, all of the above technologies are referred to as cookies.
2. We use cookies to analyse information flows and user behavior, to promote trust and ensure security and to ensure the proper functioning of the website and app, to improve them, to remember the settings you have chosen, to personalise the content you receive and to link you to the website, app or social network accounts.
3. You have the opportunity to choose whether you accept the use of cookies. If you do not agree to cookies being stored on your computer or other device browser, you can tick the option in the cookie consent bar. You can also change the settings of the browser you are using to disable cookies (all at once, individually or in groups). If you wish to refuse cookies on your mobile device, you must follow the official instructions for that device. You can control and/or remove cookies as you wish, and for more information please visit http://www.youronlinechoices.com/ and http://www.AllAboutCookies.org. You can delete any cookies already on your computer. Many browsers can be set up to prevent the use of cookies on your computer. However, if you do this, you may need to manually adjust your options each time you visit a website or app, as some services and functionality may not work.
4. You can choose not to have cookies used on your devices for advertising purposes by visiting Network Advertising's opt-out page at http://www.networkadvertising.org/managing/opt_out.asp.
5. We may use mandatory cookies that are necessary for the operation of the website, analytical cookies, functional cookies to analyse website traffic, to remember user preferences and to adapt them to the website so that we can provide enhanced functionality, performance cookies, third party cookies used by third parties, advertising cookies to provide you with personalised and generic advertisements.
6. In addition, we use products that use cookies:

‍

1. "Google Analytics, which allow you to analyse how your website or app is used, compile reports, plan and predict your activities. "The data collected by Google Analytics is typically stored by Google Inc. in the USA. server. In order to prevent Google Analytics from analysing the information, you can change your browser settings accordingly. In this case, you will enter the website with an opt-out cookie. However, if you remove all cookies, it is possible that the opt-out cookie will also be removed. You can also prevent Google from collecting the data generated by the cookie based on your use of websites or apps and the processing of such data by downloading and installing the browser plugin https://tools.google.com/dlpage/gaoptout?hl=en for this purpose.
2. "Google Remarketing allows you to re-show your ads on websites where Google Inc. partner network. If you do not wish to receive tailored advertisements, you can change your preferences if necessary, at https://www.google.com/settings/ads. In this case, you will be given an opt-out cookie. However, if you remove all cookies, it is possible that the opt-out cookie will also be removed.
3. "The Facebook Pixel is used for remarketing purposes so that we can show you ads for 180 days. This allows us to show you interest-based advertisements (Facebook ads) when you visit Facebook or other websites that use this facility. In this way, we will try to show you interest-based advertisements. For more information on how the Facebook Pixel works, please visit the website https://www.facebook.com/business/learn/facebook-ads-pixel.

‍

7. We use the following cookies: