Privacy notice

Please also read the terms and conditions of use.

Please also read about the use of cookies.

Please also read the terms and conditions of ordering.

1. General Information

In this privacy policy (hereinafter referred to as the "Privacy Policy"), we provide you with information on how Star Cloud OÜ (hereinafter referred to as "Star Cloud") and UAB "Biznio mašinų kompanija" (hereinafter referred to as "BMK", collectively referred to as the "Partners") manage and process your (i.e., Customer's) personal data (hereinafter referred to as "personal data" or "data") when you visit the website www.opiq.lt (hereinafter referred to as the "Website") and when you directly use the services of the Opiq platform (hereinafter referred to as "Opiq").

The Partners process your data:

  • Browsing the website www.opiq.lt;
  • Ordering Opiq in online shops;
  • Uploading and editing educational materials available on Opiq websites;
  • Registering on Opiq and becoming a registered user;
  • For other purposes mentioned in this Privacy Policy.

Customers are considered to be registered users (those who register on the Opiq platform and thus create their account) or non-registered users (those who do not create an account on the Opiq platform but visit the Website, including visitors to the Opiq online shop). Registered users can have different roles according to account functions, such as Teacher, School, Student, Student's parents, Private user.

When your data is managed by other controllers (e.g., school), their specified terms of personal data processing apply. For more information on these terms, please contact the data controller. If the Partners, as providers and administrators of the Opiq platform, are data controllers (e.g., when visiting the Opiq website www.opiq.lt or when directly contacting us), the Partners process data according to a mutual data management agreement.

We emphasise that Opiq is an information society service based on an explanation provided in the Law on Information Society Services.

2. About the Partners

The provider of Opiq is Star Cloud OÜ (hereinafter referred to as "Star Cloud"), legal entity code 12731921, registered address Harju County, Tallinn, Kesklinna district, Pikk tn 68, 10133, Estonia, e-mail info@opiq.lt, tel. +372 5323 7793, company data stored and maintained in the Estonian Commercial Register.

The administrator of Opiq is UAB "Biznio mašinų kompanija", legal entity code 122266912, registered address J. Rutkausko g. 6, LT-05132 Vilnius, email info@bmk.lt, tel. +370 5212 5559, company data stored and maintained in the Register of Legal Entities of the Republic of Lithuania.

For questions regarding data protection, please contact info@opiq.lt.

3. What is Personal Data?

Personal data is any information collected by the Partners about the Customer, which can be used to identify the Customer and is stored electronically.

Personal data includes any information, including the Customer's name, surname, address, IP address, actions performed on the Opiq platform, and other information collected by the Partners for the purposes specified in this Privacy Policy when you visit the Opiq platform.

You can find Opiq user instructions based on roles HERE.

The processing of personal data on the Opiq platform is based on the fulfillment of legal obligations (as a publisher of educational literature, based on Article 20(4) of the Law on Primary and Secondary Schools), a contract with the Customer – data subject, as well as the legitimate interest in properly providing Opiq services and user consent if the law requires obtaining user consent (primarily in the case of direct marketing communications).

When using Opiq, information about user operations is generated and stored on Partners servers.

4. How Do We Collect Your Data?

How we collect your data depends on the services we provide to you or the nature of our cooperation.

Partners process data:

  • Received directly from the data subject (you), e.g., when you send us inquiries or messages, create a registered user account, provide your email address to receive newsletters, etc.;
  • Generated when you use Opiq services, e.g., searching for textbooks, performing tasks on the Opiq platform;
  • Received from other sources, e.g., from schools.

5. Personal Data Processed in Providing Services

We process your personal data only when we have a legal basis and only in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EB (hereinafter referred to as the "BDAR"). When we collect personal data, we will inform you about the data controller and their contacts, the contacts of the data protection officer, the purposes of personal data processing, the legal basis, the duration of data processing and storage, the categories of personal data processed, the recipients of personal data or their categories (if applicable), information about automated decision-making, including profiling (if such decision-making applies), information about data transfers to third countries (if applicable), and data subjects' rights.

Categories of data subjects Purpose of data processing Personal data processed Term of data processing Basis for data processing
Private individual - private user, school-appointed administrator, student, parent/guardian, teacher, author. User authentication ID, name, e-mail address, authentication key. Ten years after the contract is signed Contract Article 6(1) GDPR Point B
Private individual - private user, school-appointed administrator, student, parent/guardian, teacher, author. Creating and managing a user account Name, e-mail address, phone number, equipment, role, subjects, study groups, user’s educational institution and year of study, other user's invitation + inviting party’s details, duration of use of the service and user’s IP address.
Opiq licence.		 Ten years after the contract is signed Contract Article 6(1) GDPR Point B
Private individual - private user, school-appointed administrator, student, parent/guardian, teacher, author. Contract implementation
Contract implementation relating to the information of the author of the training material		 User added study material (file, text), answers to exercises in the study material, notes and comments added to the study material.
Information on student achievement (student responses, feedback based on automated checking, teacher feedback via correction, grading or other means). Created/changed study logs. Information on study materials used, exercises and bookmarks in study materials.		 Ten years after the contract is signed Contract Article 6(1) GDPR Point B
Private individual - Opiq user Use of website services, accounting Accounting data (invoices isseud to and paid by private users, by name and date of validity of licences).
In the case of use of a payment service, the user’s bank account number.		 Five years from the transaction Contract GDPR Article 6(1) Point B,
Legal obligation Art. 6(1) GDPR Point C
Legitimate interest Article 6(1) GDPR Point F
Opiq users Opiq platform security assurance, administration, improvement Records of the user transactions such as browsing history, browser information, search history, analytical metrics, country. Usage history of interactive components. Recordings are made in the Confluent Cloud Kafka user transaction log Five years after the record was made Legitimate interest Article 6(1) GDPR Point F
Opiq users Technical logging of user transactions in Microsoft Azure Insight Maintaining user logins and activity logs in the Opiq system security logs.
Also filling in records of usage, browser information, error messages, IP address, country in the Opiq system security logs.		 One year after the record was made Legitimate interest Article 6(1) GDPR Point F

6. Direct Marketing

We use your personal data to send Opiq newsletters, information about products and services, events organised by us, as well as newsletters and other communications. We process your personal data for direct marketing purposes in the following cases:

  • When you are our customer and have not objected to the processing of your data for direct marketing purposes related to similar goods and/or services (legal basis for data processing - legitimate interest in informing our customers about our offered products and/or services);
  • When we receive your prior consent for such data processing (legal basis for data processing - your consent).

The following categories of personal data are processed: name, surname, company name (if applicable), email address, phone number.

Personal data is processed until:

  • You object to the processing of your data for direct marketing purposes related to similar goods and/or services or
  • You withdraw your consent, or no longer than 2 (two) years from the date of receipt of your consent.
Categories of data subjects Purpose of data processing Personal data processed Term of data processing Basis for data processing
Visitors to the Opiq online Direct marketing of an online shop on the Opiq platform Sending promotions and discount offers via electronic channels only for Opiq products and services only (name, e-mail, Opiq environment). Marketing Legitimate interest Article 6(1)(F) GDPR
Consent Article 6(1) GDPR A p.

You have the right to opt out of receiving direct marketing messages at any time by contacting us via email: info@opiq.lt.

7. Inquiry Management

Categories of data subjects Purpose of data processing Personal data processed Term of data processing Basis for data processing
Opiq website visitors Managing and dealing with enquiries sent to the User Support Service History and content of requests sent to User Support, sender's name, IP address. 3 (three) months after submitting the response to the request. Agreement, consent GDPR Article 6(1)(a) and (b)

8. Opiq Online Shop Account and Online Purchasing

The electronic shop on the Opiq platform is intended for registered users: e.g. school administrators, teachers, pupils, private users.

When creating your account to purchase goods and services, your personal data is processed in accordance with this Privacy Policy.

The following personal data is processed: name, surname, email address, phone number (for two-factor authentication), if the account is for a school representative – name, surname, email address, phone number (for two-factor authentication), company name, company code, company address (optional), VAT payer code (optional).

The basis for data processing is the legitimate interest in fulfilling the mutual contract (if the account holder is a legal entity) or a contract with the data subject (if the account holder is a natural person).

Information is processed in the eShop system to fulfill contractual obligations: deliver purchased goods to the address provided by you, resolve warranty service issues, as well as for legal interest protection and defense purposes.

This data is stored for no longer than 2 (two) years from the date of the last login by you (i.e., account holder or authorised representative of the company) or the date of the last transaction (whichever is later), after which it is anonymised.

In addition, data from the eShop is automatically transmitted to the Partners' and payment service intermediaries' business and financial accounting systems, where it is processed on the basis of legal obligations and legitimate interests to properly implement the contract, issue and send VAT invoices, communicate with the customer, fulfill warranty obligations, as well as for legal interest protection and defense purposes. Data in the business and financial accounting system is processed until the end of the contract validity and stored for 10 (ten) years after the end of contractual relations (legal requirements and internal regulations regarding archiving).

9. Disclosure of Personal Data

Access by registered users to personal data held by Opiq is restricted according to roles. The detailed actions of personal data processing that each registered user can perform and the personal data they have access to based on their role are specified in the User Instructions HERE.

10. Transfer of Personal Data

We do not sell, trade, or otherwise transfer your personal data to third parties. Our employees have access to your personal data only to the extent necessary to performe their duties to ensure that Opiq services are properly provided.

Exceptions are reliable third parties who help us oversee our website or provide services to you, if these third parties agree to keep the information confidential and not use it for purposes other than those specified in this Privacy Policy. Such service providers cannot use your personal data for any other purposes and cannot shop your personal data longer than necessary for proper service provision.

Recipient categories Purpose
Service providers

We cooperate with service providers who offer additional functionalities necessary for the proper operation of Opiq. Our collaboration partners also include providers of the technical solutions essential for Opiq's functioning and providers of security services for these solutions.

Providers:

  1. AgileWorks AS; www.agileworks.eu
  2. Microsoft Azure (Cloud Computing Platform & Services), azure.microsoft.com/en-us
  3. ElasticSearch, www.elastic.co
  4. SendGrid, sendgrid.com
  5. Confluent Cloud Kafka, www.confluent.io
  6. Maksekeskus AS, www.maksekeskus.ee. Maksekeskus AS, as a data processor, receives personal data necessary for processing payments, if a bank link or credit card is used for payment of the licence fee for the use of educational materials. Maksekeskus AS is the data controller for personal data processed by Maksekeskus AS to fulfill its legal obligations or satisfy further business interests. You can find the privacy policy of "Maksekeskus AS" here.
Recipients of law-based data
  1. Information Required for Civil, Administrative, or Criminal Proceedings (Court, Police, or Other Competent Investigative Institution)
  2. Local government institutions may use the Opiq statistical workstation "OpiqStat", which provides aggregated statistical data about the usage of specific materials or, for example, by subjects, but does not provide users' personal data.

International Transfer

Some of our processing of your personal data is carried out using cloud solutions. This means that in certain cases, some data may be transferred outside the European Union. Personal data is transferred outside the European Union in compliance with the requirements of the Law on Legal Protection of Personal Data. Data protection equivalent to the level guaranteed in the European Union is ensured under standard contract terms (SCC).

11. Cookies

A cookie is a small file made up of letters and numbers that we store on your browser or your computer's hard drive with your consent. For different purposes, we use different cookies. Cookies also help us distinguish you from other users of the website, thus ensuring a better website experience and allowing for the improvement of the website. The use of cookies policy with detailed information is provided HERE.

12. Security of Your Personal Data

Your personal data will be processed in accordance with the Law on Legal Protection of Personal Data of the Republic of Lithuania and other legal requirements.

When processing your personal data, we implement organisational and technical measures to ensure the protection of personal data from accidental or unlawful destruction, alteration, disclosure, leakage, loss, as well as from any other unlawful processing.

Our partners use the latest cloud technologies and apply the highest security requirements. Among other things, we use access control management, authentication services, data encryption, security testing, etc. For more information on the application of security measures, please contact info@opiq.lt.

13. Data Subject Rights

If you want to obtain more information about your rights or exercise them, please contact us at this email address: info@opiq.lt.

Based on the Law on Legal Protection of Personal Data, you have certain rights related to the processing of your personal data:

  1. Right to access data: You have the right to know who processes your data, from what sources the data is obtained, and what personal data is processed.
  2. Data portability: You have the right to request that the personal data collected about you be provided in a machine-readable format so that it can be transferred to another service provider whose services you may want to use in the future.
  3. Right to be forgotten: You can request the deletion of your personal data if you no longer want your personal data to be processed and and if the data controller has no justified reason to use the data.
  4. Right to restrict processing/oppose: You always have the right to restrict or prohibit the processing of your personal data under certain conditions. If there is a serious reason, you can also refuse to allow your data to be processed based on legitimate interest.
  5. Data correction: You always have the right to correct or supplement your personal data if the data is inaccurate and if the inaccuracy may effect you.
  6. Right to withdraw consent: If you have given consent for the processing of your personal data, you can withdraw that consent at any time.

We will respond to your reasonable requests within thirty days. If your request concerns personal data whose controllers we are not, we will transfer your request to the data controller.

If you want to obtain more information about your rights or exercise them, please contact us at this email address: info@opiq.lt.

14. Other Important Information

If you believe that your rights as a data subject are or may be violated, please immediately contact us with a complaint at the email address: info@opiq.lt. We assure you that upon receipt of your complaint, we will contact you within a reasonable period and inform you about the progress of the complaint investigation, and later - about the result of the complaint.

If you are not satisfied with the results of the investigation, please note that you may submit a complaint to the supervisory authority - the State Data Protection Inspectorate (contacts: address L. Sapiegos str. 17, 10312 Vilnius (entrance from the left side), email ada@ada.lt, phone (8 5) 271 28 04, 279 1445, https://vdai.lrv.lt/lt/).

15. Responsibility

You are responsible for ensuring that the data you provide to us is accurate, correct, and comprehensive. If your provided data changes, you must inform us immediately by changing the relevant data in the registration form or, if the data is not specified in the registration form, by informing us via email at info@opiq.lt.

In any case, we will not be liable for any damages caused to you due to your provision of incorrect or incomplete personal data or failure to inform us of changes to them.

16. Changes to Privacy Policy

We may update or change this Privacy Policy at any time. Such updated or amended Privacy Policy shall take effect upon its publication on our Website. We recommend that you regularly review the latest version of the Privacy Policy. Upon updating the Privacy Policy, we will inform you about, in our opinion, the essential changes by publishing them on the Website.

The last update of the Privacy Policy was made in 2024.06.

Privacy notice
Please wait