Privacy policy
Date of last revision: 28 March 2025
This platform uses the services provided by Awero, VšĮ, code 302534319, address Šeimyniškių g. 22C-1, LT-09312 Vilnius, Lithuania, (further in the Privacy Policy – “Awero”). Awero is aware of the importance of your privacy and data protection and treats the protection of your personal data very seriously. This Privacy Policy guides you through how Awero will process your personal data in the course of providing its services. By accessing and using this website, you consent to below established provisions of this Privacy Policy.
1. Definitions
1.1 Data controller means Awero, VšĮ code of legal person 302534319.
1.2 Personal data means any information relating to a natural person, referred to as “data subject” who is or can be identified, directly or indirectly, by reference to such data as a personal identification number or to one or more factors specific to their physical, physiological, mental, economic, cultural or social identity.
1.3 Processing of personal data means any operation which is performed upon your personal data, such as collection, recording, accumulation, storage, classification, grouping, combination, alteration (supplementing or rectifying), disclosure, making available, use, logical and/or arithmetic operations, retrieval, dissemination, destruction or any other operation or set of operations.
1.4 Data subject means an individual person whose data is processed by Awero.
1.5 Direct marketing means an activity intended for offering goods or services to individuals by post, telephone or any other direct means and/or inquiring about their opinion on the goods or services offered
2. Collection of personal data
2.1 For the purpose of providing its services, Awero may collect the following personal data directly submitted by the data subject through this website:
2.1.1 Name (optional);
2.1.2 Surname (optional);
2.1.3 E-mail address;
2.1.4 Facebook login data (when selected as login method);
2.1.5 Google login data (when selected as login method);
2.1.6 Date of birth (optional);
2.1.7 Profile picture (optional)
2.1.8 Any other personal data voluntarily submitted by the data subject.
2.2 We will use personal data for providing web services to create, issue and manage digital badges and other achievements in-line with Open Badges standard and other related services. Furthermore, we will use personal data in order to comply with legal obligations applicable to the provision of the said services. Your submission of personal data is voluntary; however, if personal data is not submitted, we may not be able to provide the services you require. We will process only personal data submitted by the data subject and will not collect personal data from any third parties, unless authorized by the data subject. We might share personal data with organizations to enable them to manage activities integral to the platform and used by the data subject.
2.3 Information from Integrated Services like Facebook or Google. Users who choose to login using Facebook Connect or Google account allow Awero to collect Personal Information that is already associated with their social networking account. Users may also have the option of sharing additional information with Awero when choosing to log-in with Facebook Connect or Google account. If you choose to provide such information, during registration or otherwise, you are giving Awero the permission to use, share, and store it in a manner consistent with this Privacy policy.
2.3.1 When using a Google account to login, the following information is collected and used to provide Awero services: name and email of a user to issue digital badges and contacts in Google+ products to share information about earned digital badges and other related information.
2.3.2 When using Facebook Connect to login, the following information is collected and used to provide Awero services: name and email of a user to issue digital badges and connections to share information about earned digital badges and other related information.
3. Cookies
3.1 Like many sites, we use “cookies” to make your browsing experience better. Cookies are files with small amounts of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer’s hard drive. Cookies shall be used for the purpose of authorization (persistent cookies), setting of last used language (persistent cookies) and generation of site’s crash reports (session cookies). Third party applications like Google Analytics shall be used for processing data with cookies. Please note that you have the possibility to disable cookies. The most effective way to do this is to disable cookies in your browser. However, if you do not accept cookies, you may not be able to use some functionality of our Site.
4. GDPR Data Subject Rights
4.1. Right To Be Informed – Article 12
Data subjects have the right to be informed about the collection and use of their personal data both where they are provided directly to a controller and where the controller has acquired it from another source. This information to the data subject must be provided in “a concise, transparent, intelligible and easily accessible form, using clear and plain language.”
4.2. Right to Access – Article 15
Data subjects have the right to access their personal data collected, stored, or used by an organization. The data subjects should be provided with clear and easily understandable information that covers, at least, confirmation on whether a controller is processing their data, the purpose behind such processing, its legal basis, the source of the personal data, the entities with whom the data has been or might be shared, the anticipated duration of storage, insights into how their data is used for profiling and automated decision-making. When personal data is transferred to a third country or to an international organization, details of appropriate safeguards related to the transfer of personal data must be provided to the data subjects.
4.3. Right to Rectification – Article 16
Data subjects are entitled to have inaccurate personal data about them rectified as soon as possible, along with the right to complete any incomplete personal data, including by means of providing a supplementary statement.
4.4. Right to Erasure (Right to Be Forgotten) – Article 17
Data subjects have the right to request the deletion of their personal data under certain conditions, such as when the data is no longer necessary for the purpose it was collected or the consent is withdrawn by the data subject or when the data subject objects to the processing under Article 21(1), and there are no prevailing legitimate reasons that override the processing or the personal data have been processed unlawfully, or the personal data have been gathered for the offer of information society services as outlined in Article 8(1) of the GDPR or the personal data has to be erased to fulfill a legal obligation within EU or Member State law to which the controller is obligated.
4.5. Right to Restrict Processing – Article 18
Data subjects have the right to restrict the processing of their personal data when one of the following applies:
- when disputing the accuracy of personal data till the controller verifies the accuracy of personal data;
- when personal data processing is deemed unlawful, and the data subject opposes erasure, opting for restriction;
- when the controller no longer needs the data but the data subject requires it for legal claims; and
- when the data subject objects to processing, pending verification of the controller's legitimate grounds.
If the processing of personal data is limited due to any of the reasons listed above, the personal data can only be processed further—aside from storage—under specific circumstances. These include obtaining the data subject’s consent, processing for legal claims, protecting the rights of another legal or natural person, or for any important public interest at the Union or Member State level.
4.6. Right to Notification – Article 19
When a controller rectifies, erasures, or restricts the processing of personal data under Article 16, Article 17(1), and Article 18, the controller must communicate these actions to each recipient who received the personal data. However, this communication is not required if it is impossible or involves a disproportionate effort. Additionally, if the data subject requests information about these recipients, the controller must provide that information to the data subject.
4.7. Right to Data Portability – Article 20
The data subject is entitled to receive their personal data, which they have provided to a controller, in a structured, commonly used, and machine-readable format. Additionally, they have the right to transmit this data to another controller without restriction from the initial controller under the conditions outlined in Article 20(1) of the GDPR. This right is applicable when the processing is based on consent (Article 6(1)(a) or Article 9(2)(a)), is necessary for the performance of a contract (Article 6(1)(b)), or is conducted through automated means.
Specifically, when exercising the right to data portability as per Article 20(1) of the GDPR, the data subject has the right to have their personal data directly transferred from one controller to another, provided that it is technically feasible.
4.8. Right to Object – Article 21
Data subjects have the right to object to processing their personal data, particularly in cases where the processing is based on legitimate interests or public tasks. Unless the data controller can provide a clear and convincing justification that supersedes the interests, rights, and freedoms of the data subject or that the processing is necessary for the establishment, exercise, or defense of legal claims, the data controller will no longer be able to process the personal data of the data subject. Certain rights to object should be absolute, particularly in the context of direct marketing.
4.9. Rights Related to Automated Decision-Making and Profiling – Article 22
Data subjects have the right not to be subject to a decision based solely on automated processing, including profiling, which may have legal or similarly significant effects on individuals except if the decision is required for entering into or fulfilling a contract between the data subject and a data controller; is permitted by EU or Member State law that includes appropriate measures to protect the data subject’s rights, freedoms, and legitimate interests; or is based on the explicit consent of the data subject.
4.10. Right to Withdraw Consent – Article 7(3)
Data subjects have the right to withdraw their consent at any time. The lawfulness of processing carried out using consent before its withdrawal is unaffected by the withdrawal of consent. Additionally, the withdrawal should be as easy as consenting.
4.11. Right to Lodge Complaints – Article 77
Data subjects have the right to lodge complaints. In addition to any other administrative or legal remedies, each data subject who believes that the processing of personal information about them violates this Regulation may file a complaint with a supervisory authority, particularly in the Member State where they regularly reside, work, or where the alleged infringement occurred.
5. Content and procedure for exercising the rights of the data subject
5.1 For the purpose of exercising the right specified in paragraph 4.1.2 of this Privacy Policy, the data subject may request that Awero provides them with information pertaining to the sources from which the personal data have been collected, the types of the personal data, the purposes of processing of the personal data, the recipients of the personal data over the past year. Such information will be made available to the data subject after the identity of the data subject has been established by the personnel of Awero. The data subject may be required to provide a copy of their passport or identity card to prove their identity. Having received an inquiry from the data subject regarding the processing of their personal data, Awero will notify whether the personal data to which the inquiry relates are being processed and will furnish the data subject with the requested personal data within 30 (thirty) days from the date of the first inquiry by the data subject. Upon request of the data subject, such personal data may be disclosed in writing and may be made available to the data subject free of charge once per one calendar year. Any charges applicable to the above disclosure may not exceed the costs incurred by Awero in disclosing such personal data.
5.2 If upon review of their personal data the data subject discovers that the personal data contain errors, are incomplete or incorrect, the data subject may contact Awero, who will immediately check the personal data and correct any erroneous, incomplete or incorrect personal data as per data subject’s request and/or suspend any actions related to the processing of such personal data, except storage.
5.3 After data processing actions have been suspended, respective personal data will continue to be stored until they are corrected or destroyed (as per data subject’s request or on expiry of the storage period). Any other processing actions may be performed on such personal data only:
5.3.1 for the purpose of proving the fact that processing actions with regard to such personal data have been suspended;
5.3.2 if the data subject gives their consent to proceed with the processing of their personal data;
5.3.3 if the rights or legitimate interests of third parties need to be protected.
5.4 Awero will immediately notify the data subject of any correction, destruction of personal data or suspension of personal data processing actions done or not done on the basis of the data subject’s request.
5.5 Upon receipt of the data subject’s request, personal data will be corrected and destroyed, or personal data processing actions will be suspended, or requests to exercise other rights of the data subject will be complied with if documents evidencing the identity of the data subject are provided.
5.6 Upon identification of the data subject, the copy of the document evidencing their identity will be permanently and irreversibly destroyed.
5.7 To exercise their rights, the data subject will need to submit a relevant request to Awero by e-mail or by post.
5.8 Awero will ensure that all information is provided to the data subject in a clear and understandable manner.
5.9 Awero will ensure that all other rights, guarantees and legitimate interests of the data subjects established by applicable data protection laws of the European Union are respected.
6. Changes to the Privacy Policy
6.1 If we decide to change our Privacy Policy, we will post those changes on this page. The rules on changing the Privacy Policy are the same as the rules on changing Terms of Service.
7. Contact details
7.1 To exercise your rights or submit queries related to other issues concerning data protection, please send us an e-mail to info@awero.org.