Privacy Policy | Attico International

Privacy Statement

updated: 28.08.2025

This Privacy Statement (hereinafter, the Policy) governs the processing of personal data of users of ATTICO INTERNATIONAL, UAB (hereafter, Attico) products and services including its websites (hereafter, collectively “the Services”).

We attach great importance to the protection of your personal data, so take a moment to find out more about our Privacy Policy and contact us if you have any questions.

Scope

This Policy shall govern any interaction between Attico and users related to personal data when you:

  • use our website – attico.io.
  • purchase and further use of our services.
  • reach us with your questions and enquiries or interact with us in any other form.
  • apply for our open vacancies.

This Policy neither governs nor determines the rights and obligations of third parties. It also does not apply to third-party applications or software available to users for integration with the Services. Thus, if you integrate any third-party applications with our Services, we will not be able to control how such applications and tools process your personal data.

Please do not use the Services if you do not agree with the provisions and scope hereof.

Who determines the purposes and means of personal data collection?

The purposes and means of how your personal data is collected in these services are determined by the following legal entity:

ATTICO INTERNATIONAL, UAB
Aludarių g. 5-52, Vilnius, Lithuania
email: hello@attico.io

Personal Data We Collect

Personal data is any information that could enable direct or indirect identification of a person (e.g., their name, passport details, online identifier, etc.).

In accordance herewith, personal data may be collected both directly and indirectly.

(1) Personal data are collected directly when you provide them voluntarily (e.g. when registering in the Services).

(2) Indirect collection of personal data may occur automatically when accessing the Services. For example such a personal data collecting will occur when we receive your personal data from third parties (e.g. our analytics partners) or via cookies.

The personal information we collect varies based on your interactions with our website and other services. The categories of data we may gather include:

  • Service Usage Data – your interactions with our website, including navigation patterns, feature usage, and session activity.
  • Feedback Form Data – your contact information as well as details shared when you reach out with your enquiry, such as your messages and any relevant information needed to address your inquiries.
  • Marketing Data – your contact details, your subscriptions to our newsletter as well as your other marketing preferences.
  • Recruitment Data – your CV, cover letter as well as all other recruitment information that will help us to understand your qualifications.

We may collect certain sensitive personal information and only use it for permitted business purposes. You may have the right to limit our use of this information.

Data Processing, Storage and Protection

“Processing” is understood as at least one of the following: storage, modification, retrieval, disclosure, structuring, use, destruction as well as any other action with respect to your personal data.

When it comes to application processing purposes as well as respective legal bases, we process your personal data as follows.

Data typePurposesLegal BasisRetention periodSource
Service Usage DataTo improve the quality of our Services including our website.We rely on your active consent to process this category of your personal data.Up to calendar 26 months.Directly from you and from our partners including through cookies.
Feedback Form DataTo answer your requests and enquiries that you are sending to us via the feedback form on our website.We rely on our legitimate interest to answer your requests that you are sending to us via the feedback form on our website.3 calendar years after last interaction.Directly from you.
Marketing DataTo send you our newsletters if you are subscribed to it as well as to send marketing communications and to display advertisements in our services.We rely on your active consent to process this category of your personal data.Until you withdraw your opt-in.Directly from you and from our partners including through cookies.
Recruitment DataTo assess your qualifications within our recruitment procedure.We rely on taking steps prior to entering into an (employment) contract.Until the recruitment decision is made (i.e., until you are either accepted or rejected for the position).Directly from you and from professional social media (e.g., LinkedIn).

We also might process your personal data to comply with applicable legal, regulatory, or contractual obligations, including responding to lawful requests and enforcing our Terms of Service.

Subject to data anonymisation, your personal data may be used by Attico for any other purposes. This allows us to both strictly respect the data protection rights of our users, and not to lose the value of the user experience that they have shared within the Services.

We do not not use any other automated decision-making tools in personal data processing. Automated decision-making tools primarily include those systems that process your personal data without human intervention to make decisions that may have potential legal consequences for you.

Your personal data will be stored on the servers of our counterparties that we are using for operating our Services.

Employees of Attico shall also take all necessary organisational, legal and technical measures available to us for protection of your personal data. Users of the Services shall also be responsible to the maximum possible extent for the provision of accurate account details, keeping passwords and any other information required for authorisation confidential and its protection from unauthorised access by third parties.

Any personal data collected and processed hereunder shall be properly protected unless:

(1) you consent to their disclosure;
(2) such personal data are anonymised;
(3) such personal data are subject to disclosure under the applicable law.

We will do our best to keep your personal data protected. However, despite any possible measures taken on our part, we cannot guarantee full protection of the Services against information security risks.

Transfer and Disclosure

A number of third parties may have access to your personal data - processors, services of which we use in order to constantly improve our Services, as well as provide you with the opportunity to use all its functionality.

For the list of our current processors we kindly refer you to our List of Processors.

To ensure the provision of our services, your personal data may also be transferred to a legal entity created after reorganisation of Attico should it be necessary.

Please note that disclosure of your personal data may be required in accordance with the law and judicial procedures or at the request of public bodies of the country of your stay or other countries.

Your personal data will be disclosed if it is necessary for the purposes of national security, law enforcement, protection of the rights and legitimate interests of Attico and third parties or for other substantial public interest purposes.

​​Below, we describe the categories of personal information we have disclosed in the past 12 months and the categories of third parties with whom that information may be shared.

Categories of Personal Information Disclosed:

  • Identifiers (e.g., name, email address, IP address)
  • Commercial information (e.g., purchase history, interactions with our services)
  • Internet or other electronic network activity (e.g., browsing behavior, device information)
  • Geolocation data (if collected)
  • Inferences drawn from other personal data (e.g., preferences, interests)

Categories of Third Parties to Whom We Disclose Personal Information:

  • Service providers (e.g., hosting providers)
  • Marketing and advertising partners
  • Analytics providers
  • Affiliated companies and business partners
  • Legal, regulatory, or law enforcement entities when required by law

We disclose personal information only for the purposes described in this Privacy Policy, such as to operate and improve our services, comply with legal obligations, protect against fraud and misuse, and as described above.

Children's Personal Data

To the extent to which it is not prohibited by the applicable law, we do not authorise the use of our Services by individuals who have not reached the age of full legal capacity in accordance with the legislation of the country of their citizenship. We do not collect and process (at least knowingly) their personal data without the consent of their legal representatives.

Special Provisions Applicable to the Residents of USA

The following provisions apply specifically to individuals residing in the United States, in accordance with applicable federal and state privacy laws. These provisions describe our practices related to the collection, use, disclosure, and potential sale of personal information, with a particular focus on the rights of California residents under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).

Under the CCPA and CPRA, “sell” and “sale” refer to the transfer, disclosure, or making available of a consumer’s personal information to a third party for valuable consideration. This does not necessarily involve a direct monetary exchange but may include other forms of benefit.

We do not sell personal information in the traditional sense. However, we may allow Service Providers to process personal information for business purposes such as advertising, marketing, and analytics, which may be considered a “sale” under CCPA/CPRA.

In the past twelve (12) months, we may have sold the following categories of personal information:

  • Identifiers
  • Personal information categories listed under the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
  • Commercial information
  • Internet or other similar network activity

The categories listed above align with CCPA/CPRA definitions. This does not mean that all types of personal information within these categories were sold, but rather that some data within these categories may have been shared in exchange for value.

Your rights regarding the collection and use of your personal information are governed by the privacy laws applicable to your place of residence, including the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), and similar state laws such as those in Virginia, Colorado, Connecticut, and others.

Depending on your state of residence, you may have the following rights:

  • Right to Know: You may request information about the categories and specific pieces of personal information we collect, use, disclose, and share.
  • Right to Delete: You may request that we delete personal information we have collected from you, subject to certain exceptions.
  • Right to Correct: You may request that we correct inaccuracies in your personal information.
  • Right to Opt-Out of Sale or Sharing: You may opt out of the sale or sharing of your personal information, if applicable.
  • Right to Limit Use of Sensitive Personal Information: In certain states, you may request to limit our use or disclosure of sensitive personal information.
  • Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your privacy rights.

Special Provisions Applicable to the Residents of the European Economic Area

The following provisions apply specifically to individuals residing in the European Economic Area (EEA) and are intended to comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws. These provisions describe your rights regarding the collection, processing, and use of your personal information, as well as the choices available to you for managing your privacy.

Depending on your place of residence, you may have the following rights:

  • Right of Access: You may request confirmation as to whether we process your personal data and, if so, obtain a copy of that data along with information about how it is used.
  • Right to Rectification: You may request that we correct inaccuracies or complete incomplete personal data concerning you.
  • Right to Erasure (“Right to be Forgotten”): You may request that we delete your personal data, subject to certain legal exceptions.
  • Right to Restrict Processing: You may request that we limit the processing of your personal data under certain circumstances.
  • Right to Data Portability: You may request to receive your personal data in a structured, commonly used, and machine-readable format, and to have that data transmitted to another controller where technically feasible.
  • Right to Object: You may object to the processing of your personal data on grounds relating to your particular situation, including the right to object to processing for direct marketing purposes.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates applicable data protection laws.

Exercising User Rights

To exercise any of your rights under applicable laws or if you have any questions related to your personal information, please contact us at hello@attico.io.

Please note that Attico may need to verify your identity before fulfilling your request. If we are unable to fulfill your request, we will explain the reasons why. If we deny your request, you may appeal our decision by contacting us at the same email and stating “Privacy Request Appeal” in the subject line.

We will typically respond to your request within 30 calendar days from the date we receive it. If we need more time (up to an additional 60 days in the case of EEA residents and up to 45 days in the case of USA residents), we will inform you of the reason and extension period in writing.

Final Provisions

This Policy may be amended and (or) modified at any time of the Services operation. In this case, a notice with information about the changes accompanied by the new version of the Policy and date of its adoption will be published in the Services. The User of the Services must read and acknowledge the new version hereof.

The Policy is an agreement between us and the User about the use of the Services. Any other pre-existing written or oral agreements or arrangements with respect to such use are hereby canceled.

If any provision hereof is invalid or unenforceable, other provisions shall remain valid and enforceable to the fullest extent permitted by applicable law.

Failure to enforce your strict compliance herewith cannot be construed as our waiver of any provision hereof or any right hereunder.