IPrate Privacy Policy

For the purposes of the GDPR, the data controller for IPrate is:
Socialiniai algoritmai, UAB
Company code: 304068578
VAT code: LT100019931317
Email: privacy@iprate.eu

IPrate uses infrastructure and security providers. Depending on the specific service and processing activity, such providers may act as our processors (processing on our behalf) or as independent data controllers for limited purposes (for example, network security and abuse prevention). The only third parties that may act as independent data controllers in connection with the Services are hosting and website security service providers (e.g., Cloudflare and others). Where they act as independent controllers, their own privacy notices apply to that processing.

2.1 Data processed when you visit the website (technical and security data)

We do not collect visitor data beyond what is necessary for website functionality, performance, and security. When you access the Services, we and our hosting/security providers may process limited technical data such as:

• IP address (and approximate location derived from it).
• Device and browser information (user agent).
• Request metadata (time, requested URL, referrer, status codes).
• Security-related identifiers used to detect bots, abuse, and attacks.

2.2 Cookies and similar technologies

We use only strictly necessary (mandatory) cookies and similar technologies required for basic website operation and security. We do not use optional analytics, advertising cookies, or cross-site tracking cookies.

Note: Cookie names and retention periods may vary depending on the security measures in place. If you block mandatory cookies, some parts of the Services may not function correctly.

2.3 Email address and communications

If you voluntarily provide your email address (for example, by registering user account, contacting us, subscribing to updates, or requesting access to materials), we may process your email address and any information you include in your message (such as your name, organization, and the content of your inquiry).

We may use your email for legitimate purposes, including: responding to inquiries; providing service-related communications; and informing you about IPrate products and services, news, and updates. Where applicable laws require consent for marketing messages, we will obtain consent or provide a legally required opt-in mechanism. You can opt out at any time.

2.4 Public data used in IPrate ratings and data

IPrate primarily processes firm data and does not aim to process any individual personal data. IPrate may process personal data that is a small part of official intellectual property records in order to create, maintain, and publish ratings, scores, and related data. This may include, depending on the context, names, roles, professional activities, affiliations, public filings, public applications, public registrations, public legal event data, communication with public offices, and other information made available to the public through public registers, official publications, organizational websites, reputable media, or other open sources.

We obtain personal data from:

• You directly (e.g., when you email us).
• Publicly available sources (e.g., official registers, government sources, court decisions when public, public corporate disclosures).
• Open web sources (e.g., organizational websites and publications).
• Reputable media publications and open data sources.

We process personal data only to the extent necessary for the purposes described below. Our main lawful bases are Legitimate Interests (GDPR Article 6(1)(f)) and Public Interest (GDPR Article 6(1)(e)).

4.1 Website operation, functionality, and security

Purpose: deliver the website, ensure stability, prevent fraud and abuse, and maintain security.
Legal basis: Legitimate Interests (GDPR Article 6(1)(f)).

4.2 Producing and publishing IPrate ratings and related data

Purpose: process publicly available information to create and present ratings and data that inform the general public.
Legal bases: Legitimate Interests (GDPR Article 6(1)(f)) and Public Interest (GDPR Article 6(1)(e)).
We also process data according to the GDPR Article 85 (freedom of expression and information) as applicable.

4.3 Communications and updates

Purpose: respond to you and provide information about IPrate products, services, news, and updates.
Legal basis: Legitimate Interests (GDPR Article 6(1)(f)), and where required by applicable law, consent or another appropriate legal basis.

4.4 Legal compliance and protection of rights

Purpose: comply with legal obligations and protect our rights (e.g., handling complaints, enforcing terms, responding to lawful requests).
Legal basis: Legitimate Interests (GDPR Article 6(1)(f)) and, where applicable, compliance with a legal obligation (GDPR Article 6(1)(c)).

IPrate may process special category data only in limited situations and only to the extent permitted by law. In particular, we may process special category personal data where it has been manifestly made public by the data subject (GDPR Article 9(2)(e)). Where applicable, we also rely on GDPR Article 85 (freedom of expression and information) as implemented in Lithuanian law.

We may share or make personal data available to:

• Hosting and website security service providers (e.g., Cloudflare and others) to deliver and protect the Services.
• IT and infrastructure vendors supporting website functionality (acting as processors where applicable).
• Professional advisers (e.g., lawyers, auditors) where necessary.
• Public authorities where we are legally required to do so or where necessary to protect rights and safety.

We do not sell personal data. We do not share personal data for third-party advertising.

Some of our service providers may process data outside the European Economic Area (EEA). Where personal data is transferred outside the EEA, we use appropriate safeguards such as Standard Contractual Clauses (SCCs) and additional technical/organizational measures where required. You may contact us for more information about safeguards used.

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Typical retention periods include:

• Technical/security logs: typically up to 30 days (may be longer in case of security incidents or abuse investigations).
• Emails and correspondence: for as long as needed to address the request and manage ongoing communications.
• Marketing/update emails: until you opt out or unsubscribe; we may keep a minimal suppression record to honor your opt-out.

Subject to conditions and limitations under the GDPR and applicable Lithuanian law, you may have the right to:

• Access your personal data (GDPR Article 15).
• Rectify inaccurate or incomplete data (Article 16).
• Erase data in certain circumstances (Article 17).
• Restrict processing in certain circumstances (Article 18).
• Object to processing based on legitimate interests (Article 21).
• Data portability where applicable (Article 20).

Where processing is carried out for purposes of informing the general public (GDPR Article 85), certain rights may be limited to protect freedom of expression and information, and to preserve the integrity of public-interest information. We will assess each request on a case-by-case basis.

To exercise your rights, contact us using the details in Section 1. We may request information necessary to verify your identity. If you object to receiving emails about products, services, news, or updates, you can unsubscribe using the link provided in the message (if available) or email us with your request.

9.1 Right to lodge a complaint

You have the right to lodge a complaint with the Lithuanian supervisory authority: Valstybine duomenu apsaugos inspekcija (State Data Protection Inspectorate, VDAI).

We do not use automated decision-making (including profiling) about website visitors that produces legal effects or similarly significant effects. Some IPrate ratings may be generated or assisted by automated processing of public information; they are provided for informational purposes and do not constitute professional advice.

We implement reasonable technical and organizational measures designed to protect personal data, including access controls and security monitoring. However, no method of transmission or storage is fully secure, and we cannot guarantee absolute security.

IPrate Content, including ratings and data, is provided for informational purposes and may contain errors or omissions. We do not guarantee accuracy, completeness, or fitness for a particular purpose. Any use of the Services is at your own risk.

The Services are not directed to children. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact us so we can take appropriate steps.

We may update this Privacy Policy from time to time. The updated version will be posted on the Website with a revised effective date. Your continued use of the Services after changes are posted indicates your acknowledgement of the updated Privacy Policy.