1. GENERAL PROVISIONS
1. 1. We care about your privacy and personal data security, so we have prepared this privacy policy (the ‘Privacy Policy’), which explains how we process your personal data, your rights, and other information about your data processing.
This Privacy Policy applies when we process your data while providing PET plastic recycling services (the ‘Services’) when we communicate or cooperate with you under the requirements set out in the legislation, and when you visit our website at https://www.greentech-baltic (the ‘Website’), social account pages on LinkedIn at https://www.linkedin.com/company/green-tech-global-s-a (the Social Account Pages – the account managed by GreenTech SA, where we may post news that is important to us), and contact us by phone, email and other electronic communication channels.
1. 2. In this Privacy Policy, the term ‘Personal Data’ means any information or set of information by which we can identify you, directly or indirectly, such as your name, surname, email address, telephone number, etc.
1.3. We process Personal Data according to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, the GDPR), the requirements of legal acts of the Republic of Lithuania, and instructions of supervisory authorities.
1.4. If you are a recipient of the Services or represent such recipient, if you visit the Website, the Social Account Pages, or contact us, we assume you have read and understood the Privacy Policy. If you do not agree to this Privacy Policy, you will not be able to be a recipient of the Services or represent such recipient in your dealings with us, and you will not be able to use the Website or the Social Account Pages.
1.5. The Website and the Social Account Pages may contain links to, for example, our partner websites. This Privacy Policy does not apply to them. Please read the respective privacy policies before submitting your Personal Data to these websites or accepting their offers.
1.6. This Privacy Policy is subject to change; therefore, please visit the Website from time to time to review the most recent version of this Privacy Policy posted therein.
2. WHO ARE WE?
2.1. The controller of your Personal Data is GreenTech Baltic, UAB, a private limited liability company incorporated in the Republic of Lithuania, under legal entity code 304424017, situated at Žarijų g. 8, LT-02300 Vilnius; the company’s data are collected and stored in the Register of Legal Entities of the State Enterprise Centre of Registers (‘GreenTech’ or ‘we’).
3. HOW DO WE GET YOUR PERSONAL DATA?
3.1. We obtain your Personal Data:
3.1.1. directly from you when you provide your Personal Data to us, for example, when you apply for a vacancy offered by GreenTech, enquire via the Website, communicate with us by email or phone, etc.;
3.1.2. by collecting Personal Data when you visit the Website or the Social Account Pages; for example, we may record the history of visits to the Website, the IP address, links opened, etc.;
3.1.3. from other entities, such as a recipient of the Services (who identifies you as a contact person), public registers, state or local government authorities or bodies, our partners, and other third parties;
3.1.4. by collecting Personal Data when you visit our premises, for example, through video surveillance.
3.2. When you provide your Personal Data or the Personal Data of others (e.g. your employees and agents), you are responsible for the accuracy, completeness and relevance of such Personal Data, as well as for informing the person whose Personal Data is being provided or obtaining their consent to provide us with their Personal Data. In some instances, we may ask you to confirm that you are entitled to provide us with Personal Data (for example, when entering into a contract under a power of attorney).
4. WHAT YOUR PERSONAL DATA DO WE PROCESS?
4.1. We process your Personal Data for specific purposes and under the particular conditions provided below:
| Purpose of the Personal Data Processing | Personal Data Processed | Time Limits of the Personal Data Processing | Legal Basis for the Personal Data Processing |
| Provision of Services and administration of contractual/pre-contractual relations arising from these activities | Name, surname, email address, personal identification number (if required), telephone number, position, a person you represent (where you represent a company or other entity), relationship with the person you represent, basis of representation, workplace address, financial records, content of communications, data relating to the Services. | We will process Personal Data during the contract term and ten years after its termination. | Performance of a contract to which you are party or a need to take steps at your request before entering into a contract (Article 6(1)(b) of the GDPR). The legitimate interest pursued by us or by a third party in fulfilling our (their) obligations in a high quality and efficient manner (Article 6(1)(f) of the GDPR). |
| Managing, maintaining and improving the quality of electronic channels for the presentation of information (Website, Social Account Pages). | IP address, data collected through cookies and settings, public information from social network accounts, reactions (‘likes’), and comments. | Website data: according to the cookie retention periods, but no longer than two years. Where the data is not included in cookie information for a maximum of one year from the collection date. Social Account Pages store data following the settings chosen by the social network manager and/or the user. | Your consent to the processing of your Personal Data (Article 6(1)(a) of the GDPR). The legitimate interest pursued by us or by a third party in managing the Social Account Pages and other electronic channels for the presentation of information in a high-quality and efficient manner (Article 6(1)(f) of the GDPR). |
| Sending newsletters and organising performance surveys. | Name, surname, email address, telephone number (if it is decided to send text messages). Data requested for the survey. If communicating via social networks: public information in the survey, reactions (‘likes’), comments. | Three years from the date of consent/data provision. Data from performance surveys: one year from the end of the survey. Social Account Pages store data following the settings chosen by the social network manager and/or the user. If consent is withdrawn before the expiry of the data retention period, the data is processed until the withdrawal of consent. | Your consent to the processing of your Personal Data (Article 6(1)(a) of the GDPR). The legitimate interest pursued by us in maintaining mailing lists of newsletter recipients, analysing aggregated marketing results, and solving problems with the provision of newsletters (Article 6(1)(f) of the GDPR). |
| Consultation on GreenTech services, management of enquiries or feedback submitted via the general GreenTech email address, social networks or other electronic communication channels. | Name, surname, email address, telephone number. Other data (if required or provided by you): position, workplace, address; a represented person and the type of representation, including the content of the power of attorney; public information of the social network account (when communicating via social networks); content of the feedback, enquiry and reply, including attachments and the history of correspondence. | During the communication period and one year after the end of the communication. If consent is withdrawn before the expiry of the data retention period, the data is processed until the withdrawal of consent. If you place an initial order to conclude a contract through an enquiry, the data contained in the enquiry will be stored for the duration of the contract and ten years after its termination. | Your consent to the processing of your Personal Data (Article 6(1)(a) of the GDPR). The legitimate interest pursued by us or by a third party in providing consultation, dealing with enquiries and providing you with a quality service (Article 6(1)(f) of the GDPR). |
| Administration of GreenTech activities, drafting and executing contracts necessary for operations. | Name, surname, personal identification number (if required), signature; business activity data; address, email address, telephone number; position; a represented person (where you represent a company or another entity) and the type of representation; content of the communication. | During the duration of the cooperation/contract and for five years after the cooperation/contract ends. | Performance of a contract to which you are party or a need to take steps at your request before entering into a contract of the GDPR); The legitimate interest pursued by us or by a third party in fulfilling our (their) obligations in a high quality and efficient manner (Article 6(1)(f) of the GDPR). |
| Managing payments for services, accounting, and arrears handling. | Name, surname, personal identification number (if required), signature; business activity data; address, email address, telephone number; VAT payer details; bank account details, payment details; details of payment documents; details of arrears; a represented (where you represent a company or another entity), contact details; content of communication. | Under the General Index of Time Periods Required for Record-keeping (Official Gazette, 17-03-2011, No 32-1534), if applicable; otherwise, following the legislation governing financial operations and accounting. Data outside the scope of the above-mentioned legal acts: for the duration of the contract/cooperation and ten years after the termination of the contract/cooperation. | Performance of a contract to which you are party or a need to take steps at your request before entering into a contract (Article 6(1)(b) of the GDPR). Compliance with legal obligations (Article 6(1)(c)of the GDPR) under the Law of the Republic of Lithuania on Tax Administration (Official Gazette, 28-04-2004, No 63-2243), the Law of the Republic of Lithuania on Financial Accounting (Official Gazette, 28-11-2001, No 99-3515), the Law of the Republic of Lithuania on Financial Reporting (Official Gazette, 28-11-2001, No 99-3516), the Law of the Republic of Lithuania on Payments (Official Gazette, 17-11-1999, No 97-2775), the Law of the Republic of Lithuania on Public Limited Liability Companies (Official Gazette, 31-07-2000, No 64-1914), and other legal acts. The legitimate interest pursued by us in the efficient management of our financial transactions and debts (Article 6(1)(f) of the GDPR). |
| Handling requests, complaints and disputes in and out of court. | Name, surname, email address, telephone number, address, position; a represented (where you represent a company or another entity), and the type of representation; content of the complaint/claim/proceeding; information relating to the dispute/claim. | During the pendency of the dispute/claim, for three years after the end of the out-of-court dispute/claim, and for ten years after the end of the court proceedings. | Compliance with legal obligations (Article 6(1)(c) of the GDPR) under the Civil Code of the Republic of Lithuania (Official Gazette, 06-09-2000, No 74-2262), the Code of Civil Procedure (Official Gazette, 06-04-2002, No 36-1340), and other legal acts. The legitimate interest pursued by us in asserting, exercising or defending our rights and legal claims (Article 6(1)(f) of the GDPR). |
| Organising remote communication events and meetings. | Name, surname, position, profile information (applications used for the meeting), user name, email address, telephone number; date, time, duration, topic, and description of the meeting; IP addresses of participants; information on device/equipment used; recording of the meeting; tile of persons present; correspondence information. | The remote communication data is stored following the settings chosen by the application managers and/or the user. | Your consent to the processing of your Personal Data (Article 6(1)(a) of the GDPR). The legitimate interest pursued by us in ensuring effective communication and business continuity while communicating remotely (Article 6(1)(f) of the GDPR). |
| Evaluating, selecting and managing candidates for a vacancy with a view to future job offers. | Name, surname, email address, telephone number, address, details of education and experience, the content of the CV, and other information collected for the selection and/or assessment of the candidate or provided voluntarily by the candidate. | Personal Data will be processed during the selection period (selection is deemed to be over once the candidate has been selected for the proposed position or a new vacancy has been published) and one year after the selection has ended, provided that the candidate’s consent to the retention of the data after the selection has been obtained (unless consent is withdrawn earlier). | Your consent to the processing of your Personal Data (Article 6(1)(a) of the GDPR). Performance of a contract to which you are party or a need to take steps at your request before entering into a contract (Article 6(1)(b) of the GDPR). |
| Ensuring the security of persons/property, information protection, and the pursuit to investigate and manage illegal behaviour or conflict situations through video surveillance. | Video, person’s image. | Personal Data is stored for up to 14 days from the moment it is recorded. After the retention period, the individual image data will be deleted automatically unless it must be stored for a more extended period. If the retention of the image data is necessary for a more extended period than the retention period (for example, if it is used as evidence in investigations or disputes, if there is a reasoned request from the data subject, etc.), it is retained for the period necessary to achieve the specific purposes of the processing and deleted as soon as it is no longer required. | The legitimate interest pursued by us in protecting persons and property, as well as ensuring safe working conditions for our employees (Article 6(1)(f) of the GDPR). |
| Controlling access to premises or areas ensures the security of persons, property, equipment and information. | Name, surname, position (e.g. when the person is activating/deactivating the alarm), and other information about the access/transit control. | Personal Data is retained for 30 days after each access to the premises and/or areas is recorded. | The legitimate interest pursued by us in protecting persons and property, as well as ensuring the security of equipment and information (Article 6(1)(f) of the GDPR). |
4.2. You have the right to object or withdraw your consent to processing your Personal Data at any time, where such processing is based on your consent.
4.3. Sometimes, we may send you information messages related to the Services. Such notifications are essential for the proper provision of the Services. They are not considered promotional messages.
4.4. You have the right to change and update the information provided to us. In some cases, we must have accurate and up-to-date information relating to you, and we may ask you to periodically confirm that the information we hold about you is correct.
5. HOW DO WE PROCESS DATA ON OUR SOCIAL ACCOUNT PAGES?
5.1. On our Social Account Pages, we post information about the Services and GreenTech activities, and we may post advertisements or communicate with you and respond to your requests.
5.2. Users of Social Account Pages are subject to this Privacy Policy, as well as the privacy policies and terms of use of the operators of the social networks where the Social Account Pages are hosted. When you interact with us on our Social Account Pages and provide certain information (e.g., by messaging us commenting on our posts), we may see your public profile information (name, image, email address, etc.), depending on your privacy settings. This information (for example, a comment you posted) may also be visible to other visitors to a particular Social Account Page, depending on your chosen privacy settings.
6. HOW DO WE USE YOUR PERSONAL DATA, AND WHAT ARE THE PRINCIPLES WE FOLLOW?
6.1. We only collect and process Personal Data necessary to achieve our stated purposes for processing Personal Data.
6.2. In Personal Data processing, we:
6.2.1. comply with the requirements of valid and applicable legislation, including the GDPR;
6.2.2. process your Personal Data in a lawful, fair and transparent manner;
6.2.3. collect your Personal Data for specified, explicit and legitimate purposes and do not process it in a way that is incompatible with those purposes, except to the extent permitted by law;
6.2.4. take all reasonable steps to ensure that Personal Data that is not accurate or complete concerning the purposes for which it is processed is promptly rectified, supplemented or destroyed, and their processing is suspended;
6.2.5. keep the Personal Data under processing in a form which permits your identification for no longer than is necessary for the purposes for which the Personal Data are processed;
6.2.6. do not provide Personal Data to third parties or disclose it other than as set out in the Privacy Policy or applicable law;
6.2.7. ensure that your Personal Data is processed securely by implementing technical and organisational security measures and limiting access to Personal Data to only those of our employees who need such access for their job functions.
7. TO WHOM DO WE TRANSFER YOUR PERSONAL DATA, AND WHEN?
7.1. We may transfer your Personal Data to data processors or recipients who assist us in the performance of our activities:
7.1.1. Providers of financial accounting, CRM and document management services:
7.1.1.1. UAB Archyvita (document management), Lithuania;
7.1.1.2. Private limited company RIVILĖ (financial accounting), Lithuania;
7.1.1.3. SOFTONE OPEN ENTERPRISE SOLUTIONS SRL (business management system), Romania;
7.1.1.4. Orosimo Pliroforiki S.A. (consultancy services for business management systems), Greece;
7.1.1.5. Private limited company SDG (consultancy services on health and safety and other issues), Lithuania;
7.1.2. Marketing and advertising services provider IC Baltic UAB, Lithuania;
7.1.3. Maintenance service provider for security and video surveillance equipment UAB Konfira, Lithuania;
7.1.4. Communication, IT and website management service providers:
7.1.4.1. UAB Bitė Lietuva (communication services), Lithuania;
7.1.4.2. Telia Lietuva, AB (internet provision services), Lithuania;
7.1.4.3. GreenTech SA (IT services), Romania;
7.1.5. Payment and other financial services provider Public limited company Šiaulių bankas, Lithuania;
7.1.6. Cloud and hosting provider GreenTech SA, Romania;
7.1.7. Provider of the whistleblowing channel services Linia Etyki sp. z o. o., Poland;
7.1.8. Insurance brokerage service provider UADBB Rizikos cesija, Lithuania;
7.1.9. Couriers and parcel delivery service providers.
7.2. To publish content on Social Account Pages, we provide Personal Data to the following social networking platform operators:
7.2.1. LinkedIn Ireland Unlimited Company, Ireland, and LinkedIn Corporation, USA (data is transferred following the adequacy decision of the European Commission); as mentioned above, the LinkedIn account is managed by GreenTech SA;
7.2.2. Meta Platforms Ireland Ltd., Ireland, and Meta Platforms Inc., USA (data is transferred following the adequacy decision of the European Commission).
7.3. We may provide Personal Data to law enforcement and pre-trial investigation authorities, courts and other dispute resolution authorities, and other persons performing functions assigned by law under the procedure provided by the legislation of the Republic of Lithuania. We provide these entities with the information required by law or as specified by the respective entities.
7.4. We may also transfer Personal Data, if necessary, to companies that intend to buy or purchase our business or enter into joint ventures or other forms of cooperation with us and companies that we have established.
7.5. As a general rule, we process Personal Data within the territory of the European Union/European Economic Area (the ‘EU/EEA’). However, in some cases, your Personal Data may be transferred outside the EU/EEA. Your Personal Data is transferred outside the EU/EEA based on:
7.5.1. a contract for the processing or provision of data which describes such transfer and includes the standard contractual clauses approved by the European Commission; or
7.5.2. an adequacy decision adopted by the European Commission, which means that the European Commission has recognised the country in which the third party is established or carries out its activities as providing an adequate level of protection for Personal Data; or
7.5.3. a specific authorisation by the State Data Protection Inspectorate to carry out such transfers; or
7.5.4. your consent to the transfer of your Personal Data outside the EU/EEA.
8. WHAT ARE YOUR RIGHTS?
8.1. As a data subject, you have the following rights concerning your Personal Data:
8.1.1. The right to be informed about the processing of your Personal Data and the right of access to your Personal Data, i.e. to obtain confirmation as to whether we are processing your Personal Data and to request access to the processed Personal Data and the related information;
8.1.2. The right to have your Personal Data rectified if it contains inaccurate, incorrect or incomplete information or to have it completed if it is incomplete;
8.1.3. The right to erasure the information we hold about you where there is a basis for deleting the information;
8.1.4. The right to restriction of processing of the information we hold about you where you contest the accuracy of the Personal Data or object to the processing of Personal Data, or where you oppose the erasure of your Personal Data that is being processed unlawfully, or where you need the Personal Data for the establishment, exercise or defence of legal claims;
8.1.5. The right to object to the processing of Personal Data where we process your Personal Data in pursuing our legitimate interests and/or the legitimate interests of third parties (including profiling if we carry out such processing);
8.1.6. The right to receive the Personal Data which you have provided to us based on a contract or consent to the processing of Personal Data, and that we process by automated means in a commonly used and machine-readable format, or to have this data transmitted;
8.1.7. The right to object to a decision taken based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you;
8.1.8. The right to withdraw the consent you have given us for the processing of your Personal Data where we use your Personal Data based on your consent, including where we process Personal Data for direct marketing purposes, including profiling in connection with direct marketing;
8.1.9. The right to lodge a complaint with the National Data Protection Inspectorate.
8.2. We may refuse to exercise your rights when your request is not permitted by the GDPR or other legal provisions, except the right to object to processing Personal Data for direct marketing purposes or in other cases where Personal Data is processed based on your consent.
8.3. If you do not wish to have your Personal Data processed for direct marketing purposes, to organise surveys, including profiling, you may opt out of such processing of your Personal Data without giving any reasons for your opt-out (objection) by sending an email to the following address, or by any other means indicated in the communication provided to you (for example, by clicking on the relevant link in the newsletter).
8.4. If you wish to withdraw your consent to the processing of your Personal Data or exercise any of your rights listed above, you may contact us by email at office@greentech-baltic.lt. To better understand your request, we may ask you to fill in the relevant application form and sign it using an advanced or qualified electronic signature.
8.5. To ensure maximum security, we can only process your request after verifying your identity in some instances. This may include, for example, asking you to provide an identity document or other information.
8.6. We do not usually charge any fee for implementing your rights. However, the law allows us to charge a reasonable fee or refuse to act on your request if it is manifestly unfounded or excessive.
8.7. Upon receipt of your request or instruction regarding processing your Personal Data, we will provide you with a response within no later than one month from the date of the request. We will carry out the actions specified in the request or inform you why we refuse to do so. If required, this period may be extended by a further two months if necessary, depending on the complexity and number of requests. In this case, we will inform you of the extension within one month from receipt of the request.
8.8. If the Personal Data is erased at your request, we may retain copies of the information as necessary to protect our legitimate interests and the legitimate interests of third parties, to comply with the obligations of public authorities, to resolve disputes, to identify disturbances or to perform contractual obligations.
9. HOW DO WE PROCESS DATA FOR THE PURPOSE OF NEWSLETTERS, DIRECT MARKETING, AND QUALITY SURVEYS?
9.1. We may send information about our activities and Services (direct marketing messages) to your email address and/or telephone number if you have given us your consent to do so and if you or the organisation you represent is our client. With your consent, we may also ask you to provide your feedback to assess the quality of our Services, performance and support.
9.2. When sending newsletters, we may collect information about their recipients, such as which message they opened, what links they clicked on, etc. This information is collected based on your consent and is used to offer you relevant and more tailored news.
9.3. Your contact details may be passed on to our partners/processors who create the newsletters or the customer satisfaction surveys.
9.4. If you no longer wish to receive our newsletters, you may cancel the subscription, as described in the electronic messages (for example, by clicking on the link ‘unsubscribe’, etc.) or by contacting us by email at office@greentech-baltic.lt.
9.5. If you withdraw your consent, we will endeavour to stop sending you newsletters immediately, but this may take some time. Since our news campaigns are planned in advance, you may still receive our newsletters one more time, even after withdrawing your consent.
9.6. Withdrawal of consent does not automatically oblige us to destroy your Personal Data or provide you with information about the Personal Data we process, and you should make a separate request for these actions.
10. HOW DO WE STORE YOUR PERSONAL DATA?
10.1. Your Personal Data is processed responsibly and securely and is protected against loss, unauthorised use and alteration. We have put physical and technical measures in place to protect the information we collect from accidental or unlawful destruction, damage, alteration, loss, disclosure, and any other unauthorised processing. Personal Data security measures are determined following the risks involved in processing Personal Data.
10.2. Our employees have signed written obligations not to disclose or distribute your Personal Data to unauthorised third parties.
11. HOW DO WE USE COOKIES AND OTHER TRACKING TOOLS?
11.1. Cookies are small text files stored in the browser or on your device (computer, tablet, mobile phone). In this Privacy Policy, we use the term ‘cookies’ to refer to cookies and other similar technologies, such as Pixel Tags, Web Beacons, and clear GIFs.
11.2. Cookies may be used to analyse information flows and user behaviour, promote trust, ensure the security and proper functioning of the Website, remember preferences, personalise the content displayed, and link the Website to Social Account Pages.
11.3. We may use mandatory cookies that are necessary for the operation of the Website; analytical cookies that analyse the use of the Website; functional cookies that remember user preferences, ensure the smooth and secure operation of the Website, and help us to improve the Website functionality; performance cookies; third-party cookies; and advertising cookies that are designed to show you both personalised and generic advertising.
11.4. List of cookies used on the Website:
| Cookie name | Description/Purpose | Time of creation | Period of validity | Used data |
| wp_lang | Saves the WordPress site language settings during the user’s session. | When you enter the site | Until the end of the browser session | Stores a language code that indicates the user’s selected language |
| wordpress_test_cookie | A temporary cookie used by WordPress to check if the browser supports cookies. Contains no personal information. | When you enter the site | Until the end of the browser session | Does not use personal data |
| pll_language | A cookie from the Polylang plugin that saves the website user’s preferred language settings. | When you enter the site | 1 year | Saves the selected language settings |
| cookieyes-consent | A cookie created using the CookieYes tool stores the user’s choices regarding cookie consent (essential, analytical, advertising, etc.). | Agree/disagree with the use of cookies | 1 year 8 month | Unique identifier |
| _lscache_vary | LiteSpeed Cache cookie, used to optimize website speed and cache page content. | When you enter the site | 2 days | Unique identifier. Language selection. |
| _ga | Google Analytics cookie used to identify unique users. It helps track visitor behavior and analyze website traffic. | When you entered the website, you have provided your consent | 2 years | Unique identifier |
11.5. We also use the following technological tools and solutions that record cookies and store data:
| Name | Purpose |
| Google Tag Manager | Analyse the Website’s popularity. The collected data is transmitted to the US. For more details, see https://support.google.com/tagmanager/answer/9323295?hl=en. |
11.6. Some third parties, such as social network operators, may use their anonymous cookies to tailor the mobile apps or applications they create to your needs. The use of these cookies is out of our control. For more details, please check the third party’s privacy policy.
11.7. On the Website, you can manage cookies (by ticking the options in the cookies bar) or change your browser settings. You can refuse the use of optional cookies, which may result in some website malfunctions and slow down its speed. You should follow the official instructions to manage cookies on your mobile device. For more information on cookies management, please see http://www.AllAboutCookies.org or https://www.google.com/privacy_ads.html and the browser’s help page. You can control advertising cookies on the Network Advertising page: http://www.networkadvertising.org/managing/opt_out.asp.
12. HOW TO GET IN TOUCH WITH US?
12.1. Should you have any questions regarding the information provided herein, please do not hesitate to contact us by email at office@greentech-baltic.lt or by phone at +370 6 604 45 08.
12.2. If you believe your rights under the GDPR have been violated, you can lodge a complaint with our supervisory authority, the National Data Protection Inspectorate. Please visit the Inspectorate’s website (https://vdai.lrv.lt/) for more information and contact details. We aim to resolve all disputes promptly and amicably; therefore, we kindly ask you to contact us first.
13. FINAL PROVISIONS
13.1. If we change this Privacy Policy, we will notify you by posting the updated Privacy Policy on the Website or by other customary means of communication.
