Endpoint UAB Privacy & Cookie Policy

Last updated on December 4, 2023


This Privacy Policy governs the manner in which Endpoint UAB (henceforth, “Endpoint”/ “us”) collects, uses, maintains and discloses information collected from users (each, a "User"/ “you”) of the www.lexascan.com website ("Website" or "Site").

This Privacy Policy applies to the Site and all products and services offered by Endpoint UAB. This Policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand the types of information we collect from you, how we use that information and the circumstances under which we might share it with third parties. By visiting and using our website you are accepting and consenting to the practices described in this Policy.

For the purpose of the relevant data protection legislation, the data controller is Endpoint UAB, company number 306641311, registered office address at Žalgirio g. 88, Vilnius, Lithuania.

Endpoint UAB fully complies with the General Data Protection Regulation (“GDPR”). If you require further information on your rights under the GDPR, please visit the Data Protection Instectorate’s website at www.ada.lt.


We may collect and use the following data about you, depending on whether you are:
  • A visitor of our Website using any of our services, such as Sanctions screening tool;
  • An employee or contractor of Endpoint;
  • A prospective client of Endpoint whom Endpoint has identified through its market searches and/or contacts as possibly interested in our services;
  • a prospective client of Endpoint who requested our services to use either personally or on behalf of his/her organisation as an employee, contractor, officer or other authorised representative;
  • an existing client of Endpoint and, where applicable, its employee, contractor, officer or other authorised representative;
  • a former client of Endpoint and, where applicable, its employee, contractor, officer or other authorised representative;
  • our business partner or introducer and, where applicable, its employee, contractor, officer or other authorised representative.

Information you give us. You may give us information about you by filling in forms when registering or using our Services or via correspondence, e.g. email or telephone. The information you give us may include your name and surname, email address. By registering an account on our website you agree to provide us with the information.

Information we collect about you. This includes details of the transactions you carry out when using our Services, geographic location from which the transaction originates and the Internet protocol (“IP”) address used to connect your computer to the Internet, Uniform Resource Locators (“URL”) clickstream to, through and from our Website, and technical information such as your browser type and version, time zone setting, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs), browser plug-in types and versions, operating system and platform, as well as usernames and passwords.


We may use the information collected for the following purposes:
  1. To carry out our obligations relating to your contracts with us and to provide you with the information, products and services that you request from us- article 6.1.b of the GDPR;
  2. To comply with any applicable legal and regulatory requirements- article 6.1.c of the GDPR;
  3. To notify you about changes to our Services- article 6.1.f of the GDPR;
  4. To improve, administer our Services and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes- article 6.1.f of the GDPR;
  5. To measure or understand the effectiveness of advertising we serve and to deliver relevant advertising to you- article 6.1.f of the GDPR;
  6. To keep our Website safe and secure- article 6.1.f of the GDPR;
  7. To establish, exercise or defend our legal rights, including where we reasonably consider it is in our legitimate interests- article 6.1.f of the GDPR.


Personal data is processed both manually and electronically in accordance with the above-mentioned purposes and in compliance with current regulations.


We may share your personal information with our group companies where it is in our legitimate interests to do so for internal administrative purposes (for example, ensuring consistent and coherent delivery of our services to our customers, corporate strategy, compliance, auditing, monitoring, quality assurance, improvement of our services, statistical purposes etc).


We do not transfer personal data outside of the European Union (“EU”). In cases where we decide to do so, we would take measures designed to provide the level of data protection required in the EU, including ensuring that data transfers are governed by the requirements of the Standard Contractual Clauses adopted by the European Commission, or another adequate transfer mechanism.


We adopt appropriate data collection, processing, storage, and data security measures to protect against unauthorised access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our Site. Our data processing technologies are professionally hosted by a company that specialises in hosting solutions. When you provide sensitive information to us, we encrypt the transmission of that information using secure socket layer technology (SSL). We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Website; any transmission is at your own risk. Once we have received your information, we use strict procedures and security features to prevent unauthorised access.

All data is stored encrypted in the database format and the minimum is kept as required by applicable laws and regulations, as well being securely destroyed when data is no longer necessary for the purposes of the data processing.


Your rights in relation to your personal information processing are as follows:
  1. Right of access. You have a right of access to any personal information we hold about you. You can ask us for a copy of your personal information; confirmation if your personal information is being processed by Endpoint; details about how and why we process your personal information; details of measures we implement if we transfer your information outside of the European Economic Area (EEA).
  2. Right to update your information. You have a right to request an update to any of your personal information which is out of date or incorrect.
  3. Right to delete your information. You have a right to ask us to delete any of your personal information which we are processing, where we are not required by law to retain it.
  4. Right to restrict use of your information. You have a right to ask us to restrict the way we use your personal information, e.g. for marketing and advertising.
  5. Right to data portability. You have a right to request us to provide your personal information to a third party provider of service.
  6. Right to object. You have a right to object to data processing where we process your personal information on the basis of your consent or our legitimate interest.
  7. Right to withdraw consent. For the processing activities where we have asked you for consent, you have the right to withdraw your consent at any time
  8. Right to be informed. You have the right to be informed why and how we collect your personal data, how we will use this information, who we share it with, what are the security measures we take to protect this information and what your individual rights are.
  9. Right to not be subject to automated decision making, including profiling. Subject to exceptions, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. Automated decision-making takes place when an electronic system uses personal data to make a decision without human intervention. We do not envisage (i) that any decisions will be taken about you using solely automated means, and/or (ii) that we will undertake any profiling of your personal data. However, we will notify you in writing if this position changes and will inform you of your rights as required by the applicable law.

To execute your GDPR rights please contact us via email [email protected]. We'll acknowledge the receipt of your request shortly and respond to your request within 30 calendar days, unless we tell you we are entitled to a longer period allowed by applicable law.

However, please note that certain personal information may be exempt from such requests in certain circumstances, for example if we need to keep using the information to comply with legal requirements and our own legal obligations or to establish, exercise or defend legal claims.

If a customer’s request is manifestly unfounded or excessive, we reserve the right to refuse to act on the request or impose an administrative fee. If you think your rights are not fulfilled properly, you can always contact us at [email protected]


Our Website uses text files, known as cookies, to track how you use our site and products. We put them on your browser, when you visit our site, and use them to recognise you as well as to store information in between visits. By using LexaScan’s Website you consent to the use of cookies in accordance with the privacy policy of the Website.

With cookies we can give you a better browsing experience and improve the quality of our products. They let us make it easier to log in, and they show us where you might be having trouble with our products. We’ve broken them down of cookies used on our Website into four groups:

  • Strictly necessary cookies. We need these cookies to run our Website, they let us save your cookie preferences, and keep the site secure. They include, for example, cookies that enable you to log into secure areas of our Website, keep your session or keep you logged in then you navigate between LexaScan pages. They are always on. A few of necessary cookies that we use:
    • Cloudflare – cookies such as “_cf_bm“ and cookies for CAPTCHA, and a load balancing cookie (_cflb) on the computers of visitors to our Website. Cloudflare does this in order to identify malicious visitors to our Website, to assist with web-traffic filtration.
    • Google reCAPTCHA – reCAPTCHA is a SPAM protection service provided by Google that helps protect Websites from spam and abuse
  • Functional cookies. These are cookies that give you a better browsing experience. These let us tailor the site to your needs, like displaying it in the same language as your web browser. These are also used to recognize you when you return to our Website and remember your preferences. We’ll sometimes refer to them as functionality cookies. A few of functionality cookies that we use:
    • Cookies that help us improve our products and performance. These let us use tools that show us how you interact with our products and they are also known as analytics or performance cookies.
    • Google Analytics - allows us to see how many users are on our Website.
    • Google Tag Manager - tracks user behaviour on a Website allowing to understand how the user uses the Website.
    • Hotjar - records user actions on our Website allowing us to collect feedback on how users use the Website.
  • Advertising/Marketing cookies. These cookies help us provide more relevant ads. We may share this information in aggregate form with third parties, for the purpose of advertising/marketing and statistics.
    • A few of advertising/marketing cookies we use:
    • Meta Pixel (Facebook) - cookies that allow track effectiveness of LexaScan ad campaigns.
    • Google Ads - cookies that allow track effectiveness of LexaScan ad campaigns.
    • You can view a complete list of cookies on this page.

You can block or delete cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including strictly necessary cookies) you may not be able to access all or parts or some functionality of our site.

Most of the cookies we use on our Website are 'persistent' cookies. This means that they remain on your device until you erase them or they expire. The rest of these cookies are 'session' based which are more temporary in duration. This means they will be erased when you close your internet browser. Cookies will not be stored by us for a period longer than 12 months.


We may communicate with our clients about new products or services, special offers, newsletters, and other marketing announcements. You can always change your preference in your profile settings and configure specific channels you wish to receive marketing communication through.


Any changes we may make to our Privacy Policy in the future will be posted on the Website and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our Privacy Policy.


If you have any queries or complaints about our collection, use or storage of your personal information, or if you wish to exercise any of your rights in relation to your personal information, please contact us by email [email protected]. We will investigate and attempt to resolve your complaint regarding your data processing.

You may also make a complaint to the Lithuanian State Data Protection Inspectorate, L.Sapiegos g. 17, Vilnius, email [email protected].