Softera logo
Search Icon
Get a consultation

 

Updated 2024-04-18

This Privacy Policy (hereinafter – the Policy) defines how UAB “Softera Baltic” (hereinafter – Softera, the Company, we) processes the personal data of its clients and/or other individuals (hereinafter – Users, Clients, you). The Policy establishes the principles, rules, and requirements for personal data processing that Softera follows to ensure the security of your personal data and the protection of your rights.

Who are we? Softera is the Microsoft Dynamics 365 business management solutions partner in Lithuania with the most extensive experience and team of specialists, implementing ERP, CRM, and business analytics (Power BI) solutions for businesses. Deep technological and process management knowledge, a competent team of specialists, and proven solution implementation and project management methodologies ensure the quality of services provided. We aim to help clients choose value-creating solutions for process digitization and optimization.

We care about your privacy and the security of your personal data, therefore we fully commit to processing the data of our Users and other individuals only in compliance with established personal data processing principles and requirements, and we ensure the confidentiality of personal data by implementing appropriate technical and organizational measures designed to protect personal data from unauthorized access, disclosure, accidental loss, alteration or destruction, or other unlawful processing. This privacy policy applies together with our Website cookie policy. If you have questions about data processing or would like to receive more detailed information about personal data processing, please contact duomenuapsauga@softera.lt

This Policy may be amended in light of changes in legislation and the Company’s operations, therefore we recommend reviewing it periodically. We will inform about all Policy changes publicly on our website www.softera.lt

DEFINITIONS

Personal data – any information relating to a natural person – the Data Subject, whose identity is known or can be directly or indirectly determined using such data as personal identification code, one or more factors specific to the physical, physiological, psychological, economic, cultural, or social identity of that person.

Personal data processing – any operation performed with personal data: collection, recording, accumulation, storage, classification, grouping, combination, modification, provision, publication, use, logical and/or arithmetic operations, search, dissemination, destruction, or any other action or set of actions.

General Data Protection Regulation – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter – the Regulation, GDPR).

Data subject – any natural person who visits the Company’s website www.softera.lt and/or has expressed an intention to use, uses, or has used the Company’s solutions and/or services, participates in webinars and/or events organized by the Company, intends to participate in our published job openings, and for these reasons we process personal data.
Data controller – UAB “Softera Baltic” legal entity code 301566552, registered office address K. Donelaičio St. 62 / V. Putvinskio St. 53 (BLC), 44248 Kaunas, Lithuania, email address info@softera.lt, phone number +370 37 752772, which determines the purposes and means of processing the data specified in this Privacy Policy.

Data processor – a natural or legal person engaged by the Company to process your Personal Data on behalf of the Company.

Client – a natural or legal person to whom the Company provides services and who uses the Company’s products or solutions.

User – a visitor to the Company’s Website or another person who contacts the Company for information or consultation (advice or guidance regarding the Company’s products, product trials or demonstrations, inquires about product prices, or wishes to receive the Company’s offer, etc.).

Website – the website managed by the Company www.softera.lt

Other terms used in the Privacy Policy are understood as defined in the Regulation, the Law of the Republic of Lithuania on Legal Protection of Personal Data, and other legal acts regulating personal data processing and security.

WHAT PRINCIPLES DO WE FOLLOW WHEN PROCESSING PERSONAL DATA?

We respect your privacy and collect and process only such Personal Data as is necessary to achieve our stated data processing purposes. When processing your Personal Data, we comply with applicable laws, including GDPR, the Law of the Republic of Lithuania on Legal Protection of Personal Data, and others. When processing Personal Data, we adhere to the principles related to personal data processing established in the Regulation:

  • We process your Personal Data in a lawful, fair, and transparent manner
  • We collect your Personal Data for specified, explicit, and legitimate purposes and do not process it in a manner incompatible with those purposes, except to the extent permitted by law
  • We ensure that Personal Data is adequate, relevant, and limited to what is necessary for the purposes of our stated data processing, i.e., we do not collect or store excessive or unnecessary data
  • We take all necessary measures to correct or delete Personal Data that is inaccurate or incorrect
  • We store data only for as long as necessary to achieve the specified purposes
  • We apply appropriate technical and organizational security measures that ensure the security of your Personal Data, including protection against unauthorized or unlawful data processing and against accidental loss, destruction, or damage, including providing access to data or transferring data only to those employees or service providers for whom such access is necessary due to their job functions or services provided

WHEN DO WE PROCESS YOUR PERSONAL DATA?

We collect and process your personal data only when it is necessary to achieve our legitimate purposes and when we have a legal basis to do so. The Company’s personal data processing may be carried out:

  • When you have given your consent to the processing of personal data for a specified purpose or purposes
  • When it is necessary to perform a contract with you or to take steps at your request prior to entering into a contract
  • When we are required to do so by law
  • When processing personal data is necessary for the legitimate interests of the Company or third parties

WHAT PERSONAL DATA DO WE PROCESS?

When you want to receive our consultation, try our solutions, or see a system demonstration at an agreed time and ask our specialists questions that concern you and subsequently receive an offer/price, we process:

  • Name
  • Phone number
  • Email address
  • Company name

Data processing purpose – to contact the User and ensure proper User service and information provision.

Legal basis for data processing – your consent.

Data retention period – data is stored for 5 years.

When we enter into service contracts and provide services to our Clients in fulfilling them, we process:

  • The name, surname, workplace, position, and contact details (phone number, email address) of the Client or their representative signing the contract
  • The name, surname, workplace, position, and contact details (phone number, email address) of the Client’s contact person responsible for contract execution and communication

Data processing purpose – to enter into and perform a contract with the Client.

Legal basis for data processing – performance of a contract with the Client.

Data retention period – data is stored during the term of the contract with the Client and for 10 years after the end of the contract.

When we provide services to our Clients and our Clients contact us for assistance regarding the services provided, using the JIRA service system, we process:

  • The name, surname, workplace, position, and contact details (phone number, email address) of the Client’s contact person
  • The name, surname, and email address of Client employees who have been granted access to the JIRA system
  • Other personal data that the Client specifies in their request for assistance

Data processing purpose – to enter into and properly perform a contract, to provide assistance or consultations to our Clients regarding the services provided.

Legal basis for data processing – performance of a contract with the Client.

Data transfer – during the term of the contract, data is transferred to the service provider UAB “DataBank”, which maintains the Company’s IT infrastructure, and to the JIRA service system provider Atlassian, who process data as data processors according to the Company’s instructions.

Data retention period – data is stored for 10 years from the resolution of the JIRA request.

When we want to periodically provide you, our Clients, with newsletters, offers, and information about our services that we believe may interest you, as well as inquire about your opinion on the quality of our products and services, if you express your consent to receive our direct marketing messages, we process:

  • Email address

Data processing purpose – to provide newsletters, offers, and information about our services and to inquire about opinions on product and service quality.

Legal basis for data processing – your consent expressed at the time of contract conclusion.

If you are our Client, we may use your Personal Data (email address and/or phone number) for direct marketing purposes to provide you with offers and information about similar services or products we provide that we believe may interest you, as well as to inquire about your opinion on the quality of our products and services, even without your consent. You may object to or opt out of such messages at any time by clicking the link at the end of each such message.

We offer Website visitors a chat function to contact us and ask questions or obtain necessary information. When you contact us or ask us a question using the Tawk.to chat application on our Website or using the inquiry form and want to receive a response, we process:

  • Name
  • Email address
  • Phone number
  • Other personal data you provide in your inquiry

Data processing purpose – to communicate with Users and respond to questions asked and to contact the User if we cannot respond to the inquiry at the time of receipt.

Legal basis for data processing – your consent.

Data transfer – tawk.to is a third-party plugin used on our Website, which processes data as a data processor according to the Company’s instructions only to ensure proper service provision and in accordance with the Data Processing Addendum (https://www.tawk.to/data-protection/dpa-data-processing-addendum/)

Data retention period – data is stored for 5 years.

When we want to share success stories on our Website about successfully implementing various solutions for our clients, we process:

  • The name and surname of the Client’s representative
  • Company name, position held
  • Photo of the Client’s representative
  • Client testimonial about our services and solutions
  • Video recording with client testimonial about our services and solutions

Data processing purpose – to share your testimonial as a client about the services we provided.

Legal basis for data processing – consent of the client or their representative.

Data retention period – data is stored for 5 years.

When you apply to our published job postings and seek employment with the Company, we process:

  • Name, surname
  • Contact information (phone number, email address)
  • Information about education (educational institution, study period, education and/or qualifications obtained)
  • Information about work experience (previous employer, employment period, position, responsibilities and/or achievements)
  • Information about professional development (training or courses completed, certificates obtained, valid licenses acquired)
  • Information about language proficiency, IT knowledge, other competencies
  • Other information provided in CV, cover letter, or other application documents (including copies of documents confirming education and professional qualifications)
  • Information provided in recommendations and/or feedback from former/current employers
  • Information about your evaluation as a candidate during the selection process (interview summary, opinions and insights of the person/persons conducting the selection, candidate test results (if testing is conducted))

Data processing purpose – to conduct recruitment for a vacant position at the Company – to assess your suitability for the offered position/role

Legal basis for data processing – your consent, expressed by applying to the Company’s published job openings and sending your personal data, including your CV and other documents to the Company, and the Company’s legitimate interest in assessing your suitability as a candidate for specific positions and selecting the most suitable candidate.

Data retention period – data is stored until the end of the specific recruitment process. If, after the recruitment for a particular position ends, the Company does not select your candidacy and does not offer to conclude an employment contract, your personal data obtained and processed during the recruitment process will be stored for 1 (one) month after the end of the recruitment.

If you give your consent to store your data submitted in the job application in the candidate database so that we can contact you directly in the future and offer you to participate in a recruitment process for a published opening, we process:

  • Name, surname
  • Contact information (phone number, email address)
  • Information about education (educational institution, study period, education and/or qualifications obtained)
  • Information about work experience (previous employer, employment period, position, responsibilities and/or achievements)
  • Information about professional development (training or courses completed, certificates obtained, valid licenses acquired)
  • Information about language proficiency, IT knowledge, other competencies
  • Other information provided in CV, cover letter, or other application documents (including copies of documents confirming education and professional qualifications)
  • Information provided in recommendations and/or feedback from former/current employers
  • Information about your evaluation as a candidate during the selection process (interview summary, opinions and insights of the person/persons conducting the selection, candidate test results (if testing is conducted))

Data processing purpose – to contact you directly with an offer to apply for a newly created or vacant position at the Company.

Legal basis for data processing – your consent.

Data retention period – 12 (twelve) months from the date of receipt of consent.

The Website uses links to external third-party websites – the Company’s social media accounts on Facebook, YouTube, LinkedIn. The use of third-party websites to which our Website provides links is subject to the privacy policy provisions of those respective websites. The Company assumes no responsibility for the content of information not provided by the Company on these websites, personal data processing, and/or their activities.

When we administer the Company’s social media accounts and you visit the Company’s social media accounts (LinkedIn, Facebook, YouTube), follow us, or engage in discussions, we process:

  • Name, surname, or your social media account name
  • Your photo
  • Reactions to content provided by the Company (likes, reactions, comments, shares)
  • Other data publicly available in your account or that you provided in your comments or communication with the Company through the social media account

Data processing purpose – to inform clients and other individuals about the Company’s activities, to communicate with individuals browsing or following the accounts, to enable individuals to discuss on our social media accounts, and to respond to their questions.

Legal basis for data processing – your consent.

Data retention period – data is stored as long as the Company’s or your social media account is active, unless you express a desire to delete your data on our social media accounts earlier.

TO WHOM MAY WE TRANSFER YOUR PERSONAL DATA?

For the processing of your personal data, we may engage third parties – service providers (data processors) who help us provide services to you: companies providing financial and accounting services, companies providing data center services or website hosting services, companies providing IT maintenance services, companies providing advertising and marketing services, including newsletter delivery services, and other service providers to whom your personal data is disclosed only to the extent necessary to provide specific services.

Our engaged data processors may process your personal data only according to our clear instructions or directions and may not use it for other purposes or transfer it to other persons. In each specific case, only the necessary personal data or access to it is provided to the data processor, i.e., only such personal data that is necessary to fulfill a specific processing purpose or provide a service. To ensure the security of your personal data, we engage only those data processors who commit and can comply with appropriate data security requirements and confidentiality obligations.

Data may also be transferred to state institutions and agencies performing functions assigned to them by law (e.g., law enforcement agencies).

WHERE DO WE PROCESS YOUR PERSONAL DATA?

We process your personal data only within the territory of the European Union / European Economic Area (EU/EEA). Currently, when processing your personal data, we do not transfer it to third countries. If there is a need to transfer data to third countries, we will inform you before making the transfer and ensure the lawfulness and security of the transfer (application of necessary transfer mechanisms and security measures).

WHAT RIGHTS DO YOU HAVE?

You, as a data subject, have all the rights established by the Regulation by visiting the Company or contacting us by email at duomenuapsauga@softera.lt:

  • to know about personal data processing – to receive information about whether we process your personal data, and if such personal data is processed, the right to access your personal data
  • to request correction of personal data if you determine that the personal data being processed is inaccurate or incorrect
  • to request suspension of personal data processing actions, except for storage – in cases where, upon reviewing personal data, it is determined that the data is incorrect, incomplete, or inaccurate, or is processed unlawfully
  • to request deletion of personal data (“right to be forgotten”), except when your data must be stored based on legal obligations applicable to the Company or for the establishment, exercise, or defense of legal claims
  • to object to the processing of personal data when such data is processed or intended to be processed due to a legitimate interest pursued by the Company
    to receive personal data concerning you that you provided to the Company, processed by automated means and the processing of which is based on consent or contract, in a commonly used machine-readable format and to transmit it to another data controller (right to data portability), when technically feasible
  • to withdraw your given consent to personal data processing at any time by submitting a notice to the Company in the specified manner – by clicking the link at the end of the email (in the case of direct marketing) or by sending your request to the Company by email at duomenuapsauga@softera.lt

You may exercise your rights yourself or through representatives. To exercise your rights, you must visit the Company in person and submit a request, or you may submit your request by electronic means via email to duomenuapsauga@softera.lt. When fulfilling your request, we have the right and obligation to verify your identity, which will always be attempted to be established in the simplest and most convenient way for you. When submitting a request, you may confirm your identity in one of the following ways:

  • if the request is submitted by visiting the Company directly – by presenting an identity document to our employee
  • if the request is submitted by electronic means, it must be signed with an electronic signature or it must be submitted from the email address with which you registered on our Website or which we have in our database and can identify you

If there are reasonable doubts about the identity of the natural person submitting the request, we have the right to request additional information necessary to confirm your identity (e.g., what was the purpose of your contact with the Company, what services or products you were interested in or wanted to learn about, etc.).

The request must be clear, it must state your name, surname, information about which rights and to what extent you wish to exercise, and information on how you would like to receive a response. If you submit the request by electronic means, the information is also provided by electronic means, except in cases where you request in advance to provide it otherwise.

We strive to review your submitted requests and provide you with information as quickly as possible, but no later than within 30 calendar days from the date of receipt of the request. If, due to certain circumstances, such as the complexity of the submitted request (if it is necessary to seek assistance from engaged data processors) or due to the number of Requests being reviewed by the Company, the Company may not be able to review the request on time, the review period may be extended by no more than two months, and we will inform you of this.

Requests are reviewed and information and data are provided free of charge, however, we have the right in certain cases either to refuse to exercise your rights (when the request is unfounded or disproportionate or is repetitive), or the provision of information and data may be charged taking into account the administrative costs of providing information or notifications or actions requested, in accordance with legal requirements and the Company’s established pricing (if there is obvious abuse of rights, unjustifiably repeated requests to provide information, data, statements, documents, etc.).

If you believe that the Company’s actions or inaction violate your rights or legal requirements, you have the right to file a complaint with the supervisory authority – the State Data Protection Inspectorate.

VALIDITY OF THE PRIVACY POLICY

This Privacy Policy is effective from April 18, 2024. We regularly review the Privacy Policy and, if necessary, update or supplement it. We will inform about any updates on our Website in advance by publishing it at https://www.softera.lt/privatumo-politika/