Virtosoftware UAB, a legal entity established in Lithuania, along with its group companies (collectively “VirtoSoftware”, “we”, “us”, and “ours”), is committed to protecting your privacy.
VirtoSoftware aims to inform you about how we collect, use, and disclose your personal information (“Personal Data”). “Personal Data” is information that identifies you as an individual or relates to an identifiable individual.
What Personal Data do we collect and process for our own purposes as a controller?
When you use our Services, visit our Websites or Social Media Pages, VirtoSoftware may collect information, which may include Personal Data.
When you subscribe to and use our Service(s), we may collect your:
- Contact information such as name, e-mail address, mailing address, phone number, company name, and job title
- Billing information, such as credit or debit card number, bank/wire transfer details, PayPal details, billing address, and zip code
- Feedback information, such as name and e-mail address when we provide feedback or customer support from within the Service(s)
- Unique identifiers, such as username, account number or password, information collected on the Services through cookies and similar technologies, etc.
We and our service providers may collect Personal Data in a variety of ways. Such information may be collected from you through the Services, e.g., when you sign up for a newsletter or register for Services or a demo version, respond to a survey, fill out a form on our Website, open a support ticket, or leave comments on the forums or in a blog. We may receive your Personal Data from other sources, such as public databases, joint marketing partners, social media platforms (including from people with whom you are friends or otherwise connected), and other third parties. For the purposes of the General Data Protection Regulation (GDPR), VirtoSoftware shall be the controller for the information you have submitted to us.
What do we use your Personal Data for?
We and our service providers use Personal Data for legitimate business purposes, including the following:
(i) to provide you the Service(s) and fulfill your requests
(ii) to send you communication from the Service(s)
(iii) to assess the needs of your business to determine or suggest suitable Service(s)
(iv) to send you the requested information about the Service(s)
(v) to respond to customer service requests, inquiries, questions, and concerns
(vi) to administer your account and provide you with related customer service
(vii) to send periodic emails with important notices or information about the Services (updates, bug fixing, etc.)
(viii) to personalize your experience with the Services by presenting products and offers tailored to you
(ix) to send you promotional and marketing communications that we believe may be of interest to you
(x) to send administrative information to you, such as changes to our terms, conditions, and policies
(xi) to facilitate billing and payment transactions for the use of our Service(s)
(xii) for data analysis, such as to improve the efficiency of our Services
(xiii) to enhance, improve, or modify our Services
(xiv) to collect feedback to improve our website, customer service, identify usage trends, determine the effectiveness of our promotional campaigns, etc.
(xv) to develop new products and services
(xvi) to be efficient in fulfilling our legal, regulatory, and contractual duties and for fraud and security monitoring purposes.
We will engage in these activities to manage our contractual relationship with you, to comply with a legal obligation, and/or because we have a legitimate interest. Our legitimate interest is the interest of ours as a business in conducting and managing VirtoSoftware to enable us to provide you with the Services and offer the best experience. We will provide personalized services and/or send promotional and marketing communication either with your consent or because we have a legitimate interest.
If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Data, please contact us using the contact details provided below.
To whom do we disclose your Personal Data?
Your Personal Data may be disclosed:
- To our third-party service providers who provide services such as website hosting, data analysis, billing and/or payment processing, order fulfillment, information technology, and related infrastructure provision, online advertising services, customer service, helpdesk solutions, email delivery, auditing, and other services.
- By you, on message boards, chats, blogs, and other services to which you are able to post information and content (including, without limitation, the forums and our Social Media Pages). Please note that any information you post or disclose through these services will become public and may be available to other users and the general public.
- Other uses and disclosures: We may also use and disclose your Personal Data as we believe to be necessary or appropriate, especially when we have a legal obligation or legitimate interest to do so: (a) to comply with applicable law; (b) to enforce our terms and conditions; and (c) to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or others. In addition, we have a legitimate interest in using, disclosing, or transferring your information to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).
Further details can be provided upon request.
Processing Customer Information (VirtoSoftware as a Data Processor)
VirtoSoftware neither owns nor controls the use of any of the Customer Information stored or processed by a Customer or end-user via the Service. Only the Customer or end-users have the authority to access, retrieve, and control the use of such Customer Information. VirtoSoftware has limited knowledge of what Customer Information is actually being stored or made accessible by a Customer or end-user via the Service and does not directly access such Customer Information except when necessary to provide Services (including responding to support requests, delivering development work, maintenance, updates, etc.), as otherwise authorized by Customers or as required by law. VirtoSoftware is not accountable for the content of the Personal Data within the Customer Information or other data stored on its servers (or its subcontractors’ servers) at the Customer’s discretion. Moreover, VirtoSoftware is not responsible for the Customer’s handling, disclosure, distribution, or other processing methods of such information.
Our Customers are the “controllers” of Customer Information, which means they oversee how such data is collected and utilized, as well as the determination of the purposes and means of processing such data. They are responsible for complying with applicable data protection laws. This information may also be subject to our Customers’ privacy policies. As the controller, it is our Customers’ responsibility to inform the end-users about the processing and, where necessary, obtain the requisite consent or authorization for any Personal Data collected as part of the Customer Information through the use of the Service(s).
As processors of Customer Information on behalf of our Customers, we adhere to our Customers’ instructions concerning the Customer Information in line with the functionality of our Service(s). In doing so, we have established reasonable technical and organizational measures against unauthorized processing and against loss, destruction of, or damage to, Customer Information.
If you are seeking access to or wish to correct, update, modify, or delete Personal Data, which forms part of the Customer Information processed by us as a data processor on behalf of our Customer, you should direct your inquiry to our Customer, i.e., the controller. If you are a Customer of our Service(s) and wish to raise a request on behalf of your end-users in connection with Customer Data, you can open a ticket on the support portal of the relevant Service. Please note that if a Customer has subscribed to more than one Service, their request on a particular Service support portal is specific to that Service only, and separate requests need to be made across other relevant Service support portals.
Access, Choices, and Other Rights
If you are an individual residing in the EEA, you have the following data protection rights concerning Personal Data collected and processed by VirtoSoftware as the data controller:
- Right to Access: You can request access to any data that qualifies as your Personal Data at any time. This includes the right to be informed if we process your Personal Data, what categories of Personal Data are being processed, and our purpose for processing it.
- Right to Rectification: If you believe your Personal Data is inaccurate or incomplete, you have the right to request its correction. We have a legal obligation to keep your Personal Data accurate and up-to-date, and we kindly ask you to help us comply with this obligation by informing us of any necessary changes to your Personal Data.
- Right to Object: You can object to certain processing activities involving your Personal Data, such as direct marketing or automated decision-making, or when we base the processing of your Personal Data on our legitimate interest.
- Right to Restrict Processing: You may request that we limit the processing of your Personal Data if you want to: (i) question the legality of the processing, (ii) challenge the accuracy of the Personal Data, (iii) restrict the processing instead of erasure in case of unlawful processing, or (iv) demand restriction of the processing while assessing the plausibility of our legitimate interest in the specific processing activity.
- Right to Erasure: You can request the erasure of your Personal Data if (i) it is no longer necessary for the purposes for which it was collected, (ii) you withdraw your consent for processing, (iii) you contest our legitimate interest, and we have no overriding legitimate interest to continue processing, (iv) you object to direct marketing, (v) you believe that the processing is unlawful, (vi) you believe that the Personal Data must be erased to comply with a legal requirement.
- Right to Data Portability: If your Personal Data is being processed automatically with your consent or based on a mutual contractual relationship, you may request that we provide you with your Personal Data in a structured, commonly used, and machine-readable format. Furthermore, you may request that this Personal Data be transferred to another controller, provided it is technically feasible.
- Right to Withdraw Consent: If the processing is based on your consent, you can withdraw this consent at any time without adverse effect. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your Personal Data conducted in reliance on lawful processing grounds other than consent.
- Right to Contact Supervisory Authority: If you are not satisfied with our response to your request related to your Personal Data or if you believe we are not processing your Personal Data in accordance with the law, you can file a complaint with the State Data Protection Inspectorate at vdai.lrv.lt.
If you are our customer, we will occasionally send you emails and/or announcements with administrative information related to the Service(s) as necessary. For instance, if our Service(s) is temporarily suspended for maintenance, we might send you an email. Generally, you may not opt out of communications that are not promotional in nature. If you do not wish to receive them, you may deactivate your account and discontinue the use of our Services.
Retention of Personal Data
We will retain your Personal Data for as long as needed or permitted in light of the purpose(s) for which it was obtained. The criteria used to determine our retention periods include (i) the length of time we have an ongoing relationship with you and provide the Services to you; (ii) whether we have a legal obligation to which we are subject; or (iii) what is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
Protection of Your Information
We have implemented reasonable technical and organizational measures to maintain the safety of your Personal Data. The measures we use are designed to provide a level of security appropriate to the risk of processing your Personal Data. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. It is important for you to protect against unauthorized access to your password(s) and computer or device and to log off when using any shared computer.
Disclosure of Information Outside the EEA
Your Personal Data may be stored and processed in any country where we have facilities or engage service providers. By using the Services, you consent to the transfer of information to countries outside of your country of residence, including the United States and EMEA countries, which may have data protection rules that differ from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies, or security authorities in those other countries may be entitled to access your Personal Data.
Additional information regarding the EEA: Some non-EEA countries are recognized by the European Commission as providing an adequate level of data protection according to EEA standards. For transfers from the EEA to countries not considered adequate by the European Commission, we have put in place adequate measures, such as standard contractual clauses adopted by the European Commission to protect your Personal Data.
Sensitive Personal Data (Personal Data of Special Categories)
Unless we explicitly agree otherwise in writing, you should not send us, disclose, or process any sensitive and/or special categories of Personal Data (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background, or trade union membership) on or through the Services or otherwise to us.
Signing in Using Sign-in Services
You can log in to some of our Services using sign-in services such as GitHub and others (Google, Facebook, etc.). These services will authenticate your identity and provide you the option to share certain Personal Data with us, such as your name and email address.
Third-Party Links, Services, and Features
In addition, we are not responsible for the information collection, use, disclosure, or security policies or practices of other organizations, such as Facebook, Apple, Google, Microsoft, or any other developer, social media platform provider, operating system provider, wireless service provider, or device manufacturer, including with respect to any Personal Data you disclose to other organizations through or in connection with our Services and/or Social Media Pages.
What Personal Data Do VirtoSoftware Apps Collect?
Where do VirtoSoftware Apps Store that Data?
For this information, please refer to our Data Security FAQ.
Use of Services by Children and Minors
The Services are not directed to individuals under the age of sixteen (16), and we do not knowingly collect Personal Data from individuals under sixteen (16).
How to Contact Us?