This Privacy policy for UAB Gooliver (doing business as Sofainsider) (Company, we, us), describes how and why we process your Personal data when you use our Services, such as when you:
- Visit the Website at https://sofainsider.com
- Create an Account on the Website
- Use any of the Services provided on the Website
- Engage with us in other related ways, including any sales, marketing, communication, or other events
Reading this Privacy policy will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not visit the Website or use our Services.
1. Definitions
The following terms are defined in this Privacy policy:
Account shall mean a digital account created on the Website.
Data controller, or Company, or we, or us shall mean UAB Gooliver, a private limited liability company, established and operating under the laws of the Republic of Lithuania, legal entity code 305426380, address of registered office at Lvivo g. 25-702, LT-09320 Vilnius, Lithuania, doing business as Sofainsider.
Data processing shall mean any operation or set of operations which is performed on Personal data or on sets of Personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, etc.
Data subject shall mean a natural person who provides their Personal data by visiting the Website or by using the Services provided by the Data controller.
EU/ EEA shall mean European Union and European Economic Area.
Individual shall mean a Data subject who represents themselves and visits the Website or creates an Account with the intent to use the Services.
Personal data, or Data shall mean any information about a Data subject whose identity has been identified or whose identity can be directly or indirectly identified.
Privacy policy shall mean this Privacy policy, which determines the basic rules of the Data controller for collecting, processing and storing Personal data of Data subjects in relation to the Services provided by the Data controller.
Recipient shall mean a natural or legal person, a public authority or another body, to whom the Data controller is entitled to disclose Personal data (see the categories of Recipients in Sections 4 and 5).
Regulation, or the General Data Protection Regulation, or GDPR shall mean Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
Representative of a legal person shall mean a Data subject who represents a legal person and creates an Account with the intent to use the Services.
Services shall mean an interaction of a Data subject with the Data controller when the Data subject visits the Website, creates an Account on the Website, uses any of the Services provided through the Website or engages with the Data controller in other related ways, including any sales, marketing, communication, or other events.
Terms and conditions shall mean the Terms and conditions of using the Services available on the Website.
Website shall mean the website accessible at https://sofainsider.com.
2. What is our legal basis for using your Personal data?
Your Personal data is processed in compliance with the GDPR, other applicable legal acts that Data controller is subject to as well as this Privacy policy.
Following the GDPR, we can only process your Personal data when we believe it is necessary and we have a valid basis to do so. We may rely on one of the following legal basis to process your Personal data:
- Your consent (GDPR Article 6 (1) (a))
When you have given us permission (i.e., consent) to use your Personal data for a specific purpose. You can withdraw your consent at any time. - Fulfilment of a contract (GDPR Article 6 (1) (b))
Certain Personal data is necessary to fulfil our contractual obligations to you, including providing our Services. - Legal obligations (GDPR Article 6 (1) (c))
Where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved. - Legitimate interest (GDPR Article 6 (1) (f))
When we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms.
3. How do we collect your Personal data?
We collect your Personal data that you provide us when you:
- Visit the Website
- Register and create an Account on the Website
- Anytime login to your Account on the Website
- Fill in your profile information
- Use the Services to create questionnaires, pay for the Services, or analyse results
- Use the Services to receive survey invitations, respond to surveys, earn credits, or request to withdraw credits
- Correspond with us via email, phone or social media
4. What Personal data do we collect and for what purposes do we use them?
The following table explains the ways in which we process your Personal data and the corresponding legal basis for processing such Data.
Purpose of Data processing |
Categories of individuals |
Categories of Personal Data |
Legal basis |
Recipients |
---|---|---|---|---|
To provide Services |
Individuals |
|
Fulfilment of a contract Legal obligations for taxation purposes |
Accounting service providers (Credit withdrawal data, Payment account data, Order data) Payment service providers (Order data) Representative of a legal person (Profile data and Response data) |
To provide Services |
Representatives of legal persons |
|
Fulfilment of a contract Legal obligations for taxation purposes |
Accounting service providers (Credit withdrawal data, Payment account data, Order data) Payment service providers (Order data) Representative of a legal person (Profile data and Response data) |
To determine appropriate representation of a Representative of a legal person |
Representatives of legal persons |
|
Legitimate interest to determine appropriate representation |
|
To send email notifications to Data subject |
Individuals Representatives of legal persons |
|
Fulfilment of a contract |
|
To respond to Data subject’s inquiries |
Individuals Representatives of legal persons |
|
Legitimate interest to offer efficient communication channels to our clients and public |
|
To perform direct marketing activities |
Individuals Representatives of legal persons |
|
Your consent |
Communication and mailing service providers |
To perform client segmentation for direct marketing purposes |
Individuals Representatives of legal persons |
|
Your consent |
Communication and mailing service providers |
To better understand how our Services are used and improve them and user experience of using it |
Individuals Representatives of legal persons |
|
Legitimate interest to analyse and understand how our services are used so we can improve them to engage and retain users |
Analytics service providers SaaS and other IT service providers |
To establish, exercise, defend, assign, or sell legal claims, as well as to retain information for this purpose |
Individuals |
|
Legitimate interest to establish, exercise, defend, assign, or sell legal claims as well as to retain information for this purpose |
Legal service providers |
To establish, exercise, defend, assign, or sell legal claims, as well as to retain information for this purpose |
Representatives of legal persons |
|
Legitimate interest to establish, exercise, defend, assign, or sell legal claims as well as to retain information for this purpose |
Legal service providers |
To calculate, deduct and pay (if applicable) personal income tax on your behalf as well as provide your personal information for declaration purposes |
Individuals |
|
Legal obligations for taxation purposes |
Accounting service providers State Tax Inspectorate under the Ministry of Finance of the Republic of Lithuania |
5. When and with whom do we share your Personal data?
Representative of a legal person
We collect, process and analyse the Data subject’s Personal data to provide our Services. This information will be provided to a Representative of a legal person in an anonymised and aggregated form (in charts, data tables, our insights) for further analysis when they order our Services. None of the directly identifiable Personal data (such as identification data, contact data) will be shared with the Representative of a legal person.
Suppliers
We may share your Personal data with the following suppliers who provide services to us:
Type of supplier | Why we share your Personal data |
---|---|
SaaS and other IT service providers |
To help us provide our Services to you, including hosting of our Website, ensuring availability of our Services and Website, data hosting and processing |
Payment service providers |
To help us provide our Services to you, including processing of orders and payments |
Analytics service providers |
To help us improve our Services based on analytical information |
Accounting service providers |
To help us provide our Services to you, including our accounting and taxation obligations |
Legal service providers |
To help us protect our legal interest |
Communication and mailing service providers |
To help us send necessary and relevant communication to you |
For legal reasons
We may also share your Personal data with financial institutions, government authorities, law enforcement authorities, tax authorities, and other third party organisations to comply with the law and Regulation, in connection with criminal investigations or legal claims, or to enforce our rights.
When you request us to share your Personal data
When you request us to share your Personal data with a third party, in case you authorise a third party to act on your behalf, we may share the requested information. You may need to provide proof that a third party has been validly authorised to act on your behalf.
6. Do we share information internationally?
A transfer of Personal data outside of the EU/ EEA can take place provided there is a legal basis and one of the following conditions:
- A country outside of the EU/ EEA where the Recipient is located has an adequate level of data protection as decided by the EU Commission.
- The controller or processor has provided appropriate safeguards, for example, the agreement that includes the EU Standard Contractual Clauses or other authorised contractual clauses, approved codes of conduct or certification mechanisms.
- There are derogations for specific situations applicable, for example, Data subject’s explicit consent, performance of a contract with the Data subject, conclusion or performance of a contract concluded in the interest of the Data subject, establishment, exercise or defence of legal claims, important reasons of public interest.
7. How do we use your Personal data for marketing purposes?
When you sign up to our Services we will ask you if you want us to contact you by email with information about our Services and promotional offers. We will ask for your consent before sharing such information.
We may use your Personal data to offer more personalised marketing material about our Services, so they are more relevant to you. This means that we may analyse your usage of our Services. Our legal basis for processing your Data is your consent.
Your consent can always be withdrawn. You may do this by tapping the unsubscribe link in any promotional message we send you.
8. How do we handle your social login data?
Our Services offer you the ability to register and log in using third party social media account details, namely your Google or Facebook logins. Where you choose to do this, we will receive certain profile information about you from your social media provider. The profile information we receive may vary depending on the social media provider, but will often include your name, surname, and email address, as well as other information you choose to make public on such a platform.
We will use the information we receive only for the purposes that are described in this Privacy policy or that are otherwise made clear to you on the relevant Services. Please note that we do not control, and are not responsible for, other uses of your Personal data by your third party social media provider. We recommend that you review their privacy policy to understand how they collect, use and share your Personal data, and how you can set your privacy preferences on their sites and apps.
9. How long do we keep your Personal data?
We retain your Personal data specified in section 4 to provide our Services to you based on our contractual obligations, your consent, to comply with applicable regulation, to protect our business and legal interests, and to fulfil internal record keeping purposes.
Purpose of Data processing | Retention period |
---|---|
To provide Services
|
Throughout the duration of the contract and 10 years after the termination of the contract
|
To determine appropriate representation of a Representative of a legal person
|
Throughout the duration of the contract and 10 years after the termination of the contract
|
To send email notifications to Data subject
|
Throughout the duration of the contract and 10 years after the termination of the contract
|
To respond to Data subject’s inquiries
|
3 years after providing an answer to the inquiry
|
To perform direct marketing activities
|
5 years after obtaining Data subject’s consent, or until the Data subject withdraws their consent
|
To perform client segmentation for direct marketing purposes
|
5 years after obtaining Data subject’s consent, or until the Data subject withdraws their consent
|
To better understand how our Services are used and improve them and user experience of using it
|
Throughout the duration of the contract and 5 years after the termination of the contract
|
To establish, exercise, defend, assign, or sell legal claims, as well as to retain information for this purpose
|
Throughout the duration of the contract and 10 years after the termination of the contract
|
To calculate, deduct and pay (if applicable) personal income tax on your behalf as well as provide your personal information for declaration purposes
|
Current tax year and 5 years after the end of the current tax year
|
Once the retention period has expired, we will delete your Personal data according to the practices established by us based on the best data management practices and as required by the law.
10. How do we keep your Personal data safe?
The security of your Personal data is important to us and we will use reasonable organisational and technological security measures to prevent the loss, misuse or unauthorised alteration of your Personal data under our control.
However, despite our safeguards and efforts to secure your information, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorised third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your Personal data, transmission of Personal data to and from our Website and Services is at your own risk. You should only access the Website and Services within a secure environment.
11. Do we collect information from minors?
The Services provided are solely intended to be used by people over 18 years old and we do not knowingly solicit Data from or market to children under 18 years of age. If we learn that Personal data from users less than 18 years of age have been collected, we will deactivate the Account and take reasonable measures to promptly delete such Data from our records. If you become aware of any data we may have collected from children under age of 18, please contact us at hello@sofainsider.com.
12. What are your data protection rights?
We would like to make sure you are fully aware of all of your data protection rights. You are entitled to the following:
- Receive confirmation if your Personal data is being processed by us and, if so, then to access it.
- Require the Personal data to be corrected if it is inadequate, incomplete or incorrect.
- Require the erasure of the Personal data.
- Restrict the processing of Personal data.
- Object to processing of Personal data if processing is based on the Company’s legitimate interests.
- Object to processing of Personal data for direct marketing.
- Receive Personal data that is provided by you and is being processed based on consent or performance of an agreement in a structured, commonly used electronic format and where feasible, transmit such Data to another service provider (right to data portability).
13. How can you exercise your data protection rights?
You can exercise your data protection rights by contacting us at hello@sofainsider.com. Please include one of the topics from the list below in a subject line of your email:
- Request to access personal data
- Request to rectify personal data
- Request to erase personal data
- Request to restrict processing of personal data
- Objection to processing of personal data
- Request to transfer personal data
- Request to withdraw consent
You should submit the application by email. The application should be signed with a qualified electronic signature.
When you exercise one of your rights, it may take us up to one month to respond or implement these changes.
Upon your request, your Personal data will be erased, however, the Company has an obligation to only store copies of information that is necessary to protect legitimate interests of third parties, to comply with obligations of state institutions, to settle disputes, or to recognize interruptions.If you’re unhappy with how we’ve handled your request you can file a complaint with the local data protection authority. In Lithuania, this is the State Data Protection Inspectorate.
14. Do we use cookies and other tracing technologies?
We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. To learn more about how we use these and your choices in relation to these tracking technologies, please refer to our Cookie policy.
15. Contact us
If you have any questions about our Privacy policy, the Data we hold on you, or you have a basis to believe that your data privacy rights have been violated, you can contact us at hello@sofainsider.com.
16. Language of Privacy policy
The Privacy policy is drafted in Lithuanian and translated into English. In the event of disputes or claims of linguistic nature or concerning interpretation, the version of Privacy policy in Lithuanian shall prevail.
17. Updates to Privacy policy
The Privacy policy is a living document and we may update it from time to time. The updated version of the Privacy policy will be effective as soon as it is accessible. You may be informed of any critical policy changes.
The date at the bottom of this Privacy policy indicates when it was last updated.
LAST UPDATED ON 26 OCTOBER 2022