Privacy Policy

Privacy Policy

Kolmisoft Privacy Policy

Your privacy is important to us. This Privacy Policy explains how Kolmisoft UAB, operating under the Kolmisoft name (“Kolmisoft”, “we”, “us”, “our”), collects, uses, stores and protects personal data when you visit our website, contact us, use our services, purchase our products, or otherwise interact with us.

This Privacy Policy applies to our website at www.kolmisoft.com, its subdomains, and our own business, sales, support, and administrative activities.

Where Kolmisoft processes personal data on behalf of a business customer, for example within software, hosted systems, support environments or customer-controlled services, Kolmisoft may act as a data processor, and the customer may act as the data controller. In such cases, the processing is governed by the applicable agreement with that customer, including any Data Processing Agreement, and not only by this Privacy Policy.

1. Data Controller

The data controller for the processing described in this Privacy Policy is:

Kolmisoft UAB
Company code: 301534711
Registered address: Prancuzu 12, Vilnius, 11329 Lithuania
Email: info@kolmisoft.com
Phone:  +37052058393

If you have any questions about this Privacy Policy or how we process your personal data, contact us at info@kolmisoft.com.

If we appoint a Data Protection Officer, their contact details will be published here. As of the date of this Privacy Policy, we have not appointed a Data Protection Officer.

2. Personal Data We Collect

Depending on how you interact with us, we may collect the following categories of personal data:

Contact and identification data

Name, surname, company name, job title, email address, phone number, country, postal address, and similar contact details.

Account and customer data

Login details, user account information, customer number, order history, purchased products or services, license information, support plan, communication preferences, and related business information.

Billing and payment data

Billing address, VAT number, invoice details, payment status, and transaction-related information. If card payments are used, payment card data is normally processed by our payment service provider. We do not intentionally store full payment card numbers unless this is technically or legally necessary.

Communication and support data

Emails, contact form submissions, support tickets, chat messages, call notes, attachments, troubleshooting information, technical logs, and other information you provide when communicating with us.

Website and technical data

IP address, browser type and version, device information, operating system, time zone, pages visited, referring URL, access times, log files, diagnostic data, and information about how you use our website.

Cookie and similar technology data

Information collected through cookies, pixels, analytics tools and similar technologies, subject to your cookie choices where required.

Marketing data

Newsletter subscriptions, marketing preferences, event registrations, campaign interactions, and information about whether you opened or clicked our communications.

Security and compliance data

Information needed to prevent fraud, abuse, unauthorized access, security incidents, misuse of our website or services, and to comply with legal obligations.

We do not intentionally collect special categories of personal data, such as health data, political opinions, religious beliefs, biometric data or trade union membership, unless you voluntarily provide such information and it is necessary for a specific purpose.

3. How We Collect Personal Data

We collect personal data:

  • directly from you when you fill in forms, contact us, create an account, request a demo, buy a product, subscribe to newsletters, or ask for support;
  • automatically when you use our website or services, including through cookies, server logs and similar technologies;
  • from business customers where they provide user, administrator, or billing contact details;
  • from service providers, partners, payment providers, public registers, business directories, or other lawful sources where relevant to our business relationship.

4. Purposes and Legal Bases

We process personal data only where we have a lawful basis to do so.

Purpose Categories of data Legal basis
To provide our website and respond to your requests Contact data, communication data, technical data Legitimate interests; steps prior to contract
To create and manage customer accounts Contact data, account data, customer data Contract; legitimate interests
To provide products, services, licenses, and support Contact data, account data, support data, technical data Contract; legitimate interests
To process orders, invoices, and payments Billing data, customer data, payment status Contract: legal obligation
To communicate about service matters, maintenance, updates, and security Contact data, account data, service data Contract; legitimate interests
To improve our website, products, and services Technical data, usage data, support data Legitimate interests; consent where required for analytics cookies
To send newsletters and marketing communications Contact data, marketing data Consent; legitimate interests for existing business contacts where permitted by law
To measure marketing performance Cookie data, analytics data, campaign data Consent where required
To protect our website, systems, users, and business Technical data, security data, logs Legitimate interests; legal obligation
To comply with tax, accounting, legal, and regulatory obligations Billing data, contract data, communication data Legal obligation
To establish, exercise, or defend legal claims Relevant business, contract, communication, and technical data Legitimate interests; legal obligation

Where we rely on legitimate interests, we only do so where our interests are not overridden by your rights and freedoms. Our legitimate interests include operating our business, securing our website and systems, responding to business inquiries, supporting customers, improving our services, preventing abuse, and maintaining business records.

Where we rely on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

5. Cookies and Similar Technologies

We use cookies and similar technologies on our website.

Cookies are small files placed on your device. Some cookies are necessary for the website to work. Others help us understand how the website is used, improve our services, personalize content, or measure marketing performance.

We use the following categories of cookies:

Strictly necessary cookies

These are required for the website to function, for example, security, session, authentication, and preference cookies. These cookies do not require consent.

Analytics cookies

These help us understand how visitors use our website, which pages they visit, and how we can improve it. We use these only with your consent where required by law.

Marketing cookies

These may be used to measure campaigns or show relevant content. We use these only with your consent where required by law.

Preference cookies

These remember choices such as language or region. Where required by law, we ask for your consent before using them.

When you first visit our website, we will ask you to accept or reject non-essential cookies. You can change or withdraw your cookie consent by clearing your browser’s cache.

We do not place non-essential analytics or marketing cookies before you have given consent, where such consent is required.

6. Marketing Communications

We may send you marketing communications if you have subscribed, requested information, attended an event, purchased from us, or otherwise have a business relationship with us, where permitted by law.

You can unsubscribe from marketing emails at any time by clicking the unsubscribe link in the email.

We may still send you non-marketing service communications, such as security notices, account messages, billing information, support replies, and important service updates.

7. Sharing Personal Data

We do not sell your personal data.

We may share personal data with the following categories of recipients where necessary:

  • hosting and infrastructure providers;
  • IT, security, and maintenance providers;
  • email, communication, and customer support tools;
  • CRM, sales, and marketing platforms;
  • analytics and cookie consent providers;
  • payment processors, banks, and accounting service providers;
  • legal, tax, audit, and professional advisers;
  • business partners or resellers where necessary to respond to your request or provide services;
  • public authorities, courts, regulators or law enforcement bodies where required by law;
  • potential buyers, investors or advisers in connection with a merger, acquisition, restructuring or sale of business assets.

Our service providers may process personal data only under our instructions and only where appropriate contractual and security safeguards are in place.

8. International Transfers

We aim to process personal data within the European Economic Area where possible.

Some of our service providers or partners may process personal data outside the European Economic Area. Where this happens, we use appropriate safeguards required by GDPR, such as:

  • an adequacy decision by the European Commission;
  • Standard Contractual Clauses approved by the European Commission;
  • Additional technical, contractual, or organizational safeguards are required.

You may contact us at info@kolmisoft.com for more information about international data transfer safeguards for your personal data.

9. Retention of Personal Data

We keep personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Our usual retention periods are:

Data category Retention period
Website server logs [12 months], unless needed longer for security investigation
Contact form inquiries [3 years] after the last communication
Customer account data For the duration of the customer relationship and [3 years] afterward
Contracts, invoices, and accounting records As required by applicable accounting, tax, and legal rules
Support tickets [5 years] after ticket closure, unless needed for service history or legal claims
Marketing subscription data Until you unsubscribe or withdraw consent
Cookie consent records [3 years] or as required to demonstrate consent
Legal claim records For the limitation period applicable to the claim

When personal data is no longer needed, we delete it, anonymize it, or securely archive it.

10. Security

We use appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure.

These measures may include access controls, encryption, secure connections, authentication, backups, logging, monitoring, staff confidentiality obligations, and internal security procedures.

No method of transmission or storage is completely secure. If you believe your personal data or account has been compromised, contact us immediately at info@kolmisoft.com.

11. Your Rights

Subject to conditions and limitations under applicable law, you have the right to:

  • request access to your personal data;
  • request correction of inaccurate or incomplete personal data;
  • request deletion of your personal data;
  • request restriction of processing;
  • object to processing based on legitimate interests;
  • object to direct marketing at any time;
  • request data portability where processing is based on consent or contract and carried out by automated means;
  • withdraw consent at any time where processing is based on consent;
  • lodge a complaint with a data protection supervisory authority.

To exercise your rights, contact us at info@kolmisoft.com.

We may need to verify your identity before responding to your request. We will respond within the timeframe required by applicable law.

If you are located in Lithuania or believe your rights have been infringed in Lithuania, you may contact the State Data Protection Inspectorate of the Republic of Lithuania / Valstybinė duomenų apsaugos inspekcija. You may also contact the supervisory authority in your country of residence, workplace, or place of the alleged infringement.

12. Automated Decision-Making

We do not use your personal data for automated decision-making that produces legal effects concerning you or similarly significantly affects you.

13. Children’s Privacy

Our website, products, and services are intended for business users and are not directed to children. We do not knowingly collect personal data from children. If you believe that a child has provided us with personal data, contact us, and we will take appropriate steps to delete it.

14. Third-Party Links

Our website may contain links to third-party websites, services or platforms. We are not responsible for the privacy practices of those third parties. We encourage you to read their privacy notices before providing them with personal data.

15. Customer Data Processed on Behalf of Business Customers

Some Kolmisoft products and services may be used by business customers to process personal data relating to their own users, employees, customers, callers or end users.

Where we process such data on behalf of a business customer, the business customer is normally the data controller, and Kolmisoft acts as a data processor. In that case:

  • We process the data only according to the customer’s documented instructions;
  • We use the data only to provide the agreed services;
  • We apply appropriate security measures;
  • We assist the customer with GDPR obligations where required by the applicable agreement;
  • We do not use customer-controlled personal data for our own independent purposes unless permitted by law and contract.

Business customers are responsible for ensuring that they have a lawful basis for the personal data they collect and process using Kolmisoft products or services.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be published on this page with a new “Last updated” date.

If changes are material, we may provide additional notice, for example by email, website notice or account notification where appropriate.

17. Contact Us

For privacy questions, requests, or complaints, contact us at:

Kolmisoft UAB
Company code: 301534711
Registered address: Prancuzu 12, Vilnius, 11329 Lithuania
Email: info@kolmisoft.com
Phone:  +37052058393