Privacy policy

UAB Lobasoft (hereinafter referred to as Lobasoft) values privacy and personal data protection and adheres to the principles of data processing outlined in this privacy policy. Lobasoft understands the importance of ensuring the integrity and confidentiality of personal data and guarantees that personal data is processed lawfully. This privacy policy explains how Lobasoft collects and uses personal data, including through the company’s website www.lobasoft.lt. The paragraphs below outline Lobasoft’s privacy policy.

 

1. Terms and Definitions

1.1. Personal Data – any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

 

1.2. Processing of Personal Data – any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

 

1.3. Data Controller –  a natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

 

1.4. Data Processor – a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

 

1.5. Third Party – a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, or persons who, under the direct authority of the controller or processor, are authorized to process personal data.

 

1.6. Personal Data Breach – a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

 

1.7. Data Subject – a person whose data is being processed (e.g., a client who is a natural person, a user of the website, or employees and customers of a corporate client).

 

1.8. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

 

2. Principles

Lobasoft and its data processors process personal data in accordance with the following principles:

 

2.1. Lawfulness, Fairness, and Transparency – data subjects’ data is processed lawfully, fairly, and transparently;

 

2.2. Purpose Limitation – personal data is collected for specified, explicit, and legitimate purposes and is not further processed in a manner incompatible with those purposes;

 

2.3. Data Minimization – personal data is adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed;

 

2.4. Accuracy – personal data is accurate and, where necessary, kept up to date;

 

2.5. Storage Limitation – personal data is kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed, considering applicable laws;

 

2.6. Integrity and Confidentiality – personal data is processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.

 

3. Security of Data Processing

3.1. Lobasoft takes necessary and risk-appropriate organizational, physical, and technological measures to protect personal data. These measures include rules and procedures for employees managing data and IT infrastructure, internal and external networks, and safeguarding all equipment and Lobasoft premises.

 

3.2. Lobasoft adequately trains and provides necessary information to employees who handle personal data.

 

3.3. Lobasoft may engage data subprocessors to process personal data.

 

4. Lawful Basis for Processing

4.1. Lobasoft processes personal data for the purposes of entering into or performing a contract (including agreements with clients acting as data controllers), fulfilling legal obligations, pursuing legitimate interests, or based on the consent of the data subject.

 

4.2. Personal data is processed to ensure contract execution where the contract cannot be performed without processing such data.

 

4.3. Legal obligations include all data processing required by relevant laws and regulations.

 

4.4. Where processing is based on consent, Lobasoft processes only the data for which the data subject has given consent. Consent is freely given, specific, informed, and unambiguous. The data subject may withdraw consent at any time in the same easy manner as it was given.

 

5. Data Controller or Processor and Data Collection

5.1. In various data processing operations, Lobasoft may act as a data controller or processor. To ensure data subjects' privacy rights, Lobasoft adheres to confidentiality principles and strictly limits the disclosure of personal data.

 

5.2. Only authorized Lobasoft personnel have the right to modify and manage personal data.

 

5.3. Lobasoft processes personal data received directly from data subjects or indirectly (via business clients).

 

6. Types of Personal Data

Lobasoft processes personal data of clients' employees, representatives, and related parties necessary for the purposes outlined in Section 7. Personal data includes:

 

6.1. Identity data: full name, personal identification number (or equivalent), date of birth, data in ID documents, and signatures.

 

6.2. Contact data: email address, phone number, and mailing address (residence).

 

6.3. Other personal data obtained directly or indirectly for the purposes listed in Section 7.

 

6.4. Internet data: session data, cookies, log data, and IP addresses.

 

 

7. Purposes of Personal Data Processing

The purposes of personal data processing specified in point 6 of this privacy policy are:

 

7.1. to conclude and execute service provision agreements;

 

7.2. to provide consultation on system usage;

 

7.3. to process data for system implementation purposes;

 

7.4. to conduct customer satisfaction surveys (for marketing purposes);

 

7.5. to fulfill commitments under agreements with partners;

 

7.6. to comply with all legal obligations and related activities;

 

8. Personal Data Retention

8.1. Lobasoft retains personal data only as long as necessary to achieve the purpose for which the personal data is processed, except in cases where applicable laws stipulate otherwise.

 

9. Third Parties and Data Processors

9.1. Personal data may be transferred in accordance with the conditions laid out in Chapter V of the GDPR and other laws regulating personal data protection, i.e., ensuring an adequate level of protection for the transferred personal data.

 

9.2. Regardless of access restrictions, Lobasoft provides personal data to organizations or individuals who are entitled to request such data under the law (e.g., police, courts, supervisory authorities, etc.).

 

10. Data Subject Rights and Information to the Subject

10.1. According to this Lobasoft privacy policy, data recipients/categories of recipients are: IT, service providers, state institutions, partners.

 

10.2. The source of the data subject’s personal data: legal entity (e.g., employer, partner, client), publicly accessible information sources (e.g., websites, public databases of institutions).

 

10.3. The data subject has the right to submit a request for:

 

10.3.1. Information and access to their processed personal data;

 

10.3.2. Correction of their personal data;

 

10.3.3. Deletion of their personal data;

 

10.3.4. Restriction of processing their personal data;

 

10.3.5. Provision of their personal data in a structured, computer-readable format.

 

10.4. Requests submitted by the data subject must include: information enabling Lobasoft to identify you as the data subject; requested actions; personal data in relation to which these actions are requested.

 

10.5. Lobasoft will review the data subject’s request within 20 business days of receiving it and inform them about the actions taken in response to the request.

 

10.6. You (the data subject) will be informed in the same manner as the request was submitted.

 

11. Personal Data Breach

11.1. All data controllers must notify the State Data Protection Inspectorate of data breaches in cases where there is a high risk to personal data security.

 

11.2. According to Lobasoft’s privacy policy, personal data breaches must be reported to the State Data Protection Inspectorate of the Republic of Lithuania within 72 hours.

 

The notification must include:

  • The nature of the data breach, categories of data subjects, approximate number, categories, and approximate number of personal data records;
  • The name and contact details of the data protection officer or other contact person who can provide more information;
  • The likely consequences of the personal data breach;
  • The measures taken or proposed by the data controller to address the personal data breach;
  • Other information not specified in this Lobasoft privacy policy but required under applicable law.

 

12. Cookies

12.1. Cookies are used on the UAB Lobasoft website www.lobasoft.lt to improve user experience and facilitate website usage.

 

12.2. A cookie is a small text file that a web browser automatically saves on a user’s device.

 

12.3. Lobasoft uses cookies to collect anonymized and aggregated statistical data about the number of website visitors and website usage to make the site more user-friendly.

 

12.4. Cookies can be refused or blocked on the device, but this may affect website functionality and access to services. To refuse or block cookies, you must change your browser settings.

 

13. Changes to the Privacy Policy

13.1. Lobasoft values personal privacy; therefore, this privacy policy is regularly updated. The latest version of this privacy policy is always published on the Lobasoft website.

 

14. Other Provisions

14.1. Liability for violations of personal data processing is established by law. Each party is responsible for damages caused by its unlawful actions.

 

14.2. All disputes between parties shall be resolved through negotiations. If negotiations fail, disputes will be resolved in the courts of the Republic of Lithuania as provided by Lithuanian law.

 

14.3. When Lobasoft acts as a personal data controller, it follows this privacy policy, internal documentation, and applicable laws. When Lobasoft acts as a data processor (e.g., providing accounting or consulting services at the client’s request), it follows the written instructions of the personal data controller (client) that comply with applicable laws and internal procedures.

 

15. Contact Information

15.1. If you have any questions or suggestions regarding personal data processing, please contact the data controller using the following contact details:

 

UAB Lobasoft, J. Jasinskio g. 4-17, Vilnius LT-01112, [email protected]

Lobasoft © 2026