Privacy policy

This Privacy policy for UAB Gooliver (doing business as Sofainsider) (Company, we, us), describes how and why we process your Personal data when you use our Services, such as when you:

  • Visit the Website at https://sofainsider.com
  • Create an Account on the Website 
  • Use any of the Services provided on the Website 
  • Engage with us in other related ways, including any sales, marketing, communication, or other events

Reading this Privacy policy will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not visit the Website or use our Services.

1. Definitions

The following terms are defined in this Privacy policy:

Account shall mean a digital account created on the Website.

Data controller, or Company, or we, or us shall mean UAB Gooliver, a private limited liability company, established and operating under the laws of the Republic of Lithuania, legal entity code 305426380, address of registered office at Lvivo g. 25-702, LT-09320 Vilnius, Lithuania, doing business as Sofainsider.

Data processing shall mean any operation or set of operations which is performed on Personal data or on sets of Personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, etc.

Data subject shall mean a natural person who provides their Personal data by visiting the Website or by using the Services provided by the Data controller.

EU/ EEA shall mean European Union and European Economic Area.

Individual shall mean a Data subject who represents themselves and visits the Website or creates an Account with the intent to use the Services.

Personal data, or Data shall mean any information about a Data subject whose identity has been identified or whose identity can be directly or indirectly identified.

Privacy policy shall mean this Privacy policy, which determines the basic rules of the Data controller for collecting, processing and storing Personal data of Data subjects in relation to the Services provided by the Data controller.

Recipient shall mean a natural or legal person, a public authority or another body, to whom the Data controller is entitled to disclose Personal data (see the categories of Recipients in Sections 4 and 5).

Regulation, or the General Data Protection Regulation, or GDPR shall mean Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

Representative of a legal person shall mean a Data subject who represents a legal person and creates an Account with the intent to use the Services.

Services shall mean an interaction of a Data subject with the Data controller when the Data subject visits the Website, creates an Account on the Website, uses any of the Services provided through the Website or engages with the Data controller in other related ways, including any sales, marketing, communication, or other events.

Terms and conditions shall mean the Terms and conditions of using the Services available on the Website.

Website shall mean the website accessible at https://sofainsider.com.

2. What is our legal basis for using your Personal data?

Your Personal data is processed in compliance with the GDPR, other applicable legal acts that Data controller is subject to as well as this Privacy policy.

Following the GDPR, we can only process your Personal data when we believe it is necessary and we have a valid basis to do so. We may rely on one of the following legal basis to process your Personal data:

  1. Your consent (GDPR Article 6 (1) (a))
    When you have given us permission (i.e., consent) to use your Personal data for a specific purpose. You can withdraw your consent at any time.
  2. Fulfilment of a contract (GDPR Article 6 (1) (b))
    Certain Personal data is necessary to fulfil our contractual obligations to you, including providing our Services.
  3. Legal obligations (GDPR Article 6 (1) (c))
    Where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.
  4. Legitimate interest (GDPR Article 6 (1) (f)) 
    When we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms.

3. How do we collect your Personal data?

We collect your Personal data that you provide us when you:

  • Visit the Website
  • Register and create an Account on the Website
  • Anytime login to your Account on the Website
  • Fill in your profile information
  • Use the Services to create questionnaires, pay for the Services, or analyse results
  • Use the Services to receive survey invitations, respond to surveys, earn credits, or request to withdraw credits
  • Correspond with us via email, phone or social media

4. What Personal data do we collect and for what purposes do we use them?

The following table explains the ways in which we process your Personal data and the corresponding legal basis for processing such Data.

Purpose of Data processing

Categories of individuals

Categories of Personal Data

Legal basis

Recipients

To provide Services

Individuals

  • Identification data, including your name, surname, username, email address, password, social media login data

  • Contact data, including your email address, phone number, address

  • Data about participation in surveys, including information about a received invitation to participate (date, invitation ID, participation status, credits earned, credit balance, questionnaire completion time)

  • Response data, including a randomly created user ID, your anonymised answers

  • Profile data, including your general demographic information, information about your education, occupation, household, hobbies and interests, travel habits, shopping habits, use of technology, environmental views and habits, economy (the data indicated is not mandatory and the contract will be valid despite providing the data)

  • Credit withdrawal data, including withdrawal request date, withdrawal date, type, number of credits withdrawn, remaining credit balance

  • Payment account data (for credit withdrawals), including bank name, IBAN, receiver name, payment date, payment status, payment transfer order

  • Data about your consent to the Terms and conditions

Fulfilment of a contract

Legal obligations for taxation purposes

Accounting service providers (Credit withdrawal data, Payment account data, Order data)

Payment service providers (Order data)

Representative of a legal person (Profile data and Response data)

To provide Services

Representatives of legal persons

  • Identification data, including your name, surname, username, email address, password, social media login data

  • Contact data, including your email address, phone number, address

  • Order data, including order ID, status, date, total amount and currency, payment type and date, payment details (to execute an order payment you will be requested to submit credit card/ bank account details which we do not access or store at any stage of the payment process and are automatically submitted in encrypted form to our external payment gateway operated by a third-party supplier)

  • Data about your consent to the Terms and conditions

Fulfilment of a contract

Legal obligations for taxation purposes

Accounting service providers (Credit withdrawal data, Payment account data, Order data)

Payment service providers (Order data)

Representative of a legal person (Profile data and Response data)

To determine appropriate representation of a Representative of a legal person

Representatives of legal persons

  • Identification data, including your name, surname, username, email address, social media login data

  • Contact data, including your email address, phone number

  • Data about your consent to the Terms and conditions

Legitimate interest to determine appropriate representation

  

To send email notifications to Data subject

Individuals

Representatives of legal persons

  • Identification data, including your name, surname, username

  • Contact data, including your email address

  • Communication data, including date of notification, data contained in a notification, notification status

  • Data about your consent to the Terms and conditions

Fulfilment of a contract

  

To respond to Data subject’s inquiries

Individuals

Representatives of legal persons

  • Identification data, including your name

  • Contact data, including your email address

  • Communication data, including date of inquiry, inquiry text, other information provided

Legitimate interest to offer efficient communication channels to our clients and public

  

To perform direct marketing activities

Individuals

Representatives of legal persons

  • Identification data, including your name, surname

  • Contact data, including your email address, phone number

  • Data about your consent to receive direct marketing material and consent date

  • Advertising data, including date of marketing material sent, content of marketing material

Your consent

Communication and mailing service providers

To perform client segmentation for direct marketing purposes

Individuals

Representatives of legal persons

  • Identification data, including your name, surname

  • Contact data, including your email address, phone number

  • Data about your consent to perform client segmentation for direct marketing purposes

  • Data about usage of Services and device data, including account creation date, login information, service usage information

Your consent

Communication and mailing service providers

To better understand how our Services are used and improve them and user experience of using it

Individuals

Representatives of legal persons

  • Analytics data, including date of consent to the usage of cookies, cookie consent ID, cookies used, analytical information about your usage of our Website

  • Data about usage of Services and device data, including account creation date, login information, service usage information

  • Data about your consent to the Terms and conditions

Legitimate interest to analyse and understand how our services are used so we can improve them to engage and retain users

Analytics service providers

SaaS and other IT service providers

To establish, exercise, defend, assign, or sell legal claims, as well as to retain information for this purpose

Individuals

  • Any data collected throughout the fulfilment of a contract, including identification data, contact data, data about participation in surveys, response data, profile data, credit withdrawal data, payment account data (for credit withdrawals), communication data, advertising data, data about usage of Services and device data, analytics data

  • Data about your consent to the Terms and conditions, to receive direct marketing material, to perform client segmentation for direct marketing purposes

Legitimate interest to

establish, exercise, defend, assign, or sell legal claims as well as to retain information for this purpose

Legal service providers

To establish, exercise, defend, assign, or sell legal claims, as well as to retain information for this purpose

Representatives of legal persons

  • Any data collected throughout the fulfilment of a contract, including identification data, contact data, order data, communication data, advertising data, data about usage of Services and device data, analytics data

  • Data about your consent to the Terms and conditions, to receive direct marketing material, to perform client segmentation for direct marketing purposes

Legitimate interest to

establish, exercise, defend, assign, or sell legal claims as well as to retain information for this purpose

Legal service providers

To calculate, deduct and pay (if applicable) personal income tax on your behalf as well as provide your personal information for declaration purposes

Individuals

  • Data about Lithuanian residents, including your name, surname, personal identification number, amount of income received from Company, amount of personal income tax calculated and paid on your behalf

  • Data about non Lithuanian residents, including your name, surname, date of birth, personal identification number (not mandatory),residential address outside of Lithuania, amount of income received from Company, amount of personal income tax calculated and paid on your behalf

Legal obligations for taxation purposes

Accounting service providers

State Tax Inspectorate under the Ministry of Finance of the Republic of Lithuania

5. When and with whom do we share your Personal data?

Representative of a legal person

We collect, process and analyse the Data subject’s Personal data to provide our Services. This information will be provided to a Representative of a legal person in an anonymised and aggregated form (in charts, data tables, our insights) for further analysis when they order our Services. None of the directly identifiable Personal data (such as identification data, contact data) will be shared with the Representative of a legal person.

Suppliers

We may share your Personal data with the following suppliers who provide services to us: 

Type of supplier Why we share your Personal data

SaaS and other IT service providers

To help us provide our Services to you, including hosting of our Website, ensuring availability of our Services and Website, data hosting and processing

Payment service providers

To help us provide our Services to you, including processing of orders and payments

Analytics service providers

To help us improve our Services based on analytical information

Accounting service providers

To help us provide our Services to you, including our accounting and taxation obligations

Legal service providers

To help us protect our legal interest

Communication and mailing service providers

To help us send necessary and relevant communication to you

For legal reasons

We may also share your Personal data with financial institutions, government authorities, law enforcement authorities, tax authorities, and other third party organisations to comply with the law and Regulation, in connection with criminal investigations or legal claims, or to enforce our rights.

When you request us to share your Personal data

When you request us to share your Personal data with a third party, in case you authorise a third party to act on your behalf, we may share the requested information. You may need to provide proof that a third party has been validly authorised to act on your behalf.

6. Do we share information internationally?

A transfer of Personal data outside of the EU/ EEA can take place provided there is a legal basis and one of the following conditions: 

  • A country outside of the EU/ EEA where the Recipient is located has an adequate level of data protection as decided by the EU Commission. 
  • The controller or processor has provided appropriate safeguards, for example, the agreement that includes the EU Standard Contractual Clauses or other authorised contractual clauses, approved codes of conduct or certification mechanisms. 
  • There are derogations for specific situations applicable, for example, Data subject’s explicit consent, performance of a contract with the Data subject, conclusion or performance of a contract concluded in the interest of the Data subject, establishment, exercise or defence of legal claims, important reasons of public interest. 

7. How do we use your Personal data for marketing purposes?

When you sign up to our Services we will ask you if you want us to contact you by email with information about our Services and promotional offers. We will ask for your consent before sharing such information.

We may use your Personal data to offer more personalised marketing material about our Services, so they are more relevant to you. This means that we may analyse your usage of our Services. Our legal basis for processing your Data is your consent.

Your consent can always be withdrawn. You may do this by tapping the unsubscribe link in any promotional message we send you.

8. How do we handle your social login data?

Our Services offer you the ability to register and log in using third party social media account details, namely your Google or Facebook logins. Where you choose to do this, we will receive certain profile information about you from your social media provider. The profile information we receive may vary depending on the social media provider, but will often include your name, surname, and email address, as well as other information you choose to make public on such a platform. 

We will use the information we receive only for the purposes that are described in this Privacy policy or that are otherwise made clear to you on the relevant Services. Please note that we do not control, and are not responsible for, other uses of your Personal data by your third party social media provider. We recommend that you review their privacy policy to understand how they collect, use and share your Personal data, and how you can set your privacy preferences on their sites and apps.

9. How long do we keep your Personal data?

We retain your Personal data specified in section 4 to provide our Services to you based on our contractual obligations, your consent, to comply with applicable regulation, to protect our business and legal interests, and to fulfil internal record keeping purposes.

Purpose of Data processing Retention period
To provide Services
Throughout the duration of the contract and 10 years after the termination of the contract
To determine appropriate representation of a Representative of a legal person
Throughout the duration of the contract and 10 years after the termination of the contract
To send email notifications to Data subject
Throughout the duration of the contract and 10 years after the termination of the contract
To respond to Data subject’s inquiries
3 years after providing an answer to the inquiry
To perform direct marketing activities
5 years after obtaining Data subject’s consent, or until the Data subject withdraws their consent
To perform client segmentation for direct marketing purposes
5 years after obtaining Data subject’s consent, or until the Data subject withdraws their consent
To better understand how our Services are used and improve them and user experience of using it
Throughout the duration of the contract and 5 years after the termination of the contract
To establish, exercise, defend, assign, or sell legal claims, as well as to retain information for this purpose
Throughout the duration of the contract and 10 years after the termination of the contract
To calculate, deduct and pay (if applicable) personal income tax on your behalf as well as provide your personal information for declaration purposes
Current tax year and 5 years after the end of the current tax year

Once the retention period has expired, we will delete your Personal data according to the practices established by us based on the best data management practices and as required by the law.

10. How do we keep your Personal data safe?

The security of your Personal data is important to us and we will use reasonable organisational and technological security measures to prevent the loss, misuse or unauthorised alteration of your Personal data under our control. 

However, despite our safeguards and efforts to secure your information, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorised third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your Personal data, transmission of Personal data to and from our Website and Services is at your own risk. You should only access the Website and Services within a secure environment.

11. Do we collect information from minors?

The Services provided are solely intended to be used by people over 18 years old and we do not knowingly solicit Data from or market to children under 18 years of age. If we learn that Personal data from users less than 18 years of age have been collected, we will deactivate the Account and take reasonable measures to promptly delete such Data from our records. If you become aware of any data we may have collected from children under age of 18, please contact us at hello@sofainsider.com.

12. What are your data protection rights?

We would like to make sure you are fully aware of all of your data protection rights. You are entitled to the following:

  • Receive confirmation if your Personal data is being processed by us and, if so, then to access it. 
  • Require the Personal data to be corrected if it is inadequate, incomplete or incorrect. 
  • Require the erasure of the Personal data. 
  • Restrict the processing of Personal data. 
  • Object to processing of Personal data if processing is based on the Company’s legitimate interests. 
  • Object to processing of Personal data for direct marketing. 
  • Receive Personal data that is provided by you and is being processed based on consent or performance of an agreement in a structured, commonly used electronic format and where feasible, transmit such Data to another service provider (right to data portability).

13. How can you exercise your data protection rights?

You can exercise your data protection rights by contacting us at hello@sofainsider.com. Please include one of the topics from the list below in a subject line of your email:

  • Request to access personal data
  • Request to rectify personal data
  • Request to erase personal data
  • Request to restrict processing of personal data
  • Objection to processing of personal data
  • Request to transfer personal data
  • Request to withdraw consent

You should submit the application by email. The application should be signed with a qualified electronic signature.

When you exercise one of your rights, it may take us up to one month to respond or implement these changes.

Upon your request, your Personal data will be erased, however, the Company has an obligation to only store copies of information that is necessary to protect legitimate interests of third parties, to comply with obligations of state institutions, to settle disputes, or to recognize interruptions.If you’re unhappy with how we’ve handled your request you can file a complaint with the local data protection authority. In Lithuania, this is the State Data Protection Inspectorate.

14. Do we use cookies and other tracing technologies?

We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. To learn more about how we use these and your choices in relation to these tracking technologies, please refer to our Cookie policy

15. Contact us

If you have any questions about our Privacy policy, the Data we hold on you, or you have a basis to believe that your data privacy rights have been violated, you can contact us at hello@sofainsider.com.

16. Language of Privacy policy

The Privacy policy is drafted in Lithuanian and translated into English. In the event of disputes or claims of linguistic nature or concerning interpretation, the version of Privacy policy in Lithuanian shall prevail.

17. Updates to Privacy policy

The Privacy policy is a living document and we may update it from time to time. The updated version of the Privacy policy will be effective as soon as it is accessible. You may be informed of any critical policy changes. 

The date at the bottom of this Privacy policy indicates when it was last updated. 

LAST UPDATED ON 26 OCTOBER 2022