Virto Commerce Privacy Policy

Virto Solutions LTD, a legal entity established in Cyprus and its group companies listed below (collectively “Virto Commerce”, "we", "us", and "ours") is committed to protecting your privacy. 

Virto Commerce is a common term used in this document which represents the following companies: 

Virto Solutions LTD, legal entity code HE309608 (Spyrou Kyprianou, 38 CCS BUILDING, Limassol, Cyprus); 

Virto Solutions, legal entity code C4086736 (20945 Devonshire ST ste 102 Los Angeles CA 9131, United States); 

VirtoSolutions, UAB legal entity code 304552351 (M. Katkaus str. 1-6, LT-09217 Vilnius, Lithuania) 

Virto Commerce wants to inform you how we collect, use, and disclose your personal information (“Personal Data”). “Personal Data” is information that identifies you as an individual or relates to an identifiable individual. 

This Privacy Policy (the “Privacy Policy”) describes our practices in connection with information that we collect through https://virtocommerce.com and any other websites operated by us from which you are accessing this Privacy Policy (the “Websites”), through our social media pages (our “Social Media Pages”) as well as through email messages or other communication that we send to you that link to this Privacy Policy, or through products and services you purchase, subscribe to, or license from us, including downloadable software, applications and other on-line services provided by us or related to Virto Commerce, for example, support system (collectively, all services including the Websites and our Social Media Pages, the “Services”). By using the Services, you agree to this Privacy Policy. 

This Privacy Policy describes how Virto Commerce processes Personal Data in its capacity as a controller (i.e., Virto Commerce decides what Personal Data is collected and what it is used for) or as a processor (i.e., Virto Commerce only processes the data as per the controller's instructions), as the case may be. It also describes your choices regarding use, access, and correction of your Personal Data. 

What Personal Data do we collect and process for our own purposes as a controller?

When you use our Services, visit our websites or Social Media Pages, Virto Commerce may collect information, which may include Personal Data. 

What Personal Data do we collect and process for our own purposes as a controller? 

  • contact information, such as name, e-mail address, mailing address, phone number, company name and job title; 
  • billing information, such as credit or debit card number and billing address; 
  • feedback information, such as name and e-mail address when we provide feedback or customer support from within the Service(s); 
  • unique identifiers, such as username, account number or password, information collected on the Services through cookies and similar technologies, etc. 

We and our service providers may collect Personal Data in a variety of ways. Such information may be collected from you through the Services, e.g., when you sign up for a newsletter or register for Services or demo version, respond to a survey, fill out a form on Website, open a ticket for support or leave comments on the forums or in a blog. We may receive your Personal Data from other sources, such as public databases, joint marketing partners, social media platforms (including from people with whom you are friends or otherwise connected) and from other third parties. For the purposes of General Data Protection Regulation (GDPR), Virto Commerce shall be the controller for this information you have submitted to us. 

What do we use your Personal Data for?

We and our service providers use Personal Data for legitimate business purposes, including the following:

  1. provide you the Service(s) and fulfilling your requests (including provision of support services);
  2. send you communication from the Service(s);
  3. assess needs of your business to determine or suggest suitable Service(s);
  4. send you requested information about the Service(s);
  5. respond to customer service requests, inquires, questions and concerns (through chat functions and/or other forms (including ability to schedule a call with us through “contact us’ form and sending demo versions));
  6. administer your account and provide you with related customer service;
  7. send periodic emails with important notices or information about the Services (updates, bug fixing, etc.);
  8. personalize your experience on the Services by presenting products and offers tailored to you;
  9. send you promotional and marketing communications, that we believe may be of interest;
  10. send administrative information to you, such as changes to our terms, conditions and policies;
  11. facilitate billing and payment transactions for the use of our Service(s);
  12. data analysis, such as to improve the efficiency of our Services;
  13. enhancing, improving, or modifying our Services and to be able to use convenient solutions of the market (i.e., plugins which enables us to provide you our videos in a simple and efficient way);
  14. collecting feedback to improve our website, customer service, identify usage trends, determining the effectiveness of our promotional campaigns, etc.;
  15. developing new products and services;
  16. being efficient about how we fulfil our legal, regulatory and contractual duties, also fraud and security monitoring purposes. 

We will engage in these activities to manage our contractual relationship with you or to take and implement the pre-contractual measures of a contract (for objectives (1), (2), (3), (4), (5), (6), (7), (10), (11)), to comply with a legal obligation (for objective (16)), and/or because we have a legitimate interest (for objectives (8), (9), (12), (13), (14), (15), (16)). Our legitimate interest is the interest of ours as a business in conducting and managing Virto Commerce to enable us to provide to you the Services and offer the best experience. We will provide personalized services and/or send promotional and marketing communication either with your consent or because we have a legitimate interest (in case we are promoting our similar products and/or services to our existing clients). 

If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Data, please contact us using the contact details provided below. 

To whom do we disclose your Personal Data?

Your Personal Data may be disclosed: 

  • To our group companies for the purposes of providing Services (i.e., Software development and maintenance). 
  • To our third-party service providers who provide services such as website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure provision (such as FreshDesk, Autopilot, SalesLoft, Microsoft), online advertising services, customer service, helpdesk solutions, email delivery, auditing, and other services. 
  • By you, on message boards, chat, blogs, and other services to which you are able to post information and content (including, without limitation, the forums, and our Social Media Pages). Please note that any information you post or disclose through these services will become public and may be available to other users and the general public. 
  • Other uses and disclosures. We may also use and disclose your Personal Data as we believe to be necessary or appropriate, especially when we have a legal obligation or legitimate interest to do so: (a) to comply with applicable law (i.e., to law enforcement and supervisory authorities); (b) to enforce our terms and conditions; and (c) to protect our rights, privacy, safety or property, and/or that of our company group, you or others. In addition, we have a legitimate interest in using, disclosing, or transferring your information to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings). 

Further details can be provided upon request. 

Do we use cookies and/or collect other information?

To know more about what cookies and other similar technologies we use, please visit our Cookie policy

Processing of information about Customers’ user (Virto Commerce as Data Processor)

We handle certain information, which may include Personal Data, relating to our Customers’ own customers or end users (“Customer Information”) as a service provider on behalf of our Customers. We only process Customer Information as provided in the Terms of service, Privacy Policy and per our Customers’ instructions. For purposes of the GDPR we are the processor and not the controller of the Customer Information. 

Virto Commerce does not own, control, or direct the use of any of the Customer Information stored or processed by a Customer or end-user via the Service. Only the Customer or end-users are entitled to access, retrieve, and direct the use of such Customer Information. Virto Commerce is largely unaware of what Customer Information is actually being stored or made available by a Customer or end-user to the Service and does not directly access such Customer Information except as necessary to provide Services (including to respond to support requests, provide development works, maintenance, updates, etc.), as otherwise authorized by Customers or as required by law. Virto Commerce is not responsible for the content of the Personal Data contained in Customer Information or other information stored on its servers (or its subcontractors’ servers) at the discretion of the Customer nor is Virto Commerce responsible for the manner in which the Customer collects, handles disclosure, distributes, or otherwise processes such information. 

Our Customers are the “controllers” of Customer Information, meaning that they control the manner such information is collected and used as well as the determination of the purposes and means of the processing of such information and are responsible for compliance with the applicable data protection law. In addition, such information may be subject to our Customers’ own privacy policies. As the controller, it shall be our Customers’ responsibility to inform the end-users about the processing, and, where required, obtain necessary consent or authorization for any Personal Data that is collected as part of the Customer Information through your use of the Service(s). 

As the processors of Customer Information on behalf of our Customers, we follow Customers’ instructions with respect to the Customer Information to the extent consistent with the functionality of our Service(s). In doing so, we implemented reasonable technical and organizational measures against unauthorized processing of such information and against loss, destruction of, or damage to, Customer Information. 

You expressly authorize us and the service providers we use to process the Customer Information in our systems to (i) provide, improve, enhance, support and operate the Service(s) and its availability; (ii) develop new products and services; and (iii) compile statistical reports and record insights into usage patterns; (iv) to utilize third parties services to assist in providing the Service(s) with whom Customer Information may be shared; (v) to the processing and transfer of Customer Information in and to the United States and other countries which may have different privacy laws from your or their country of residence. You are representing that you have the authority to provide such authorization. If Data Processing Agreement is needed to be signed in addition to the Terms of Service and Privacy Policy, it can be provided upon request. 

If you seek access to, or wish to correct, update, modify or delete Personal Data which is part of the Customer Information and processed by us as data processor on behalf of our Customer, you should direct your query to our Customer, i.e., the controller. If you are a Customer of our Service(s) and wish to raise a request on behalf of your end-users in connection with Customer Data, you may open a ticket on the support portal of the relevant Service. Please note that if a Customer has subscribed to more than one Service, his request on a particular Service support portal is specific to that Service only and separate requests need to be raised across other relevant Service support portals. 

Access, choices, and your other rights

We have a legal obligation to ensure that your Personal Data is kept accurate and up to date. We kindly ask you to assist us to comply with this obligation by ensuring that you inform us of any changes that have to be made to any of your Personal Data that we are processing. 

You may, at any time, exercise the following rights with respect to our processing of your Personal Data by contacting us via contact information referred to in this Privacy Policy:  

  • Right to access: you have the right to request access to any data that can be considered your Personal Data. This includes the right to be informed on whether we process your Personal Data, what Personal Data categories are being processed by us, and the purpose of our data processing; 
  • Right to rectification: you have the right to request that we correct any of your Personal Data if you believe that it is inaccurate or incomplete; 
  • Right to object: you are entitled to object to certain processing of Personal Data, including for example, the processing of your Personal Data for direct marketing purposes or making automated decisions based or when we otherwise base the processing of your Personal Data on our legitimate interest;  
  • Right to restrict Personal Data processing: you have the right to request that we restrict the processing of your Personal Data if you wish to: (i) object the lawfulness of the processing; (ii) contest the accuracy of the Personal Data; (iii) restrict the processing, instead of erasure in case unlawful processing has taken place; or (iv) demand restriction of the processing until assessing the plausibility of our legitimate interest in the specific processing activity; 
  • Right to erasure: you may request your personal data to be erased if (i) the Personal Data is no longer necessary for the purposes for which it was collected, (ii) you withdraw your consent for processing; (iii) you contest our legitimate interest and we have no overriding legitimate interest to continue processing; (iv) you object direct marketing; (v) you consider that the processing is unlawful, (vi) you consider that the Personal Data has to be erased to enable us to comply with a legal requirement; 
  • Right to data portability: if your Personal Data is being automatically processed with your consent or on the basis of a mutual contractual relationship, you may request that we provide you that Personal Data in a structured, commonly used and machine-readable format. Moreover, you may request that the Personal Data is transmitted to another controller. Bear in mind that the latter can only be done if that is technically feasible; 
  • Right to withdraw your consent: in cases where the processing is based on your consent, you have the right to withdraw your consent to such processing at any time without any adverse effect; 
  • Right to contact the supervisory authority: if you are not satisfied with our response to your request in relation to Personal Data or believe we are processing your Personal Data not in accordance with the law, you can submit your claim with the State Data Protection Inspectorate at vdai.lrv.lt

Please note that you will need to provide sufficient information for us to handle your request regarding your rights brought out in this section of the Privacy Policy. Prior to answering your request, we may ask you to provide additional information for the purposes of authenticating you and evaluating your request.  

Other communications

If you are our Customer, we will send you emails and/or announcements with administrative information related to the Service(s) on occasions when it is necessary to do so. For instance, if our Service(s) is temporarily suspended for maintenance, we might send you an e-mail. Generally, you may not opt-out of communications which is related to our contractual obligations and are not promotional in nature. If you do not wish to receive them, you may deactivate your account and not use our Services. 

  • How long do we retain your Personal Data? 

We will retain your Personal Data for as long as needed or permitted in light of the purpose(s) for which it was obtained. The criteria used to determine our retention periods include: (i) the length of time we have an ongoing relationship with you and provide the Services to you; (ii) when we have legal obligation to which we are subject; or (iii) as advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation, or regulatory investigations). 

Personal Data which relates to the contracts concluded with you or the organization you work in / represent, is usually retained as a part of accounting information/tax obligation or for the assertion, exercise or defense of legal claims and will be retained for up to 10 years. 

  • How do we protect your information? 

We have implemented reasonable technical and organizational measures to maintain the safety of your Personal Data. The measures we use are designed to provide a level of security appropriate to the risk of processing your Personal Data. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. It is important for you to protect against unauthorized access to your password(s) and computer or device, and to log off when using any shared computer. 

  • Do we disclose any information outside EEA? 

Your Personal Data may be stored and processed in any country where we have facilities or in which we engage service providers, and by using the Services you consent to the transfer of information to countries outside of your country of residence, including the United States and EMEA countries, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Data. 

Additional information regarding the EEA: Some of the non-EEA countries are recognized by the European Commission as providing an adequate level of data protection according to EEA standards. For transfers from the EEA to countries not considered adequate by the European Commission, we have put in place adequate measures, such as standard contractual clauses adopted by the European Commission to protect your Personal Data. 

  • Sensitive Personal Data (Personal Data of special categories) 

Unless we explicitly agree otherwise in writing, you will not send us, you will not disclose, and you will not process any sensitive and/or special categories Personal Data (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background, or trade union membership) on or through the Services or otherwise to us. 

  • Signing using sign-in services 

You can log in to some of our Services using sign-in services such as GitHub and other. These services will authenticate your identity and provide you the option to share certain Personal Data with us such as your name and e-mail address. 

  • Third party links, plug-ins, services, and features 

Occasionally, at our discretion, we may include or offer third party links, plug-ins, products or services on our Websites. Please note that plug-ins of the third parties (for example, Youtube) automaticaly collect data from our website. Other than that this Privacy Policy does not address, and we are not responsible for, the privacy, information, or other practices of any third parties, including any third party operating any website or service to which the Services link. The inclusion of a link on the Services does not imply endorsement of the linked site or service by us or by our affiliates. These third-party websites and services have separate and independent privacy policies. We encourage you to be aware when you leave our Services and to read the privacy policies of each and every website that collects Personal Data. 

In addition, we are not responsible for the information collection, use, disclosure or security policies or practices of other organizations, such as Facebook, Apple, Google, Microsoft or any other developer, social media platform provider, operating system provider, wireless service provider or device manufacturer, including with respect to any Personal Data you disclose to other organizations through or in connection with our Services and/or Social Media Pages. 

  • Use of Services by children and minors 

The Services are not directed to individuals under the age of sixteen (16), and we do not knowingly collect Personal Data from individuals under sixteen (16). 

  • Changes to our Privacy Policy 

We may change this Privacy Policy at any time. The date at the top of this Privacy Policy indicates when this Privacy Policy was last revised. Any changes will become effective when we post the revised Privacy Policy on the Services. Your use of the Services following these changes means that you accept the revised Privacy Policy. 

  • How to contact us? 

Virto Commerce welcomes questions or comments you may have regarding our Privacy Policy. Should you have any questions or concerns about our privacy policy, please send us e-mail to dpo@virtoway.com. We will undertake reasonable efforts address your concern.