Last updated: 06.11.2020
This website is managed by NILTASOFT LIMITED, Address: Kosta Charaki 11, 3rd floor, Flat/Office N302, 3041, Limassol, Cyprus. Registration number: HE190472; VAT-ID: CY-10190472H. Below we provide information about the legal aspects of personal data processing on our websites.
We use the following terms in this policy.
- Softline or “We” means NILTASOFT LIMITED.
- Website means the current website, which includes the Digital Store, through which software licenses are acquired or will be acquired.
- Sites refer to any of the websites used by Softline.
- Software means the software for which you have chosen to purchase licenses.
- User means an individual placing an order or placed an order or using the Software license on the basis of a contract concluded with Softline. It must noticed that User may also be subject to the conditions of this policy related to Visitors.
- Visitor means a person visiting the Websites to review information, provide feedback to Softline, or otherwise use a service not related to the conclusion or execution of a Contract.
- Partner means one of the intellectual property owners for the software. We sell the access keys of our Partners, allowing Users to use the Software.
Unless otherwise provided in this document or the context otherwise requires, the definitions of words shall be in accordance with the GDPR.
GDPR for Users
In essence, We are an aggregator that cooperates with various Partners in order to provide the User with the access rights for the chosen Software.
In relation to the personal data of the User (in the context of GDPR) We act as a joint data controller. Accordingly, the Partner also acts as a joint controller. The specific relationship between us and our partners with respect to the User may be provided in the Contract concluded between Softline and the Partner.
This policy may be supplemented with specific terms and conditions if with between any Partner and us is concluded a contract with non-standard terms. In such supplement we will point out specific cases of personal data processing with this Partner and clarify the conditions of personal data processing in a particular case. We will clearly indicate on the product purchase page if the supplement to this policy based on the specific relationship between Us and the Partner is applied to our relationship with the User.
As required by the GDPR, we have entered into a written agreement with our Processors regarding the processing of personal data, which strictly includes the mandatory conditions for the processing of this data, and we can guarantee that each of these Processors will correspond to the GDPR. Also, such agreements contain conditions on the periodic control of processors and the possibility of applying to them contractual sanctions.
The basis for the processing by us of the Users’ personal data is a contract concluded between Us and User, and also legitimate interests. In some cases, we can directly request consent to the processing of personal data for purposes not listed in a contract, but closely related to it.
What Users’ personal data We process
If the User uses the Website without associating such use with the contract, We process the personal data of such User as a Visitor’s personal data. We have allocated in a separate category information on the processing of Visitors’ personal data. Detailed information on the processing of personal data in the “Visitor” category can be found in the “GDPR for Visitors” tab.
As a Controller, we process the following information about you:
In order to identify an individual or an authorized representative of a legal entity:
Email address, last name, first name, phone number, place of work
For the purpose of the further execution of the contract:
Clickstream, user ID in the Softline system, information about payment methods, reports on mailings, payment transaction identifiers, payment methods and times, IP addresses from which transactions were made.
To whom (to Softline or Partner) should you contact to remove / refine / get access to personal data?
You should contact Softline.
Third parties involved in the processing of personal data
We use Analytics:
- to provide statistics on the messaging effectiveness. The basis for data processing is the Contract (para 1 (b) Art 6 GDPR).
- to track the User’s behavior on the website in order to improve the quality of the services provided. The basis for data processing is the Contract (para 1 (f) Art 6 GDPR).
- to track advertising campaigns. The basis for data processing is the legitimate interest (para 1 (f) Art 6 GDPR).
We may use the following services to collect Analytics in order to improve the messaging efficiency and improve the quality of the services provided:
We may use the following services to collect Analytics to track advertising campaigns:Doubleclick
Google adwords conversion
Google Dynamic Remarketing
We may use Facebook Connect to simplify identification in our services.
For telephony we use the services of A"IP Telecom Bulgaria" LTD (http://iptelecom.bg/).
For payment processing purposes We use the services of Assist, Credorax, Trustly, PayPal, Ecommpay. The basis for data processing is the Contract (para 1 (a) Art 6 GDPR).
For the purpose of storing users' data, backups and logs We use the services of United Network LLC and SoftLine Trade JSC. The basis for data processing is the Contract in accordance with para 1 (a) Art 6 GDPR.
FAQ for Users
Further information on compliance with the principles of confidentiality We provide in the answers to questions.
How do you use user data?
We use information in compliance with the principles of confidentiality based on the processing grounds mentioned in Art 6 GDPR. No data collected is subject to sale and is not published by us in any way.
How can you confirm compliance with the GDPR?
First of all, by means of legal, fair and transparent processing of personal data, and you can find these and other principles of personal data processing in this policy, in the terms of a contract, and in the service control options provided to you.
Is it possible to completely delete the data?
User data will be deleted within 30 days after the expiration or termination of the Contract.
When performing the deletion we will anonymize the personal data of the Users and their Contacts, taking into account Opinion 05/2014 on Anonymisation Techniques WP29.
How you implement technical and organizational measures designed to protect data subjects and reduce risk?
Following the selection of the necessary measures, we entered into contracts with hosting providers who are able to implement the required protection measures, and also developed local documentation and organized business processes in accordance with the requirements of the GDPR.
Can you stop using the services of some processors?
Our service is configured for specific processors. Using different processors depending on the preferences of the User is technically impossible or economically incompatible with the cost of implementing such functionality. Given the dependence on processors, We carefully considered their choice and made sure that our relationship with them complies with the requirements of the GDPR, as indicated by para 4 Art 28.
GDPR for Visitors
We have allocated the Personal Information of Visitors into a separate category of personal data processed. However, Users may also be included in this category along with any visitors to the Softline Sites.
Who is collecting the data?
Softline is the Data Controller for the Visitor as defined by Art 4 (7) GDPR and collects data.
What data is being collected?
Softline may collect, record and analyze information about visitors to its website.
In addition, Softline may collect and process any personal data that the Visitor voluntarily provides through the forms of our website or by direct contact via email or telephone, for example, to communicate with us.
How will the information be used?
All Softline visitors data is kept strictly confidential. We do not sell, transfer such data to any other companies for any purpose other than to provide data to certain service providers who can help us deliver or improve our service, including sales and marketing. In this case, any processing will be carried out in accordance with the requirements of the GDPR.
What is the legal basis for processing the data?
We process personal data of Visitors on the basis of the Contract, the consent of the Visitors with respect to each category of personal data and on the basis of legitimate interest in connection with the need to make improvements to our website (para 1 (a, b, f) Art 6).
Under the Contract, we process the personal data that is required directly for the provision of services.
The data We collect on the basis of legitimate interest is related to your use of the Site These data include: the number of page views, interest in fragments of information on the site, other statistical information, server logs.
If you contact us on behalf of your employer and send us a message via e-mail or by phone, the exact list of personal data transmitted will be determined by you personally. This could be: email address, phone number, job title, areas of interest and specific information about the company you work for (company name and address), as well as information about the type of relationship that exists between the company you represent and you.
Will the data be shared with any third parties?
We use the analytics services listed in this Policy.
How long is the data stored?
We store the data associated with the correspondence and the Site logs for no more than 30 days after the expiration of the grounds for data processing.
We store information about web page views and other use of the site for no more than 30 days, then we anonymize the data.
How to file a complaint?
If you consider that your legal interests as a subject of personal data are violated, you can contact us at firstname.lastname@example.org