Order

Legal

Privacy Policy and GDPR Notice

This Privacy Policy describes how UAB TOMIKANA ("we", "our", or "us") collects, uses, and protects your personal data when you use the OCR Trace website and services. This policy is prepared in line with the European Union General Data Protection Regulation (EU GDPR) and applicable Lithuanian data protection requirements.

1. Data Controller Identity

The entity responsible for processing your personal data is:

  • Company: UAB TOMIKANA
  • Registration code: 304221910
  • VAT: LT100010124415
  • Address: Rinktines g. 55, LT-09207 Vilnius, Lithuania
  • Mobile phone: +370 699 64300

2. The Data We Collect

We may collect, use, store, and transfer different kinds of personal data to provide our OCR, software publishing, and IT consultancy services. This includes:

  • Identity Data: First name and last name.
  • Contact Data: Business email address, telephone number, and company/billing address details.
  • Transaction Data: Details about payments and subscriptions you have purchased from us.
  • Usage & Technical Data: Service usage details, IP addresses, or notes you submit regarding archive requirements.

3. How We Use Your Data and Legal Basis

We will only use your personal data when the law allows us to. We rely on the following legal bases:

  • Contract Performance (Art. 6(1)(b) GDPR): To process your orders, manage your subscription, and deliver the promised services.
  • Legitimate Interests (Art. 6(1)(f) GDPR): To keep our records updated, study how customers use our products/services, and ensure network security.
  • Legal Obligation (Art. 6(1)(c) GDPR): To comply with legal or regulatory requirements, such as tax, invoicing, and accounting compliance in Lithuania and the EU.
  • Consent (Art. 6(1)(a) GDPR): Where you have explicitly opted in for specific communications or marketing.

4. International Data Transfers

Your data is primarily stored and processed within the European Economic Area (EEA). Where we use trusted third-party service providers outside the EEA, we apply appropriate safeguards, including Standard Contractual Clauses and equivalent legal transfer mechanisms, to maintain GDPR-level protection.

5. Data Security

We have instituted appropriate technical and organizational security measures to prevent your personal data from being accidentally lost, used, accessed in an unauthorized way, altered, or disclosed.

6. Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected, including compliance with legal, tax, accounting, and reporting obligations under applicable Lithuanian and EU law.

7. Your Legal Rights

Under the EU GDPR, you have the right to:

  • Request access to your personal data.
  • Request correction of the personal data that we hold about you.
  • Request erasure of your personal data (the "Right to be forgotten").
  • Object to processing of your personal data where we are relying on a legitimate interest.
  • Request restriction of processing of your personal data.
  • Request the transfer of your personal data to you or a third party.
  • Withdraw consent at any time where we are relying on consent to process your data.

8. Contact and Complaints

If you wish to exercise any of the rights set out above, or if you have any questions about this privacy policy, please contact us at info@ocrtrace.com.

You also have the right to make a complaint at any time to the State Data Protection Inspectorate of Lithuania (Valstybine duomenu apsaugos inspekcija) or your relevant local EU data protection authority.