Privacy policy

This Privacy Policy is issued by PVcase, UAB, a private limited liability company incorporated under the laws of the Republic of Lithuania, with its legal entity code 304839853 and registered office at Bokšto str. 6, Vilnius, Lithuania (“PVcase”, “we”, or “us”). For the purposes of the General Data Protection Regulation (EU) 2016/679 (“GDPR”), PVcase acts as the data controller when processing your personal data in connection with the services and activities described in this policy.

PVcase is established and operates within the European Union. Therefore, our personal data processing activities are carried out in accordance with applicable EU and Lithuanian data protection laws. If you are located outside the EU/EEA, please note that local data privacy regulations may differ from those in the EU, and we do not guarantee compliance with non-EU laws unless explicitly stated.

For more information related to this Privacy Policy, please contact us by email: legal@pvcase.com

1. How we use your personal data?

This Privacy Policy outlines how PVcase processes personal data in connection with various activities, services, and interactions. To provide a clear overview, we have structured the key data processing activities by purpose, type of personal data involved, applicable legal basis under the GDPR, and respective data retention periods. The processing activities described apply to different categories of data subjects, including job applicants, clients, business partners, platform users, researchers, landowners, and whistleblowers. Each activity is conducted in accordance with the principles of lawfulness, fairness, transparency, data minimization, and purpose limitation. 

WE DO NOT COLLECT OR PROCESS ANY SPECIAL CATEGORIES OF PERSONAL DATA (SUCH AS DATA CONCERNING HEALTH, POLITICAL OPINIONS, RELIGIOUS BELIEFS, OR BIOMETRIC DATA) AT ANY STAGE OF OUR DATA PROCESSING. WE KINDLY ASK THAT YOU DO NOT PROVIDE SUCH DATA IN THE CONTEXT OF RECRUITMENT, CONTRACTUAL RELATIONSHIPS, OR ANY OTHER INTERACTION WITH PVCASE.

2. What are the legal bases for processing your personal data?

We process your personal data as described in this Privacy Policy based on the following legal grounds:

  • the performance, conclusion, amendment, or administration of a service contract (Article 6(1)(b) of the GDPR);

  • compliance with our legal obligations and regulatory requirements (Article 6(1)(c) of the GDPR);

  • the pursuit of our or third parties’ legitimate interests (Article 6(1)(f) of the GDPR);

  • your consent (Article 6(1)(a).

In certain cases, the same personal data may be processed under more than one of the above legal bases.

3. How long do we retain your personal data?

We process and retain your personal data only for as long as necessary to achieve the purposes for which it is processed, or as required by applicable law. 

Once the specified data processing or retention period expires, we will delete or securely and irreversibly anonymize your personal data as soon as reasonably possible within a justifiable time frame.

A longer retention and/or processing period than stated in this Privacy Policy may apply only in the following cases:

  • the data is necessary for proper debt or damage management (e.g., if you fail to meet your financial and/or property obligations or cause harm to us or others);

  • to resolve a dispute or complaint in order to protect our or third parties’ legitimate interests;

  • to enable us to defend against existing or potential claims, demands, or legal actions and to enforce its rights;

  • there are reasonable suspicions of violations or unlawful activity that are or may be subject to investigation;

  • to ensure the restriction of access to the services in cases where the agreement between us has been terminated due to serious violations;

  • the data is needed to ensure the security, integrity, and resilience of information systems (e.g., upon detection of suspicious activity in the Account, Mobile App, Website, etc.);

  • other legal grounds for retention exist under applicable law.

4. For what purposes and what personal data do we collect?

We collect and process only the personal data that is sufficient and necessary to achieve the defined purposes. 

The more detailed information is provided below.

4.1. Use of PVcase Demo and Related Data Processing

When an individual requests access to a PVcase demo, we collect certain business-related personal data in order to provide access to our platform and assess the potential client’s interest. This includes the individual’s first and last name, work email, phone number, company name, job title, the estimated number of projects to be designed in the next 6 months, project scale classification, company profile and industry, business type, and country. 

If a demo call is scheduled and conducted, we may record the call for quality assurance and internal training purposes. These recordings may include the participant's voice, name, job title, company name, expressed opinions, and other personal information voluntarily shared during the conversation. Recording is based on consent (Art. 6(1)(a) GDPR).

When the demo involves a team within the potential client’s organization, the person assigned as the Admin user is provided with login credentials. For the purposes of follow-up and account setup, we process the Admin user’s name, surname, email address, and job title (if applicable), under the legal basis of contract performance (Art. 6(1)(b) GDPR). 

In order to enable access for other team members via the Admin account, we process the full names and email addresses of users to whom licenses are assigned. This is done based on our legitimate interest (Art. 6(1)(f) GDPR) in ensuring operational functionality and team access to the system. 

Additionally, we track Admin user login activity, which includes login timestamps, user IDs, email addresses, IP addresses, browser types, device types, and session IDs. The core login data (timestamp, user ID, email) is processed under contract performance (Art. 6(1)(b) GDPR), while technical metadata (IP, browser, device) is processed under legitimate interest (Art. 6(1)(f) GDPR) to ensure system diagnostics and security. 

If the relationship leads to a contractual agreement, we process data necessary for concluding and fulfilling the contract: name, surname, email address, phone number, job title, signature, and business address. This data is processed under the legal basis of contract performance (Art. 6(1)(b) GDPR).

4.2. Customer Support and Business Communication

PVcase processes personal data in connection with various forms of communication used to respond to inquiries, maintain professional relationships, and provide service-related or promotional information. These communications may occur through multiple channels, including:

  • virtual assistant/chatbot tools embedded on our website;

  • email correspondence initiated by the user or PVcase staff;

  • phone calls (inbound or outbound, including call notes if relevant);

  • online meeting tools (e.g., Zoom, Microsoft Teams, Google Meet);

  • contact forms submitted through our website;

  • in-person meetings or business events;

  • social media messages or interactions.

In the course of such interactions, PVcase may process personal data including: your full name, email address, phone number, job title, company name, business address, communication content, IP address, browser and device metadata, meeting history, support tickets, and internal CRM notes such as preferences, interests, decision-maker status, or prior inquiries.

The purpose of this processing is to ensure effective customer service, technical support, relationship management, follow-up communication, and to provide updates on products and services. This is based on PVcase’s legitimate interest in responding to requests and maintaining business operations, in accordance with Article 6(1)(f) of the GDPR.

Communication records are never used for purposes incompatible with the original context of contact, and individuals always have the right to object to further communication by contacting us.

4.3. Direct marketing messages

Direct marketing to existing clients. PVcase may process your personal data for the purpose of sending direct marketing communications regarding products or services that are similar to those you have previously purchased or contracted for. This processing is based on our legitimate interest in maintaining and developing business relationships, in accordance with Article 6(1)(f) of the General Data Protection Regulation (GDPR) and applicable e-privacy laws. The personal data processed for this purpose includes your name, email address, company name, job title, marketing preferences, and information on previous purchases or service-related interactions.

You have the right to object to the use of your personal data for direct marketing purposes at any time and free of charge. If you do not wish to receive such communications, you may object by contacting us at legal@pvcase.com. To ensure your preference is respected before any marketing communication is sent, we kindly ask you to express your objection within 10 calendar days from the conclusion of the contract. After this period, we may begin sending you relevant marketing messages, always including a clear unsubscribe option in each message.

Direct marketing to potential clients. PVcase may process personal data of potential clients for direct marketing purposes in accordance with the GDPR and applicable e-privacy regulations. Where required, such processing will be based on your consent. The personal data used for this purpose includes your name, email address, company name, job title, area of interest, consent status, and communication history. This data may be collected directly from you—for example, when you register for a webinar, download marketing materials, or submit a contact form—or, where legally permitted, obtained from publicly available professional sources. You can withdraw your consent at any time by using the unsubscribe link provided in our messages or by contacting us at email: legal@pvcase.com

4.4. Newsletter engagement tracking

PVcase processes personal data to analyze recipient engagement with its email newsletters. When you subscribe to our newsletter, emails may contain so-called tracking pixels — small embedded graphics that allow us to determine whether and when you opened the message, and which links you clicked within the email. This information enables us to perform statistical analysis on the performance of our email campaigns, assess user interest, and improve the relevance of future communications.

The legal basis for this processing is your consent under Article 6(1)(a) of the GDPR, which is obtained during the newsletter subscription process via the double opt-in mechanism. Tracking data collected through pixels is processed exclusively by PVcase and is not shared with third parties. You may withdraw your consent at any time by unsubscribing from the newsletter. In such cases, tracking-related data will be deleted.

4.5. Processing of landowner data for solar project planning and site evaluation

PVcase itself does not process personal data of private land or property owners for project planning or evaluation purposes. Instead, we provide our clients with technical functionality that enables them to access and manage such data directly.

Through our tool, clients may use credits and access links to download land ownership and cadastral information from official registries. This data is made available to clients directly from the registry, and PVcase has no access to, visibility of, or control over the downloaded information. Any landowner data that clients choose to place in our tool remains under their sole control and responsibility, and PVcase does not use such data for its own purposes.

The retention and processing of landowner data within the tool is determined by our clients, in their capacity as data controllers, in accordance with their own policies and applicable data protection law. PVcase acts solely as a service provider hosting the tool and does not independently collect, store, or further process landowner personal data.

If you are a landowner and wish to understand how your personal data is used in this context, please contact the relevant PVcase client who downloaded and manages your data. For questions about the PVcase tool itself, you may contact us at legal@pvcase.com.

4.6. Candidates Data Processing

PVcase processes candidate personal data as part of its recruitment process to ensure fair, transparent, and informed hiring decisions. When you submit a job application, we collect the personal information you provide, including your name, email address, phone number, CV or résumé, cover letter, LinkedIn profile (if provided), responses to application questions, and any other information or documents you choose to include. This data is processed based on your consent, in accordance with Article 6(1)(a) of the GDPR, and is used for the purpose of assessing your qualifications and determining your suitability for the position. 

If you are invited to an interview, we may conduct and record video interviews through secure online communication tools. The recordings may include your image, voice, verbal responses, and any personal data disclosed during the interview. At the start of the session, we will ask for and record your verbal consent to be recorded. This processing is based on your explicit consent under Article 6(1)(a) of the GDPR. The purpose of the recording is to support fair and consistent evaluations by allowing hiring managers and other relevant team members to revisit the interview. Withdrawing consent does not affect the lawfulness of the processing prior to the withdrawal.

At a later stage of the recruitment process, PVcase may collect references about you from individuals representing your current or former employers. These references may include information about your job title, employment period, job responsibilities, performance, reasons for leaving (if applicable), and professional conduct. References from your current employer are obtained only with your explicit consent, as required under Article 6(1)(a) of the GDPR. In the case of references from former employers, the legal basis is PVcase’s legitimate interest in making informed and responsible hiring decisions, under Article 6(1)(f) of the GDPR.

We also process the personal data of the referees themselves - typically supervisors or HR representatives - which may include their name, position, professional contact details, and the content of their reference. This processing is necessary to evaluate the suitability of the candidate and is based on PVcase’s legitimate interest in ensuring a fair and robust recruitment process. All data collected through reference checks is used solely for recruitment purposes and retained for no more than four months after the recruitment process ends, unless retention is required for legal claims.

Additionally, we may enrich your application with publicly available information from your LinkedIn profile. Our recruitment platform, Recruitee, enables us to associate the data you provide - such as your name or resume details - with publicly accessible LinkedIn content, such as your employment history or education. We do not access any private or restricted information, nor do we scrape LinkedIn data. This enrichment is performed within the Recruitee platform and not externally. The legal basis for this processing is PVcase’s legitimate interest, under Article 6(1)(f) of the GDPR, in improving the efficiency and accuracy of the hiring process. You may object to this processing at any time by contacting us at legal@pvcase.com.

All personal data processed in the context of recruitment is used solely for the purpose of evaluating applicants, ensuring lawful and fair recruitment practices, and defending against any related legal claims. 

If you have any questions or would like to exercise your rights under the GDPR - including the rights to access, rectify, erase, restrict processing, object to processing, or lodge a complaint - you may contact us at legal@pvcase.com.

4.7. Handling of whistleblower reports

PVcase processes personal data submitted through its internal whistleblowing channel for the purpose of receiving, investigating, and responding to reports of actual or potential violations of law, misconduct, or breaches of professional ethics, in accordance with the Law of the Republic of Lithuania on the Protection of Whistleblowers. The legal basis for this processing is our legal obligation (Article 6(1)(c) GDPR), as well as, where applicable, our legitimate interest (Article 6(1)(f)) in ensuring accountability and compliance within the organization.

The personal data processed may include your name, surname, date of birth or personal identification number, contact details, workplace, and any information or documents related to the reported violation. In some cases, it may also involve data about individuals alleged to be involved in the misconduct.

The data is received directly from the whistleblower or via the dedicated reporting channels (e.g., internal form or email). All information provided is handled confidentially and will be accessed only by authorized personnel or external parties (e.g., legal advisors or investigators) where necessary to assess or act upon the report. PVcase may also be required to report certain cases to public authorities, in accordance with legal obligations.

4.8. Processing of Personal Data for Educational and Research Access

PVcase offers academic access to its software for educational and research purposes. To evaluate eligibility, issue licenses, and support usage under academic initiatives, we process personal data provided by researchers and students. This includes your first and last name, job title, institutional and private email addresses, phone number, LinkedIn profile URL, university or institution name, department or faculty, university website URL, country, type of educational license requested, your proficiency in AutoCAD, other solar software currently used (e.g., PVcomplete, PVsol, Helioscope, PVsyst), software cost information (if applicable), your interest in other PVcase products (such as Roof Mount, Prospect, or Yield), and any additional questions or comments you voluntarily submit.

This processing is based on your explicit consent in accordance with Article 6(1)(a) of the General Data Protection Regulation (GDPR). You may withdraw your consent at any time by contacting us at legal@pvcase.com, without affecting the lawfulness of processing carried out prior to withdrawal.

4.9. Processing of Personal Data for University Partnerships

PVcase collaborates with academic institutions to promote education, research, and innovation through various partnership models. In this context, we may process personal data of university representatives, faculty members, and students for the following purposes:

  • Exploring Academic Partnerships. We may process your name, email address, job title, university name, department, country, and content of communications for the purpose of initiating and evaluating potential collaborations with academic institutions. The legal basis for this processing is our legitimate interest (Article 6(1)(f) GDPR) in developing strategic academic relationships. 

  • Managing Academic Partnership Agreements. Where a formal academic agreement is concluded, we process data necessary to manage and administer the partnership, including your name, email, phone number, job title, university information, signed documentation, and records of communication. This processing is necessary for the performance of a contract (Article 6(1)(b) GDPR.

  • Educational License Coordination. PVcase may provide educational access to its software under academic licenses for students and faculty. In doing so, we process data such as your institutional and private email addresses, job title, university affiliation, student or faculty role, details of the license granted, usage information, and any additional information you submit (e.g., questions or comments). The legal basis for this processing is our legitimate interest (Article 6(1)(f) GDPR) in managing access and ensuring proper use of our educational services. 

4.10. Use of Social Media Platforms

PVcase maintains official company pages on social media platforms such as LinkedIn, Facebook, Instagram, YouTube, and others to communicate with users, share updates, respond to public and private messages, and promote its brand. When you interact with PVcase via these platforms - by commenting, liking, sharing, or sending direct messages -we may process certain personal data that is visible through your public profile or provided voluntarily.

This may include your name, profile link, comment or message content, reactions (likes, shares), and any information you submit through participation in interactive content such as polls, Q&As, or giveaways. We process this data based on our legitimate interest (Article 6(1)(f) of the GDPR) in managing public engagement, responding to inquiries, and maintaining our online presence. 

In the context of contests or giveaways organized on our social media channels, we may process additional information, such as your contact details and submission content, for the purpose of managing participation and awarding prizes. This processing is based on contract performance (Article 6(1)(b) GDPR).

Please note that interactions on social media platforms are also subject to the privacy policies of the respective platform providers. We recommend reviewing their terms and settings to understand how your personal data is handled independently of PVcase.

5. How do we process business account data?

If the services are provided to a business entity (a company, institution, or organization) (hereinafter referred to as the Business Client), we process the Business Client’s corporate details, the personal data of designated contact persons, as well as personal data of employees added to the Business Client’s Account. This personal data may be provided either directly by the Business Client or by the individuals themselves.

Business Client data is processed in the same manner and for the same purposes as any other account user using the services, and therefore, all data processing purposes, data categories, and other provisions of this Privacy Policy apply. 

The Business Client is always responsible for informing its employees and designated contact persons about the processing of their personal data, as outlined in the agreement between the Business Client and the PVcase, and for providing them with a link to this Privacy Policy.

In cases where Business Clients act as data controllers of their employees’ or representatives’ personal data (i.e., when they access and use information via the Mobile Application for their own purposes), we are not responsible for such processing activities, and the provisions of this Privacy Policy do not apply to those operations.

6. How do we ensure the security of your personal data?

We process your personal data responsibly and securely, in accordance with our internal data protection policies and by applying appropriate technical and organizational measures to safeguard against unlawful processing, accidental loss, destruction, damage, alteration, disclosure, or any other unauthorized processing actions. Accordingly, we adhere to the following key data processing principles:

  • We collect personal data only for specified and legitimate purposes.

  • We process personal data fairly and only for its original purpose.

  • We retain personal data only for as long as necessary to achieve the defined purposes or as required by law.

  • Personal data is processed only by employees who are authorized and have official access.

  • We process data using appropriate technical and organizational measures.

  • Personal data is disclosed to third parties only when a legal basis exists.

  • Where applicable, we notify the State Data Protection Inspectorate of any confirmed or suspected data security breaches.

  • We conduct regular data protection training for our employees.

  • We carry out periodic internal and/or external IT security audits.

  • We continuously review, adapt, and improve our processes to ensure the safest possible handling of personal data collection, access, transmission, use, and other operations.

  • We regularly monitor our systems for potential breaches or attacks; however, it is not possible to guarantee the absolute security of information transmitted via the internet or to completely prevent breaches—especially those that may occur due to your own carelessness or sharing of data with others. Therefore, please note that you bear personal responsibility and risk when submitting your personal data via internet connection, the Mobile App, or the Website. You also assume full responsibility for voluntarily disclosing your account information to others and/or for careless or negligent handling of personal data received directly from us.

7. About cookies

PVcase uses cookies and similar technologies on the Platform. You can find out more by visiting our Cookie Policy.

8. Who receives your information?

To deliver its services effectively, PVcase may share personal data with carefully selected third parties, acting either as data processors or, in certain cases, as independent data controllers. These recipients are engaged based on contractual necessity, legal obligation, or legitimate interest and fall into the following categories:

  • Cloud infrastructure providers – including Google LLC (Google Drive) and Microsoft Corporation (Microsoft OneDrive), who provide the hosting, storage, and computing infrastructure necessary for running PVcase services.

  • Customer relationship and marketing service providers – such as Gainsight, used to manage customer communications, marketing campaigns, and support interactions.

  • Communication and meeting scheduling tools – including Zoom Video Communications, Inc., Microsoft Teams, and Google Meet, used to arrange and conduct product demos, support sessions, and business meetings.

  • Payment processing and subscription management providers – who handle billing, invoicing, and subscription services related to PVcase’s commercial offerings.

  • Technical diagnostics and analytics providers – including Mixpanel, HubSpot, used for performance monitoring, bug tracking, and improving user experience.

  • Legal, financial, and compliance consultants – including external legal counsel, auditors, and accounting firms, engaged to ensure compliance with applicable laws and fulfill legal or audit obligations.

  • Public authorities and regulators – such as tax authorities, data protection authorities, or law enforcement, where disclosure is legally required under EU or national legislation.

  • Affiliated companies within the PVcase group – that may access data for internal administrative purposes, support, or cross-entity service coordination, in accordance with intra-group data sharing agreements.

  • Academic institutions and research partners – in cases where users apply for academic licenses or participate in joint research or educational projects, PVcase may share limited information with relevant universities or research bodies based on consent or contractual arrangements.

  • Former or current employers and professional referees – in the context of recruitment, we may collect reference information about candidates from individuals acting on behalf of their former or current employers (e.g., supervisors or HR representatives).

  • Referees and individuals designated by candidates – where candidates provide the contact details of former or current employers for reference purposes, we may process the name, job title, professional opinion, and contact information (email, phone number) of the designated referee. This data is not collected directly from the referees themselves but is used to obtain information relevant to the candidate’s suitability.

  • Recruitment platform providers – including Recruitee B.V. (Netherlands), which provides the recruitment software used by PVcase to manage job applications, schedule interviews, and communicate with candidates.

The following service providers are established outside the European Economic Area, which may result in your data being transferred outside the European Economic Area. In these cases the personal data is protected by the service providers entering into the EU standard contractual clauses for the transfer of data as approved by the European Commission:

  • Amazon Web Services, Inc. (USA);

  • Google LLC (USA);

  • Apple Inc. (USA);

  • Microsoft Corporation (USA);

  • Slack Technologies, Inc. (USA);

  • Salesforce, Inc. (USA);

  • HubSpot, Inc. (USA);

  • Mixpanel

  • Gainsight

In addition, where applicable, PVcase may transfer personal data to third parties established in countries that benefit from an adequacy decision by the European Commission under Article 45 of the GDPR. In such cases, no additional safeguards are required. 

9. Links to third-party websites 

We may provide hyperlinks to third-party websites as a convenience to you. We do not control third-party websites and are not responsible for the contents of any linked-to, third-party websites or any hyperlink in a linked-to website. We are not responsible for the privacy practices or the content of third-party websites.

10. Your rights

In this section, we have summarised the rights that you have under data protection laws. Some of the rights are complex thus we only provide the main aspects of such rights. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.

Your other principal rights under data protection law are the following: (i) the right to access data; (ii) the right to rectification (note that you may exercise most of this right by logging to your account here; (iii) the right to erasure of your personal data; (iv) the right to restrict processing of your personal data; (v) the right to object to processing of your personal data; (vi) the right to data portability; (vii) the right to complain to a supervisory authority; and (viii) the right to withdraw consent.

The right to access data. You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.

The right to rectification. You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.

In some circumstances you have the right to the erasure of your personal data. Those circumstances include when: (i) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (ii) you withdraw consent to consent-based processing and there are no other legal basis to process data; (iii) you object to the processing under certain rules of applicable data protection laws; (iv) the processing is for direct marketing purposes; or (v) the personal data have been unlawfully processed. However, there are exclusions of the right to erasure. Such exclusions include when processing is necessary: (i) for exercising the right of freedom of expression and information; (ii) for compliance with our legal obligation; or (iii) for the establishment, exercise or defence of legal claims.

In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are when: (i) you contest the accuracy of the personal data; (ii) processing is unlawful but you oppose erasure; (iii) we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and (iv) you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data, however we will only further process such data in any other way: (i) with your consent; (ii) for the establishment, exercise or defence of legal claims; (iii) for the protection of the rights of another person; or (iv) for reasons of important public interest.

You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.

The right to data portability. To the extent that the legal basis for our processing of your personal data is: (i) consent; or (ii) performance of a contract or steps to be taken at your request prior to entering into a contract, necessary to enter into such, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.

If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement. Our data processing is supervised by State Data Protection Inspectorate of the Republic of Lithuania, registered office at A. Juozapavičiaus St. 6, LT-09310, https://vdai.lrv.lt/

To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

You may exercise any of the rights indicated herein by contacting us at legal@pvcase.com.

11. Updating your data

Please let us know if the personal information that we hold about you needs to be corrected or updated.

12. United States Privacy Supplement

This section explains how We handle personal data of individuals in the United States (“US Supplement”). We are established in the EU and primarily complies with the GDPR. Based on our current U.S. scale and activity, comprehensive state privacy laws (e.g., California CCPA/CPRA, Virginia VCDPA, Colorado CPA, Utah UCPA, and similar) generally apply only to organizations meeting statutory thresholds. We are currently below those thresholds and do not “sell” or “share” personal data as those laws define those terms. If our United States operations change such that any of these laws apply, We will update this Supplement and honor the corresponding rights.

  • Children’s privacy (COPPA). Our services are not directed to children under 13, and We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information to us, please contact us so We can delete it.

  • Marketing compliance. Marketing emails include an unsubscribe link, and We honor unsubscribe requests within 10 business days. If we offer SMS messages, We obtain prior express consent and honor “STOP” messages promptly.

  • Do Not Sell or Share Requests. We do not sell personal data or share it for cross-context behavioral advertising. If that changes, We will provide required notices and opt-outs (including honoring recognized universal opt-out signals where applicable).

  • California “Shine the Light” and Nevada. We do not disclose personal information to third parties for their own direct marketing purposes and do not sell “covered information” under Nevada law. If this changes, We will provide the required rights and opt-out options.

  • California “Do Not Track” Notice. Many internet browsers have “Do Not Track” features which, when turned on, sends a signal (the “DNT signal”) to the websites You visit that indicate You do not want to be tracked. Currently, given the lack of uniform implementation across browsers, our website does not respond to “do not track” signals.

  • Security incidents. If a data security incident affects U.S. residents, We will provide notice consistent with applicable U.S. state laws.

  • Contact. U.S. residents can reach us at legal@pvcase.com regarding this US Supplement.

13. Changes to our Privacy Policy

We may amend this Privacy Policy at any time, in case of material changes, we may inform you about such via email. This Privacy Policy was last updated 12.12.2025.

14. Contact Information

We will use all reasonable efforts to answer any questions or resolve any concerns regarding your privacy promptly.

All comments, queries and requests relating to our use of your personal information are welcomed. If you would like to contact us at legal@pvcase.com.

© 2026 PVcase