BRADsearch Privacy Policy

This Privacy Policy forms an integral part of the General Terms and Conditions of Service governing the use of the BRADsearch solution. It describes how UAB Invertus, operating the BRADsearch solution (hereinafter "BRADsearch", "we", "our", or "us"), collects, uses, discloses, and safeguards the personal data of individuals who interact with our Services through the website bradsearch.com and its subdomains.

We are committed to ensuring transparency and accountability in compliance with the General Data Protection Regulation (GDPR), the Law on Legal Protection of Personal Data of the Republic of Lithuania, and other applicable data protection laws.

This Policy is complementary to our Data Processing Agreement (DPA) and General Terms and Conditions of Service. Please review those documents for a full understanding of our data protection and Service responsibilities.

The data controller responsible for processing your data is:

UAB Invertus
Company Code: 300117946
Address: K. Donelaičio g. 62-522, LT-44248 Kaunas, Lithuania
Email: legal@invertus.eu

We collect and process personal data in our capacity as a data controller for the purposes described in this Privacy Policy, and in certain cases as a data processor acting on behalf of our clients - details of which are governed by our Data Processing Agreement (DPA).

We collect and process personal data either:

• Directly from you (e.g., when you contact us, register, or attend events),
• Automatically through your interaction with our platform (e.g., via cookies or system logs),
• Or indirectly, when our clients submit personal data as part of their use of the BRADsearch platform (processing governed by our Data Processing Agreement (DPA)).

In these cases, we act either as:

• a data controller, for our own business purposes (as described in this Privacy Policy), or
• a data processor, solely on behalf of our clients, governed by our Data Processing Agreement (DPA).

We do not use client-submitted personal data (such as merchant clients records or search queries) for our own purposes, unless explicitly instructed by the client in accordance with the DPA.

3.1 Categories of Individuals

We may process personal data from the following groups of individuals:

• Prospective Clients - individuals requesting information, quotes, or demos
• Registered Users and Clients - users who create an account or access our services
• Business Partners and Service Providers - individuals engaged in business-related interactions on behalf of their organizations
• Website Visitors - users who browse our site or interact with embedded features such as cookies or contact forms
• Event Participants - attendees of webinars, workshops, or promotional events

3.2 Categories of Data

Depending on your relationship with us, we may process the following categories of personal data:

• Identification and Contact Data: name, job title, company, email address, phone number
• Account and Access Data: usernames, passwords, authentication credentials, access logs
• Billing and Payment Data: invoice information, payment methods, tax identifiers (e.g., VAT number)
• Technical and Usage Data: IP address, country, geographic region, city, browser type, browser version, operating system, device type, session logs, time zone, interaction behavior, in-site search and result logs, order history
• Communication Data: inquiries, feedback, support messages, and communication records
• Marketing and Consent Data: event registration details, subscription preferences, marketing consents

In some cases, we may also process pseudonymized or aggregated platform usage data to improve service performance, reliability, and security.

3.3 Data We Process as a Processor

As part of delivering the BRADsearch service, we may process personal data that our clients upload or generate during use of the BRADsearch (e.g., product catalog content, search and result logs, behavioral data, or client queries).

In these cases:

• BRADsearch acts exclusively as a data processor.
• Our clients are the data controllers and remain fully responsible for the lawfulness of the data submitted.
• We only process such data based on the client's documented instructions and never use it for profiling, resale, or our own analytics unless explicitly authorized.

This processing is strictly governed by the terms of our Data Processing Agreement (DPA), which defines our obligations, security measures, and limitations.

3.4 Children's Data

Our services are not intended for individuals under the age of 18. We do not knowingly collect or process personal data from children. If we become aware that we have received such data without valid consent, we will delete it promptly.

We process personal data based on the lawful grounds outlined in the General Data Protection Regulation (GDPR). The table below shows the main purposes and corresponding legal bases:

We will never use your data for profiling or automated decisions without your consent.

We do not sell or rent your personal data. We share data strictly as necessary and only with parties that are bound to data protection obligations consistent with GDPR.

We may share your data with the following categories of recipients:

• Authorized Service Providers: External vendors supporting hosting, CRM, email, payment processing, analytics, client support, project management, internal communication and marketing technology. These providers operate under Data Processing Agreements in accordance with Article 28 GDPR.
• Professional Advisors: Legal, financial, tax, or accounting advisors engaged to support our business operations.
• Public Authorities: Where legally required, such as in response to a lawful request or to comply with regulations.
• Integration Partners: Only with your explicit consent, we may share data to enable integrations or third-party services you choose to use in conjunction with BRADsearch.

All third parties processing your personal data on our behalf are bound by GDPR-compliant Data Processing Agreements (DPAs), as required by Article 28 GDPR. In certain cases, when using integrations or analytics tools (e.g., with marketing platforms), BRADsearch and the third party may act as joint controllers under Article 26 GDPR. In such cases, we ensure that appropriate agreements and transparency obligations are in place.

For more details, check our DPA (Data Processing Agreement).

Your data may be transferred to countries outside the European Economic Area (EEA) where adequate safeguards are in place, only if:

• The destination country has an EU adequacy decision by the European Commission
• Standard contractual clauses or other safeguards are in place
• You have explicitly consented to the transfer

We retain your personal data only for as long as necessary, including for the following purposes:

• Providing our Services and maintaining your active account
• Fulfilling legal and tax obligations (up to 10 years, where applicable)
• Sending marketing communications (until consent is withdrawn)
• Operating technical logs and cookie-based tracking (as detailed in our Cookies Policy)

Additionally, where we act as a data processor on behalf of our business clients, such processing is governed by a dedicated Data Processing Agreement (DPA) in accordance with Article 28 of the GDPR.

You have the following rights under the GDPR:

• Right to access your personal data
• Right to rectification of inaccurate or incomplete data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing (including direct marketing)
• Right to withdraw consent at any time
• Right to lodge a complaint with the State Data Protection Inspectorate (www.ada.lt)

To exercise these rights, contact us at legal@invertus.eu with proof of your identity.

We implement appropriate technical and organizational measures to ensure the confidentiality, integrity, and availability of your data, including:

• Data encryption in transit (SSL/TLS)
• Access controls and authentication
• Server monitoring and audits
• Data minimization and secure authentication

We will send marketing emails or promotional messages only with your prior consent. You may unsubscribe at any time via the link in our emails or by contacting us.

We use cookies and similar tracking technologies to:

• Enable core website functionality
• Analyze traffic and usage trends
• Customize user experience
• Support marketing and retargeting campaigns

Please refer to our separate Cookies Policy for full details, including the types of cookies used, purposes, and how you can manage your preferences.

Our website may contain links to third-party websites. We are not responsible for their data practices. You are encouraged to review their privacy policies before providing personal data.

We may update this Privacy Policy to reflect legal, technical, or operational changes at any time. All updates will be published on this page and indicated with a revised "Last updated" date. If material changes affect your rights, we will notify you via email or by prominently displaying on our website.

For any questions or concerns regarding Privacy Policy, please contact our support or:
Email: legal@invertus.eu

Address: K. Donelaičio g. 62-522, LT-44248 Kaunas, Lithuania