Who are we?
NILTASOFT LIMITED, Address: Kosta Charaki 11, 3rd floor, Flat/Office N302, 3041, Limassol, Cyprus. Registration number: HE190472; VAT-ID: CY-10190472H (part of the Softline Group hereafter referred to as “Softline”) is the data controller of the website https://support.ecommerce.softline.com/ (hereafter the “Customer portal”).
You can read more on Softline’s approach to privacy and data protection here.
What does this Privacy Notice cover?
This Privacy Notice applies to the Customer portal and it is meant to explain who we are, what personal data we process, why, for how long, with whom we might share your data, what are your rights and where you can contact us.
For purpose of this Privacy Notice, personal information means data or set of data that can identify an individual, such as name, address, telephone number, and email address. For what type of data we collect for a specific purpose see below.
What personal data do we collect and how do we intend to use it?
Data collected for the enablement and usage of the Customer portal
- Categories of data: User Account Information, Contact Information (e-mail), Browsing Information, Personal Identification, Log files
- Provide e-commerce customer support;
- Legal basis:
- Applicable from data subjects located in countries listed in Annex 1A: We consider that our legitimate interests justify the processing; we find such interests to be justified considering that the data is limited to what is usually shared by the people acting in their business or professional capacities. The legitimate interest pursued is providing e-commerce customer support;
- Applicable from data subjects located in countries listed in Annex 1B: consent;
- Retention time: we will keep the data as long as necessary to enable the usage of the Customer portal, including the existence of a contract between your company and Softline. The data will be anonymized/deleted after the account was deactivated in the Customer portal and/or the contract ended. The criteria we use to determine the retention term is the commercial relationship term plus the mandatory retention term of records provided by the local legislation applicable;
- Source of data: the data is provided by you directly and via alternative internal applications;
- Requirement to provide data and consequences of not providing: the fields are necessary for the usage of the Customer portal, not providing such data will result in failure to register into the Customer portal.
- Type of data: IP address and related information such as location and internet provider, browser and content type, version and settings, viewed content and activities;
- Legal basis (for strictly necessary cookies):
- Applicable from data subjects located in countries listed in Annex 1A: legitimate interests of the controllers. We find the legitimate interest to be justified considering that the data is necessary for making the website functional (our website does not offer any content directed to individual consumers as well as any content which might be used for any inferences about your private life habits or interests), and limit the retention of data;
- Applicable from data subjects located in countries listed in Annex 1B: consent;
- Legal basis (for all other types of cookies): consent.
- Source of data: data is obtained automatically through your use of the website and from external parties as per the table below;
- Requirement to provide data and consequences of not providing: you are not required to provide any data yourself.
With whom we share your data?
We disclose your information to SOFTLINE employees from the relevant teams, companies processing the data on our behalf (hosting providers, mail system provider, organizations providing maintenance services; entities providing services in the field of tax and legal services, subcontractors performing customer service and logistics tasks, providers of statistical, advertising and analytical services, payment service providers, independent third parties when this is necessary (auditors, lawyers, inspection agencies) or based on your choices and actions (as when you ask us to send you a shipment or letter using a third-party provider). Depending on applicable local laws you may obtain from us further information about specific entities having access to the data. Your data will be transferred to third countries and any subsequent transfers will follow applicable local and regional laws. For data transferred outside of EU/EEA, SOFTLINE also implements EU Standard Contractual Clauses (more information about such clauses is available here) to ensure similar level of protection as in EU/EEA. For data transferred outside of Serbia, SOFTLINE also implements Standard Contractual Clauses (more information about such clauses is available only in Serbian here). For data transferred outside of Argentina, SOFTLINE implements Standard Contractual Clauses (more information about such clauses is available only in Spanish here).
For countries listed in Annex 1B:
By submitting this form, you accept your data will be directly transferred to third countries, and any subsequent transfers will follow applicable local and regional laws.
We may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise, or defence of legal claim, whether in court proceedings or in an administrative or out-of-court procedure.
What are your rights?
- Right to withdraw your consent: You can withdraw your consent any time by writing us firstname.lastname@example.org;
- Right to information and transparency: You have the right to be informed on the manner in which we process your personal data.
- Right to access – You have the right to know what if any of your data we process and obtain a copy of it in most cases.
- Right to rectification – You have the right to request us to rectify or complete your data, as the case may be, on the basis of an additional statement.
- Right to restrict the processing – You can request us to restrict the processing of your personal data in certain cases.
- Right to erasure („right to be forgotten”) – You have the right to request and obtain the erasure of your personal data in some cases.
- Right to data portability – In certain cases you have the right to receive the personal data that you have provided us in a structured, commonly used and machine readable format or to request we transfer it to another controller.
- Right to oppose the processing/ Right to oppose the processing in direct marketing purposes: We shall not make decisions about data subjects based solely on automated processing.
- Right to launch a complaint with the competent data protection authority. Depending on your location the contact data of the competent data protection authority might differ. You ca find a comprehensive list of competent data protection authorities here.
You may exercise any of your rights in relation to your personal data by written notice to us, using contact details set out below.
How do we safeguard your personal data?
We use a range of security measures to protect your personal information, which based on the specific data we process and the risk that the processing activity might pose to your rights and freedoms, might be”
- Measures for ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services.
- Measures for ensuring the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.
- Processes for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures in order to ensure the security of the processing.
- Measures for user identification and authorisation.
- Measures for the protection of data during transmission Measures for the protection of data during storage.
- Pseudonymisation and/or encryption of personal data.
- Measures for ensuring physical security of locations at which personal data are processed.
- Measures for ensuring events logging.
- Measures for ensuring system configuration, including default configuration.
- Measures for internal IT and IT security governance and management.
- Measures for certification/assurance of processes and products.
- Measures for ensuring data minimisation.
- Measures for ensuring data quality.
- Measures for ensuring limited data retention.
- Measures for ensuring accountability.
- Measures for early detection, management and recovery for incidents.
How can you contact us?
For personal information collected from individuals INSIDE Europe and MENA, written inquiries to the data protection responsible may be addressed to
For personal information collected from individuals INSIDE LATAM, written inquiries to the data protection responsible may be addressed to:
For personal information collected from individuals INSIDE INDIA, written inquiries to the data protection responsible may be addressed to
New Delhi (Gurugram)
For personal information collected from individuals INSIDE APAC, written inquiries to the data protection responsible may be addressed to:
Ho Chi Minh City
For personal information collected from individuals INSIDE CIS, written inquiries to the data protection responsible may be addressed to
Kazakhstan, Almaty, Medueskyi district, Dostyk ave., build. #210, BC «Koktem Grand», office 72, 050051
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please report it via the contact points provided in Speak UP Policy.
How do we keep this Privacy Notice updated?
We may update this Privacy Notice from time to time. If we materially change it, we will take steps to inform you of the change.
The date at the bottom of this Privacy Notice shows when it was last updated.
 All countries in the European Economic Area
 Plus any other country not listed in 1A