Social Media Privacy Policy

1. Data controllers

From one side:

Virto Solutions LTD, a legal entity established in Cyprus and its group companies listed below (collectively “Virto Commerce”, "we", "us", and "ours") is committed to protecting your privacy.

Virto Commerce is a common term used in this document which represents the following companies:


  • Virto Solutions LTD, legal entity code HE309608 (Σπύρου Κυπριανού, 38, CCS BUILDING, Floor 2, Κάτω Πολεμίδια, 4154, Λεμεσός, Κύπρος (Cyprus);
  • Virto Solutions, legal entity code C4086736 (20945 Devonshire ST ste 102, Los Angeles CA 9131, United States);
  • Virto Solutions, UAB legal entity code 304552351 (M. Katkaus str. 1-6, LT-09217 Vilnius, Lithuania).

Email of data protection officer: [email protected]

From another side:

Administrators of social media platforms: Facebook Int., Github, Twitter, Linkedin, Instagram, YouTube.

In relation to some personal data processed on our social media accounts, we act as a joint controller with the administrator of social media platforms as per Article 26 of the GDPR.


"Virto Commerce" manages these social media accounts:





2. Responsibility of Social media platforms

We have a very limited influence to the personal data processing (for example, account management, posting rules, advertising rules, community standards, etc.) carried out by the administrators of any social media platform. We do not know what data is processed by the administrator of the platform. In situations where we can have an impact in determining the parameters of the data processing, we ensure that administrator of social media platform would process data in a humancentric approach.

Platform administrator manages all IT infrastructure, sets its own data processing rules and privacy policies, and also interacts with you as a user of the platform (if you are a registered user). Furthermore, only the platform administrator is responsible for the processing of personal data attributable to your account. We do not have any access to such data of yours.

You can find more information about the data processing and your data subject rights in the privacy policies of each social media platform.

3. Data Processing purpose and legal ground

3.1. The main purpose of data processing is the ability to inform our followers about products we develop, services we provide, enlighten on general IT news and to communicate with our followers by answering their questions and, on some occasions, to invite to participate in our marketing activities. Our legal basis for such data processing is our legitimate interest to promote our brand and provide good customer service.

3.2. We have a right to delete any comments if it seems necessary. For example, when posts infringe ethical principles of Virto Commerce, mandatory legal acts, social norms, trademarks, and intellectual property rights, or when the posts are otherwise offensive, discriminatory, pornographic, or abusive in nature.

If we deem it necessary, we will contact you via your social media account.

4. Data recipients

Data is, in general, not shared with other third parties, except if it is necessary for the handling of your claim or request. Please be aware that some social media accounts allow sharing of the content (like comments), therefore, your interaction with us may be visible to other users. For example, if you participate in any of our games or events and content is posted on our account, this can be seen by others. If you are using your real name and photo in your account, others can directly identify you.

In contrast, personal data which you provide to us using confidential channels, such as private message, will be used by us only and shall not be transferred to others not related to “Virto Commerce” group. This rule does not apply if you message contains content described in 3.2 above.

5. Data retention

All personal information, which you send to us by private messages (your offers, comments, requests, and other interactions) is deleted within 90 days of final resolution of the issue.

All other content created by you in our social media account is stored for an unlimited amount of time, unless we delete it for the reasons specifies in 3.2 above, or if we close our account. Please note, in most of the platforms you can also manage your content yourself, for example, you can amend or delete your content without our permission.

Please note: We do not have any influence to the retention rules of the platform administrator; therefore, your content can be deleted by the platform administrator if you do not comply to the rules applicable to that specific platform.

6. Joint controllers according to Article 26 of the GDPR

Some of our data processing is carried out together with the platform administrator. This processing is subject to provisions of Article 26 of the GDPR (joint controllers):

When social media platform administrator applies users’ monitoring technique, platform administrators and we are acting as joint controllers. Please note, monitoring of the user can be implemented regardless of the fact if you are a registered user or unregistered. Legal basis for such monitoring is legitimate interest of the platform administrator and us according to Article 6 1(f) of the GDPR – the necessity to optimize the use of accounts and the platform itself.

More about the data recipients and data retention terms can be found in the privacy policies of the relevant social media platform.

More information about the rights you have as a data subject, especially the right to object to the monitoring of your account, can be found in the privacy policies of the relevant platform administrator.

Collection of statistical data, which is provided to us by the platform administrator can be influenced by us only partly. We make sure however, that no excessive data would be transferred to us by the platform provider.

You should be aware that there is a possibility that social media platform is using your account data and your behavioral data to analyze your relations, likes and dislikes, beliefs, and other preferences. „Virto Commerce“ does not participate in this data processing and has no influence in this regard whatsoever.

7. Your data subject rights

• Right of access which means 1) the right to know whether data concerning you is being processed and 2) if so, access it (GDPR Article 15).
• Right to rectification. When personal data are inaccurate, then you have a right to request us to correct them indeed (GDPR Article 16).
• Right to erasure or right to be forgotten with additional stipulations (GDPR Article 17).
• Right to restriction of processing. Simply said, it is your right to limit the processing of your personal data with, several rules and exceptions (GDPR Article 18).
• Right to data portability. (GDPR Article 20).
• Right to object (GDPR Article 21). That does indeed mean what it says: data subjects can say they don’t want the personal data processing to be done or going on. In practice the data subject can, within specific conditions, exercise the right to object and the right to be forgotten.
• Right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her.
• Right to lodge a complaint with the local supervisory authority (for example State Data Protection Inspectorate in Lithuania).

You can implement your data subject rights by using any of the contact details indicated in the beginning of this policy.

Last update: 2022 August

Copyright © 2024. All rights reserved.