Privacy Policy
- Effective date
- April 3, 2026
- Last updated
- April 24, 2026
Privacy Policy
Effective Date: April 3, 2026 Last Updated: April 24, 2026
1. Introduction
UAB Backoffice Solutions (“Backoffice”, “we”, “us”, or “our”) operates the backoffice.lt workforce management platform (the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our Service.
We are committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR), Lithuanian data protection laws, and other applicable privacy legislation.
Data Controller:
- Company: UAB Backoffice Solutions
- Registration Number: 307630360
- Address: Švitrigailos g. 11K-109, LT-03228 Vilnius, Lithuania
- Email: privacy@backoffice.lt
2. Scope and User Types
This Privacy Policy applies to all users of the Backoffice platform. We distinguish between three types of users:
| User Type | Description | Data Relationship |
|---|---|---|
| Account Holders | Organizations (restaurants, hotels, cafes) that create a Backoffice account | Backoffice is the Data Controller for account/billing data; Data Processor for employee data |
| Employees | Workers invited to the platform by Account Holders | Account Holder is the Data Controller; Backoffice is the Data Processor |
| Website Visitors | Individuals who visit backoffice.lt without an account | Backoffice is the Data Controller |
Important: For employee data, your employer (the Account Holder) determines what personal data is collected and how it is used. We process this data on their behalf according to our Data Processing Agreement. For questions about how your employer handles your data, please contact them directly.
3. Personal Information We Collect
The personal information we collect depends on your relationship with Backoffice, how you interact with our Services, and what your employer (if applicable) chooses to enable. This section provides a detailed breakdown by user type and legal basis for processing.
3.1 Account Holder Data (Organizations)
When an organization signs up for Backoffice, we collect and process the following data as Data Controller:
| Category | Data Collected | Legal Basis | How Collected |
|---|---|---|---|
| Organization Identity | Company name, registration number, VAT code, business type, legal form | Contract Performance | Direct input |
| Business Contact | Business email, phone number, website URL | Contract Performance | Direct input |
| Business Address | Registered address, operational addresses, geolocation coordinates | Contract Performance | Direct input |
| Administrator Account | Admin name, email, phone, role, authentication credentials | Contract Performance | Direct input |
| Billing Information | Billing email, billing address, VAT status, tax identifiers | Contract Performance / Legal Obligation | Direct input |
| Payment Methods | Credit/debit card details (tokenized via Stripe), payment history | Contract Performance | Stripe integration |
| Banking Information | Bank name, IBAN (encrypted), SWIFT/BIC, account holder name | Contract Performance | Direct input |
| Business Documents | Business licenses, permits, certificates, registration documents | Legal Obligation | Document upload |
| Integration Credentials | OAuth tokens, API keys for connected services (POS, accounting) | Contract Performance | OAuth/API connection |
Data Ownership: Account Holders own and control their organization data. They determine which employees are invited, what data is collected from employees, and how integrations are configured.
3.2 Employee Data (Processed on Behalf of Account Holders)
For employee data, Backoffice acts as Data Processor on behalf of the Account Holder (employer), who is the Data Controller. The employer determines what data is collected and how it is used.
3.2.1 Identity & Contact Information
| Data Type | Examples | Legal Basis | Collection Method |
|---|---|---|---|
| Basic Identity | First name, last name, preferred name | Contract (Employer) | Direct input / Employer |
| Contact Details | Email address, phone number(s) | Contract (Employer) | Direct input / Employer |
| Profile Media | Profile photograph, avatar | Consent | Direct upload |
| Authentication | Password hash, 2FA method, 2FA secret (encrypted), backup codes | Contract (Employer) | Direct input |
| Account Identifiers | User ID, employee number | Contract (Employer) | System generated |
3.2.2 Demographic & Personal Information
| Data Type | Examples | Legal Basis | Collection Method |
|---|---|---|---|
| Date of Birth | Birth date, calculated age | Legal Obligation / Contract | Direct input / Employer |
| Gender | Gender identity (optional) | Consent | Direct input |
| Residential Address | Home address (line 1, line 2, city, postal code, country) | Contract (Employer) | Direct input |
| Work Address | Assigned workplace location(s) | Contract (Employer) | Employer assignment |
| Nationality/Citizenship | Country of citizenship, work authorization status | Legal Obligation | Direct input / Employer |
3.2.3 Emergency Contact Information
| Data Type | Examples | Legal Basis | Collection Method |
|---|---|---|---|
| Emergency Contacts | Contact name, phone, email, relationship, notes | Legitimate Interest (Safety) | Direct input |
| Primary Contact Flag | Designation of primary emergency contact | Legitimate Interest (Safety) | Direct input |
3.2.4 Employment Information
| Data Type | Examples | Legal Basis | Collection Method |
|---|---|---|---|
| Job Information | Job title, department, job role, employee type | Contract (Employer) | Employer input |
| Employment Dates | Hire date, probation end date, termination date | Contract (Employer) / Legal Obligation | Employer input |
| Contract Details | Contract type (full-time, part-time, temporary), contract number, hours per week | Contract (Employer) / Legal Obligation | Employer input / Document |
| Employment Rate | Full-time equivalent (FTE), work schedule type | Contract (Employer) | Employer input |
| Contract Documents | Signed employment contracts, amendments | Legal Obligation | Document upload |
| POS Mapping | External system employee IDs | Contract (Employer) | Integration sync |
3.2.5 Compensation & Financial Information
| Data Type | Examples | Legal Basis | Collection Method |
|---|---|---|---|
| Salary Information | Base salary, hourly rate, wage type | Contract (Employer) | Employer input |
| Payment Details | Payment frequency, payment method preference | Contract (Employer) | Employer input / Direct |
| Salary History | Previous salary, salary changes, change reasons, approval records | Contract (Employer) / Legal Obligation | Employer input |
| Banking Details | Bank name, account number (encrypted), IBAN (encrypted), SWIFT/BIC | Contract (Employer) | Direct input |
| Payroll Sync Data | Gross/net amounts, tax deductions (from accounting integration) | Contract (Employer) / Legal Obligation | Integration sync |
Note: Banking details are encrypted at the field level. Only the last 4 digits of account numbers are displayed to authorized personnel.
3.2.6 Identity Documents
| Data Type | Examples | Legal Basis | Collection Method |
|---|---|---|---|
| Government ID | Passport scan, national ID card, personal code | Legal Obligation | Document upload |
| Work Authorization | Work permit, visa, residence permit | Legal Obligation | Document upload |
| Other Documents | Driver’s license, birth certificate, certifications | Contract (Employer) / Legal Obligation | Document upload |
| Document Metadata | Document number, issue date, expiry date, issuing authority | Legal Obligation | Direct input / Extraction |
Storage: Identity documents are stored in encrypted private storage. Access is controlled and logged. Documents are accessible only via time-limited signed URLs.
3.2.7 Time, Attendance & Location Data
| Data Type | Examples | Legal Basis | Collection Method |
|---|---|---|---|
| Clock Events | Clock-in time, clock-out time, break start/end | Contract (Employer) | App/Web/Kiosk input |
| Worked Hours | Total hours, overtime hours, break duration | Contract (Employer) | Calculated |
| Clock Method | Device used (App, Web, Kiosk, Biometric, RFID Card) | Contract (Employer) | Automatic detection |
| Clock-in PIN | Hashed PIN for kiosk authentication | Contract (Employer) | Direct input |
| GPS Location | Latitude/longitude at clock-in/out (if enabled by employer) | Consent / Legitimate Interest | Device location services |
| Clock Photos | Photo capture at clock-in/out (if enabled by employer) | Consent / Legitimate Interest | Device camera |
Important: GPS location and photo capture are optional features that must be:
- Enabled by the Account Holder (employer)
- Permitted by the employee’s device settings
- Collected only at the moment of clock-in/out, never continuously
Employees may deny location permissions on their device, which may prevent clock-in if the employer requires location verification.
Biometric Clock Integration: When external biometric clock devices (fingerprint/face readers) are used for time tracking, biometric templates are stored on the device or the device manufacturer’s system — not in Backoffice. We only receive the timestamp and user identifier of the clock event.
Location Data Guarantees: We store only the single GPS coordinate captured at the moment of clock-in or clock-out. We do not:
- Track location between these events
- Create movement history or pattern analysis
- Compare location data across multiple clock events to infer travel routes
- Perform geofencing monitoring or alert employers when employees enter/leave areas
Clock-in Photos (if enabled by employer): Clock-in photos capture a single image at clock-in/out. These photos:
- Are intended to verify the employee’s identity, not to surveil surroundings
- Are accessible only to the employee’s direct employer (Account Holder)
- Are not analyzed by facial recognition or AI systems
- Are retained according to the Account Holder’s data retention settings
Employees uncomfortable with photo capture should discuss alternatives with their employer.
3.2.8 Scheduling & Availability
| Data Type | Examples | Legal Basis | Collection Method |
|---|---|---|---|
| Shift Data | Scheduled shifts, shift times, assigned location | Contract (Employer) | Employer/Manager input |
| Availability | Available days/times, preferred hours | Contract (Employer) | Direct input |
| Shift Preferences | Maximum hours, preferred shifts | Contract (Employer) | Direct input |
3.2.9 Leave & Absence Management
| Data Type | Examples | Legal Basis | Collection Method |
|---|---|---|---|
| Leave Requests | Request date, leave type, start/end dates, reason | Contract (Employer) | Direct input |
| Leave Types | Vacation, sick leave, personal leave, parental leave, bereavement | Contract (Employer) / Legal Obligation | Direct input |
| Leave Balances | Accrued days, used days, remaining balance | Contract (Employer) | Calculated |
| Approval Records | Approver name, approval date, notes | Contract (Employer) | Manager input |
Note: Sick leave may involve health-related information. We process only the fact of sick leave, not medical diagnoses, unless explicitly provided and consented to by the employee.
3.2.10 Performance & Development
| Data Type | Examples | Legal Basis | Collection Method |
|---|---|---|---|
| Performance Reviews | Review period, ratings, written feedback | Contract (Employer) / Legitimate Interest | Manager input |
| Manager Notes | General notes, recognition, disciplinary notes | Contract (Employer) / Legitimate Interest | Manager input |
| Goals & Objectives | Set goals, progress, achievements | Contract (Employer) | Direct / Manager input |
| Training Records | Completed training, certifications, expiry dates | Contract (Employer) / Legal Obligation | Direct / Manager input |
| Training Costs | Course fees, training investments | Contract (Employer) | Manager input |
| Certificates | Certificate files, verification URLs | Contract (Employer) / Legal Obligation | Document upload |
Visibility: Some notes may be marked as private (visible only to managers) or shared with the employee. Employees can view notes marked as visible to them.
3.2.11 Consent & Data Sharing Preferences
| Data Type | Examples | Legal Basis | Collection Method |
|---|---|---|---|
| Data Sharing Consent | Which personal fields to share with employer | Consent | Direct input (onboarding) |
| Consent Records | Consent given/withdrawn, timestamps, consent version | Legal Obligation | System recorded |
| Privacy Preferences | Communication preferences, visibility settings | Consent | Direct input |
Employee Control: Employees explicitly consent to which identity fields are shared with their employer during onboarding. Employers may request certain data as mandatory for employment.
3.3 Website Visitor Data
For visitors to backoffice.lt who do not have an account, we collect minimal data as Data Controller:
| Category | Data Collected | Legal Basis | Collection Method |
|---|---|---|---|
| Device Information | Browser type, version, operating system, device type, screen resolution | Legitimate Interest | Automatic |
| Network Information | IP address, approximate location (city/country level) | Legitimate Interest | Automatic |
| Usage Data | Pages visited, time on page, referral source, click paths | Legitimate Interest / Consent | Automatic (cookies) |
| Form Submissions | Name, email, company, message (contact/demo forms) | Consent / Contract | Direct input |
| Cookie Identifiers | Session ID, preference cookies, analytics cookies | Consent (where required) | Cookies |
3.4 Automatically Collected Technical Data
The following data is collected automatically from all users to ensure security, provide support, and improve the Service:
| Data Type | Source | Purpose | Legal Basis | Retention |
|---|---|---|---|---|
| Device Information | Mobile app, web browser | Security, troubleshooting, compatibility | Legitimate Interest | Session + 90 days |
| Device Identifiers | Mobile devices | Push notification delivery, device management | Contract Performance | Until logout/uninstall |
| App Version | Mobile app | Support, feature compatibility | Legitimate Interest | Session |
| Push Tokens | Mobile platforms | Push notification delivery | Contract Performance | Until logout/revoked |
| IP Address | All connections | Security, audit logging, fraud prevention | Legitimate Interest / Legal Obligation | 3 years (audit logs) |
| User Agent | Web browsers | Compatibility, analytics | Legitimate Interest | 90 days |
| Session Data | Authentication events | Security, access management | Contract Performance | Session duration |
| Activity Logs | All user actions | Audit trail, security, troubleshooting | Legitimate Interest / Legal Obligation | 3 years |
| Error Logs | Application errors | Debugging, service improvement | Legitimate Interest | 90 days |
3.5 Data from Third-Party Integrations
When Account Holders enable integrations, additional data may be synced into Backoffice:
| Integration | Data Direction | Data Types | Data Controller |
|---|---|---|---|
| POS Systems | Inbound | Sales transactions, cashier IDs, products, inventory, supplier data | Account Holder |
| Accounting Systems | Inbound | Chart of accounts, client data, invoices, payroll data | Account Holder |
| Google Business Profile | Bidirectional | OAuth tokens, location data, business hours, reviews | Account Holder |
| Communication Tools | Outbound | Alert messages, notification content | Account Holder |
Important: For integration data:
- The Account Holder authorizes the connection and determines what data is synced
- The Account Holder remains the Data Controller for their business data
- Backoffice caches integration data locally to provide the Service
- OAuth tokens and API credentials are encrypted at rest
3.6 Data We Do NOT Collect
To be clear about our data practices, Backoffice does not collect:
- Continuous GPS tracking (only at clock-in/out if enabled)
- Biometric data (fingerprints, facial recognition templates)
- Health or medical records (beyond leave type classification)
- Religious or political affiliations
- Trade union membership
- Criminal history or background check results
- Genetic data
- Data from minors under 16 years of age
We do not sell personal information. We have not sold personal information in the preceding twelve months.
Anti-Surveillance Commitment: Backoffice is workforce management software, not surveillance software. We explicitly reject ‘bossware’ features:
- No keylogging or keystroke capture
- No screenshot monitoring
- No webcam/microphone activation beyond optional clock-in photos
- No application/website usage tracking
- No mouse movement or ‘activity’ monitoring
- No ‘invisible’ or undetectable installation modes
- No tools for ‘covert investigations’ of workers
Managers can see: schedules, time records, tasks assigned, and (if enabled) clock-in location/photos. Managers cannot see: private communications, personal device data, or activity outside of work.
3.7 Automated Processing and Algorithmic Features
Backoffice uses automated systems to:
- Calculate hours worked and overtime
- Generate scheduling suggestions based on availability
- Send automatic reminders for upcoming shifts
- Flag clock-in/out events that may require manager review (e.g., missed clock-out, late arrival)
- Track employee progress in the optional Motivation gamification system (sales targets, task completion)
Motivation System (if enabled by employer): The Motivation module is an optional gamification feature that tracks employee performance based on POS (point-of-sale) data. When enabled:
- Employees progress through levels by completing sales-based tasks
- Progress is visible to the employee and their manager
- Level badges may be visible to colleagues
- An optional leaderboard shows level distribution (not individual performance details)
- Historical achievement data is retained for manager review
What Backoffice does NOT do automatically:
- Terminate or suspend employee accounts
- Make hiring, firing, or disciplinary recommendations
- Rank employees by attendance or punctuality in a way that affects employment
- Monitor keystrokes, screenshots, or screen activity
- Track continuous location or create movement patterns
All employment decisions remain with the Account Holder (employer). Backoffice provides data and tools; humans make decisions.
4. How We Use Your Information
4.1 Legal Bases for Processing (GDPR Article 6)
| Purpose | Legal Basis | Description |
|---|---|---|
| Service Provision | Contract Performance | Necessary to provide the Service you signed up for |
| Account Management | Contract Performance | Managing your account, billing, support |
| Communication | Contract Performance / Legitimate Interest | Service updates, support responses, important notices |
| Security | Legitimate Interest | Protecting against fraud, unauthorized access, abuse |
| Legal Compliance | Legal Obligation | Tax records, employment law compliance, regulatory requirements |
| Analytics | Legitimate Interest | Improving our Service, understanding usage patterns |
| Marketing | Consent | Promotional communications (only with explicit opt-in) |
| Employee Data Processing | Contract with Account Holder | Processing data as a Data Processor for Account Holders |
4.2 Specific Uses
For Account Holders:
- Creating and managing your organization account
- Processing subscription payments
- Providing customer support
- Sending service-related communications
- Generating invoices and billing records
- Enabling integrations with third-party services (POS, accounting)
For Employees (on behalf of Account Holders):
- Scheduling and shift management
- Time and attendance tracking
- Payroll calculations
- Document storage and management
- Performance management
- Training and certification tracking
- Team communication
For All Users:
- Maintaining security and preventing fraud
- Complying with legal obligations
- Improving and optimizing the Service
- Responding to legal requests
5. Location Tracking and GPS Data
5.1 When We Collect Location Data
Backoffice may collect GPS location data only when:
- An employee clocks in or out via the mobile app
- The Account Holder has enabled location verification
- The employee has granted location permission on their device
5.2 How Location Data Is Used
| Use Case | Description | Control |
|---|---|---|
| Clock-in Verification | Verifying employee is at designated work location | Account Holder can enable/disable |
| Audit Trail | Recording location at time of clock in/out | Retained with time entry |
5.3 Location Data Controls
- Employees can deny location permission on their device (may prevent clock-in if required by employer)
- Account Holders can enable/disable location requirements
- Location data is collected only at the moment of clock in/out, not continuously
- Historical location data follows standard data retention policies
6. Third-Party Services and Sub-Processors
To deliver our Service, we engage third-party service providers (“sub-processors”) who process personal data on our behalf. Before engaging any sub-processor, we perform due diligence including security assessments. All sub-processors are bound by contractual terms that ensure they process personal data only for the purposes specified and in compliance with GDPR and applicable data protection laws.
6.1 Sub-Processor List
Last Updated: April 24, 2026
We maintain transparency about the third parties who may access or process your data.
Infrastructure & Cloud Hosting
| Sub-Processor | Purpose | Processing Location |
|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure, database hosting, file storage | European Union |
| Vercel | Landing-page hosting, edge delivery, serverless form endpoints, deployment logs | EU/EEA and US with EU safeguards |
Authentication & Identity
| Sub-Processor | Purpose | Processing Location |
|---|---|---|
| Google Firebase Authentication | User authentication, session management | European Union |
Consent Management
| Sub-Processor | Purpose | Processing Location |
|---|---|---|
| Cookiebot by Usercentrics | Cookie consent banner, consent records, cookie declaration | European Union |
Payment Processing
| Sub-Processor | Purpose | Processing Location |
|---|---|---|
| Stripe | Payment processing, subscription billing, invoicing | European Union |
Note: Stripe acts as an independent data controller for payment fraud prevention.
Communications
| Sub-Processor | Purpose | Processing Location |
|---|---|---|
| Twilio | SMS notifications, phone number verification | US with EU safeguards |
| SparkPost (MessageBird) | Transactional email delivery | European Union |
| Firebase Cloud Messaging (FCM) | Android push notifications | US with EU safeguards |
| Apple Push Notification Service (APNS) | iOS push notifications | US with EU safeguards |
Monitoring & Analytics
| Sub-Processor | Purpose | Processing Location |
|---|---|---|
| Amplitude | Product analytics (anonymized/pseudonymized data) | US with EU safeguards |
| Microsoft Clarity | Website analytics, heatmaps, scrollmaps, session replay | US/EU with EU safeguards |
| Datadog | Application performance monitoring, error tracking | European Union |
Marketing & Attribution
| Sub-Processor | Purpose | Processing Location |
|---|---|---|
| Meta / Facebook | Marketing pixel, Conversions API, campaign attribution, conversion measurement | US/EU with EU safeguards |
Sales & Customer Operations
| Sub-Processor | Purpose | Processing Location |
|---|---|---|
| Notion | Demo-request lead intake, sales workflow records, internal follow-up | US/EU with EU safeguards |
Data Minimization: For analytics, we anonymize or pseudonymize data before transmission. User IDs are hashed; no names, emails, or sensitive employee data are sent to analytics services.
6.2 Customer-Connected Integrations
When Account Holders enable third-party integrations, data flows occur between Backoffice and external systems. The Account Holder authorizes these connections and remains the Data Controller for their business data.
Point of Sale (POS) Integrations
| Integration Type | Data Flow | Purpose |
|---|---|---|
| POS Systems | Inbound | Sync sales data for labor cost analysis, time tracking verification |
Accounting & ERP Integrations
| Integration Type | Data Flow | Purpose |
|---|---|---|
| Accounting Systems | Bidirectional | Accounting synchronization, payroll export |
Business Profile Integrations
| Integration Type | Data Flow | Purpose |
|---|---|---|
| Google Business Profile | Bidirectional | Schedule synchronization, location management |
Communication Integrations
| Integration Type | Data Flow | Purpose |
|---|---|---|
| Slack and similar tools | Outbound | Team communication, notifications |
6.3 Sub-Processor Due Diligence
Before engaging any sub-processor, we:
- Security Assessment: Evaluate their security practices and certifications
- Contractual Safeguards: Ensure appropriate Data Processing Agreements (DPAs) are in place
- Data Location Review: Confirm data processing locations and applicable transfer mechanisms
- Ongoing Monitoring: Regularly review sub-processor compliance and security posture
6.4 Sub-Processor Updates
We may update our sub-processor list from time to time. Material changes that may affect the processing of your personal data will be notified to Account Holders via email at least 30 days before the change takes effect, allowing time to object if necessary.
To subscribe to sub-processor change notifications, Account Holders can enable this option in their account settings or contact privacy@backoffice.lt.
7. Data Sharing and Disclosure
7.1 Our Commitment: We Do Not Sell Your Data
We do not sell, rent, license, or trade your personal information to third parties for their marketing or commercial purposes. Ever.
This commitment applies to all user types — Account Holders, Employees, and Website Visitors.
7.2 Categories of Data Sharing
We share personal data only in the following circumstances:
With Service Providers (Sub-Processors)
| Category | Recipients | Purpose | Legal Basis |
|---|---|---|---|
| Infrastructure | AWS (EU), Vercel | Hosting, storage, computing, landing-page delivery | Contract performance |
| Consent management | Cookiebot by Usercentrics | Cookie banner, consent records, cookie declaration | Legal obligation, legitimate interest |
| Payments | Stripe (EU) | Payment processing | Contract performance |
| Communications | Twilio, SparkPost, FCM, APNS | Notifications, verification | Contract performance, legitimate interest |
| Analytics | Amplitude, Microsoft Clarity, Datadog | Service improvement, monitoring, website analytics | Legitimate interest / consent where required |
| Marketing attribution | Meta / Facebook | Campaign attribution and conversion measurement | Consent where required |
| Sales operations | Notion | Demo-request lead intake and follow-up | Consent / pre-contractual steps |
| Authentication | Firebase | User login, session management | Contract performance |
All service providers are bound by Data Processing Agreements and may only process data according to our instructions.
With Account Holders (Employers)
| Data Shared | Purpose | Legal Basis |
|---|---|---|
| Employee profiles, time entries, schedules | Workforce management | Contract with Account Holder |
| Performance data, attendance records | HR administration | Contract with Account Holder |
| Payroll calculations, leave balances | Payroll processing | Contract with Account Holder |
Note: Account Holders are Data Controllers for their employee data. We process this data on their behalf as a Data Processor.
With Customer-Authorized Third Parties
When Account Holders enable integrations, data flows to:
| Recipient Type | Examples | Authorization |
|---|---|---|
| POS Systems | Various POS providers | Account Holder configuration |
| Accounting Systems | Various accounting software | Account Holder configuration |
| Business Tools | Google Business, Slack | Account Holder configuration |
For Legal Compliance
| Circumstance | Data Disclosed | Safeguards |
|---|---|---|
| Court Orders | As specified in valid legal order | We verify legal validity; notify users when permitted |
| Regulatory Requests | As required by supervisory authorities | We limit disclosure to what’s legally required |
| Tax Authorities | Billing records, transaction history | Required for legal compliance |
| Law Enforcement | Only as required by valid legal process | We challenge overbroad requests |
We will notify affected users of legal requests unless prohibited by law or court order.
For Safety & Security
We may share information when necessary to:
- Investigate, prevent, or address fraud, security threats, or technical issues
- Protect the rights, property, or safety of Backoffice, our users, or the public
- Enforce our Terms of Service and other agreements
Business Transfers
In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets:
- Personal data may be transferred as part of the transaction
- We will notify affected users and provide choices where required by law
- The acquiring entity will be bound by this Privacy Policy until a new policy is communicated
With Your Consent
We may share your data in other circumstances with your explicit consent.
Aggregated & Anonymized Data
We may share aggregated, de-identified data that cannot reasonably be used to identify individuals, such as:
- Industry benchmarks (average shift lengths, turnover rates)
- Platform usage statistics
- Geographic distribution of users (at country/region level only)
7.3 Data Processing Agreements (DPAs)
For Account Holders
Account Holders who require a Data Processing Agreement for GDPR compliance can:
- Download our standard DPA from their account settings, or
- Request a DPA by emailing privacy@backoffice.lt
Our DPA covers:
- Scope and nature of processing
- Data security measures and certifications
- Sub-processor list and change notification procedures
- Data breach notification (without undue delay, in time for the Account Holder to meet its 72-hour notification obligation under Article 33 GDPR)
- Assistance with data subject requests
- Data return and deletion upon contract termination
- Audit rights and compliance verification
Our DPAs with Sub-Processors
We maintain Data Processing Agreements with all sub-processors listed in Section 6.1. Key provisions include:
- Processing only on our documented instructions
- Confidentiality obligations for personnel
- Implementation of appropriate security measures
- Restrictions on sub-sub-processing
- Assistance with data subject rights and breach notification
- Data deletion upon termination
7.4 International Data Transfers
When data is transferred outside the European Economic Area (EEA):
| Transfer Mechanism | Used For |
|---|---|
| Standard Contractual Clauses (SCCs) | US-based sub-processors |
| EU-US Data Privacy Framework | Certified US providers (where applicable) |
| Adequacy Decisions | Countries deemed adequate by EU Commission |
We conduct Transfer Impact Assessments (TIAs) for transfers to countries without adequacy decisions and implement supplementary measures where necessary.
7.5 Third-Party Links and Widgets
Our Service may contain links to third-party websites or embed third-party widgets (e.g., help desk chat, social media buttons). We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any personal data.
8. Data Retention
8.1 Retention Periods
| Data Category | Retention Period | Reason |
|---|---|---|
| Active Account Data | Duration of account + 30 days | Service provision |
| Deleted Account Data | 30 days after deletion request | Recovery period, legal compliance |
| Billing Records | 10 years | Lithuanian tax law requirements |
| Employment Records | Duration of employment + as required by Account Holder | Labor law compliance |
| Audit Logs | 3 years | Security and compliance |
| Marketing Consent Records | Duration of consent + 3 years | Proof of consent |
| Support Communications | 2 years | Service improvement |
8.2 Deletion Process
When you request account deletion:
- Account is immediately deactivated
- Personal data is deleted within 30 days
- Anonymized data may be retained for analytics
- Backup copies are purged within standard backup rotation (90 days)
- Legal retention obligations may require keeping certain records
Upon completion of deletion, we will send written confirmation to the requestor within 5 business days.
Important: A data erasure request will be treated as an Account cancellation request unless you specify otherwise. Billing data subject to legal retention requirements (Section 8.1) will be retained.
9. Data Security
We are committed to protecting your data through a combination of technical and organizational measures. Our security program is designed to safeguard personal information against unauthorized access, disclosure, alteration, or destruction.
9.1 Technical Measures
| Measure | Implementation |
|---|---|
| Encryption in Transit | All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher. |
| Encryption at Rest | All databases, file storage, and backups are encrypted. |
| Sensitive Field Encryption | Additional application-level encryption protects highly sensitive data including bank account numbers, IBANs, and authentication credentials. |
| Password Security | All passwords are salted and hashed using industry-standard algorithms. Passwords are never stored in plain text. |
| Access Controls | Role-based access control (RBAC) with principle of least privilege. Users can only access data relevant to their role and organizational scope. |
| Multi-Factor Authentication | Optional 2FA via SMS verification or authenticator apps (TOTP). Account Holders can require 2FA for their organization. |
| Session Security | Secure session tokens with automatic expiry and configurable session timeouts. |
9.2 Data Residency and Hosting
| Aspect | Details |
|---|---|
| Primary Data Location | All platform data is stored within the European Union. |
| Database Hosting | Encrypted at rest with automated backups and redundancy. |
| File Storage | Server-side encryption. Sensitive documents are stored in private storage accessible only via signed URLs. |
| Backup Location | All backups remain within the EU. |
| Data Sovereignty | Your data does not leave the European Economic Area for storage or processing, except where third-party services are involved (see Section 6). |
9.3 Audit Logging and Monitoring
We maintain comprehensive audit logs to ensure accountability and support security investigations:
| Log Type | What’s Recorded |
|---|---|
| User Activity Logs | Authentication events (login, logout, failed attempts), profile changes, settings modifications, and administrative actions. |
| Data Access Logs | Records of who accessed sensitive employee data (banking, personal documents), when, and for what purpose—supporting GDPR accountability. |
| Consent History | All changes to data sharing consents, including timestamps and the fields affected. |
| Access Control Changes | Grants, revocations, and modifications to user permissions and roles. |
| Integration Audit Logs | API calls, webhook events, and third-party integration activities. |
Audit logs are retained for 3 years and are available to Account Holders upon request for their organization’s data.
9.4 Organizational Measures
| Measure | Description |
|---|---|
| Access Restrictions | Employee access to customer data is limited to those with a legitimate business need. Access is reviewed regularly and revoked upon role change or termination. |
| Security Training | All staff receive security awareness training covering data protection, phishing prevention, and incident reporting. |
| Vendor Assessment | Third-party service providers are evaluated for security and privacy compliance before integration. We maintain Data Processing Agreements (DPAs) with all sub-processors. |
| Secure Development | Our development process includes code reviews, security testing, and separation of development, staging, and production environments. |
| Background Checks | Employees with access to sensitive data undergo background verification as permitted by law. |
9.5 Data Breach Notification
We have documented incident response procedures to detect, investigate, and respond to security incidents. In the event of a personal data breach:
Notification to Supervisory Authority:
- We will notify the Lithuanian State Data Protection Inspectorate (VDAI) within 72 hours of becoming aware of a breach, as required by GDPR Article 33.
- If notification cannot be made within 72 hours, we will provide reasons for the delay.
Notification to Affected Individuals:
- If the breach is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay (GDPR Article 34).
- Notification will include: nature of the breach, data affected, likely consequences, and measures taken or recommended.
Notification to Account Holders:
- For employee data breaches, we will promptly notify the relevant Account Holder (as Data Controller) so they can fulfill their own notification obligations.
Notification to Employees: When a breach affects employee data and poses high risk to individuals, we will:
- Notify the Account Holder without undue delay, in time for the Account Holder to meet its own 72-hour notification obligation under Article 33 GDPR, with details to share with affected employees
- Provide template notification language the employer can use
- If requested by the employer, directly notify affected employees on their behalf
Breach Documentation:
- All security incidents and breaches are documented, including facts, effects, and remedial actions taken.
- This documentation is available to supervisory authorities upon request.
9.6 Your Security Responsibilities
Security is a shared responsibility. We recommend:
- Strong Passwords: Use unique, complex passwords for your Backoffice account.
- Enable 2FA: Activate two-factor authentication for additional protection.
- Protect Credentials: Never share your login credentials or allow others to use your account.
- Report Suspicious Activity: Contact us immediately at support@backoffice.lt if you notice unauthorized access or suspicious behavior.
- Keep Apps Updated: Use the latest version of our mobile apps to benefit from security updates.
9.7 Security Contact
To report a security vulnerability or incident:
- Email: privacy@backoffice.lt
- Response Time: We acknowledge security reports within 48 hours and aim to provide a substantive response within 5 business days.
10. Your Rights Under GDPR
Under the General Data Protection Regulation (GDPR), you have comprehensive rights regarding your personal data. We are committed to facilitating the exercise of these rights.
10.1 Your Data Subject Rights
| Right | GDPR Article | Description | How to Exercise |
|---|---|---|---|
| Right of Access | Art. 15 | Obtain confirmation whether we process your data, access to the data, and information about the processing (purposes, categories, recipients, retention period, source) | Email privacy@backoffice.lt or submit request via the app |
| Right to Rectification | Art. 16 | Have inaccurate personal data corrected without undue delay; complete incomplete data | Update directly in-app (Settings → Profile) or contact us |
| Right to Erasure (“Right to be Forgotten”) | Art. 17 | Request deletion of your data when: it’s no longer necessary, you withdraw consent, you object to processing, data was unlawfully processed, or legal obligation requires it | Email privacy@backoffice.lt with “Erasure Request” in subject |
| Right to Restriction | Art. 18 | Limit processing while accuracy is contested, processing is unlawful but you oppose erasure, we no longer need the data but you need it for legal claims, or you have objected pending verification | Email privacy@backoffice.lt |
| Right to Data Portability | Art. 20 | Receive your data in a structured, commonly used, machine-readable format (JSON/CSV) and transmit it to another controller. Exported data will include relationship identifiers necessary to reconstruct records meaningfully (e.g., schedules linked to employees, time entries linked to shifts). | Email privacy@backoffice.lt or use in-app data export (Settings → Privacy → Export My Data) |
| Right to Object | Art. 21 | Object to processing based on legitimate interests or public interest, including profiling; object to direct marketing at any time | Email privacy@backoffice.lt or unsubscribe via communications |
| Rights Related to Automated Decision-Making | Art. 22 | Not be subject to decisions based solely on automated processing (including profiling) with legal or significant effects; obtain human intervention, express your view, contest the decision | Email privacy@backoffice.lt |
| Right to Withdraw Consent | Art. 7(3) | Withdraw consent at any time for processing based on consent (does not affect lawfulness of prior processing) | Update in-app preferences, unsubscribe links, or email privacy@backoffice.lt |
| Right to Lodge a Complaint | Art. 77 | Lodge a complaint with a supervisory authority, particularly where you live, work, or where the alleged infringement occurred | Contact VDAI (see Section 10.5) |
10.2 How to Submit a Request
Preferred Methods:
-
Email: Send your request to privacy@backoffice.lt with:
- Your full name and email address associated with your account
- The specific right(s) you wish to exercise
- Any relevant details to help us locate your data
-
In-App: Navigate to Settings → Privacy for self-service options including data export and consent management
-
Written Mail: UAB Backoffice Solutions, Švitrigailos g. 11K-109, LT-03228 Vilnius, Lithuania
Identity Verification: To protect your data, we may need to verify your identity before processing requests. We will never ask for sensitive information like passwords.
No Fee Required: Exercising your rights is free. However, for manifestly unfounded or excessive requests (particularly repetitive ones), we may charge a reasonable fee or refuse to act.
10.3 For Employees (Platform Users via Employer)
If you use Backoffice through your employer (Account Holder), please note:
Your employer is the Data Controller for most of your employment data. This means:
| Request Type | Who to Contact First | Our Role |
|---|---|---|
| Access your employment records | Your employer | We assist your employer |
| Correct payroll/schedule data | Your employer | We process their instructions |
| Delete employment data | Your employer | Subject to their policies and legal retention |
| Export your data | Your employer or us | We can provide technical data export |
| Individual account settings | Backoffice directly | We control these directly |
We will:
- Assist your employer in responding to your requests within required timeframes
- Provide technical means for your employer to fulfill your requests
- Respond directly regarding data we control as a Data Controller (e.g., your app account credentials)
- Not share your data subject request with your employer without your permission unless legally required
10.4 Response Times and Process
| Stage | Timeframe | Details |
|---|---|---|
| Acknowledgment | Within 5 business days | Confirmation of receipt and request understood |
| Initial Response | Within 30 days | Full response or explanation of extension |
| Extended Response | Up to 60 additional days | Only for complex or numerous requests, with notification |
| Appeals | Within 30 days of our response | You may appeal our decision |
What to Expect:
- We acknowledge your request promptly
- We verify your identity if necessary
- We assess the request and gather the relevant data
- We respond within 30 days with:
- The requested information/action taken, OR
- Notification of extension (with reasons), OR
- Reasons why we cannot fulfill the request (with appeal rights)
10.5 Lithuanian Supervisory Authority (VDAI)
You have the right to lodge a complaint with the Lithuanian State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija, VDAI) if you believe your data protection rights have been violated.
Contact Details:
| Official Name | Valstybinė duomenų apsaugos inspekcija (VDAI) |
| Address | L. Sapiegos g. 17, LT-10312 Vilnius, Lithuania |
| Phone | +370 5 271 2804, +370 5 279 1445 |
| ada@ada.lt | |
| Website | https://vdai.lrv.lt |
| Online Complaints | https://vdai.lrv.lt/lt/paslaugos/skundo-pateikimas |
| Working Hours | Monday–Thursday: 8:00–17:00, Friday: 8:00–15:45 |
You may also complain to:
- The supervisory authority in the EU Member State where you reside
- The supervisory authority where your workplace is located
- The supervisory authority where the alleged infringement occurred
Before Lodging a Complaint: We encourage you to contact us first at privacy@backoffice.lt so we can try to resolve your concerns directly.
10.6 Limitations on Rights
Certain rights may be limited in specific circumstances as permitted by GDPR:
| Right | Possible Limitations |
|---|---|
| Erasure | Cannot apply if processing is necessary for: legal compliance, public interest archiving, scientific/historical research, establishment or defense of legal claims |
| Portability | Only applies to data you provided, processed by automated means, based on consent or contract |
| Objection | May not apply if we demonstrate compelling legitimate grounds that override your interests |
| Access | May be limited to protect trade secrets, intellectual property, or rights of other individuals |
We will always explain clearly if and why we cannot fully fulfill a request.
10.7 When We May Refuse Erasure
Under GDPR Article 17(3), we may refuse a request for erasure when processing is necessary for:
Legal Retention Requirements:
- Tax records and invoices (retained for 10 years under Lithuanian law)
- Employment records as required by labor law
- Records needed to comply with regulatory obligations
Ongoing Disputes or Legal Claims:
- Data needed for the establishment, exercise, or defense of legal claims
- Active legal proceedings involving the data
- Pending regulatory investigations
Our Commitment:
- We will always provide a written explanation if we refuse an erasure request
- The explanation will include the specific legal basis for refusal
- We will respond to erasure requests within 30 days
- You have the right to appeal our decision or lodge a complaint with VDAI
11. Cookies and Tracking Technologies
11.1 Types of Cookies We Use
| Cookie Type | Purpose | Duration | Consent Required |
|---|---|---|---|
| Essential | Authentication, security, basic functionality | Session / 1 year | No |
| Functional | Preferences, language settings | 1 year | No |
| Analytics | Understanding usage patterns, improving Service | 2 years | Yes |
| Marketing | Campaign attribution, remarketing, conversion measurement | Up to 2 years | Yes |
11.2 Managing Cookies
You can control cookies through:
- Your browser settings (block or delete cookies)
- Our cookie consent banner (when applicable)
- The Cookie Policy and Cookiebot declaration linked from the site footer
- Device settings for mobile apps
Note: Disabling essential cookies may prevent you from using certain features of the Service.
12. Children’s Privacy
The Backoffice Service is designed for business use and is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16.
If we learn that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe we have collected information from a child under 16, please contact us at privacy@backoffice.lt.
13. International Data Transfers
13.1 Primary Data Location
All primary data processing and storage occurs within the European Union.
We have made a deliberate architectural choice to keep all personal data within the EU to ensure the highest level of data protection.
13.2 Transfers Outside the EEA
While our primary infrastructure is EU-based, some third-party service providers may access or process personal data outside the European Economic Area (EEA). We only permit such transfers when appropriate legal safeguards are in place.
13.2.1 Transfer Mechanisms We Use
| Mechanism | Legal Basis | Our Use |
|---|---|---|
| Adequacy Decisions | Art. 45 GDPR | UK service providers, Canadian services |
| EU-US Data Privacy Framework (DPF) | Art. 45 GDPR | Certified US providers |
| Standard Contractual Clauses (SCCs) | Art. 46(2)(c) GDPR | All other non-EEA transfers |
| Supplementary Measures | Schrems II requirements | Applied where required by Transfer Impact Assessments |
13.2.2 Countries with EU Adequacy Decisions
The European Commission has recognized the following countries/territories as providing adequate data protection:
Full Adequacy:
- Andorra, Argentina, Canada (commercial organizations), Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Republic of Korea, Switzerland, United Kingdom, Uruguay
Sectoral Adequacy:
- United States: Organizations certified under the EU-US Data Privacy Framework
13.2.3 EU-US Data Privacy Framework
For transfers to the United States, we preferentially use service providers certified under the EU-US Data Privacy Framework (DPF).
DPF Redress Mechanisms: If you believe a DPF-certified organization has mishandled your data, you have access to:
- The organization’s internal complaint mechanism
- Independent dispute resolution through the DPF Panel
- Binding arbitration as a last resort
- The US Federal Trade Commission (enforcement)
13.2.4 Standard Contractual Clauses (SCCs)
For transfers to countries without adequacy decisions (where DPF does not apply), we use the European Commission’s Standard Contractual Clauses.
Our SCC Implementation:
- We use the appropriate module based on the relationship
- SCCs are incorporated into our Data Processing Agreements with all relevant sub-processors
- We conduct Transfer Impact Assessments (TIAs) to evaluate the legal framework of the destination country
- We implement supplementary measures where TIAs identify risks
Supplementary Measures We Apply:
| Type | Measure | Purpose |
|---|---|---|
| Technical | Encryption in transit and at rest | Data remains protected even if intercepted |
| Technical | Pseudonymization where possible | Reduces re-identification risk |
| Organizational | Strict access controls, need-to-know basis | Limits who can access personal data |
| Contractual | Notification obligations for government access requests | Transparency about any compelled disclosure |
| Contractual | Commitment to challenge unlawful access requests | Legal protection of data |
13.2.5 Transfer Impact Assessments
For each transfer to a non-adequate country, we conduct a Transfer Impact Assessment evaluating:
- Circumstances of the transfer (data types, purposes, frequency)
- Legal framework of the destination country (surveillance laws, government access, rule of law)
- Effectiveness of the safeguards (SCCs + supplementary measures)
- Practical experience (has the importer received government access requests?)
We document these assessments and review them annually or when circumstances change.
13.3 Sub-Processor International Transfers
| Sub-Processor | Location | Transfer Mechanism |
|---|---|---|
| AWS | EU | No transfer required |
| Vercel | US/EU | EU-US DPF + SCCs |
| Cookiebot by Usercentrics | EU | No transfer required |
| Stripe | EU | No transfer required |
| Twilio | US | EU-US DPF + SCCs |
| Firebase (Google) | US/EU | EU-US DPF |
| Apple (APNS) | US | SCCs |
| Amplitude | US | EU-US DPF |
| Microsoft Clarity | US/EU | EU-US DPF + SCCs |
| Meta / Facebook | US/EU | EU-US DPF + SCCs |
| Notion | US/EU | SCCs |
| SparkPost | EU | No transfer required |
| Datadog | EU | No transfer required |
13.4 Your Rights Regarding International Transfers
You have the right to:
- Request information about which countries your data may be transferred to
- Obtain a copy of the safeguards in place (SCCs, DPF certification confirmation)
- Object to transfers where you believe safeguards are inadequate (we will assess your objection)
- Lodge a complaint with VDAI if you believe transfers are unlawful
To request copies of transfer safeguards, contact privacy@backoffice.lt.
13.5 Changes to Transfer Mechanisms
We monitor developments in international data transfer law, including:
- European Court of Justice decisions
- EDPB guidance and recommendations
- Changes to adequacy decisions
- Updates to the EU-US Data Privacy Framework
If a transfer mechanism becomes invalid, we will promptly implement alternative safeguards or cease transfers until appropriate mechanisms are in place. We will notify affected users of material changes to our international transfer practices.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make changes:
- Minor changes: Updated on our website with new “Last Updated” date
- Material changes: We will notify you via email and/or in-app notification at least 30 days before changes take effect
Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.
15. Contact Us
For any questions, concerns, or requests regarding this Privacy Policy or our data practices:
UAB Backoffice Solutions
- Address: Švitrigailos g. 11K-109, LT-03228 Vilnius, Lithuania
- Email: privacy@backoffice.lt
We aim to respond to all inquiries within 5 business days.
Response Commitment:
- Privacy requests: Human acknowledgment within 5 business days
- Urgent matters (data breach, access issues): Response within 2 business days
- We do not use chatbots for privacy requests. A real person will read and respond to your message.
16. Data Processing Agreement
For Account Holders who require a Data Processing Agreement (DPA) for GDPR compliance, please contact us at support@backoffice.lt. Our DPA covers:
- Processing instructions and scope
- Sub-processor list and notification procedures
- Security measures and certifications
- Data breach notification procedures
- Assistance with data subject requests
- Data return and deletion upon termination
This Privacy Policy is effective as of April 3, 2026 and supersedes all prior versions.