Private limited liability company UAB SORMEDICA, legal entity code 123961895, registered office at Linkmenų g. 28, Vilnius, Lithuania, correspondence address V. Kuzmos g. 28, Vilnius, Lithuania (hereinafter – the Company or we), respects and protects your privacy and undertakes to process your personal data fairly and lawfully.

The aim of the present Privacy Policy of the Company (hereinafter – the Privacy Policy) is to inform you about the ways the Company processes your personal data and the rights you have while the Company does so. The Privacy Policy is applicable to you if the Company has some of your personal data to process.

The Privacy Policy can be modified, taking the changes in the legislation, the Company’s activities and other factors into account. Upon the aforementioned changes, we will inform you by posting the amended Privacy Policy text on the Company’s website (hereinafter – the Website). We advise you to regularly review the relevant information about our Privacy Policy on our Website.

The safety of your personal data is one of our priorities. Due to this, while handling personal data, we apply safe organizational and technical tools that ensure sufficient personal data protection.

If you have any questions related to the present Privacy Policy, you can contact our data protection officer via e-mail


The main categories of personal data collected by the Company include but are not limited to the following:

  • Personal identity data– e.g., name, surname, personal number, date of birth.
  • Contact data– e.g., address of place of residence, correspondence address, telephone number, email address.
  • Data about legal entities– e.g., information about a person that represents a legal entity, position of the said person, data about their qualifications, contact information. 
  • Data, received and(or) created while satisfying legislative requirements– e.g., data received pursuant to enquiries of law enforcement institutions, notary publics, tax administrators, courts and bailiffs.
  • Data, related to the provision of services or selling goods– e.g., data about the performance or non-performance of agreements and their validity or invalidity, as well as data about provisions agreements, requests and claims submitted.
  • Video-surveillance data – e.g., data collected from video-surveillance devices.
  • Data, collected from communication and other technical tools– e.g., information obtained via email, messages and other means of communication.


The main purposes of the Company related to processing personal data are as follows:

  • Conclusion and performance of agreements: We process personal data to the extent needed to conclude and perform agreements;
  • Participation in public procurements: When the Company participates in public procurement procedures, certain personal data may be processed to perform legal obligations or satisfy the lawful interests of the Company;
  • Debt management: We process personal data related to the latter in order to manage the debts of our customers, when it is necessary while performing an agreement or in order to ensure the Company’s lawful interest to manage debts;
  • Submitting, performing, transferring and defending legal interests: We process data for reasons related to submitting, performing, transferring and defending legal interests, when it is necessary in order to perform an agreement or a legal obligation, or to pursue a lawful interest of the Company related to the performance of legal requirements;
  • Management of enquiries: We process your personal data while responding to your enquiries due to a lawful interest of the Company;  
  • Internal administration (structural management, record-keeping management, finance and accounting management): We process personal data due to the lawful interests of the Company, while also performing legislative obligations and pursuing internal administration aims (such as adequate management of the Company’s structure, record-keeping, finances and accounting);
  • Recruitment: Upon obtaining a candidate’s consent, the Company processes their personal data obtained during the recruitment procedure. Upon obtaining a separate consent, the Company may collect and process other (additional) personal data of candidates as well.
  • Video surveillance (protection of property and persons): In its premises and entrances to the latter, the Company conducts video surveillance. This is done because, due to specific characteristics of its activities, it is necessary to ensure the protection of the Company’s property and persons when other means or methods are insufficient and(or) inadequate for this purpose (the legal basis for processing data is the Company’s lawful interest to protect its property and the property of its employees and customers [visitors of the premises], and to ensure their safety).
  • Direct marketing: We process personal data for the purpose of direct marketing, in order to offer our products and services, share relevant news, invite to events and present other similar information. For this purpose, personal data is processed only after obtaining your consent to use your data in such a way, or when the customers of the Company do not declare their objections to processing their data for the purposes of direct marketing or marketing of similar services/products (in the latter case, the legal basis of data processing is the Company’s lawful interest to inform its clients about the products/services it can offer);
  • Ensuring the quality of products and services and improvement thereof: Pursuant to the Company’s lawful interest, we collect and analyze personal data that help us improve the services we provide, and develop and better the quality of the products and services we offer; 
  • Market analysis: Having ensured sufficient technical and organizational measures, the Company processes personal data for the purposes of analyzing the market, based on the Company’s lawful interest.


In all cases, we store personal data only for the period needed to achieve the purpose of its collection.

The period of storing personal data that belongs to specific categories is defined by taking the Company’s lawful interests or legislative requirements (e.g., that regulate accounting, archiving or the period of limitation of a certain claim, etc.) into account.


We process the data that we obtain, for example, when you make an enquiry about our products or services, make a purchase, order our services, fill in various questionnaires or submit requests or claims. 

Personal data can be obtained from other sources as well:

  • Law enforcement institutions, governmental institutions and other registries (databases), including but not limited to the State Social Insurance Fund Board under the Ministry of Social Security and Labour, the National Health Insurance Fund under the Ministry of Health, the State Tax Inspectorate under the Ministry of Finance of the Republic of Lithuania, the Public Procurement Office, the State Enterprise Centre of Registers, bailiffs, notary publics, etc.;
  • The contracting entity and other suppliers of public procurements;
  • Partners of the Company (e.g., manufacturers of the devices distributed by the Company, the companies mobilized during public procurement procedures, etc.)
  • Other companies in the Company’s corporal group;
  • Documents (e.g., certificates, etc.) that natural persons or legal entities submit to us while performing contractual or legislative obligations;
  • Legal entities, if you are their representative, employee, founder, shareholder, member, owner, authorized person, etc.

We can obtain your personal data by monitoring our technological tools and services, including emails, and by combining all the information we have about you that was received from various sources.


The data collected for the abovementioned purposes can be transferred to the following recipients: 

  • State bodies and institutions, and other persons entrusted with legislative functions (e.g., law enforcement institutions, bailiffs, notary publics, tax administration institutions);
  • Contracting entities and suppliers that participate in public procurements;
  • Manufacturers of the devices and other products the Company distributes;
  • Other companies in the Company’s corporal group;
  • Debt recovery companies, which acquire the rights to debt claims or which are authorized to perform debt recovery actions on the Company’s behalf;
  • Courts, tribunals, arbitration courts, other institutions of extra-judicial resolution of disputes, notary publics and insolvency administrators;
  • Insurance companies and brokers;
  • Auditors and legal, financial, business and other consultants;
  • Other third parties, upon obtaining consent for each specific case.

In order to process personal data, the Company can engage data processors who are informed about your personal data only to the extent needed to provide their services. Such data processors include subjects that render the services related to data centers, hosting, cloud computing, information technologies infrastructure and others, as well as providers of protection, archiving, advertising, marketing, recruitment and communication services. In such cases, the Company shall apply additional measures to ensure that the aforementioned data processors process personal data in compliance with the Company’s instructions and effective legislation, and shall require them to implement adequate personal data safety measures.


Usually we process personal data in the territory of the European Union/the European Economic Area (hereinafter – EU/EEA). In some cases, personal data may be transferred and processed outside the EU/EEA.

Personal data can be transferred and processed outside the EU/EEA when the said transfer is necessary to conclude or perform an agreement, or you have given your consent to do so – provided adequate protective measures are applied.

Adequate protective measures are as follows:

  • Conclusion of an agreement that contains standard conditions confirmed by the European Commission, or other confirmed provisions, codes of conduct, certificates, etc., approved pursuant to the General Data Protection Regulation (EU) 2016/679;
  • Pursuant to the decision of the European Commission, a country that does not belong to EU/EEA and that harbors the recipient of personal data ensures a sufficient level of personal data protection;
  • The recipient is certified according to the requirements of the agreement between the EU and the United States of America (USA) regarding data protection (also known as the Privacy Shield) (applied to recipients in the USA). 


Upon submitting a request to the Company, you have a right at any time to do the following:

  • Receive information about your personal data processed by the Company and the ways it is done;
  • Request to correct incorrect, inaccurate or incomplete data, delete your personal data or limit the extent of its processing, when personal data is processed without complying to the requirements of legislation, or when there is another legal basis;
  • Request your personal data to be transferred to another data processor, or to be submitted directly to you in a form that suits you (applied to the data submitted by you that are processed via automated means on the basis of an agreement or a consent);
  • Object to the processing of your personal data, if it is processed on the basis of lawful interests, except in cases when there are lawful grounds for such processing or it is done in order to declare, execute or defend legal requirements;
  • In such cases when your personal data is processed in accordance with a separate consent, you have a right to revoke your consent at any time.

All our efforts are being deployed to ensure that your rights are implemented and all your questions regarding the information presented in the present Privacy Policy are fully answered. You can enforce your aforementioned rights and submit complaints, requests or notices by contacting us in the following ways:

  • E-mail to and(or)
  • Written request, sent to this address: V. Kuzmos g. 28, Vilnius, Lithuania.

The Company undertakes to reply to your request within 1 month from the day it is received. If necessary, this term may be extended for 2 additional months, taking the complexity and the amount of requests into account.

You can revoke your consent given to the Company regarding the collection and processing of your personal data for direct marketing processes at any time by sending an email to What is more, you can unsubscribe from the newsletters sent by the Company by clicking on the “Unsubscribe” button at the end of each newsletter.   
If you think that the Company fails to process your personal data adequately, you have a right to submit a complaint to the State Data Protection Inspectorate.