Log in Get account

Privacy Policy

Last updated: 28 05 2026

  1. Introduction

This Privacy Policy (the “Policy”) explains how UAB NEXTEDGE (“NEXTEDGE”, the “Company”, “we”, “our”, or “us”) collects, uses, stores, and otherwise processes personal data.

This Policy applies when you:

  • visit our website;
  • contact us;
  • communicate with us via email or social media;
  • subscribe to updates or marketing communications; or
  • otherwise interact with the Company.

We process personal data in accordance with:

  • Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR);
  • the Law on Legal Protection of Personal Data of the Republic of Lithuania;
  • the Law on Electronic Communications of the Republic of Lithuania; and
  • other applicable legal acts.

The Company may in the future launch financial or payment-related services. In such case, additional privacy notices or updates to this Policy may be introduced in order to provide more detailed information regarding the related personal data processing activities.

  1. Data Controller

UAB NEXTEDGE

Legal entity code: 304230261

Registered address: J. Basanavičiaus g. 26, LT-03224 Vilnius, Lithuania

Website: www.railor.eu 

Email: info@railor.eu 

If you have any questions regarding this Policy or the processing of your personal data, please contact us using the contact details above.

  1. What Personal Data We Process

Depending on your interaction with the Company, we may process the following categories of personal data.

3.1 Identification and Contact Data

Such data may include:

  • name;
  • surname;
  • email address;
  • telephone number;
  • company name;
  • job title or position;
  • correspondence address.

3.2 Communication Data

Such data may include:

  • inquiries;
  • requests;
  • correspondence;
  • communication history;
  • messages sent through contact forms, email, or social media;
  • attachments and documents voluntarily provided to us.

3.3 Technical and Device Data

Such data may include:

  • IP address;
  • browser type and version;
  • operating system;
  • device type;
  • language settings;
  • website usage logs;
  • timestamps;
  • session identifiers;
  • cookie identifiers;
  • website interaction and navigation data.

3.4 Marketing and Subscription Data

Such data may include:

  • marketing consents;
  • subscription preferences;
  • newsletter interaction data;
  • preferences relating to communications.

3.5 Social Media Interaction Data

Such data may include:

  • public profile information;
  • comments;
  • reactions;
  • messages;
  • interactions with the Company’s social media accounts.

We seek to collect only the personal data that is reasonably necessary for the relevant purpose.

  1. Why We Process Personal Data

Purpose of processing

Legal basis

Categories of personal data concerned

Is provision of data mandatory?

Website administration, functionality, and security

Legitimate interest (Article 6(1)(f) GDPR)

Technical and Device Data (as defined in Section 3.3 above)

No

Responding to inquiries, requests, or communications

Legitimate interest (Article 6(1)(f) GDPR); pre-contractual steps (Article 6(1)(b) GDPR), where applicable

Identification and Contact Data (Section 3.1); Communication Data (Section 3.2)

Yes, where necessary for us to respond to your inquiry

Sending newsletters or marketing communications

Consent (Article 6(1)(a) GDPR); legitimate interest (Article 6(1)(f) GDPR), where permitted by applicable law

Identification and Contact Data (Section 3.1); Marketing and Subscription Data (Section 3.4)

No

Website analytics and improvement

Consent (Article 6(1)(a) GDPR), where required; legitimate interest (Article 6(1)(f) GDPR) for essential technical analytics and security monitoring

Technical and Device Data (Section 3.3)

No

Administration of social media accounts and communication through social media

Legitimate interest (Article 6(1)(f) GDPR)

Social Media Interaction Data (Section 3.5); Communication Data (Section 3.2)

No

Compliance with legal obligations and protection of legal claims

Legal obligation (Article 6(1)(c) GDPR); legitimate interest (Article 6(1)(f) GDPR)

Any categories of personal data relevant to the specific purpose

Where required by law
  1. Where We Obtain Personal Data From

We usually obtain personal data directly from you.

Where necessary, we may also obtain personal data from:

  • publicly available sources;
  • social media platforms;
  • service providers;
  • professional advisers;
  • competent authorities or official registers;
  • business partners or counterparties.
  1. Sharing of Personal Data

Where necessary and permitted by applicable laws, we may share personal data with:

  • IT and hosting service providers;
  • website analytics and technical service providers;
  • electronic communications service providers;
  • legal, audit, tax, compliance, or other professional advisers;
  • companies within the same group of companies, where relevant;
  • public authorities, regulators, courts, or law enforcement authorities;
  • potential or actual investors, purchasers, or advisers in connection with a corporate transaction.

We require service providers processing personal data on our behalf to implement appropriate technical and organizational security measures.

  1. International Transfers

Some service providers used by the Company may process personal data outside the European Economic Area (“EEA”).

Where personal data is transferred outside the EEA, the Company ensures that appropriate safeguards are implemented in accordance with GDPR requirements, including:

  • adequacy decisions adopted by the European Commission;
  • Standard Contractual Clauses approved by the European Commission; or
  • other lawful transfer mechanisms under Chapter V GDPR.

You may contact us for additional information regarding the safeguards applied to international transfers of personal data.

  1. Retention of Personal Data

We retain personal data only for as long as necessary for the purposes described in this Policy or as required by applicable laws.

Typical retention periods include:

Purpose

Retention period

Website security and technical logs

Up to 12 months

General inquiries and correspondence

Up to 3 years

Marketing communications

Until consent withdrawal or objection

Social media communications

Until deletion of the interaction or as long as necessary for the relevant purpose

Data necessary for protection of legal claims

Up to 10 years, where required under applicable laws

Longer retention periods may apply where required by law or necessary for the establishment, exercise, or defense of legal claims.

  1. Your Rights

Subject to the conditions and limitations established under applicable laws, you have the following rights:

  • right of access;
  • right to rectification;
  • right to erasure (“right to be forgotten”);
  • right to restriction of processing;
  • right to data portability;
  • right to object to processing;
  • right to withdraw consent at any time where processing is based on consent;
  • right to lodge a complaint with a supervisory authority.

If you believe that your personal data has been processed unlawfully, you may lodge a complaint with the State Data Protection Inspectorate of the Republic of Lithuania (Valstybinė duomenų apsaugos inspekcija).

We encourage you to contact us first so that we may attempt to resolve your concern.

  1. Cookies and Similar Technologies

Our website uses cookies and similar technologies to:

  • ensure proper website functionality;
  • improve user experience;
  • analyze website traffic and performance;
  • maintain website security.

Some cookies are strictly necessary for the operation of the website, while others may be used for analytics or similar purposes.

Where required by law, non-essential cookies will only be used after obtaining your consent.

You may manage cookie preferences through your browser settings or through the cookie management tool available on the website.

The Company uses third-party analytics or technical service providers, such as:

  • Google Analytics;
  • Google Tag Manager;
  • other similar technologies used for website administration, analytics, or security purposes.

The specific cookies and technologies used may change over time depending on the development of the website and related services.

  1. Automated Decision-Making

The Company does not make decisions based solely on automated processing, including profiling, that would produce legal effects concerning you or similarly significantly affect you.

  1. Changes to this Policy

The Company may update this Policy from time to time.

The latest version of the Policy will always be published on the website together with the effective date.

  1. Contact

If you have questions regarding this Policy or wish to exercise your rights, please contact us:

UAB NEXTEDGE

Website: www.railor.eu 

Email: info@railor.eu