Back to home

GDPR Compliance

Last updated: March 2, 2026

Our Commitment

Booleanbrain, MB is committed to protecting personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"). As a company based in the EU (Vilnius, Lithuania), we are fully subject to and compliant with GDPR requirements.

Data Controller

Booleanbrain, MB acts as the data controller for personal data collected through the ReguLingo platform.
Address: Perkūnkiemio g. 13-91, LT-12114, Vilnius, Lithuania
Contact: [email protected]

Lawful Bases for Processing

We process personal data under the following lawful bases as defined in Article 6 of the GDPR:

Processing Activity	Lawful Basis
Providing platform services	Performance of contract (Art. 6(1)(b))
Account creation and management	Performance of contract (Art. 6(1)(b))
Analytics and platform improvement	Legitimate interest (Art. 6(1)(f))
Marketing communications	Consent (Art. 6(1)(a))
Legal compliance	Legal obligation (Art. 6(1)(c))

Your Rights Under GDPR

As a data subject, you have the following rights:

• Right of Access (Art. 15): Request a copy of the personal data we hold about you.
• Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data.
• Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten").
• Right to Restrict Processing (Art. 18): Request limitation of how we process your data.
• Right to Data Portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format.
• Right to Object (Art. 21): Object to processing based on legitimate interest or for direct marketing.
• Right to Withdraw Consent (Art. 7): Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

Data Processing Agreements

We maintain Data Processing Agreements (DPAs) with all third-party service providers who process personal data on our behalf, in accordance with Article 28 of the GDPR.

Data Breach Notification

In the event of a personal data breach, we will:

• Notify the Lithuanian State Data Protection Inspectorate within 72 hours of becoming aware of the breach, where feasible.
• Notify affected data subjects without undue delay if the breach poses a high risk to their rights and freedoms.
• Document all breaches, including their effects and remedial actions taken.

Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for processing activities that are likely to result in high risks to the rights and freedoms of individuals, as required by Article 35 of the GDPR.

International Data Transfers

We primarily process data within the EEA. For any transfers outside the EEA, we rely on:

• EU adequacy decisions
• Standard Contractual Clauses (SCCs) approved by the European Commission

Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected. Account data is retained while your account is active and for up to 12 months after deletion for legal and audit purposes.

Supervisory Authority

You have the right to lodge a complaint with your local data protection supervisory authority. Our lead supervisory authority is:

Valstybinė duomenų apsaugos inspekcija (State Data Protection Inspectorate)
Website: vdai.lrv.lt

Contact

For any GDPR-related inquiries, contact us at:
Booleanbrain, MB
Perkūnkiemio g. 13-91, LT-12114, Vilnius, Lithuania
[email protected]