Privacy Policy

This Privacy Policy explains how TotemCRM ("we", "us") collects, uses, and protects your personal data when you use our website (totemcrm.eu), our application (app.totemcrm.eu), and related services. We process data in line with the EU General Data Protection Regulation (GDPR) and other applicable laws. Our operations are based in Lithuania, European Union.

Where you have a signed CRM Software Subscription Agreement with Totem CRM, a separate Data Processing Agreement (DPA) may apply to the processing of personal data on your behalf; that DPA forms part of your contract with us.

1. Data controller

The data controller for the personal data described in this policy is Totem CRM, Lithuania. Contact: info@totemcrm.eu, +370 625 34 396.

2. What data we collect

• Account and usage: When you sign up or use the CRM, we collect information such as name, email address, password (stored in hashed form), and usage data (e.g. login times, actions within the app) necessary to provide the service.
• Data you add to the CRM: Content you enter (clients, contacts, deals, tasks, notes, etc.) is stored and processed on our systems to provide the CRM functionality. You are responsible for ensuring you have a lawful basis to process such data (e.g. as a controller under GDPR).
• Website and demo requests: When you visit our website or submit a demo or contact form, we may collect your name, email, company name, and message. We use this to respond to your request and, with your consent where required, to send relevant information about TotemCRM.
• Technical and analytics: We may collect IP address, browser type, device information, and similar technical data. We use Google Analytics (or similar) on our marketing website to understand how visitors use our site; you can control cookies via your browser settings.

3. Why we process your data

We process your data to:

• Provide, operate, and improve the TotemCRM service.
• Create and manage your account, authenticate you, and enforce our Terms of Service.
• Respond to your enquiries, demo requests, and support needs.
• Send service-related or marketing communications where we have your consent or a legitimate interest, in line with applicable law.
• Comply with legal obligations and protect our rights and security.

Lawful basis under GDPR

We only process your personal data where we have a lawful basis under Article 6 GDPR:

• Performance of a contract: Providing the CRM, managing your account, and delivering the services you requested (e.g. demo or contact requests). This is necessary to perform our contract with you or to take steps at your request before entering a contract.
• Legitimate interests: Improving our service, security and fraud prevention, understanding how our website is used (analytics), and defending our rights. We rely on this only where our interests are not overridden by your rights; you may object as set out in section 7.
• Consent: Where we ask for your consent (e.g. non-essential cookies, marketing emails), we process on that basis. You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
• Legal obligation: Where we must retain or disclose data to comply with applicable law (e.g. tax, regulatory, or court orders).

4. Data storage and security

Your data is stored on servers within the European Union. We apply technical and organisational measures to protect your data against unauthorised access, loss, or misuse. Access to personal data is limited to those who need it to provide the service or support.

5. How long we keep data

We retain your data for as long as your account is active and as needed to provide the service, respond to your requests, and comply with legal obligations. After you cancel your account, we may retain some data for a limited period for backup, legal, or dispute-resolution purposes, after which it is deleted or anonymised. Specific retention periods may be stated in the application or in our Terms of Service.

6. Sharing and sub-processors

We do not sell your personal data. We may share data with service providers (e.g. hosting, email, analytics) who act as processors on our instructions and are bound by data processing agreements. We may also disclose data where required by law or to protect our rights. If we use sub-processors outside the EEA, we ensure appropriate safeguards (e.g. standard contractual clauses) are in place.

7. Your rights

Under GDPR and applicable law, you have the right to:

• Access your personal data and receive a copy.
• Rectify inaccurate or incomplete data.
• Request erasure of your data in certain circumstances.
• Restrict processing in certain circumstances.
• Data portability (receive your data in a structured, machine-readable format).
• Object to processing based on legitimate interests, including profiling.
• Withdraw consent at any time, where processing was based on consent.
• Lodge a complaint with a supervisory authority (e.g. in Lithuania: State Data Protection Inspectorate).

To exercise these rights, contact us at info@totemcrm.eu. We will respond within the time limits set by applicable law.

8. Cookies

Our website may use cookies and similar technologies for essential operation, analytics, and (where you consent) marketing. You can manage cookies through your browser settings. Blocking certain cookies may affect site functionality.

9. Changes

We may update this Privacy Policy from time to time. We will post the updated version on this page and indicate the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy. Material changes may be communicated by email or a notice in the application where appropriate.

10. Contact

For privacy-related questions or requests, contact us at info@totemcrm.eu or call +370 625 34 396.