Your privacy is important to us. This policy explains what information we collect when you visit multiuniversal.com or interact with our AI agent, how we use it, and your rights regarding that data. It is provided in accordance with the EU General Data Protection Regulation (GDPR) and the Law on Legal Protection of Personal Data of the Republic of Lithuania.
Data controller: Multiuniversal UAB, Giruliu g. 10, Vilnius LT-12112, Lithuania. Company code 305002969. Email: privacy@multiuniversal.com
- What we collect
- Legal basis for processing
- How we use it
- How we share it
- Cookies and storage
- How we store and secure it
- Your rights and choices
- Contact us and supervisory authority
What we collect
Information you provide directly: When you use the contact form or interact with our AI chat agent, you may provide your name, company name, job role, and email address, along with the content of your messages.
Information collected automatically: When you visit our website, we collect your IP address, browser type, operating system, and referring URL. This is inherent to how web servers operate and cannot be entirely avoided.
AI chat conversations: Messages exchanged with our AI agent are stored in our systems to allow us to follow up on enquiries. Each chat session is assigned a unique identifier. We extract lead information (name, company, role, email) from conversation content where provided. The AI model runs on our own on-premises server — your conversation content is not sent to any third-party AI provider.
Analytics: We run our own first-party analytics to understand how visitors use our website. This collects: pages visited, page title, referring URL, UTM campaign parameters, time spent on each page, scroll depth, screen dimensions, browser language, and timezone. A hashed device fingerprint (derived from browser and device characteristics — no raw data is stored) is used to distinguish sessions without using cookies. A session token is stored in your browser's sessionStorage (not a cookie) for the duration of your visit and deleted automatically when you close the tab. All analytics data is sent to our own servers only — no third-party analytics provider is involved.
Cookies: We set a single session cookie to maintain your connection. See the Cookies and storage section for details.
Legal basis for processing
We process personal data only where we have a lawful basis to do so. The table below maps each processing activity to its legal basis under GDPR Article 6.
| Processing activity | Legal basis |
|---|---|
| Responding to contact form and chat enquiries | Art. 6(1)(b) — necessary to take steps at your request prior to entering a contract |
| Storing chat conversations and lead data to follow up on business discussions | Art. 6(1)(f) — legitimate interest in managing potential business relationships |
| Server access logs (IP address, browser, timestamps) | Art. 6(1)(f) — legitimate interest in operating and securing our website |
| Session cookie | Art. 6(1)(f) — strictly necessary for website functionality; exempt from consent under ePrivacy Directive |
| Improving AI agent responses through conversation review | Art. 6(1)(f) — legitimate interest in improving our service quality |
| First-party website analytics (page views, session data, scroll depth, device fingerprint) | Art. 6(1)(f) — legitimate interest in understanding how our website is used in order to improve it; no third parties involved |
Where we rely on legitimate interest, we have assessed that our interests do not override your rights and freedoms. You have the right to object to any such processing at any time.
How we use it
To respond to enquiries: Information submitted via the contact form or chat is used to respond to your enquiry, typically within 24–48 hours.
To follow up on business discussions: Where you have expressed interest in our services, we may retain your contact information to continue that conversation.
To improve our services: We review conversation data to improve our website and AI agent response quality.
To secure our systems: Server logs are used to detect and investigate security incidents.
To understand and improve website performance: First-party analytics data (page views, session duration, scroll depth, referrer, UTM parameters) is used to understand how visitors navigate the site and to identify areas for improvement. This data is not used for advertising or shared with any third party.
We do not use your information for automated decision-making that produces legal or similarly significant effects, for advertising, or for profiling.
How we share it
We do not sell your personal data. We do not share it with third parties for marketing purposes.
Email delivery: Contact form submissions trigger an email notification sent via Zoho Mail's SMTP servers (Zoho Corporation Pvt. Ltd.). Zoho processes your name, email address, and message content solely to deliver the email on our behalf. Zoho is an EU-compliant data processor.
Legal disclosure: We may disclose personal data where required by law, court order, or to protect our legal rights.
We do not use any third-party analytics, advertising, or tracking services on this website.
Cookies and storage
We use one first-party cookie and one sessionStorage entry:
| Name | Type | Duration | Purpose |
|---|---|---|---|
mu_sid | Cookie — strictly necessary | Browser session | Maintains your secure session and CSRF protection token. Deleted when you close the browser. |
bcc_s_* | sessionStorage — analytics | Browser tab session | Holds a random session token used by our first-party analytics to group page views within a single visit. Automatically deleted when the tab is closed. Not accessible to any third party. |
We do not use advertising cookies, tracking cookies, or any third-party cookies.
You can configure your browser to block or delete cookies and clear sessionStorage at any time. Blocking mu_sid may affect form submission functionality.
How we store and secure it
Your data is stored on our own servers located within Lithuania (EU). We use encrypted connections (HTTPS/TLS), access controls, and secure password storage. The AI model that processes your chat messages runs entirely on-premises — your conversation is not transmitted to any external AI provider.
Retention periods:
- Contact form and chat enquiry data: up to 3 years from the date of last contact, or until you request deletion
- Server access logs: up to 90 days
- Analytics data (page views, session events): up to 24 months
- Session cookies and sessionStorage: deleted at end of browser session or tab close
Your rights and choices
Under GDPR, you have the following rights regarding your personal data:
- Access — request a copy of the data we hold about you
- Rectification — request correction of inaccurate data
- Erasure — request deletion of your data ("right to be forgotten")
- Restriction — request that we restrict processing in certain circumstances
- Portability — request your data in a structured, machine-readable format
- Object — object to processing based on legitimate interest at any time. We will cease unless we can demonstrate compelling legitimate grounds that override your interests
- Withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing
To exercise any of these rights, email us at privacy@multiuniversal.com. We will respond within 30 days. We may ask you to verify your identity before acting on a request.
Contact us and supervisory authority
For questions or concerns about this policy or our data practices, contact us:
Multiuniversal UAB
Giruliu g. 10, Vilnius LT-12112, Lithuania
Email: privacy@multiuniversal.com
If you are not satisfied with our response, you have the right to lodge a complaint with the competent supervisory authority:
State Data Protection Inspectorate (VDAI)
Valstybinė duomenų apsaugos inspekcija
L. Sapiegos g. 17, Vilnius LT-10312, Lithuania
Email: ada@vdai.lrv.lt
Website: vdai.lrv.lt
If you are based in another EU member state, you may also lodge a complaint with your local supervisory authority.
Changes to this policy: We may update this policy from time to time. Material changes will be reflected in the date at the top of this page. We encourage you to review this page periodically.