Privacy Policy

1. Who we are (the controller)

The controller of your personal data is [Įmonės pavadinimas / Company name], [legal form, e.g. UAB / MB], legal entity code [Įmonės kodas / Company code], registered office [Buveinės adresas / Registered address].

For privacy matters you can reach us by email at [El. paštas / Email] or by phone at [Telefonas / Phone]. All matters relating to this policy are handled by the controller.

• Name and legal form: [Įmonės pavadinimas / Company name], [legal form]
• Legal entity code: [Įmonės kodas / Company code]
• VAT code (if applicable): [PVM kodas / VAT code]
• Registered address: [Buveinės adresas / Registered address]
• Email: [El. paštas / Email] · Phone: [Telefonas / Phone]

2. Data Protection Officer and contact point

Where the company has appointed a Data Protection Officer (DPO), their contact details are [DPO name and contact details, if appointed].

Where a DPO is not required and has not been appointed, you can contact our data-protection contact point instead: [Data-protection contact point / Email].

3. What personal data we collect

We only process data that is needed for the purposes described below. Most of it you provide yourself by completing an enquiry or contact form; some technical data is collected automatically as you browse the website [Svetainės adresas / Website URL].

• Contact / enquiry form data: name, email, phone number, message content
• Technical data: IP address, browser and device information, server log entries
• Cookie and usage data (see the Cookie Policy)
• [Other categories of personal data, if collected]

4. Purposes and legal bases

We process personal data only where we have a legal basis under Article 6 GDPR. Each purpose relies on the corresponding basis:

• Responding to enquiries and handling leads — your consent and/or steps taken before entering a contract (Art. 6(1)(a)/(b))
• Operating and securing the website, and keeping logs — our legitimate interest in keeping the service safe and reliable (Art. 6(1)(f))
• Sending newsletters or marketing messages — your separate consent (Art. 6(1)(a))
• Meeting legal and accounting obligations — legal obligation (Art. 6(1)(c))

5. Who we share data with (recipients)

We do not sell your personal data. We only share it with trusted processors acting on our behalf under agreements that meet Article 28 GDPR, or where required by law.

• Hosting / IT provider acting as a processor: [Hosting provider and country]
• Email or communications providers (if used): [Processor names]
• Professional advisers and public authorities where required by law
• [Other recipients or categories of recipients]

6. International transfers (outside the EU / EEA)

[Choose and complete:] By default, your data is processed within the European Union / European Economic Area and is not transferred outside it.

Where a processor transfers data outside the EU / EEA, we only do so under appropriate safeguards — a European Commission adequacy decision (Art. 45 GDPR) or Standard Contractual Clauses (Art. 46 GDPR). Safeguard relied on: [International transfer safeguard, if any]. You can obtain a copy by contacting us at the details above.

7. How long we keep data

We keep personal data only for as long as needed for the purposes above or as required by law. Once the period ends, the data is securely deleted or anonymised.

• Enquiry and correspondence data: [Retention period, e.g. 12 months from last contact]
• Contract and accounting data: for the period required by law [e.g. 10 years]
• Server logs: [Retention period]
• [Retention periods for other categories, or the criteria used to set them]

8. Your rights

Under the GDPR you have the following rights over your personal data. To exercise them, contact us at the details above — we will respond within one month at the latest (Art. 12 GDPR).

• The right to access your data (Art. 15)
• The right to rectification of inaccurate data (Art. 16)
• The right to erasure (the ‘right to be forgotten’, Art. 17)
• The right to restrict processing (Art. 18) and the right to data portability (Art. 20)
• The right to object to processing (Art. 21); the right to object to direct marketing at any time is absolute
• The right to withdraw consent at any time, as easily as it was given, without affecting processing carried out before withdrawal (Art. 7(3))

9. Right to lodge a complaint

If you believe your personal data is being processed unlawfully, you have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). In Lithuania this is the State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija, VDAI).

Verify VDAI's current contact details at the time of publishing, as they may change. Currently published contacts: L. Sapiegos g. 17, 10312 Vilnius; email ada@ada.lt; phone +370 5 271 2804; vdai.lrv.lt (verify before publishing).

10. Is providing data mandatory; automated decisions

Providing data in our forms is voluntary, but without the necessary data (such as your email) we cannot respond to your enquiry or provide the requested service. Consequences of not providing it: [Consequences if required data is not provided].

We do not carry out decision-making based solely on automated processing, including profiling, that would have a legal or similarly significant effect on you. [If this changes, describe the logic, significance and consequences here.]

11. Cookies, changes and contact

Our website uses cookies. You will find full details in our Cookie Policy.

We may update this privacy policy from time to time, for example when laws or our operations change. The current version is always published on this page with the date it was last updated. If you have any questions, contact us at [El. paštas / Email].