General Provisions
1.1. This Privacy Policy (hereinafter – the Policy) regulates the principles and procedure for the processing of personal data carried out by Mikroautobusų nuoma, UAB – a company established and operating under the laws of the Republic of Lithuania, legal entity code 304611351, registered address: Geležinkelio g. 3, Kaunas, Republic of Lithuania, with data collected and stored in the Register of Legal Entities of the Republic of Lithuania (hereinafter – we, the Data Controller) – as well as the terms and conditions of the website owned by the Data Controller, www.mikroautobusunuomaeu.lt (hereinafter – the Website).
1.2. We strive to ensure that our product and service customers, Website users, and all persons whose data we process trust our operations and are transparently informed about how we manage their personal data. In this Policy, you will find information on how we collect and use (or intend to collect and use) your personal data.
1.3. In our activities, we adhere to the following data processing principles:
1.3.1. Personal data must be processed lawfully, fairly, and transparently in relation to the data subject (principle of lawfulness, fairness, and transparency);
1.3.2. Personal data must be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes. Further processing for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes is not considered incompatible (purpose limitation principle);
1.3.3. Personal data must be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed (data minimisation principle), and we ensure that services are provided only to those who provide necessary data;
1.3.4. Personal data must be accurate and, where necessary, kept up to date. Every reasonable step must be taken to ensure that inaccurate personal data are erased or rectified without delay (accuracy principle);
1.3.5. Personal data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. Longer retention periods are permitted for archiving in the public interest, scientific or historical research, or statistical purposes, subject to appropriate safeguards (storage limitation principle);
1.3.6. Personal data must be processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (integrity and confidentiality principle);
1.3.7. We are responsible for compliance with the above principles and must be able to demonstrate that compliance (accountability principle).
1.4. This Policy is drawn up in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation – GDPR), the Law on Legal Protection of Personal Data of the Republic of Lithuania, and other applicable EU and national legal acts. Terms used in this Policy are understood as defined in GDPR and the Lithuanian Law.
Collection, processing, and storage of personal data
2.1. It is very important that you read this Policy carefully, because when you visit the Website, use our services, or submit an inquiry, this Policy will be directly applicable to the collection, processing, and, where provided, transfer of your personal data.
2.2. It is very important that you read this Policy carefully, because when you visit the Website, purchase goods and services, and in other cases of providing personal data, this Policy will be directly applicable to the collection, processing, and, in the cases provided for in the Policy, the transfer of your personal data to data recipients.
2.3. If you do not agree with this Policy and the processing of personal data described in it, please do not visit the Website and/or do not purchase our goods and services.
2.4. You are responsible for ensuring that the data you provide are accurate, correct, and complete. The provision of knowingly incorrect data is considered a violation of the Policy. If the data you provided change, you are obligated to inform us. Under no circumstances are we liable for any damage caused to you and/or third parties due to your provision of incorrect and/or incomplete personal data or your failure to request the update and/or correction of the data once they have changed.
2.5. The entities to whom we may disclose your personal data are specified under each of the data processing activities described below. We may transfer your data to our contracted service providers, such as IT service providers, email and server providers, and other providers who process data on our behalf.
2.6. You have the right at any time to request the deletion of your personal data, except in cases where we have a legal obligation to retain such data. You may submit a data deletion request via email to: info@mikroautobusunuomaeu.lt. In the request, please indicate your name, surname, email address used with our services, and clearly state your data deletion request. Upon receiving the request, we will respond no later than within 30 calendar days.
Personal Data Processing for the Purpose of Goods and Services Sale
3.1. We provide minibus rental services remotely – via the website and other electronic channels – to both private individuals and legal entities. For each service provision, it is necessary to obtain certain personal data, which we process for the following purposes related to the provision of services:
3.1.1. Administration of customer inquiries, reservations, and accounts.
The legal basis for the processing of personal data is Article 6(1)(f) of the GDPR (legitimate interest to manage customer reservations and ensure service availability).
3.1.2. Provision of minibus rental services (including vehicle preparation, handover, return, and communication with the customer).
The legal basis is Article 6(1)(f) of the GDPR (legitimate interest to provide the ordered service to the customer and ensure that all processes run smoothly).
3.1.3. Compliance with accounting obligations.
The legal basis is Article 6(1)(c) of the GDPR (legal obligation under applicable legislation).
3.2. Some personal data is necessary to ensure the proper provision of services or to fulfill legal obligations (e.g., accounting). Failure to provide necessary data may result in an order not being fulfilled.
3.3. For the above-mentioned purposes, the following personal data may be processed (depending on the situation, only part of these data may be collected):
3.3.1. The individual’s first name, last name, email address, phone number;
3.3.2. The representative’s first name, last name, company name, contact details of a legal entity;
3.3.3. Minibus pickup and return location, date, and time;
3.3.4. Information about the driver (if different from the customer): first name, last name, validity of the driver’s license (if required for service provision).
The legal basis is Article 6(1)(f) of the GDPR (legitimate interest to ensure service conditions and safety).
3.3.5. Information about the use of the website (e.g., IP address, session duration, browsing actions);
3.3.6. Other information required for service provision (e.g., special requests, additional services).
3.4. Our service providers (e.g., IT, server maintenance, email service providers), who act as data processors, may have access to the personal data processed for these purposes.
Personal Data Processing for Debt Management
4.1. If you, as our customer, delay payment for services rendered, we may be required to process personal data obtained from you for the purpose of debt management:
4.1.1. The individual’s first name and last name, address, phone number, and email address;
4.1.2. Other necessary data in this context.
4.2. The legal basis for the processing of personal data is Article 6(1)(f) of the GDPR – our legitimate interest in obtaining payment for goods sold and services rendered.
4.3. Your data, processed for this purpose, may be transferred to third parties – courts, bailiffs, and we engage IT service providers and lawyers as data processors to process this data.
Personal Data Processing for Accounting Purposes
5.1. In case you purchase our services, we process the following personal data for accounting purposes:
5.1.1. The individual’s first name and last name;
5.1.2. Address, email address, phone number.
5.2. The legal basis for personal data processing is Article 6(1)(c) of the GDPR – legal obligation to maintain accounting records, and Article 6(1)(f) – legitimate interest to ensure smooth service management.
5.3. We do not transfer your data processed for this purpose to third parties, but we engage IT service providers acting as data processors for data processing.
Personal Data Retention Policy
6.1. While processing and storing your personal data, we implement organizational and technical measures to ensure personal data protection from accidental or unlawful destruction, alteration, disclosure, and from any other unlawful processing.
6.2. We apply different retention periods for personal data depending on the purpose for which specific personal data is processed.
6.3. The following retention periods apply to personal data:
| No. | Purpose of Personal Data Processing | Retention Period |
| 1. | Accounting records | 10 years from the issuance of the accounting document |
| 2. | Customer account administration | 3 years from the last login |
| 3. | Provision and administration of services | 5 years from the service completion or the last payment for the service. |
6.4. Exceptions to the above retention periods may be established as long as such deviations do not violate your rights as a data subject, comply with legal requirements, and are properly documented, for example, due to the need to comply with legal requirements.
6.5. If certain data is required to assert, exercise, or defend legal claims, we will retain it for as long as necessary for those purposes.
Your Rights
7.1. You have the right to access your personal data processed by us at any time, upon request, and learn how they are being processed. You also have the right to request correction of inaccurate, incomplete, or incorrect personal data and to request the suspension of the processing of your personal data, excluding storage, if the data is processed in violation of legal requirements.
7.2. To the extent that the processing of personal data is based on consent, you have the right to withdraw your consent at any time without affecting the legality of the data processing based on consent before its withdrawal.
7.3. You can exercise your rights by submitting a written request to the email address info@mikroautobusunuomaeu.lt, by mail at Geležinkelio g. 3, Kaunas, Republic of Lithuania, or directly at the provided address.
Contact Information and Filing Complaints
8.1. If you have any questions regarding the operations of the online store or the protection of personal data, please feel free to contact us via email at info@mikroautobusunuomaeu.lt.
8.2. If you are not satisfied with our response or believe that we are processing your data in violation of legal requirements, you have the right to lodge a complaint with the State Data Protection Inspectorate of the Republic of Lithuania as the supervisory authority.
Information about the Cookies Used
9.1. When you visit our websites, we aim to provide content and functionality that meets your needs. For this, we use cookies. Cookies are small text files stored in your browser or device (personal computer, mobile phone, or tablet).
9.2. Through cookies, we aim to ensure a better experience for individuals browsing our websites and to improve the websites themselves.
9.3. Through cookies, we collect the IP addresses of website visitors’ computers. An IP address is the identifier of a computer in internet protocol networks. It can be used to gather various statistical and demographic information for website administration and network troubleshooting, but it is not used to determine your identity. Using cookies, we collect data on the purchase of goods and services and the use of the website.
9.4. Detailed information about the cookies used:
| Cookie Name | Purpose of Data Processing | Creation Time | Expiry Time | Data Used |
|---|---|---|---|---|
| eu_cookies_bar | Cookie to record cookie consent choices | After consent is given | 1 year | Unique ID number |
| wp_woocommerce_session | Cookie to assign a code to identify the visitor and find their cart data | Upon entering the website | 48 hours | Unique visitor code |
| pll_language | Saves language selection preference | Upon entering the website | 2 years | Selected language |
| wordpress_logged_in | Cookie to recognize logged-in users | Upon logging in | 1 year | Unique logged-in user code |
| woocommerce_cart_hash | Stores the visitor’s cart information in the online store | Upon entering the website | 1 year | Unique visitor cart number |
| woocommerce_items_in_cart | Determines the number of items in the cart | Upon entering the website | 1 year | Indicator whether the cart has items |
| XSRF-TOKEN | Ensures protection from automatic form submission | After search selection | 24 hours | Unique authentication number |
| _ga | Google cookie for “google analytics” functionality | Upon entering the website | 2 years | Unique client ID number |
| laravel_session | Cookie to identify the user’s session and prevent website request spoofing | Upon entering the website | 2 hours | Unique authentication number |
9.5. You can delete or block cookies by selecting the appropriate settings in your browser that allow you to refuse all or some cookies. Each browser is different, so if you don’t know how to change cookie settings, you should find this information in the browser’s help menu. Please note that by using such browser settings that block cookies (including essential cookies), you may experience issues using all or some website features.
Third-party Personal Data Processing
10.1. In certain cases, we may disclose your information to other entities than those described above:
10.1.1. To comply with laws or respond to mandatory court process requirements (e.g., upon receiving a court order to provide data);
10.1.2. To confirm the legality of our actions;
10.1.3. To protect our rights, property, or ensure their security;
10.1.4. In other cases with your consent or lawful request.
10.1.5. We treat all requests for disclosure of personal data to competent authorities responsibly, assess their legality, and seek to disclose only the minimum necessary information (data minimization principle). Such requests and our responses to them are documented, along with the legal basis and involved parties. If we consider the request unlawful, we have the right to challenge it under applicable laws.
10.2. Any personal data you provide to us may be disclosed to competent authorities directly in cases provided for by law.
10.3. We also draw your attention that the Website contains links to websites of other persons, companies, or organizations, and we are not responsible for the content of such websites and/or the privacy protection methods they use, so before submitting any information about yourself on another website, you should familiarize yourself with the respective website’s rules, privacy policy, and other provided information.
Final Provisions
11.1. The legal relations related to this Policy are governed by the laws of the Republic of Lithuania.
11.2. We are not responsible for any damage, including damage caused by disruptions in the use of the website, data loss or corruption arising from actions or inactions by you or third parties acting with your knowledge, including incorrect data entry, other errors, deliberate harm, or any improper use of websites. We are also not responsible for disruptions in access to and/or use of websites and the resulting damage caused by third parties unrelated to us, you, or other data subjects, including electricity or internet access supply disruptions, etc.
11.3. This Policy is reviewed and, if necessary, updated no less frequently than every two years. Any additions or changes to the Policy will take effect from the date they are published on the website.
11.4. If you use the website and purchase goods and services after the Policy has been updated, we will consider that you do not object and are aware of the changes made.
Privacy Policy version date: May 23, 2025.