General Provisions
1.1. This Privacy Policy (hereinafter – the Policy) regulates the principles and procedures for the processing of personal data carried out by Mikroautobusų nuoma, UAB, a company established and operating under the laws of the Republic of Lithuania, legal entity code 304611351, registered office address: Geležinkelio g. 3, Kaunas, Republic of Lithuania. The company’s data is collected and stored in the Register of Legal Entities of the Republic of Lithuania (hereinafter – we, the Data Controller). This Policy also governs the terms and conditions of the website mikroautobusunuomaeu.lt (hereinafter – the Website), which is owned by the Data Controller.
1.2. We aim to ensure that the buyers of our goods and services, as well as users of the Website whose personal data we process, have complete trust in our operations and are transparently informed about how we process their data. In this Policy, you will find information on how we collect and use (or intend to collect and use) your personal data.
1.3. In our activities, we follow these principles of data processing:
1.3.1. Personal data must be processed lawfully, fairly, and transparently in relation to the data subject (principle of lawfulness, fairness, and transparency);
1.3.2. Personal data must be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes shall not be considered incompatible with the initial purposes (purpose limitation principle);
1.3.3. Personal data must be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed (data minimization principle);
1.3.4. Personal data must be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (accuracy principle);
1.3.5. Personal data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as they will be processed solely for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, subject to the implementation of appropriate technical and organizational measures required to safeguard the rights and freedoms of the data subject (storage limitation principle);
1.3.6. Personal data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures (integrity and confidentiality principle);
1.3.7. We are responsible for and must be able to demonstrate compliance with the above principles (accountability principle).
1.4. This Policy is drawn up in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter – GDPR), the Law on Legal Protection of Personal Data of the Republic of Lithuania (hereinafter – LLPPD), and other applicable legal acts of the European Union and the Republic of Lithuania. The terms used in this Policy are understood as defined in the GDPR and LLPPD.
What personal data we process
2.1. By submitting your personal data, you agree and do not object to us processing it for the purposes, by the means, and in the manner specified in this Policy and in legal acts.
2.2. It is very important that you read the Policy carefully, as it will be directly applicable when collecting, processing, and, in cases specified in the Policy, transferring your personal data to data recipients during your visit to the Website, when purchasing goods and services, and in other cases of personal data submission.
2.3. If you do not agree with this Policy and the processing of personal data described in it, please do not visit the Website and/or do not purchase our goods and services.
2.4. You are responsible for ensuring that the data you provide is accurate, correct, and complete. Knowingly entering incorrect data is considered a violation of the Policy. If the data you have provided changes, you must inform us. Under no circumstances are we liable for any damage caused to you and/or third parties due to the provision of incorrect and/or incomplete personal data or failure to request the supplementation and/or modification of data after changes occur.
2.5. The entities to whom we may disclose your personal data are described next to each data processing activity detailed below.
Processing of Personal Data for the Purpose of Selling Goods and Services
3.1. We sell 5D DIY paintings and accessories for their completion/realization as well as other goods intended for self-expression, self-development, physiotherapy, and occupational therapy activities remotely via the Website. During each sale, the creation and production of the purchased product is initiated. Therefore, we must use your personal data for the following purposes related to the sale of goods and services:
3.1.1. Administration of online buyer accounts (customer accounts). The legal basis for processing personal data for this purpose is Article 6(1)(b) of the GDPR (performance of a contract or taking steps prior to entering into a contract);
3.1.2. Conclusion and performance of contracts for the purchase and sale of goods and services with customers. The legal basis for processing personal data for this purpose is Article 6(1)(b) of the GDPR (performance of a contract or taking steps prior to entering into a contract);
3.1.3. Conclusion and performance of cooperation agreements with suppliers. The legal basis for processing personal data for this purpose is Article 6(1)(b) of the GDPR (performance of a contract or taking steps prior to entering into a contract).
3.2. In cases where your personal data is necessary for the performance of a contract or for compliance with a legal obligation applicable to us, the provision of personal data is mandatory; without it, we will not be able to sell you goods and services.
3.3. For the above-mentioned purposes, the following personal data received directly from clients is processed (depending on the purpose, personal data is processed to a different extent):
3.3.1. Name and surname, email address, and phone number of the head of a legal entity;
3.3.2. Name and surname, email address, phone number, and address of the delivery location of a natural person, as well as information about purchased goods and services;
3.3.3. Information about visits to the Website (session date, time, content);
3.3.4. Other information necessary to provide specific services (e.g., personal names, place names, dates of personal significance intended for product personalization).
3.4. Access to personal data processed for these purposes will be granted to IT service companies acting as data processors.
3.5. Your payment/bank data is not collected or processed. This is done by payment service providers in accordance with their approved privacy policies. At the time of this Privacy Policy’s version, payment services are provided by Opay solutions. Information about the data processor UAB “Opay solutions”, company code 302664558, can be found on their website at: https://opay.eu/lt/teisine-informacija/privatumo-politika?fbclid=IwAR1O3kFLjoyW6vPm7JZa40DN6xj0genBdA40auxoqBUQL9kTMlm9KWg5hdQ
Processing of Personal Data for the Purpose of Debt Collection
4.1. If you, as our contractual customer, delay payment for the goods and services we have provided, we may be forced to process the personal data we have received from you for the purpose of debt collection:
4.1.1. Name and surname, address, phone number, and email address of a natural person;
4.1.2. Other data necessary in this context.
4.2. The legal basis for processing personal data is Article 6(1)(f) of the GDPR – our legitimate interest in receiving payment for goods sold and services provided.
4.3. The data we process for this purpose may be transferred to third parties – courts, bailiffs, and we may engage IT service companies and lawyers acting as data processors for data processing.
Processing of Personal Data for the Purpose of Accounting
5.1. In the case that you purchase our goods or services, for accounting purposes, we process the following personal data:
5.1.1. Name and surname of a natural person;
5.1.2. Address, email address, phone number.
5.2. The legal basis for processing personal data is Article 6(1)(b) of the GDPR – the performance of the contract with you as the sender, and Article 6(1)(c) – compliance with our legal obligation to maintain proper accounting.
5.3. We do not transfer the data we process for this purpose to third parties; however, we engage IT service companies that act as data processors for data processing.
Personal Data Retention Procedure
6.1. When processing and storing your personal data, we implement organizational and technical measures to ensure the protection of personal data against accidental or unlawful destruction, alteration, disclosure, as well as against any other unlawful processing.
6.2. We apply different personal data retention periods depending on the purpose for which the specific personal data is processed.
6.3. We apply the following personal data retention periods:
| No. | Purpose of Personal Data Processing | Retention Period |
| 1. | Accounting | 10 years from the issuance of the accounting document |
| 2. | Administration of customer accounts | 3 years from the last login |
| 3. | Conclusion and performance of contracts for the purchase of goods and services | 5 years from the end of the business relationship |
6.4. Exceptions to the above retention periods may be established to the extent that such deviations do not violate your rights as a data subject, comply with legal requirements, and are properly documented.
6.5. In the event that certain of your data will be necessary for asserting, executing, or defending legal claims, we will retain them for as long as necessary to achieve such purposes in accordance with judicial, administrative, or non-judicial procedures.
Your Rights
7.1. You have the right to, at any time, submit a request to us to access your personal data that we process and to learn how it is processed, request the correction of incorrect, incomplete, or inaccurate personal data, and request the suspension of the processing of your personal data, except for storage, if the data is being processed in violation of legal requirements.
7.2. To the extent that the processing of personal data is based on consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of the data processing based on consent before its withdrawal.
7.3. You can exercise your rights by submitting a written request via email to info@mikroautobusunuomaeu.lt, by mail to Geležinkelio g. 3, Kaunas, Lithuania, or by visiting the specified address in person.
Contact Information and Filing Complaints
8.1. If you have any questions related to the operation of the online store or personal data protection, please contact us via email at info@mikroautobusunuomaeu.lt.
8.2. If you are not satisfied with our response or believe that we are processing your data in violation of legal requirements, you have the right to file a complaint with the State Data Protection Inspectorate of the Republic of Lithuania, the supervisory authority.
Information about the Cookies Used
9.1. When you visit our websites, we aim to provide content and functionality that meets your needs. For this, we use cookies. Cookies are small text files stored in your browser or device (personal computer, mobile phone, or tablet).
9.2. Through cookies, we aim to ensure a better experience for individuals browsing our websites and to improve the websites themselves.
9.3. Through cookies, we collect the IP addresses of website visitors’ computers. An IP address is the identifier of a computer in internet protocol networks. It can be used to gather various statistical and demographic information for website administration and network troubleshooting, but it is not used to determine your identity. Using cookies, we collect data on the purchase of goods and services and the use of the website.
9.4. Detailed information about the cookies used:
| Cookie Name | Purpose of Data Processing | Creation Moment | Expiration Time | Used Data |
|---|---|---|---|---|
| eu_cookies_bar | Cookie to record cookie preferences | After consent for cookies | 1 year | Unique ID number |
| wp_woocommerce_session | Cookie providing the Visitor with a code to recognize the user and retrieve their cart data | When entering the website | 48 hours | Unique code assigned to the Visitor |
| pll_language | Save the visitor’s language selection | When entering the website | 2 years | Selected language |
| wordpress_logged_in | Cookie used to recognize the logged-in user | When logging into the account | 1 year | Unique code of the logged-in user |
| woocommerce_cart_hash | Save the information about the Visitor’s cart in the online store | When entering the website | 1 year | Unique cart number of the Visitor |
| woocommerce_items_in_cart | Indicates if a certain number of items are in the cart | When entering the website | 1 year | Indicator if there are items in the cart |
| XSRF-TOKEN | Cookie to prevent automatic form submissions | After clicking the search selection | 24 hours | Unique authentication number |
| _ga | Google cookie used for the Google Analytics function | When entering the website | 2 years | Unique client ID number |
| laravel_session | Cookie used to identify the user’s session. This cookie is created to prevent cross-site request forgery | When entering the website | 2 hours | Unique authentication number |
9.5. You can delete or block cookies by selecting the appropriate settings in your browser that allow you to reject all or some cookies. Each browser is different, so if you are unsure how to change your cookie settings, you should find this information in its help menu. Please note that using browser settings that block cookies (including essential cookies) may cause issues when using some or all of the website’s features.
Processing of personal data by third parties
10.1. In certain cases, we may disclose your information to entities other than those described above:
10.1.1. To comply with the law or in response to a mandatory court order (e.g., if we receive a court order to provide data);
10.1.2. To confirm the legality of our actions;
10.1.3. To protect our rights, property, or ensure their security;
10.1.4. In other cases with your consent or a legitimate request.
10.2. Any personal data you provide to us may, in cases directly specified by law, be transferred to competent authorities.
10.3. We also draw your attention to the fact that the website contains links to websites of other individuals, companies, or organizations, and we are not responsible for the content of such websites and/or the privacy protection methods they employ. Therefore, before submitting any information about yourself on another website, you should review the relevant website’s terms, privacy policy, and other provided information.
Final Provisions
11.1. The legal relations related to this Policy are governed by the laws of the Republic of Lithuania.
11.2. We are not liable for any damage, including damage caused by disruptions in the use of the Website, loss or corruption of data resulting from actions or omissions of you or third parties acting with your knowledge, including incorrect data entry, other errors, deliberate harm, or other improper use of the Website. We are also not liable for any disruptions in the access to and/or use of the Website and any resulting damage caused by third parties not related to us, you, or other data subjects, including interruptions in electricity or internet access supply, and so on.
11.3. This Policy is reviewed and updated, if necessary, at least once every two years. Any additions or changes to the Policy will take effect from the date they are published on the Website.
11.4. If you use the Website or purchase goods and services after the Policy has been updated, we will consider that you do not object and are familiar with the changes made.
Privacy Policy version date: May 16, 2025.