PRIVACY POLICY
Version 1.0 • Effective 1 September 2025
1. General provisions
This Privacy Policy explains how UAB “Gopestetika” (hereinafter – the Company, we or the Controller) collects, uses and protects your personal data when you visit the e‑shop www.gopestetika.lt and/or place an order.
Data controller:
UAB “Gopestetika”
Legal entity code: 304552180
Address: Vytauto pr. 13, 44352 Kaunas, Lithuania
E‑mail: info@gopestetika.lt
Phone: +370 688 49989
The Company is not obliged to appoint a Data Protection Officer. For any privacy‑related questions, please contact info@gopestetika.lt.
2. Personal data processed, purposes, legal bases and retention periods
|
Data category |
Purpose of processing |
Legal basis (GDPR Art. 6) |
Retention period |
|
Contact details (first name, surname, e‑mail, phone number) |
Order fulfilment |
Performance of contract 6(1)(b) |
5 years after last purchase |
|
Delivery address, purchase history |
Order fulfilment / warranty administration |
Performance of contract 6(1)(b) |
10 years (accounting) |
|
Financial documents (invoices, payments) |
Accounting, tax compliance |
Legal obligation 6(1)(c) |
10 years under Lithuanian accounting law |
|
Newsletter data (e‑mail, name) |
Direct marketing |
Consent 6(1)(a) / Legitimate interest 6(1)(f) (soft opt‑in) |
5 years or until withdrawal |
|
Internet usage data (IP, cookies) |
Website analytics, ad personalisation |
Consent 6(1)(a) |
2 years (GA4 cookies) |
|
Customer service correspondence |
Customer support, dispute resolution |
Performance of contract 6(1)(b) / Legitimate interest 6(1)(f) |
2 years after communication ends |
A legitimate‑interest balancing test has been carried out for newsletter data processed on the basis of legitimate interest; it shows that the customer’s expectation to receive offers for similar products outweighs potential privacy risks. An easy opt‑out link is provided in every message.
3. Data recipients and processors
|
Recipient / processor |
Country |
Service type |
Legal basis |
|
UAB “DPD Lietuva” |
LT |
Parcel delivery |
Performance of contract |
|
UAB “Omniva LT” |
LT |
Parcel delivery |
Performance of contract |
|
MB “Digis.lt” |
LT |
Website hosting and administration |
Processor agreement |
|
UAB “Interneto vizija” |
LT |
Server hosting |
Processor agreement |
|
UAB “Paysera LT” |
LT |
Payment processing |
Performance of contract |
|
Meta Platforms, Inc. |
USA |
Advertising services |
Consent (SCC) |
|
Google LLC |
USA |
Website analytics (GA4) |
Consent (SCC |
4. International data transfers
We use Meta and Google services, which may involve transferring certain data outside the European Economic Area (USA). Transfers are based on the European Commission’s Standard Contractual Clauses (SCC) and/or participation in the EU–US Data Privacy Framework. Additional technical and organisational measures (data encryption, access controls) are in place to safeguard your data.
5. Cookies
The website uses cookies to enhance your browsing experience. Cookies are grouped into necessary, functional, statistical and marketing categories. Non‑essential cookies are enabled only after your prior consent; you may withdraw consent at any time by clicking “Cookie settings” at the bottom of the page.
|
Cookie name |
Category |
Expiry |
Purpose |
Provider |
|
PHPSESSID |
Necessary |
Session |
Website session maintenance |
first‑party |
|
lang |
Functional |
1 year |
Saves selected language |
first‑party |
|
_ga |
Statistical |
2 years |
Google Analytics traffic statistics |
|
|
_fbp |
Marketing |
3 months |
Facebook ad personalisation |
Meta |
6. Your rights
• to obtain confirmation whether we process your data and to access it (access);
• to request rectification of inaccurate or incomplete data (rectification);
• to request erasure of data (“right to be forgotten”) where applicable;
• to restrict processing in certain circumstances;
• to receive the data in a structured, commonly used format and transmit it to another controller (portability);
• to object to processing based on legitimate interest;
• to withdraw consent at any time (where processing is based on consent);
• to lodge a complaint with the State Data Protection Inspectorate of the Republic of Lithuania (ada.lt).
7. Technical and organisational security measures
• Data are transmitted via encrypted SSL/TLS channels.
• System access follows the “least privilege” principle; only two authorised employees and UAB “Texus” administrators have access.
• Servers are hosted in ISO 27001 certified data centres.
• Two‑factor authentication (2FA) and a strict password policy are applied.
• Daily data backups and periodic security tests are performed.
8. Profiling
The Company does not carry out automated decision‑making producing legal effects concerning you. Marketing cookies (e.g., “Facebook Pixel”) may result in personalised advertising; you can object by rejecting such cookies.
9. Minors’ data
Our services are intended for persons aged at least 16 years. We do not knowingly collect data of persons under 16. If such a case is discovered, the data will be deleted without delay.
10. Policy changes
This Privacy Policy may be updated. A new version enters into force once published on www.gopestetika.lt. We will notify you of material changes by e‑mail.
