Website privacy policy

I. GENERAL PROVISIONS

1.1. This privacy policy (hereinafter – the Policy) governs the collection, processing, and storage of personal data carried out by UAB “AD Baltic” (hereinafter – the Company, we, or the Data Controller). The Policy applies to all persons who visit the Company’s website, use the electronic commerce system, order goods, submit inquiries, or apply for jobs.

1.2. We strictly comply with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter – GDPR), the Law on Legal Protection of Personal Data of the Republic of Lithuania, and other applicable legal acts.

1.3. Data Controller details:

• Company name: UAB “AD Baltic”

• Legal entity code: 120054177

• Address: Ukmergės g. 284, Vilnius, Lithuania

• Phone: +370 5 2431474

• Email for data protection inquiries: [email protected]

II. CONCEPTS

2.1. Personal data – any information relating to an identified or identifiable natural person (e.g., name, surname, vehicle license plate number, email address). 2.2. Data subject – a natural person (customer, customer’s employee, website visitor) whose data is processed by the Company. 2.3. Processing – any operation performed on personal data (collection, recording, storage, alteration, granting access, destruction).

III. PURPOSES, BASES, AND SCOPE OF PERSONAL DATA PROCESSING

We process your data only when there is a legal basis and only to the extent necessary to achieve specific purposes.

3.1. E-commerce, order fulfillment, and conclusion of contracts (B2B and B2C)

This is our core business. In order to sell auto parts, administer orders, and deliver goods, we process the following data:

• Data categories: Name, surname, phone number, email address, delivery address, workplace (in case of B2B), position, payment information (bank account number, payment status).

• Legal basis: Conclusion and performance of a contract (GDPR Art. 6(1)(b)) and legal obligation (accounting requirements) (GDPR Art. 6(1)(c)).

• Retention period: 10 years after the purchase transaction (for accounting purposes).

3.2. Warranty service and return of goods

A specific area related to auto parts (e.g., batteries, tires) that requires technical data.

• Data categories: Name, surname, vehicle license plate number, VIN code (if necessary for part identification or warranty), purchase documents.

• Legal basis: Performance of a contract and legal obligation (consumer rights protection).

• Retention period: For the entire warranty period, but not less than required by legal acts (e.g., 10 years for accounting documents).

3.3. Administration of business client (B2B) accounts

Providing access to the closed ordering system for business partners.

• Data categories: Company representative’s name, surname, login name, password (encrypted), contact details.

• Important for B2B clients: If you (a business client) provide us with your employees’ data to create an account, you commit to informing the employees about this Policy.

• Legal basis: Performance of a contract and legitimate interest in protecting business information.

• Retention period: As long as the contract with the business client is valid or until the account is deleted.

3.4. Direct marketing and communication

Sending newsletters, personalized offers, surveys about product quality.

• Data categories: Name, email, phone number, city, purchase history (for segmentation).

• Legal basis:

  • For existing clients: Legitimate interest of the Company (exception under Art. 69 of the Law on Electronic Communications “soft opt-in”) to inform about similar goods/services.

  • For potential clients: Your voluntary consent.

• Profiling: We may group clients based on purchase history or city to provide more relevant offers, but this does not have any legal consequences for you.

• Retention period: Until you opt-out (which you can do at any time by clicking the link in the newsletter) or 3 years from the last active action.

3.5. Administration of inquiries and service quality

When you contact us by phone, email, or through social networks.

• Data categories: The content of your message, contact details, communication metadata.

• Legal basis: Legitimate interest to administer inquiries and ensure service quality.

3.6. Ensuring website operation and security (IT data)

• Data categories: IP address, login time, browsing session duration, device parameters, technical logs.

• Legal basis: Legitimate interest to ensure system security and improve performance.

• Retention period: IT system records (logs) are stored for up to several months.

3.7. Candidate personal data (Recruitment)

If you send a CV for our advertised positions.

• Data: CV, motivation letter, recommendations.

• Basis: Your consent (expressed by sending the data).

• Period: After the selection process, the data is destroyed, unless you give consent to store it for future selections (usually for 1 year).

IV. DATA RECIPIENTS AND TRANSFER

4.1. We commit not to disclose your data to third parties, except for the following trusted partners who help us carry out our activities (Data processors):

• IT and infrastructure providers: Server hosting, website administration, cloud service providers.

• Logistics companies: Courier services (e.g., DPD, Venipak), to which we transfer only the data necessary for delivery (address, phone).

• Financial institutions: Banks and payment initiation partners (to execute payments).

• Marketing partners: Newsletter sending platforms, advertising agencies (only with your consent or legitimate interest).

• Legal and debt collection entities: Lawyers, auditors, bailiffs (in case of debts or disputes).

4.2. State institutions: Data is provided to the State Tax Inspectorate, law enforcement, or courts only in accordance with the procedure established by legal acts and upon receiving an official request.

V. DATA TRANSFER OUTSIDE THE EU/EEA

5.1. Generally, we process your data within the European Economic Area (EEA). 5.2. In cases where we use partners from third countries (e.g., US technology providers like Google, Facebook), data transfer is carried out only after ensuring an adequate level of security. We follow:

• Adequacy decisions adopted by the European Commission;

• Standard Contractual Clauses (SCC) approved by the European Commission, which oblige the third-party service provider to ensure a GDPR-level of protection.

VI. YOUR RIGHTS

As a data subject, you have the following rights:

6.1. Right to know and access: You have the right to obtain confirmation as to whether we are processing your data and to receive a copy of it. 6.2. Right to rectification: If you notice that the data is inaccurate, you can request to correct it. 6.3. Right to be forgotten (delete data): You can request the deletion of data if it is no longer necessary for the purposes for which it was collected, or if you withdraw your consent (this right does not apply if we are required by law to keep the data, e.g., invoices). 6.4. Right to restrict processing: For example, while the accuracy of the data is being verified. 6.5. Right to portability: To receive the data you provided in a structured format. 6.6. Right to object: You have the right to object at any time to the processing of your data for direct marketing purposes.

How to exercise your rights? Please contact us by email at [email protected]. To protect the data of other persons, we have the right to ask you to confirm your identity (e.g., by signing the request with an e-signature). We respond to requests within 30 days.

If you believe that your rights have been violated, you have the right to file a complaint with the State Data Protection Inspectorate (L. Sapiegos g. 17, Vilnius, www.vdai.lrv.lt).

VII. SECURITY MEASURES

7.1. We apply technical and organizational measures (encryption, access control, employee commitments) to protect your data from loss or unauthorized access. 7.2. However, we remind you that no data transmission over the internet is 100% secure. Protect your login details and do not disclose them to third parties.