Privacy Policy
1. Definitions
1.1. Seller – Amberell.lt, email address: info@amberell.lt
1.2. Amberell – an online store located at https://www.amberell.lt.
1.3. Personal data – any information relating to an identified or identifiable natural person, in particular by reference to an identifier such as name and surname, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
1.4. Representative – a person representing Buyers, both individuals and legal entities.
1.5. Inquirer – an individual or Representative interested in the products sold by the Seller or wishing to contact the Seller on other matters.
1.6. Participant – an individual or Representative participating or intending to participate in contests, promotions, games organized by the Seller.
1.7. Data Subject – a Representative, Inquirer, Buyer, or any other individual whose personal data is processed by the Seller.
1.8. Data Subject’s consent – any freely given, specific, informed, and unambiguous indication of the Data Subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
1.9. Service Provider – a physical or legal person who can offer or is offering goods, services, or works to the Seller and is cooperating or has entered into an agreement with the Seller for the sale of goods, services, or works.
1.10. Buyer – an individual or Representative purchasing goods from the Seller or who has entered into a contract with the Seller for the purchase of goods.
1.11. Direct Marketing – activities intended to offer goods or services to individuals by post, telephone, or any other direct means and/or to inquire their opinions regarding offered goods or services.
1.12. Processing of Personal Data any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
2. General Terms
2.1. The Seller’s Privacy Policy outlines the main rules for the collection, accumulation, and processing of Personal Data by the Buyer using the amberell.lt online store.
2.2. By placing an order, the Buyer confirms that he has read the information provided in the Privacy Policy, understands it, and agrees with it.
2.3. The Privacy Policy is designed to protect the Personal Data of amberell.lt Data Subjects from unauthorized use.
2.4. The Seller collects Personal Data in compliance with the requirements of applicable European Union and Republic of Lithuania legal acts and the instructions of supervisory authorities.
2.5. This Privacy Policy is established in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), the Law on Legal Protection of Personal Data of the Republic of Lithuania, and other acts of the European Union and the Republic of Lithuania. The terms used in the Privacy Policy are understood as they are defined in the General Data Protection Regulation and the Law on Legal Protection of Personal Data of the Republic of Lithuania.
3. Processing of Personal Data for Consultation, Inquiry Execution Purposes
3.1. The Seller processes the following personal data of Inquirers: name, surname, telephone number, email address.
3.2. Personal data of Inquirers are not transferred to third parties, except where necessary to fulfill contractual obligations or legal requirements.
3.3. Personal data for the purpose of consultation and inquiry submission are processed based on consent expressed by providing personal data.
4. Cross-Border Data Transfers
4.1. Personal data is primarily processed within the European Union (EU) or the European Economic Area (EEA). However, in certain cases, personal data may be transferred to third countries outside the EU/EEA. Such transfers are conducted only under lawful bases and with the implementation of appropriate safeguards in accordance with GDPR requirements.
4.2. For transfers to third countries that do not have an adequacy decision from the European Commission, Amberell.lt ensures that appropriate safeguards are in place. These include the use of Standard Contractual Clauses (SCCs) approved by the European Commission or other legally approved mechanisms.
4.2.1. Where necessary, supplementary measures are implemented to ensure that the transfer provides an equivalent level of data protection as required under EU law. These measures may include additional contractual obligations, encryption of data during transfer, or limiting the scope of data transferred.
4.2.2. If personal data is transferred to the United States or other third countries, the recipient must comply with data protection standards that ensure adequate privacy safeguards. Amberell.lt takes steps to evaluate the security of data transfers and protect the rights and freedoms of data subjects.
5. Processing of Personal Data for the Purpose of Selling Goods
5.1. The Seller processes the following personal data of Buyers: name, surname, telephone number, email address, address, payment amount, payment data, other information related to the purchased product.
5.2. Data are obtained directly from Buyers, in the execution of a contract with the Buyer, and/or from other third parties related to the Data Subject. The Seller undertakes not to transfer the Buyer’s personal data to any unrelated third parties, except in the following cases:
5.2.1. If there is the Buyer’s consent for the disclosure of personal data;
5.2.2. When implementing obligations as a goods Seller (e.g., data may be transferred to courier services, logistics, archiving, audit, legal, financial service providers, Service Providers, and/or parties related to national, European, and international payment systems, such as SWIFT, among others);
5.2.3. When implementing the Seller’s legitimate interests (e.g., in case of debt collection);
5.2.4. To authorized institutions, as provided by the laws of the Republic of Lithuania (e.g., the tax authorities, social security institutions).
5.3. The Seller may provide Buyers’ and other Data Subjects’ personal data to persons who who perform tasks or provide services to the Seller and process Buyers’ and Data Subjects’ personal data on behalf of the Seller (e.g., companies providing accounting services, IT service companies). Service providers have the right to process personal data only according to the instructions of the Seller and only to the extent necessary to properly fulfill the obligations set out in the contract.
5.4. Personal data are processed based on the Data Subject’s consent, expressed by providing their data, and/or for the execution of a contract with the Data Subject.
6. Processing of Personal Data for Direct Marketing Purposes
6.1. The Seller seeks to share only relevant news and other useful information with newsletter subscribers, implemented in accordance with this Privacy Policy.
6.2. For direct marketing purposes, the following personal data of Buyers and other Data Subjects may be processed: name, surname, email address.
6.3. After sending a newsletter, the Seller may collect statistical data about the Data Subject’s behavior related to the use and content of the newsletter (for example, whether the newsletter was read, which links were opened by the Data Subject).
6.4. The Data Subject’s email address may be used for advertising presentation through Facebook, Google, and other advertising platforms, customizing the advertisement for the target audience.
6.5. Personal data may be transferred only to third parties providing specialized services, to send emails, and customize the nature of advertising ordered through advertising platforms.
6.6. Personal data of Buyers and other Data Subjects are processed based on consent expressed by providing their data and consenting to process personal data for direct marketing purposes, or based on the Seller’s legitimate interest (Article 6(1)(a) and (f) of the General Data Protection Regulation and Article 69(2) of the Law on Electronic Communications of the Republic of Lithuania, when personal data are processed based on the Data Controller’s legitimate interest).
6.7. The Data Subject has the right to withdraw consent to process their personal data for direct marketing purposes at any time.
6.8. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.
7. Processing of Personal Data for the Purpose of Organizing Games, Promotions, Contests
7.1. The Seller may process personal data for the purpose of conducting games, promotions, contests only with the Data Subject’s consent. The Seller may collect the following personal data of Participants: name, surname, photos, phone number, email.
7.2. Data are obtained directly from Data Subjects participating in games, promotions, contests. By submitting their data, Participants agree and grant the right to the Seller and persons chosen at the Seller’s discretion to publicly announce their names, surnames (or the pseudonyms registered on social networks of the Data Subjects) as prize winners, including photographs. The information may be publicly announced on the internet.
7.3. Personal data are processed based on the consent expressed by submitting their personal data (Article 6(1)(a) of the General Data Protection Regulation).
8. Subject’s Rights and data protection
8.1. Personal data are securely protected from loss, unauthorized access, and unauthorized changes.
8.2. The Seller follows various retention periods for personal data based on legal requirements and the purposes for which the data are being processed.
8.3. Exceptions to these retention periods may be set, as long as they do not violate the rights of Data Subjects and are in compliance with legal standards.
8.4. Once the retention period has ended, and unless extended, the data will be permanently deleted in a manner that prevents reconstruction.
8.5. A Data Subject whose data is being processed by the Seller has the following rights:
8.5.1. The right to be informed about how their data is being processed.
8.5.2. The right to access their data and understand how it is handled.
8.5.3. The right to amend or, depending on the processing purposes, to complete incomplete personal data.
8.5.4. The right to have their personal data erased and to invoke the "right to be forgotten," meaning the cessation of data processing (excluding storage).
8.5.5. The right to restrict the processing of their personal data based on legitimate reasons.
8.5.6. The right to data portability when the Data Subject has provided their personal data to the Seller in a structured, commonly used, and machine-readable format.
8.5.7. The right to object to the processing of personal data if it is being processed for direct marketing purposes, including profiling related to such marketing activities.
8.5.8. The right to submit a complaint to the State Data Protection Inspectorate of the Republic of Lithuania.
8.6. Any requests or instructions regarding personal data processing should be submitted to the Seller in writing by email to info@amberell.lt.
8.7. After receiving such a request or instruction, the Seller will respond and take the necessary actions specified in the request or provide a refusal within 30 days. If required, this period may be extended, depending on the complexity and volume of requests. In such cases, the Seller will notify the Data Subject about the extension and provide reasons for the delay within 30 days of receiving the request.
8.8. The Seller will provide information about the personal data it processes once per year free of charge. However, if Data Subject submit multiple requests within the same calendar year or request is unfounded, repetitive, or disproportionate, the Seller reserve the right to charge a reasonable fee. This fee will not exceed the cost of providing the requested data. Data Subject will always be informed in advance about the necessity of such a fee before the Seller respond to Data Subject's request or inquiry.
8.9. The Seller may limit the ability of Data Subjects to exercise the rights outlined above, except for the objection to the processing of personal data for direct marketing purposes, when it is legally necessary for preventing, investigating, or detecting crimes, maintaining professional or official ethics, or safeguarding the rights and freedoms of the Data Subject or others.
9. Cookie Usage
9.1. Amberell uses cookie technology. These tools help display the structure and content of the Amberell website at www.amberell.lt ensure the provision of self-service customer support, and maintain the functionality of the website and applications.
10. Data Retention and Deletion
10.1. The Seller retains personal data for as long as is necessary to fulfill the purposes for which they were collected or as required by applicable legal obligations.
10.2. Once the data is no longer needed or the Data Subject withdraws their consent, the personal data will be securely deleted or anonymized.
11. Privacy Policy updates
11.1. In compliance with legal requirements, Seller may update this Policy, meaning it may be reviewed and revised accordingly. The latest version of this Policy will be available on Seller's website at www.amberell.lt. If significant changes are made to this Policy, it will also be announced on Seller's website at www.amberell.lt.