Skip to content

Privacy policy

1.General provisions

This Privacy Policy (hereinafter referred to as the Privacy Policy or the Policy ) has been prepared in accordance with the requirements of the General Data Protection Regulation (hereinafter referred to as the GDPR ) and other legal acts, so that you know how UAB Astrolight , a company established under the laws of the Republic of Lithuania, legal entity code 305341880, registered office address Savanorių pr. 235, Vilnius, Lithuania, office address Mokslininkų g. 2, LT- 08412, Vilnius, e-mail. [email protected] (hereinafter referred to as the Company or we ) collects and processes personal data of natural persons (hereinafter referred to as the Data Subject or you ).

The Policy explains how we collect and process your Personal Data when you:

  • you communicate or cooperate with the Company as a client, customer, partner, supplier, contractor or other person who has a business, consumer, professional and/or other civil – contractual relationship with the Company;
  • you subscribe to our newsletters or marketing communications are sent to you on other lawful grounds;
  • you contact us by submitting a request to us via email, website, social media or otherwise ;
  • you visit the Company’s territories and/or premises where video surveillance is carried out.

The Privacy Policy may be updated and changed. The current version of the Policy can always be found on our website https://astrolightspace.com/

2. What data processing principles do we follow?

When processing personal data, we are guided by the principles of personal data processing set out in Article 5 of the GDPR, according to which personal data must be:

  • processed lawfully, fairly and transparently;
  • collected for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes, except as provided for in the GDPR;
  • adequate, suitable and only those necessary to achieve the predetermined objectives;
  • consistently accurate and updated where necessary;
  • kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which they are collected (with the exceptions provided for in the GDPR);
  • processed in such a way that appropriate technical or organizational measures ensure adequate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage.

3. What PERSONAL data do we collect and process and for what purposes?

3.1. Cooperation with clients, customers, partners, suppliers, contractors, other parties to transactions, conclusion and execution of contracts

, we process the personal data of customers, clients, business partners, suppliers, contractors, other parties to the transaction, as well as their employees, managers, shareholders, representatives and/or agents. The scope of personal data processed depends on the nature and purposes of the business or other legal relationship, but in general, the following may be processed:

  • when the data subject acts as an individual client, customer, business partner, supplier, contractor, other party to the transaction : name, surname, personal identification number, date of birth, address, telephone number, e-mail address, bank account details, date of execution of the monetary transaction or transaction, amount, currency, data contained in the business certificate, individual activity certificate number, VAT payer data, other transaction or business relationship data;
  • when the data subject acts as an employee, manager, shareholder, representative and/or agent of a client, customer, business partner, supplier, contractor, other party to the transaction : name, surname, place of work and position or other basis for action, business telephone number, business e-mail address, as well as date of birth/personal identification number and residential address, if the act is based on a power of attorney or representation/agency agreement and these data are necessary to identify the person, or when the data subject is a manager or shareholder;
  • other data that we receive from you, other lawful sources and/or that we generate during the period of cooperation with you, including, but not limited to, the history of the performance of contracts, mutual settlements and/or our other cooperation;
  • other data that we lawfully collect in order to establish business relationships and/or conclude transactions, e.g. registry extracts, counterparty reliability assessment data;
  • the history of the performance of contracts, including but not limited to business/economic transactions, mutual settlements and/or our other cooperation.

This personal data is collected and processed for the following purposes:

  • When you establish, maintain and develop a business, professional and/or other legal relationship with us;
  • concluding, executing, administering transactions, contracts and agreements;
  • developing and ensuring our legitimate interests, including, but not limited to, collecting debts, defending our interests in a dispute and/or non-dispute procedure, defending against claims, demands, and claims;
  • in fulfilling our obligations and liabilities under applicable laws (e.g. accounting and tax requirements, requirements for the prevention of money laundering and terrorist financing, requirements for the implementation of international sanctions);
  • for internal administration purposes, e.g. for the purpose of performance analysis, development and improvement, for the purpose of customer database (CRM) administration.

The legal basis for processing personal data for the purpose in question may be:

  • conclusion and performance of a contract (Article 6(1)(b) GDPR);
  • compliance with a legal obligation (Article 6(1)(c) GDPR);
  • our legitimate interest (Article 6(1)(f) GDPR).

We store this data for as long as necessary to achieve the purposes for which it is processed, as well as in accordance with the requirements for the retention of such data set out in legal acts, limitation periods for the assertion or defense of legal claims, and if any, for as long as necessary for this purpose. As a rule, contracts, transactions and/or data related to their execution are stored for 10 years after the end of the contract.

3.2. Direct marketing

We may process your personal data for direct marketing purposes in the following ways:

  • You can receive a newsletter via e-mail and/or SMS with offers of our services and/or products, information about news , the Company’s activities, achievements, etc.;
  • We may contact you by email or telephone to ask for your opinion on our services and/or products, your needs and preferences, and to conduct surveys.

We may process your personal data for direct marketing purposes in the following cases:

  • when we obtain your consent for such data processing. In this case, the basis for the processing of personal data is your consent (Article 6(1)(a) of the GDPR) and the data is processed until you withdraw your consent, but no longer than 2 years after the last newsletter was opened;
  • When you purchase our services and/or goods, we may provide you with offers of similar services and/or goods, unless and until you have objected to receiving such offers. In this case, the basis for processing personal data is our legitimate interest in informing our customers about the services and/or goods offered (Article 6(1)(f) GDPR) and personal data may be processed for this purpose for 2 years after your last order for services and/or goods.

You may at any time opt out of our newsletters or other marketing information and/or withdraw your consent to the processing of Personal Data for direct marketing purposes by notifying us in a manner convenient for you:

  • by simply clicking on the unsubscribe link in the newsletter or email, or
  • by emailing us at [email protected] .

For the purpose of direct marketing, we may process the following personal data of yours: name, surname, email address, telephone number, IP address, history of orders for services and/or goods and other cooperation with us.

We also collect statistical information about newsletters and marketing messages sent by email: we track whether you have read the newsletter or message, when and how many times you have read it or opened links, whether you have forwarded it to others, what operating system and email server (its location) you used.

3.3. Request administration

When you contact us with a request, inquiry, suggestion, complaint, feedback, etc. by email, by filling out a form on our website, in writing or in another way (hereinafter collectively referred to as the “Inquiry ”), we process the following data about you:

  • Identification and contact information provided in your Request : name, surname, telephone number, email address, residential address, date of birth;
  • Content of Your Inquiry : the question you are asking about, your request, inquiry, demand or response, other information provided in or with the Inquiry;
  • The information we have collected is necessary to process your request and make a decision, such as your order for services or goods, history of service or goods supply, information about our other cooperation, etc.

The purpose of processing personal data is to properly and objectively examine your Inquiry, provide you with the necessary information, answer your questions, resolve your requests or requirements. We may also analyze the Inquiry data in order to improve the quality of our activities, services and/or maintenance, taking into account your opinions and suggestions.

The legal basis for data processing is the fulfillment of our legal obligation to examine and respond to customer inquiries (Article 6(1)(c) of the GDPR), as well as our legitimate interest in evaluating our customers’ feedback in order to improve the quality of our activities, services and/or maintenance (Article 6(1)(f) of the GDPR).

We process and store your Request and your personal data related to it until we examine the Request, provide you with a response and implement the decisions made, as well as for another 2 years after the Request is resolved. We store potential customers’ requests for goods/services for 5 years from the date of receipt of the request.

3.4. Video surveillance

Video surveillance may be carried out using fixed video cameras in buildings and/or territories owned by the company .

Video surveillance is carried out and the collected video data is processed on the basis of the Company’s legitimate interest (Article 6(1)(f) of the GDPR), for the purpose of ensuring the security and internal order of premises, territories, persons and/or property located therein, preventing and investigating illegal acts and incidents.

Persons are informed about the ongoing video surveillance by means of information signs with a video camera symbol and the Company’s details, which are provided before entering the monitored premises or territory .

The Company does not conduct video surveillance in premises where a person expects absolute privacy (e.g. toilets, changing rooms, etc.). The Company’s surveillance systems do not use facial recognition and/or analysis technologies, and the video data captured by them is not grouped or profiled according to a specific person.

Data collected during video surveillance is stored for up to 90 days from the date of capture. The video data is automatically destroyed when a new video data stream is recorded.

If video surveillance data is used or intended to be used as evidence in civil, administrative or criminal proceedings or is transferred to law enforcement authorities until the end of the relevant inspection, investigation or trial or in other cases prescribed by law, we may store such data for as long as necessary for these specific data processing purposes.

4. Longer retention of personal data

In the cases set out below, we may retain personal data for a longer period than set out above in this Policy. Longer retention of personal data may be carried out when:

  • it is necessary for the Company to be able to defend itself against demands, claims or lawsuits and to enforce its rights;
  • there are reasonable suspicions of an illegal act that is being investigated;
  • personal data is necessary for the proper resolution of a dispute or complaint;
  • for backup and other similar purposes;
  • on other grounds provided for in legal acts.

In other cases, upon expiry of the established personal data retention period, we destroy or irreversibly anonymize the personal data within a reasonable period of time.

5. To whom do we transfer your Personal Data?

We may transfer your personal data to:

  • to our personal data processors (for example, partners who help us provide services (sub-service providers), entities providing cloud, server and other IT services, companies handling accounting, entities providing marketing mailing services, etc.). We have concluded appropriate contracts with all our personal data processors and require them to store, process and handle personal data in the same responsible manner as we do and only in accordance with our instructions;
  • to state institutions and institutions, law enforcement institutions, courts, other persons performing functions assigned by law, in accordance with the procedure provided for by the legal acts of the Republic of Lithuania;
  • debt collection companies to which claims on the debtor’s debt are assigned, courts, out-of-court dispute resolution institutions and bankruptcy administrators.

We do not transfer or process your Personal Data outside the European Union or the European Economic Area.

6. What rights do Personal Data Protection legislation give you?

With regard to your personal data, you have the right to:

  • request information about your Personal Data being processed and how it is being processed;
  • request correction of your personal data and/or suspension of processing of such personal data, except for storage – in the event that, upon becoming familiar with the personal data, you believe that the data is incorrect, incomplete or inaccurate;
  • request the destruction of personal data or the suspension of processing of such personal data, except for storage – in the event that, upon becoming familiar with your Personal Data, you determine that the personal data is being processed unlawfully or unfairly;
  • to object and/or object to the processing of your personal data when it is processed or intended to be processed for direct marketing purposes or on the basis of our legitimate interest;
  • In cases where your personal data is processed on the basis of individual consent, you have the right to withdraw your consent to the processing of your personal data at any time;
  • request to transfer your personal data to another data controller or to provide it directly in a form convenient for you (applies to personal data that you have provided and which are processed by automated means on the basis of a contract or consent).

You can exercise your rights by submitting a written request to us. The request must specify which specific right you wish to exercise and what specific actions should be taken with respect to your data.

You can submit your request in any way convenient for you using the contacts below, provided that your identity can be established from such request and the documents submitted with it:

  • by sending an email to: [email protected] .
  • by sending it by mail to the address of the Company’s actual registered office: Mokslininkų g. 2, LT-08412 , Vilnius.

We undertake to respond to all requests related to the processing of personal data in accordance with the GDPR within one month of receipt of the request. The deadline may be extended in cases specified in the GDPR, and you will be informed accordingly .

If you believe that we are processing your data unlawfully or otherwise violating your rights as a data subject, you may file a complaint with the supervisory authority, which in the Republic of Lithuania is the State Data Protection Inspectorate (L. Sapiegos g. 17, Vilnius; tel. (8 5) 271 2804, 279 1445; e-mail: [email protected] ).