Privacy policy

We, Tucktec EU, a branch of MB „Arborus grupė“ (hereinafter Arborus Group), have written this Privacy policy to explain our data collection and retention principles, the purpose in utilizing this data and your rights in regards to it.

Contact details

In case of any questions about this policy or to exercise your rights, please contact the Data Protection Branch of Arborus Group.

Company name: MB „Arborus grupė“

Registration number: 305980180

Registration address: Volungės g. 18-21, Vilnius, Lithuania

Email: data-protection-officer@arborusgroup.com

Data collection

Under the General Data Protection Regulation (GDPR), there is a clear focus on personal data, which is typically considered data that can make a person identifiable. We never acquire this data without your consent. We only collect this kind of data if you follow through with a purchase and / or sign up for an account on our website. Our only way of acquiring personal data is by your voluntary actions. Emphasizing the purchasing process, we must collect this information:

1)      Full name – we must know to whom to address the shipment and from whom we are receiving the payment.

2)      Address – we must know where to ship your purchased products.

3)      Email – for us or our logistics partners to contact you.

4)      Phone number – for us or our logistics partners to contact you.

We are also legally required to collect this information for invoices and regulatory bodies. This includes the State Tax Inspectorate of Lithuania, UAB „Investicijų ir verslo garantijos“ (our lender, they require us to keep this data), European Court of Auditors, European Commission, European Parliament and other institutions. Not collecting this data is punishable by penalties and fines.

We will retain and evaluate information on your recent visits to our website and how you move around different sections of our website for analytics purposes to understand how people use our website so that we can make it more intuitive. We also track your choices, i.e. whether you signed up for the newsletter, what kind of delivery method you chose, what type of payment method you chose, what products you ordered. This data is purely analytical, for statistical and experience improvement purposes, and is never used alongside your personal data, unless it is needed to execute your order. We also use your IP address to determine your location and provide a custom-tailored website version to you.

Data processing and retention

We ensure utmost care and security for your personal data. All data is encrypted and goes through secure SSL and TLS (where applicable) channels. We take important security measures in order to prevent any data leaks, whether by utilizing advanced software solutions or by internal policies in our organization which restrict employees.

The service providers that we use to run our service, including but not limited to Paysera, PrestaShop, Hostinger, AWS, Itella, Lithuanian Post, have robust privacy policies and obligations to keep your data secure while processing it. We never share or sell your personal data with third-parties.

Analytical and statistical data (anonymous) is typically kept around for two years, but the period may vary, as this does not involve any of your personal data. Your personal data is typically stored for 10 years as per the requirements of the various government institutions and respective laws. If these requirements change, we will have to abide by them.

Our processes are automated, meaning that orders are handled by our service providers, but we do not have any profiling systems, nor do we use any kind of personal data to alter your experience.

Your rights

Under GDPR, you have:

a)       The right to be informed – we have provided the relevant information about data collection, processing, sharing, retention and etc. in this Privacy policy.

b)      The right of access – you can request information and a copy of your personal data.

c)       The right to rectification – you can request to update your inaccurate personal data.

d)      The right to be forgotten – you can request to erase your personal data.

e)      The right to restrict processing – you can request to restrict the processing of your personal data.

f)        The right to data portability – you can request for your data to be provided in a structured, commonly used, and machine-readable format.

g)       The right to object to processing – you can object to processing your personal data.

h)      The right to lodge a complaint with a supervisory authority – if you feel that we have violated your rights and / or are processing your data incorrectly, please lodge a complaint with your local supervisory authority.

Please contact us by using the contact details listed in this document if you want to exercise one or more of these rights.