Privacy policy
Last updated: [2025.07.04]
This Privacy Policy outlines how UAB „LS Consult“, legal entity code 300601751, address: Veiverių str. 151-306, LT-46417 Kaunas, Lithuania, email: info@crs.lt (hereinafter referred to as "the Company") collects, processes, and discloses Personal data of individuals (hereinafter referred to as "the Users") visiting, using services, or purchasing goods through the website www.crs.lt (hereinafter referred to as "the Site") or otherwise engaging with the Company (collectively, the "Services"). The Users include natural persons acting as consumers (B2C) and business entities (B2B).
Users are requested to read this Privacy Policy carefully. By accessing or utilising any part of the Services, the User explicitly acknowledges and accepts the data processing activities described herein. Should a User not agree with any provision of this Privacy Policy, it is advised not to use or access the Services.
Changes to this Privacy Policy
The Company reserves the right to amend this Privacy Policy periodically, primarily to reflect changes in operational practices, legal requirements, or regulatory guidance. The revised Privacy Policy shall be published on the Site, clearly indicating the date of its latest update, and necessary measures will be implemented in accordance with applicable legislation.
Collection and Use of Personal Data
In the course of providing the Services, the Company collects Personal data about Users as detailed below. The nature and extent of collected data depend on each User’s interaction with the Site and Services.
Apart from specific uses detailed hereunder, the Company processes Personal data primarily for communication purposes, providing the Services, fulfilling legal obligations, enforcing applicable terms and conditions, protecting legitimate business interests, and safeguarding the rights and interests of Users or third parties.
Types of Personal Data Collected
The Personal data collected vary according to each User’s engagement with the Site and utilisation of Services. For purposes of this Privacy Policy, "Personal data" shall mean information relating to an identified or identifiable natural person. Specific types and categories of Personal data collected by the Company are further outlined in the subsequent sections of this Privacy Policy.
Information Collected Directly from Users
The Company may collect and process Personal data directly submitted by Users through the Services. Such data typically includes:
- Contact details: name, address, telephone number, and email address.
- Order-related details: name, billing and delivery addresses, payment confirmation details, email address, and telephone number.
- Account-related details: usernames, passwords, and chosen security questions.
- Shopping-related details: products viewed, items added to the shopping basket or wishlist.
- Customer service details: information provided voluntarily in communications with the Company, such as messages sent via the Services.
Certain functionalities provided by the Services may require Users to submit specific Personal data directly. While submission of such data remains optional, opting not to provide required data may result in the limitation or inability to access or use specific features.
Information Collected through Cookies and Similar Technologies
The Company automatically collects specific technical information about Users’ interaction with the Services ("Usage Data"). This data is obtained by utilising cookies, pixels, and comparable technologies ("Cookies"). Collected Usage Data includes details concerning Users' access to and use of the Site, device characteristics, browser type, network connection information, IP address, and other technical information related to interaction with the Services.
Users retain control over Cookies through their browser settings. However, disabling or rejecting Cookies might negatively impact the functionality or accessibility of certain features of the Services.
Information Obtained from Third Parties
Personal data of Users may occasionally be received from third-party sources, including business partners, vendors, or third-party service providers. Such third parties typically include:
- Service providers supporting Site operations, such as e-commerce platforms (e.g., Shopify).
- Payment processing companies, which provide information necessary for completing payment transactions, such as bank account details, credit/debit card information, and billing addresses. Such data is necessary for processing orders and providing requested goods or services, in accordance with contractual obligations.
- Third-party technology providers, who may automatically collect certain information via tracking technologies (including Cookies, pixels, web beacons, software development kits, and similar technologies) when Users visit the Site, open or interact with emails, or engage with advertisements.
All Personal data obtained from third parties will be handled according to the standards and obligations set out within this Privacy Policy. The accuracy, completeness, or reliability of data provided by third-party sources, and the privacy practices or policies of these third parties, remain outside the direct responsibility of the Company. For further details concerning third-party interactions, please refer to the section titled „Third-Party Websites and Links“.
How Personal Data is Used
- Provision of Products and Services. Personal data is processed to deliver products and services, perform contractual obligations, process payments, fulfil orders, arrange deliveries, handle returns and exchanges, manage customer accounts, provide relevant transaction notifications, and facilitate the posting of product reviews.
- Marketing and Promotional Activities. Personal data may be utilised for marketing purposes, including the dispatch of promotional communications via email, SMS, or postal mail, and displaying targeted advertisements concerning products or services similar to previously purchased items. If an objection to receiving marketing communications exists, notification by email is sufficient to cease such communications.
- Security and Fraud Prevention. Personal data is processed to identify, investigate, and respond to fraudulent activities, security threats, or unlawful actions. Responsibility for safeguarding account credentials rests solely with the account holder. Sharing login details is discouraged; should suspicion of account compromise arise, prompt notification is required.
- Customer Support and Service Enhancement. Processing of Personal data also supports customer assistance, service improvement, and the ongoing maintenance of effective business relations, constituting a legitimate business interest.
Cookies
The Site, similar to many others, uses Cookies to provide and enhance the Services offered, including the electronic shop platform hosted by Shopify. Cookies enable the Site to remember User preferences, track interactions, conduct analytics, and optimise overall Site performance and User experience. Certain third-party service providers and partners may also utilise Cookies on the Site to customise Services, advertisements, and promotional content presented both on this and other websites.
Most web browsers automatically accept Cookies by default. Users have the option to configure browser settings to block or delete Cookies. However, blocking or deleting Cookies may adversely affect Site functionality, limit the accessibility of certain features, and reduce the overall User experience. Additionally, it may affect the manner in which information is shared with third-party service providers or advertising partners.
How Personal Data is Disclosed
Personal data may be disclosed to third parties under specific circumstances, strictly in line with the purposes outlined in this Privacy Policy. Such disclosures typically involve:
- Service providers and third-party vendors. Parties providing essential services, including IT management, payment processing, analytics, customer support, cloud storage, fulfilment, and delivery services.
- Business and marketing partners. Entities such as Shopify and associated partners, to facilitate advertising, marketing initiatives, or other related business activities. These partners process Personal data according to their individual privacy policies.
- Affiliated entities. Within the same corporate group, as necessary to support business operations effectively.
- Upon explicit instruction or consent. Disclosure to third parties may occur where explicitly instructed, requested, or consented to by the individual, such as when products are shipped directly by third parties or interactions involve social media or third-party login integrations.
- In relation to corporate activities and legal obligations. Disclosure may be necessary in connection with corporate transactions, such as mergers or restructuring, or to comply with applicable legal obligations, including responding to lawful requests from authorities, enforcing terms of service, or protecting rights, property, and safety.
Categories of Personal data and recipients involved in such disclosures typically include:
|
Category of Personal Data |
Categories of Recipients |
|
Identifying information (basic contact details, order/account details) |
Service providers and third-party vendors (IT, payment processors, fulfilment services, customer support, data analytics providers), business and marketing partners, affiliated entities |
|
Commercial details (order history, shopping behaviour, customer support data) |
Service providers and third-party vendors (fulfilment and shipping services, customer support providers), business and marketing partners, affiliated entities |
|
Internet/network activity information (Usage Data) |
Service providers and third-party vendors (analytics providers, internet service providers), business and marketing partners, affiliated entities |
Personal data is never disclosed for the purpose of making automated inferences about Personal attributes or characteristics.
User Generated Content
The Services may enable Users to submit product reviews and other user-generated content. When Users choose to post such content to publicly accessible areas of the Site, it becomes publicly visible and available to third parties. The Company does not exercise control over access to or usage of publicly disclosed content and cannot guarantee that third parties will respect the confidentiality or ensure security of the information made publicly available by Users. The Company shall not be liable for the privacy or security of publicly disclosed information, nor for the accuracy, lawful usage, or potential misuse of such information by third parties. Users are strongly encouraged to exercise due caution and discretion when sharing Personal or sensitive information in publicly accessible areas of the Site.
Third Party Websites and Links
The Site may include links to third-party websites or online platforms not under the Company's control. Users who follow links to external sites are advised to review the respective privacy policies and terms of use applicable to those external resources. The Company does not accept any responsibility or liability for the privacy practices, security measures, accuracy, completeness, or reliability of information available on such third-party websites. Any information Users choose to disclose through external third-party websites or semi-public venues, including social media platforms linked through the Services, may be publicly accessible, and its subsequent use by third parties is beyond the Company’s control. The provision of links to external websites does not constitute an endorsement or recommendation of their content, products, services, or their owners or operators, unless explicitly stated otherwise within the Services.
Children’s Data
The Services are not designed or intended for use by children under 14 years of age, and no Personal data from children below this age is knowingly collected or processed. In the event that Personal data relating to a child below the age of 14 has been inadvertently collected, parents or guardians may request the deletion of such data by contacting the Company through the details provided below.
The Company does not knowingly disclose, share, or otherwise make available Personal data relating to persons under 18 years of age for marketing or commercial purposes.
Security and Retention of Personal Data
The Company implements appropriate technical and organisational measures to protect Personal data against unauthorised access, alteration, disclosure, loss, or destruction. Despite these measures, complete security of data cannot be guaranteed. Users are advised to avoid transmitting sensitive or confidential information through unsecured communication channels.
The retention period for Personal data varies and depends on several criteria, including the necessity of retaining such data to manage User accounts, deliver requested services, comply with legal obligations, resolve potential disputes, and enforce applicable agreements and policies. Upon the expiry of the retention period or upon request, Personal data will be securely deleted or anonymised, unless otherwise required by applicable law.
Rights and Choices Concerning Personal Data
Users are granted certain rights regarding their Personal data under Lithuanian and European Union law. These rights are not absolute and may apply differently depending on specific circumstances and conditions prescribed by law.
- Right of Access. Users may request confirmation of whether their Personal data is being processed and, if applicable, obtain a copy of such data, alongside details about the purposes of processing, the categories of Personal data concerned, recipients, retention periods, and other relevant information.
- Right to Rectification. Users may request the correction of their Personal data held by the Company if the information is inaccurate or incomplete.
- Right to Erasure. Users may request the deletion of their Personal data, provided there is no legal obligation for the Company to retain it or other lawful basis for further processing.
- Right to Restriction of Processing. Under certain conditions, Users may request a limitation on how their Personal data is processed, particularly when the accuracy of the data is contested or the processing is considered unlawful.
- Right to Data Portability. Users may request to receive their Personal data in a commonly used and machine-readable format, or request the transfer of their Personal data directly to another data controller, provided such data was provided by the User, is processed automatically, and is based on the User’s consent or contractual obligation.
- Right to Object. Users may object to the processing of their Personal data if the processing is based on legitimate interests pursued by the Company or if data processing is carried out for direct marketing purposes, including profiling related to direct marketing.
- Right to Withdraw Consent. Where Personal data processing relies solely on the User’s consent, the User has the right to withdraw consent at any time. Withdrawal of consent shall not affect the lawfulness of processing carried out prior to the withdrawal.
- Communication Preferences and Direct Marketing. Users may opt out of receiving promotional communications from the Company by following the unsubscribe instructions included in such communications. Notwithstanding opting out from promotional emails, Users may continue to receive non-promotional communications related to their account, transactions, orders, or other essential notices from the Company.
- Exercising Rights. To exercise any of the above-mentioned rights, Users must contact the Company through the contact details provided at the end of this Privacy Policy. The Company reserves the right to request verification of the User’s identity or proof of the right to represent another individual before addressing the request. The Company undertakes to respond to Users' requests within the time limits prescribed by applicable legislation, usually within one month from the receipt of the request. This period may be extended by two further months if the request is complex or the volume of requests is significant, in which case the User will be informed of the extension and its reasons.
- Complaints and Appeals. Should Users believe that the Company has processed Personal data contrary to applicable law, they may submit a complaint directly to the Company. If dissatisfied with the Company's response, Users may appeal to the supervisory authority responsible for data protection in Lithuania – the State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija) – or pursue legal remedies provided under applicable law. The Company ensures equal treatment and non-discrimination of Users who choose to exercise their rights regarding Personal data protection.
International Transfers of Personal Data
Personal data collected and processed by the Company may, where necessary, be transferred, stored, or otherwise processed outside of Lithuania and the European Union, including countries such as the United States. Such processing may involve employees of the Company or third-party service providers and business partners based in those countries.
When transferring Personal data to countries outside of the European Union, the Company ensures compliance with applicable data protection laws by employing appropriate legal safeguards. These safeguards include Standard Contractual Clauses approved by the European Commission or equivalent contractual measures ensuring adequate protection. Personal data transfers may also occur to countries officially recognised as offering sufficient levels of data protection.
Contact Information
For questions or concerns relating to the Company’s privacy practices, this Privacy Policy, or to exercise any rights regarding Personal data processing, please contact the Company via email at info@crs.lt or at the following address: Veiverių str. 151-306, LT-46417 Kaunas, Lithuania.