PRIVACY POLICY
Last updated: November 23, 2025
www.dearpilates.lt operates this online store and provides services related to viewing, purchasing, paying for, and receiving products (the “Services”). This Privacy Policy explains what personal data we collect, how we use it, and under what circumstances it may be shared. By using our website, you agree to the practices described in this Policy.
1. Information we collect
We only collect the data necessary for operating our store and fulfilling your orders:
Contact details: name, surname, email address, phone number, billing and shipping addresses.
Payment information: payment method and payment confirmations (we do not store card details—these are processed securely by Paysera).
Order information: items added to your cart, purchased products, returns, exchanges, invoices.
Technical data: IP address, browser type, device type, cookies, system logs.
Communication data: messages and inquiries submitted to our customer support.
2. How we collect information
We collect information:
– Directly from you when you place an order or contact us;
– Automatically through cookies and similar technologies;
– From our service providers (payment, delivery, IT systems);
– From Shopify, which powers our e-commerce platform.
3. How we use your information
We use your personal information for the following purposes:
Order fulfilment: processing payments, preparing and shipping orders, handling returns or exchanges.
Legal basis: Performance of a contract (Art. 6(1)(b) GDPR).
Website operation: ensuring the functionality, speed, and security of our store.
Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) – maintaining a functional and secure online store.
Marketing: sending newsletters or offers (only if you give explicit consent).
Legal basis: Consent (Art. 6(1)(a) GDPR). You may withdraw consent at any time.
Security and compliance: fraud prevention and compliance with legal obligations.
Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) and legal obligation (Art. 6(1)(c) GDPR).
Service improvement: analysing website performance and user activity.
Legal basis: Legitimate interest (Art. 6(1)(f) GDPR).
Communication: updates about orders, responses to your messages.
Legal basis: Performance of a contract (Art. 6(1)(b) GDPR) and legitimate interest (Art. 6(1)(f) GDPR).
Legal compliance: fulfilling obligations under Lithuanian and EU law, including tax and accounting requirements.
Legal basis: Legal obligation (Art. 6(1)(c) GDPR).
4. How we share your information
Your information may be shared with:
Shopify – for hosting and operating the store.
Payment processors – Paysera.
Delivery partners – courier services and parcel terminals.
Analytics/marketing tools – e.g., Google Analytics or Meta Pixel (if used).
Government authorities – when required by law.
Your data may be transferred outside the EU using EU Standard Contractual Clauses (SCC) to ensure an adequate level of protection.
5. Your rights
Under GDPR, you have the following rights:
Right of access (Art. 15): You have the right to obtain confirmation as to whether we process your personal data and, if so, to request a copy of that data.
Right to rectification (Art. 16): You have the right to request correction of inaccurate data or completion of incomplete data.
Right to erasure (Art. 17): You have the right to request deletion of your personal data, subject to legal retention obligations.
Right to restriction of processing (Art. 18): You have the right to request that we restrict the processing of your data under certain conditions.
Right to data portability (Art. 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller.
Right to object (Art. 21): You have the right to object to the processing of your personal data based on legitimate interest, including profiling. You also have the right to object to processing for direct marketing purposes at any time.
Right to withdraw consent (Art. 7(3)): Where processing is based on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
You may submit requests via email: info@dearpilates.lt. We will respond within 30 days. If we need additional time (up to 60 days for complex requests), we will inform you of the extension and the reasons for it.
6. Data retention
Order and accounting data: stored for 10 years from the date of the transaction, as required by Lithuanian accounting legislation.
Marketing data: stored until you withdraw your consent.
Technical data and cookies: stored according to cookie type and expiry period (see Section 7).
Communication data: customer support correspondence is stored for up to 2 years after the last interaction, unless a longer period is required for dispute resolution or legal proceedings.
After the applicable retention period expires, your data will be securely deleted or anonymised.
7. Cookies
We use:
Essential cookies – required for the website to function.
Analytics cookies – only with your consent.
Marketing cookies – only with your consent.
You may disable cookies in your browser settings.
8. Children’s Data
Our store and services are not intended for children. We do not knowingly collect data from minors.
9. Changes to This Policy
We may update this Privacy Policy from time to time. The newest version is always available on this page.
10. Contact:
Data Controller: Ieva Jakubauskaitė
Individual Activity Certificate No. 476320
Email: info@dearpilates.lt
Phone: +37065387877
If you have any questions or concerns regarding the processing of your personal data, or wish to exercise any of your rights under the GDPR, please contact us at:
Email: info@dearpilates.lt
11. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction, including:
- SSL/TLS encryption for data transmitted between your browser and our Website.
- Secure payment processing through Paysera (PCI DSS compliant).
- Access controls and authentication for internal systems.
- Regular security reviews and updates.
While we strive to protect your personal data, no method of transmission over the Internet is completely secure. We cannot guarantee absolute security.
