1. Controller

The controller responsible for data processing on this website is:

IT Baltics, UAB
Ukmerges g. 322
12106 Vilnius
Lithuania

Email: info@itbaltics.com
Phone: +370 697 99 260

If you have any questions regarding this Privacy Policy or the processing of your personal data, you may contact us using the contact details above.

2. General Information on Data Processing

We take the protection of your personal data seriously and process personal data in accordance with the General Data Protection Regulation (GDPR) and applicable national data protection laws.

Personal data means any information relating to an identified or identifiable natural person, such as:

• Name

• Email address

• Telephone number

• IP address

• Browser information

• Communication content

We only process personal data when this is legally permitted or when users have given their consent.

3. Legal Basis for Processing

We process personal data based on the following legal grounds under Article 6 GDPR:

Art. 6(1)(a) GDPR – Consent
When users provide consent, for example when accepting cookies or requesting information.

Art. 6(1)(b) GDPR – Contract performance or pre-contractual measures
When data processing is necessary to respond to inquiries or to initiate or perform contractual relationships.

Art. 6(1)(f) GDPR – Legitimate interests
For example for website security, analytics, and improvement of our services.

Art. 6(1)(c) GDPR – Legal obligation
Where we are legally required to retain certain information.

4. Data Collection When Visiting the Website

When you visit our website, certain technical information is automatically collected by our servers.

This may include:

• IP address

• Browser type and version

• Operating system

• Referrer URL

• Date and time of access

• Pages accessed

• Access status / HTTP status code

This information is collected in server log files and is used for:

• ensuring website stability and security

• preventing fraud and cyberattacks

• technical administration of the website

The legal basis for this processing is Art. 6(1)(f) GDPR (legitimate interest).

Server log data is stored only for as long as necessary for security and system monitoring purposes.

5. Contact Requests

If you contact us via email or contact form, the personal data you provide may include:

• Name

• Email address

• Phone number

• Company information

• Message content

• Attachments

We process this data in order to:

• respond to inquiries

• provide requested information

• initiate potential business relationships

The legal basis for processing is Art. 6(1)(b) GDPR (pre-contractual measures).

Contact inquiries are typically stored for up to 12 months, unless a contractual relationship arises.

6. Cookies

Our website uses cookies to improve the user experience and ensure proper functionality.

Cookies are small text files stored on your device.

They may include:

Necessary cookies
Required for the operation of the website.

Functional cookies
Enable certain features and preferences.

Analytics cookies (if used)
Help us understand how visitors interact with the website.

You may configure your browser to refuse cookies or notify you when cookies are used.

If a cookie consent tool is implemented, cookies that are not technically necessary will only be used with your consent in accordance with Art. 6(1)(a) GDPR.

7. Analytics and Website Optimization

Where analytics tools are used (e.g. website analytics services), data may be collected in anonymized or pseudonymized form to analyze website usage.

Such data may include:

• page views

• session duration

• navigation paths

• device information

Analytics data is used exclusively to improve website functionality and user experience.

The legal basis is consent (Art. 6(1)(a) GDPR) or legitimate interest (Art. 6(1)(f) GDPR) depending on the implementation.

8. Recipients of Personal Data

We may share personal data with trusted service providers that support the operation of our website and business.

These may include:

• website hosting providers

• IT infrastructure providers

• cloud service providers

• email communication services

• website analytics providers

These providers process data only on our behalf and are contractually bound by Data Processing Agreements (Art. 28 GDPR).

9. International Data Transfers

Some service providers may process personal data outside the European Economic Area (EEA).

Where this occurs, appropriate safeguards are implemented, including:

• EU Standard Contractual Clauses (SCCs)

• adequacy decisions of the European Commission

These measures ensure that your personal data remains protected in accordance with GDPR requirements.

10. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by law.

Typical retention periods include:

• contact inquiries: up to 12 months

• contractual data: according to legal retention obligations

• server logs: limited retention for security monitoring

After the retention period expires, personal data is securely deleted.

11. Data Security

We implement appropriate technical and organizational security measures to protect personal data against unauthorized access, alteration, loss, or destruction.

These measures include:

• secure hosting infrastructure

• encryption where appropriate

• restricted system access

• security monitoring and system logging

12. Your Data Protection Rights (GDPR)

Under the GDPR, you have the following rights:

Right of access (Art. 15 GDPR)
You have the right to obtain information about your stored personal data.

Right to rectification (Art. 16 GDPR)
You may request correction of inaccurate or incomplete data.

Right to erasure (Art. 17 GDPR)
You may request deletion of your personal data under certain conditions.

Right to restriction of processing (Art. 18 GDPR)

Right to data portability (Art. 20 GDPR)

Right to object (Art. 21 GDPR)
You may object to data processing based on legitimate interests.

To exercise these rights, please contact:

info@itbaltics.com

We will respond within one month, as required by GDPR.

13. Right to Lodge a Complaint

If you believe that your personal data is being processed unlawfully, you have the right to lodge a complaint with a supervisory authority.

The competent authority in Lithuania is:

State Data Protection Inspectorate
L. Sapiegos g. 17
10312 Vilnius
Lithuania

Website: https://vdai.lrv.lt

14. Children's Information

Our website and services are intended for business users and adults.

We do not knowingly collect personal data from children under the age of 16. If such data becomes known to us, we will delete it immediately.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect legal, technical, or business developments.

The latest version will always be available on this page.