Privacy policy

Last update date: 2023.11.06

GENERAL PROVISIONS

We care about your privacy and the security of the personal data you entrust to us, which is why we have prepared this privacy policy (" Privacy Policy"), which explains how we process and protect your personal data, what rights you have, as well as other information about the processing of your personal data.

The controller of your personal data is UAB "Baltijos didmena", a private limited liability company incorporated in the Republic of Lithuania, legal entity code 125702927, registration address Trakų g. 3, Vilnius, Lithuania, place of business - J. Kubiliaus g. 21, Vilnius, Lithuania (hereinafter referred to as "the Company " or "we"). You can contact the Company by e-mail info@lartemilano.com. The Company also has a Data Protection Officer who can be contacted at privacy@baltijosdidmena.lt.

This Privacy Policy sets out the privacy terms and conditions for your use of our website www.lartemilano.com(" Website") and the L'arte Milano mobile application (" Mobile Application"), through which, among other things, you can access the lartemilano e-shop operated by us.

As used in this Privacy Policy, "personal data" ("Personal Data") means any information or set of information from which we can directly or indirectly identify you, for example, by your name, surname, email address, telephone number, etc.

This Privacy Policy applies when you visit our Website, use our Mobile Application, register as a registered user, view and order products offered by us, subscribe to our newsletters, participate in games, promotions, contests, contact us by telephone or other communication channels, visit our pick-up point, visit our physical stores, provide goods or services to us, or otherwise communicate with us.

Some of the services on the Website and/or Mobile App may be provided by third parties, or you may be directed to the websites of such third parties (for example, in order to make a payment for goods you are seeking to purchase, etc.). When you use these services, the data protection policies of the third parties apply along with this Privacy Policy. Please read them and make sure that the terms and conditions for processing your personal data set out therein are acceptable to you.

We have the right to unilaterally change the terms of this Privacy Policy. We will notify you of the changes by posting the updated Privacy Policy on the Website or Mobile App or by other customary means of communication. Any additions or changes to this Privacy Policy will be effective as of the date of posting specified in the Privacy Policy, unless a different effective date is specified. If you continue to use the Website or the Mobile Application after the Privacy Policy has been amended, we will assume that you have accepted the terms of the amended Privacy Policy.

WHAT PERSONAL DATA DO WE PROCESS ABOUT YOU?

We process your Personal Data obtained in the following ways:

- When Personal Data is provided to us by you;

- When we collect your Personal Data ourselves through your use of the Website, the Mobile App, the social accounts we administer, when you contact us by telephone or by email, or when you come to our collection point;

- To the extent permitted by applicable law, we may also obtain information about you from other sources such as publicly available registers, databases, marketing partners and other third parties.

Depending on the settings of the social network you use, if you choose to link your social network account to your account on our Website and/or Mobile App, we may be able to see certain data from your social network account, including your personal account data: your name or pseudonym in your account, your profile picture and your email address.

You have the right to change and update the information you provide to us. In some cases (for example, when we sell or deliver goods to you, etc.), we need to have accurate and up-to-date information about you in order to provide you with a quality service, and we may ask you to periodically confirm that the information we hold about you is correct.

By providing Personal Data to us, you are responsible for the accuracy, completeness, and timeliness of such Personal Data.

We process your Personal Data under the following conditions:

Purpose of processing Personal Data	The Personal Data processed	Time limits for processing Personal Data	Legal basis for processing Personal Data
Registration on the Website/Mobile App, account login, account maintenance	Login name, password, email address, IP address, date of registration and consent to receive newsletters, date of last visit. When connecting to a Facebook account - profile picture, name, pseudonym, email address	Personal data is stored for the entire period of active use of the account and for 5 years after the last login after the account has been discontinued	The processing is necessary for the conclusion and performance of the contract (Article 6(1)(b) GDPR)
E-commerce	Name, surname, personal identification number, if voluntarily provided by the buyer, e.g. when making a payment order, telephone number, IP address, purchase history, delivery address, payment details, order-delivery action history, return history, customer communication	Personal data is stored for 10 years from the date of purchase on the Website and/or the Mobile App Accounting documents shall be kept for the periods required by law	The processing is necessary for the conclusion and performance of the contract (Article 6(1)(b) GDPR) The processing is required by law (Article 6(1)(c) GDPR) The processing is necessary for the legitimate interests of the Company or of a third party (Article 6(1)(f) GDPR)
for the purpose of improving the quality of the Company's customer service (telephone records)	Telephone number, personal voice recording, date of conversation, content of conversation, start and end time of conversation	The personal data shall be retained for 90 days from the date of the audio recording	The processing is necessary for the legitimate interests of the Company or of a third party (Article 6(1)(f) GDPR)
Direct marketing	Name, surname, email address, date of consent to receive newsletters, date of last visit	Personal data shall be retained for 5 years after the last login to the account, unless the consent to the processing of Personal data is withdrawn earlier	Consent of the data subject to such processing (Article 6(1)(a) GDPR)
Organisation and execution of competitions, games, promotions organised by the Company	Name, surname, email address, telephone number, name of the friend to whom the membership invitation is sent, email address, name	Personal Data shall be kept for the duration of the competition, game, promotion and for 1 year after the end of the competition, game, promotion, unless the consent to process Personal Data is withdrawn earlier In the event of a dispute, the data will be processed until the dispute is resolved If you sign a deed of acceptance of the prize after winning, the data shall be kept for 10 years from the date of signing the deed	Consent of the data subject to such processing (Article 6(1)(a) GDPR) In the event of a complaint or dispute, the processing is necessary for the legitimate interests of the Company or of a third party (Article 6(1)(f) GDPR) In the event of a win, we are legally obliged to process the data (Article 6(1)(c) GDPR)
Improvement of the Company's Website/Mobile App, updating of marketing communications	IP addresses of visitors' computers, visit data, data on the browser used by the device, date and time of login, manufacturer and model of the mobile device, operating system of the mobile device, visit statistics, other information collected by cookies	Personal data collected by cookies or similar tracking technologies is retained for the periods set out below in this Privacy Policy	The data subject's consent to such processing (Article 6(1)(a) GDPR) The processing is necessary for the legitimate interests of the Company or of a third party (Article 6(1)(f) GDPR)
Communication with persons interested in the services provided by the Company, visitors to the Company's social media accounts	Name, surname, email address, telephone number, time of contact, content of the contact, any other information that you choose to share with the Company on a voluntary basis: feedback, opinions, comments, evaluations, information contained in documents you provide to the Company and other	Personal data is retained for the duration of the communication and for 1 year after the end of the communication	The processing is necessary for the legitimate interests of the Company (Article 6(1)(f) GDPR) The data subject's consent to such processing (Article 6(1)(a) GDPR)
Communication with customers and/or prospects (complaints, appeals, requests, etc.)	Name, surname, email address, telephone number, time of contact, content of the complaint, referral, request, account number if relevant, if contacted via Facebook - Facebook account details (profile picture, name, pseudonym), any other information you choose to share with the Company on a voluntary basis	Personal data is stored for the duration of the communication and for 2 years after the end of the communication	The processing is necessary for the conclusion and performance of the contract (Article 6(1)(b) GDPR) The processing is required by law (Article 6(1)(c) GDPR) The data subject's consent to such processing (Article 6(1)(a) GDPR) The processing is necessary for the legitimate interests of the Company or of a third party (Article 6(1)(f) GDPR)
To ensure the security of property and persons (video surveillance)	Video data of persons entering the field of video surveillance	Personal data shall be stored for 30 days from the date of the video recording	The processing is necessary for the legitimate interests of the Company or of a third party (Article 6(1)(f) GDPR)
To ensure the maintenance and continuity of the Company's business, the conclusion and performance of contracts	Data of suppliers (natural persons): name, surname, personal identification number, date of birth, address, telephone number, e-mail address, bank account details, date, amount, currency of the monetary transaction or transaction, details of the business certificate, number of the certificate of individual activity, data of the VAT payer, other data Where the partner is a legal person: name of the employee or representative, title, telephone number, email address, name and address of the legal person represented, details of the mandate, other data	The personal data shall be kept for the duration of the contractual relationship and for 10 years after the end of the contractual relationship Accounting documents shall be kept for the periods prescribed by law	The processing is necessary for the performance of the contract (Article 6(1)(b) GDPR) The processing is required by law (Article 6(1)(c) GDPR) The processing is necessary for the legitimate interests of the Company or of a third party (Article 6(1)(f) GDPR)

HOW DO WE USE YOUR PERSONAL DATA AND WHAT PRINCIPLES DO WE FOLLOW?

We only collect and process Personal Data that is necessary to achieve the purposes for which it is collected. We do not collect or store Personal Data that is not relevant to the conduct of our business and the sale of goods to you.

In processing your Personal Data, we:

- Comply with the requirements of applicable and valid legislation, including the GDPR (REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC ("General Data Protection Regulation" or "GDPR"));

- We process your Personal Data in a lawful, fair and transparent manner;

- We collect your Personal Data for specified, clearly defined and legitimate purposes and do not process it in a way that is incompatible with those purposes, except to the extent permitted by law;

- We take all reasonable steps to ensure that Personal Data that is not accurate or complete in relation to the purposes for which it is processed is promptly rectified, supplemented, suspended or erased;

- We keep Personal Data in a form which permits your identification for no longer than is necessary for the purposes for which the Personal Data is processed;

- We do not disclose Personal Data to third parties and will not make it publicly available, except as set out in this Privacy Policy or applicable law;

- We ensure that your Personal Data is processed in such a way as to ensure, through appropriate technical or organisational measures, adequate security of the Personal Data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.

TO WHOM DO WE TRANSFER YOUR PERSONAL DATA?

We may transfer your Personal Data if:

- If there is your consent to the disclosure of Personal Data;

- To our partners or trusted third parties who help us sell goods and/or provide services, such as customer service companies in Estonia and Latvia, shipping companies, financial institutions, etc. We will only provide our partners with Personal Data to the extent necessary to provide a particular service;

- To our partners or trusted third parties who assist us in our activities, such as auditors, consultants, insurance companies, etc;

- To public bodies and institutions, law enforcement authorities, courts, other persons performing functions entrusted by law, in accordance with the procedure provided for by the legislation of the Republic of Lithuania. We provide these entities with the information required by law or specified by the entities themselves;

- Personal data processors engaged by the Company (e.g. companies providing IT, server services, website administration, accounting companies, call handling companies, analytics companies, advertising companies, payment intermediaries, etc.). We require processors to store, process and handle Personal Data as responsibly as we do and only on our instructions;

- If necessary, to companies that are looking to buy or would buy the Company's business;

- Debt collection companies to whom claims on a customer's debt are assigned, courts, out-of-court dispute resolution bodies and insolvency administrators.

Your Personal Data may only be transferred outside the European Union or the European Economic Area under the following conditions:

- The data is only transferred to our trusted partners who ensure that we provide our services to you;

- Such partners have data processing agreements in place with which they ensure the security of your Personal Data in accordance with the law;

- The Commission of the European Union has issued a decision on the adequacy of the country in which our partner is established, i.e. an adequate level of security is ensured;

- Partners ensure a level of security of Personal Data in accordance with the "EU-US Privacy Shield";

- You have consented to the transfer of your Personal Data outside the European Union or the European Economic Area.

If you would like us to name the specific individuals with whom we transfer your data, please contact our Data Protection Officer at privacy@baltijosdidmena.lt.

DATA SUBJECT RIGHTS

As a data subject, you have the following rights in relation to your Personal Data:

- To know (be informed) about the processing of your Personal Data (right to know);

- To know about your Personal Data and how it is processed (right of access);

- Request rectification or, taking into account the purposes of the processing of the Personal Data, completion of Personal Data that are incomplete (right to rectification);

- Request the erasure of your Personal Data to destroy or suspend the processing of your Personal Data (other than storage) (right to erasure and right to be forgotten);

- Request that we restrict the processing of Personal Data on one of the legitimate grounds (right to restrict);

- The right to data portability (right to port). This right will only be exercised if there are grounds for its exercise and appropriate technical measures in place to ensure that the transfer of the requested Personal Data does not expose the data of others to the risk of a security breach;

- To object to the processing of your Personal Data where we process Personal Data on the basis of a legitimate interest of the Company or a third party, including profiling. If you object, we will only continue to process your Personal Data for compelling legitimate grounds which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims;

- To object to the processing of your Personal Data where such data is processed or intended to be processed for direct marketing purposes, including profiling** in relation to such direct marketing.

We will only process your data for direct marketing purposes with your prior consent. If you have given us such consent, but no longer wish us to process your personal data for direct marketing purposes, including profiling, you may opt out of such processing by clicking on the relevant link in the email address below. In addition, you may opt-out of such processing by clicking on the relevant link in the newsletter sent to you, by changing the settings in your account on the Website or the Mobile App under "Direct Marketing" or by sending us an email to info@larteminano.com without providing any reasons for your opt-out/opposition.

**On the basis of the Personal Data you have provided, and with your consent, profiling of your Personal Data for the purpose of direct marketing may be carried out in order to offer you customised solutions and offers. You may withdraw or object to the processing of your Personal Data by automated means, including profiling, at any time.

We may refuse to exercise your rights listed above, except to object to the processing of Personal Data for direct marketing purposes or in other cases where the processing of Personal Data is carried out with your consent, where we are not permitted to comply with the provisions of the GDPR at your request, or where it is necessary to ensure the prevention, investigation and detection of criminal offences, breaches of professional or occupational conduct or of breaches of professional or occupational ethics, or the protection of the rights and freedoms of the data subject, the Company and others, in the cases provided by law.

You may submit any request or instruction relating to the processing of Personal Data to us in writing in one of the following ways: by delivering it directly to the address J. Kubiliaus g. 21, Vilnius or by writing a letter to our Data Protection Officer by e-mail to privacy@baltijosdidmena.lt. When submitting such a request, we may ask you to fill in the necessary forms in order to better understand the content of your request, as well as to provide a personal document or a notarial copy thereof, and other information that will help us verify your identity. If you submit your request by email, depending on the content of your request, we may ask you to visit us or to submit your request in writing.

Upon receipt of your request or instruction regarding the processing of Personal Data, we will provide you with a response within no later than 1 month from the date of the request and will carry out the actions specified in the request or inform you why we refuse to do so. If necessary, the time limit may be extended by a further 2 months, depending on the complexity and number of requests. In this case, we will inform you of the extension within 1 month of receipt of the request.

If Personal Data is erased at your request, we will only retain copies of the information that is necessary to protect our legitimate interests and those of others, to comply with the obligations of public authorities, to resolve disputes, to identify interferences or to comply with any agreements that you have entered into with us.

WHO CAN YOU COMPLAIN TO?

If you wish to make a complaint about our processing of your Personal Data, please submit it to us in writing by sending it to our Data Protection Officer at privacy@baltijosdidmena.lt and providing as much information as possible regarding the complaint. We will cooperate with you and endeavour to resolve any issues promptly.

If you believe that your rights under the GDPR have been infringed, you can also lodge a complaint with our supervisory authority, the State Data Protection Inspectorate, for more information and contact details please visit its website www.ada.lt.

DO WE COLLECT PERSONAL DATA FROM CHILDREN?

Only persons over the age of 18 can independently purchase our products on the L'arte Milano online shop accessible via the Website and the Mobile App. We do not intentionally collect any information directly from children under the age of 18.

If you are under the age of 18, we advise you to consult your parents or guardians and obtain their consent before providing us with your Personal Data.

Note to parents of children under the age of 18: We recommend that you check and monitor your children's use of the Company's Website, Mobile App and the services provided through them to ensure that your child does not provide us with Personal Data without your permission. Minors' Personal Data may only be provided to us with the consent of their parent or guardian.

HOW DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

Our Website and Mobile App use cookies (small files stored on the hard drive of the device of visitors to the Website or Mobile App) and other tracking technologies to distinguish you from other visitors to the Website or Mobile App. The information collected by cookies and other tracking technologies enables us to provide you with a more convenient browsing experience.

We use cookies and other tracking technologies to analyse information flows, to tailor services, content and advertising, to measure the effectiveness of advertising, to promote trust and to ensure security.

You can choose whether to accept cookies and other tracking technologies. If you do not agree to cookies or other tracking technologies being placed on your computer or other endpoint device, you can change your web browser settings to disable all cookies or enable/disable them one at a time. For more information, see AllAboutCookies.org orwww.google.com/privacy_ads.html.

You can also manage cookies on our Website: here you will findcookie settings.

Please note that if you refuse cookies, this may in some cases slow down your internet browsing speed, restrict the functionality of certain features of the Website or the Mobile App, or block access to the Website.

We use the following categories of cookies:

- Mandatory cookies: cookies that are necessary for the functioning of the system. For example, some cookies allow us to identify registered users and ensure that they can access the entire system. If a registered user refuses these cookies, they may not be able to see the full content of the system.

- Functional cookies: cookies that allow us to remember users' preferences and adapt them to the Website or Mobile App so that we can provide enhanced functionality.

- Third party cookies: these cookies are used by third parties for advertising or analytical purposes. Analytical cookies are used to collect information about the use of the Website or Mobile App. Advertising cookies are used to display advertising that is more relevant to your interests, to limit the number of times you see the same advertisement, etc.

Our Website uses cookies to:

Cookie name	The functions performed by the cookie	Purpose of data processing	Time of creation	Period of validity
language	Stores the language selected by the user	Basic website functionality. Mandatory cookies	When you visit the website	Until the browser is closed
sid_key	Oxid core used for session management	Basic website functionality. Mandatory cookies	When you visit the website	Until the browser is closed
sid	Session ID	Basic website functionality. Mandatory cookies	When you visit the website	Until the browser is closed
nfqcanaryreleaseuser	Canary release functionality	Basic website functionality. Mandatory cookies	When you visit the website	Until the browser is closed
affilate_mail	Protects the user who invited the person who is now registering	Basic website functionality. Mandatory cookies	When visiting the website	Until the browser is closed
oFilterHistory	Stores filter selections for a list of products	Basic website functionality. Mandatory cookies	When you visit the website	Until the browser is closed
BasketReservation	Stores whether the user has renewed the basket expiry date	Basic website functionality. Mandatory cookies	When you visit the website	Until the browser is closed
toBasket	Stores whether an offline user has attempted to add an item to the basket, once the user logs in the item is added automatically	Basic website functionality. Mandatory cookies	When visiting the website	Until the browser is closed
scroll, location	Stores how long it takes to scroll down the page, click on a link and then come back	Basic website functionality. Mandatory cookies	When you visit the website	Until the browser is closed
mobileFilterShown	Stores whether the user has opened filters	Basic website functionality. Mandatory cookies	When you visit the website	Until the browser is closed
mobileFilterActiveTab	Stores which filter tab the user has opened	Basic website functionality. Mandatory cookies	When visiting the website	Until the browser is closed
last_shown_page	Stores how far the user has scrolled down the list of products	Basic website functionality. Mandatory cookies	When visiting the website	Until the browser is closed
layout	Stores which display of sales the user has selected	Basic website functionality. Mandatory cookies	When you visit the website	Until the browser is closed
iCookiePermissionLevel	Setting the user's choice of cookies	To determine whether the user has accepted and what level of cookies, and has read the cookie policy. Functional website cookies	When visiting the website, after the user has accepted the notification of cookies	5 years
AB tests	Stores information on which functionality tests are currently running	Displaying different content to users. Functional website cookies	When you visit the website	6 months
omnisendSessionID, soundestID, omnisendCartProducts, soundest-views	Newsletter system	Analysis of user traffic from newsletters. Third party cookies	When you visit the website	Until the browser is closed
omnisendAnonymousID	Newsletter system	Analysis of user traffic from newsletters. Functional website cookies	When you visit the website	1 year
58911158597ed77f384ae6f0-sID etc.	Newsletter system	Analysis of user traffic from newsletters. Third party cookies	When you visit the website	session, 1 year
snalytics_u, snRedirect	Search functionality	User search analysis. Functional website cookies	When you visit the website	1 year
fbsr_..., fbm_..., fr, oo, ddid	Facebook	For the purposes of online advertising based on the user's behaviour by a third party. Third party cookies	When you visit the website	10 minutes, 1 year, 90 days, 5 years, 28 days
mp_..._mixpanel, mp_mixpanel__c	Mixpanel	Analysis of user behaviour. Third party cookies	When you visit the website	1 year
__atuvs, __atuvc	Addthis	Link sharing functionality. Third party cookies	When you visit the website	30 min, 1 year
_hjIncludedInSample	Hotjar	Analysis of user behaviour. Third party cookies	When you visit the website	Until the browser is closed
__utma, __utmb, __utmc, __utmt, __utmz, __utmx, __utmxx, _ga, _gat, _gid,_gat_myTracker	Google Analytics	User traffic analysis. Third party cookies	When you visit the website	2 years, until the browser is closed, 18 months
AMP_TOKEN, _gaexp	Google analytics	Analysis of user traffic for the purposes of third-party online advertising based on user behaviour. Third party cookies	When you visit the website	2 years, until browser closes, 1 day
snTestGroup, snalytics_u, snRedirect	Display of search box	Additional website functionality. Mandatory cookies	When you visit the website	1 year
C, TPC, GCM, CM, CM14, token, otsid, uid, cid, adtrc, SR<RotatorID>, CT<TrackingSetupID, EBFCD<BannerID>, EBFC<BannerID>, CFFC<TagID>	AdForm	For the purposes of third party online advertising based on user behaviour. Third party cookies	When you visit the website	Until browser closes, 1/14/7/60 days
Lidc, bcookie, bscookie, L1c, BizoID, BizoData, BizoUserMatchHistory, BizoNetworkPartnerIndex, token, Player_settings_0_3, LyndaLoginStatus, throttle-XXX, NSC_XXX	Linkedin	For the purposes of third party online advertising based on user behaviour. Third party cookies	When you visit the website	Until browser closes, 1 day, 1 year

We use "third-party cookies" on our Website, i.e. cookies that are not managed by us, such as Google Partners, Facebook, RTB, Adform, Google Analytics, Hotjar, Mixpanel cookies. We use these cookies to obtain statistical information about the use of the website and for the purposes of online advertising based on your behaviour.

We use Firebase Analytics and Firebase Crashlytics tracking technologies provided by Google Inc. to automatically collect and provide us with certain statistical information about the users of the Mobile Application. You can read more about this here:

https://firebase.google.com/docs/analytics/.
https://firebase.google.com/docs/crashlytics/.

This data does not allow us to identify you.