Privacy Policy

EAST ISLAND SPA Data Protection Policy

1. General provisions

1.1. This Privacy Policy (hereinafter – Policy) regulates UAB EAST ISLAND registered office:  Žalgirio g. 88, Vilnius, legal entity code 300131102  (hereinafter – we), the principles of the processing of personal data when you visit UAB EAST ISLAND centres or UAB EAST ISLAND centres or by purchasing our services at internet website: https://www.eastisland.lt/, hereinafter – Website).

1.2. We want to ensure that users of our services, visitors to the Website and others whose personal data we process have full confidence in our services and are transparent about how we process their data. In this Policy you will find information about how we collect and use (or wish to collect and use) your personal data.

1.3. We are guided by the following data processing principles in the course of our activities:

1.3.1. Personal data must be processed in a lawful, fair and transparent manner in relation to the data subject (principle of lawfulness, fairness and transparency);

1.3.2. Personal data must be collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes; further processing for archiving purposes in the public interest, for scientific or historical research purposes, or for statistical purposes shall not be considered as incompatible with the original purposes (purpose limitation principle);

1.3.3. Personal data must be adequate, relevant and only necessary for the purposes for which they are processed (principle of data minimisation);

1.3.4. Personal data must be accurate and, where necessary, kept up to date; all reasonable steps must be taken to ensure that personal data which are not accurate in relation to the purposes for which they are processed are erased or rectified without undue delay (principle of accuracy);

1.3.5. Personal data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be retained for longer periods if the personal data are to be processed solely for archiving purposes in the public interest, for scientific or historical research purposes, or for statistical purposes, subject to the implementation of the appropriate technical and organisational measures necessary to safeguard the rights and freedoms of the data subject (the principle of the limitation of the duration of storage);

1.3.6. Personal data must be processed in such a way as to ensure, by means of appropriate technical or organisational measures, adequate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage (principle of integrity and confidentiality);

1.3.7. We are responsible for ensuring compliance with the above principles and must be able to demonstrate compliance (accountability principle).

1.4. This Policy has been drawn up in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the General Data Protection Regulation, hereinafter referred to as the GDPR), Republic of Lithuania Law on Legal Protection of Personal Data (hereinafter – LLPPD), as well as with the other legislative acts of the European Union and the Republic of Lithuania. Terms used in the Policy shall be understood as they are defined in the GDPR and the DPA.

2. Collection, storage and processing of personal data

2.1. It is very important that you read the Policy carefully, because when you visit the Website and use our services, this Policy will be directly applicable to the collection, processing and, in the cases provided for in the Policy, transfer of your personal data to data recipients.

2.2. If you do not agree with this Policy and the processing of personal data described in it, please do not visit the Website and/or use our services.

2.3. By submitting personal data, you grant us the right to collect, store, systematize, use and process, for the purposes set out in this Policy, all the personal data that you directly or indirectly provide when visiting the Website and using its services.

2.4. You are responsible for ensuring that the information you provide to us is accurate, correct and complete. Knowingly entering incorrect data is considered a breach of the Policy. If the data provided by you changes, you must immediately inform us. Under no circumstances shall we be liable for any damage caused to you and/or third parties as a result of the fact that you have provided incorrect and/or incomplete personal data or that you have not asked for the data to be updated and/or amended as a result of a change in data.

2.5. If you provide the data of another natural person when purchasing an e-gift coupon or service on the Website, you undertake to ensure that the data provided is accurate and non-excessive in relation to the nature of the e-gift coupon or service sale and delivery services.

2.6. Access to the data is provided by IT and server hosting service providers acting as data processors, with whom we, as the data controller, have concluded agreements in the form and content required.

2.7.  In some cases we can reveal your information to other subjects:

2.7.1. To comply with the law or in response to a mandatory court order (e.g. following a court order to provide data);

2.7.2. To confirm the legality of our actions;

2.7.3. To protect our rights, property or security;

2.7.4. In other cases, with your consent or at your lawful request.

3. Processing of personal data for the provision of services

3.1. As part of our business activities, we provide the following services to our clients. Accordingly, we process our customers’ data as a data controller where the data is necessary for the performance of the contract.

3.2. For the purpose of providing the Services, we process the following groups of personal data:

3.2.1. Name;

3.2.2. Surname;

3.2.3. Email address;

3.2.4. Phone number.

3.3. Data is collected directly from the customers.

3.4. In the event that our customer purchases a gift voucher, we also process the name of the person to whom the gift voucher will be addressed and the information that the customer chooses to include in the greeting text. This data concerning the recipient of the gift voucher shall be processed solely for the purposes of issuing the gift voucher and in connection with the provision of services.

4. Conducting e-commerce

4.1. In order to enable you to shop in the e-shop on the Website and to reserve a service time, we process the following personal data about you for the purpose of providing this service:

4.1.1. Name;

4.1.2. Surname;

4.1.3. Phone number;

4.1.4. Email address;

4.1.5. Purchase amount;

4.1.6. If you pay by bank transfer, your bank account details.

4.2.    The legal basis for the processing of your personal data for the purpose of conducting e-commerce is the need to process the data provided in order to enter into and perform the contract that you enter into when purchasing our goods.

5. Processing of personal data for direct marketing purposes

5.1. The Provider shall carry out direct marketing to consenting visitors and customers of the Website. Accordingly, the legal basis for the processing of such personal data is the consent given by the customer or visitor.

5.2. In order to receive our communications or other useful offers, the customer or visitor must consent to the sending of such communications or offers. Without your consent, we will not use your personal data for marketing purposes and we will not send you promotional or informational communications. Consent may be given in the following circumstances:

5.2.1. The customer can fill in a card and sign to confirm his/her consent to receive marketing offers when he/she arrives at our offices.

5.2.2. Participants in the various events and courses we organise can indicate their consent to receive marketing offers by filling in registration forms.

5.3. For the purpose of direct marketing, we process the following groups of personal data:

5.3.1. Name;

5.3.2. Surname;

5.3.3. Email address;

5.3.4. Phone number.

5.4. The personal data received is manually transferred to the newsletter database (email addresses, names) and the SMS database (telephone numbers only), depending on the means of delivering direct marketing.

5.5. Data processed for the purpose of direct marketing are not provided to third parties.

6. Procedures and time limits for storing personal data

6.1. When processing your personal data, we implement organizational and technical measures that ensure the protection of personal data from accidental or unlawful destruction, alteration, disclosure, as well as from any other unlawful processing.

6.2. Personal data processed for the purposes of the provision of the services shall be retained for a period of 5 years from the last time the data was provided.

6.3. Personal data processed for the purposes of the direct marketing shall be retained for a period of 5 years from the last time the data was provided.

7. Your rights

7.1. You have the right at any time, by submitting a request to us in writing or by e-mail, to have access to your personal data processed by us and to find out how they are processed, to request the rectification of inaccurate, incomplete or incomplete personal data, and to request the suspension of the processing of your personal data, with the exception of the storage of your personal data, in the event that they are being processed in a manner that is not in accordance with the requirements imposed by law.

7.2. To the extent that the processing of personal data is based on consent, you have the right to withdraw your consent at any time without affecting the lawfulness of the processing based on consent prior to the withdrawal of consent.

7.3. You have the right at any time, by submitting a request to us in writing or by e-mail, to request to delete your personal data or to stop the processing of your personal data (exept storage) (the right to destruction and the right “to be forgotten”).

7.4. You can exercise your rights by submitting a written request to info@eastisland.lt.

8. Contact information and filing complaints

8.1. If you have any questions regarding the protection of your personal data, please contact us by email at info@eastisland.lt.

8.2. If you are not satisfied with our response or if you believe that we are not processing your data in accordance with legal requirements, you have the right to lodge a complaint with the State Data Protection Inspectorate of the Republic of Lithuania as a supervisory authority.

9. Information about the use of cookies, signals and similar technologies

9.1. When you visit the Website, we want to provide you with content and functionality that meets your needs. Therefore we use cookies. Cookies are small text files that are stored on your browser or device (personal computer, mobile phone or tablet).

9.2.  We use cookies to provide a better experience for people browsing the Website and to improve the Website itself.

9.3. The cookies used on our Website can be grouped into the following types:

9.3.1. Cookies that are essential for the functioning of the Website and are used to enable the Website to perform its basic functions. These cookies allow you to navigate the website and use the features you want, such as access to secure areas of a particular website;

9.3.2. Performance (analytical) cookies collect anonymous information about how visitors use the website. By providing information about the areas visited, the time spent on the site and any problems encountered, such as error messages, these cookies help us understand how visitors behave on the site. This information helps us to improve the performance of the Website.

9.4. You can delete or block cookies by selecting the appropriate settings in your browser that allow you to refuse all or part of cookies. Please be aware that if you use browser settings that block cookies (including essential cookies), you may have problems using all or part of the features of the Website.

10. Facebook (pixel tags)

10.1. We use visitor action pixels technology on our Website provided by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA or, if you are in the European Union, Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland (hereinafter– Facebook).

10.2. This allows us to track users’ behaviour after they are redirected to our website by clicking on a Facebook ad. This enables us to track the effectiveness of Facebook advertising for statistical and market research purposes. The data collected in this way is anonymous to us, i.e. we do not see the personal data of individual users. However, this data is stored and processed by Facebook, so we inform you based on our knowledge of the situation. Facebook may associate this information with your Facebook account, as well as use it for its own advertising purposes in accordance with Facebook’s data use policy https://www.facebook.com/about/privacy/. You can allow Facebook and its partners to serve ads on and off Facebook. For these purposes, a cookie may be stored on your computer.

10.3. The legal basis for the use of this service is the legitimate interest of the controller or third parties. You can object to the collection of your data by the Facebook pixel or the use of your data for the display of Facebook ads by contacting us at https://www.facebook.com/settings?tab=ads.

10.4. Facebook is certified under the  Privacy Shield agreement and therefore ensures compliance with European Union data protection laws.

11. Processing of personal data by third parties

11.1. When using third-party services, for example by visiting our Facebook social network account, third-party terms and conditions may apply. For example, Facebook has a Data Policy for all its users and visitors. Therefore, when using such third parties, it is recommended that you familiarise yourself with their terms and conditions.

12. Final provisions

12.1. Legal relations related to this Policy shall be governed by the law of the Republic of Lithuania.

12.2. This Policy shall be reviewed and, if necessary, updated at least every two years. Amendments or changes to the Policy shall take effect from the date of their publication on the Website.

12.3. If you use the Website and our services after the Policy has been updated, we will assume that you do not object to and are aware of the changes made.